New Russian Law To Forbid Storing Russians' Data Outside the Country 206
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
The FSB is gratefully for assistance citizen! (Score:1)
Not really surprised... (Score:5, Insightful)
There are plenty of countries that already do this at the federal and state/provincial levels. And a lot of companies are following suit, especially after privacy laws have been toughened up by federal law.
Re: (Score:2)
Re: (Score:2)
and they want that data to be inside their reach.
and the emails of course too.
watch russians start lying their country in about 3 minutes and companies that have any presence in russia for selling ads going to either ban russians from using their online services or migrate the company completely out of russia(more likely, since it's easier and possibly becomes a selling point as well, to russians).
Re: (Score:2)
Actually, as we have seen in China, this is bullshit. All that happens is you get similar companies rise in your own country, take the market freed by leaving foreign companies, build up the solid R&D without being oppressed by anti-competitive incumbent and then come to challenge those foreign companies in third markets.
That is, for example, why Microsoft wants Chinese to pirate windows instead of leaving the country. Unlike many others, they understand that if they do, in a matter of few years there w
Re: (Score:2)
In Soviet America? .. :D
In Soviet America, witch hunts you, Sen. McCarthy.
Re: (Score:2)
Would you have a list or know some of those? It might be something relevant for TFS.
Re: (Score:3)
Would you have a list or know some of those? It might be something relevant for TFS.
Not off the top of my head, but I do remember Brazil, and Germany making some changes. Canada is doing something similar via pipeda [justice.gc.ca] this as well [wikipedia.org] Where the law doesn't cover it, companies are doing it on their own including avoiding routing through the US. For online in Canada see openmedia's bit. [openmedia.ca] Individual ISP's as well have been replying on what they give/send/comply/refuse to do, this is Teksavvy's response. [dslreports.com]
Re: (Score:3)
Russia worried about privacy? Yeah....
Just makes it easier for them to get their own citizens data, easier to tax and demand bribes from companies doing business in Russia, and hopefully makes it easier to spy on other nations because some of their personal data could end up in Russia.
Anyone that thinks that Russia is open or pro privacy is living in a fantasy world.
popular with Americans (Score:2, Insightful)
These Russian online services will be very popular with Americans.
Re: (Score:2, Insightful)
Americans in general don't care about privacy. There are very few countries where the public gives a shit.
Correction (Score:5, Interesting)
STUPID and/or FOOLISH Americans don't care about their privacy; they Tweet, and Facebook, and store "their" files in the cloud (1960's style on a server they neither own nor control) and so on. MANY Americans, on the other hand, value our privacy just as much as our founders did back when they wrote a Constitution that limited our government to doing only a handful of specific things (NONE of which included either facilitating OR regulating OR snooping on ANY communications within the country other than the creation of a postal service) and prohibited the government from going through our "stuff" without a warrant that [1] is attached to some claim of a crime, [2] is taken-out by sworn oath of the officer [3] is specific about WHO, WHAT, and WHERE to search:
The Fourth Amendment:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
Those of us who still believe in those "quaint" and "out-dated" ideas, and who deny that the Constitution is a "living document" that can be evaded by any judge who wishes to "re-interpret" it to fit the current mood store OUR data on our own servers and do not use completely unnecessary "social media" sites that encourage adults to behave like self-absorbed teenage girls. Many of also resist using sites like Facebook where every click contributes to an empire of advertizing and data-snooping that funds political efforts to tear down all the limits on importing labor so its founder can get even richer by suppressing the wages of middle-class American IT people.
Re: (Score:2)
The term "living document" is used in the context of its meaning changing outside the amendment process, where what it means changes because how people choose to interpret it changes.
Many people disagree with that concept -- there are very good reasons to force people to amend the constitution to make such large changes to what the government is permitted to do. Mainly that historically, politicians leading people on rage crusades to increase the politician's power is standard operating procedure on the fa
Re: (Score:2)
I recently read that India has amended its constitution a 100 times (98 according to wiki) though it's easier for them as most amendments only require 2/3rds of both houses to pass an amendment.
Seems the American Constitution should have a comparable number of amendments as it is old and many things have changed. Yet even basic things are done via legislation rather then amendment and most Americans don't seem to have a problem with this. Even strict constitutionalists will agree with expansion of federal p
Re: (Score:2)
I was under the impression the constitution imparted the power to provide for the common defence in the original document, hence an amendment was not necessary to create the Air Force (or any defence agency for that matter).
Apparently (Score:2, Insightful)
You are SO poorly educated (I'm NOT calling you "stupid", just saying you had bad teachers) that you do not understand what our founders wrote; For "effects" do not substitute "computer graphics" or Zuck's, Page's or Brin's software. Try substituting the word "stuff" - you'll probably "get it" then. Our founders did not believe the government had any right to dig through and look at ANY of your "stuff" without a valid, explicit warrant from a judge where the investigator/policeman had to swear under oath th
Re: (Score:2)
Actually the First Amendment only limited Congress, it said nothing about other levels of government. In theory the individual States were free to ban any type of speech or certain religions, courts were free to order speech limits, the President as Commander in Chief to limit speech for reasons of national security etc.
This was also a time when dueling was an accepted means of resolving issues so there were natural limits on speech.
Re: (Score:3)
The NSA will still be sniffing any traffic that crosses US borders.
In fact, the NSA might prefer that you store everything overseas,
as it gives them
Re: (Score:3)
as it gives them
End of stream? Did the NSA not flush that last buffer they read?
Good on them... (Score:1)
As for restricting culture, we still have actual people to interact with, so not to worry.
Re:Good on them... (Score:4, Interesting)
As for restricting culture, we still have actual people to interact with, so not to worry.
Not for long -- Russia has made emigration almost illegal, but none of the international press have seen fit to pick up on this.
So they don't have to ask the NSA (Score:5, Insightful)
I wonder how such a thing is going to be enforced. Seems to me this is more about burdening Russian companies who use western services than it is about securing the privacy of Russian citizens. Besides if Putin forces all Russian companies to keep their data local then his cronies can more easily do their own spying on it, rather than have to beg the NSA to give them access, which given Russia's frosty relationship with the US, is probably pretty much cut off these days.
Re:So they don't have to ask the NSA (Score:5, Interesting)
Re: (Score:2)
It's economics. Russia introduced an import duty on GNSS receivers that don't support GLONASS, so now most vendors support both GPS and GLONASS on the same module. By creating this requirement Russia is giving its domestic data storage industry a boost.
Good luck buying abroad... (Score:1)
Looks like Russians will have to find somewhere else to go to if they want to buy from somewhere abroad.
I understand the spirit of this law, but in reality it is too much like the Communications Decency Act that got passed in 1996 -- way too broad and sweeping.
Re: (Score:2)
Under the new law, if a Russian were to send an email to a German, using a webmail service like Yahoo mail, won't the email text have to be stored outside Russia to make it easily accessible to the German? Is such a law really practical?
Livejournal (Score:2)
Distance to Harm (Score:2)
I remember a few years ago when a big US university rejected Gmail because they could not ensure US-only storage of data and they had data -privacy concerns about the foreign governments (whoops).
At this point I don't really care if my data is in Belarussian hands because they cannot hurt me. Russians should likewise consider wanting to store their data ovetseas.
Not all that new, but what is personal? (Score:2)
As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?
Anyway, I'm most curious how the Kremlin defined "personal". Being that a lot of us are software industry programmers, product managers, etc., it'd be useful to know what kind of changes we need to make to our respective companies' international back-end infrastructure.
Re:Not all that new, but what is personal? (Score:5, Interesting)
This is completely different from EU directives. Those pertain to EU companies storing data. This one is about all companies storing data of Russian citizens. I am a Russian citizen residing abroad; by the letter of this law, if I create a GMail account, Google must host my inbox data on a server in Russia, even though neither of us two is there. If they do not comply, their servers will be blocked inside Russia.
This is not a privacy provision like EU directives are. It's about having the data on Russian soil, where it can be easily examined without a warrant, or even a notification that it is happening (see also: SORM-2).
Re: (Score:3)
Incorrect. EU directives are not about "EU companies" but "companies operating in EU". I.e. companies that store information about EU citizens.
These measures appear to be more broad in their storage requirements, but they closely mirror European regulation in terms of who they are directed at.
Re: (Score:2)
Give one example of EU blocking servers of some American company, on the grounds that they're "operating in EU" because a EU citizen opened an email account there.
You can't, because there's no such thing.
Yet this is exactly what the Russian law purports to do.
Re: (Score:2, Interesting)
Blocking servers is currently on the table in EU, it's just not implemented yet. Juncker has made it very clear that one of parts of his IT agenda is to push for actions like those to prevent US monopolies from both serving EU customers to US intelligence on a silver platter as well as completely chocking life out of all competition through monopolistic action.
There are many other implementations, such as fines however.
Re: (Score:2)
How do you fine a company that does not even operate in your jurisdiction?
Re: (Score:2)
If you have any customer relations in the region, you do in fact operate there. The argument you are trying - that if you don't have a direct office in the region you don't have to obey the local law has been tried in the court of law and shot down in flames across EU many times.
Re: (Score:2)
That's bullshit. If your argument were to fly, all American and European companies would have to e.g. comply with Saudi obscenity laws, which is obvious idiocy.
Re: (Score:2)
They do comply with them when they work in there. I have several friends who work for oil refinement industry who had to work there. They tell amazing stories of the hoops companies jump through to be able to operate in the Kingdom.
Re: (Score:2)
EU directives are not about "EU companies" but "companies operating in EU". I.e. companies that store information about EU citizens.
No, companies that operate in the EU have operations in the EU -- offices, warehouses, datacentres etc. If I buy from Stewart-MacDonald's instrument-making supplies in the US and they ship the goods to my EU address, that's not "operating in the EU", they're operating in the US.
Yes, companies like Google did initially try to argue that they weren't really "operating" in the EU per se, but they were called up on their location-based advertising.
Re: (Score:2)
That was my argument, yes. The old bullshit argument used by several companies, including google (which was the most visible one, but far from the only one) was that if they do not have an office or a datacenter in the country but they serve the local customers, they don't have to obey local laws.
This argument has been shot down in flames and in fact the new commission under Juncker as well as large member states will highly likely push for more limits on such operations (according to his official agenda li
Re: (Score:2)
The basic problem is that you think of these laws as applying to big companies such as Google or Amazon, but forget that they also apply to a one-man
Re: (Score:2)
Completely ok as long as these people do business in EU, as far as it pertains to business in EU. Same applies to all states, including US.
In other words, I think that some of the US approach to the same situation is over the top because it concerns business done outside US.
I have absolutely no problem for the same rules applying to one man operations and large business, so long as they are fair for consumers and states those consumers live in. In fact, one of the biggest problems in business/state relation
Re: (Score:2)
Re: (Score:2)
I'm saying the exact opposite. It takes a warped mind to interpret my words in the exact opposite way that they are intended.
If you look at EU, it's choke full of examples of exact opposite of what you're claiming, and most of the examples that are actually like you're claiming are found on the national level.
Re: (Score:2)
Re: (Score:2)
You seem to view "increased costs to customers" as a greater evil than "not obeying local laws".
I find your view downright appalling.
Re: (Score:2)
Re: (Score:2)
That is what various small business subsidies are for. In modern world, small business is already largely unviable without them due to effects of globalization on the economy and impact of large international conglomerates.
Re: (Score:2)
Re: (Score:2)
That is easily proven false. Small business enjoys massive government assistance, including start money, tax breaks, freedom from much of the red tape with accounting that larger business has to deal with and so on.
In spite of all this, it's almost impossible to break into the market that is already controlled by globalized megacorps that can outprice you, outproduce you and out-R&D you.
If you were to remove this assitance, vast majority of small business would be dead within a year across Western count
Re: (Score:2)
Re: (Score:2)
I have no idea which country you are talking about - though I suspect Liberia et al probably have no programs to help small business in the starting phase. Well, they do actually IIRC, but that's funded by foreign donors as a part of development aid.
On the other hand essentially entire EU has a wide-reaching support network for starting a small business. Right now, if I had a decent idea, I could walk to my local government office responsible for the subsidies, file the forms and likely walk away with sever
Re: (Score:2)
In fact the biggest complaint from the small business owners is usually that once the initial help package is used up, the "drop" in support tends to sink small business.../quote And right there, you point out the problem. Small businesses get that assistance and as a result have to become bigger than the entrepreneur is ready to handle so that when the assistance runs out, they do not yet have the skills and cash flow to maintain the business. As to wanting replacement income early, you exactly miss my point. I know full well that it is going to take a long time for a small business to earn a replacement income. That is exactly why I want to keep my regular job while I start a business. Government support will not, and cannot, solve the problem created by excessive government regulation. Regulation does NOT hurt big business. It never has and it never will.
Re: (Score:2)
In other words, you understand the problem, you just reject your understanding of it.
P.S. Please tell us how monopoly regulation doesn't hurt microsoft with those billion-level fines, or how chemical directive didn't hurt manufacturers who had to invest into phasing out mercury, and countless other examples. Because both companies involved as well as commission agreed on the fact that it was in fact harmful - they just disagreed on whether benefits to the public were sufficient enough to offset it.
Re: (Score:2)
As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?
The EU directive isn't about local control, but about data protection standards -- non-EU countries can apply to be considered equivalent if their laws have suitable protections. Although the EU did kind of give up the moral high ground when it granted equivalent status to Israel, mere months after Mossad sent a death squad into one of the Arab countries on cloned EU passports....
world war three is not far in time. (Score:1)
Security through legislation is no security at all (Score:5, Interesting)
As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.
Re: (Score:2)
...security for Russians...
The Russian society is divided in numerous socioeconomic groups, the same as the US or any other society.
These groups have different understanding of security, and completely different interests in general. For some, security means keeping control over their power and billions, for some finding at last a job or starting a modest web-based business.
There are not only Russians, French, Americans, etc., but also socioeconomic groups with very similar interests and aspirations.
Re: (Score:2)
You're missing the point. Those who control the surface of the sphere of influence control its contents.
Re: (Score:2)
You're correct that the motivation is fundamentally economic, but it has nothing to do with revenue generated from Russian datacenter leases, which are less than a drop in the bucket compared to the value derived from legally guaranteed physical access to servers for Russian government representatives. You really haven't thought this through, have you?
Re: (Score:2)
New hardware imports is still the huge issue that Russia cannot escape even with all clean code and local storage.
Re: (Score:2)
Agreed.
Re: (Score:2)
You must have stopped reading after the second sentence of my post. Please allow me to repeat the third sentence:
It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on.
Nationalism aside it's not a bad idea (Score:5, Insightful)
Re: (Score:2)
Some options are:
Import software and hardware that is perfect in terms of heat, speed, future needs, size, support and code supported.
The US or its competitive 'clone' is great on any site due to instant backdoor support.
Import hardware that is perfect in terms of heat, speed, future needs, size, support. Try and rewrite all needed code in Russia.
The US or its co
Re: (Score:2)
It's not about medical records. It's about things like personal email.
They don't want to protect the users from NSA. They want to make it easier for themselves to play NSA.
Do I need a million examples instead of just one? (Score:3)
Re: (Score:3)
Dude, I am Russian. There's no "nationalism" or "jingoism" angle in what I wrote, you're arguing with a strawman.
And yes, I would vastly prefer for my emails to be hosted in the US, for personal safety reasons. Not my own anymore - I'm already safely in US so I can wave a middle finger at the assholes in charge of ruining my home country - but my parents are still there, and they hold some, shall we say, unpopular political views. Which they don't blabber about in public, but now apparently it's not a good
Still missing the point (Score:2)
Re: (Score:2)
There's no due process in my country. I don't care about theory, the practice is what it is. There's no-one to go to if things go wrong.
Re: (Score:2)
Re: (Score:2)
Lack of due process to read my email is annoying, but not directly dangerous. Lack of due process if arrested for "extremism" or some such in Russia is what I'm more worried about.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I am in US, sure. My parents and grandparents are not.
As for keeping the information, I wouldn't want to use a company that'd store my data on servers in Russian, but I don't think the govt should be in business of enforcing that. What they should enforce is telling where the data is, and let me as a customer decide if I'm okay with it or not.
Re: (Score:2)
How about a government being in charge of enforcing that businesses disclose where their sensitive data is? For instance the company I work for uses a bank that processes all the financial data in India, which only became apparent when a long serious of network problems made it unavailable on many occasions.
Re: (Score:2)
How about a government being in charge of enforcing that businesses disclose where their sensitive data is?
That's exactly what I meant by "What they should enforce is telling where the data is".
What if you're a Russian prankster? (Score:3)
Remember... (Score:2)
Re: (Score:2)
Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...
This is a hugely important point that bears repeating.
Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...
Therefore it will be illegal, on a technicality, for any citizen to work overseas. In fact, it will be pretty difficult to even do any translation work.
What has gone little noted in the press (outside of non-Russian Russian-language newspapers is that Russia has implemented laws to try to prevent emigration. Dual citizenship is illegal, and if you get a residency permit for a foreign country, you have to deregister as Russian resident, and get a special
Re: (Score:2)
That's Russian citizen's loss. (Score:2)
Does this affect the rest of the world? Nope.
Let's move on, nothing to see here.
Congress will want to do the same (Score:2)
Re: (Score:2)
Does this affect the rest of the world? Nope.
Selfish git.
But that aside, it does affect the rest of the world, as there are many people in the world who operate international web businesses, and they are going to lose access to a pretty large market thanks to this. I'm currently speccing up a service, and as a result of this legislation, I can no longer assume anything about the viability of a Russian translation, and I'm going to have to calculate the viability assuming only the Russian-speaking populations of places like Ukraine, Lithuania and vario
The real reason is... (Score:2)
To restrict Russian citizen's access to about 90% of the internet.
Yes, the big names might hire servers and staff in Russia... and cooperate with the Russian government.
But the smaller organizations? No way in hell they can afford that.
It's mostly another form of the Great Firewall of China.
A regular end user (Score:2)
As a regular end user, I would really prefer my data to be in the hands of a foreign govt than my own govt. The foreign govt doesn't really have any power over me & can't do much with my data.
Re: (Score:2)
Host your data with your domestic spying agency! (Score:2)
Re:What a shame, but... apk (Score:5, Insightful)
Re: (Score:2)
Don't be naive. The only reason Russia and other oppressive nations pass laws like these is so they can better monitor what their 'citizens' are doing and saying. It's a lot easier to lock up whoever wrote "Putin Sucks" online if the data is in a Russian server.
And having data reside in the USA at the whims of the NSA is how much better?
Re: (Score:2)
Democracies tend to vote for their own self-interest over that of other countries. (And this is apparently a little-known fact).
Re: (Score:2)
Japan seemed to work out alright; South Korea did too. Puerto Rico almost became a state, could still.
California and Texas became states though I'm not sure they'd qualify as occupations.
Mexico could be doing better but I wouldn't count it as a hostile nation.
I don't think the Philippines is hostile.
More recently Serbia is almost an EU member. I guess there hasn't been as good of a track record post-WW2 given Vietnam and the various Middle Eastern wars.
Mostly the US seems to fail at converting strong commun
Re: (Score:2)
1st: History shows us all, occupations always fail.
The native american tribes would like to talk to you about who all these white and black people are on their land since the European occupation of north America failed.
Re: (Score:2)
The USA arguably wouldn't exist if the French, the Spanish, and the Dutch hadn't helped out in the American Revolution.
American interventionism has had a lot of failures but interventionism as a policy doesn't always turn out poorly.
Consider how different history would be if everyone subscribed to the "let asian boys handle asian problems" mentality. I don't think it would be a change for the better.
Re: (Score:2)
Re: (Score:2)
its a sad day on slashdot when apk makes a lucid argument and everyone else is trolling him with ad hominum attacks. Grow up people.
Re: (Score:3)
As hinted at via ideas around "QuantumInsert" show that time and distance to a cloud or server is good news for the NSA and friends.
i.e. a man-in-the-middle fake web page is great on distant optical but may be more tricky within Russia needing tame Russian staff and an unnoticed Russian site.
If you can get
Re: (Score:2)
"But it's okay, because here's a Russian service that can do all the same things, enjoy".
Injected below if they are nice.
And if they are not, it's just going to redirect to it automatically.
Or did you not learn anything from what happened to Google and Baidu?
Re: (Score:2)
Can't do it "yet". That's the important part. There's no demand for second service with same capabilities when first one delivers those already.
If first service is blocked, demand appears and within a short time, someone fills the void.
Re: (Score:3)
Other nations are not currently superpowers, nor do they have targeted killing programs, or conduct wars far away from their borders.
That naturally places US on top of the "existential threats" list to essentially all other countries on the globe, and as a result it faces much tighter scrutiny.
Re: (Score:2)
WTO has all the appropriate clauses for "national security reasons" (put there by US no less) and NSA has provided all the necessary proof.
This is a double whammy of past actions catching up.