Russia now collecting encryption keys to decode information from Facebook, WhatsApp and Telegram
Russia's Federal Security Service says it now has a method to collect encryption keys to spy on users' data.
Russia's Federal Security Service (FSB) has announced it now has the capability to collect encryption keys that would give it the back door into popular internet services such as Facebook, Gmail, WhatsApp and Telegram in order to spy on users' conversations.
In June, Russia passed a scary new surveillance law that demanded its security agencies find a way to conduct better mass surveillance, requiring all internet firms who provide services to citizens and residents in Russia to provide mandatory backdoor access to encrypted communications so the Russian government can know what people are talking about.
If any of these internet companies choose not to comply, the FSB has the power to impose fines of up to 1 million rubles (£11,406).
Then on 7 July, President Vladimir Putin followed up the surveillance law with a seemingly hilarious pronouncement – in addition to making sure internet firms provided backdoor access and threatening them with fines, the FSB now also had to find a way to get encryption keys that could decrypt all data on the internet, a seemingly impossible feat that the agency had to complete in two weeks.
So it is much to our surprise that two weeks later, the FSB has now updated its website declaring that it has indeed been able to procure a method to collect these encryption keys, although, cryptically, the agency isn't saying how exactly it will be doing so.
The notice on the FSB website simply declares that in order to ensure public safety and protect against terrorism, the FSB has found a "procedure of providing the FSB with a method necessary for decoding all received, sent, delivered, and chat conversations between users on messaging networks" and that this method had been sent to the Ministry of Justice to approve and make provisions to amend federal law.
So we have no idea how the FSB will be able to gain backdoor access to internet companies without their permission, which would surely be illegal in the companies' countries of origin, which are certainly not Russia. What is interesting is that the Daily Dot reports that the likes of Facebook, WhatsApp and Viber have not commented at all on the new law.
In addition to fining internet services, the new surveillance law also requires Russian mobile operators to start storing details of all customers' phone calls, SMS text messages, audio and video messages from 1 July 2018 for a period of three years, which will possibly likely cost hundreds of millions in data centre storage space, if the UK storing customer data for just one year is anything to go by.
However, perhaps the surveillance law isn't as bad as previously thought. A tweet posted by Russia's Minister of Communication Nikolai Nikiforov on 20 July explains that rather than services like WhatsApp and Viber needing to pull out of Russia completely, these companies can have their services certified at one of 48 laboratories in order to ensure that there is no chance that the service could leak state secrets if used by employees in government agencies.
Russian business daily newspaper Vedomosti reports that the messaging apps can be certified without businesses needing to reveal trade secrets, although the issue of backdoors is not directly addressed.
UPDATE [14.15 BST 29 July 2016]: This article has been updated to include mention of the Russian Minister for Communications' tweet and clarification about how companies can have their solutions certified as safe in Russia.
© Copyright IBTimes 2024. All rights reserved.