FSB mulls total real-time decoding of Russian web traffic - report
Russia’s Federal Security Service (FSB) intends to implement a technical system that would allow decoding all Russian internet traffic in real time and scanning it for keywords indicating potential threats, a popular business daily reports.
According to the article published in the Kommersant daily on Wednesday, the FSB is currently holding consultations with the Communications Ministry and the Industry and Trade Ministry in order to develop a technical system to back the recently introduced anti-terrorist package of laws that includes regulations of the internet sector.
Kommersant claims that while the ministries propose to decode the data only on law enforcers’ demand, the FSB insists on total decoding of traffic and scanning it for keywords, after receiving encryption keys from internet companies and possibly installing the man-in-the-middle systems on all communication channels. The agency also seeks to analyze the traffic through the deep packet inspection algorithms that are already used by Russian authorities in order to block banned websites.
In comments on the article, Russian internet ombudsman Dmitry Marenichev said that the total decoding of internet traffic was “inadmissible” as it would discredit the privacy of information and also compromise the security of various online payment systems and banking applications. The official added that he doubted that the FSB was able implement the plan because real-time decoding required tremendous computer power.
In July this year, President Vladimir Putin signed a broad package of bills targeting terrorism and extremism that included a provision that obliges all communication companies, including internet providers, to retain information about their clients’ data traffic for three years (one year for messengers and social networks) and also to keep actual records of phone calls, messages and transferred files for six months.
The same law orders communications companies to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data. Non-compliance could cost companies between 800,000 and 1 million rubles ($12,300–$15,400) in fines. The amendments concerning data storage and security should come into force in 2018 to give data companies time to restructure and prepare the necessary hardware. The rest of the anti-terrorist package came into force as of July 20 this year.
The bill, dubbed the ‘Yarovaya package’ by mass media after the name of its key sponsor, the head of the State Duma Committee for Security Irina Yarovaya, caused a raft of objections from internet business operators and the communications sector. They said that the new requirements required a major hardware and software upgrades that could be prohibitively expensive yet the state offered no compensations to those who would bear the costs.
As a result of the discussion, Putin issued a separate decree ordering measures to be taken so that the financial risks of the law will be minimal. Besides, State Duma Security Committee promised to make changes in the law after it is tested through actual practice.