Is this even practical....?
Where's my popcorn....
Russian media outlets report that laws mandating encryption backdoors have been tabled in the Duma. If accurate, you could expect an exodus of US services from the country. This Russian-language report, once the Vulture South hack was able to untangle translations like “proposed a fine messenger”, sets down the basics: those …
What could it do? Send some Polonium to Tim Cook? Apple knows even if it has to get out of the Russian market, Russian will smuggle Apple products in anyway, and many of them to be used by politicians and upper officials.... just like they did for western goods back in the old communist days.
While FBI may have some more jurisdiction over a California company....
No it isn't practical.
Every country in the world will wan't their own backdoors as soon as one country is allowed it.So you either make one application with more holes than swizz cheese or you make separate apps with separate backdoors for every country.
Can you imagine the maintenance headache for that, and how will cross-country messaging work? How will they stop you using one country's app in another? If you travel a lot will you be required at the border to uninstall one version of your app and install another?
That leaves just two options - abandon end-to-end blind encryption so that messages can be encrypted but still be processed at the provider's servers to allow access to whoever (although it would be possible to do this on a per country basis using the same app), or abandon services in the country requiring access.
The warnings to the patriots in western government that if they have access then the whole world will want access will become a reality. But in reality America, UK etc wouldn't be too concerned if Russia, China, Syria etc had access to the personal conversations of their citizens if it meant that they had full access to their citizen's conversations as well.
The idea originates from their prosecutor general. The way Russia law and order structure is organized he can be considered more or less a direct equivalent of James Comey.
The minister in charge of telecoms explained to their parliament exactly this - this is not practical, you are out of your mind guys.
At which point the Russian analogue of Diane Feinstein Irina Yrovaya (*) and the Russian equivalent of Mr Burr (Viktor Ozerov) tabled an amendment (they actually authored the original piece of tripe too). The amendment introduces fines for interfering with the ability to decrypt (that is the actual phrasing in the article). I have not looked at the actual means and circumstances here, but it is either the Russians copying Feinstein-Burr or the Russians copying RIPA or both.
What goes around, comes around - people living in glass houses should not throw stones and the west should not whine about Internet censorship and surveillance while at the same time providing an example of doing so.
(*)She is quite a character - a total swing in 10 years from liberal views to something that has eaten Stalin and did not even burp.
Also if you are not "doing business" in Russia by making the app free and not whoring for profit with their advertisers, who do they fine?
Yes, they could start a Great Firewall of Russia to try and block apps that are not on the good list but a little use of P2P technology and/or making use of ports like 443 that always look encrypted will make that whack-a-mole game a bit harder.
Sheesh this makes me feel old.
I remember when the west would jump on something like this and crow about how superior our "Free World" is. Of course it was a fable even then, but I do kind of miss the cold war... At least there had to be some pretense of being the good guys, which restrained the actual wickedness quite effectively, it would appear in hindsight.
Our Western governments impose sanctions and use all sorts of bad words about the government of this pariah state, yet when it comes to protecting the rights of their citizens they wish to enact exactly the same kind of laws which deny these citizens the right to privacy and secure communications for banking, commerce etc.
So just who are the bad guys here, eh?Western nations are now governed by a class which views the law as being a protection for them and their cronies against the people - not at all like the Kremlin, then.
It looks like the space and arms races of the 60s. Each government trying to see who can muzzle its citizens' right to privacy first. Currently, I would say Russia is well ahead (this was also true for Space and nuke megatonnage at certain points).
Is civil repression the new playing field for international competition?. If so, it should give everyone pause for thought.
If this legislation is passed, Russian citizens may soon discover that:
a) they can't use Facebook Messenger and Whatsapp anymore. Since the apps can be linked to phone numbers and IP addresses that should "fix" the issue for FB quite quickly. But it won't be very good for user base numbers and their reputation, not to mention the users.
or
b) Facebook and Whatsapp will be rolled out in "crippled" version for all Russian users. That would be a real clusterf*k both techically and commercially and raises some interesting questions. Will FSB then be able to read all messages including those sent from users with "strong" encryption to those users with "weak" encryption?
Thank you Vlad. You have succeeded in throwing even more petrol on this flaming pile of horse dung. I can see why the Donald likes your style.
"Whatsapp will be rolled out in "crippled" version for all Russian users."
There is only one realistic method for them to do this: Disable end-to-end encryption on Russian phones. They could do this, and then present a warning (at least to non-Russian users) that the messages are not encrypted and are available for snooping by the FSB.
The problem I see is that this could set a "precedent" in the West. Whatsapp would be much better off just pulling their app from Russia. They would be seen as "making a stand", and could legitimately say that it would break their whole system without serious development effort, which they are not prepared to do just to satisfy the Russian government. This would discourage other countries from doing the same.
Since programs like Facebook are actually spying applications its not surprising that some governments don't like them. I try to avoid them myself; they're convenient but their true function is more than just advertising.
(Anyway, I'd have thought that Russians would steer clear of social media since the announcement of that application recently that could use this to rapidly identify individuals in surveillance pictures from social media. We in the West tend to think "it can't happen here" but they've grown up with it happening....)
Citizens need to learn the difference between reality and propaganda for their own safety and sanity. Russia may be a different society to the 'the West' but deep down its basically the same, its got the same kind of mix of lawmakers and government types as we have. So when you hear something like (for example) such and such a city government has passed anti-gay legislation propaganda dictates that we tut-tut about how nasty they are compared to our enlightened status while reality just says that they've got Republicans in their legislatures as well (they'll just have another name for them, typically something like "Law and Order").
Its worth re-reading '1984'. There's a lot of political insight woven around the story, insight that gets lost when its made into a screenplay.
So is that the UK meaning of tabled (meaning dropped from the discussion, put aside on a table to be looked at later)?
Or is it the US meaning of tabled (bringing a topic up for discussion, putting it on the table for everyone to have a look at and discuss)?
To Pedant myself - the two meanings (UK/US) should of course be switched around (its in the US that tabling something means we will look at it later.. the same kind of later that your mom told you about when you wanted to go on the waterslide...)
No, wait, let me explain that statement.
If governments are forcing the hand of the big multinational companies then those companies will have little choice to remove the end to end encryption since one product will not work in all countries.
We tend to use the biggies through laziness. It comes bundled and our friends us it. Without the proprietary biggies, the public will then turn to open communication platforms following open communication standards that no country can control. There will be dozens of different clients available from authors around the world and no country will have the ability to shutdown all the individuals who wrote those clients.
A country may be able to threaten a user, but then the (innocent) user has the option of handing the government their previous conversations (but you'll know they have them!).
OK, I'm not really saying the Russian law would be a good thing (or the Merkin, UK, or any other government back door). But maybe if someone points out how simple it is to circumvent then perhaps common sense will prevail (facepalm).
>Without the proprietary biggies, the public will then turn to open communication platforms following open communication standards that no country can control.
Sadly I suspect your thinking is wishful: the average user won't bother. For evidence, look at how many people use Facebook Messenger.
Sometimes it can be better to to side with the big corporations, since they aren't as easily cowed by governments. Sometimes, that is. I'd sooner trust Apple - since their business model is to empty my pockets for hardware - than I would Facebook, which has both Ayn Rand-ian ideologies around privacy and an advertising-based business.
>A country may be able to threaten a user, but then the (innocent) user
>has the option of handing the government their previous conversations
No! That is why this is a BAD THING.
By that logic anyone who doesn't had over their messages is automatically guilty of whatever crime they were alleged to have committed.
Being fines and not vetoes Says a lot about intention. Not believing in a fly off.
We Users didn't know or care about what those Providers where at with harvesting [Most will keep on]. States did know and didn't seem to care a lot.
Actual buzz is about building a Law Frame assuring what previously was 'friendly' access to the grain. [Damn whistlers] ;)
suppose I encrypt some message with a one-time pad, or just as a form of "conceptual art" pack a load of noise bits into a PNG file (probably more aesthetically pleasing than some things I have seen being passed of as art). I then send this through an end-to-end encrypted messenger app. If the FSB wants the author of the app to encrypt it, and noise comes out, wouldn't that land the author in a load of hot water?
Alternatively, I would expect Putin has the power to veto a law he doesn't like (cannot imagine him NOT having that power). He sets up some people with porridge for brains to put in an unreasonable amendment, so he can veto it and appear as at least one of the more reasonable people in Russia, with which we can do business.
OK, where is that tinfoil hat
You just explained the influx of cat pictures over the last years. In fact they might be carriers for secret data... steganography.
Which brings me to an idea... a cat-picture tunnel to connect VPN endpoints, hiding encrypted data in plain sight. Transfer rates might be a bit slow, but text, calendar and map data doesn't need huge bandwidth. Oops.
Michael. Don't know of the newest generation of programmers. But anyone with a decent Math Education knows every actor with the will is beyond this conversation [These are trivial technologies (hidden strong encryption? bah!)]. We are here expending our time because We are supportive of a State of Law.
Sorry Number6, but...
"... If it's got end-to-end encryption then in theory a compromised server..."
Couldn't you shuttle client-to-client also? [Truly, all this lingo has a lot of 'spin', of front-stage...].
Even this blog interface perform as a humble server when interacting.
"If accurate, you could expect an exodus of US services from the country."
Naah. Non-US encryption is purely 'theoretical'. The boss of the CIA said so. And if non-US encryption is 'theoretical', so are the theoretical back doors in the theoretical non-US encryption, see? So, no worries.
So it won't hurt them to tell them "we aren't going to backdoor iMessage, ban us if you want". Caving to any one country will embolden every other to adopt a similar requirement, so you have to have a blanket policy.
Heck, given how little presence they have in Russia it might not hurt them at all. The people buying in Russia today being made up for by people who buy elsewhere to bring back to Russia.
The challenge for Apple will be if China adopts a similar requirement. I think they've already established they can successfully stand up against stuff like that in the US, and it would probably work similarly in other western countries like the UK or Germany. But would the Chinese people rise up in protest - and if so would the government give a damn - if they tried it there?
Facebook isn't exactly going to be able to use privacy as a selling point, so if they have to compromise Messenger or WhatsApp in certain countries I doubt they will care. They'll just follow the local law, because for them getting more people using their platforms is more important than preserving the privacy of their users. The people who really care about privacy were never using Messenger or WhatsApp to communicate in the first place!
It is more of a problem for Telegram, since that's its whole reason for existing - and they are based in Russia. I wouldn't be surprised to see them move to a different country, or sell out to someone else, to escape the reach of Russian law. Then they can ignore any bans, and it would be left up to Russia to find out who in the country is using Telegram and stop them.