The Russian Federal Security Service (FSS, or FSB) together with the country's Ministry of Communications, are introducing of a set of technical procedures that will provide it with unencrypted access to the Internet traffic of all Russian citizens.
This move is the implementation of the recently approved Yarovaya Law, (a package of bills which amended a pre-existing counter-terrorism law as well as separate laws regulating counter-terror and public safety measures), which obliged local and global IT companies, operating in Russia, including Google, "Yandex", Mail.ru Group, Whatsapp, Telegram, Viber, Facebook, "VKontakte" to provide encryption keys for their web-servers at the request of the FSB.
An FSB press-service representative told SCMagazineUK.com that there is a need to decrypt all traffic in real-time mode, analysing according to key parameters, and in particular on the basis of key words. This will allow the Russian special services to more efficiently fight cyber-threats and to prevent cyber- and other crime. The new law will not only help to prevent potential threats, but also build profiles of user behaviour on the Internet, that will even cover psychological state, and taste preferences.
However these measures are still considered insufficient to achieve their aims, taking into account that a significant number of Internet web-sites use secure https-connection. That will impact the authorities' requirement to decrypt their traffic, which could take place through intervention by the special services.
It is planned that decryption will take place the form of installation of equipment, capable of the performing a MITM (Man in the Middle)-attacks on the networks of mobile operators.
To analyse unencrypted and previously decrypted traffic, there are plans to use DPI (Deep Packet Inspection) technology, currently used by many mobile operators for URL-filtering in the Internet.
Many Russian IT security analysts remain rather skeptical regarding implementation of the new state initiatives.
Russian cyber-security expert Nikolay Nikitin, head of Anti-Hacker agency, a leading Russian IT analyst agency, told SC that decryption of Internet traffic will not prevent further cyber-attacks, but it may result in the intervention of special services in private life of local citizens.
Nikolay Nikitin comments: “In recent years hacker attacks have become significantly more sophisticated, compared to the past. The introduction of these measures will not create serious problems for hackers, the majority of them are high-skilled experts, that can hack the computer systems of global banks.”
The Yarovaya Law came into force on 20 July this year and was sharply criticised by Russian mobile operators and local public.
The move will no doubt be condemned by civil liberties groups in the West, and to a limited extent, those in Russia too. However, this same discussion is underway in the West, though with the power balance less stacked in favour of the state. Even more limited proposals in the US, where law enforcement sought backdoors to a specific iPhone to gain access for a specific case, were strongly opposed by the security industry and the public. In the UK several law enforcement agencies, including the City of London Police and the NCCU have spoken in favour of the benefits of backdoors for certain state institutions. The Investigatory Powers Bill, dubbed the Snoopers' Charter, which was passed earlier this year, offers the state extensive new powers to intercept and store communications data.