All cloud services and online stores fall under the spring law. The volume of traffic storage has been approved according to the Yarovaya Law

Illustration copyright Sergei Savostyanov/TASS

The so-called “Irina Yarovaya law,” obliging cellular operators and Internet providers to store customer conversations and Internet traffic for six months, could result in billions in fines for companies, the Internet Research Institute said.

The Institute has studied the new regulations European Union on data protection, which will be introduced in May 2018, and found out that it conflicts with the Yarovaya Law.

Russian law implies the storage of all data of all clients and does not include rules limiting or prohibiting the storage of traffic of foreign citizens or nationals.

However, if Russian company will store the data of an EU citizen without his consent, it will violate EU regulations. This could result in a fine of up to 20 million euros or up to 4% of annual global revenue, whichever is greater.

According to the Vedomosti newspaper, based on these calculations, it is possible that Russian operators will have to pay a total fine of about 45 billion rubles ($758.5 ​​million).

The newspaper tried to get comments from Russian mobile operators and European regulators. The operators declined to comment, and the European Commission Directorate for Communications Networks, Content and Technologies did not respond to the publication’s request.

“It’s too early to make predictions and talk about possible fines Russian operators if only because there continues to be controversy surrounding the adoption of the Yarovaya package,” Ilya Sharapov, head of the analytical unit for information security LLC "TSS"

“As you probably remember, there have already been reports about a possible postponement of the entry into force of the law for five years or a phased introduction of amendments. This suggests that at the level of the government and law enforcement agencies there is still no clear understanding of the implementation of the law, and officials are carefully assessing and take into account possible risks for business,” the expert is sure.

Stricter than in Europe

The Institute analyzed similar laws in the EU countries, as well as the USA and Australia, and noted that the legislation of these countries provides for selective storage of data, and according to the Yarovaya Law, all data without exception must be preserved.

Illustration copyright PA

“There are no requirements for “continuous” storage by default in the analyzed countries; such recording is carried out on the basis of a court order officially sent to the telecom operator by the authorized body,” the study says.

Moreover, in all analyzed countries, unlike Russia, data collection is financed through government grants or compensation from state funds, and equipment for this is provided by government agencies at the expense of the budget.

Director of the Russian Association of Electronic Communications Sergei Plugotarenko agrees with the conclusions of the report. “Based on the experience known to the analytical department of RAEC, there are no such storage requirements for telecom operators anywhere in the world,” he notes.

According to Plugotarenko, the European Court has already twice canceled national laws with a more lenient measure, namely the requirement to store user metadata (analogous to the requirements for operators in Russia), as violating the rights of citizens.

“As a rule, and this is fundamental, storage and access to user data requires a court decision, at least at some stage. Comparison, say, with China is also incorrect: there the state does not impose obligations on companies to spy on users, there a completely different design,” added Plugotarenko.

"A separate group of businessmen"

The Yarovaya Law, adopted last summer, is in fact a whole package of bills, which, according to the authors, should help in the fight against terrorism.

Not all proposed innovations related to the Internet and communications, but these were the bills that received the most criticism.

They were opposed by human rights activists, mobile operators, Internet providers and some parliamentarians.

The law, among other things, requires telecom operators and Internet companies to store users' text messages, their conversations, as well as images, sounds, videos and "other communications" for up to six months. In addition, operators will have to store information about the receipt, transmission, delivery and processing of messages and calls for three years.

After the adoption of the law, an online petition for its repeal collected 100 thousand signatures, but it was not satisfied Russian authorities refused. “It is unacceptable to repeal the fundamental law that protects Russians from the global terrorist threat in favor of the interests of separate group businessmen,” said the response to the petition.

A bill was also introduced to delay the entry into force of the law for five years - until 2023. However, the government refused to support him. The Cabinet of Ministers decided that in order to avoid unnecessary burden on operators, it is enough to introduce the law in stages.

Who criticized the "Yarovaya Law":

  • Former NSA employee Edward Snowden called the law an "unenforceable and unforgivable violation of rights"
  • Adviser to the President on Internet Issues German Klimenko stated that "the industry was not consulted"
  • Ministry of Telecom and Mass Communications represented by the deputy head of the department, proposed to reduce by 10 times the amount of information stored by operators
  • Internet Ombudsman Dmitry Marinichev called the bill "a death sentence for Russian telecom"
  • Internet company "Yandex" noted that new requirements for Internet companies will lead to “excessive restrictions on the rights of both businesses and users.”
  • Internet companyMail.ru called the implementation of the bill impossible and at the same time unreasonably expensive
  • "Big Four" mobile operators (Beeline, MTS, Megafon and Tele2) asked Speaker of the Federation Council Valentina Matvienko to reject the bill
  • Russian Union of Industrialists and Entrepreneurs stated that this would increase the cost of mobile communications by two to three times and accelerate inflation in the country
  • Russian Association of Electronic Communications stated that the adoption of the law threatens the privacy of communications and is fraught with “general degradation of the Internet industry in Russia”
  • Roskomnadzor doubted the ability to control the implementation of the law by telecom operators
  • Human rights organizationHuman Rights Watch in a report on freedom of speech in Russia, she demanded that the “Yarovaya Law” be repealed along with several other laws

What is the “Yarovaya Law” most often criticized for?

Expensive. According to preliminary estimates by the FSB, the cost of implementing the law will amount to 4.5 trillion rubles. Cellular operators estimated costs at 5 trillion rubles. The Russian Union of Industrialists and Entrepreneurs estimated the costs of implementing the law by 2019 at 10 trillion rubles.

This money is needed to create infrastructure for storing data, such as data centers.

At the same time, the state will lose income received from Internet companies. Now they pay income tax, but with the coming into force of the law they may become unprofitable and even leave the company. Russian market. Their costs for purchasing equipment can amount to tens and hundreds of billions of rubles.

Inefficiency. Substantial part Internet traffic is transmitted in encrypted form. It is useless to store this information, since it will still not be possible to decrypt it.

In addition, real attackers may simply stop using Russian services, in which case large expenditures on the purchase of data storage equipment will be useless for the stated purpose of the bill - the fight against terrorism.

It is expected that the total amount of data that providers will have to store will be about 157 billion gigabytes. For comparison, in 2006 the total volume of digital information on the planet was estimated at 161 billion gigabytes.

Incomprehensibility. “Organizers of information dissemination,” that is, cellular operators and Internet providers that use additional coding, will need to provide the FSB with information that allows them to “decode” messages.

Internet companies still cannot figure out what information they will need to provide. By the way, the timing and types of traffic that will need to be stored have also not yet been determined.

Andrey Kuzmin – lawyer, candidate legal sciences, senior partner of the Law Office “Titov, Kuzmin and Partners”, briefly talks about what the “Yarovaya anti-terrorism package” means for business and for individuals. Read it if you haven’t had time to understand the changes that have already been approved at the highest level.

The article will discuss the so-called “Yarovaya anti-terrorist package”. It has already been signed by the President and was published as the federal law dated July 6, 2016 No. 374-FZ “On amendments to the Federal Law “On Countering Terrorism” and certain legislative acts Russian Federation in terms of establishing additional measures to counter terrorism and ensure public safety.”

I would like to describe not only the impact of the resonant law on business and technology, but also touch upon its general consequences. After all, business is the most active part of society, and here it is important not to turn a blind eye to issues of restricting civil rights.

general characteristics

In a fairly short explanatory note The anti-terrorism bill states that the changes will provide additional measures to protect individuals and society from terrorism. I believe that manipulation tactics were used here - to focus public attention on some amendments, so that others remain without discussion. Of course, the changes that relate to the storage periods of information by telecom operators are the most resonant, but not the only ones.

All amendments can be conditionally divided into several blocks:

  • expanding the powers of law enforcement agencies;
  • new requirements for telecom operators and some Internet projects;
  • new requirements for forwarding carriers and postal operators;
  • strengthening regulation of religious missionary activities.

Let's start with the most sensational changes.

1. Changes to the Law “On Communications”

Information about the transmission of voice information, text messages, sounds, videos and other messages will be stored for three years, and the messages themselves will be stored for only six months.

Will cellular tariffs increase?

Perhaps, but the state has many tools to limit this growth. First of all, within the powers of the Federal Antimonopoly Service. Perhaps a decision will be made at the state level to leave tariffs at the same level.

The main consequence of the changes in the law is that all telephone conversations are now recorded automatically. Previously, conversations could only be recorded after a special order from law enforcement agencies.

By the way, the legislator tried to resolve the problem of issuing SIM cards to dummies. Now the telecom operator will be obliged to suspend service to a subscriber if it turns out that the data about him in the contract does not coincide with the real ones. And if it turns out that telecom operators have not fulfilled the obligation to identify subscribers, they will be held administratively liable.

2. Changes to the information law

The so-called organizers of the dissemination of information on the Internet are required to store data on the receipt, transmission, delivery and (or) processing of voice information, written text, images, sounds, video or other electronic messages from users and information about these users for one year. The content of messages must be stored for six months.

The information necessary to decode this data must also be provided to the appropriate authorities.

Who do these amendments apply to?

According to the Law “On Information, information technology and on the protection of information,” the organizer of information dissemination is a person who ensures the functioning of programs designed for operations with users’ electronic messages. An electronic message is any information sent or received by a user. In fact, this includes all Internet providers, but not only.

In our opinion, this law applies to all IT projects that meet the following criteria:

  1. They carry out user identification (registration, login via social media and other methods). Although, roughly speaking, any user can be identified, for example, by IP address.
  2. Their users perform any actions to transfer information or data. Any user action, for example, simply searching and viewing a product in an online store, is a transfer of information. That is, any Internet projects will have to store information about all the actions of their users on the site.

Thus, many business services, all online stores and other projects, fall under the law.

Of course, storage limits will need to be discussed individually for each project. Including - it will be necessary to request from government agencies official position on a particular project.

3. Requirements for carriers and postal operators have been strengthened

Now every person who provides forwarding services will have to control the contents of parcels, as well as the accuracy of information about their client. That is, this requirement actually applies to any carrier, including courier companies such as DHL, and private entrepreneurs who own a truck.

When concluding a contract, the carrier must perform two actions:

  1. Check the sender's documents and make sure they are true ( constituent documents for a legal entity and a passport for an individual);
  2. Make sure the contents of the shipment and the absence of any prohibited items.

“Yarovaya Package” is one of the largest documents adopted by the State Duma in last years. Some of its provisions have already been reflected in regulations, while others came into force in the summer of 2018.

What is the “Yarovaya Law” when the most controversial part of the high-profile initiative regarding the storage of information about telephone conversations and personal correspondence of Russians comes into force?

Authors of the amendments

The sensational package of amendments prompted by the media is named after one of the authors, State Duma deputy Irina Yarovaya, who participated in the development of such legislative initiatives as criminal prosecution for libel, tougher sanctions for violations of the rules for holding rallies, and the “law on foreign media media.”

Senator Viktor Ozerov worked on the amendments together with Yarovaya. At that time, both parliamentarians headed the security committees: Yarovaya in the lower house, Ozerov in the upper house. Four legislators were already listed as co-authors of the voting procedure: Alexey Pushkov and Nadezhda Gerasimova were added to the list of initiators.

Anti-terrorist “Yarovaya Law” – what is it?

In simple words, the “Yarovaya package” is two federal laws containing changes to regulations (intended, according to the authors, to prevent manifestations of terrorism):

  • No. 374-FZ “On amendments to the Federal Law “On Countering Terrorism” and certain legislative acts of the Russian Federation regarding the establishment of additional measures to counter terrorism and ensure public safety” dated 07/06/2016;
  • No. 375-FZ “On amendments to the Criminal Code of the Russian Federation and the Criminal Procedure Code of the Russian Federation in terms of establishing additional measures to counter terrorism and ensure public safety”, dated 07/06/2016.

What innovations does the “Yarovaya Law” contain?

The essence of the amendments

The first document (No. 374-FZ) made amendments to the laws on the FSB, foreign intelligence, weapons, the Housing Code and many other acts. Its provisions expanded the powers of security forces, tightened responsibility for extremism, rules for postal forwarding, and cargo clearance.

Thus, in the new version of Law No. 35-FZ “On Combating Terrorism” dated March 6, 2006:

  • Article 5 was supplemented by a new part (4.1) on the creation of anti-terrorist commissions in the constituent entities of the Russian Federation, the decisions of which are binding;
  • Article 5.2 was introduced, explaining the actions and powers of local authorities to combat extremism and terrorism;
  • Article 11 includes part 5, expanding the grounds for introducing the CTO regime.

The same law introduced amendments to the Housing Code of the Russian Federation, and with them a ban:

  • disseminate religious teachings in premises intended for housing (with the exception of rituals and ceremonies) (Part 3 of Article 17);
  • on the activities of missionaries if they are aimed at committing extremist actions, threaten others, etc. (Part 3.2 Article 22).

Changes to the Communications Law

Innovations in Law No. 126-FZ “On Communications” dated 07/07/2003 and their essence for cellular operators and Internet service providers is established requirement store user messages (voice and text messages), photos, videos, etc. sent in them, as well as information about telephone conversations or correspondence of subscribers. The storage location is within the country. The conditions - traffic volume and storage period - are developed by the Cabinet of Ministers.

The storage period for message content is up to six months. Information about their departure, delivery, processing, etc. should remain in storage longer:

  • three years – information about calls from mobile subscribers;
  • one year – data on email correspondence Russians.

The introduced clause 1, part 1.1, article 64 of the law on telecom operators obliges them to provide intelligence services with information about the telephone conversations of their clients. A similar requirement, but this time regarding the Internet activity of Russians hidden from the general public, is contained in the new paragraph (3.1) of Article 10.1 of Law No. 149-FZ “On Information, Information Technologies and Information Protection” dated July 27, 2006. And clause 4.1 obliges domain owners, providers and everyone who falls under the concept of “organizer of information dissemination” to transfer encryption keys to security forces for decoding user messages.

Failure to comply with the requirements of the security authorities will result in a fine. What its size will be is specified in Article 13.31 of the Code of Administrative Offenses of the Russian Federation, Part 2.1:

  • citizens will pay from 3,000 to 5,000 rubles;
  • from 30,000 to 50,000 rubles – officials;
  • from 800,000 to 1 million rubles – companies.

Amendments to the Criminal Code of the Russian Federation

Another normative act, included in the “Yarovaya package”, Law No. 375 added to the list of criminal offenses:

  • failure to report to law enforcement about a crime of a terrorist nature (committed, being committed or planned). The most severe sanction for this is imprisonment for 12 months. A citizen who did not inform about such an act committed by his spouse or close relative will not be held liable;
  • international terrorism with a maximum penalty of life imprisonment.

The updated version of the Criminal Code of the Russian Federation has expanded the list of crimes for which criminal liability begins at the age of 14:

  • participation in a terrorist organization and its activities (part 2 of article 205.4 and part 2 of article 205.5, respectively);
  • training to master skills for use in planned terrorist activities (Article 205.3);
  • failure to report a crime (Article 205.6);
  • act of international terrorism (Article 361).

When does the “Yarovaya Law” come into force?

IN " Rossiyskaya newspaper"The official text of the Yarovaya Law was published on July 8, 2016. On July 20 of the same year, the bulk of the innovations came into effect, including changes to the Criminal Code of the Russian Federation.

July 1, 2018 is the day specified in the Federal Law when Irina Yarovaya’s law comes into force regarding the requirement to store data on remote communication of Russians. However, the Russian Government is now discussing the possibility of delaying the entry into force of the law for several months. This was announced by Deputy Prime Minister Arkady Dvorkovich. The need for a delay is associated with the development of by-laws that will determine the volume and duration of data storage under this law.

According to the Big Four cellular operators, organizing message storage alone will require more than 2.2 trillion rubles. Ultimately, the costs of companies will lead to a sharp increase in tariffs. The Ministry of Telecom and Mass Communications allowed the cost of cellular communication services to increase threefold.

The hopes of the telecom industry were not justified: Vladimir Putin signed an “anti-terrorism” package, which is now commonly called the “Yarovaya package.” Now telecom operators and Internet companies will be required to store the contents of their users’ messages for six months. Moreover, the president separately instructed the FSB to develop a procedure for decrypting user messages.

“Yarovaya Package”: the law is now “written”

Russian President Vladimir Putin signed an “anti-terrorist” package of amendments developed by deputy Irina Yarovaya and senator Vladimir Ozerov. Among other things, telecom operators will now be required to store information about the receipt, transmission, delivery and processing of messages from their subscribers, including text messages, sound, video, images, etc., for three years.

Moreover, the contents of the messages themselves will need to be stored for up to six months. Currently, telecom operators must store information about subscribers and the communication services provided to them for three years, but there are no requirements for storing the contents of the messages themselves. Telecom operators are also prohibited from using uncertified encryption equipment.

Similar requirements are being introduced for organizers of online distribution (ORI). This term was introduced in 2014 as part of another “anti-terrorism” package of laws developed by the same Irina Yarovaya. We are talking about Internet platforms that allow users to communicate with each other, in particular, social networks, blog platforms, etc.

As part of the 2014 law, ORIs are required to store in Russia data on all messages transmitted by their users for six months. Now ORI is obliged to store data on transmitted messages for a year, and the contents of the messages themselves for up to six months. Moreover, if users use encryption (encoding), ORI will have to transfer the keys to the FSB to decrypt them.

When does the Yarovaya Law come into force: instructions from the President

At the same time, Vladimir Putin gave a number of instructions to the government in connection with the adoption of this bill. In particular, the Cabinet of Ministers must, together with the FSB, prepare draft regulations “aimed at minimizing the risks associated with the application of this law. The President especially indicated that it is necessary to “clarify the stages of application of norms that require significant financial resources and modernization technical requirements economic entities subject to the law, taking into account the need to use domestic equipment.”

By July 20, the FSB must approve the procedure for certifying encoding (encryption) means when transmitting messages on the Internet, defining a list of means subject to certification, as well as the procedure for transferring encryption keys to intelligence services. Thus, security officers have only two weeks to develop a procedure for decrypting messages from Internet users.

By November 1, the FSB will have to develop and introduce “a register of organizers of the dissemination of information on the Internet, providing, at the request of authorized departments, the information necessary for decoding received, transmitted, delivered and processed electronic messages in the event of their additional encoding.”

Currently, the ARI registry is maintained by Roskomnadzor. From this wording it follows that either the FSB will take away this register from Roskomnadzor, or create its own, separate register. A source in Roskomnadzor admits: this register will be introduced in any case in the interests of the FSB.

Vladimir Putin instructed the government to prepare the production in Russia of software and equipment necessary to implement the “Yarovaya Law”. By September 1, 2016, the Ministry of Industry and Trade together with the Ministry of Telecom and Mass Communications will have to analyze and submit proposals on the possibilities, timing and volume of financial costs in order to organize domestic production equipment and the creation of domestic software necessary for storing and processing information of all types of messages transmitted by Internet users, and information about these users, indicating specific production sites in Russia.

It will also be necessary to pay attention to the application of the law on liability for the use of uncertified coding (encryption) means on communication networks and on the Internet and on the termination of the provision of communication services in the event of failure to confirm the compliance of the personal data of actual users of communication services with the information specified in subscriber contracts. The relevant instructions will need to be completed before November 1, 2016.

After the news about the signing of the “Yarovaya Package” appeared, the Runet was full of similar postcards

Some concessions as part of the anti-terrorism package

From the very beginning of the appearance of Irina Yarovaya’s “anti-terrorism” bill, the telecommunications and Internet industry reacted extremely negatively to it. In the original version of the bill, it was assumed that both telecom operators and Internet companies would have to store both information about their users’ messages and the contents of all messages for three years. Among other things, the government also expressed its protest against this norm, asking legislators to change these deadlines downwards.

During the second reading of this package of bills in the State Duma, legislators decided to partially listen to the criticism of the industry: the rule on storing the contents of messages - both for telecom operators and for ORI - was adjusted and reduced for a period of "up to six months." Moreover, the law states that the government will have to establish more detailed requirements for the format and retention periods of user messages.

After the adoption of the law, Irina Yarovaya stated that this document does not oblige operators to store user messages at all: this issue remains at the discretion of the government. In addition, if the law itself comes into force on July 20 of this year, then the requirements for storing the contents of messages will only take effect on July 1, 2018. That is, operators will have time to prepare.

For ORI, the storage period for information about the facts of transmission of messages by their users has also been reduced: to one year. At the same time, during the second reading, the deputies prepared another unpleasant “surprise” for Internet companies: if their users use encryption (coding), the ORI will have to hand over the keys to the FSB to decrypt them.

This standard is impossible to meet, market participants warn. Interference with the functioning of international encryption standards, for example, SSL, will lead to the fact that Russian users may simply be excluded from international transactions, for example, in the banking sector, experts note. In addition, encryption is often performed on the user’s side, and the Internet service serving him is simply not able to transfer the decryption keys to the intelligence services.

And, in any case, foreign Internet companies will not comply with the requirements of Russian legislation, just as they are already refusing to register in the ARI register. Accordingly, Russian Internet services will lose to them in the competition.

"Package" worth 5 trillion rubles

Before the consideration of the “anti-terrorist” law in the Federation Council, the heads of the Big Four mobile operators - MTS, Megafon, VimpelCom and Tele2 - appealed to the Speaker of the Upper House, Valentina Matvienko, to reject the document.

Each of the major mobile operators estimates their costs for implementing this at least 200 billion rubles. Total costs Operators estimate the implementation of the entire system at 2.2 trillion rubles, and the Government Expert Center names an even larger amount - 5.2 trillion rubles. The result of this will be an increase in tariffs for subscribers, a refusal to develop networks, and even losses to the state in the form of lost income taxes (in this situation, the business of telecommunications companies will become unprofitable").

Tele2 and Megafon openly promised that tariffs for subscribers would increase two to three times. “On his Facebook page he gave the following forecast. Subscribers should prepare for an increase in prices for the Internet and cellular communications by two to three times, - Pyotr Lidov-Lidovsky, director of public relations at Megafon, draws a pessimistic forecast. “The Ministry of Finance should wait for the disappearance of income tax revenue from telecom operators within ten to twenty years, since the costs of operators to comply with the requirements of the law will exceed their revenue.”

“The Russian communications industry as a whole will face stagnation, since all the money, instead of developing new technologies, will be spent on recording and storing telephone conversations, videos viewed on the Internet by every citizen and all other files, texts and documents sent by individuals and legal entities,” continues Lidov - Lidovsky. “But American and Chinese companies will benefit, they will receive excess profits (billions of dollars) through the sale of equipment for storing data arrays of information.”

“Since about ten thousand private companies - large and small - will store all the information about you - from photographs of your beloved mother-in-law to money transfers - you will soon be able to read the yellow press with much greater interest, and any information about any citizen, including the most intimate , you can buy it very inexpensively, without leaving the couch,” the Megafon representative makes another conclusion.

Another controversial provision of the new law in the region is the obligation to terminate service to a subscriber if his actual passport data does not confirm the data specified in the contract for communication services. This may lead, in particular, to the disconnection of minor children whose contracts are in the name of their parents.

The costs of implementing the law and Internet companies will be high. Thus, Mail.ru Group, according to the Vedomosti newspaper, valued them at $2 billion. “” also presented its estimates. One of the provisions of the new law states that postal operators are required to check parcels at all stages of shipment for the presence of substances prohibited for transportation (for example, explosives).

To do this, you should use special equipment: X-ray television, radioscopic installations, stationary, portable and hand-held metal detectors, gas analytical and chemical equipment. Currently, this type of equipment is installed only in points international shipments, as well as at mail sorting points. Equipping all 42 thousand post offices with special equipment will cost 500 billion rubles, Russian Post has calculated. Another 100 billion rubles will be required to maintain this equipment and maintain the relevant personnel.

That is, the total costs of Russian Post to implement the law will amount to 600 billion rubles. At the same time, the company’s revenue for last year was four times less - 149 billion rubles. Moreover, according to the Minister of Communications Nikolai Nikiforov, a similar picture - the excess of future expenses over revenue - is observed among 700 other participants in the postal market.

Nikiforov himself also actively criticized this bill. After its adoption by the State Duma in the II-III readings, the minister expressed regret that the government’s position was not heard. However, after the president signed the law and distributed instructions related to it, the minister said that the president “heard” him.

Anti-terrorist fines

Simultaneously with the “Yarovaya package,” amendments were adopted to the Code of Administrative Offenses (CAO) on the establishment of fines for non-compliance with the requirements of the new law. Failure by the organizers to provide encryption keys will result in a fine. For individuals it will range from 3 thousand rubles to 5 thousand rubles, for officials- from 30 thousand rubles to 50 thousand rubles, for legal entities- from 800 thousand rubles to 1 million rubles.

The amount of fines for organizers of information dissemination for failure to provide law enforcement agencies with access to their users’ messages has also been increased. For legal entities it now ranges from 300 thousand rubles to 500 thousand rubles, the new amount of fines will range from 800 thousand rubles to 1 million rubles.

Measures have also been taken against telecom operators to decrypt communications. The article on fines for the use of uncertified communications equipment by telecommunications companies has been supplemented with penalties for the use of uncertified encryption equipment. The fine for this will range from 30 thousand to 40 thousand rubles for legal entities with the possibility of confiscation of the relevant equipment.

A fine for telecom operators for failure to comply with the requirement to include subscriber data in contracts for the provision of communication services will also be levied in case of violation of the current subscriber identification procedure. The fines range from 200 thousand rubles to 400 thousand rubles for legal entities.
The use of the media and information and telecommunication networks to disclose state secrets will also be prohibited: for this, the fine for legal entities will range from 400 thousand rubles to 1 million rubles.

On Friday, June 24, the State Duma will consider in the second and third readings a high-profile anti-terrorism package of bills by deputy Irina Yarovaya and senator Viktor Ozerov. Russian Internet companies are already noting that the adoption of laws will jeopardize their business and limit freedom on the Internet. Lenta.ru explains why the Yarovaya package will not help in the fight against terrorism, but will forever change the fate of the Russian Internet.

What Yarovaya and Ozerov offer

The “Yarovaya package” contains a number of proposals to counter extremism and terrorism online. In particular, it is proposed to increase the responsibility for its propaganda - justifying terrorist acts or calling for them is supposed to be punishable by imprisonment for up to seven years.

But the most resonant amendments directly concern Russian Internet companies. In the text of the bill, they are called “organizers of information dissemination on the Internet,” so the “Yarovaya package” potentially includes news portals, postal services, social networks, instant messengers, forums and even online stores. All of them will be required to store information about the transmission and processing of text messages, images, sound files and video recordings of users. Intelligence agencies will be able to access this data if required for investigation or national security.

In addition, companies will be required to provide government agencies with tools to decrypt protected services. This will also affect owners of websites using the HTTPS Internet protocol. If they refuse, they will face a fine of up to a million rubles.

The proposed laws would require telecom operators to keep records of all subscribers' calls for six months, and information about their incoming and outgoing calls be available to intelligence agencies for three years. Moreover, the bill does not in any way regulate the procedure for storing this data. Operators will also have to confirm the authenticity of users' identities within 15 days.

How much is it

Russian companies will be forced to install all the necessary equipment at their own expense and rent data processing centers for storing information. This will require huge expenses, primarily from mobile operators, forced to keep records of all incoming and outgoing calls for six months. MegaFon estimated costs at $20.8 billion, VimpelCom at $18 billion, and MTS at $22.7 billion. And for the whole of 2015 " big three" and Tele2 earned $17.8 billion.

Internet companies are also sounding the alarm. Mail.Ru Group calculated that they would have to spend up to $2 billion to install the equipment, and the annual cost of supporting it would be another $80-100 million. Mail.Ru's revenue for 2015 was $592 million.

Internet Ombudsman Dmitry Marinichev directly that on Friday the State Duma will consider “a death sentence for Russian telecom.”

Are internet companies trying to stop the law from being passed?

Yes. The Russian Association of Electronic Communications (RAEC), which includes more than 200 Russian Internet companies, has already sent letters to Presidential Aide Igor Shchegolev, Minister of Communications Nikolai Nikiforov, Speaker of the Federation Council Valentina Matvienko and head of the State Duma Committee on Information Policy Leonid Levin with a request to prevent the adoption of the “package Spring".

RAEC quite reasonably believes that the bill will lead to an invasion of the privacy of citizens. They will be deprived of the right to privacy of correspondence, all their actions on social networks and conversations will be recorded and stored on company servers for six months.

In addition, the anti-terrorism package will jeopardize national security Russia. Hackers and foreign intelligence agencies could theoretically gain access to government-held encryption keys for protected services. The same argument in May 2015 defeated US President Barack Obama's efforts to force Apple, Google and Microsoft to give the FBI and CIA access to encrypted data.

Due to the huge costs of renting servers and installing equipment, Internet companies and mobile operators will reduce investments in many promising projects. And this includes the expansion of 4G networks and the introduction of 5G, increasing Internet speed and the development of the Internet of Things, not to mention research in the field artificial intelligence and neural networks.

In addition, data storage equipment will mainly be purchased abroad, since Russia either does not have it today or is inferior to Western analogues. This will increase Russia’s dependence on foreign companies like IBM, Cisco and Huawei, which directly contradicts the policy of import substitution. In addition, information protection can only be ensured by major players market, and small ones can easily become victims of hacking, and user data will end up on the network.

Yarovaya's anti-terrorism amendments threaten Russian Internet business.

A foreign companies may well refuse to comply with the law or limit their presence in the market. Russians will lose access to new Google and Facebook options, timely iOS and Android updates, as well as many other promising technologies. This will lead to a general degradation of the Russian Internet industry.

Will the “Yarovaya package” help fight terrorism on the Internet?

This is a very controversial issue. Mass collection and processing of information can really help identify potential terrorists and extremists. A similar metadata analysis program in the United States, according to the FBI, CIA and NSA, did help prevent many terrorist attacks, although it came under serious criticism after the Edward Snowden revelations. However, the Americans spent billions of dollars on its implementation, and also compensated the costs of Internet companies participating in the project, including Google, Facebook and Microsoft.

On the other hand, encrypted traffic is expanding all over the world, and Russia is no exception. The head of Roskomnadzor, Alexander Zharov, estimates its share at 15-20 percent, but Google claims that in Russia the encrypted HTTPS protocol accounts for up to 81 percent of traffic, while for Rostelecom this figure is 50 percent.

When using HTTPS, all transferred materials are visible to the Internet service, for example, the VKontakte administration, but are not available to the provider. In some cases, the correspondence can only be read while the Internet session is ongoing, that is, the user is online. Once the session ends, the encryption key is automatically deleted. This makes storing data pointless, because now they cannot be decrypted anyway.

At the same time, terrorists prefer secure services, including the Telegram messenger. There are information channels of the Islamic State terrorist group banned in Russia, through which extremist ideas are promoted and new militants are recruited. According to reports, it is not yet possible to hack Telegram, and its founder Pavel Durov is strongly opposed to cooperation with intelligence services.

The recently end-to-end encrypted messengers WhatsApp and Viber do not reveal user data, and programs such as FireChat can generally do without standard operator networks when sending messages. All of these companies will most likely simply ignore notices of millions in fines for non-compliance with Russian legislation, because they are registered in other countries and, with the exception of Viber, do not have servers in Russia. Facebook will do the same, storing the data of Russians on its European and American servers.

Photo: Anastasia Kulagina / Kommersant

Yarovaya’s amendments will in no way restrict terrorists’ communication through encrypted services, including the Telegram messenger

However, such blocking requires constant monitoring and powerful operational resources. In China and Iran, restricting the operation of certain services is a common practice, and the state annually allocates considerable funds for this. In China, a unique “Golden Shield” system has been operating for more than 10 years, capable of monitoring anonymizers and VPN services.

In Russia, there is practically no experience in tracking encrypted traffic mobile applications, and the same Roskomnadzor blocks sites only by domain. Moreover, to limit access to protected instant messengers, it is necessary to develop legislative framework, which is simply missing today.

But even if domestic intelligence services manage to limit access to Telegram and WhatsApp, terrorists will certainly find other ways of communication. For example, the Tor network, which even the US government cannot hack yet.