The Russian Federal Security Service (FSB) hason its website that it finalized the technical and operational procedures through which it plans to collect encryption keys to decrypt Internet traffic.
On June 24, a month ago, the Russian Duma passed awhich allows the Russian state to require backdoors in all encrypted traffic, while also forcing telecom operators to log and store all traffic for at least three years.
Before the bill was voted, Russian authorities explained that the law was nothing more than a tool to fight terrorism in the country, a similar explanation that Chinese authorities gave last year when they adopted a similar law.
The law applies to all Internet traffic, not just mobile messaging apps
Russian politicians blamed apps like Telegram, WhatsApp, Viber, and Allo as tools used by terrorists and criminals, and used them as the public faces for their campaign to get the law approved.
In reality, the law applies to all Internet traffic, along with cell-phone communications, not just mobile apps.
Two weeks after the Duma passed the law, Russian President Vladimir Putin demanded the FSB to find a way to collect the encryption keys to decrypt encrypted traffic.
Two weeks after his demand, the FSB announced today that it finalized the procedure through which the encryption keys would be obtained from all Internet companies.
The FSB sent the order to the Ministry of Justice for official registration, after which it will start enforcing it.
Implementation procedure can be acceptable or… dictatorial
At this moment it is unclear how this procedure works. Are companies supposed to provide a master key to their encryption that the FSB can use all the time when it feels like, or will the FSB knock on the company’s door whenever is investigating a case?
Companies that won’t abide with FSB requests risk fines from 800,000 to 1,000,000 rubles ($12,400-15,500).
The same bill also includes fines for regular Russian citizens, if caught using encryption and failing to abide by requests to decrypt their traffic. Russian citizens will be fined from 3,000 to 5,000 rubles ($45-77), while state officials from 30,000 to 50,000 rubles ($4,500-7,700).
We will be curious to see if Apple stands up to Russia and the FSB like it did to the FBI.