The President of Russia Vladimir Putin July 7, after the signing of the “Spring package” instructed the Federal security service until July 20, 2016 to find a way to transfer the encryption key in the Internet the secret service. Responsible appointed head of the FSB Alexander Bortnikov. About how does a Russians total surveillance, says the BBC.
To trace all actions of the Russians in the network, the people in uniform need to curb electronic chaos that is mathematically impossible. But there are plans simpler: to put pressure on the operators to block the encrypted content (Chinese script) or to search the smartphones on the subject of Smoking messengers.
The discussion of this issue became possible after the adoption of the “anti-terrorism” package of laws in the last days before the parliamentary holidays.
What is the encrypted Internet traffic?
Traffic is information that is transmitted in the world wide web. The information is exchanged every time the user clicks the link, sends a message or starting a video.
If the traffic is encrypted, can read it only the sender and the recipient (the person on the other end or the server hosting the desired information), and no one between them, whether government or criminals. The most popular way to encrypt network traffic – the data transmission Protocol is HTTPS.
“The global sweep of the clearing to read in the interests of the security services, it seems to me technically impossible or very difficult to realize”, – Andrey Masalovich, an expert on competitive intelligence in the Internet
The creators of Internet services, mobile applications and gadgets are competing to develop the most difficult to decrypt the transmission. So, the technology MTProto underlying Telegram messenger, borrows algorithms, opened in 1976, the American cryptographers Whitfield Diffie and Martin Hellman.
In Russia, according to Roskomnadzor, the encrypted 15-20% of traffic; in the West the figure has already crossed over 50% in the coming years may reach nearly 100%.
If the traffic is encrypted, the attackers and the government can’t see what we’re doing on the Internet?
They have many ways to get the information you need – from programs-spies who take pictures of screens covertly, to violence against the owner of the information.
Often bastions of encryption fall under the onslaught of hackers or intelligence agencies. In April 2016, the Federal Bureau of investigation, the United States stated that to overcome the protection of one of the iPhone, after paying criminals over $1.3 million
The attempt of the Ministry of internal Affairs of Russia to crack TOR anonymous network for 3.9 million rubles in 2014 failed. The interior Ministry has filed a lawsuit against the Institute, who volunteered to absorb the funds, but then refused the claim.
Usually a combination of different methods to penetrate the personal space of the user, the mass reading of forbidden traffic on the Internet is impossible, if possible at all.
“As a rule, the traffic is decrypted by the target, — said the expert on competitive intelligence in the Internet Andrey Masalovich. For example, the task was to decrypt TOR, experts from MIT (Massachusetts Institute of technology) is partly coped with it. With some degree of success was to compromise some versions of the Protocol [data transfer between the user and the website] SSL. It was a separate, individual projects. The global sweep of the clearing to read in the interests of the security services, it seems to me technically impossible or very difficult to realize”.
So FSB should find a way to decrypt all encryption to the 20th of July?
From the orders of the President published on the Kremlin website, is directly should not be. Within two weeks of the FSB must determine what cryptography can and what cannot be used in Russia, and to determine the order of transmission of the keys to deciphering “the authorized body in the field of security”.
Internet services (in the law of Spring they are called organizers of information distribution), which will not provide the FSB encryption keys, can be fined from 800,000 to 1 million rubles. Also there is a penalty for individuals who use not certified in Russia the means of encryption – from 3000 to 5000 rubles.
“The FSB is on the traditional way – trying to solve the problem with certification – said the founder of the site Agentura.ru Andrei Soldatov. – Roughly speaking, the country will be admitted only those technologies that are certified by the Russian intelligence services. Such tactics could be more or less effective in the late 1990’s-early 2000-ies, when encryption is implemented at the hardware level. It was possible physically to restrict the import of laptops with cryptography. Currently many encryption mechanisms implemented at the software level. You can prevent Apple to bring smartphones with cryptography, but then people will just download a new version of the software, and the FSB will remain with nothing”.
Soldatov notes that foreign Internet services have violated Russian laws on bloggers and the storage of personal data in the country, but their health is not affected.
If we continue to use services that encrypt the traffic?
Most likely, Yes. Since the law of Spring will act only in Russia, to hand over the encryption keys will be required only by local companies, foreign (or formally foreign) services are unlikely to cooperate with the FSB.
“I can’t imagine that FSB officers walked the streets and checked smartphones – is there WhatsApp or Telegram, says Andrei Soldatov. – In the absence of such methods, to forbid us to use foreign services impossible. Since the end of last year in China’s Xinjiang province conducted an experiment to disable smartphones for those who use filters and foreign messengers. I am very skeptic of that, the operators are many, we are not in a situation of Kazakhstan and Uzbekistan”.