
Russia Moves To Ban Online Services That Don’t Store Personal Data In Russia - tonymon
http://techcrunch.com/2014/07/02/russia-moves-to-ban-online-services-that-dont-store-personal-data-in-russia/
======
cyphunk
It sounds evil but balkanisation of the Internet is a natural result of the
erosion of trust in corporations and other stewards of this medium. The
NSA/GCHQ scandal only pushed it a little further. We all know that any great
medium starts out as a bastion of understanding, sharing and common good until
a bunch of trolls show up to ruin it all (ahem, reddit, ycombinator, digg,
etc). Until that moment we enjoy all the freedoms that such a medium offers
and we assume it is something of and unto itself, never to be destroyed. In
the Internet's case the trolls were capital coming to understand how to modify
the Internet to extract wealth and governments looking for a competitive edge
over others using the Internets structural flaws to obtain that edge.

The erosion in this case is more harmful to many people than trolls showing up
to reddit. So I think it's natural that people recede slightly from the idea a
globalised common communal identity created by the Internet and look toward
their national structures to protect them. As Snowden said in some QA "Our
founding fathers did not say that all [US persons] were created equal". Until
the irony of that statement is not cleared up internationally and human rights
are absolutely universal balkanisation of the Internet will come. Russia,
despite being an odd democracy, is only jumping onto a boat that already
sailed in Brazil and other locations.

~~~
spindritf
_balkanisation of the Internet is a natural result of the erosion of trust in
corporations and other stewards of this medium_

Not even close. This is another regime looking to suppress dissent, just like
China has been doing all along. They don't trust their own citizens, not
"corporations and other stewards of this medium." You're buying a flimsy
excuse for cracking down on free speech.

Their problem has never been that some company cooperates with the US. It has
always been that multinationals couldn't be easily strong-armed into
cooperating with the local authorities. And no, it wouldn't matter if the US
had the same problems.

~~~
bad_user
> _This is another regime looking to suppress dissent, just like China has
> been doing all along._

No government can act without the acceptance of a majority of the citizens.
China's firewall can only exist because the Chinese people are accepting it in
the name of protecting children or other such bullshit - brits should watch
out, as their personal liberties have been eroded in the name of safety for
too long. And if you live in the US, I suppose you're familiar with the
Patriot Act ;-)

No, governments don't do this unless a majority approves - that they approve
for the wrong reasons, that's another story entirely. But as I kept saying
ever since Snowden's leaks happened - the US government fucked things up, they
won't even admit to how badly they fucked up and this will have deep
repercussions internationally regarding the future of the Internet. A lot of
international (mostly US) companies will get hurt by this, because (1) they
didn't have a saying in the matter, yet the public views them as being guilty
nonetheless and (2) because of balkanization.

And the US can't point fingers and say "look who's talking", as that won't
achieve anything. Say that to the Russian public who approves this. The US, as
the stewart of the Internet, should have been careful to not fuck things up so
badly in the first place. And after Snowden's leaks I would have liked to see
some apologies, some heads falling - but ALAS, no, nothing of the sort - only
a direct confirmation that they don't care about the rights of foreign
individuals and as a non-US citizen, how do you think that makes me feel?

~~~
VMG
> No government can act without the acceptance of a majority of the citizens.

This is not a contradiction to the original statement. Even if the majority
wants to suppress minority dissent (or do worse things to minorities), it's
not the right thing to do.

~~~
menato
> Even if the majority wants to suppress minority dissent (or do worse things
> to minorities), it's not the right thing to do.

Let me follow your definition, say, in the case of Ancient Rome. There is a
minority of masters and a majority of slaves. Minority of masters has a
dissent (from the slave's point of view, of course) that slaves should stay
slaves. So, according to you, it is wrong for them to fight for their freedom,
right?

~~~
VMG
No, I should have worded it more carefully: Majority opinion isn't
_necessarily_ ethical, though it can be. They're independent concepts.

~~~
menato
This statement makes sense for some specific ethic systems.

For instance, in almost all modern states there are ideas, which are shared by
some majorities and considered unethical in Christian ethic system.

But bad_user seems to imply ethic system which is based on the aggregate
citizens vision. With such ethic system opinions of majorities are ethical by
tautology.

------
ThePhysicist
Brilliant move: Protect the Russian citizens from foreign government spying by
making sure that all their data stays in their own country under the
protection of their democratic government. Oh wait...

~~~
rdtsc
Granted they could have done it before as well, it is just that the shining
example of "open" and "free" has been revealed to suck up and spy on
everything and everyone so now they can easily do it because there NSA did the
PR bit for them. "Oh look the evil NSA is taking out citizens' data". You see,
it actually is so and no matter how sarcastic you want to get it is still
true.

Same with terrorism. When we attacked Afghanistan and Iraq with the War Of
Terror. That opportunity didn't escape the Russians, they quickly issues a
letters of support of American people blah blah and then proceeded to switch
to running their own War of Terror in Chechnya. This was very nice as they
just let the US Dept Of State do all the PR for them.

> of their democratic government.

Well presumably our democratic government is terrific. We have great income
inequality, we torture people in some hidden loophole prison on a island, we
invaded multiple countries with some WMD fake pretest. We are blasting away
even our own citizens with drones in countries we are not even at war with. So
one can argue democracy is not really that nice, it obviously doesn't work
very well or out people are just mean and evil. Which, then, maybe they don't
deserve democracy.

~~~
ThePhysicist
Just to clarify: In my comment I was not actually suggesting that I consider
Russia to be a democratic country, quite the contrary in fact. Sorry if that
didn't become clear.

------
4k
I think the problem with privacy violation is twofold.

1) Protecting Citizen's data from snooping attempts of foreign intelligence
agencies. Which is state's responsibility imo, which in this case it's
carrying out. In this regard, this is good news,

2) Protecting Citizen's data from the state itself. This is a particularly
tricky one, since there's no government agency which acts as counterweight to
the intelligence agencies. In this regard, I am not so sure if its good news.
What if this law was only passed to _enable_ Russian intelligence agencies to
gain easy access to all the citizen's data? Which seems plausible and
predatory (nobody spies on our Citizens but us).

It will probably take a combination of Technological and Legal changes to
really ensure privacy of the people. I can see how it could possibly come
about. There's a small set of people (read Big Government) who want to
maintain control over Citizens by compromising their privacy. There's a big
set of people who stand to get harmed by privacy violations. But there is a
third set of people who has influence on first set (read wealthy class in all
its forms), but who also stands to lose from privacy violations, and who also
has means to fight it legally and legislatively. The third class would
probably be the drivers of privacy reforms we'll see in coming years/decades.

~~~
alexro
Russian intelligence agencies had access to everything all along. Every big
telecom in Russia is obliged to implement the necessary procedures.

~~~
omgtehlion
Even not that big telcos have to install SORM h/w. At their own expense of
course...

------
therealunreal
It's sad that it's spiraling down to this but it is _in practice_ no different
than what the US is doing. There's no free speech without privacy so this
looks like a "choose your dictator" kind of thing.

~~~
jacquesm
The difference here is that America does not care whether you store your data
on services in Europe or Russia, but Russia does. Clearly in practice this is
very different to what the US is doing.

~~~
tomp
Of course it doesn't because most, if not all, international internet services
are actually based in the US, and there are laws/courts saying that US
companies should give over data even if it's stored abroad. No other country
has this kind of power, so it's reasonable that they try other ways of
protecting their access to information.

------
abc123xyz
While at 143 million people Russia has the largest population, this is rapidly
shrinking, Russian internet (runet as they call it) was already mostly
balkanised mainly due to language.

I find it amusing that they are doing this in "the name of combating piracy"
when right now a certain russian site is hosting 1.2 million (mostly western)
pirated ebooks and 28 million pirated scientific articles

~~~
insuffi
Except birth rate in Russia has been rapidly increasing in the last 14 years.

They are making steps to legalize content, such as vkontakte legalizing 70% of
their media material.

~~~
vitalique
Yay teen pregnancy!

~~~
guard-of-terra
Nope, it isn't. First birth age is growing like everywhere in post-transit
countries.

(This also leads to statistics under-predicting birth rate)

------
AndrewDucker
I'm wondering if this is a direct attack on Livejournal, which is still
incredibly popular in Russia, used for political dissent, and hosted in the
US...

------
davidjgraph
Aside from the politics, this causes me to have 2 questions:

1) Are there any cloud file storage systems along the Drive/DB lines in Russia
that apps providers can integrate with?

2) Not that anyone here knows the answer, but will the cloud storage providers
implement data routing that complies with these rules (I guess yes, if the
money is worth it)?

If anyone here is interested in country specific SaaS integrations (Germany,
Brazil and Russia, for example), my email in profile.

~~~
tonymon
1) Yes, there is. For example Selectel: [http://selectel.com/services/cloud-
storage/](http://selectel.com/services/cloud-storage/) based on OpenStack API,
very easy to integrate.

>Data storage ~0.088$ for 1GB per month or ~0.131$ for 1 TB per hour

>Network (outgoing traffic) ~0.023$ per 1GB

>Network (incoming traffic) free-of-charge

They also recently announced CDN option with Akamai partnership at no
additional cost

------
tempodox
This does make sense from a purely logical point of view. If personal data is
to be exploited and plundered, at least make sure it's done by your own
villains under the control of your own laws. Why volunteer anything to the
competing spy agencies?

------
Grue3
>it would take effect in September 2016

Great, so now I have a deadline to get out of here. Anyone hiring?

------
huhtenberg
It's a post-Snowden world, so I can't say I'm surprised nor that I think it's
ridiculous. I also strongly suspect that EU will follow the suit shortly.

~~~
jacquesm
The motivations Russia has for doing this are not currently present in the EU
so I highly doubt that.

~~~
huhtenberg
Pray tell what these motivations are.

Just talk through them and then ask yourself if they are in fact "not present"
outside of Russia given all the NSA and GCHQ shenanigans that have surfaced.

~~~
jacquesm
This is all about their ability to censor and has nothing to do with the
stated reasons (combating piracy / protecting the privacy of Russian citizens
and other fig leafs).

If you want to know the real motivations for this then it helps to remember
Putin's origins and articles like this:

[http://www.washingtonpost.com/world/russia-telecoms-
watchdog...](http://www.washingtonpost.com/world/russia-telecoms-watchdog-
warns-of-possible-twitter-
ban/2014/05/16/a8c8bf98-77db-4bbb-8efe-d25a75de84ad_story.html)

The rest of Europe does not (for now) share any of those motivations with the
Russian rulers.

~~~
huhtenberg
Is UK included in "the rest of Europe" by any chance?

Besides if the censorship were _the_ goal, then it's perfectly doable as of
now and regardless of the physical location of the servers. Just ask Saudi's.
To understand the motivation you have to stop reading Washington Times and
looking at Putin's origins and instead consider what he has accomplished in
recent years - he essentially resurrected the national pride. In this context,
it's only logical that they now view their dependency on (mostly) US companies
as unbecoming, _especially_ in the light of Snowden revelations, hence the
move in question. You may also recall the hocus-pocus Visa did not long ago by
showing a middle finger to some Russian bank as per directive of the US
department. Now, swap the US and Russia and consider what the US reaction
would've been.

If you are thinking it's all about censorship, you are missing a much larger
picture.

~~~
jacquesm
The UK is in many ways more of an extension of the US than a part of Europe
and behaves accordingly.

What the US's reaction would be if the situation was reversed is moot because
that's not the world we currently live in. The fact is that Putin and his band
of boyscouts are rapidly reverting to type and getting the communications
between Russian citizens under their control is just another step in that
play.

If you think Putin has restored national pride then you are falling hook, line
and sinker for the propaganda, that's just cheap talk for the consumption by
the gullible. Pride you achieve by having something to be proud of, this is
just warmed over nationalism.

------
ganwar
Russia as a country sees storage of internet data as a tactical disadvantage
against US.

They are only moving ahead to level the playing field as much as they can.

~~~
dkarapetyan
Yup, politicians are starting to realize that digital data in all its forms is
now a competitive advantage and they are looking to control it like any other
national resource.

------
dschiptsov
What would one expect from "Bydlostan". Russia has been destroyed in 1917,
USSR in 1991.)

Pelevin (the best modern Russian writer) came up with another more appropriate
name - "Patsaneriya".

This "protection" of personal data is the same as "protection" of Russian-
speaking in Crymea - just an excuse for a grab.

------
hexleo
>The Russian government has moved one step closer towards a “China-like”
approach towards Internet services. Bad news for Russian. In China sometimes
you want to use google to search something is deny. We use some software to
cross the "Great Fire Wall" to see the whole world.

------
dattanin
May be i am missing something, but having servers in one country's border
doesn't mean that data is not available to those whom you don't trust. How
does this fit in a proactive strategy to identity theft or similar things.

------
qwerta
Europe has similar law (personal data should not leave Europe), but it is not
as widely enforced.

Edit: since I am getting down voted let me explain.

> The EU Data Protection Directive requires that personal data a company
> collects can not be moved somewhere where the consumer will have weaker
> protections than in the EU.

Practically it means that data can not be moved outside of EU, since they
would be under different jurisdiction. For example court in EU must approve
all data disclosures. If data are in US the disclosure could bypass courts in
EU, there could be even gag order.

Simply put, the EU can not enforce its law in foreign countries. Safe Harbor
and similar are nice in theory, but it still does not put them under EU
jurisdiction.

BTW: Irish Google got sued already for sharing data with american mother-ship.

~~~
vidarh
Not quite. The EU Data Protection Directive requires that personal data a
company collects can not be moved somewhere where the consumer will have
weaker protections than in the EU.

This has required some workarounds, such as "safe harbour" provisions that US
companies need to accept in order to receive personal data from EU _companies_
that have collected them from users, which basically boils down to that the US
company need to agree to comply with the same basic rules as if the data had
stayed in the EU.

End users can pass their data to whomever, whether or not they comply with
these rules.

~~~
qwerta
But US companies are target to NSA survailence and data disclosure, so they
can not comply with EU regulations by definition.

~~~
vidarh
Some have made that argument, but EU companies are also subject to disclosure
laws. E.g. Regulation of Investigative Powers Act (RIPA) in the UK. So it is
unclear whether this would affect anything.

That said, one of the objections that caused the Data Retention Directive to
fall in the EU courts was privacy considerations, so who knows. To find out
we'll need a lawsuit.

------
dkarapetyan
Makes sense. Data at this point is as much of a economic competitive advantage
as anything else and managing it like any other national resources makes a lot
of sense.

------
Nux
Beyond all the bad sides, this could be good for the local economy/providers.

------
th3iedkid
such laws can create good employment opportunities for local people and can
effect economy in a positive way too!

------
ajb
Any hosting companies in Kaliningrad? :-)

~~~
homhomhom
There are plenty of hosting companies operating in Russia for Russian market.
It's not rocket science.

------
ulfw
And so it begins...

------
senthilnayagam
china & russia already have its own facebook, twitter, google clone, will
India and Brazil join the party, thats the question to ask

------
PeterGriffin
This will be enforced only against companies big enough to be on Russia
government's radar.

Big companies already have content distribution networks and server farms all
over the world. And since Russia is hardly the first country to pass such a
law, Google, Microsoft, Amazon and many others have already had algorithms in
place to ensure user data stays local for certain countries.

Now they'll just add Russia to the list.

