
Russia Threatens to Shut Facebook Over Local Data Storage Laws - uyoakaoma
https://www.bloomberg.com/news/articles/2017-09-26/russia-threatens-to-shut-facebook-over-local-data-storage-laws
======
dmoy
This is probably just Russian auditors starting to actually look at big
companies' implementations of 242-FZ. There was precious little guidance given
on exactly what a kosher implementation would be, so devs pms and lawyers just
get together and make a good faith effort at it.

Best guess from me is that auditors are disagreeing with that first round good
faith effort from Facebook.

My guess at the original purpose of 242 fz: This has absolutely nothing to do
with the balkanization of the web, and everything to do with Russian law
enforcement wanting a physical location they can easily roll into with a
warrant. Nothing else really made sense to me at the time.

Source: worked at big company on 242 fz compliance when it was about to hit.

Edit: I remembered the ordering of number-letter incorrectly

~~~
tryingagainbro
_There was precious little guidance given on exactly what a kosher
implementation would be, so devs pms and lawyers just get together and make a
good faith effort at it._

I imagine that in Russia and similar countries, lack of guidance is by design.
If you don't tow the FSB line, don't pay the bribes or if someone else wants
your business, you've broken the law by not implementing federal law zxy52n.

Edit: USA places a gazillion requirements for businesses (especially banks all
over the world) so what Russia is doing is nothing extraordinary, on itself.
They have their own FB so I doubt they'll miss much even if FB was banned
tomorrow.

~~~
trhway
>USA places a gazillion requirements for businesses (especially banks all over
the world) so what Russia is doing is nothing extraordinary, on itself.

i really doubt that you have ever dealt with any Russian legal/compliance/etc
process, be it a personal or a business issue. As i have been there and done
that, i can tell you it is night and day difference between US and Russia
here.

"Nothing personal, just business" \- this is how it works in US, and "Nothing
business, everything is personal" \- this how it works everywhere in Russia.

~~~
im3w1l
I am working in the US, and because of that no bank in my homecountry is
willing to touch me with a 12ft pole. They will literally not allow me to have
an account because FACTA is too much of a bother.

------
guelo
The utopian period of the web is ending. The future web will be much more
balkanized and militarized. In the race between the web's competing
revolutions of democratization of information vs mass surveillance and
control, surveillance and control will win out as linear scaling, distributed,
crowdsourced, democratic power won't be able to keep up with exponential
scaling, centrally controlled, capital intensive, machine learning enhanced,
mass control.

~~~
kogepathic
_> The utopian period of the web is ending. The future web will be much more
balkanized and militarized._

You could say that. I'd flip it around and say "It's amazing the world wide
web has survived intact as long as it did, given the vastly different
political ideologies in the world."

Quite frankly, I consider it a small miracle we're all still using the same
internet that's been around over 20 years.

I absolutely think the future of the internet is regional/national versions of
the internet, with limited/censored connectivity to other regions/nations. If
not for political reasons, then because it's becoming too easy for nations to
conduct devastating attacks on critical infrastructure without ever setting
foot in the target country. [0] [1]

If you're the target of a coordinated cyber attack against your
infrastructure, and the remediation choices are either a complete overhaul of
your infrastructure (on a software and physical level) or disconnection from
the internet, I predict many nations will choose to voluntarily disconnect
themselves from the internet.

[0] [https://www.wired.com/2016/03/inside-cunning-
unprecedented-h...](https://www.wired.com/2016/03/inside-cunning-
unprecedented-hack-ukraines-power-grid/)

[1] [https://www.wired.com/2014/11/countdown-to-zero-day-
stuxnet/](https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/)

~~~
badlocal
Maybe we need several internets, at least if people and organisations insist
on putting their critical infrastructure on there.

A critical one, with infrastructure and balkanisation and an off-switch for
each region, a commercial one for people to do their online shopping and
banking and whatever and an utopian one where information is free and the past
still alive. Maybe the third one should be more hidden. (Just one proposed
division.)

Of course there are several problem here, like how to deal with government
censorship. I just think we should be open and proactive about changing the
basic infastructure so we can keep the cool and still be safe even with all
the cyber going on.

add: Sorry for throwaway, using a public airport computer in the middle east,
don't need it connected to my account.

~~~
awakeasleep
Interesting idea: Can there be multiple "Internets"?

Wouldn't they just be networks, then? There can only be one Internet, because
of the definition of Internet!

"The global computer network providing a variety of information and
communication facilities, consisting of interconnected networks using
standardized communication protocols"

------
slezyr
Ok, I think that FB will comply. They did a lot to be present in China, so
they will do same here.

But I have one simple question: Should be data of Crimean users stored in
Russian or not?

~~~
Strom
One way to soften the political blow of that question would be to store
Crimean user data in Crimea.

~~~
vkou
Given that Crimea is now part of Russia, this would mean storing it in Russia.

~~~
Strom
There are Russian forces in Crimea sure, but so are US forces in South Korea,
or in Afghanistan if you prefer active combat. Doesn't mean they're US
territories.

Most countries see Crimea as part of Ukraine. [1]

\--

[1]
[https://en.wikipedia.org/wiki/United_Nations_General_Assembl...](https://en.wikipedia.org/wiki/United_Nations_General_Assembly_Resolution_68/262)

~~~
Demiurge
What do the people of South Korea, Afghanistan, and Crimea think?

~~~
int_19h
As far as Crimea, it's difficult to say precisely.

They had a referendum in 2014, but that was then, and it was hardly an open
and transparent one (armed Russian soldiers occupying the entire peninsula, no
international observers admitted).

Ideally, we'd need to hold a new fair referendum to find out. The problem is
that even talking about holding one is in violation of the Russian laws on
separatism, punishable by up to 5 years in jail. Conveniently, the
corresponding bill was signed into law at the end of 2013, shortly before
Crimea was annexed. And yes, people have actually been jailed over this.

(Having said that, if there actually was such a fair referendum, I would bet
on them staying in Russia. But the percentages would probably be lower than
last time.)

------
throw2016
There is an inevitability about it. The desire for people to people connection
and a global consciousness was there but most idealists would have realized
it's a fantasy and parochialism and nations states are not going away.

It's easy for us to be blase about it but if it were Russian and Chinese
companies vacuuming up our data and not afraid to share it with their
governments, there would be end of the world hysteria by media, academics and
commentators about 'our freedom', the american way, and how awful these
totalitarian countries were.

Now since its us caught with our pants down with draconian surveillance,
secret courts, secret orders and collaboration with little to no pushback from
the loudest defenders of freedom more interested in posturing and feeling smug
than defending any values they articulate, other countries need to wisen up
and protect their citizens and their interests.

Anything is better than leaving it to US based companies with an insatiable
appetite for user data and vested in spying on everyone all over the internet
with zero constraints or sense of either corporate and individual ethics for
the thousands of engineers involved in this, supported by an of control
unrestrained surveillance culture in government.

------
btilly
This happens the day after Facebook embarrassed Russia and its own stock price
by verifying how Russian advertising accounts were used to manipulate the US
election.

Coincidence?

~~~
Pilfer
No you're wrong on stock price, tech stocks all went down Monday. Google,
Microsoft, Netflix, Nvidia, Facebook, Tesla, all down.

Facebook announced further Russia advertising findings on Sept 21, and on Sept
22 the stock price barely changed. The Russia factor was already priced in on
Friday, before all tech stocks fell on Monday.

~~~
btilly
Tech stocks all went down, FB went down more than the others by quite a bit.

See [https://www.cnbc.com/2017/09/25/facebook-fb-stock-markets-
ey...](https://www.cnbc.com/2017/09/25/facebook-fb-stock-markets-eye-
zuckerberg-share-sales-russia-probe.html) for a sample news story tying the
two together.

------
raquo
Does anyone know how they identify Russian citizens?

~~~
digi_owl
As a first approximation they could be looking at what IP you connect from.
unless it is coming from a known TOR exit point (and famously Facebook even
operates an .onion address) or some VPN, that would give an indication what
nation you reside in.

After that i guess they would look at what data you have given them.

------
dleslie
I have no problem with countries demanding that their citizen's data be stored
within their borders and subject to their laws alone. As a Canadian, I take it
as a given that any data of mine or about me that's stored on American soil is
to be considered as-good-as-public, thanks to their alleged willingness to go
so far as to steal sensitive data and share it with competing American
interests. [0]

0:
[https://google.com/search?hl=en&q=nsa+handed+trade+secrets+t...](https://google.com/search?hl=en&q=nsa+handed+trade+secrets+to+american+company)

~~~
dannyobrien
Out of interest, would you be happy with this if you had no option, and such
storage was obligatory? I.e., to be hypothetical, suppose a resident of Canada
who did not want their personal information kept within Canada because they
were under surveillance from the United States, and they knew that Canada
shared information with the U.S. government. Would you approve of a law that
gave that person no choice in where they stored their personal data?

~~~
ocdtrekkie
Not the parent, but in my view, this wouldn't be significantly different than
the world outside the Internet. A citizen and their possessions are rarely if
ever outside the legal jurisdiction of the nation they are a part of. I do not
see why the Internet should be any different than this.

If there is a problem with the government, the solution needs to be to fix
that government, not try to evade it or operate outside of it.

~~~
dannyobrien
I'm not sure your metaphor works, even as a description of the current state
of affairs. I can send my possessions anywhere I want, and I'm not limited in
where I keep my possessions. We don't generally place bans on moving legal
possessions.

~~~
ocdtrekkie
I don't know if I agree. There are import and export restrictions and most
countries require you declare on a customs form the contents of packages
shipped outside of the country. When you travel, you're expected to bring
anything you take with you back, and declare anything you bring in that you
didn't take out.

In addition, from a more realistic/practical scenario, most physical
possessions are not useful outside of your legal jurisdiction in that you
cannot easily use them yourself.

And there's a significant issue with digital assets (as with money, in fact),
that large companies shift them over international borders in order to evade
the law, that simply doesn't exist in the physical possession space.

For example, I believe it's been accused that some tech companies shift user
data overseas explicitly so that they can then deny fulfilling legal warrants
on the grounds the data is not stored in the same country, or any number of
tax evasion schemes designed to store and transfer money through countries
with favorable tax laws.

~~~
int_19h
Sorry, but that makes no sense at all. I have packed all my things -
truckloads of them - and moved to a different country several times in my
life. It was never an issue, legally speaking.

Yet, because I am still a Russian citizen, this law effectively requires
Facebook to store my personal data on Russian servers. Including such data
that has been generated in the last several years of me living elsewhere
(which is, in fact, all of it - I didn't even have an FB account until I
moved).

How does this make any sense?

------
dreamfactored
This is exactly why interoperable federated social platforms are important and
why they are a better solution than centralised platforms. The future is a
choice between per jurisdiction walled garden monopolies under national
control and multiple interoperable solutions.

------
readhn
I can see both sides here, on one side - CIA/NSA has hands in facebook data,
on the other hand FSB/GRU want same access to this data. This is a battle for
our data, (which we give away "for free").

------
tibarun
That would stop Facebook from interfering in Russian elections.

------
diminish
That's gonna be a deal breaker for global trade if after LinkedIn, FB gets
banned. What remains is Google?

~~~
vkou
LinkedIn and Facebook aren't getting banned. They have the option of complying
with local operating requirements (Store data about Russian residents in
Russia), or not operating.

This is not a particularly draconian, onerous, or unreasonable requirement.
(And is no different from that of the EU, sans safe harbour.) Other tech
companies have been able to meet it.

> Companies ranging from Alphabet Inc.’s Google to Alibaba Group Holding Ltd
> complied

~~~
puzzle
How did Google comply? There are no datacenters in Russia and it shut down the
only engineering office there.

[https://www.theguardian.com/world/2014/dec/12/google-
closes-...](https://www.theguardian.com/world/2014/dec/12/google-closes-
engineering-office-russia)

~~~
vkou
It's always possible to store your data in the Russian equivalent of AWS.
(Even if your web application and its secret sauce is running out of your own
data center.)

~~~
puzzle
I know how Google infrastructure worked up to a couple of years ago, including
user-specific storage. What you describe would be a very large undertaking
across a large number of projects. Due to legal restrictions, Maps has
something ad-hoc just for South Korean tiles, which is a much simpler problem.
Not only it's extremely clumsy, it also adds a lot of limitations:

[https://stackoverflow.com/questions/31568460/google-maps-
sty...](https://stackoverflow.com/questions/31568460/google-maps-style-does-
not-apply-to-the-korea-area)

[https://www.theverge.com/tech/2013/10/13/4835026/why-
google-...](https://www.theverge.com/tech/2013/10/13/4835026/why-google-cant-
give-you-driving-directions-in-south-korea)

------
fiokoden
I say shut it. Dump the difficult governments.

------
Akujin
They want all the data cloned in Russia so that they can spy on Russians and
non Russians alike.

Better to just say good bye to Russia and let them kick dirt.

~~~
thg
> They want all the data cloned in Russia so that they can spy on Russians and
> non Russians alike.

So, the Russian equivalent of what the NSA has been doing the last 20 years?

I find it far more likely that this is a sensible move to protect the data of
Russian citizens from the US, who have shown time and again that they can't be
trusted in these matters.

~~~
int_19h
The difference is that NSA tries to keep things secret, because they knew that
what they were doing is wrong, and that citizens won't like it if it comes
out, it's going to be challenged in courts etc.

In Russia, there's a public law that mandates ISPs to install surveillance
equipment that federal law enforcement agency can use basically at will (for
now, they still need technically warrants, although in practice it's
impossible to enforce; next year, a new law comes into force that removes the
requirement for a warrant). And another public law, which requires ISPs to
block websites according to a list that is maintained by the government.

~~~
Sacho
> it's going to be challenged in courts etc

How are those challenges going? Any courts out there overruling FISC?

> In Russia, there's a public law that mandates ISPs to install surveillance
> equipment that federal law enforcement agency can use basically at will

It's public law that created FISC(FISA @ 1978) and it's public law(Patriot
Act, third party doctrine) that gave them the power to authorize the NSA's
surveillance.

~~~
int_19h
Well, last time this came up, we did get legislation that did _something_. Not
anywhere as much as it should have, but there's that, at least.

Ditto FISC - it might be rubber-stamped warrants, but at least there's a
warrant, by an actual judge.

The practical degree of Internet surveillance, and, \- especially! -
censorship is still vastly lower in US than it is in Russia.

