Last year we noted how Russia had introduced a new surveillance bill promising to deliver greater security to the country. Of course, like in so many countries, the bill actually did the exact opposite -- not only mandating new encryption backdoors, but also imposing harsh new data-retention requirements on ISPs and VPN providers. As a result, some VPN providers like Private Internet Access wound up leaving the country after finding their entire function eroded and having some of their servers seized.
This year, Russia hopes to deliver the killing blow to the use of VPNs and other privacy-protection tools.
The Duma's (the lower house of the Russian parliament) Information and Technology Committee has approved controversial draft legislation that would ban anonymity on messenger apps entirely. It's part of a crackdown on anonymous journalists that have (stop us if this sounds familiar) been leaking details on many of the sordid occurrences inside the often-corrupt Russian political machinery. Expected to take effect in 2018, the new law would require messenger users to verify their identities using their phone numbers, with Russian mobile phone operators expected to assist the government with this effort.
In concert, a bill has been submitted attempting to effectively ban VPN use entirely. In Russia, broadband users have increasingly turned to VPNs to avoid the growing-list of censored websites. To help thwart such usage, the bill would not only impose steep fines on VPN providers that don't agree to block blacklisted websites, but would require ISPs terminate these companies connection to the internet should they not comply:
"As it stands, the bill requires local telecoms watchdog Rozcomnadzor to keep a list of banned domains while identifying sites, services, and software that provide access to them. Once the bypassing services are identified, Rozcomnadzor will send a notice to their hosts, giving them a 72-hour deadline to reveal the identities of their operators.
After this stage is complete, the host will be given another three days to order the people running the circumvention-capable service to stop providing access to banned domains. If the service operator fails to comply within 30 days, all Internet service providers will be required to block access to the service and its web presence, if it has one."
In short: help us censor the internet or you won't be allowed to do business in Russia. 100 VPN providers are already blocked in Russia for one reason or another, and Opera scaled back its Russian operations last November after Russian telecom regulator Roskomnadzor pressured it to include website filtering in the integrated VPN (now included in its Opera browser for free). The bill would also levy additional penalties on Russian search engines, forcing them to remove all links to sites Rozcomnadzor determines to be ban-worthy.
Like countless similar efforts across numerous countries, this is all framed as an utterly necessary step to thwart piracy, combat extremism and ensure the safety and security of the Russian people. But as with comparable proposals in the States and elsewhere, these proposals undermine encryption and essential security and privacy tools, making the general public notably less secure. They're also an expensive game of Whack-a-Mole as users looking for privacy simply flee to services like Tor or Zeronet, ensuring these services will be the demonized bogeymen of tomorrow.