Everything associated with the violation of the secrecy of messages and information, today provokes a painful reaction, as it happened around the recent requirements of the FSB on access to encryption keys “Yandex Mail and Yandex. Disk”. Here we can recall the recent scandal with the attempt to block “Telegram” caused by the failure of Pavel Durov to provide the same encryption keys and the lock LinkedIn, and a ban on anonymizers, and the controversy surrounding the notorious “Spring law”, the law on anonymizers and VPN services.
Sometimes discussions on the law of the state for invasion of privacy premised on the assumption that the “crackdown” in the virtual sphere is a purely Russian or “Eurasian” phenomenon. However, the contradiction between the needs of law enforcement agencies and civil rights of the population exists in Western countries, many of the problems discussed today in Russia, the West is already passed stage. Therefore, it is useful to ask: how other countries have regulated privacy online and law enforcement?
The emergence of personal computers, the Internet and mobile phones revolutionized the communication security. Before the interception of the “black clinics” letters, telegrams interception, the wiretap concerned a very small number of people. This was done by the state in the fight with another friend (espionage/counter-espionage) or to track criminals. In the West, the violation of the secrecy of messages occurred by decision of a court in respect of individuals or in accordance with the laws on intelligence and national security, when it was about intelligence. In the Soviet Union also formally required the consent of the Prosecutor. While for most people the problem of classification was irrelevant.
Today the amount of data transferred has increased dramatically and the dependence on electronic means of communication are dramatically increased. Only existing mobile phones in the world are of 4.68 billion, that is, they enjoyed 63% of the population. In Russia, this figure exceeds 70%. Almost every person is linked to a virtual credit card, retirement account, all kinds of public and commercial services. In turn, the smartphone provides access to almost complete information about its holder: Finance, health, personal life and so on. No wonder so much effort is spent on the need to zaparkowania devices and accounts. Unauthorized access can mean for a human catastrophe.
The first attempt to control the rapidly developing mobile communications sector in the USA began in 1993, the initiative of the national security Agency (NSA) about the installation of all cell phones so-called “clipper chip” — a device that allows to freely listen to all conversations. But this initiative (who came during the Clinton administration) caused a sharp reaction to both businesses and the public. Companies from hi-tech argued that, first, American phones will inevitably lose in the world market to their foreign competitors, because they will be perceived by buyers as less safe. Secondly, the installation of clipper chips will raise the price of their cost. Thirdly, the technology was unreliable, prone to breaking and could be used by attackers for listening to the users. Fourth, the idea of a priori control was at odds with the tradition of civil rights and liberties. Fifth, rapidly developing encryption software such as PGP, which made chips are out of date. As a result, in 1996 the authorities have refused plans for the installation of clipper chips.
In the same 1996, the court concluded the investigation against the Creator of PGP Phil Zimmermann. The US government accused him of violating the law… on arms exports. The fact that by then the American rules of cryptographic systems with keys more than 40 bits was considered as a military technology. And Zimmermann was initially distributed worldwide PGP with 128 bit key as free software. The trial lasted several years and eventually ended with the fact that the government made concessions. The charges against Zimmermann were dropped, considerably liberalized export rules. American business managed to convince the authorities that the preservation of rigid rules is counterproductive in the context of global competition when firms from other countries will be able to offer more for consumers ‘ decisions, without being bound to such a control system.
In 2014 the US Supreme court decided in the case of “Riley versus California,” that without a court order the police can not view the contents of a mobile phone from the detainee. This decision created another legal barrier to attempts by the authorities in private correspondence.
In 2016 an important stage in the relations between the state and business in the digital sphere was the confrontation between Apple and FBI. The last demanded from the company help in unlocking the iPhone one of the terrorists, zameshennogo in mass murder, which filed a lawsuit in Federal court. Apple through its head Tim cook announced that the United States Government demanded that Apple has taken the unprecedented step of threatening the safety of our consumers. We do not agree with this requirement, which goes far beyond the scope of this lawsuit. The public debate, and we want our clients and people across the country understand what’s at stake.” In other words, the company did not want to create precedent when the government makes it their own hands to create the conditions for security violations users.
The FBI offered a compromise: Apple reveals the iPhone, reports the information from it, but not to share with power tools and can immediately destroy. But the company didn’t go for it. In the end, the FBI itself has withdrawn the claim from court, using the services of a hired hacker who hacked the iPhone.
Following the confrontation, the FBI and Apple senators Richard Burr and Diann Feinstein, Republican and democratic leaders of the intelligence Committee, introduced a bill which provided that producers of programs provide an opportunity for intelligence to listen to and review correspondence and conversations. But the document has drawn so many objections and criticism that didn’t even get to the introduction.
Such offers are repeated regularly, because the same FBI are faced with the fact that only in 2017 7775 devices was possible for him because of zashifrovannoe. However, forcing a priori to cooperate with the secret services of the company law in the United States is still there, and it is unlikely he will appear. When talking about the need for access to encrypted information, the FBI or other authorities must apply to court if they in every case are unable to agree otherwise. Note that it is not necessary to mix the above-mentioned precedents and the NSA program monitoring the global virtual space, which breaks up a correspondence all over the world — then intelligence operates outside U.S. borders.
As for proxy and VPN services, in USA there is no ban on their use, the duties of companies that provide their services to block access to forbidden sites. It is believed that the responsibility for the use of the programs is not on the manufacturer, but only on those who use them.
In Russia, with its traditionally weak position of the society and businesses in dialogue with the government bias towards the interests of power are obvious. The American example shows that a situation in which no a priori willingness to fulfill the wishes of the government companies does not weaken nor national security, nor power, nor economic development. Exactly equal dialogue on three sides helps to find the required optimum. In the meantime, it seems that the appeal of Pavel Durov to the staff of “Yandex” to move his team will remain topical for a long time — with all the consequences, at least with imaging, consequences for Russian high-tech business.
the editorial Board recommends
“Yandex” reported on the requirement of the FSB to hand over the keys to decrypt the messages
Read more •••