Skip to main content
FSB head Alexander Bortnikov and State Duma deputy Irina Yarovaya, one of the architects of Russia’s draconian new “anti-terrorist” laws.
news

How do Russian federal agents plan to implement sweeping new ‘anti-terrorist’ laws? (Spoiler: nobody knows.)

Source: Meduza
FSB head Alexander Bortnikov and State Duma deputy Irina Yarovaya, one of the architects of Russia’s draconian new “anti-terrorist” laws.
FSB head Alexander Bortnikov and State Duma deputy Irina Yarovaya, one of the architects of Russia’s draconian new “anti-terrorist” laws.
Photo: Anna Isakova / State Duma press service / TASS

July 20 marked the deadline set by Vladimir Putin for Russia’s Federal Security Service (FSB) to implement the country’s new “anti-terrorist” laws, which, spearheaded by Duma deputy Irina Yarovaya, grant the government sweeping new powers to combat terrorism and extremism. In addition to requiring telecommunications operators to store all telephone conversations and Internet correspondence for the government’s disposal, the legislation also gives the Russian authorities the tools to break through encryption. By June 20, the FSB was supposed to clarify procedures for certifying encryption technologies and determine the technical means by which it will obtain encryption keys. In failed in both respects, running out of time in the first instance and learning that the second task is currently impossible. Meduza looks at what the FSB has and hasn’t managed to do, since Putin signed these new laws.

Vladimir Putin signed the new “anti-terrorist” laws on July 7. The document greatly amended existing Russian laws, especially with regard to Internet governance.

Among other things, the new law introduced two new offenses and fines:

  • A maximum fine of 300,000 rubles ($4,700) for the use of non-certified encryption processes by legal entities when transmitting data over the Internet, and
  • A maximum fine of 1 million rubles (almost $16,000), in the event that a legal entity fails to provide authorities with information “necessary for decoding received, sent, delivered, and/or processed electronic messages.”

On the day he signed Yarovaya’s law, Putin gave the FSB two orders:

  • Create a procedure for certifying encryption technologies for the transmission of data on the Internet and determine the list of qualifications necessary for certification; and
  • Find a way for the FSB to acquire encryption keys.

Putin gave the FSB two weeks to fulfill these orders, setting a deadline of July 20.

The only document that the FSB published in connection with Putin’s orders is dated July 18. Regarding the first order, the FSB says the legislation already exists and stipulates that only those encryption technologies used in the transmission of secret government information must be certified, which means that Internet companies not involved in the transfer of state secret data need not be concerned about certificating their encryption technologies.

The FSB has made no mention of the second order and, judging by the July-18 document, simply chose to ignore it. Up to this point, there have still been no clarifications as to how exactly the FSB intends to acquire encryption keys.

Prior to the law’s ratification, representatives from major Internet companies claimed that fulfilling its requirements would be impossible, as specific Internet protocols (such as HTTPS), stores keys for a single session, which ensures that these keys will not be available for transfer to the FSB.