• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy
  • Home
  • About
  • Public Law & Regulation
  • AI
  • Posts

LoupedIn

Russia’s proposed bill banning encryption protocols raises red flags

Published on October 28, 2020 by Anna Botvinkina

Russia’s proposed bill banning encryption protocols raises red flags


Russia’s Ministry of Digital Development, Communications and Mass Media proposes to ban the use of encryption protocols. The bill was published in late September and is in the public-discussion stage. The proposed law in its current form raises huge concerns about how to comply and at the same time provide the level of online security that businesses and consumers expect.

Background

The Ministry claims that encryption hides the name of a web page, making it much more difficult to track down resources on the Internet that contain otherwise restricted or prohibited information.

The note to the bill explains that the ban concerns the cryptographic algorithms and encryption methods TLS 1.3, ESNI, DNS over HTTPSm and DNS over TLS. If a website violates the ban it will be blocked within a business day after the violation is discovered.

It would seem that the new bill was created to make it easier for Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor) to block resources with prohibited content on the Russian-language internet, Runet. When Roskomnadzor’s blocking system was just beginning to work in Russia, it was assumed that filtering would work just by URL – that is, on the addresses of individual pages on Internet sites. However, the world has switched to HTTPS (a safer version of HTTP), and it is therefore impossible to block individual pages of sites using HTTPS by URL.

Unintended and other consequences

The state’s purpose is clear but seems to overlook online security. Cryptographic protocols ensure the security of the transmission, processing, and storage of information on the Internet. Encryption protocols are used by most large companies to ensure the security and confidentiality of their information. If the bill comes into force, all such websites will become illegal.

Furthermore, since it is impossible to selectively block websites with encryption protocols, precisely because of that encryption, Roskomnadzor would therefore have to block entire subnets of hosting providers. Entire ranges of IP addresses of Amazon Web Services, Digital Ocean, and Cloudflare will be at risk of being blocked. This was the case when Russia tried to block Telegram several years ago.

At the moment, the Ministry is not offering any alternatives for the safe use of the Internet. Currently websites that do not support the encryption protocols are marked as unreliable on all key Internet browsers. It is unclear, for example, how websites that must ensure the security of payment transactions are supposed to operate without encryption. Without these protocols, all personal data, credit card data, and transactions would be visible to third parties.

The Russian Union of Industrialists and Entrepreneurs (RSPP) has also reacted, warning that a ban on protocols will have negative consequences on domestic businesses. While DoH and DoT encryption protocols are gaining popularity around the world, as a result of the new law, domestic Internet companies would be deprived of the advantages that encryption protocols provide, which means that their competitive opportunities and export potential will decline.

Hopefully further time and attention will be focused on these issues with a view to resolving them before the bill is passed into law.

About the author(s)

Photo of Anna Botvinkina
Anna Botvinkina
View Anna's profile

Anna Botvinkina is a legal intern in Gowling WLG's Moscow office.

Anna provides legal support on various intellectual property and unfair competition matters.

    This author does not have any more posts.

Anna Botvinkina

Anna Botvinkina is a legal intern in Gowling WLG's Moscow office. Anna provides legal support on various intellectual property and unfair competition matters.

Filed Under: AI Tagged With: Artificial Intelligence (AI), Russia

Views expressed in this blog do not necessarily reflect those of Gowling WLG.

NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.

Primary Sidebar

Recent Posts

  • Heading back to prosperity – A green light for UK office developments
  • European Data Protection Board issues draft guidelines for data breach notifications
  • Restriction on Public Sector Exit Payments revoked (for now)

Footer

LoupedIn is the Official Gowling WLG Blog. Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy

Gowling WLG 2020

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT