Putin’s Spies Want to Know What Russians Do on Tinder and Yandex
(Bloomberg) -- Russia’s largest internet company, Yandex NV, pushed back against government demands to turn over encryption keys that would allow the security services to monitor users’ private data.
While it’s willing to cooperate with investigators seeking information to prevent crime including terrorism in line with Russian law, “this does not require the transfer of keys that are needed for the decryption of all traffic” through its services, the company said Tuesday in a statement. “The law can be enforced without violating the privacy of users’ data.”
Russia’s Federal Security Service asked Yandex to share access to its encryption keys, the RBC newspaper reported Tuesday. Yandex said the legal basis for the request applied to “all mail services, messengers and social networks” in Russia, adding that “we believe it is important to strike a balance between security and user privacy, and to take into account the principles of equal regulation for all market participants.”
Russia’s state communications watchdog, Roskomnadzor, announced that it had added Match Group Inc.’s Tinder dating service to its “register of information-dissemination operators” in a statement Monday. The decision means the company also must share user data in response to requests from law-enforcement, or risk fines and a possible ban on access to the service in Russia for failing to comply.
The measures are the latest steps in a growing crackdown on the internet by Russian authorities, who cite the need to fight terrorism and cyber threats. Critics say the attacks on online privacy are part of Kremlin efforts to deter activism by political opponents amid rising public discontent after years of economic hardship and declining real wages.
Russia passed laws in March allowing fines and jail terms for people who publish material online that shows “clear disrespect” for state officials. The Kremlin has also pushed through measures to establish a “sovereign internet” that would route online traffic mostly through domestic servers and exchanges, something opponents say will enable officials to cut off access to services such as Facebook and Google.
Yandex’s email and cloud-storage services are already part of Roskomnadzor’s register, while a 2016 law required internet service providers and mobile telephone operators to store records of users’ online activities for up to six months. Companies are required to share information with law-enforcement officials upon request including by providing the means to decrypt electronic messages.
“Yandex has already been fulfilling requests from the authorities to provide data on particular individuals,” said Sarkis Darbinyan, a lawyer who heads the Digital Rights Center in Moscow. “Now, the secret services are seeking more - to be able to look into users’ emails and file storages directly. This is not good for Yandex’s reputation and security.”
Russia can fine services that fail to comply with official demands for data or bar access to them. Roskomnadzor ordered LinkedIn blocked in Russia in 2016 for failing to comply with demands to store Russian users’ data on servers within the country.
Tinder confirmed that it sent registration information to Roskomnadzor for inclusion in the registry but that it had not shared data on Russian users with the watchdog, Kommersant reported late Monday, citing a company representative.
©2019 Bloomberg L.P.