Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime * TorrentFreak
Putin has signed new laws that will decimate online anonymity by denying access to online services pending state-approved user ID checks.
torrentfreak.com
Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime
today by Andy Maxwell
HOME > TECHNOLOGY > DIGITAL FREEDOM >
President Putin has signed off on legal amendments that threaten to destroy online anonymity, crush free speech, and stifle innovation. Starting this year, internet platforms must verify new users' identities via state-approved systems, before granting access. VPN circumvention advice will constitute a crime, certain Gmail use will be banned, and non-state-approved hosting companies will be rendered illegal.
Since its invasion of Ukraine in February, Russian Members of Parliament and lawmakers have taken turns to see who can come up with the most aggressive anti-Western legislative proposals.
Suitably dressed-up in anti-American, anti-European rhetoric, plans to let everyone in Russia pirate Western content came early. While obvious to everyone else right from the beginning, the proposals were fundamentally flawed.
If Russians were allowed to gorge on free, high-quality foreign content, incentives to pay for Russian content would find themselves all but eliminated. Not only do local creators rely on that revenue for food and clothing, it also helps to prevent the collapse of Russia’s own entertainment sector.
Other plans, involving everything from state licensing of pirate platforms to the unblocking of previously blocked pirate sites, would’ve been comical had it not been for the death and destruction wreaked in Ukraine. And then there were those crazy stories about Russia’s ‘Sovereign RuNet’ initiative, which would see Russia’s corner of the internet placed behind a giant firewall, where it would thrive within the confines of a utopian closed ecosystem completely isolated from the rest of the world.
Draconian Plans Aren’t Speculative – They’re Becoming Law
While Russia hasn’t been able to cut itself off from civilization just yet, it can make people, companies, and investors leave of their own free will. By rendering its corner of the internet a hostile environment where free speech is a thing of the past, it raises the prospect of internet entrepreneurs walking in lockstep with the government, choosing another line of business, or leaving Russia altogether.Citizens, meanwhile, will need identification to enjoy whatever remains.
Dated July 31, 2023, and approved by President Putin himself, Federal Law No. 406-FZ (On Amendments to the Federal Law ‘On Information, Information Technologies and Information Protection’ and the Federal Law “On Communications”) reads like a dystopian nightmare laying the foundations for worse to come.
Registering on Russian internet platforms using foreign email systems such as Gmail or Apple will soon be prohibited. That’s just a prelude to further restrictions coming into force in the weeks before Christmas 2023.
No Anonymity, No Privacy
Starting December, Russian online platforms will be required by law to verify the identities of new users before providing access to services. That won’t be a simple case of sending a confirmation link to a Russian-operated email account either.Platforms will only be authorized to provide services to users who are able to prove exactly who they are through the use of government-approved verification mechanisms.
For instance, users who already have a mobile phone subscriber number, obtained through another official process established by the government, will be able to enter into an identification agreement with the operator of an online service/website. Once cleared, the user will be able to use the service, safe in the knowledge that whatever they say on the platform is traceable to their home address.
Another option for site owners is to verify users through a federal platform known as the Unified System of Identification and Authentication. A law passed in December 2022 relates to the use of the Unified System and the identification and authentication of citizens’ identities using biometric data.
The final option is to use an authorization system operated by a third-party platform already in compliance with government rules and regulations. Those rules go beyond the technical capabilities of the service; the platform must be owned by a Russian citizen who does not have citizenship of any other country, and is not controlled by anyone who fails to meet the same standards.
VPNs Still Not Outlawed But Talk of Circumvention is a Crime
Despite the draconian nature of the above, Russia still isn’t imposing an outright ban on VPN providers and similar services, but does appear to be using familiar tactics.After imposing obligations most mainstream providers found intolerable, including registration with the state, only compliant VPN companies remain in Russia today. No evidence has been produced to show they have been compromised but at this point, believing otherwise could amount to playing Russian Roulette with the authorities.
Instead, posting information online that amounts to advice on how to use VPNs, Tor, and similar tools, for circumvention purposes, will be considered a crime. On top, regular hosting providers will be subjected to state registration and new obligations along similar lines to those imposed on VPN providers.
Hosting Companies Must Obtain State Approval
The new legal amendments effectively regulate the business of “providing computing power” for the purposes of the “placement of information” on a system “permanently connected to the internet.”The obligations placed upon operating companies by the state are numerous and the new amendments make no attempt to hide that compliance with the state on security matters is mandatory. Authorized ‘state bodies’ carrying out investigative activities or those related to the security of Russia may require use of “computing power” and hosting companies will be expected to prevent any disclosure of those activities.
As mentioned earlier, before hosting companies are permitted to provide services to users, they will be required to positively identify potential customers using government-approved mechanisms. However, that can only take place when hosting companies themselves receive government permission to conduct business. That appears to involve the shouldering of considerable liability for whatever appears on their platforms.
Registration and Compliance
It’s envisioned that the government will appoint an entity to form and maintain a register of hosting companies. Once on the register and with permission to operate (deadline February 1, 2024), hosting companies and online services will be provided with a list of activities, content types, and certain behaviors prohibited by the state.Platform operators will be required to implement measures to “eliminate the identified violations” and then report the outcome to the authorities. Failure to do so will mean exclusion from the register and with that, the ability to conduct business in Russia.
To even qualify for potential placement on the register, hosting companies must be Russian legal entities, under the control of a Russian citizen who doesn’t have citizenship in another country. By September 2024, state entities may only use “computing power” available from companies with a listing on the register while the use of “information systems” and software owned by foreign legal entities or citizens, will be prohibited.
Similar Russian ownership rules will also apply to news aggregator platforms, which will operate under the ultimate control of the Russian government, with known implications for the freedom of the press.
Federal Law No. 406-FZ is available here (pdf)
