Russia:  Transborder Data Flows

    Data, above all, from an individual, business or country perspective must be kept safe and error free.  It is with this security in mind that the Russian Federation has tried to find ways to control possible illegal elements from tampering, stealing or otherwise disrupting the flow of communications and information within its borders and to/from abroad.  However, through the laws and policy initiatives taken recently by the Putin government and KGB successor, the FSB, an increasingly heavy handed approach to information security in the Russian federation has created an atmosphere in the IT landscape siding alarmingly close to authoritarian control.  As the Chechen war drags on, acts of terrorism from home and abroad hit the capital and worldwide hacker attacks upset computer security, the Russian executive and legislative branches have found it all too convenient to find ways to curb free and private information in the country's networks under the guise of security and protection.  The world is watching to see how this very important country and its economy will continue to develop.  The proposition by many that the tide is turning back to state control has been warranted with some very worrisome examples.

    The Internet has changed the way people communicate and business is done worldwide.  However, it also opens up problems in the rule of law for information and communication not bound by the confines of territorial borders and national laws.  Unfortunately, Russia seems to be moving in the direction of national security at the loss of individual freedom.  The project called SORM (System of Operative/Investigative Authority) was a quasi-transparent government initiative felt by many as a step backward to the old Soviet system of personal monitoring by state agencies.  This system equipped all chosen networks with a monitor connected to a high speed fibre-optic link to the FSB's headquarters.  It is interesting the government chose this as one of the foundations for fiber optic usage in the government communications networks.

    SORM has been implemented, without much general knowledge as to its use and scope, into telephone, cellular and internet networks in the early 90's as a means to identify and track potential criminal activities on these networks.  This system can keep track of any person using the networks on which it is placed.  Additionally, SORM had no real oversight, and warrants were not needed for its implementation and use.  SORM amounted to state sponsored eavesdropping on e-commerce, Internet traffic and e-mail.  It was imposed on the network owners and operators at their own cost for fear of losing their operating licenses.  Although, this system did stop short of country wide firewalls as imposed by other countries like China and Cuba, human rights activists say concerns about privacy and civil rights are in jeopardy as there is nothing to prevent this system from degenerating from law enforcement into political blackmail and commercial espionage.  In a country with a history like Russia's, it is no wonder many fear the worst.  To be fair, however, many other countries such as the US with the FBI's Carnivore system have faced similar charges of human rights infringement by network eavesdropping measures aimed to stop the proliferation of computer crimes.

    Another method for controlling communications and data flows is the ongoing controversy over the major news agencies in Russia.  There are currently three major television news stations in Russia, ORT, NTV and RTR.  As of today, only NTV is still privately controlled, but is not far from being taken over by the Russian state's dominated natural gas monopoly Gazprom.  The fight between President Putin and the current owner Mr. Gusinsky looks more like political infighting rather than business interests.  If NTV falls to Gazprom, the state could wield strong control over the flow of mass media production of the news.  Again, very reminiscent of the Soviet methods of control.

    Also problematic in today's technological society is how to control the methods invented for data security, namely encryption.  Russia has mandated strict import and export controls on encryption products of all kinds, i.e.. software, hardware or other.  This includes those sent via communications networks like the Web or satellite.  The point is to ensure the government can keep one step ahead of criminal groups using these techniques to circumvent law enforcement.  In Russia it is mandatory for any individual or entity importing or exporting encryption products to obtain a license to do so.  Failure to obtain a license may result in fines ranging from 100-300% of the value of the product, as well as confiscation of the product or technology itself.  These licenses are distributed by FAPSI, the Federal Agency of Governmental Communications and Information.  In addition to encryption products, FAPSI governs licensing for protected technical means of communications, processing and storage of secret information.  Since these products are especially important to organizations such as banks and other organizations that require data security, there are obvious concerns to Russian and foreign entities who use such data security measures.  It may even be such a source of concern they may choose not to enter into business in Russia.

    Where should the line be drawn between security and privacy?  If you ask any individual, business or sovereign country, most likely there will be very different answers.  Additionally, these answers are not clear cut or well defined in today's rapidly moving IT world.  They potentially represent the erosion of the state's ability to control the flow of sensitive or criminal information within and across countries' borders.  In Russia, they are siding toward stronger state control.  Too much more and all FDI and international business may stop in this emerging economy.
 

Back to Table of Contents