Russia mulls limitations on internet exchange points over fears of US eavesdropping

Russia mulls limitations on internet exchange points over fears of US eavesdropping
The Russian government plans to take steps to minimize the flow of internet traffic through foreign-based exchange points in order to prevent sensitive data from falling into the hands of US intelligence agencies, Vedomosti newspaper reports.

Vedomosti quoted unnamed sources in the Russian government and presidential administration as saying there are plans to prevent internet service providers and communications companies from channeling web traffic from Russia through foreign-based internet exchange points (IXPs).

The main reason according to the sources is the danger that sensitive data could be decoded and studied by US intelligence agencies such as the National Security Administration (NSA), which has several centers for electronic surveillance throughout Europe.

Though US intelligence agencies may state that the objectives of surveillance involve fighting terrorism and other forms of extremism, it is still possible that in the process they also obtain information concerning bank transfers, official correspondences, and other sensitive data from Russian officials, the sources say. 

Representatives of major Russian telecom companies said that only about 20 percent of internet traffic in the country was conducted through foreign IXPs, adding that the main reason for this is cost cutting.

The Vedomosti article appeared after the Russian Communications Ministry published a draft law in mid-August that it intends to send to the Lower House after discussion with government experts. If passed, operators would have to direct Russian web traffic through Russian-based IXPs listed in a special state register. The bill would also set a 20-percent limit on foreign shares in companies that own Russian IXPs, as well as requiring IXPs to keep data logs for at least three years.

If passed, the bill would come into force on July 1, 2018.

The draft law is also in line with a broader package of internet laws usually known in the media as the Yarovaya bills, named after its main sponsor, Lower House MP Irina Yarovaya (United Russia). This set of laws, signed by Russian President Vladimir Putin in July 2016, contains provisions requiring communications companies, including internet providers, to retain their clients’ data for three years (one year for messengers and social networks), and also to keep records of phone calls, messages, and transferred files for six months. Communications companies are also required to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data or face large fines.

After the bill was signed into law, MP Yarovaya told reporters that it had been developed to protect the personal data of Russian citizens from foreign interference, including the “global digital domination of the United States.” She also said that the law would allow Russian companies to create their own technology to protect information from foreign access.