FSB to give internet messengers 10 days to hand over encryption keys

FSB to give internet messengers 10 days to hand over encryption keys
Russia’s Federal Security Service (FSB) has ordered data exchange services such as internet messengers to give up the encryption keys for their clients’ correspondence within 10 days of receiving an official request.

The document published on the Russian government’s official web portal on Thursday expands the earlier order for all “organizers of information distribution on the internet network” to present encryption keys if requested by the relevant FSB directorate. 

The order was issued after earlier this month Russia’s Supreme Court demanded that popular messenger and blogging platform Telegram hand over encryption keys to its clients’ traffic to the FSB without court warrants.

As they announced the ruling, judges reiterated that the constitutional right to secrecy of correspondence should not be extended to internet messages, as there was no way to ensure that the staff of internet companies had no access to user data.

Soon after the Supreme Court ruling, Russian internet watchdog Roskomnadzor officially warned Telegram that unless it complied with the FSB and the court’s orders, it could be blocked from working in Russia.

Telegram founder Pavel Durov replied with a tweet stating that threats would not work and that the company would always advocate freedom and privacy.

On Thursday, nine days after the court order and the Roskomnadzor warning, the Telegram app went down for users across Europe, the Middle East and Russia. Telegram managers blamed “connection issues” for the crash and said that they hoped to resolve it promptly.

Russia introduced the law regulating data exchange between security services and internet companies in July 2016, in response to the 2015 bombing of a Russian passenger jet in Egypt and the terrorist attacks in Paris. Among other things, it requires communications companies to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data. Non-compliance could cost companies between 800,000 and 1 million rubles ($14,000 – $17,500) in fines.

Follow news the mainstream media ignores: Like RT’s Facebook