Encryption keys can give access to passwords for users of the entire Yandex ecosystem. For a similar failure blocked Telegram.
A few months ago, the FSB demanded that Yandex provide the keys for decrypting data from users of Yandex.Mail and Yandex.Disk. About this RBC told a source in the IT market and a source close to the “Yandex”.
- Despite the requirement of the FSB, the interlocutors of RBC said that Yandex did not provide the keys to the special services. The publication clarified that according to the law it is given for ten days;
- According to the “law on bloggers” and “the law of Spring,” organizers of information dissemination (ORI), which are Yandex.Mail and Yandex.Disk services, must keep data on all actions of service participants for six months. From July 20, 2016, the Center for Operational and Technical Events of the FSB may require any service from the ARI registry to transmit this information;
- A spokesman for Yandex told RBC, like TJ, that the company “works in full compliance with current legislation.” The company refused to answer questions about whether Yandex really received a request from the FSB to provide encryption keys and did not transfer them;
- Former developer of The Tor Project Leonid Evdokimov explained to RBC that keys encrypt not only messages, but also metadata: who, when and from which IP address logged in, logins and passwords. The keys also allow analyzing user behavior (for example, who downloaded what data through the “Disk”);
- According to a source close to Yandex, the company is concerned about the issue of competition: cooperation with the FSB can lead to an outflow of users, loss of market share and substantial monetary losses. The interlocutor of RBC clarified that the FSB does not force such companies to cooperate with foreign companies (for example, Google), therefore, Yandex sees a threat to its competitive position ”;
- If the FSB drafts a protocol on administrative violation, and the court finds “Yandex” guilty under article 13.31 of the CAO “Failure to perform the duties of organizing the dissemination of information on the Internet,” then the company can be fined up to one million rubles;
- If “Yandex” does not provide encryption keys after the fine, Roskomnadzor can issue an order to the company to eliminate the violation, the execution of which is given for at least 15 days, says partner of the “Digital Rights Center” Sarkis Darbinyan. According to him,theoretically Roskomnadzor can block Yandex services through court. He clarified that such a scheme was used when blocking Telegram;
- But Darbinyan also doubts that Roskomnadzor will permanently block Yandex services. He believes that the regulator may temporarily restrict access to services to “deter”, which will lead to large losses for the company;
In the opinion of the OSINT Miracles telegram channel, the FSB demand recalls “the demand of a person who was first given the keys to an apartment, and then he said that the door must always be kept open”. The author believes that “Yandex” and so gives any data at the request of special services and vessels.
As Roskomnadzor tried to block Telegram:
- In June 2017, Telegram was included in the ARI register, according to which the authorities have the right to demand the transfer of encryption keys to special services;
- In October 2017, the court fined Telegram 800 thousand rubles for refusing to hand over the keys to the FSB to decode the user’s correspondence according to the “Spring Package”;
- March 20, 2018 Roskomnadzor gave Telegram 15 days to hand over the keys;
- In April 2018, the court blocked Telegram in Russia due to the messenger’s refusal to provide the FSB with keys;
- After that, Roskomnadzor blocked more than 650,000 IP addresses of Amazon and about a million Google addresses, explaining that companies allow using their addresses to bypass blockages in Russia.