Russia's 'Big Brother' data law now in force: Kremlin spies are the big winners

To help Russian security services, providers will now have to keep customers' texts, calls, and chat logs in full.
Written by David Meyer, Contributor

Video -- Burden or opportunity? How do businesses see new EU data-privacy regulation.

Russia's big data-retention law came into force on Sunday, forcing telecom providers in the country to store details of people's communications for the benefit of the Russian intelligence services.

The surveillance regime goes beyond the data-retention laws that have been introduced in some European countries, such as the UK's Investigatory Powers Act, because it covers the contents of communications, as well as the metadata about who was contacting whom, and when.

The law is part of a legislative package known as the 'Yarovaya laws', because they were partly written by conservative legislator Irina Yarovaya.

President Vladimir Putin signed the legislation in mid-2016, ignoring the advice of Edward Snowden, who argued that the move "will take money and liberty from every Russian without improving safety".

The "money" part of that warning refers to the cost to communications providers of storing all this data. Under the new rules, operators have to store customers' text messages, phone calls and chat activity for six months.

Part of the new law, demanding the storage of "heavy" internet traffic for the same periods, will only go into force at the start of October. In the meantime, online communications providers are still supposed to store users' messages for 30 days.

According to Russian news service TASS, mobile operator Megafon has estimated that the requirements will cost it between $557m and $636m over the next five years. Rivals MTS and VimpelCom estimate implementation costs of $955m and $716m respectively over the same period.

The operators have not been helped by the government's decision to only provide details of its requirements for online companies last week, all of three days before the Yarovaya laws came into effect.

The mandate only applies to companies on a "register of information disseminators", which so far includes Russian companies such as Yandex, Vkontakte, and Mail.ru, but not foreign firms like Facebook and Google.

Civil-rights groups are warning that the new laws will make people less secure, due to the possibility of all this stored information falling into the wrong hands.

"I'm certain that sooner or later these databases will be hacked or leaked and the data sold on the black market," Artyom Kozlyuk, the director of the Roskomsvoboda digital rights group, told the Moscow Times.

Meanwhile, the publication added, the Agora human rights group said the Big Brother law would make it easier for the authorities to silence political activists.


The new Russian law covers the contents of communications, as well as the metadata about who was contacting whom, and when.

Image: Andrey Nikitin, Getty Images

Previous and related coverage

Google, Amazon drawn into Telegram ban as Russia blocks millions of IP addresses

Russia's quest to stop encrypted messaging app Telegram also blocks thousands of Amazon, Google addresses.

FBI to all router users: Reboot now to neuter Russia's VPNFilter malware

The FBI is recommending that all small business and home router owners reboot devices, even if they're not among the brands known to be affected.

Security warning: Don't use Russian antivirus on secret government systems, says cyber-agency

As NCSC warns on Russian antivirus, Barclays Bank ends its offer of free Kaspersky Lab security software for customers.

NSA whistleblower Snowden: VPN ban makes Russia 'less safe and less free'

Vladimir Putin's decision to ban virtual private networks has drawn criticism from NSA whistleblower Edward Snowden.

Russia experiments with using blockchain tech for land registry

Pilot project uses blockchain in Moscow.

Editorial standards