Moscow. June 24. “Disaster” “collapse” “collapse” – such verdict of the communications industry heard from her the biggest players in the background taken on Friday in the third final reading amendments to the legislation of the so-called “anti-terrorist package”.
A set of initiatives deputies Irina Yarovaya and Viktor Ozerov is mainly concerned with civil rights, but concerns and interests of the Telecom and Internet businesses, who after the publication of the bill combined forces sounded the alarm.
After the adoption of market players predict not only the growth of prices for communication services, but even the collapse of the banking system”. Even if we assume that industry lobbyists habitually exaggerating the consequences and to share their fears ten, the picture still turns out pretty dark.
Bring your money, otherwise there will be trouble
The amendments adopted in the final version, and require to store the contents of text messages, voice information, image, sound, and video to up to six months. The exact timing and order of storage will be determined by the government. In addition, operators will be required within three years to keep so-called metadata – the facts of reception, transmission, delivery of messages and calls. For Internet companies, this period reduced to one year. The contents of communications and metadata companies are required to provide law enforcement agencies “to carry out these tasks bodies in the cases established by Federal laws.”
Amendment of metadata come into force from 20 July this year, about the content of phone calls and correspondence – from July 1, 2018.
“Storing content would require the cost of several trillion rubles. Storage of information about facts – less, but it also has significant costs, billions of rubles. Now the possibility of storing information about the full facts may only work for voice calls and text messages, storing information about the facts of Internet sessions will require significant investment from operators and has a lot of issues in terms of technical feasibility,” – said the representative of “MegaFon”.
If the operators will incur costs of this level, they will not be able to develop network for subscribers: build a base station, to expand the fixed telephone network, which, given the high growth rate of traffic may result in degradation of voice quality, interruptions in the delivery of sms or inability to access the Internet, said the representative of MTS Dmitry Solodovnikov.
The whole “anti-terrorism package” and amendments to laws “On communications” and “On information, information technologies and about information protection” in particular, was submitted to the Duma on 7 April. It was originally proposed to oblige mobile operators and Internet companies to store the content for three years. Plunged into shock, the industry began to count the cost. The findings were, first, disappointing, and secondly, it is difficult to give analysis.
For example, VimpelCom in April estimated three-year cost of implementing initiatives to 2.2 trillion rubles, which is almost eight times the revenue of the company for 2015. This is the amount the operator has evaluated the storage 705,8 billion minutes of voice calls 39 billion text messages and 8 million 606 thousand 783 terabytes of data.
“MegaFon” was estimated its cost 1.4 trillion rubles (4,5 annual proceeds). Working group “Communication and information technologies” of the expert Council under the government stated in its report that the total costs of the operators and Internet companies on the implementation of the bill will amount to 5.2 trillion rubles, or a third of the revenues of the state budget for 2015.
These were the first alarm bells of the market, followed by the reaction of the officials held meetings with Senator Lyudmila Bokova, and then with Deputy Prime Minister Arkady Dvorkovich, who oversees the government industry.
But the reduction of storage time did not significantly affect the reduction of expenditures. “The main part of the costs associated with the establishment of a system of information gathering and initial costs of the storage system. The reduction of the term only affects the subsequent reduction of system costs”, – said earlier the representative of “VimpelCom”.
Build it, don’t know what
After meeting with Dvorkovich last week, the operators sent him the calculations of the cost of storing content in a day, three days and one month. For the “big three” of the original only the cost of data storage will amount to 156,7 billion. Rostelecom maintenance, storage, and upgrading the network will cost 949 billion a year.
It is noteworthy that in the materials sent to the Deputy Prime Minister, said the absence of technical possibility of storing the content of communication. It turns out that any assessment, regardless of their objectivity, do not account for all possible business expenses.
First, there are no data centers, the required performance, in addition, there is no infrastructure for communication systems with bodies carrying out operational-investigative activities. The last fact does not allow to determine the location and number of data Center storage and order of access and storage structure of the data, according to the materials of the working group “Communication and information technology. MegaFon estimates the amount of expenses for the creation of data-centers in more than 230 billion rubles.
Second, in the market there is a number of solutions for the implementation of the initiative, experts say. This software and hardware required to identify voice traffic and tools for data analysis. Because large amounts of data are now transmitted in encrypted form (e.g., correspondence, messengers), to identify traffic by message type (voice, sound, image, etc.) is impossible.
Vice President, technical Director Mail.ru the Group confirmed during the meeting in the Federation Council noted that the company currently does not use the standard software or devices that use the operators. Accordingly, to meet the requirements of the new bill software and hardware systems of the company need to Refine their own because to buy ready-made solutions impossible.
“The deadlines for the implementation of the software part of the law is years, this was designed FOR 17-18 years. Data centers in such volume does not exist, it years for capital construction. In addition, all of the information that is on the servers of the organizers of the dissemination of information goes through the channels of the operator, it means that the data in fact will be doubled”, – he said.
Not decrypt – disable SWIFT
One of the amendments to the “anti-terrorist” package obliges the organizers of the dissemination of information (ARI) on the Internet to decode the users ‘ messages. The essence of the amendment lies in the fact that at the request of the FSB companies will have to provide the “keys” to encrypted traffic. For refusing to legal entities necessary the penalty from 800 thousand roubles to 1 million roubles. In addition, the document obliges companies to use only certified in Russia the means of encoding and encrypting traffic.
If the first requirement mainly applies to messengers like Telegram and WhatsApp and Internet business (“Yandex”, Mail.ru etc.), then the second will affect all companies providing services via the Internet, such as payment systems, says the curator of the working group “Communication and information technologies” Irina Levova. According to her, most of Finservice use not certified in Russia, the protocols and encryption systems.
The set of organizations that fall under the scope of initiatives is not limited to the above. So, if the amendments will enter into force in its current form, they directly affect the Internet banking services of ticket and accommodation and public services delivery systems, for example, on the website of public services. All of these systems use secure HTTPS, as collect confidential data. The HTTPS Protocol does not allow you to store encryption keys and to embed certified Russian cryptography. Even with access to the private key of the server, it is impossible to recover the session keys used for encryption of transmitted content.
Furthermore, it is widely used in the banking systems of the exchange transaction system SWIFT also does not use the Russian cryptography. “In the case of the adoption of this law communication of Russian banks, including the Central Bank, with foreign banks will be legally banned, which will lead to the collapse of the banking system of the country”, – said in the conclusion to the draft law working group of the expert Council under the government. Banks has not yet commented on their risks from the introduction of this norm, however, if it turns out that they really are, not long to wait: when the Western countries were discussing disconnecting Russia from SWIFT as possible sanctions, the head of VTB Andrey Kostin compared the effect of such a move with complete rupture of diplomatic relations.
The Russian Association for electronic communications (RAEC), in turn, noted that in the majority of encryption standards is not provided for storage of user keys, respectively, without changing the algorithm cannot decode messages. If you try to change the algorithm, there may be cyber security threats to business, citizens and the state, since the establishment of such means of access “is actually a deliberate incorporation of vulnerability into the system”. According to RAEC, this will lead to the possibility of hacking by foreign intelligence agencies that is contrary to the rhetoric of the authors of the bill on the security of cyber systems in the Russian Federation.
Furthermore, even when implemented in a new developed technology, this requirement means the transfer of all passwords and means of access of citizens to their financial and other personal data to the FSB, which violates the Constitution, said in the conclusion of the working group.
Currently, about half of it travels through the network traffic is encrypted. It is expected that in three years its share will be not less than 90%.
Qiwi and “Yandex.Money” I believe that the amendment is not directly related to the exchange of financial information and payment messages.
Recipients of electronic communications in payments systems is always defined, so we do not consider payment systems as organizers of information distribution. All information in payment systems is encoded in order to maintain the necessary level of security and is not intended for use outside the system. In addition, processing and transfer of financial information are regulated by special legislation in the form of relevant Federal laws, regulations and instructions of Bank of Russia”, – said the Director of Qiwi group, corporate relations Konstantin Koltsov.
Quietly to himself, I’m talking
Making amendments to the bill second and third reading, Yarovaya told reporters that in the preparation of the document, meetings were held with operators and experts.
“We believe this approach is a compromise, providing solutions to the law enforcement property and taking into account the interests of providers and operators,” said she.
“Irina Yarovaya didn’t invite us to the discussion of this bill, but we wrote a letter in her name where he pointed out all the risks. Judging by the text of the law, it is our letter completely ignored,” – said the representative of “VimpelCom”.
Representative Mail.ru Group, in turn, also said that the comments of the industry in the adoption of the law was not taken into consideration “At present there is no definitive understanding of how the law is applied in practice. We are under a practical angle once again, study the final version of the bill adopted today by the state Duma, and we believe that will have close interaction with Executive bodies in developing approaches to the procedure for its implementation”, – noted in a press-service of the Internet company.
In “Yandex” reported that by the time the bill has not seen his new amended text, on the website of the state Duma by this time he is not hung.
“Unfortunately, in the process of preparing the bill for hearings in the state Duma a full-fledged bilateral dialogue between the Internet industry and legislators took place, the arguments and proposals of companies, industry and public organizations were not heard and taken into account”, – said the presidential adviser on the Internet, the Chairman of the Council of the Institute of development Internet (IRI) Herman Klimenko.
The analyst of “Opening the Capital” Alexander Vengranovich sure that operators still have to negotiate with the authorities about the law, which will achieve the best conditions for its execution. The analyst of “VTB Capital Ivan Kim in his review and does not rule out the possibility that the law, given the industry lobby, can be canceled.
Large-scale investments in data centers and networks umownej can not just “pull up the economy of the operators, but also to take her to a big zero,” said the representative of “VimpelCom”.
“It is obvious that the bill could lead to a slowdown in network development and to a significant increase in tariffs for communication services”, – he said. About a potential “dramatic price increase” bond said in April, the head of the Ministry Nikolai Nikiforov. On Friday, the press service of the Ministry refused to comment on the adopted amendments.
However, if customers of the Telecom operators have to put up with rising prices and the threat of protection of personal data in the absence of alternatives, users of Internet companies will be able to seek the services of foreign competitors that will not be obliged to store user content, said Gabrielyan informed of Mail.ru.
“In the current version of the bill equal conditions or not, or forcing them to make someone of the players to leave Russia, which has a negative impact on the industry,” warned “Yandex”.
In addition experts believe that the fulfillment of the technical requirements of the initiative will Finance foreign equipment manufacturers. The initiative as a whole will hit small players in the market, for example, broadband operators, said Kim from VTB Capital.
Where we do not
Initiative Spring and Ozerov, according to market participants, is unprecedented in the world.
Currently the EU has a Directive on data retention to determine the type of communication, place and time of Commission and the personal data of its members to investigate crimes. The document directly States that its provisions do not apply to the contents of electronic communications.
“It is important to note that since the adoption of the Directive in 2006 to the present time, its provisions are constantly being challenged. While in Austria, Belgium, Germany, Greece, Sweden, Romania, its norms declared unconstitutional,” reads the report of the working group “Communication and information technology.