Sunday, November 27, 2011

The Russian Internet (Runet) Becomes More Opaque


Recent implementation of amendments to Russian Law make the Russian Internet (Runet) more opaque to anyone other than the Russian security services.  For example, below is the domain registration for a Russian IT company as listed on November 2, 2011.  The registrar—Reg.Ru—is a Russian registrar located in Moscow:

domain: SAYTECH.RU
nserver: ns1.reg.ru.
nserver: ns2.reg.ru.
state: REGISTERED, DELEGATED, UNVERIFIED
org: Saitek, LLC
phone: +7 495 9843552
e-mail: villaine@mail.ru
registrar: REGRU-REG-RIPN
created: 2011.05.25
paid-till: 2012.05.25
source: TCI

As amended, however, Russian Federal Law FZ-152 On Personal Data now prohibits the release of personal data to any foreign entity by a Russian business operator.  Personal data includes phone numbers and email addresses.  As a result, the same domain registration now appears as below:

domain SAYTECH.RU
nserver: ns1.reg.ru.
nserver: ns2.reg.ru.
state: REGISTERED, DELEGATED, UNVERIFIED
org: Saitek, LLC
registrar: REGRU-REG-RIPN
admin-contact: http://www.reg.ru/whois/admin_contact
created: 2011.05.25
paid-till: 2012.05.25
free-date: 2012.06.25
source: TCI

Note that the email address and telephone number no longer appear.  Instead, anyone desiring contact information for Saitek, LLC must use the Reg.Ru whois administrative service.  Using the whois service returns the form below.  As you can see, the requestor must provide their email address and the information desired.  However, under Federal Law FZ-152, the domain administrator will simply refuse to provide the information except under a very limited set of circumstances.  Nevertheless, they will know who is interested and what they want.

The information is available since Federal Law FZ-152 now requires an internal passport for domain registration from a Russian registrar.  Federal Law FZ-149 On Information, Information Technologies and Data Protection requires the operator to provide that information to investigators from the Russian security services.  As a result, if the Federal Security Service (FSB) wants to know who registered the site posting information criticizing the government (usually referred to as exciting violence or extremism), no problem.  However, if a US system administrator wants to contact someone about the problems originating from a Russian registered domain, tough luck.

This is a guest blog post by Taia Global's lead Russia analyst.

No comments:

Post a Comment