Message applications should verify user registration data with their mobile operator
The Russian government has decreed that all users of messaging applications should be identified, measure that digital forensics and cybersecurity specialists consider as an affront to the freedom of Internet users. The decree, signed by Prime Minister Dmitry Medvedev, was published on Tuesday and will enter into force in six months.
This way, when a Russian citizen registers in a messaging service, the operator of that service must verify the registration data through its mobile operator, which will have 20 minutes to respond to each request for information and it will need to record information about the messaging applications that each client uses.
If the user changes their mobile telephone operator and registers with a new vendor, they will be forced to go through the identification process again. The responsibility for all this lies with the messaging service providers. According to Alexander Zharov, head of Roskomnadzor, the Russian media regulatory entity, the main goal of this measure is to fight the use of anonymity in messaging services.
Zharov declared to information security and digital forensics specialists that this new measure is “a necessary step to create a safe communication environment for citizens and the State in general”. The official also reported that MTS, the Russian network provider, said that the system would require new “technical improvements” by operators, but that the databases that are needed are already implemented.
However, it is not clear what will happen in cases where users have a foreign SIM card.
This new measure is the new adding to a growing list of government policies that restrict the freedom of Internet use in Russia. According to reports of specialists in digital forensics from the International Institute of Cyber Security, in last July came into force a data retention law that forces the telecomm providers to store details of the communications of all users, with the purpose of helping the Russian authorities in future investigations.
That measure was definitely an expensive move for mobile phone providers operating in Russia, each of which should invest about $550M USD over the next 5 years to comply with the implementation of the systems required by this law.
Encrypted messaging service providers have been asked to provide access to their users’ chats, if required by the authorities. Telegram, the messaging app founded by Russian businessman Pavel Durov, has been banned in Russia since last April because of its refusal to deliver those encryption keys.
The use of virtual private networks (VPNs) has also been banned in Russia since last year. Russian citizens have even been legally prosecuted for sharing in their social network profiles prohibited information or feelings considered “extremist”, which can range from sympathy with terrorist movements to criticism of Vladimir Putin or the Russian Orthodox Church.
The World Internet Freedom Index, developed by the NGO Freedom House, has been recently published; in such document Russia descended in the ranking for the sixth consecutive year, ranking in place 53 of 65 countries, behind places like Turkey and Venezuela.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.