Netizen Report: What if Tech Companies Cave to the Kremlin’s Data Demands?

Microsoft Bing data center. Photo by Robert Scoble via Flickr (CC BY 2.0)

Microsoft Bing data center. Photo by Robert Scoble via Flickr (CC BY 2.0)

Global Voices Advocacy’s Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world.

Russian state media outlet RBC reported last week that US companies including eBay and Google had begun storing Russian user data on servers located in Russian territory.

Google called the reports “inaccurate” but has said nothing more about the claims. Meanwhile, eBay Russia representative Vladimir Dolgov confirmed the reports and explained that the company has been meeting with Russian regulatory authorities in an effort to come into full compliance with data localization legislation passed last July. The law requires Internet companies to store Russian users’ data in Russia, presumably with the goal of sustaining stronger state control over Internet users and their data. It goes into effect on September 1, 2015.

The policy would mark a big shift for users, creating new vulnerabilities when it comes to personal data sent to and stored using services based outside of the country. For example, right now, if Russian authorities wish to access Google user data, they must present a court order to the United States Department of Justice, which will determine its legitimacy. Google’s Law Enforcement guidelines explain that if the order satisfies US law and Google’s policies, it will be fulfilled—but if not, the user's data will remain undisclosed. The same would be true for a host of other US companies that do business in Russia. But if outside companies should comply with the new policy, there would be a much lower threshold for Russian authorities to obtain user data.

The contradictory claims of Russian media remain unresolved however. Media studies scholar and Global Voices Russian editor Tanya Lokot commented on the matter in a recent post for Global Voices:

Why would [RBC] do this? Who would benefit from such a misrepresentation? Russia certainly wants its new law to be recognized by international Internet companies doing business in Russia, and having an important player like Google on their side would be a definite advantage. But insisting Google agreed to the data localization demands when they did not would help no one, and would only make the Russian authorities look more desperate in their quest to increase control over the activities of Russian users.

Online speech under fire in Malaysia

Malaysia’s Parliament passed new amendments to the country’s Sedition Act of 1948, which has been used to jail critics, journalists, academics, and opposition politicians over the past year. The amendments allow the Sessions Court to issue an order to remove seditious publications made by electronic means and increases jail terms for acts of sedition. The amendments mark a shift away from the government’s promise during 2012 elections it would repeal the Sedition Act, which specifically targets discourse seen as subversive to the state.

Iran is censoring Global Voices (sort of)

Last time we checked, GlobalVoices.org was not blocked inside Iran. We checked again last week, and the redirect page came up. But there is an easy fix for this—by simply replacing the regular http with https, users in Iran can get around the block. So now we know: Iran is conducting HTTP host-based blocking of the Global Voices website, likely along with many others. But unlike major sites like Facebook, which Iran blocks using more advanced methods, a simple “s” can solve the problem.

Kiwi media companies say virtual private networks violate copyright

Internet service providers in New Zealand are facing legal challenges from local media companies, including SKY, Lightbox, MediaWorks, and TVNZ, that claim that the ISPs are violating copyright by offering global virtual private network services. VPNs enable New Zealanders to circumvent geoblocks of various kinds, including those placed on entertainment content under copyright. TechDirt blogger Mike Masnick says the claims in the suit are a far cry from standard interpretations of copyright and argues that ISPs are simply offering access to the entire global Internet.

Deconstructing China’s “Great Cannon”

The Chinese government appears to have developed a powerful new form of conducting attacks on servers, which it used to engage in a large DDoS attack on the websites GitHub and Greatfire.org, according to new research from the University of Toronto's Citizen Lab. The tool, which Citizen Lab has dubbed the Great Cannon, works by hijacking traffic to (and presumably from) individual IP addresses and injecting malicious Javascript into connections to Chinese search engine Baidu. It can arbitrarily replace unencrypted content, making it possible for China to target foreign computers communicating with any China-based website that does not use HTTPS.

Twitter conducts massive sweep on accounts associated with ISIS

Twitter’s violations department suspended approximately 10,000 ISIS-linked accounts for “tweeting violent threats,” according to a Twitter representative, marking what may be the single biggest suspension of accounts linked to the violent extremist group. These numbers cannot be independently verified because this form of account data is not accessible to the public.

Users challenge Facebook on privacy violations, facial recognition sneakiness

Facebook is facing a class action lawsuit filed by 25,000 Austrian users for breaching EU privacy law and for the company’s involvement with the US National Security Agency. An additional 55,000 users have registered to join the procedures at a later stage, according to The Guardian.

Meanwhile, in Chicago, Facebook has been accused of violating user privacy because of its use of facial recognition technology that scans photos and suggests Facebook friends its users may want to tag. The suit alleges that the acquisition of this data violates the Illinois Biometric Information Privacy Act, which makes it unlawful to collect biometric data without providing written notice to the subject and obtaining their written release.

New Research

Their Eyes on Me: Stories of Surveillance in Morocco—Privacy International

Mahsa Alimardani, Ellery Roberts Biddle, Sergey Kozlovsky, Hae-in Lim, and Sarah Myers West contributed to this report.

Subscribe to the Netizen Report by email

Start the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.