Russia Orders LinkedIn's Service To Be Blocked, Supposedly For Failing To Store Personal Data Locally
from the think-globally,-act-locally dept
Techdirt has written plenty of stories about Vladimir Putin’s increasingly harsh clampdown on Internet freedom. But, like China, Russia is still coming up with new ways to tighten its control. One is the legal requirement that the personal data of Russian citizens must be stored on Russian soil. Now, a US company has fallen afoul of that 2015 law:
Russia’s communications regulator [Roskomnadzor] ordered public access to LinkedIn’s website to be blocked today (17 November) to comply with a court ruling that found the social networking firm guilty of violating data storage laws.
According to the EurActiv story, the ban is being put in place immediately:
LinkedIn’s site will be blocked within 24 hours, the Interfax news agency cited Roskomnadzor spokesman Vadim Ampelonsky as saying. One internet service provider, Rostelcom, said it had already blocked access to the site.
What’s curious is that LinkedIn is not the only US company to have flouted Russia’s data localization law: both Google and Facebook have also ignored it. A post on NBC News suggests the following is the reason for that discrepancy:
A spokesman for the [Roskomnadzor] watchdog had earlier said that LinkedIn was punished for alleged leaks of user data, Russian media reported.
Information about 120 million LinkedIn user accounts was stolen in 2012, the attack reportedly blamed on Russian hackers.
Irrespective of the messy details of the LinkedIn case, requirements that personal data must be stored locally are likely to become an increasingly hot topic. Already, the EU is unwilling to finalize the Trade in Services Agreement (TISA) in part because of US demands that it should include unrestrained data flows — something that could be illegal under EU privacy laws if applied to personal information.
With the person who will soon run the CIA keen on expanded government spying powers, it is almost certain that the current Privacy Shield framework, which allows the personal data of EU citizens to be sent to the US, will be struck down by the Court of Justice of the European Union. If that happens, the only way companies like Google, Facebook — and LinkedIn — would be able to operate in the EU would be to store their data on the continent. If they fail to comply, they won’t be blocked, as in Russia, but they could be hit with a fine of up to 4% of their global turnover.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: data hosting, localization, russia, tisa
Companies: linkedin, microsoft
Comments on “Russia Orders LinkedIn's Service To Be Blocked, Supposedly For Failing To Store Personal Data Locally”
It’s arleady blocked several days ago.
Easy to comply...
It’s easy to comply: store the data encrypted in Russia, have the operations done in California. Then get some auditors to verify your setup.
Re: Easy to comply...
Unfortunately that wouldn’t necessarily solve the problem that’s the stated purpose of such laws: Keeping the USG’s hands off of the data of foreign people. Remember that the USG has argued in court that if any part of a company is located in the US then it can be ordered to provide data located in different countries, so long as it’s under the same ‘parent’ company.
So sure the data may be stored in Russia, but that wouldn’t prevent the USG from demanding that the US-based part of the company provide it if such was demanded via court order.
Re: Re: Easy to comply...
It would actually solve the problem since the data is stored locally as the law demands. However, this would only spawn new laws to deal with the encryption parts.
That the US has shot themselves in the foot repeatedly with the illegal mass surveillance is another story. The Kremlin (and many others, including those within the EU) are just using this as an excuse for greater control and surveillance on their own citizenry. So basically the US has done more harm to freedom than any other country could have.
I hate to sound pro Russian but....
You can not really blame Russia, the EU, and other countries from not wanting all the info on their citizens stored in the US.
Even ignoring the getting hacked aspect of the situation the US Govt has shown that it does not care about privacy at all and is more than willing to scoop up any and all information within reach regardless of what any law or the Constitution says.
Re: I hate to sound pro Russian but....
I don’t see it as blame so much as ‘This is a hassle for companies and can create problems. What would have taken one database for people from any country now requires one per country, located in that country, increasing costs to the point that it might not even be viable to offer service there.’
Not wanting the USG to have easy access after they’ve made it clear that they are absolutely not to be trusted with such makes perfect sense to be sure(though it’s important to remember that the countries involved tend to be just as bad), but it does make things difficult for the companies to comply, potentially preventing services that might have otherwise existed.
Re: Re: I hate to sound pro Russian but....
Storing locally only solves part of the problem, as a full copy of the database on US soil, or simply copying straight to Bluffdale renders such laws moot.
How long before some countries simply ban US companies from operating within their jurisdiction.
Re: Re: Re: I hate to sound pro Russian but....
Quite possible, between politicians trying to demonize and destroy encryption and the spy agencies grabbing everything they can get their hands on with no restraint, they certainly seem to be doing everything they can to undermine and destroy the US tech sector and drive any such developments and companies overseas into other countries.
Re: Re: Re: I hate to sound pro Russian but....
Bah, and of course I think of the perfect header for that comment immediately after I click submit…
‘We must destroy the US tech sector in order to protect it from those in other countries that would seek to destroy it’
Re: Re: Re:2 I hate to sound pro Russian but....
Re: Re: I hate to sound pro Russian but....
I think proper the solution to this problem is to establish a minimum international privacy standard, then change the wording of your laws from “data stored [transferred, etc, etc] locally” to “data stored [transferred, etc, etc] in locations adhering to these minimum privacy standards.
This would remove any protectionism and still accomplish the goal of ensuring citizens privacy.
I don't see a problem here
The US, and much of Europe too, has shown a great propensity to mine every piece of data everywhere. So any one country distrusting the rest is to be expected. Governments of the “free world” are to blame and yet somehow expected to “fix” the problem. The problem they created.
LinkedIn broke Russian computer laws?
Considering that the US expects other countries to extradite their citizens to the US for breaking US computer laws, I wonder if the US would extradite a US citizen to Russia for breaking Russian computer laws.
Regardless of the thought process behind Russia’s moves, the writing is on the wall about data storage in the future. It’s also not just the US engaging in heavy handed practices and sweeping mass snooping. Other European powers are enacting similar rules for domestic and international spying as well. The UK recently passed an incredibly intrusive spy bill. The French have been engaging in domestic spying for years already. You’re going to see arguments on both sides of the fences, pro-surveillance and pro-privacy, proposing and enacting laws to keep citizen data local and under local jurisdiction both to enable local oversight for whatever reason and to ostensibly hinder international interference.
Local Copy
So what you’re saying is the data IS already stored locally, they just want an updated copy.
(We seem to have similar concerns, so I’m pinning my own comment to yours, fellow Coward.)
Not to detract from the details noted in this article, which I find interesting, I consider the bigger story here to be the forces driving data localization requirements—what exactly are they? I suspect the driving forces are unlikely to dissipate any time soon, so it is important to understand them well.
While in search of that understanding, it would be unfortunate to allow the narrative to be entirely hijacked or diverted by nationalistic propaganda (in its many variants, American, Russian, Chinese, etc), or partially masked by considering only the interests of huge service providers (Microsoft, Google, Facebook, etc).
Can peer-to-peer networks provide solutions consistent with these predictable localization requirements? Is my suspicion correct, that the Big-Boy interests noted above might be hostile to any that might arise?
Just wondering.
Microsoft has resisted this in court ,the doj says it should be able to acess email stored in servers in
microsofts irish headquarters .
IS it not reasonable for the eu to ask that an person in the eu should have data stored on a eu server ,
that is not easily acessed by the nsa or other american government employees .
I,m sure facebook can afford to build servers in the eu.
it,s an accident of history that most big tech companys
are us based .
The DOJ will reap what it has sown. Hell, even my DNS server is located out of country. I use tor and a VPN on most occasions but do have a few dead social site accounts. If you want to take me out Mr. President your predator drone won’t be able to find my phone signal, maybe use AWACS or a satellite, or possibly your mob connections, I will make you earn it. When all is said and done the internet will become obsolete. Thanks.