×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Russia Backs Down On Skype, Gmail Ban

timothy posted about 3 years ago | from the governments-should-be-afraid-of-their-citizens dept.

Security 52

An anonymous reader writes "Russia's Federal Security Service (FSB) has backed away from its call for a ban on Skype, Gmail and Hotmail, first voiced on Friday. On 8 April, FSB official Alexander Andreyechkin said foreign-based services that allowed for encrypted communications posed a security problem for Russia. 'The uncontrollable use of such services can lead to a major threat to Russia's security,' Andreyechkin reportedly said at a government meeting."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

52 comments

In soviet russia... (0, Funny)

Anonymous Coward | about 3 years ago | (#35804954)

...apparently all is well...

Re:In soviet russia... (0)

Anonymous Coward | about 3 years ago | (#35805900)

and also, skype bans you!

"Come on guys (1)

rolfwind (528248) | about 3 years ago | (#35804980)

You have to let us spy on you."

Re:"Come on guys (1)

YeeHaW_Jelte (451855) | about 3 years ago | (#35806004)

Yup. The only reason they promoted a ban was because the FSB did not yet know of any methods of doing thus with Skype, Gmail etc.

Retraction is probably because their kind 'friends' at the American or Chinese government informed them of the available methods.

Re:"Come on guys (0)

Anonymous Coward | about 3 years ago | (#35811370)

Explains why the Comodo hacker generated SSL certs for Gmail,Skype,... coincidence?

Re:"Come on guys (1)

c0lo (1497653) | about 3 years ago | (#35809656)

TFA

“On the contrary, the development of modern technologies is a natural process that needs to be assisted,” said an FSB spokesman, according to a report by state news agency RIA-Novosti.

Come on guys, le'me assist you.

In US (-1)

Anonymous Coward | about 3 years ago | (#35804992)

So, what is news? US has a long history in banning exporting encryption algorithms and products that use those, either completely or in recent years after certain threshold.

Re:In US (0)

Kvasio (127200) | about 3 years ago | (#35805038)

US has a long history in banning exporting encryption algorithms

Exactly: In Soviet Russia Gmail, Hotmail and Skype ban YOU.

Re:In US (0)

Chrisq (894406) | about 3 years ago | (#35805298)

Also the language used is a bit prejudicial. Did the US "back down" on its decision to ban exports of strong algorithms or did it reconsider? Historically did they "back down" on segregation laws, or come to a greater understanding of equality?

Re:In US (1, Interesting)

AHuxley (892839) | about 3 years ago | (#35805404)

The US is so free you thoughtcrime yourself out in blogs, emails, phonecalls, web 2.0 ect. The urge to spread the message, find others, share and build is very powerful. If you do use encryption, the trail is even more clear and task force/federal interest builds.
The only thing that makes people really sit up is old court cases where they see the use of hardware and software to get around any level of encryption.
Russia seems to have learned this, spread the tools, understand the web 2.0/free tools, then go hunting.

Re:In US (1)

bhagwad (1426855) | about 3 years ago | (#35806796)

I know. God forbid people suddenly get the ability to talk to one another with restrictions! A disaster for humanity!

ban at what scope? (1)

Hazel Bergeron (2015538) | about 3 years ago | (#35804994)

It's entirely appropriate to ban such services' use in government communications. And any firm of significant size would hopefully implement a similar policy. But if kids want to use Gmail to speak to their friends, I think the government would be better placed to suceed with education than with a ban.

Re:ban at what scope? (3, Informative)

Narcogen (666692) | about 3 years ago | (#35805044)

The proposed ban was not against use in government communications. They need pass no law to achieve that, an executive order would be enough. The proposed ban was against any and all encrypted communications within the territory of Russia where the government has no key escrow. That includes Skype, Gmail, SSL, and plenty of other things.

There's no education issue here, unless what you mean is that they want to 'educate' Russian students about the benefit of alternatives to Skype and Gmail that the Russian government can intercept.

Re:ban at what scope? (1, Interesting)

Hazel Bergeron (2015538) | about 3 years ago | (#35805114)

They need pass no law to achieve that, an executive order would be enough.

I'm not sufficiently familiar with the current Russian legal system. Would no legislative action be needed to require all government employees and contractors to only communicate work details through government-approved systems?

The proposed ban was against any and all encrypted communications within the territory of Russia where the government has no key escrow.

So the outcome could have been an agreement with Google etc. Either way, use of US services exposes users to snooping from the US government. I don't see any evidence that the people benefit.

There's no education issue here, unless what you mean is that they want to 'educate' Russian students about the benefit of alternatives to Skype and Gmail that the Russian government can intercept.

Or, educating Russian students about the benefit of alternatives to Skype and Gmail that the US government are less likely to be able to intercept. There are more people in the world who distrust the US government than there are people who distrust the Russian government - and if the choice was between a system secured from Russia and a system secured from the US, many would choose the latter. Recall also that a determined Russian official would use the physical presence of a suspect to keylog / warrant search / otherwise anyway, so the value of protection against some form of snooping from one's own government is diminished vs the value of protection against snooping from foreigners.

Re:ban at what scope? (0)

Anonymous Coward | about 3 years ago | (#35805246)

Is that all true?

Re:ban at what scope? (1)

Meski (774546) | about 3 years ago | (#35814808)

My gut feeling is that people distrust their own government more than foreign governments, but it is just a feeling, I have no data to back the idea up.

Re:ban at what scope? (4, Insightful)

jpapon (1877296) | about 3 years ago | (#35806080)

There are more people in the world who distrust the US government than there are people who distrust the Russian government

Now that's an interesting statement. How can you claim to know that? Is it because the statements you pull out of your ass are usually true?

Re:ban at what scope? (1)

Illicon (1588477) | about 3 years ago | (#35806944)

66% of all statistics are made up on the spot.

Re:ban at what scope? (1)

rwa2 (4391) | about 3 years ago | (#35807700)

are you sure it's not 33% ?

Quick! Someone give us the tiebreaker!

Re:ban at what scope? (1)

c0lo (1497653) | about 3 years ago | (#35809744)

There are more people in the world who distrust the US government than there are people who distrust the Russian government

Now that's an interesting statement. How can you claim to know that? Is it because the statements you pull out of your ass are usually true?

Just think how many in this world are affected by the US govt (including the recent domain name blocking) and how many are affected by the Russian govt. Seems quite plausible to me.

Re:ban at what scope? (1)

el_tedward (1612093) | about 3 years ago | (#35806326)

They need pass no law to achieve that, an executive order would be enough.

I'm not sufficiently familiar with the current Russian legal system. Would no legislative action be needed to require all government employees and contractors to only communicate work details through government-approved systems?

The president has quite a lot of power in Russia, and can pass "directive" without any sort of legislative review, so long as it does not go against an existing law or the constitution.

Re:ban at what scope? (1)

Rakishi (759894) | about 3 years ago | (#35806436)

There are more people in the world who distrust the US government than there are people who distrust the Russian government - and if the choice was between a system secured from Russia and a system secured from the US, many would choose the latter.

So you're saying that people should be educated on just how bad the Russian government is?

Recall also that a determined Russian official would use the physical presence of a suspect to keylog / warrant search / otherwise anyway, so the value of protection against some form of snooping from one's own government is diminished vs the value of protection against snooping from foreigners.

They don't want to spy on one person, they want to spy on all people, at the same time. Then they find anyone interesting, gather evidence on them (or plant it) and remove them from being a future problem (permanently if need be). The US may if they really care enough take you to court, the Russians will simply kill you. And there's a lot more things a Russian does that interest the Russian government than there are thing they do that interest the US government.

Re:ban at what scope? (1)

Hazel Bergeron (2015538) | about 3 years ago | (#35807410)

They don't want to spy on one person, they want to spy on all people, at the same time. Then they find anyone interesting, gather evidence on them (or plant it) and remove them from being a future problem (permanently if need be). The US may if they really care enough take you to court, the Russians will simply kill you.

Isn't it great when we have some random person on the Internet who is able to paste directly from top-level government strategy manuals! Oh, wait, you're just making stuff up to fit your prejudices.

Fortunately, no-one in the US is killed by cops or subject to an unfair judicial process. And the US military is barely responsible for killing a single human over the last decade.

Look, we can all agree the Russian government is scary. It's just not as scary as the US government. Especially not for foreigners.

Re:ban at what scope? (0)

Anonymous Coward | about 3 years ago | (#35808306)

Doesn't US goverment want to spy on every person? I don't think so.
I'm russian and live here since '84. What draws distinction between you in US and me here is that I *can* see and predict this environment and you can't. There is nothing scary if you know it, know how to interact with it. Maybe our average sense of "freedom" and other social terms are somewhat different, but I don't eat all that bs about *your* goverment being nice and kind and blahblahblah.

Same applies the other way around, I think.

Re:ban at what scope? (1)

Rakishi (759894) | about 3 years ago | (#35806452)

Also, if you cannot figure out what the Russian government wants by explicitly banning encrypted applications rather than applications that store data in the US then you're an idiot. Your argument is about the later while the former is what's happening (and among other things the later is actually easier for the US to spy on).

Re:ban at what scope? (1)

Hazel Bergeron (2015538) | about 3 years ago | (#35806682)

As far as I can tell, there is a desire is to ban systems which the Russian government cannot easily eavesdrop on, but there is no aim at "banning encrypted applications".

There are so many examples in the US where the government is keen for you to secure your affairs from crime and hostile foreign involvement - as long as you don't secure them from the US government. For example, you're allowed to keep your money in a bank but the bank is required to report transactions which are "suspicious".

Re:ban at what scope? (1)

RockDoctor (15477) | about 3 years ago | (#35822742)

As far as I can tell, there is a desire is to ban systems which the Russian government cannot easily eavesdrop on, but there is no aim at "banning encrypted applications".

Why am I thinking of the "Clipper" fiasco of a few POTUS ago? That couldn't happen here, surely? (For many values of "here", including both American non-American values. And Russian values of "here", too.)

Re:ban at what scope? (0)

Anonymous Coward | about 3 years ago | (#35805358)

The proposed ban was against any and all encrypted communications within the territory of Russia where the government has no key escrow

New trusted Russian root CA in all major browsers in 3...2....

Re:ban at what scope? (2, Insightful)

Martian_Kyo (1161137) | about 3 years ago | (#35805080)

True but banning applications is really not the best way.

To paraphrase the popular saying:
Applications don't leak information people leak information.

If your employees are stupid enough to discuss US invasion plans over hotmail, and you ban hotmail they will find even dumber way to discuss it trust me.

Re:ban at what scope? (1)

Anonymous Coward | about 3 years ago | (#35805698)

Do you even have a clue what you're talking about? Russia wanted the apps banned because they allow for encrypted communication.

So it's not about being stupid enough to use Hotmail and the others. It's about the govt not being able to determine the content of the communication.

It's bad enough that you don't rtfa, but obviously you read neither the summary nor any of the other comments.

in other news (1)

smash (1351) | about 3 years ago | (#35805074)

Sergey Brin and Steve Ballmer just did a deal with the Russian government.

Re:in other news (1)

aaaaaaargh! (1150173) | about 3 years ago | (#35805282)

That is exactly what I thought as well.

Skype almost certainly already has a backdoor somewhere in its convoluted malware Spaghetti code. Regarding Hotmail, well, perhaps they figured out that it's not secure anyway...

Re:in other news (1)

petermgreen (876956) | about 3 years ago | (#35805808)

There is a fundamental problem in cryptography that users don't want to remember keys. So cryptosystems become only as secure as the master server that checks the users login and manages the mapping from user accounts to temporary keys that are generated for each session . Afaict skype falls into this category and as such it would be pretty trivial for the owners of skype to MITM their users communications.

If you really want security you need to use a cryptosystem where you manage the keys yourself and take appropriate precauations in storing and managing those keys. Most peope though don't want to go to that effort.

SSL as typically implemented has even worse problems it is only as secure as the LEAST secure CA that the browser trusts (either directly or through delegation).

Re:in other news (1)

petermgreen (876956) | about 3 years ago | (#35805838)

it is only as secure as the LEAST secure CA

Sorry that should have said it is at best as secure as the LEAST secure CA. In practice it is likely to be worse than the worst individual CA because different CAs may be susceptible to different hackers/blackmailers/etc.

Re:in other news (0)

Anonymous Coward | about 3 years ago | (#35805932)

I agree that key distribution is the most important problem in cryptography and that it is essentially a cultural problem. It *could* be solved, but people are too lazy to solve it.

Just imagine everybody would customarily carry around flash drives full of randomly generated keys and give them away to their closest friends or reliable business partners whenever they meet them, so these can later contact them securely, send them files, etc. Imagine this would be a completely common thing to do, and everybody would carry around a bag of flash drives with their own master keys and keys for giving away to their friends, and guard all of these like their wallet. From time to time, you'd revoke keys and distribute new ones.

It would be a nightmare for governments and encryption would become heavily regulated or prohibited in 3, 2, 1...

Re:in other news (1)

smash (1351) | about 3 years ago | (#35809404)

Who needs backdoors or ability to hack keys or snoop traffic when you have a login with appropriate access privileges on the box. SSL, etc is only protected what is sent between you and the server whilst it is in transit, if the bad guy has root (or similar) on the remote box, all bets are off.

they have found a solution (0)

Anonymous Coward | about 3 years ago | (#35805334)

"The uncontrollable use of such services can lead to a major threat to Russia's security"
We will use them under control.

For example installing a special FSB software on all user machines.
Hope it will work on my gentoo.

Are they right? (1)

DNS-and-BIND (461968) | about 3 years ago | (#35805348)

Ok, well, rather than take the default "Democracy let loose the Freedom Bombs LOLZ" viewpoint...is the FSB correct? Can the use of Google become a threat to Russia's security? Yes or no? And if yes, then what are the appropriate steps that Russia should take to secure itself? Let's all remember that Google is no mere provider of neutral information services...as an American corporation Google has been, sadly, repeatedly guilty of overt acts that can only be labeled as pro-American.

Some of this is legitimate (1)

Alex Belits (437) | about 3 years ago | (#35805354)

I am sure, Russian government would have a problem if, say, all responses to email of some military contractor's employee ended up going unencrypted through routers where traffic is routinely intercepted by US government. The fact that even without any (supposedly illegal) interception Google will also inevitably collect statistics about the content and will probably "patriotically" turn the content to the US government if anything "interesting" will show up in statistics, is just icing on the cake.

What about analogic methods (0)

Anonymous Coward | about 3 years ago | (#35805478)

Next, a ban on invisible ink? Stay tunned!

willful wednesday; another day of dilapidation (-1)

Anonymous Coward | about 3 years ago | (#35805496)

still here? louder than ever? disarm. so long, goodbye, farewell. see you in the corrected history books, or on display in the glass gages.

Unfinished sentence (0)

Anonymous Coward | about 3 years ago | (#35805522)

Russia backs down on Skype: excellent news.

Gmail Ban: Ban what? Where?

Or perhaps the headline writer meant to use an ampersand ( & ) instead of a clause-separating comma?

Punctuation marks are tools: use them as they are intended.

Paranoia (1)

dimethylxanthine (946092) | about 3 years ago | (#35805532)

Paranoia at the highest levels of the government poses a greater threat than Skype, Gmail, [name of technology here] put together, imho.

Friendly, sustainable policy, on the other hand, ensures security and safety. But that takes real skill.

-----
Sent from my ENIAC

Government Arrogance (1)

Froeschle (943753) | about 3 years ago | (#35809012)

Government arrogance never ceases to amaze me. Whether is be Russia US or anyone else. All governments exhibit the same sick arrogance that the citizens whom they "protect" should not be in any way protected from themselves.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...