- Global Voices Advox - https://advox.globalvoices.org -

Netizen Report: China Joins Russia in Crusade to Keep User Data at Government’s Fingertips

Categories: China, Russia, Privacy, Surveillance, Tech Industry, Netizen Report
Car with Facebook flag, Moscow 2012. Photo by Irina Firsova. Copyright Demotix. [1]

Car with Facebook flag, Moscow 2012. Photo by Irina Firsova. Copyright Demotix.

Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world.

Ahead of a meeting [2] between Lu Wei, China’s Internet czar, and several US tech companies—including Apple, Cisco, Facebook, Google, IBM, Microsoft, and Uber—Human Rights Watch published a letter asking [3] the invited companies to publicly commit “not to enable government abuses of freedom of expression and privacy in China.” This followed a broad request [4] by China’s Information Technology Security Evaluation Center asking US tech companies to begin storing data on Chinese users within China, to “not harm” national security, and “to promise to accept supervision from all parts of society.”

China’s demands are nothing new, but point to a growing global trend of large, powerful governments asking foreign technology companies to play by their rules and store citizens’ data within easy reach of relevant authorities. From Brazil [5] to India [6] to Vietnam [7], such policies have been proposed with varying degrees of success. But with technology and political power centers like China and Russia moving forward in this realm, the trend feels more like a certainty than a threat.

The legal details of China’s proposal remain unclear, but they would likely undermine the processes currently in place for requesting user data from US-based companies. For example, right now, any government that wishes to access Google user data must present a court order [8] to the United States Department of Justice, which will determine its legitimacy. Google’s Law Enforcement guidelines [8] explain that if the order satisfies US law and Google’s policies, it will be fulfilled. If not, the user's data will remain undisclosed. The same is true for many other US companies that do business abroad.

Requiring companies to store data in-country could upend this system of accountability, leaving a much lower threshold for authorities to obtain user data.

Last year, the combined effects of these new, tighter Internet regulations, both current and predicted, prompted Russian Internet guru Anton Nossik to declare that the “end [9]” of US social media services like Facebook, Twitter, and Google in Russia was near. This hasn’t happened yet, but a brief glance at both countries’ trajectories suggests that Nossik’s prediction might not be far off.

Outcry over encryption proposal sends Indian legislators back to the drawing board

The Indian government is reconsidering a proposed law [10] that would have given relevant state authorities access to “all encrypted information” regardless of its provenance or purpose. Alongside persistent arguments against weakening encryption by privacy advocates, public uproar [11] against the proposal was particularly strong due to an aspect of the law that would have required citizens to maintain logs of all of encrypted social media and chat conversations — on platforms like WhatsApp, Viber, and Google Chat — for a minimum of 90 days, or risk jail time. This thoroughly clunky attempt to circumvent encryption technologies that are already built into these platforms was unequivocally rejected by mobile phone users across the country and caused the government to withdraw the bill for further deliberation.

Peru’s ‘aggravated defamation’ bill singles out social media users

Peruvian legislators may amend the country’s penal code to expressly criminalize the act of damaging another person’s reputation or honor over social media. Specifying platforms including Facebook and Twitter, the bill proposes [12] that violators be jailed for 1-3 years.

Will Russia’s leading social media platform go dark over LGBT content?

Russian government regulator Roskomnadzor ordered social network Vkontakte to shut down the accounts [13] of Children-404 and several other online LGBT youth support groups, following a court decision ruling that the groups were posting illegal “gay propaganda” online. The groups were given three days to take down any illegal content, though according to Children-404 founder Lena Klimova, the officials have failed to specify what content has been deemed illegal.

If Vkontakte refuses to comply with the order, the company could risk being blocked in its entirety by Russian Internet providers. Although authorities might prefer to block only the pages belonging to Children-404 and the other LGBT community groups in question, Vkontakte's technical infrastructure makes this tough. Vkontakte works under HTTPS, a secure protocol that makes it very difficult for web traffic monitors to see which pages a user visits within a site. If Russian authorities want to keep users from seeing the pages of Children-404 and its allies, they may have to block the entire social network, a move that would likely trigger uproar among young Russians.

Iranian leaders centralize power under Supreme Cyberspace Council

Iran is consolidating Internet policymaking [14] under the country’s most conservative branch of government, the Supreme Cyberspace Council, which reports directly to Supreme Leader Ali Khamenei. In the past, the Supreme Leader has said the Internet is “used by the enemy to target Islamic thinking”. The move effectively cuts Iran’s more moderate President Rouhani out of policymaking for the Internet, suggesting regulations in Iran are likely to take a hardline turn.

Commercial router attacks expose dangers of technical backdoors

Cybersecurity company FireEye found [15] technical “backdoors” in 14 commercial routers in India, Mexico, the Philippines, and Ukraine after the routers were hacked. The attackers either stole network administration credentials or gained physical access to the routers in order to seize control of the routers, all of which were built by Cisco. The attackers accessed [16] the data of all the companies and government organizations that sit behind the router, according to FireEye CEO Dave DeWalt. While home routers have been hit by malware in the past, attacks on commercial routers are relatively rare — according to DeWalt, only a handful of states have the capacity to conduct such attacks.

Cool things

Several journalism research organizations in Chile and Colombia launched a Map of Media and Media Ownership [17], which is a database of media ownership with information on over 700 media companies intended as a research tool for policy makers, journalists, academics and the public. The map is a part of the data journalism project Poderopedia [18] (“Power-opedia”) which maps political and corporate power in the region.

New Research

Are the Kids Alright? Digital Risks to Minors from South Korea's Smart Sheriff Application [19] – Citizen Lab

Juan Arellano [20], Mary Aviles [21], Ellery Roberts Biddle [22], Darina Gribova [23], Hae-in Lim and Sarah Myers West [24] contributed to this report.

Subscribe to the Netizen Report by email [25]