The so-called “Yarovaya law”. This means that telecom operators are required to start storing their users' data, including call recordings, correspondence, videos, images and related information. All this will have to be stored for six months.

Telecom operators have already begun to implement the measures prescribed in the law, but in order to comply with all the requirements, they will have to spend a lot of time and even more money. For example, in the case of Megafon, it takes about five years to organize the storage of user data throughout the entire network, as reported by RBC.

“We were unable to organize storage across the entire network from July 1st. The system will be gradually deployed in different regions over five years and by the end of this period will be deployed throughout the country,” said Megafon CEO Sergei Soldatenkov.

It is worth noting that the law does not have clear wording regarding the phased introduction of the provisions. The following is stated: “the procedure, terms and volume of storage<...>information is established by the government." During the discussion of the law, telecom operators asked the government for the opportunity to gradually implement the provisions of the law - first in the regions, then throughout the country. This point of view was supported by Nikolai Nikiforov, who in 2017 served as head of the Ministry of Telecom and Mass Communications. But then officials came to the conclusion that the law needed to be implemented simultaneously throughout the country.

Other telecom operators do not disclose the progress of implementation of the provisions of the Yarovaya Law, only reporting that all actions are carried out within the framework of current legislation. The Ministry of Telecom and Mass Communications says that operators must introduce all provisions of the law at once throughout the entire network, and not gradually. However, in April this year the government published clarifications to the law. It stated the need to store text messages and call recordings for six months from the date of “the end of their reception, transmission, delivery and (or) processing.” As for Internet providers, they will have to store customer data for 30 days, starting from October 1 this year. Then, every five years, companies are required to increase the capacity of “technical means of storage” by 15% per year.

The problem is that until now, documents with the necessary technical requirements for the equipment that should be used to store information have not been adopted. For example, Rostelecom has not yet included in its own budget the costs of complying with legal requirements. “Despite the fact that the Russian government’s decree on storage periods has already been published, to estimate costs it is necessary to wait for the release of documents with equipment requirements,” said a company representative.

Be that as it may, there are draft requirements for equipment, so communication providers can temporarily be guided by them. But the level of responsibility of operators and Internet companies for failure to comply with the requirements of the Yarovaya Law has not yet been determined. According to experts, the state should provide the opportunity to ensure data storage, and not just punish operators.

As for financial costs, for each operator the implementation of the provisions of the Yarovaya Law will cost billions of rubles. The total expenses of operators, according to the Communications and Information Technologies working group under the Russian government, will amount to 5.2 trillion rubles. MTS requires the required amount of 60 billion rubles for the next five years, Megafon - 35-40 billion, VimpelCom - 45 billion.

Amounts may vary depending on the exact configuration of the equipment and what requirements for its manufacturers are approved. “So far, no one knows in what form the state will ask market participants to implement the requirements of the law. It would be one thing if a phased procedure was adopted, say, over three years. A completely different scenario if full compliance needs to be achieved in, say, several months,” says Olga Sokolova, CEO of Linxdatacenter in Russia.

Costs, as far as can be understood, will be reimbursed by customers. , that to compensate for costs, such a large operator as VimpelCom must charge subscribers about 13 rubles per person per month for five years. Most likely, tariffs for the population will be increased by this amount.

The hopes of the telecom industry were not justified: Vladimir Putin signed an “anti-terrorism” package, which is now commonly called the “Yarovaya package.” Now telecom operators and Internet companies will be required to store the contents of their users’ messages for six months. Moreover, the president separately instructed the FSB to develop a procedure for decrypting user messages.

“Yarovaya Package”: the law is now “written”

Russian President Vladimir Putin signed an “anti-terrorist” package of amendments developed by deputy Irina Yarovaya and senator Vladimir Ozerov. Among other things, telecom operators will now be required to store information about the receipt, transmission, delivery and processing of messages from their subscribers, including text messages, sound, video, images, etc., for three years.

Moreover, the contents of the messages themselves will need to be stored for up to six months. Currently, telecom operators must store information about subscribers and the communication services provided to them for three years, but there are no requirements for storing the contents of the messages themselves. Telecom operators are also prohibited from using uncertified encryption equipment.

Similar requirements are being introduced for organizers of online distribution (ORI). This term was introduced in 2014 as part of another “anti-terrorism” package of laws developed by the same Irina Yarovaya. We are talking about Internet platforms that allow users to communicate with each other, in particular, social networks, blog platforms, etc.

As part of the 2014 law, ORIs are required to store in Russia data on all messages transmitted by their users for six months. Now ORI is obliged to store data on transmitted messages for a year, and the contents of the messages themselves for up to six months. Moreover, if users use encryption (encoding), ORI will have to transfer the keys to the FSB to decrypt them.

When does the Yarovaya Law come into force: instructions from the President

At the same time, Vladimir Putin gave a number of instructions to the government in connection with the adoption of this bill. In particular, the Cabinet of Ministers must, together with the FSB, prepare draft regulations “aimed at minimizing the risks associated with the application of this law. The President especially indicated that it is necessary to “clarify the stages of application of regulations that require significant financial resources and modernization of the technical requirements of business entities subject to the law, taking into account the need to use domestic equipment.”

By July 20, the FSB must approve the procedure for certifying encoding (encryption) means when transmitting messages on the Internet, defining a list of means subject to certification, as well as the procedure for transferring encryption keys to intelligence services. Thus, security officers have only two weeks to develop a procedure for decrypting messages from Internet users.

By November 1, the FSB will have to develop and introduce “a register of organizers of the dissemination of information on the Internet, providing, at the request of authorized departments, the information necessary for decoding received, transmitted, delivered and processed electronic messages in the event of their additional encoding.”

Currently, the ARI registry is maintained by Roskomnadzor. From this wording it follows that either the FSB will take away this register from Roskomnadzor, or create its own, separate register. A source in Roskomnadzor admits: this register will be introduced in any case in the interests of the FSB.

Vladimir Putin instructed the government to prepare the production in Russia of software and equipment necessary to implement the “Yarovaya Law”. By September 1, 2016, the Ministry of Industry and Trade together with the Ministry of Telecom and Mass Communications will have to analyze and submit proposals on the possibilities, timing and volume of financial costs in order to organize domestic production equipment and the creation of domestic software necessary for storing and processing information of all types of messages transmitted by Internet users, and information about these users, indicating specific production sites in Russia.

It will also be necessary to pay attention to the application of the law on liability for the use of uncertified coding (encryption) means on communication networks and on the Internet and on the termination of the provision of communication services in the event of failure to confirm the compliance of the personal data of actual users of communication services with the information specified in subscriber contracts. The relevant instructions will need to be completed before November 1, 2016.

After the news about the signing of the “Yarovaya Package” appeared, the Runet was full of similar postcards

Some concessions as part of the anti-terrorism package

From the very beginning of the appearance of Irina Yarovaya’s “anti-terrorism” bill, the telecommunications and Internet industry reacted extremely negatively to it. In the original version of the bill, it was assumed that both telecom operators and Internet companies would have to store both information about their users’ messages and the contents of all messages for three years. Among other things, the government also expressed its protest against this norm, asking legislators to change these deadlines downwards.

During the second reading of this package of bills in the State Duma, legislators decided to partially listen to the criticism of the industry: the rule on storing the contents of messages - both for telecom operators and for ORI - was adjusted and reduced for a period of "up to six months." Moreover, the law states that the government will have to establish more detailed requirements for the format and retention periods of user messages.

After the adoption of the law, Irina Yarovaya stated that this document does not oblige operators to store user messages at all: this issue remains at the discretion of the government. In addition, if the law itself comes into force on July 20 of this year, then the requirements for storing the contents of messages will only take effect on July 1, 2018. That is, operators will have time to prepare.

For ORI, the storage period for information about the facts of transmission of messages by their users has also been reduced: to one year. At the same time, during the second reading, the deputies prepared another unpleasant “surprise” for Internet companies: if their users use encryption (coding), the ORI will have to hand over the keys to the FSB to decrypt them.

This standard is impossible to meet, market participants warn. Interference with the functioning of international encryption standards, for example, SSL, will lead to the fact that Russian users may simply be excluded from international transactions, for example, in the banking sector, experts note. In addition, encryption is often performed on the user’s side, and the Internet service serving him is simply not able to transfer the decryption keys to the intelligence services.

And, in any case, foreign Internet companies will not comply with the requirements of Russian legislation, just as they are already refusing to register in the ARI register. Accordingly, Russian Internet services will lose to them in the competition.

"Package" worth 5 trillion rubles

Before the consideration of the “anti-terrorist” law in the Federation Council, the heads of the Big Four mobile operators - MTS, Megafon, VimpelCom and Tele2 - appealed to the Speaker of the Upper House, Valentina Matvienko, to reject the document.

Each of the major mobile operators estimates their costs for implementing this at least 200 billion rubles. Operators estimate the total costs of implementing the entire system at 2.2 trillion rubles, and the Government Expert Center estimates an even larger amount - 5.2 trillion rubles. The result of this will be an increase in tariffs for subscribers, a refusal to develop networks, and even losses to the state in the form of lost income taxes (in this situation, the business of telecommunications companies will become unprofitable").

Tele2 and Megafon openly promised that tariffs for subscribers would increase two to three times. “On his Facebook page he gave the following forecast. Subscribers should prepare for an increase in prices for the Internet and cellular communications by two to three times, - Pyotr Lidov-Lidovsky, director of public relations at Megafon, draws a pessimistic forecast. “The Ministry of Finance should wait for the disappearance of income tax revenue from telecom operators within ten to twenty years, since the costs of operators to comply with the requirements of the law will exceed their revenue.”

“The Russian communications industry as a whole will face stagnation, since all the money, instead of developing new technologies, will be spent on recording and storing telephone conversations, videos viewed on the Internet by every citizen and all other files, texts and documents sent by individuals and legal entities,” continues Lidov - Lidovsky. “But American and Chinese companies will benefit, they will receive excess profits (billions of dollars) through the sale of equipment for storing data arrays of information.”

“Since about ten thousand private companies - large and small - will store all the information about you - from photographs of your beloved mother-in-law to money transfers - you will soon be able to read the yellow press with much greater interest, and any information about any citizen, including the most intimate , you can buy it very inexpensively, without leaving the couch,” the Megafon representative makes another conclusion.

Another controversial provision of the new law in the region is the obligation to terminate service to a subscriber if his actual passport data does not confirm the data specified in the contract for communication services. This may lead, in particular, to the disconnection of minor children whose contracts are in the name of their parents.

The costs of implementing the law and Internet companies will be high. Thus, Mail.ru Group, according to the Vedomosti newspaper, valued them at $2 billion. “” also presented its estimates. One of the provisions of the new law states that postal operators are required to check parcels at all stages of shipment for the presence of substances prohibited for transportation (for example, explosives).

To do this, you should use special equipment: X-ray television, radioscopic installations, stationary, portable and hand-held metal detectors, gas analytical and chemical equipment. Currently, this type of equipment is installed only at international dispatch points, as well as at mail sorting points. Equipping all 42 thousand post offices with special equipment will cost 500 billion rubles, Russian Post has calculated. Another 100 billion rubles will be required to maintain this equipment and maintain the relevant personnel.

That is, the total costs of Russian Post to implement the law will amount to 600 billion rubles. At the same time, the company’s revenue for last year was four times less - 149 billion rubles. Moreover, according to the Minister of Communications Nikolai Nikiforov, a similar picture - the excess of future expenses over revenue - is observed among 700 other participants in the postal market.

Nikiforov himself also actively criticized this bill. After its adoption by the State Duma in the II-III readings, the minister expressed regret that the government’s position was not heard. However, after the president signed the law and distributed instructions related to it, the minister said that the president “heard” him.

Anti-terrorist fines

Simultaneously with the “Yarovaya package,” amendments were adopted to the Code of Administrative Offenses (CAO) on the establishment of fines for non-compliance with the requirements of the new law. Failure by the organizers to provide encryption keys will result in a fine. For individuals it will range from 3 thousand rubles to 5 thousand rubles, for officials - from 30 thousand rubles to 50 thousand rubles, for legal entities - from 800 thousand rubles to 1 million rubles.

The amount of fines for organizers of information dissemination for failure to provide law enforcement agencies with access to their users’ messages has also been increased. For legal entities it now ranges from 300 thousand rubles to 500 thousand rubles, the new amount of fines will range from 800 thousand rubles to 1 million rubles.

Measures have also been taken against telecom operators to decrypt communications. The article on fines for the use of uncertified communications equipment by telecommunications companies has been supplemented with penalties for the use of uncertified encryption equipment. The fine for this will range from 30 thousand to 40 thousand rubles for legal entities with the possibility of confiscation of the relevant equipment.

A fine for telecom operators for failure to comply with the requirement to include subscriber data in contracts for the provision of communication services will also be levied in case of violation of the current subscriber identification procedure. The fines range from 200 thousand rubles to 400 thousand rubles for legal entities.
The use of the media and information and telecommunication networks to disclose state secrets will also be prohibited: for this, the fine for legal entities will range from 400 thousand rubles to 1 million rubles.

When preparing the document for the second reading, which was originally scheduled for June 22, a provision appeared on fines for “organizers of information dissemination on the Internet” for refusing to provide the FSB with data for decoding received and sent messages. The State Duma explained that the provisions of the bill apply to the work of instant messengers, email services and social networks that use encryption.

In case of refusal to provide the secret services with keys to decrypt messages, companies face fines from 800 thousand to 1 million rubles.

The bill will affect messengers Telegram, WhatsApp, Viber, ICQ, which use end-to-end encryption. The HTTPS Internet protocol, which ensures the secure transmission of data on many Internet portals, may also be affected by the document. In particular, Facebook, VKontakte, Twitter and other communication services will be under threat. This mechanism is also used by online banks, hotel and ticket booking sites, some media outlets, online encyclopedias and various other resources. Head of Roskomnadzor Alexander Zharov, the share of encrypted traffic in RuNet is 30%. Internet companies also gave their estimates on this matter at different times: from 50 to 80%.

No keys

“In modern implementations of applications for encrypted communication, the keys are held by the interlocutors, and not by the company providing the service. That is, to begin with, the implementation of this point is technically impossible,”

— Vladimir Gabrielyan, vice president and technical director of Mail.Ru Group, told Gazeta.Ru.

Artem Baranov, the leading virus analyst at ESET, agrees with this and explained to Gazeta.Ru that a number of instant messengers (for example, Viber and WhatsApp) have recently introduced end-to-end encryption - this means that access to forwarded messages has Only the user and private keys are simply not stored with them. A similar technology works in secret Telegram chats.

A representative of Mail.Ru Group recalled that limiting the secrecy of citizens' correspondence is the prerogative of the judiciary and such a decision is made in relation to a specific person. “In the case of transferring certificates that allow traffic to be decrypted, the privacy of all users’ correspondence is essentially limited,” he added.

The Russian Association of Electronic Communications (RAEC), which is the main lobbyist for Internet business in Russia, warned that

the document jeopardizes the confidentiality of communications and carries enormous risks of leaks of confidential information.

The organization notes that most encryption standards do not provide for storing user keys, meaning that messages cannot be decoded without changing the algorithm. At the same time, when changes are made, cybersecurity risks arise.

At the same time, these measures will not affect the availability of encryption tools for attackers, RAEC emphasized.

Another negative consequence is that Russian companies will be placed in unequal conditions. The bill applies to all users, which may violate the laws of other countries and Russia's international obligations. Foreign enterprises may refuse to comply with these requirements in Russia, since they contradict their legislation. Other states may present similar requirements for the disclosure of keys to Russian corporations.

“The adoption of the bill in its current form may lead to the departure of a large number of players from the Russian market and the general degradation of the Internet industry,”
- stated in RAEC.

The organization’s position went unnoticed, despite letters sent to the presidential administration, the Ministry of Telecom and Mass Communications, the State Duma and the Federation Council.

Subscribers will pay for operators

When adopting the bill, deputies also did not take into account the opinions of telecom operators regarding the storage period for the content of voice calls, transmitted messages and media files. By replacing the initially proposed three years with six months, the State Duma did not reduce the potential burden on telecom market players. At the same time, according to the document, data on the facts of message transmission will be stored for three years.

“Implementation of the provisions of the bill will cost telecom operators several trillion rubles. Naturally, such exorbitant and ineffective business burdens will have a catastrophic impact on the entire economy in the telecommunications sector,” Megafon said.

“If the amendments come into force, operators will certainly have to raise tariffs for subscribers in order to maintain business,”

— says the operator’s representative.

Yota PR Director Olga Alekseeva agrees with this: “The likelihood that these costs will be offset by increasing the cost of services for the end user is very high.”

According to preliminary estimates from VimpelCom (Beeline brand), about 200 billion rubles will be required to comply with the requirements of the law at the first stage. Such investments can not only negatively affect the operators’ economy, but even reduce it to zero.

“It is already obvious that the adoption of the bill could lead to a slowdown in the pace of network development and to a significant increase in tariffs for communication services,” VimpelCom warned.

MTS representative Dmitry Solodovnikov told Gazeta.Ru that

Now, in principle, there is no equipment that can ensure the collection and storage of voice information in accordance with the requirements of the bill. And its creation will put the industry on the brink of collapse.

Thus, enormous expenses will be required for the purchase of equipment, the construction of new data center buildings, the purchase of software licenses, the strengthening of data transmission networks, the creation of a system for “receiving” and “outputting” traffic for storage, as well as indexing systems, traffic analysis and access systems to this data. Costs could amount to several trillion rubles.

“It is important that if operators incur costs of this level, they will not be able to develop the network for subscribers: build base stations, expand fixed-line networks, which,

taking into account the high growth rates of traffic, it can lead to degradation of the quality of head communications, interruptions in SMS delivery or the inability to access the Internet,”
- said the operator's press secretary.

Tele2 declined to comment. Rostelecom press secretary Andrey Polyakov previously announced that the operator welcomes the reduction in traffic storage periods to six months.

Gabrielyan also agrees with representatives of the Big Three: “Storing not only facts, but also data for six months will require gigantic investments from telecom operators and information dissemination organizers, which will lead to an inevitable increase in prices for communication services in the country.”

But even without taking into account the rise in communication prices, the law puts any user and subscriber in the uncomfortable position of always being suspected of some kind of offense. All messages and calls made via mobile phone or Skype will be recorded, saved and analyzed in case of any questions from the intelligence agencies. The same applies to any correspondence without encryption. Even for any law-abiding citizen, such a measure looks dubious, and the “anti-terrorism package” itself completely violates constitutional law citizens of Russia to the secrecy of correspondence.

An RBC source close to one of the Troika operators reported that it is not only MegaFon that is not immediately deploying a system for storing information according to the Yarovaya Law throughout the country. He noted that the introduction of SORM-2 (designed for monitoring Internet activity) in the 2000s and SORM-3 (for storing metadata - for example, who called whom, when) since 2014 also did not occur simultaneously.

What does the “Yarovaya Law” prescribe?

A package of anti-terrorism amendments, known as the Yarovaya Law, was adopted in July 2016. Among other things, it ordered, from July 1, 2018, telecom operators and organizers of the dissemination of information on the Internet (ORI, these include email services, instant messengers, social networks and other Internet platforms on which users can exchange messages) to store records for up to six months calls, message contents and other user communications. The storage period for metadata was increased for operators to three years, and for ORI - up to a year.

The law stipulated that the timing and volume of information that must be stored should be clarified by the government. In April, a corresponding decree was published regarding telecom operators: they must store text messages and call recordings for six months from the date of “the end of their reception, transmission, delivery and (or) processing.” For operators that provide data transmission services (Internet providers), the storage period will be 30 days starting from October 1, 2018. For the next five years, companies must annually increase the capacity of “technical storage devices” (equipment on which Internet traffic will be stored) by 15%. On Tuesday, June 26, the government approved a decree establishing the storage period for recordings of conversations and correspondence for ORI: as for telecom operators, it is six months.

But documents with technical requirements for equipment that should be used to store information have not yet been adopted. In particular, as a representative of Rostelecom stated, the state operator has not yet included in its budget the costs of complying with data storage requirements within the framework of the law. “Despite the fact that the Russian government’s decree on storage periods has already been published, to estimate costs it is necessary to wait for the release of documents with equipment requirements,” he noted. A spokesman for the operator did not respond to questions about whether they would begin complying with the law on July 1.

According to Sergei Soldatenkov, this [unapproved equipment requirements] is an “ambiguous situation,” but the contents of the documents will not come as a surprise to operators, since there are drafts of these requirements. MegaFon is based on past experience, when in 2013 the so-called MNP principle (mobile number portability, the ability to save your phone number when changing mobile operator) was adopted. RBC). The regulatory legal acts clarifying it were adopted two days before it came into force. “We were all standing on our heads for two to three months preparing for them and didn’t want to go down that route. Therefore, six months [before the requirements of the “Yarovaya Law” came into force], certain tests of solutions and storage schemes were carried out. If there are any changes in the requirements that will be adopted, our suppliers are ready to change their solutions to suit them,” Soldatenkov said.

The main question remains unresolved: what responsibility will operators and Internet companies bear for failure to comply with the requirements of the Yarovaya Law? However, according to Soldatenkov, even if such documents had already been approved, the state would be unlikely to punish the operator. “If we say that we are going according to plan, then I don’t think there will be any complaints. The question on the part of the state is not to punish the operator, but to make sure that it is possible to ensure the storage of data,” he explained.

According to the head of commercial practice at the BMS Law Firm, Denis Frolov, MegaFon and other operators must, even in the absence of regulations, comply with the requirements of the law; the acts only “specify the law.”

Expensive speed

In 2016, the expert working group “Communications and Information Technologies” under the Russian government predicted the costs of operators for storing data under the Yarovaya Law at 5.2 trillion rubles. However, later the estimates were adjusted several times. In the spring of 2018, MTS required the required amount of 60 billion rubles. for the next five years - 35-40 billion rubles, - 45 billion rubles.

According to the CEO of Linxdatacenter in Russia (provider of communication services and data centers) Olga Sokolova, the amount of storage costs really depends on what SORM configuration and requirements for equipment manufacturers will be approved in the documents. She noted that so far the company has not observed a particular surge in requests in connection with the Yarovaya Law. “So far, no one knows in what form the state will ask market participants to implement the requirements of the law. It would be one thing if a phased procedure was adopted, say, over three years. A completely different scenario if full compliance needs to be achieved in, say, several months,” says Sokolova. She expects the situation to clear up after July 1.​

Law-abiding foreigners

The general director and chairman of the board of directors of the international Orange group, Stéphane Richard, told RBC that the company follows the provisions of the law in any country in which it operates, and from July 1 is ready to comply with the requirements of the Yarovaya Law. “In Europe we understand the terrorist threat, especially in France. After the events of 2015, we began to cooperate more closely with the authorities,” he noted. The company has not disclosed how much it has spent preparing to comply. However, the head of Orange Business Services (Orange division) in Russia, Richard van Wageningen, explained that given the fact that the company operates here only in the b2b segment and has a limited number of corporate clients, the costs were small.

In July 2017, the Internet Research Institute (IRI) released a report in which it indicated that the “Yarovaya Law” of the GDPR (General Data Protection Regulation), which came into force in the European Union in May 2018. The III indicated that, according to the GDPR, in order to store information about the facts of user communication, there must be appropriate confirmation from the intelligence services. If Russian operators store information about foreigners on their servers without the consent of the user and provide this data to Russian law enforcement agencies without a court order, European law will be violated, the report said.

However, according to an Orange representative, the company sees that it can comply with the requirements of both laws to the extent that they apply to it. He noted that from the point of view of the GDPR, a company, in the course of providing services, is a “processor” (an individual or legal entity, government agency, institution that processes personal data on behalf of the “operator” - the one with whom the agreement for data processing was concluded). “It is also important to note that issues related to national security are excluded from the scope of the GDPR, and the Yarovaya Law refers specifically to this area, as follows even from the official name,” the Orange representative said.

On July 1, Russians closely followed football, and then uncontrollably celebrated our football team reaching the quarterfinals of the World Cup. On this day, many of us probably emotionally discussed the past game, but how many thought that these conversations were recorded? For another six months, our screams, sobs, words of pride and gratitude will be stored on the servers of mobile operators - even if we forget about them the next day.
The thing is that on the same day as the match with the Spaniards, another, less noticeable event occurred: the final part of the once sensational “Yarovaya package” came into force. Why this law gave rise to a wave of discontent, whether it will revolutionize the Russian Internet (and perhaps the whole of Russian life) and what you now need to know before sending a message - we will tell you about all this in our material.

What did they put in this “package”?

The Yarovaya Law was first discussed back in April 2016. Then the State Duma deputy from United Russia, Irina Yarovaya, and the now half-forgotten senator from the same party, Viktor Ozerov, submitted to parliament a package of amendments supposedly designed to protect citizens from terrorism. Some provisions of the bill turned out to be so radical that they were removed from the final version: for example, it was proposed to deprive those convicted of terrorism of citizenship and prohibit the departure from the country of people who have not expunged their convictions under articles for extremism.

The bill caused a huge public outcry. A petition against its adoption on the change.org portal collected more than 600 thousand signatures, and on the official website of the ROI, in less than a month, the 100 thousand votes necessary for consideration of the appeal by the Open Government were collected. A series of protest rallies took place across the country, and Internet industry experts announced a real disaster that awaits RuNet if the law is adopted. Ordinary users did not stand aside - the ill-fated package became the reason for mocking videos and many memes.

Don't make any noise!

Nevertheless, the law passed 3 readings in the State Duma, received approval from the Government and the Federation Council, and on July 7 of the same year the last bastion fell - it was signed by Russian President Vladimir Putin. Most of the amendments came into force in less than 2 weeks – on July 20. Among them:

• Criminal punishment for “failure to inform,” justifying terrorism on social networks, “inducing” mass riots, introducing an article for “international terrorism”;
• Increasing the terms of punishment for “extremist” articles, reducing the age of responsibility for them to 14 years;
• Carriers checking any parcels for the presence of prohibited items;
• A ban on missionary work for unregistered organizations and a ban on preaching outside churches, cemeteries and other specially designated places;
• Providing so-called “encryption keys” of data to law enforcement agencies by court order.

The most heated debates erupted regarding the clause on storing user traffic. Initially, it was planned to store calls, messages, metadata about them (that is, information about made calls and messages) and all Internet traffic for 3 years. However, it turned out that this requirement is impossible to fulfill - there are no such capacious servers in the world, Russia does not produce enough electricity to power them, and implementation costs were estimated at five trillion rubles (for comparison, in 2015 the entire Internet industry earned 1.7 trillion rubles , and the income of the Russian federal budget amounted to 14.7 trillion rubles). As a result, it was decided:

• From July 1, 2018, store all telephone calls, SMS messages and metadata about them for six months;
• From October 1 of the same year, telecom operators will store correspondence, video and audio files and personal data of users for a month. Every year the shelf life must be increased by at least 15%, gradually increasing it to six months.

How will Yarovaya's law affect our lives?

But what does the new law promise for ordinary people like you and me? First of all, when talking about it, they remember the rise in price of the Internet. The first confirmations appeared already in June of this year: most Russian providers raised prices by an average of 10%. The operators presented this in a veiled manner: they say that we are increasing not only prices, but also the speed on your tariff. Considering that data storage will need to be increased annually by law, such indexing will apparently become commonplace. In addition, you need to be prepared for a gradual increase in price or the abolition of unlimited tariffs: after all, it is the volume of our traffic that costs operators a pretty penny.

A significant increase in postage prices was also predicted. According to Russian Post calculations, equipping all of its 42 thousand branches with special X-ray units for the required inspection of parcels would cost half a trillion rubles. As a compromise, the carrier offered to accept all parcels in an open video, but this still would not solve the problem of delivering goods from abroad: no one will (or at least should not) open the box with a phone sent from China. As a result, the provision on inspection of shipments has been in effect for two years, and the internal rules for forwarding neither Russian Post nor other private companies have changed significantly. In fact, the law is simply not enforced.

However, the rise in prices for services is far from the only negative consequence of the Yarovaya package. In June, the Russian company MFI-soft (previously it produced equipment for Roskomnadzor) presented prices for certified data centers for operators. The cost of a server that allows storing the traffic of 7-8 thousand subscribers was estimated at 37 million rubles. In fact, this is several annual revenues collected from such subscribers. And if large federal operators with other sources of income can still find this money, then small regional providers simply have nowhere to take such an amount at once. Foreign analogues of equipment are also prohibited by law. In fact, this could mean the ruin of small providers and monopolization of the market, in which large operators will buy up their subscriber base from local ones. Such a scenario will make our Internet one step closer to the Chinese one: several large operators are much easier to control, especially if you suddenly need to disconnect the Russian segment of the Internet from the world one.

Finally, the Yarovaya Law affected the operation of some services in Russia. Now, any company that uses any encryption protocol in its application will be required, by a court decision, to provide the security authorities with a certain “key” that will allow them to gain access to correspondence and other user data. It was this provision of the law that became the reason for blocking the Telegram messenger in Russia (by the way, do not forget to subscribe to our “blocked” channel). Moreover, representatives of the service were even ready to provide the FSB with the very correspondence of terrorism suspects, but the intelligence services needed precisely the “keys.” In general, you know the continuation of the story.

So, what should we do now?

We should not delude ourselves that the Yarovaya Law is needed only to ensure our safety. The fight against extremism is understood very broadly by our security forces. For example, single mother Ekaterina Vologzheninova received a year of compulsory labor for VKontakte posts supporting the Ukrainian military. Engineer Andrei Bubeev was sentenced to two years and three months in a penal colony for two reposts of opposition articles. And blogger Ruslan Sokolovsky, who played Pokemon Go in the temple, was added to the list of terrorists and extremists, and all his bank accounts were blocked. In general, there is reason to think about how to avoid ending up in such a situation.

Even during the discussion of the Yarovaya bill, many providers spoke about the uselessness of the transferred data - they say that 80% of the traffic on the network is encrypted anyway, and it will only take up space. It's true. Most modern websites (including ours) operate using the secure https protocol. If you go to such a site, the provider will only be able to find out that you are connected to it - and that’s all. No one will know that you are reading this particular article and not choosing a scooter for your child.

But if you want no one to even know what sites you visit, and all your traffic is encrypted, you should use a VPN. In this case, Comrade Major will only see that you connected to a server somewhere in the Netherlands or Hong Kong. In addition to encrypting traffic, VPN has another important advantage - it will allow you to use services and sites blocked in Russia (Telegram, again). There are a lot of VPN services on the market, most of them are very inexpensive, and some are even free; We will tell you about their types and features in a separate article (very soon).

However, a VPN will not save you if the FSB demands access to your data from a third-party company, and not from the provider. The so-called “Information Dissemination Organizers” from the Roskomnadzor register must also store your data for six months. This list contains:

• "In contact with";
• "Classmates";
• Mail.Ru services (mail, cloud, etc.);
• Yandex (mail and cloud);
• less popular services and sites.

If you use any products from the ARI registry, be prepared for the fact that, by a court decision, your files and correspondence will end up in the hands of the intelligence services. Perhaps you should use these services more carefully and not trust them with any personal information; This also applies to phone calls and SMS. Or it makes sense to abandon such resources in favor of those that are not yet in the registry: Google, Facebook, Viber and others.

Your correspondence will be completely safe if you use a messenger with end-to-end encryption: this technology allows you to transfer data to your interlocutor’s phone, bypassing the company’s servers. This function is implemented, for example, in WhatsApp, secret Telegram chats and VKontakte calls.

In general, Mrs. Yarovaya and the Russian authorities are greatly increasing our Internet literacy and even instilling an important habit: we also need to protect ourselves on the Internet. For this, it’s probably even worth thanking them. And by the way, we will tell you a lot more interesting and useful things about technology in Russia and around the world, so subscribe to the Zen channel, Telegram channel and the Inspector Gadgets newsletter!