Features of the interaction of hosting companies with law enforcement agencies in different countries
Over the past few years, there has been a tendency to migrate Russian projects to the west and often in discussions we see the already classic rules for successful business on the Internet, in particular, saying "Do not post a project in the Russian Federation, do not use .ru and .рф domains." We will tell about the situation from the inside, through the eyes of the host / registrar, based on the experience of large hosting companies, both Russian and foreign.
Each order from law enforcement comes in the form of an official request. There are several delivery channels: bring in person, send by fax, by post or email. Of course, everyone needs an answer yesterday at best. Therefore, the standard practice is to send the answer by fax as soon as possible, and send the original answer on paper with all seals separately by registered mail.
Requests come from various structures, but most often it is the Ministry of Internal Affairs (department K) and the FSB. Sometimes a precinct comes. His task is only to collect information and decide where to transfer the case.
An interesting pitfall - requests are sometimes faked. A rather useless action, because usually a request comes from known addresses / numbers and any changes in this scheme immediately raise doubts about the reliability. It is not difficult to check - there is a contact person from each organ. Nevertheless, fakes still occur. One of the possible goals is to illegally find out information about the owner or even block his resource.
There are several types of requests, with varying degrees of headache for the hoster. The most painless is a simple request for information about the site owner.
Usually they ask for the name, passport data, ip from which the account was registered and the hosting administration, electronic wallet numbers. Less often they ask for more advanced logs, even less often - duplicate all mail to some mailbox, often on a free service. Amounts of payments do not interest anyone.
A request can be made both quite competently and very confusingly, in the latter case you have to call, specify what exactly is required.
Problems begin when a resource is asked to block. This is a unique, distinctive scenario for the Russian Federation. Cases, of course, are different, child porn, for example, most hosters block automatically without any requests, according to the first complaint from anyone who requests it.
But this is a rare case.
You’ll probably remember the offensive high-profile cases of blocking completely legal resources yourself - an attempt to block one well-known file hosting because of a single file or remove the domain name of a popular torrent tracker from delegation, and suspend a large historical resource due to one book.
According to the Federal Law on Communications, article 64 , paragraph 3:
“Suspension of the provision of communication services to legal entities and individuals is carried out by telecom operators on the basis of a reasoned decision in writing of one of the leaders of the agency conducting operational-search activities or ensuring the security of the Russian Federation, in cases established by federal laws. ”
The list of bodies is regulated by a separate Federal Law "On the operational-search activity", chapter 3, can be found here .
Another of the unpleasant features is that you need to attach evidence to the case and in the worst case, in view of illiteracy and intractability, the whole server will be asked. And in the worst - no one will warn in advance. At this point, you can immediately say goodbye to expensive equipment, returns are more likely an exception. And if we are talking about a shared hosting server with hundreds of sites? Or a cloud hoster, what exactly to withdraw? The consequences, unfortunately, few people care about.
In fairness, most of these requests will have a copy of the site on a disc, but the exceptions are painfully well-known and sad.
If the hoster is not Russian, you can act through the domain name, because All registrars of .ru, .РФ domains must be residents of the Russian Federation.
There were incidentally curious cases involving the seizure of server equipment on the territory of the Kurchatov Institute. Imagine a classic mask show - guys with machine guns are famously unloaded from the car and enthusiastically withdraw the entire data center, come to the entrance. It should be noted that the territory of the institute is well guarded and there they are met by even more armed fighters and asked if they recorded for today. The guys are here for the first time, they are not familiar with local politics and, naturally, they shrug their hands in surprise. The next day, they arrive by appointment, but with a much more relaxed mood, because the effect of surprise is reduced to zero.
It is believed that only illegal projects leave for Europe. But even if they live in peace there, then why not move to a regular, legal, Internet business? What is the reason for the growing popularity of foreign hosting?
The main difference is that, at the whim of law enforcement agencies, not a single resource can be blocked or deleted. Infringing copyrights or even posting child pornography? Of course, this is also illegal in Europe, but all that you are asked to do is to remove illegal content in a reasonable amount of time. A policeman will not even be able to get your personal data without an appropriate court request.
There are differences in the seizure of equipment, it occurs only in case of detection of the botnet's control centers and then subject to the availability of clear evidence from technically competent specialists. All servers will be returned to the owner after a few days of examination.
Paradise for lawyers also has its own characteristics.
The request here is called the boot , it is sent by fax + original by mail. Usually the essence of the request is the data of the site owner. After 9/11, the state has the right to request any information, but there is also a key difference - you can appeal the mandatory response and refuse to provide data if there is a rational basis for such a refusal. In this case, the case is transferred to court and most likely he will take the side of the state, but what a precedent!
Closing and suspension of resources also occur only by court order. There can be no arbitrariness of a single police officer in principle.
So, the main risks of placement in the Russian Federation are, of course, not the chaos characteristic of the 90th, but rather technical illiteracy, a lack of understanding of the consequences and unwillingness to make concessions. Imagine a cloud hoster who came to seize servers. Or an even simpler case - virtual hosting, databases and mail are moved to separate servers. What should be removed in this case? How to explain this technical architecture and all the attendant problems if it’s not techies, but artists with machine guns who come?
With the level of technical literacy, in fairness, it’s bad not only in the Russian Federation. Awareness of the hosting specifics of judges and lawyers abroad also often suffers. There are, however, pleasant exceptions, in America - this is California. But in any case, technical ignorance abroad is compensated by the level of adequacy, the absence of resource locks and the desire to deal with causes and effects.
Russia
Each order from law enforcement comes in the form of an official request. There are several delivery channels: bring in person, send by fax, by post or email. Of course, everyone needs an answer yesterday at best. Therefore, the standard practice is to send the answer by fax as soon as possible, and send the original answer on paper with all seals separately by registered mail.
Requests come from various structures, but most often it is the Ministry of Internal Affairs (department K) and the FSB. Sometimes a precinct comes. His task is only to collect information and decide where to transfer the case.
An interesting pitfall - requests are sometimes faked. A rather useless action, because usually a request comes from known addresses / numbers and any changes in this scheme immediately raise doubts about the reliability. It is not difficult to check - there is a contact person from each organ. Nevertheless, fakes still occur. One of the possible goals is to illegally find out information about the owner or even block his resource.
There are several types of requests, with varying degrees of headache for the hoster. The most painless is a simple request for information about the site owner.
Usually they ask for the name, passport data, ip from which the account was registered and the hosting administration, electronic wallet numbers. Less often they ask for more advanced logs, even less often - duplicate all mail to some mailbox, often on a free service. Amounts of payments do not interest anyone.
A request can be made both quite competently and very confusingly, in the latter case you have to call, specify what exactly is required.
Problems begin when a resource is asked to block. This is a unique, distinctive scenario for the Russian Federation. Cases, of course, are different, child porn, for example, most hosters block automatically without any requests, according to the first complaint from anyone who requests it.
But this is a rare case.
You’ll probably remember the offensive high-profile cases of blocking completely legal resources yourself - an attempt to block one well-known file hosting because of a single file or remove the domain name of a popular torrent tracker from delegation, and suspend a large historical resource due to one book.
According to the Federal Law on Communications, article 64 , paragraph 3:
“Suspension of the provision of communication services to legal entities and individuals is carried out by telecom operators on the basis of a reasoned decision in writing of one of the leaders of the agency conducting operational-search activities or ensuring the security of the Russian Federation, in cases established by federal laws. ”
The list of bodies is regulated by a separate Federal Law "On the operational-search activity", chapter 3, can be found here .
Another of the unpleasant features is that you need to attach evidence to the case and in the worst case, in view of illiteracy and intractability, the whole server will be asked. And in the worst - no one will warn in advance. At this point, you can immediately say goodbye to expensive equipment, returns are more likely an exception. And if we are talking about a shared hosting server with hundreds of sites? Or a cloud hoster, what exactly to withdraw? The consequences, unfortunately, few people care about.
In fairness, most of these requests will have a copy of the site on a disc, but the exceptions are painfully well-known and sad.
If the hoster is not Russian, you can act through the domain name, because All registrars of .ru, .РФ domains must be residents of the Russian Federation.
There were incidentally curious cases involving the seizure of server equipment on the territory of the Kurchatov Institute. Imagine a classic mask show - guys with machine guns are famously unloaded from the car and enthusiastically withdraw the entire data center, come to the entrance. It should be noted that the territory of the institute is well guarded and there they are met by even more armed fighters and asked if they recorded for today. The guys are here for the first time, they are not familiar with local politics and, naturally, they shrug their hands in surprise. The next day, they arrive by appointment, but with a much more relaxed mood, because the effect of surprise is reduced to zero.
Europe (on the example of the Netherlands)
It is believed that only illegal projects leave for Europe. But even if they live in peace there, then why not move to a regular, legal, Internet business? What is the reason for the growing popularity of foreign hosting?
The main difference is that, at the whim of law enforcement agencies, not a single resource can be blocked or deleted. Infringing copyrights or even posting child pornography? Of course, this is also illegal in Europe, but all that you are asked to do is to remove illegal content in a reasonable amount of time. A policeman will not even be able to get your personal data without an appropriate court request.
There are differences in the seizure of equipment, it occurs only in case of detection of the botnet's control centers and then subject to the availability of clear evidence from technically competent specialists. All servers will be returned to the owner after a few days of examination.
USA
Paradise for lawyers also has its own characteristics.
The request here is called the boot , it is sent by fax + original by mail. Usually the essence of the request is the data of the site owner. After 9/11, the state has the right to request any information, but there is also a key difference - you can appeal the mandatory response and refuse to provide data if there is a rational basis for such a refusal. In this case, the case is transferred to court and most likely he will take the side of the state, but what a precedent!
Closing and suspension of resources also occur only by court order. There can be no arbitrariness of a single police officer in principle.
Total
So, the main risks of placement in the Russian Federation are, of course, not the chaos characteristic of the 90th, but rather technical illiteracy, a lack of understanding of the consequences and unwillingness to make concessions. Imagine a cloud hoster who came to seize servers. Or an even simpler case - virtual hosting, databases and mail are moved to separate servers. What should be removed in this case? How to explain this technical architecture and all the attendant problems if it’s not techies, but artists with machine guns who come?
With the level of technical literacy, in fairness, it’s bad not only in the Russian Federation. Awareness of the hosting specifics of judges and lawyers abroad also often suffers. There are, however, pleasant exceptions, in America - this is California. But in any case, technical ignorance abroad is compensated by the level of adequacy, the absence of resource locks and the desire to deal with causes and effects.