FSB approved the procedure for obtaining encryption keys from Internet services
Keys should be provided to the FSB on magnetic media or by email
On a rainy day for Russia on July 7, 2016, along with the signing of the Yarovaya Amendment Package , President Putin instructed the government to pay attention to the application of the law “on liability for the use of unapproved means on communications networks and (or) when transmitting messages on the information and telecommunication network coding (encryption) ”, as well as“ development and maintenance by the authorized body in the field of security of the Russian Federation of the register of organizers of the distribution of information on the Internet, etc. delivering on the request of authorized agencies the information necessary to decode the received, sent, delivered, and (or) the processed e-mails in case of additional coding. "
The FSB was instructed to approve the procedure for certification of encoding means when transmitting messages on the Internet, to determine the list of means to be certified, as well as the procedure for transferring encryption keys to the authorized body in the field of ensuring state security. This is necessary so that special services can receive keys and decrypt HTTPS traffic and other encrypted user data, if necessary. This measure is taking effect now, that is, one and a half years before the entry into force of the norm on the mandatory storage of all traffic for up to six months.
On August 12, 2016, the Federal Security Service of the Russian Federation issued order No. 432dated 07/19/2016 No. 432 “On approval of the Procedure for the submission of information by the organizers of the dissemination of information on the Internet information and telecommunication network to the Federal Security Service of the Russian Federation for decoding received, transmitted, delivered and (or) processed electronic messages from users of the information and telecommunication network "The Internet"".
This order establishes the procedure for obtaining encryption keys from owners of servers and other Internet services. The procedure is quite logical and simple.
1. The organizer of the dissemination of information on the Internet network transmits information for decoding on the basis of a request from an authorized unit signed by the head (deputy head).
2. The request is sent by registered mail with a receipt of receipt.
3. The request indicates the format and address for providing information for decoding.
4. Information is transmitted on magnetic media by mail or e-mail. Alternatively, it is possible to coordinate with the FSB the access of specialists to information for decoding.
The Organizational and Analytical Department of the Scientific and Technical Service of the Federal Security Service of the Russian Federation has been appointed the FSB authorized division for obtaining encryption keys.
For reference, magnetic media include magnetic disks, magnetic cards, magnetic tapes and magnetic drums.
If the server owner refuses to provide the key needed to decrypt HTTPS or other encrypted traffic, a million rubles fine may be imposed on it.
Even before the publication of a specific key transfer procedure, representatives of some Internet companies expressed doubt about the possibility of enforcing the law regarding the transfer of encryption keys. They say that when using the HTTPS protocol, encryption keys cannot be technically stored.
But, as they say, the problems of the Sheriff Indians do not care. The procedure is established - it must be followed.