White list of Roskomnadzor: conclusions and losses

You have probably already read about the “white list” (the next white one, more precisely) of Roskomnadzor . In addition to Roskomsvoboda, the publication vc . There are more than 2000 positions in it .

I have studied this document and here are a few disappointing conclusions that I want to share:

1. Yandex, Vkontakte, ivi , Telegram - not a complete list of resources that suffer due to an ill-conceived blocking system. Of course, I especially want to highlight the Wiki, because there will obviously be problems with it more than once again. By the way, on vc and Roskomsvoboda they already joked about * .google. * - and this again confirms this fear.
   
   
2. The list is very long, but there is one obvious pattern in it: the absence of patterns. Russia is not the largest country (if we take the Runet, and not the area of ​​geography), but at the same time the domains of state and municipal bodies and institutions are so different in format - that it’s amazing: here there are publicized domains in the zone.rf. (for example, indigestible - http: //мкра.рф/ ); and domains of the format http://mcx-ra.ru/ (in Adygea they generally like mysterious domains, aren't they?) or here http://szn24.ru/ . Guess the first time - what and what is it, to put it mildly, difficult. However - more on that below.

Another detail that immediately catches your eye is domains with www and without it: let's say - as in Figure 1.

Fig. 1



Perhaps for a second you thought that the details mentioned above are not significant , but this is not so: for the devil and the salt of questions are always in them, in nuances.

I will explain.

The fact is that all three points prove the following:

1. For many years, the state (aka public authority) has been violet about how the Runet is filled, how it functions, and most importantly, how it generally develops in terms of the interaction of power structures and citizens themselves. There was a need - they began to "clamp" the sites all: ministries, departments and other structures of the organization of officials. At the same time, the unsystematic nature of such an approach ultimately led to the fact that for ordinary citizens it is still not clear whether this is a state (municipal) site or, nevertheless, a scam. Wouldn't it be easier to introduce one gov.ru zone and, say, region.ru or something like that for everyone? Are there any cases of phishing and other types of fraud in this vein? Yes. But more about that next time.
2. Further - because of such a messy approach, many commercial sites very often and very much suffer losses without noticing it themselves. An example is below.
3. Finally, whitelisting is a storehouse of information for those who like to search:
4. affiliated companies (with whom and why - I will not explain);
5. sites that can be used as doorways with the understanding that they will not be blocked for sure;
6. and much more for what.

But for now - about the losses.

Not so long ago the habrozhitel - nelsh addressed to me . Here is his post on how the TTK blocks sites that should not be blocked - https://habrahabr.ru/post/328768/ .

From the comments on this publication, as well as correspondence with nelsh, I came to the conclusion that illegal and unjustified blocking occurs for the following reasons :

1. Incorrect provider configuration
2. The “Inspector” system , which, in principle, is not 100% properly trained to work (so you can understand what I mean, read this post here : there’s no point in repeating it).
3. "Adequate ways of countering" an attack on the DNS blocked Internet resource "in Roskomnadzor no ': the ILV has already written about the fact that the approach has changed, but the WHO - and now on one wheel stands still in the same place.

The problem described belongs precisely to the TTK (in particular, Irkutsk, the Far East, Krasnodar, Rostov-on-Don : either else , and also here , here , or here - in general, I hope that there are enough proofs). How it looks technically - you can see here .

Fig. 2


At the same time, I quote: “TTC at the backbone level blocks randomIPs that are not listed in the registry (it’s evident just because other IPs for blocked domains are being detected, and someone is trolling / or CDN). As a result, random sites do not open. Of the last major ones that have been noticed - Uniquiti sites, service domains EVE Online, Ingress - the truth is that they all sit on CDN. Recently, the IP Github.com pair was blocked, with all the consequences - the github stupidly didn’t open for several hours, but it wasn’t very massive ... Not everyone who goes through the TTK is blocked, apparently depends on the features of the provider’s connection with the TTK. ”

I, as a lawyer, are very concerned about this question : after all, sooner or later, taking into account how the Runet develops, this can affect everyone. In addition, there are now many prerequisites for an “unrighteous struggle”:

1. China is squeezing AKIT and its ilk, which means that AKIT will hit harder and harder ... no, not in China, but in the IP and LLC in Runet.
2. The lock itself and its mechanism is just a storehouse for abuse.
3. In addition, more or less large players (Internet providers, mobile operators, etc.) are happy to try to please and this, as we see, only spoils everything.

For objectivity, I’ll say that there are cases when locks, on the contrary, help the business, even if indirectly .

Of course, sue the state. organs - an ungrateful affair: long, expensive, but ends not like Lebedev’s, but without an “o”. But suing providers is possible and necessary. And not only to sue, but to fight in all other legal ways. Otherwise, all this will begin to resemble a big top circus.

Of course, not the last role in this is played by the Law No. 1102471-6 adopted on February 10, 2017 on amendments to the Code of Administrative Offenses of the Russian Federation regarding the establishment of liability of telecom operators. It reads as follows (Article 13.34 in the sense): “failure by a telecom operator that provides services to provide access to the information and telecommunication network“ Internet ”,“ obligations ”to restrict or resume access to information, access to which should be limited or renewed based on information received from the federal executive body that exercises control and supervision functions in the field of communications, information technology and mass communications. ”

I note that there are already significant cases of fines, for example:

1. Decree of April 20, 2017 in case No. 5-206 / 2017
2. Definition from May 17, 2017
3. Resolution of May 19, 2017 N 06AP-2217/2017

What can and should be used to protect your rights?

Firstly, there is Art. 15 of the Civil Code of the Russian Federation - damages: real damage + loss of profit. The formula is simple, but you can still prove the real damage (for example, if your customers write to you that the site was unavailable at such a time and you prove that it was due to a provider / ILV error), but the lost profit - Already much more difficult. Let's say a person wanted to buy a phone for 20,000 rubles. You have lost them. In addition, they lost another purchase of 18,000 and a possible profit of 2,000 the next. And yes, if one of the lawyers tells you the opposite (what to prove is “easier than a steamed turnip) - do not believe it :). In addition, you can search for losses:

1. in case the transitions were on an advertising campaign;
2. by affiliate links;
3. other paid sources.

Secondly, art. 152 of the Civil Code of the Russian Federation - protection of business reputation. Here it is still more complicated with Russian courts than with Art. 15 and its attendants. But nevertheless, when the provider unlawfully blocks you, he thereby disseminates information that your site (a resource on the Internet, in principle) is blacklisted and thereby potential customers, as well as regular customers, are misinformed, and as a result, word of mouth, especially if you have a local spill or regional project, it can do even more harm than just the lack of purchases due to the pseudo block. To make you understand the seriousness of this - a list of off-site ILV locks:

1. Child pornography, drugs, and suicide information
2. Extremist Information
3. Information of a pornographic nature (except for child pornography)
4. Defamation on the Internet

Thirdly, Art. 1 of the Civil Code of the Russian Federation - never forget about it. For example, even in the Decree of the Presidium of the Supreme Arbitration Court of the Russian Federation dated November 23, 2010 No. 6763/10 in the case No. A53-6358 / 08 (Bulletin of the Supreme Arbitration Court of the Russian Federation. 2011. No. 3) it was stated: “Arbitrary interference of anyone in private affairs is not allowed ”, In addition, arbitration courts often turn to this (a running example Decision of the Krasnoyarsk Territory Administrative Court of November 3, 2010 in case No. A33-12455 / 2010):“ the key is the concept of private business as the activity of a citizen or legal entity (as a private individual) , based th on the private interest in the application of private law. " This will be even more complicated than paragraph 1 and paragraph 2.

I do not indicate other norms, because cases must be considered individually (if there is, send, we will consider together).

For lawyers practicing especially, all three points are obvious, but for most, they are a priori losing. For entrepreneurs - not obvious, but even more losing. But still - my position in life is that it is important and necessary to defend our interests: the more often and better everyone will do it, the faster we will get a working system as a result. The choice is definitely yours .

For my part, I continue to insist that every law should go through a long stage of discussion: whether it’s online cash desks , online messengers , electronic money , online tradingor something else. Otherwise, after a quick adoption “from above”, we have many technical, organizational, legal and other holes that do not allow these laws to function normally.

Again - to someone this truth will seem common, but, judging by the latest trends, it, unfortunately, is not.

So far, everything - in the second part I will try to make out an example with the TTK and the promised above - separately and from a different angle.

PS Mini-selection of materials on illegal ILV locks and / or providers:

1. https://geektimes.ru/post/287714/ - EVE Online
2. https://rublacklist.net/29059/ - about how they are trying to deal with this
3. Of course, the best selection of those who specialize in this: my personal thanks to them for this work.
4. Fenders of the format “senility grew stronger”
5. And this is not a (completely, but nevertheless on) topic, but beautiful statistics .

UPD - for those who are not in the know:

Roskomnadzor sent recommendations to telecom operators on some technical aspects of blocking illegal information on the Internet. An incorrect DNS resolution, which is carried out by individual communication operators when blocking Internet pages with illegal information, occurs when the telecom operator independently determines The IP address of the restricted Internet resource.

In this case, as a result of the actions of the attackers, redundant blocking at certain providers may result in respectable sites whose data are not available in the Roskomnadzor upload to telecom operators.The recommendations of Roskomnadzor are dictated by the interests of users and are aimed at eliminating excessive blocking of respectable resources.

In particular, when the telecom operator independently determines the IP address of a prohibited Internet resource, it is recommended for providers to check whether popular and socially significant sites and their IP addresses are blocked.

Recommendations to telecom operators on the implementation of blocking prohibited information.

A systematic solution to the problem lies in the normative assignment to Roskomnadzor of the right to determine the method of blocking by the telecom operator.

UPD Well, the restless ILV continued this epic ... by blocking Google (however, the TTK - again in place: more precisely - not on that).