Reuter’s has reported that Russia’s President, Vladimir Putin, has signed a law to ban VPNs. Putin is following the lead set by China in trying to control what can and cannot be seen on the Internet. This is the latest step in restricting Internet freedoms for those inside Russia. It will also have a significant impact on Western countries doing business in Russia.
The law has already been passed by the Duma, the lower house of Parliament. It is due to come into effect on 1st November 2017. It bans the use of any technology that provides access to websites banned in the country. The two technologies most affected are VPNs and proxy servers. These allow users to access data without it being easily intercepted by third parties. It also hides the identities of those users from authorities looking to track Internet behaviour.
The main pretext for the law is the fight against terrorism. Russia says that these services are used by terrorists and criminals. However, they are also used by businesses and individuals to protect themselves against criminals stealing data.
It will concern many businesses whose employees travel to Russia to conduct business. They regularly require VPNs to protect commercially confidential information from being intercepted. They are also heavy users of encryption. With both technologies under attack, US travellers will have particular concerns. This is due to the increased rhetoric between the USA and Russia over sanctions.
VPNs were not the only target of Putin. He also signed another law that will force all social media sites to require a phone number for user accounts. Many already suggest that users provide one in order that they can recover their account if it is hacked. However, this move by Russia will make it mandatory and will remove the ability for people to use social media anonymously.
The two laws can be downloaded from the official Russian government website. Click here for the VPN law and here for the law on telephone numbers and other requirements. All files are in Russian and come as a PDF.
What does all this mean?
Country after country is locking down access to the Internet. Much of it is done to apparently protect citizens from terrorism. In reality this is a far more complex issue. There are many legitimate uses for secure communications, especially when travelling abroad. During the recent Olympics and World Cup in Brazil there was a significant surge in identity theft. This came due to the number of people accessing insecure Wi-Fi which was monitored by criminals and hackers.
Any representative of a company looking to win business overseas will be competing with local organisations. Their data is gold to a criminal. It could be their online credentials, bank account details or access to a company server.
Criminals are increasingly harvesting data to use in attacks such as Business Email Compromise. They use stolen information to persuade other people inside a business to send money supposedly to a supplier. By intercepting emails and stealing corporate credentials they can make emails appear legitimate. This type of attack is increasing and the costs to businesses are estimated to be in the millions.
As VPNs become banned then corporates MUST improve the level of encryption on local devices and all communications. It is also important that organisations such as financial institutions, hotels and retailers also improve their secure communications with customers. Without this, customers and employees are an easy target for criminals, hackers and others.