Russia’s internet providers have asked the Kremlin to introduce changes to the new sovereign internet law to better protect user data, the RBC news website reported Tuesday.
At a meeting with government officials last week, the country’s top telecoms firms highlighted loopholes in the controversial legislation which could give third parties access to swathes of customers’ personal data, including IP addresses and browsing history, the paper said.
Specifically, the networks said there are no legal protections to stop the companies who will operate special equipment which they are required to install into their networks from accessing, collecting and potentially selling Russian internet users’ data.
As part of the sovereign internet law which came into force on Nov. 1, all internet providers are required to install so-called deep packet inspection (DPI) tools. The DPI technology will be provided by state telecoms watchdog Roskomnadzor and will be able to re-route traffic — potentially cutting off the Russian internet from the global system — and block access to banned websites.
The networks are concerned that the manufacturers of the DPI technology and equipment will also gain access to the data of Russian internet users passing through the network, and have suggested a new legislative ban to prohibit third parties from accessing the information.
“The operators are not responsible for this equipment and, at the same time, there are no requirements on the manufacturer of the equipment with regards to data security,” Karen Kazaryan, chief analyst at the Russian Association For Electronic Communications, told RBC.
Despite the law already having come into force, Russia still lacks the necessary equipment for full implementation. So far, the technology has been tested in Russia’s Urals region, and authorities have a deadline of January 2021 for a nationwide roll-out.