Insights

New Russian Legislation on Massive Telecoms Surveillance

New Russian Legislation on Massive Telecoms Surveillance

In June 2016, the Russian Parliament adopted Federal Law "On Amendment of the Federal Law 'On Counterterrorism' and Related Laws of the Russian Federation Establishing Additional Counterterrorism and Public Security Measures" ("Amendments"). These Amendments have a number of provisions affecting the technology sector.

The Amendments also introduce changes to Russian legislation related to telecommunications and the internet—specifically, Federal Law No 126-FZ "On Telecommunications" dated July 7, 2003 ("Telecom Law") and Federal Law No 149-FZ "On Information, Informational Technologies and Protection of Information" dated July 27, 2006 ("Information Law"). Changes in the legislation proposed by the Amendments for the Telecom Law and Information Law require Russian communications service providers ("CSP") and "facilitators of information dissemination on the Internet" ("FIDI") to store in Russia all information on their customers' and internet users' communications and messages for specified periods. Article 10.1(1) of the Information Law defines "FIDI" as "a person who operates information systems and/or computer software designed or used for receiving, transmitting, delivering and/or processing of Internet users' electronic messages." The definition of FIDI in the Information Law includes messaging service providers, public email service providers, social media, blogging, news and other platforms, and IP-telephony providers. The Russian Federal Service for Supervision of Communications, Information Technology and Mass Media maintains a register of FIDIs.

The Amendments require CSPs to keep all metadata information on customers' communications and messages (i.e., "information on receipt, transmittance, delivery and/or processing of voice data, texts, pictures, sounds, video- or other types of messages") for three years. FIDIs are mandated to maintain an archive data on internet users and their communications and messages for one year. Article 10.1(3) of the Information Law prescribes FIDIs to keep archived data for a six-month period, while CSPs do not have this obligation. Article 64(1) of the Telecom Law imposes a general obligation on CSPs to disclose any data to Russian law enforcement authorities upon their request.

The Amendments impose an additional obligation on CSPs and FIDIs to retain the content of customers' and internet users' communications and messages (in addition to metadata) for up to six months. The procedure, retention periods, and scope of the retained content are not specified and are to be further determined by the Russian government in special regulations.

The Amendments also require FIDIs that use encryption for electronic messaging services and/or provide encryption functionality to internet users to disclose relevant decryption tools to the Russian Federal Security Service. Failure to comply with these requirements may lead to administrative fines of up to 1 million rubles (approximately US$15,500).

CSPs and FIDIs will thus experience significant financial and organizational burdens, and compliance risks, under the Amendments. It is expected that both the scope of data archiving and mandatory retention periods for CSPs and FIDIs would increase dramatically. In addition, the Amendments prohibit encryption unless decryption tools are provided to the Russian Federal Security Service, thus potentially affecting adoption of these services by the public.

The Amendments were approved by the Duma (the lower chamber of the Russian Parliament) as well as by the Federation Counsel in late June 2016 and signed by President Putin on July 7, 2016. The current timeline for implementation is from July 2016 through July 2018.

Lawyer Contacts

For further information, please contact your principal Firm representative or one of the lawyers listed below. General email messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com/contactus/.

Sergei Volfson
Moscow
+7.495.648.9200
svolfson@jonesday.com

Mauricio F. Paez
New York
+1.212.326.7889
mfpaez@jonesday.com

Undine von Diemar
Munich
+49.89.20.60.42.200
uvondiemar@jonesday.com

Rémy Fekete
Paris
+33.1.56.59.39.39
rfekete@jonesday.com

Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our "Contact Us" form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.

We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.