Russia Orders LinkedIn's Service To Be Blocked, Supposedly For Failing To Store Personal Data Locally

from the think-globally,-act-locally dept

Mon, Nov 21st 2016 3:24am — Glyn Moody

Techdirt has written plenty of stories about Vladimir Putin's increasingly harsh clampdown on Internet freedom. But, like China, Russia is still coming up with new ways to tighten its control. One is the legal requirement that the personal data of Russian citizens must be stored on Russian soil. Now, a US company has fallen afoul of that 2015 law:

Russia's communications regulator [Roskomnadzor] ordered public access to LinkedIn's website to be blocked today (17 November) to comply with a court ruling that found the social networking firm guilty of violating data storage laws.

According to the EurActiv story, the ban is being put in place immediately:

LinkedIn's site will be blocked within 24 hours, the Interfax news agency cited Roskomnadzor spokesman Vadim Ampelonsky as saying. One internet service provider, Rostelcom, said it had already blocked access to the site.

What's curious is that LinkedIn is not the only US company to have flouted Russia's data localization law: both Google and Facebook have also ignored it. A post on NBC News suggests the following is the reason for that discrepancy:

A spokesman for the [Roskomnadzor] watchdog had earlier said that LinkedIn was punished for alleged leaks of user data, Russian media reported.

Information about 120 million LinkedIn user accounts was stolen in 2012, the attack reportedly blamed on Russian hackers.

Irrespective of the messy details of the LinkedIn case, requirements that personal data must be stored locally are likely to become an increasingly hot topic. Already, the EU is unwilling to finalize the Trade in Services Agreement (TISA) in part because of US demands that it should include unrestrained data flows -- something that could be illegal under EU privacy laws if applied to personal information.

With the person who will soon run the CIA keen on expanded government spying powers, it is almost certain that the current Privacy Shield framework, which allows the personal data of EU citizens to be sent to the US, will be struck down by the Court of Justice of the European Union. If that happens, the only way companies like Google, Facebook -- and LinkedIn -- would be able to operate in the EU would be to store their data on the continent. If they fail to comply, they won't be blocked, as in Russia, but they could be hit with a fine of up to 4% of their global turnover.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data hosting, localization, russia, tisa
Companies: linkedin, microsoft

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Vikarti Anatra (profile), 21 Nov 2016 @ 4:10am

It's arleady blocked several days ago.
[ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 4:26am

Easy to comply...
It's easy to comply: store the data encrypted in Russia, have the operations done in California. Then get some auditors to verify your setup.
[ link to this | view in chronology ]
- That One Guy (profile), 21 Nov 2016 @ 5:18am
  
  Re: Easy to comply...
  Unfortunately that wouldn't necessarily solve the problem that's the stated purpose of such laws: Keeping the USG's hands off of the data of foreign people. Remember that the USG has argued in court that if any part of a company is located in the US then it can be ordered to provide data located in different countries, so long as it's under the same 'parent' company.
  
  So sure the data may be stored in Russia, but that wouldn't prevent the USG from demanding that the US-based part of the company provide it if such was demanded via court order.
  [ link to this | view in chronology ]
  - Ninja (profile), 21 Nov 2016 @ 5:41am
    
    Re: Re: Easy to comply...
    It would actually solve the problem since the data is stored locally as the law demands. However, this would only spawn new laws to deal with the encryption parts.
    
    That the US has shot themselves in the foot repeatedly with the illegal mass surveillance is another story. The Kremlin (and many others, including those within the EU) are just using this as an excuse for greater control and surveillance on their own citizenry. So basically the US has done more harm to freedom than any other country could have.
    [ link to this | view in chronology ]
Richard M (profile), 21 Nov 2016 @ 4:40am

I hate to sound pro Russian but....
You can not really blame Russia, the EU, and other countries from not wanting all the info on their citizens stored in the US.

Even ignoring the getting hacked aspect of the situation the US Govt has shown that it does not care about privacy at all and is more than willing to scoop up any and all information within reach regardless of what any law or the Constitution says.
[ link to this | view in chronology ]
- That One Guy (profile), 21 Nov 2016 @ 5:13am
  
  Re: I hate to sound pro Russian but....
  I don't see it as blame so much as 'This is a hassle for companies and can create problems. What would have taken one database for people from any country now requires one per country, located in that country, increasing costs to the point that it might not even be viable to offer service there.'
  
  Not wanting the USG to have easy access after they've made it clear that they are absolutely not to be trusted with such makes perfect sense to be sure(though it's important to remember that the countries involved tend to be just as bad), but it does make things difficult for the companies to comply, potentially preventing services that might have otherwise existed.
  [ link to this | view in chronology ]
  - Anonymous Coward, 21 Nov 2016 @ 5:20am
    
    Re: Re: I hate to sound pro Russian but....
    Storing locally only solves part of the problem, as a full copy of the database on US soil, or simply copying straight to Bluffdale renders such laws moot.
    How long before some countries simply ban US companies from operating within their jurisdiction.
    [ link to this | view in chronology ]
    - That One Guy (profile), 21 Nov 2016 @ 5:35am
      
      Re: Re: Re: I hate to sound pro Russian but....
      Quite possible, between politicians trying to demonize and destroy encryption and the spy agencies grabbing everything they can get their hands on with no restraint, they certainly seem to be doing everything they can to undermine and destroy the US tech sector and drive any such developments and companies overseas into other countries.
      [ link to this | view in chronology ]
    - That One Guy (profile), 21 Nov 2016 @ 5:37am
      
      Re: Re: Re: I hate to sound pro Russian but....
      Bah, and of course I think of the perfect header for that comment immediately after I click submit...
      
      'We must destroy the US tech sector in order to protect it from those in other countries that would seek to destroy it'
      [ link to this | view in chronology ]
      - Anonymous Coward, 21 Nov 2016 @ 7:11am
        
        Re: Re: Re: Re: I hate to sound pro Russian but....
        > 'We must destroy the US tech sector in order to protect it from those in other countries that would seek to destroy it'
        
        'Sometimes you must destroy a village in order to save it'.
        [ link to this | view in chronology ]
  - crade (profile), 21 Nov 2016 @ 11:58am
    
    Re: Re: I hate to sound pro Russian but....
    I think proper the solution to this problem is to establish a minimum international privacy standard, then change the wording of your laws from "data stored [transferred, etc, etc] locally" to "data stored [transferred, etc, etc] in locations adhering to these minimum privacy standards.
    
    This would remove any protectionism and still accomplish the goal of ensuring citizens privacy.
    [ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 5:59am

I don't see a problem here
The US, and much of Europe too, has shown a great propensity to mine every piece of data everywhere. So any one country distrusting the rest is to be expected. Governments of the "free world" are to blame and yet somehow expected to "fix" the problem. The problem they created.
[ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 6:45am

LinkedIn broke Russian computer laws?
Considering that the US expects other countries to extradite their citizens to the US for breaking US computer laws, I wonder if the US would extradite a US citizen to Russia for breaking Russian computer laws.
[ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 10:46am

Regardless of the thought process behind Russia's moves, the writing is on the wall about data storage in the future. It's also not just the US engaging in heavy handed practices and sweeping mass snooping. Other European powers are enacting similar rules for domestic and international spying as well. The UK recently passed an incredibly intrusive spy bill. The French have been engaging in domestic spying for years already. You're going to see arguments on both sides of the fences, pro-surveillance and pro-privacy, proposing and enacting laws to keep citizen data local and under local jurisdiction both to enable local oversight for whatever reason and to ostensibly hinder international interference.
[ link to this | view in chronology ]
DSchneider (profile), 21 Nov 2016 @ 11:51am

Local Copy

Information about 120 million LinkedIn user accounts was stolen in 2012, the attack reportedly blamed on Russian hackers.

So what you're saying is the data IS already stored locally, they just want an updated copy.
[ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 12:16pm

(We seem to have similar concerns, so I'm pinning my own comment to yours, fellow Coward.)

Not to detract from the details noted in this article, which I find interesting, I consider the bigger story here to be the forces driving data localization requirements---what exactly are they? I suspect the driving forces are unlikely to dissipate any time soon, so it is important to understand them well.

While in search of that understanding, it would be unfortunate to allow the narrative to be entirely hijacked or diverted by nationalistic propaganda (in its many variants, American, Russian, Chinese, etc), or partially masked by considering only the interests of huge service providers (Microsoft, Google, Facebook, etc).

Can peer-to-peer networks provide solutions consistent with these predictable localization requirements? Is my suspicion correct, that the Big-Boy interests noted above might be hostile to any that might arise?

Just wondering.
[ link to this | view in chronology ]
Anonymous Coward, 21 Nov 2016 @ 6:18pm

Microsoft has resisted this in court ,the doj says it should be able to acess email stored in servers in
microsofts irish headquarters .
IS it not reasonable for the eu to ask that an person in the eu should have data stored on a eu server ,
that is not easily acessed by the nsa or other american government employees .
I,m sure facebook can afford to build servers in the eu.
it,s an accident of history that most big tech companys
are us based .
[ link to this | view in chronology ]
Anonymous Coward, 22 Nov 2016 @ 12:09am

The DOJ will reap what it has sown. Hell, even my DNS server is located out of country. I use tor and a VPN on most occasions but do have a few dead social site accounts. If you want to take me out Mr. President your predator drone won't be able to find my phone signal, maybe use AWACS or a satellite, or possibly your mob connections, I will make you earn it. When all is said and done the internet will become obsolete. Thanks.
[ link to this | view in chronology ]