Google Fined by Russian Telecom Authorities, Faces Potential Banishment from Country

I am not quite sure why this news isn’t making headlines here in the United States, but for the first time in history on December 12th 2018, Google was fined 500,000 rubles ($7,500 US) by the Russia’s telecom watchdog Roskomnadzor – with threats of even larger fines and even banishment from the country within the future. The fines were levied against Google for the companies refusal to comply with Russian law, requiring the tech giant to host servers inside the country whilst also complying with national blacklisting rules/protocols. These laws have been active since October 2018.

With that said however, Russian authorities still believe that not enough is being done to remedy the situation. Given that Google made $110 billion dollars in profit over the course of 2018 alone, Vadim Subbotin, deputy head of Roskomnadzor, said that this weeks fine was essentially a “mockery” of Russian law – putting pressure on Russian lawmakers to heavily increase these sorts of fines in the future. “If fines won’t have any effect on the behavior of the foreign company, there’s a possibility that the legislation will be changed, which will allow the blocking of Google in Russia” Subbotin said. Adding that “blocking will become the toughest possible measure, but would be justified considering the content of the banned websites that Google allows its users to browse freely. We’re talking about child pornography, suicides, drugs, gambling, alcohol sales. We’re talking about extremism and terrorism,” he explained.

At the present moment in time there are over 120,000 websites banned in Russia, including links to VPN service providers, cyber security companies, certain international news platforms and countless human rights organizations – among many others. New laws enacted by Russia’s legislature in October 2018 prohibit tech companies, such as Google, from linking to these banned website or allowing them to show in their search returns. This is also why Russia now requires all tech companies and data service providers operating in the country to host at least one data server locally in the country, as well as route their service/traffic through Government controlled databases implementing/controlling the National blacklist.

However, despite multiple meetings between representatives and Russian authorities over the last several weeks and months, Google refuses to filter their content to tailor specifically to Russian audiences and has yet to pay the fine. This is particularly interesting to note considering that Google has willingly done this exact sort of thing for other countries, such as China – a key Russian ally. In fact, just this week, a day before they were fined in Russia on December 11th 2018, Googles CEO Sundar Pichai was forced to appear in front of US Congress where he was heavily criticized for complying with National blacklist rules/laws inside China, deliberately blocking search results in order to comply with China’s “Great Firewall.” It remains uncertain why Google is willing to comply with laws in one country, but not the other.

Full Testimony of Sundar Pichai In Front of US Congress: https://judiciary.house.gov/wp-content/uploads/2018/11/Pichai-Testimony.pdf

Similarly, Facebook is also facing fines from Russian lawmakers in the future, with Roskomnadzor threatening to ban the service from the country altogether if the company doesn’t begin complying with Russian data hosting laws. Earlier this year, in November 2018, the Kremlin also made it illegal for active duty military personnel to own or operate Facebook accounts as it has since been discovered that the US military is currently using the service to wage “Psychological Warfare” against foreign troops serving abroad – faking or spoofing messages from loved ones back home to cause distress, despair or panic for Russian troops.

Interestingly enough, this is also something I have personally experienced after applying for political asylum in the Bahamas, with US authorities pretending to operate accounts belonging to people close to me from Colombia.

Lastly, as I was in the process of writing this article, news has just broke that Google‘s Iphone is now also facing a potential ban inside China after Chinese courts found the tech giant guilty of two Qualcomm software patent violations in the development of its product. This is particularly concerning for the company given that it is estimated Google sold over 50 million Iphones in China over the course of the last year alone.

Dutch Authorities Seize Encrypted IronChat Servers, Arrest Owners

Earlier this year I wrote an article explaining why country of origin is particularly important when either installing a security service or buying security products from an international company. In it, I explain how the Netherlands has recently lost the respect/trust of the cyber security community, essentially doing a complete 180 on their stance towards the cyber security industry over the course of the last 3 years – drastically cutting down on internet privacy/security companies operating out of their country. This includes the closing of Ghostmail servers in 2015 and the raiding/confiscation of servers belonging to Dutch VPN service providers in 2016.

Imagine my surprise then when I come across another headline this morning explaining how Dutch authorities have once again raided/confiscated the private servers of another security based company – Ironchat. In a press release made available to the public on November 6th 2018, Dutch authorities announced that they had arrested “a 46-year-old man from Lingewaard, and his partner, a 52-year-old man from Boxtel.” Explaining how police have already been able to decrypt the data, giving them access to over 258,000 chat messages sent across the server – revealing countless illegal activities and opening the door to numerous new investigations in the future.

For example, about the arrests in question, according to Aart Garssen, Head of the Regional Investigation Service in the Eastern Netherlands, “we rolled up a drug lab in Enschede. We have also found more than € 90,000 in cash in various campaigns, automatic weapons and large quantities of hard drugs (including MDMA and cocaine). In addition, we received an imminent retaliatory action in the criminal circuit of Twente. Four arrests have been made this morning. This brings the total number of arrests today to 14.” This is also just the tip of the iceberg, police have already indicated that the data uncovered today is only going to be “used to start new criminal investigations.

Unfortunately, there is no justifying the behavior of IronChat, their owners or what they used their encrypted service/servers for. As an outspoken and self proclaimed “privacy hawk,” it is just unfortunate to see another group of thugs soil the industries reputation. It only serves to undermine the trust of legitimate privacy/security companies trying to make a name for ourselves and do the right thing. Needless to say though, IronChat’s website and servers have been taken offline, and will remain offline permanently.

Fact-Sheet Prepared by Dutch Police:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/11/Netherlands.pdf”%5D

Data Servers, Country of Origin & Sound Cyber Security

The other day I sent out a “Tweet” and proceeded to lose 30% of my combined followers, literally overnight. The Tweet explained how the 53rd Street Library in New York City had expressed weariness over allowing me to instruct or teach lessons at their facility after coming to the realization I work with and source a great deal of my content through international partners. I had cracked the joke; “Rogue Security is getting the Kaspersky treatment? Must be moving up in the world?…

For those of you who might not be familiar with the backdrop or sarcasm expressed here, Kaspersky Lab has recently become one of the most polarizing names in cyber security dating back to the 2016 US Presidential election. This is because many people have come to believe that the Kremlin deliberately altered Russian Law in order to corrupt/compromise Russian based businesses, which Kaspersky is, into handing over confidential information relating to customer databases. Moreover, considering that Kaspersky Lab was one of the most widely utilized software developers purchased by US Government employees and contractors over the years, it is now believed that Kaspersky Lab itself was one of the key players behind the whole Russian hacking election fiasco – whether they voluntarily intended to be or not. For this very reason, dating back to December 2017, all Kaspersky products have since been banned on the Federal level and their software has been pulled off the shelves of stores including Staples and Best Buy – though their products still remain legal on the civilian level.

However, it must be noted that what the Kremlin did is nothing new. In fact, this practice has been employed by the United States Government for far longer. You might be surprised to know that it is 100% illegal for any computer, privacy or cyber security company based out of the US to refuse to hand over their data, servers or customer records to the US Government, provided those servers and data are stored within United States borders. Believe it or not, it is even illegal for US based businesses operating servers/companies overseas to refuse to hand over their data if requested by US authorities. While Microsoft is currently taking this obligation to the Supreme Court, throughout the course of 2016 and 2017 multiple lower courts have upheld the US Governments right to demand this information. Not only this, but the acting attorney General, Jeff Sessions, has also vowed to make unfettered end-to-end encryption illegal as long as he is in office.

Therefore, at least when it comes to your data privacy, claiming that “those Russians” are any better or any worse than “those Americans” is nothing more than farcical, and your information is no more protected in the hands of The White House than it is the Kremlin. So, no matter how strong your sense of Patriotism or Nationalistic pride may be, the fact of the matter remains that your computer isn’t more secure just because you buy from an American company. In fact, you might be surprised to know that multiple independent tests and studies have confirmed Kaspersky Lab is the most secure software platform for Windows based devices, and other studies list Microsoft’s own platforms as the worst. Moreover, there is a very real reason none of the world’s top privacy/security companies host their services inside US territories.

With that established, let’s take a closer look at some of the other most notable countries in the field of cyber security these days.

Dont Necessarily Buy Into The Swiss Hype

Over the course of the last 3-4 years one of the biggest trends I’ve noticed is all of the “hype” surrounding Switzerland and their world renown reputation for protecting business privacy and confidentially. Traditionally, Switzerland has acquired this reputation for protecting foreign investors within their banking systems. However, it must be noted that the same protections afforded/granted to the multi-billion dollar banking system are not necessarily extend to the cyber security industry, and you can bet your ass that you are never going to get the same level of privacy or protection from the Swiss Government for your $50 a year VPN connection or email account that an investor is going to get for their multi-million dollar bank account – get it? Any thought to the contrary is just, well, dumb – really.

For lack of a better term, in 2018 it is a generally known fact that many companies are simply trying “bank” on Switzerland’s historic reputation and turn it into a few extra dollars for their cyber security companies. This is not to say however that there are not some top notch countries currently operating out of Switzerland.

In fact, for the very laws as they now exist inside Russia, Eugene Kaspersky has vowed to move all of his companies servers out of Russia and into Switzerland to provide his customers with a greater level transparency in hopes of regaining their trust. Other companies such as ProtonMail and Tutanota also operate out of Switzerland and are two of cyber securities most trusted vendors. Many of the industry’s top VPN service providers also operate their servers out of Switzerland. As always though, do your research and just be weary/cautious of all new tech startups in the country.

Don’t Trust The Netherlands

The Netherlands really started to lose the trust of the cyber security community dating back to 2016, following the closing of GhostMail email servers and a series of raids on VPN service providers around the country. Dutch authorities have remained quite about their recent change of policy, but prior to 2016 the Netherlands was considered by many to be one of the worlds fastest growing and most trusted names in cyber security/digital privacy. Because of this, the underground hacking community has long since speculated that the Dutch Government was ultimately pressured to crack down on digital privacy providers following a joint effort undertaken by the US Federal Bureau of Investigation and European Police (EUROPOL), whom had essentially had enough of criminals and/or terrorists taking advantage of security platforms operated out of the country. Fast forward into 2018, while there are still a few legacy companies operating out of the country, almost all new startups know not to do business there.

In March of 2018 I personally reached out to GhostCom Ltd, the original founders of Ghostmail, for comment on their closing and the true extend of the operation undertaken by Dutch/International police, but their legal team has declined any comments to this day.

Belgium & Ecuador Offer The Strongest Privacy Protections In The World

Ecuador is world renown for protecting digital privacy, internet rights and international freedom fighters. This is not only evidenced by Julian Assanges continued political asylum, Ecuador has also granted asylum to some of the worlds most elite and dangerous hackers over the course of the last several decades. By now, it is a well known fact that the Government of Ecuador is willing to do more than almost anyone else to shelter/protect political activists and members of the digital underground, helping them to continue doing what they are do safely and securely. For example, despite all of the “hoopla” surrounding Wikileaks, the Ecuadorian Government actually controls 100% of Julian Assanges internet connectivity. Yet, have you ever heard of any one of Assanges sources being compromised over the years? That is also exactly my point. For all these reasons, Ecuador is considered one of, if not the most trustworthy country in the world when it relates to data privacy and cyber security related practices.

Belgium on the other hand has a legal system in place which ensures Government accountability and restricts potential abuses of privacy/authority. This is because every request, subpoena or warrant for information, data, servers and digital accounts made in Belgium must first be brought in front of a judge, officially in court, and proven to be valid or legitimate before any Belgium authorities can have access to it. In other countries such as the United States for example, Federal employees can simple print out a file document, sign your name onto it and automatically have the right to search your accounts – it’s literally that easy for them. For this very reason, Belgium is considered to be one the most trustworthy and accountable countries in the world to do cyber security business with, leading the way in terms of informational security. On a side note, if I was a betting man, I would expect to see many more privacy/cyber security companies start popping up all over Belgium throughout the course of the next 5-10 years, especially given all of the recent changes/overhauls to internet/data laws now being enforced by the European Union.

Colombia On The Up & Up?

This really has nothing to do with computer security, it’s just a growing trend you might have started to pick up on recently. Starting around 2015, first led by small time internet activists and Anonymous, more and more website owners across the world began shifting or creating new domains with .co – this was done for a multitude of reasons. First off, .co is often times much cheaper than .com domains. Second, it is becoming harder and harder to find an original, unique or appropriate .com domain for your business, third because more people associate the word “company” with .co instead of .com, and lastly, .co helps make your website that much more unique and stand out from the crowd – which can be an asset in today’s overcrowded online marketplace.

As for Colombia itself, I think the rise of the .co domain only helps the country look that much more innovative comparatively to the rest of the world, which is why the Colombian Government has never really pushed back on all the international vendors registering new domains through their country, including myself.