Russian Lawmakers Move to Be Able to Ban Use of VPNs and Similar Access Tools

by Latham & Watkins LLP
Contact

Russia has adopted a new law further toughening the country’s Internet-blocking regime and introducing a number of restrictive measures applicable to intermediaries providing access to blocked websites, IT networks, and information resources (hereinafter, “Blocked Websites”).

The relevant provisions of Federal Law No. 276-FZ dated July 29, 2017 (the “Anonymizers Law”), came into force on November 1, 2017.

Due to the vague wording and ambiguities, the enforcement of and practice on the Anonymizers Law will likely be complicated.

Background

In 2012, Federal Law No. 307-FZ was adopted (the “Law on Blocking Websites”), which established a Russian register of Blocked Websites (the “Register”) maintained by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications (Roskomnadzor).

Pursuant to the Law on Blocking Websites:

  • Websites containing information the dissemination of which is illegal in Russia (such as pornography, information about drugs, suicide, racism, copyright violations, etc.) must be included into the Register following a short remedy period, during which a website owner may remove all relevant information from the website and avoid the inclusion.
  • If the website is included into the Register, access to it from the territory of Russia must be blocked.The scope of the Law on Blocking Websites only extends to blocking access to websites containing the prohibited information and does neither prohibit nor restrict any software or hardware allowing to get access to Blocked Websites and serving as an intermediary between users and Blocked Websites (such software or hardware, the “Access Tools”). As a result, users could in practice visit Blocked Websites and the Russian authorities could do nothing about it.

The scope of the Law on Blocking Websites only extends to blocking access to websites containing the prohibited information and does neither prohibit nor restrict any software or hardware allowing to get access to Blocked Websites and serving as an intermediary between users and Blocked Websites (such software or hardware, the “Access Tools”). As a result, users could in practice visit Blocked Websites and the Russian authorities could do nothing about it.

Restrictions Imposed by the Anonymizers Law

The Anonymizers Law:

  • Prohibits the provision of the Access Tools for the purposes of granting access to the Blocked Websites.
  • Establishes the Federal Government Information System of Access Tools which contains a list of Blocked Websites (the “System”).
  • Imposes upon the owners of Access Tools an obligation to connect to the System at Roskomnadzor’s request.
  • Prohibits search engines to display results containing links to or information about the Blocked websites.

The Access Tools

The Anonymizers Law does not contain a clear definition of the notion of “Access Tools,” and, if this notion is interpreted broadly, the prohibition could capture:

  • Any resources containing lists of VPN services, such as app stores (e.g., App Store, Google Play, Microsoft Store)
  • Program platforms, such as operating systems and their technical portals describing VPN configuration (e.g., Apple support and Microsoft support portals)
  • Internet browsers offering built-in ways to bypass locks or with a turbo mode function (e.g., Opera, Google Chrome, Safari)
  • Social networks and instant messengers through which lists of VPN-services and instructions for their configuration are distributed, etc.

The Anonymizers Law provides for an important exclusion, pursuant to which the regime does not apply to an Access Tool, if:

  • the group of users of such Access Tools is predetermined by their owners; and
  • such Access Tools is used for technological purposes of maintaining operations of the legal entity using such tools

are not subject to any restrictions. This exception excludes, among other things, VPNs used for remote access for employees.

Rights and obligations of Access Tools Owners, Search Engines and ISPs

If Roskomnadzor believes that there are Access Tools granting access to Blocked Websites:

  • It must, in the absence of information about the owner of the Access Tools on its website, submit a notice to the relevant hosting provider requesting such hosting provider to (i) send to Roskomnadzor the information about the owner of the Access Tools; and (ii) notify the owner of the Access Tools of the necessity to publish such information on the website.
  • As soon as Roskomnadzor has acquired the information about the owner of the Access Tools, it must send a notice to the owner requesting the owner to connect to the System (the procedure of this shall be established by the Government separately).
  • The owner of the Access Tools must connect to the System within 30 business days from the date of such notice.
  • After the owner of the Access Tools has connected to the System, Roskomnadzor will have the technical possibility to assess whether the relevant Access Tools are used to get access to Blocked Websites from the territory of Russia and prohibit/block it, if it does.

If Roskomnadzor believes that a search engine disseminating advertising aimed at consumers located in the territory of Russia displays results containing information about Blocked Websites:

  • It must send to the operator of such search engine a notice requiring it to connect to the System.
  • The search engine must, three days after getting access to the list of Blocked Websites, cease displaying search results containing information about Blocked Websites.
  • The Anonymizers Law does not expressly provide for the obligator to “censor” the search results until the receipt of the request.

Failure to comply with the prohibition to provide access to Blocked Websites or refusal/failure to connect to the System may result in the blocking of the Access Tools within the territory of the Russian Federation. An Access Tool may be unblocked, only if the owner of such Access Tool has complied with the requirements to prohibit access to the Blocked Websites and notified Roskomnadzor (in form and substance satisfactory to Roskomnadzor) accordingly.

The Anonymizers Law does not specifically provide for other types of liability. The Anonymizers Law (as currently in force) does not establish any other liability for the “owners” of the Access Tools. It does not establish any liability for the end users, who take benefit from “illegal” use of Access Tools.

The extent, to which the Anonymizers Law will affect Russian Internet usage, remains unclear, but global observers will likely follow progress keenly.

This post was prepared with the assistance of Albert Galliamov in the Moscow office of Latham & Watkins.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Written by:

Latham & Watkins LLP
Contact
more
less

Latham & Watkins LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.