Features of the interaction of hosting companies with law enforcement agencies in different countries
Over the past few years, there has been a tendency of migration of Russian projects to the west and often in the discussions we see the already classic rules of successful business on the Internet, in particular, saying “not to place a project in the Russian Federation, not to use .ru and . domains”. We will tell about the situation from the inside, through the eyes of the hoster / registrar, based on the experience of major hosting companies, both Russian and foreign.
Each instruction from law enforcement agencies comes in the form of a formal request. There are several delivery channels: they are delivered in person, sent by fax, by mail or by email. Of course, the answer to all is needed yesterday at best. Therefore, the standard practice is to send a reply by fax as soon as possible, and send the original reply on paper with all the seals by registered mail separately.
Requests come from various structures, but most often it is the Ministry of Internal Affairs (Department K) and the FSB. Sometimes a precinct comes. His only task is to gather information and decide where to transfer the case.
An interesting caveat - requests are sometimes faked. A rather useless action, because usually the request comes from known addresses / numbers and any changes in this scheme immediately raise doubts about the authenticity. It is not difficult to check - there is a contact person from each organ. Nevertheless, fakes still occur. One possible goal is to illegally find out information about the owner or even block his resource.
')
There are several types of requests, with varying degrees of headache for a hoster. The most painless - a simple request for information about the owner of the site.
Usually they ask for the full name, passport data, ip from which the registration of the account was made and the hosting administration, the numbers of electronic wallets. More rarely, more extended logs are requested, and even less often, duplicate all mail to a mailbox, often on a free service. Amounts of payments are of no interest to anyone.
A request can be drawn up quite competently, and very confusing, in the latter case you have to call, specify what is required.
Problems begin when a resource is asked to block. This is a unique, distinctive scenario for the Russian Federation. Cases, of course, are different; child porn, for example, most hosters block automatically without any requests, on the first complaint from anyone who applies.
But this is a rare case.
Offensive loud cases of blocking completely legal resources, you probably also remember yourself - an attempt to block one known file sharing service from one file or to remove the domain name of a popular torrent tracker from a delegation, to suspend a large historical resource because of one book.
According to the Federal Law on Communications, Article 64 , paragraph 3:
“The suspension of the provision of telecommunications services to legal entities and individuals is carried out by telecom operators on the basis of a reasoned decision in writing of one of the heads of the body carrying out operational investigative activities or ensuring the security of the Russian Federation, in cases established by federal laws.”
The list of bodies is regulated by a separate Federal Law "On Operational-Search Activity", Chapter 3, you can read it here .
Another of the unpleasant features - you need to attach evidence to the case and in the worst case, in view of illiteracy and intractability, the entire server will be asked. And at the very worst, no one will even warn in advance. At this point, you can immediately say goodbye to expensive equipment, returns are more likely an exception. And if we are talking about a virtual hosting server with hundreds of sites? Or hoster cloudy, what exactly to withdraw? The consequences, unfortunately, few people care.
In fairness, most of these requests will be enough copies of the site on the disc, but the exceptions are painfully well-known and sad.
If the hoster is not Russian, you can influence through the domain name, because All registrars of domains .ru, . must be residents of the Russian Federation.
There were also some funny cases with the withdrawal of server hardware on the territory of the Kurchatov Institute. Imagine a classic mask show - the guys with guns to the edge of the famously unloaded from the car and full of enthusiasm to withdraw the entire data center, come to the checkpoint. It should be noted here that the territory of the institute is well guarded and even more armed fighters meet them there and ask if they are recorded today. The guys are here for the first time, they are not familiar with local politics and, naturally, are surprised with their hands for help. The next day, they come by appointment, but with a much more calm mood, for the effect of surprise is reduced to zero.
It is believed that only illegal projects are leaving for Europe. But even if they live in peace there, then why not move to a regular, legitimate Internet business? What is the reason for the growing popularity of foreign hosting?
The main difference is that at the whim of law enforcement agencies, no single resource can be blocked or deleted. Violating copyright or even posting child pornography? Of course, it is illegal in Europe, too, but all you are asked to do is remove illegal content within a reasonable time. A police officer will not even be able to get your personal data without a corresponding court request.
There are differences in the seizure of equipment, it occurs only in the case of detection of the monitoring centers of the botnet, and then subject to the availability of clear evidence from technically competent experts. All servers will be returned to the owner after a few days of examination.
In a paradise for lawyers, too, has its own characteristics.
The request here is called Sapina , it is sent by fax + original by mail. Usually the essence of the request is the data of the site owner After 9/11, the state has the right to request any information, but there is a key difference here - you can appeal the mandatory response and refuse to provide data if there is a rational basis for such refusal. In this case, the case is transferred to the court and most likely it will take the side of the state, but what a precedent!
Closure and suspension of resources also occur only by court order. There can be no arbitrariness of a single policeman in principle.
So, the main risks of placement in the Russian Federation are, of course, not chaos, characteristic of the 90th, but rather technical illiteracy, lack of understanding of the consequences and unwillingness to make concessions. Imagine a cloud hoster, which came to the seizure of servers. Or even a simpler case - shared hosting, database and mail are moved to separate servers. What then to withdraw? How to explain this technical architecture and all related problems, if not technicians come, and performers with machine guns?
With the level of technical literacy, justice for the sake of, it is bad not only in the Russian Federation. Awareness of hosting specifics among judges and lawyers abroad also often suffers. There are also pleasant exceptions here, in America this is California. But in any case, technical ignorance abroad is compensated by the level of adequacy, the absence of resource locks and the desire to deal with causes and effects.
Russia
Each instruction from law enforcement agencies comes in the form of a formal request. There are several delivery channels: they are delivered in person, sent by fax, by mail or by email. Of course, the answer to all is needed yesterday at best. Therefore, the standard practice is to send a reply by fax as soon as possible, and send the original reply on paper with all the seals by registered mail separately.
Requests come from various structures, but most often it is the Ministry of Internal Affairs (Department K) and the FSB. Sometimes a precinct comes. His only task is to gather information and decide where to transfer the case.
An interesting caveat - requests are sometimes faked. A rather useless action, because usually the request comes from known addresses / numbers and any changes in this scheme immediately raise doubts about the authenticity. It is not difficult to check - there is a contact person from each organ. Nevertheless, fakes still occur. One possible goal is to illegally find out information about the owner or even block his resource.
')
There are several types of requests, with varying degrees of headache for a hoster. The most painless - a simple request for information about the owner of the site.
Usually they ask for the full name, passport data, ip from which the registration of the account was made and the hosting administration, the numbers of electronic wallets. More rarely, more extended logs are requested, and even less often, duplicate all mail to a mailbox, often on a free service. Amounts of payments are of no interest to anyone.
A request can be drawn up quite competently, and very confusing, in the latter case you have to call, specify what is required.
Problems begin when a resource is asked to block. This is a unique, distinctive scenario for the Russian Federation. Cases, of course, are different; child porn, for example, most hosters block automatically without any requests, on the first complaint from anyone who applies.
But this is a rare case.
Offensive loud cases of blocking completely legal resources, you probably also remember yourself - an attempt to block one known file sharing service from one file or to remove the domain name of a popular torrent tracker from a delegation, to suspend a large historical resource because of one book.
According to the Federal Law on Communications, Article 64 , paragraph 3:
“The suspension of the provision of telecommunications services to legal entities and individuals is carried out by telecom operators on the basis of a reasoned decision in writing of one of the heads of the body carrying out operational investigative activities or ensuring the security of the Russian Federation, in cases established by federal laws.”
The list of bodies is regulated by a separate Federal Law "On Operational-Search Activity", Chapter 3, you can read it here .
Another of the unpleasant features - you need to attach evidence to the case and in the worst case, in view of illiteracy and intractability, the entire server will be asked. And at the very worst, no one will even warn in advance. At this point, you can immediately say goodbye to expensive equipment, returns are more likely an exception. And if we are talking about a virtual hosting server with hundreds of sites? Or hoster cloudy, what exactly to withdraw? The consequences, unfortunately, few people care.
In fairness, most of these requests will be enough copies of the site on the disc, but the exceptions are painfully well-known and sad.
If the hoster is not Russian, you can influence through the domain name, because All registrars of domains .ru, . must be residents of the Russian Federation.
There were also some funny cases with the withdrawal of server hardware on the territory of the Kurchatov Institute. Imagine a classic mask show - the guys with guns to the edge of the famously unloaded from the car and full of enthusiasm to withdraw the entire data center, come to the checkpoint. It should be noted here that the territory of the institute is well guarded and even more armed fighters meet them there and ask if they are recorded today. The guys are here for the first time, they are not familiar with local politics and, naturally, are surprised with their hands for help. The next day, they come by appointment, but with a much more calm mood, for the effect of surprise is reduced to zero.
Europe (on the example of the Netherlands)
It is believed that only illegal projects are leaving for Europe. But even if they live in peace there, then why not move to a regular, legitimate Internet business? What is the reason for the growing popularity of foreign hosting?
The main difference is that at the whim of law enforcement agencies, no single resource can be blocked or deleted. Violating copyright or even posting child pornography? Of course, it is illegal in Europe, too, but all you are asked to do is remove illegal content within a reasonable time. A police officer will not even be able to get your personal data without a corresponding court request.
There are differences in the seizure of equipment, it occurs only in the case of detection of the monitoring centers of the botnet, and then subject to the availability of clear evidence from technically competent experts. All servers will be returned to the owner after a few days of examination.
USA
In a paradise for lawyers, too, has its own characteristics.
The request here is called Sapina , it is sent by fax + original by mail. Usually the essence of the request is the data of the site owner After 9/11, the state has the right to request any information, but there is a key difference here - you can appeal the mandatory response and refuse to provide data if there is a rational basis for such refusal. In this case, the case is transferred to the court and most likely it will take the side of the state, but what a precedent!
Closure and suspension of resources also occur only by court order. There can be no arbitrariness of a single policeman in principle.
Total
So, the main risks of placement in the Russian Federation are, of course, not chaos, characteristic of the 90th, but rather technical illiteracy, lack of understanding of the consequences and unwillingness to make concessions. Imagine a cloud hoster, which came to the seizure of servers. Or even a simpler case - shared hosting, database and mail are moved to separate servers. What then to withdraw? How to explain this technical architecture and all related problems, if not technicians come, and performers with machine guns?
With the level of technical literacy, justice for the sake of, it is bad not only in the Russian Federation. Awareness of hosting specifics among judges and lawyers abroad also often suffers. There are also pleasant exceptions here, in America this is California. But in any case, technical ignorance abroad is compensated by the level of adequacy, the absence of resource locks and the desire to deal with causes and effects.
Source: https://habr.com/ru/post/129621/
All Articles