You have the right to anonymity. Part 3. Law enforcement struggle with anonymity tools

In the first two parts of our analytical work on the topic of anonymity in the Internet environment and the rights of citizens in network communications ( Part 1 , Part 2 ), we talked in general about the types of relevant digital rights of the new time, as well as about Russian legislation, which unfortunately, more and more do not stimulate the development of modern technologies and the interaction of all actors in the online environment, but, on the contrary, lead to their enslavement and leveling.



In this post we will talk about concrete practices of law enforcement of new regulations in Russia in this area.



When people cannot trust laws, they increasingly trust technology. Along with proxy servers, VPNs and the on-line Tor network are the most popular means of achieving anonymity on the network.

')

Public Wi-Fi



According to the Decree of the Government of the Russian Federation dated July 31, 2014 No. 758, all corporate clients are obliged to provide telecom operators that provide access to the Internet, information about persons using terminal equipment (lists of employees). In addition, the Government Decree of August 12, 2014 amended the rules for Internet access as part of the Universal Communication Service, the operator of this service. That is, for example, Rostelecom will have to collect user data - full name, details of the main identity document, as well as the amount of services rendered to it and time.



A little later , an explanation by the Ministry of Communications and a number of specialized lawyers appeared that in the case of providing free access to Wi-Fi and the lack of a operator’s license, the administrations of cafes, libraries, schools, parks and other public places with free Wi-Fi do not need to identify their users.



By the current law, responsibility for the lack of user identification is provided only for the telecommunications operator, who will not comply with the new rules. In March 2016, the Ministry of Communications proposed to supplement the Administrative Code with a new provision on imposing responsibility on the administration of legal entities and individual entrepreneurs for “violation of the procedure for identifying users of communication services for data transfer and providing access to the information and telecommunications Internet and the terminal equipment they use” (a fine for legal entities) . persons from 100 thousand to 200 thousand rubles), but the law was never adopted.



However, the nebula of the provisions of the Government's Decrees, and the absence of a legal obligation for non-operators to carry out user identification, did not prevent the prosecution authorities from starting their own practice and starting mass fines for owners of open Wi-Fi points. Back in 2015, the owners of restaurants and cafes began to fine according to part 2, article 6.17 of the Administrative Code of the Russian Federation, and also to make prosecutors regarding them to eliminate violations of the law. The formal reason is non-compliance with legislation on the protection of children from information harmful to their health and development. In addition, business owners are charged with non-compliance with the requirements of the Federal Law "On Countering Extremist Activities."



Toolkit and anonymizers



As reported in the text of the conclusion of the Ministry of Communications and Mass Media in the case of blocking the RosKomSvoboda page , the concepts of “anonymizer site” and “proxy server” are absent in the current legislation and their use is legally incorrect. “Anonymizer site” and “proxy server” are evaluative definitions of programs whose functionality allows you to bypass the blocking of sites. ”



However, prosecutors have their own understanding of what an “anonymizer” is, regarding it solely as a “malware” and a tool for committing crimes:

“Anonymizer is initially a tool for hiding information about a computer or user on the network from a remote server. These are websites and special malicious programs that allow opening previously blocked Internet resources, including those containing information about the promotion of corruption, Nazism, child prostitution and pornography, violence, cruelty, production technology and the manufacture of explosives and explosive devices and other information detrimental to the interests of the state and society. ”

Law enforcement agencies have been “sharpening their teeth” for VPN-services and anonymization services for a long time in order to access web resources. They are convinced that such mechanisms are used exclusively for criminal purposes, since they do not allow to calculate the location of the criminal's computer. However, they do not think at all that in the context of global monitoring of Internet users by some special services, corporations and intruders, such mechanisms simply help to exercise their basic rights to privacy and freedom of expression.



Despite the current lack of any prohibition at the level of the law to use encryption and anonymization of traffic, prosecutors make a lot of efforts to close the possibilities for anonymous access to sites, including those blocked by the requirements of numerous government agencies.



From 2014, first by the courts of the southern districts, and then by many other courts throughout Russia for the claims of regional prosecutors in defense of the indefinite circle, mass practice began to block anonymizers. One of the pioneers in the list of blocked resources was the section “Toolkit” of the site of the public organization “RosKomSvoboda”. By decision of the Anapa City Court of the Krasnodar Territory on April 13, 2015, this section was blocked. The decision states that the rublacklist.net/bypass page is an anonymizer and “using this website, citizens can get unlimited access to prohibited materials, including extremist, by anonymous access and substitution of user addresses.”



Similar decisions to restrict access to anonymizers were made by courts in Krasnodar , Stavropol , Irkutsk , Ufa , Makhachkala , Ulyanovsk and many other cities. To date, several hundred anonymizers have been included in the Roskomnadzor registry, and therefore access to them is limited to telecom operators.



Many anonymizers (not all!) In the registry of prohibited sites can be found, for example, by the keywords in the spelling of their domains:



"Proxy": reestr.rublacklist.net/search/?q=proxy ;

"Anonim": reestr.rublacklist.net/search/?q=anonim ;

"Anonym": reestr.rublacklist.net/search/?q=anonym .



The largest number of decisions on blocking access to anonymizers was made by the Krasnoyarsk Railway Court and the Uchaly District Court of Ufa (Bashkortostan). These courts made a total of ten and six judicial acts on this topic, respectively (one decision for each anonymizer). The Oktyabrsky District Court of Stavropol decided by one decision to block access immediately to 17 anonymizers. A number of anonymizers received several court decisions on blocking access to them. So, Jahproxy.com was banned by the decisions of the Kalininsky District Court of Ufa, the Kirovsky District Court of Saratov and the Ulyanovsk District Court of the Ulyanovsk Region. Similarly, Katvin.com was blocked by decisions of the Ulyanovsk District Court of the Ulyanovsk Region, the Zheleznodorozhny District Court of Krasnoyarsk and the Oktyabrsky District Court of Stavropol.



Over time, the legal position of the prosecution authorities became even tougher and began to boil down to even more ambiguous legal conclusions shared by the courts. Thus, the supervisory authority in Stavropol believes that the very fact of changing the IP address is a violation, since “it threatens the realization of citizens' constitutional rights to equality of rights and freedoms and contradicts the norms of federal legislation, and therefore access to these materials should be limited. "



It is worth noting that Roskomnadzor began to apply the practice of pressure on anonymizing sites (under the threat of blocking the services themselves) in order to force them to filter the materials issued through them, i.e. to ban the issuance of all that is in numerous registers of banned sites in Russia.

“In court decisions it is clearly stated that such resources (anonymizers) are prohibited, since they can be used to access a blocked (forbidden) site. This is a judicial practice prevailing in Russia. Therefore, if the anonymizer stops users from accessing blocked sites, Roskomnadzor believes that it implements the court decision and unblocks it. Anonymizers do often begin to interact with Roskomnadzor: they connect to a single registry and restrict access to prohibited sites, effectively enforcing Russian legislation. ”



Press secretary of Roskomnadzor Vadim Ampelonsky.

VPN



VPN (Virtual Private Network) is a technology that allows you to create a secure network or tunnel within the unsecured Internet. VPN is a tunnel from the VPN client installed on the user's computer and the VPN server. Within this tunnel, the VPN technology allows you to protect, encrypt, and change data that is exchanged between the user's computer and websites or web services on the Internet.

The definition of the letter we received the Ministry of Communications.



Mass blocking of commercial and free VPN services has not yet begun. However, there are cases of various pressures on VPN service administrators. For example, one of the largest VPN providers, Private Internet Access (PIA), reported on the withdrawal of its own servers. PIA is one of the most popular VPN services on the market. It offers users more than 3000 servers in 18 countries. The service itself is located in the USA, but is managed through Trust Media Inc., located in London. The company sent out a message to users, where it warned about the imminent departure from the Russian market due to the adoption of the “Yarovoi package”.



The website HideMy.name (formerly HideMe.ru), which provides VPN access services, was blocked by the decision of the Uchaly district court of the Republic of Bashkortostan of November 2016, but access to the project was not limited immediately. Initially, the decision concerned an anonymization service located on the site, which the site administration, in pursuance of a court decision, was removed for users from Russian IP addresses. But Roskomnadzor, according to the CEO of the company providing the service, was in no hurry to revoke the lock, as he tried to get the VPN HideMe.ru service to limit access to the resources listed by Roskomnadzor to the block list, as telecom operators do. After refusing to do this, access to the resource was limited.



Tor



Tor (The Onion Router) is an open source software that allows you to establish an anonymous network connection using a proxy server system. The use of this technology forms an anonymous network, within which the data transfer is carried out in an encrypted form (data packets are encrypted in three stages, during the transition to each new node), which ensures the confidentiality of data transmission and network connections. ”

The definition is taken again from the letter of the Ministry of Communications.



In Russia, unlike in China, to date, there is no blocking of the site torproject.org, from which distributions can be downloaded, as well as other Tor service servers, and no special control and licensing measures are applied to intermediate and output relays that trigger users themselves. There are no legal restrictions for using the onion-based router technology and using the .onion network.



The Electronic Frontier Foundation (EFF) notes that although it is believed that the operation of the Tor site is completely legal, "it is statistically likely that the output relay will be used for illegal purposes at some point, which may attract the attention of private parties or law enforcement agencies ".



In Russia and abroad, much attention is paid to the law enforcement bodies of the growing Tor network, which is absolutely incomprehensible how to control and regulate. Using Tor to commit criminal activity makes the investigative agencies pay increased attention to this technology. After one of the unsuccessful attempts to “crack Tor” , the psychology of instilling fear of using it for the public and volunteers to support the network was probably one of the ways to combat Tor. Obviously, in the course of investigating a crime committed on the Internet, the investigative body, upon request to the online service provider, receives logs with a list of IP addresses, many of which are addresses of the volunteers' exit nodes, which support the entire network with their computing power.



There are some cases of attention of the bodies that carry out operational-search activity to volunteers over the weekend Tor nodes.



On one of the Russian sites on the network, we found a message from 2015 that the exit-node owner was invited to talk from the FSB. The case concerned an e-mail message about an explosive device planted at Vnukovo airport. After providing the laptop on a voluntary basis, a report was made that nothing was detected. The laptop was returned to the owner, the prosecution did not take place. Some cypherpunks from the cypherpunks.ru community also reported that law enforcement agencies had repeatedly asked them questions regarding the use of Tor output nodes and even engaged in such cases as experts to explain the features of the network.



However, in April 2017, as part of a raid to prevent an illegal mass event, the administrator of one of the 37 exit sites in Russia, mathematician Dmitry Bogatov, was suddenly arrested , who made it clear that Russian law enforcement practice on using and supporting Tor is not so harmless. He was detained for organizing mass riots and for calls for terrorism, to which in fact he has nothing to do. Despite a well-founded investigation by an independent researcher, and a host of circumstances indicating that Dmitry is definitely not “Ayrat Bashirov”, from whose account publications were posted, the investigation continues to ignore the facts and keeps Bogatov in custody.



Currently, there is either an intentional compromise of the content and use of Tor output nodes, or the law enforcement agencies are so unaware of the principles of the network and its structure that for almost two months they continue to keep a person in the SIZO just because he launched several years ago home output node.



Analysis of all the above cases of law enforcement, proposed bills, as well as the approved and signed Doctrine and Information Society Development Strategy suggests that further measures to eliminate network anonymity and combat technical tools to ensure it will continue.



Publications:



Part 1. Introduction and world practice

Part 2. Legislation against anonymity

Part 3. Law enforcement struggle with anonymity tools

Part 4. World experience in dealing with Tor and VPN

Part 5. (in development)



Prepared by:

Sarkis Darbinyan, Artyom Kozlyuk, Aliona Ryzhikova for the Center for the Protection of Digital Rights