FSB approved the procedure for obtaining encryption keys from Internet services

Keys should be provided to the FSB on magnetic media or by e-mail.

On a rainy day for Russia on July 7, 2016, together with the signing of the Spring package of amendments , President Putin instructed the government to pay attention to the application of the provisions of the law “on liability for use on communication networks and (or) when transmitting messages to the information and telecommunications Internet network encoding (encryption) ”, as well as“ the development and maintenance by the authorized body in the field of security of the Russian Federation of the register of information dissemination organizers on the Internet, etc. delivering on the request of authorized agencies the information necessary to decode the received, sent, delivered, and (or) the processed e-mails in case of additional coding. "

The FSB was instructed to approve the procedure for certifying the means of encoding when transmitting messages on the Internet, to determine the list of means to be certified, as well as the procedure for transferring the encryption keys to the authorized body in the field of state security. This is necessary so that the secret services could get the keys and decrypt the HTTPS traffic and other encrypted user data, if necessary. This measure comes into force now, that is, one and a half years before the regulation on mandatory storage of all traffic for up to six months comes into effect.

On August 12, 2016, the Federal Security Service of the Russian Federation published Order No. 432 of 07/19/2016 No. 432 “On approving the procedure for providing information dissemination organizers in the Internet information and telecommunications network to the Federal Security Service of the Russian Federation information necessary for decoding received, transmitted, delivered and (or) processed electronic messages of users of the Internet information-telecommunication network.
')
This order establishes the procedure for obtaining encryption keys from the owners of servers and other Internet services. The procedure is quite logical and simple.

1. The organizer of the dissemination of information on the Internet transmits information for decoding on the basis of a request from the authorized division signed by the head (deputy head).

2. The request is sent by registered letter with return receipt.

3. The request indicates the format and address of the provision of information for decoding.

4. Information is transmitted on magnetic media by mail or e-mail. Alternatively, it is possible to coordinate with the FSB the access of specialists to information for decoding.

An authorized division of the Federal Security Service for the acquisition of encryption keys has been appointed the Organizational and Analytical Department of the Scientific and Technical Service of the Federal Security Service of the Russian Federation.

For reference, magnetic media includes magnetic disks, magnetic cards, magnetic tapes, and magnetic drums.

If the server owner refuses to provide the key needed to decrypt HTTPS or other encrypted traffic, a fine of one million rubles can be imposed on it.

Even before the publication of a specific procedure for the transfer of keys, representatives of some Internet companies expressed doubts about the possibility of enforcing the law in terms of transferring encryption keys. They say that when using the HTTPS protocol, encryption keys cannot be stored technically.

But as they say, the problems of the Sheriff Indians do not care. The procedure is established - it must be followed.