History repeats itself. Like Telegram a year ago, now two Yandex services — Yandex.Mail and Yandex.Disk — must provide confidential, encrypted keys for user correspondence to law enforcement authorities. As a result of the refusal last year, Telegram was blocked in Russia.
Both Yandex companies refuse to transferThis information in the FSB, as in this case, user passwords can be disclosed. The security officials explain such a requirement by the norms of the “Spring Law”, according to which all organizers of information dissemination (ORI) are obliged, upon the request of law enforcement agencies, to transmit the information necessary for them to decrypt information messages.
However, Yandex believes that the FSB is too wideapproaches the implementation of the norms of the “law of spring” and require the provision of data beyond those described in the regulatory document. In addition, the transfer of keys that allow access to decrypt all user traffic can carry security risks.
According to independent experts, the session keys really required by the FSB can provide full access to confidential user identification data.
In addition, Yandex believes that working withFSB agencies may cause an outflow of users to foreign Google-class companies, to which law enforcement authorities have not yet sent similar requests. Loss of customers will ultimately lead to financial losses.
In case of failure of "Yandex", the company will first bea fine was imposed in the amount of 1 million rubles, then Roskomnadzor will issue an order and will give 15 days to correct the deficiencies. Only then, theoretically, Roskomnadzor will be able to go to court with the demand to lock the resource on the territory of the Russian Federation. However, according to experts, such an outcome is unlikely and a reasonable compromise is likely to be reached.