Telecommunications operators in Russia may start turning over location data of all of their network users to the Russian authorities starting in September. The government wants to create a database with the location of Russian Internet users across the country.
The Russian Federation is in the process of approving an amendment to a 2019 law, which would allow authorities to collect the geographical location data of Russian Internet users. The amendment was announced on January 15th, adding new requirements for Russian telecommunications operators.
According to the wording of the legal document, the Russian authorities will be authorized to keep a database of Internet users and their locations all across the country. Telecommunications operators in Russia would be obligated to share the location of use in the form of a postal address or geographic coordinates.
According to the government website, the amendment must still be discussed and approved by the ministry of Justice. It has been set to come into force by September 1st, 2024 until September 2028.
The government said that this would serve to bring about a “digital border” around Russia.
Assuming the database will provide information about all Internet users in the country, it would allow the government to identify users that come from abroad, which is intended to assist in identifying hackers targeting Russia.
Roskomnadzor, the federal agency responsible for data protection and censorship, explained that this amendment would help to efficiently deal with DDoS (denial-of-service) attacks against the Russian government, specifically ones that come from other countries.
The creation of this may turn out to be an ambitious project, as not all addresses associated with computers (IP addresses) are easy to locate in the physical world.
For instance, dynamic IP addresses change frequently, and therefore, are more difficult to track, as per NordVPN. Virtual Private Networks (VPN), which are legal to use in Russia with some restrictions, further complicate locating online attackers, as users can change their visible IP address easily.
Some telecommunication experts believe that this amendment has no public use whatsoever. As many online criminals cloak their IP addresses, they will be difficult to track.
Sarkis Darbinyan, head of the legal practice of Roskomsvoboda, a Russian NGO advocating for the freedom and digital rights of Internet users, told Forbes.ru that this will only really help in finding criminals who are not very good at “masking their traffic.”
However, this database would allow the Russian Federation to keep track of its citizens and their usual IP addresses more easily.
In the European Union, transmission of geolocation data is strictly limited by the General Data Protection Regulation (GDPR) implemented in 2018. In the United States, the government covertly tracked the geolocation data of US citizens via the Patriot Act, brought into force after September 11th, which received widespread backlash when it became public.