The Federal Security Service has developed rules for Russian companies which deal with personal data in digital form.
The document says that if the company plans to use encryption, these funds must be certified by FSB. At the same time it can be obtained only by the technical tools that implement domestic cryptographic algorithms, but they can be supported by neither iOS, nor Android.
The cost of using these algorithms is very expensive, for example installing "Crypto CSP" on one computer will cost about two thousand rubles.
The document also states that the servers with crypto must be sealed in buildings with grates on the windows at night. Most Internet companies will not be able to fulfill such a requirement at least because they are working around the clock.
Computer security experts believe the new rules to be impracticable. Alexei Lukatskii, a security expert of a large international corporation said that there was no cryptography certified by FSB for online stores and cable television systems. Andrey Prozorov, a leading expert on informational security company Infowatch agreed with this point of view.
Alexander Kovalev, the marketing director of the informational security company Zecurion noted that specific versions of encryption systems obtained the certificate, so their users almost never receive adequate and fast updates.
Therefore Alexei Lukatskii noted that as a result major state projects downplay the threat level and simply warn users about sending unencrypted data, because they do not want to use encryption certified by FSB. The portal of public services and a ticket on the train at the Railways site is now working under this scheme.
Experts believe that the question lies in the FSB approach to the informational security problem. "The matter is in the ban approach, 99% of banks' activity is not prohibited in the banking sector, and it provides relative freedom, but then they rigidly check", Kovalev said.
