Russia has used a Presidential decree to slap a blanket ban on the import and use of all encryption technology in the country without Ministry of Foreign Economic Relations approval and certification by Federal Agency Governmental Communication & Information. And Presidential decree number 334 is being taken very seriously by the software majors and is deeply worrying to the information technology community in Russia, since it gives the federal agency, a former department of the KGB, the right to veto the use of encryption tools in anything from a local area network to an Internet node. Having digested the decree, all vendors of multi-user software are now having to decide whether to remove all encryption capabilities from their products or risk future agency interference in their work. Since there is still some doubt as to how the agency intends to use its new powers, no vendors are keen to talk openly about their plans right now. Oleg Bezzubtzev, head of the agency’s licensing and certification department, said the decree is the latest in a series of laws and decrees, all of which contain provisions designed to protect government and state data. Consequently the agency’s definition of data encryption is very broad and covers any product that transforms data from machine-readable form by use of algorithms or a key. Bezzubtzev said that although all imported encryption technology must have a Ministry of Foreign Economic Relations licence, his agency’s certification will be mandatory in more limited circumstances. The decree, he said, is targeted primarily at the state sector. Not intended for inclusion in this measure is equipment for personal or internal company use in non-state organisations. He said that the decree will not be enforced where encryption or archiving programs are used in local area networks in private offices. But final say in any situation will be of course be with the agency – with no one to appeal to if you disagree.
