FAQ about mask shows in the data center in the legal practice of VDS hosting

image

Hello, Habr! You asked me to tell you what real mask shows will look like in a Russian data center where you rent VDS. I must say right away: do not expect miracles, according to a properly formatted request, the data will be transferred immediately and without unnecessary breast-rising for protection. Because the practice is this: either you run a legal business, or you fly out of the market. But there are nuances. Our lawyer and I will now try to sort out the main issues.



What does it usually look like to request customer data from authorities?



For example, you filmed child pornography in support of Navalny - and an investigation has begun on the appeal of your kind and law-abiding competitors. We will find out about this by an official written request. A tired courier arrives at the office, or we receive a registered letter by regular mail or arrive in some special way, for example, by a courier. If the request contains no secret data, then it is usually duplicated by a regular e-mail to an address like info @. Already at this stage, about a third of incoming requests are eliminated, because they must be composed correctly.



Naturally, we do not know (and moreover, we do not want to know, it is not profitable for us) what is going on with the client on his VPS. Moreover, in some cases and not fundamentally - if the client has enabled encryption, and the keys are not stored in cleartext on the server.



But the request itself is usually aimed at obtaining data about a specific person (customer contacts, transaction history, and so on), whose criminal activities the body is trying to suppress.



Why are requests being dropped?



A lot of requests are eliminated due to incorrect compilation: for example, the Ministry of Internal Affairs does not always know which of our dozens of data centers to apply to and in what jurisdiction it is. That is, a small number of requests simply fall off, because they are wrongly addressed or incorrectly composed. Often they write to RUVDS (this is a trade name, not a legal entity "MT FINANCE"), often they do not contact the CEO, and so on. In this case, our lawyer gives a refusal in the form, but almost immediately the correct document arrives again - this time with the required header.



Such situations are about 30% of the total mass, but many return correct in just a few days. So when you read someone's transparencies, don't pay too much attention to the bounce rate: it's just a matter of filling out the form correctly by an employee of the department. And he is able to send a second request almost immediately.



Further, it is verified that such a request really took place and that this is not competitive intelligence. That is, you need to contact this department and ask if there really was such a request. And it is not by phone numbers from the letter, but we go to Google, look for contacts and call. So far, the statistics are 100%, but we continue to insure. Some are surprised when a lawyer asks the specific employee who sent the request to the phone. But after explaining that if this is not the case, then we will contact the police in order to prevent fraud, usually they connect. We have a separate procedure for the FSB, but I cannot tell you about it.



Such requests come from the FSB (border service), the Federal Tax Service, the police and other departments. Almost all FSB requests are correct at once, but the police do not always know how they are drawn up or which legal entity to write to - and they receive refusals more often than others. At the same time, about 90% of requests come from the Ministry of Internal Affairs.



Have an example of a rejected request?



You are welcome:
,



_______. ( – β€œ_____”), ________, __________, _______, _________, ______. _____ ( – Β«_____Β»), , , , _____, β€œ______”, β€œ________” . _____ - ______.__. , _____ , , . , .



______ - __________ ( – Β«-Β») :



– ______ ;

– ____;

– - ( – «»),



( «»).



_______, - ______. ______ , - .



-. , -. , :



(1) ______,

(2) _____ ,

(3) .



, . , ( ), .



, _____, . , . ______ , .



- , , .



:



,


Under what law is the request generally processed?



The basis for such a request is the law "On operational-search activity". It lists the organizations that are empowered to conduct operational-search activities. This is a federal law that operates throughout our country. It lists the Ministry of Internal Affairs, FSB, FSO, customs authorities, SVR, FSIN, GRU (only within the framework of ensuring their own security). The tax service is not included in this list, however, there is a joint order No. 317 / -7-2 / 481 @, which allows the tax service to receive the results of the investigation directly from the Ministry of Internal Affairs, and if, for example, the tax authorities do not answer, then it will come quite quickly request from the Ministry of Internal Affairs. Well, the tax office does not ask for any installation data on clients, it is interested in the nature of the relationship between legal entities, documents confirming the relationship, in order to understand that, for example, payments for the service can be accepted as expenses.



We are obliged by law to respond to these services in the prescribed manner (except when it comes to us - in this we can refuse any comments and answers to questions under Article 51 of the Constitution). Fortunately, we did not have this either.



What is the reason for such a request most often?



The main reason for the request is a complaint about someone's fraudulent activity. Accordingly, the Ministry of Internal Affairs is launching an investigation into bank card fraud. There are a lot of such cases from Moscow (about a third), many from Krasnodar and the European part of Russia in general, much less because of the Urals. This is the "K" department, that is, the cyber police. The essence of using the server most often is a mini-ATS deployed there for fraudsters' calls to individuals. Less commonly, a landing page for the sale of drugs.



Another 9% by eye is the FSB and the search for specific individuals.



The remaining requests of this type are the border service, which is requesting in connection with the import-export, they are trying to find proof of supply on their servers.



Does the client know that he is being β€œpunched” by government agencies?



No, he does not know, and we have no right to report such a thing - this is a secret of the investigation. We once had a case when, by mistake, the answer to a request went to the client instead of the police. This was a very serious jamb and we could have been charged for aiding. In that situation, we revealed to a potential criminal, yes, he is a potential one, no one condemned him, no one calls him a criminal, but he is a suspect of an offense. We revealed to him the very fact that an investigation is taking place in his attitude. You will never know that a telecom operator has passed something about you to law enforcement officers until you are presented with it at the investigation.



But, fortunately, then the client had long known that an administrative case was initiated against his company, and in general such things usually become known much earlier than requests come.



When is a request not being bounced due to incorrect design?



When there is a blocking requirement in it. We do not block on request, especially at the request of the Ministry of Internal Affairs in a free form. We have to give the data, but not block. But at the same time, we do not delay the answer, but explain what is wrong. As a result, most often, a request arrives from the police the very next day without requiring a blocking in the proper form.



And why clients who engage in illegal activities are not blocked?



We block such clients by court order, but not at the request of the Ministry of Internal Affairs, for example. Because without a court decision, it is impossible to determine that someone is doing something illegal. The decision to block is made either by the court or by Roskomnadzor (in the form of entering the IP address into its black list of prohibited addresses) on its equipment, after which all telecom operators that provide Internet access in the Russian jurisdiction block access to it automatically within 24 hours. mode. We may not even know about this. This happened to us when our client's IP address was blacklisted by Roskomnadzor. We already learned about this from the client, because he ran into us - from the support ticket. We checked the Roskomnadzor databases, and it turned out that there the client was engaged in open fraud.



But we do not block until the judgment. It is not our responsibility to decide who is right and who is wrong. We are infrastructure. We cannot violate the EULA. That is, as a person, I would be very happy to block fraudsters, about whom it is already clear that they cheat old people for money, but as a specialist I adhere to the law.



At the same time, we humanly understand when a police officer asks to block in case of an obvious fact of the client's criminal activity. But we are not a court, we cannot check the position of the police and therefore are always guided by the law.



What about hosting in other jurisdictions?



Almost every jurisdiction has an analogue of the Yarovaya package, and customer data is usually requested automatically. Yes, in different countries it is different, because now in Europe it is regulated at the national level, and not by the EU, but one way or another, services have access to plus or minus the same data as in Russia. We do not consider voice communication - we do not deal with it, and since we are not a telecom operator, we should not store traffic either. Here you provide a service in the European Union. Your equipment is installed on a server, to which the line of a local telecom operator fits. The telecom operator provides the necessary information about the activities on this server for the intelligence services. Well, that is, they automatically understand that such and such activity is taking place from such and such an IP.This IP address belongs to such and such a company and is located in such and such a place. All data about this company is immediately collected. An automatic request is made to the operator for information about what she knows about him to the operator's database. If there is enough data, then we will not even know about it. In Europe, data is collected slightly less, in the USA and China - the most.



If the intelligence services do not have enough data, then the telecom operator contacts us directly. We had such a case last summer with a client from Russia, about whom we knew for sure that he was Russian. He indicated his passport data in his personal account. He rented a server in Frankfurt, Germany. He received a request from the local police in Frankfurt. Basically, we answered that, yes, the IP address is leased by our organization. It is leased to such and such a client, a citizen of the Russian Federation. Without a name, without anything. In this case, we do not give them any setup data. And we say that please contact Interpol to our colleagues in Russia. When a request comes from Russia, from the Russian Ministry of Internal Affairs, from the Investigative Committee, we will give them information about this client, since the request must be in our Russian jurisdiction.We will not give you anything.



And our Ministry of Internal Affairs, in turn, for example, is not interested in VDS from Frankfurt, since their addresses are foreign. They are interested in what is happening in Russia, for the reason that they clearly understand that it is very difficult to get information from the foreign police there. Especially in the current situation of the relationship that, well, we now have. Therefore, in six years we have not had a single case of an IP address request abroad.



Literally a couple of times a year, requests come through Interpol. There you cannot answer in writing, you have to go physically and give evidence (explanations). In the process of communication, we have the opportunity to familiarize ourselves with the composition of a potential criminal case against a client. What I have seen are large scale fraud suspects.



Why is the Netherlands considered a free zone?



Because they have warez, adult and many other things are not illegal.



Local data sovereignty laws are too good for a Russian to be true. Nevertheless, thanks to them, no one will be able to seize the server from you without a court decision - including to search for evidence during the investigation.



Dutch law also permits what is prohibited in other countries of the world: adult content. As a result, the services of Dutch data centers are used not only by webmasters, but also by those hosting providers who earn from selling bulletproof hosting - services where you have the opportunity to post information of any nature and be calm about the fact that the hosting company will be able to without warning remove it at the first complaint. Not only adult, but also warez, pharma, doorway pages, spam can act as "information of any nature". There are online porn studios in Holland. Online casinos are located there. Well, in general, everything that is prohibited in all other European countries, everything is hosted in Holland.



Have there been any cases of physical seizure of servers?



We do not have it specifically in RUVDS, it happens on the Russian market. That is, it is not a virtual image that is requested, but people come directly for the equipment. They take either hard drives or servers and even printers. But in Switzerland, I have never heard of this, and therefore our clients often choose a data center for their VDS there.



But in general, all the stories with physical mask shows are quite old. As for the last major one, I remember the disputes between business entities (in St. Petersburg, hosting was divided as a result of a dispute between the founders). Then a lot of equipment was turned off physically, and those who did not backup to other sites in terms of geography, of course, suffered greatly.



A good data center protects against arbitrariness. This is to simply not let anyone in without a court order and without serious reason. All our data centers, including Russian ones, have at least three perimeters of physical protection. All with cameras. That is, only active resistance to the actions of the police can lead to the real arrival of the OMON. For example, if you send three letters to the FSB officer who sent a formal request, and then still do not respond in essence within the prescribed time limit. Well, or if you send them the wrong thing several times, for example, some pictures instead of a virtual image. In general, you have to be a complete idiot to do this.



What about torrents?



These are not requests from authorities, they are requests from the copyright holder. For example, there is Sony Pictures, which is not represented in Russia, but has a legal partner here who makes sure that Sony's films are not distributed by pirates. During the year, several hundred requests come in that a pirate is hosted on your servers, take action. We forward these requests directly to the hosting client.



Usually, within a day, the client deletes all this, apologizes, and we forward it to the copyright holder. This usually suits everyone.



What about tax inquiries?



These requests stand out as they are not directly related to the hosting. That is, the FTS sees a transaction for VDS payment and cannot assess what it was. Then, through the document management system, they begin to ask what it was and what the service looks like. Typically, requests are related to the reasonableness of the cost acceptance. That is, some company pays us, conditionally, 100 thousand rubles a month. The company, of course, expects to accept 1.2 million as expenses at the end of the year and reduce the taxable base. Submits a declaration. Pays taxes. Tax, for example, believes that our services should not fall into their expenses. They turn to us with a request to demonstrate the contract with this organization, the invoices issued, the acts of reconciliation, that we really have economic activity between our organizations.Also, such requests are connected with office audits, with field audits in order to collect evidence that companies are evading taxes. Their requests are generated automatically, and there are no rejections due to irregular shapes.



And what about the lawyer's requests?



There is such a thing in our law, a lawyer's request: this is when a lawyer can ask for any data to protect his client. We usually refuse them, because we are not obliged to provide data. In my practice, a couple of times there was an attempt to get data on competitors for free along with the images of their disks. The only correct answer to such a request is "contact the police with your questions, then we will answer them."



image



That is, how they can request data, but we are not obliged to provide them by law, since lawyers are not among those to whom we are obliged to provide data. As a rule, these lawyer inquiries concern some legal entity with whom the requestor has a business dispute or other litigation.








All Articles