The last two weeks have been a nightmare for Russian Internet users. First, online SMS's went public; then it was the data for online shoppers, including sex shop clients; finally, yesterday it was the order data for Russian Railways customers.
Wikileaks, Russian Style
On July 18, SMS's sent from Megafon website went public in Yandex search. Then over 50,000 pages of online shoppers and rail tickets bookings flooded Yandex, Google, and Bing SERPs. The problem of online privacy that has been debated in the West since at least 2008 has finally reached Russia.
While in the mentioned incidents we dealt with the Russia-wide customer information, there was a local case of a similar nature. On July 23, in St. Petersburg, the data of car accidents of the RESO-Garantia clients went online via a website avarburo.spb.ru. It could be regarded as a mere coincidence or even a joke, had the data not belonged to very affluent citizens and large companies, including the Lenfilm Movie Studio. By searching Yandex or Rambler (the latter is now using Yandex's search algorithm) for a car plate number, one could find information about the owner and any accidents they got into. Considering that RESO-Garantia is an insurance company, the situation is rather bizarre. The information leaking only stopped on Monday, after the data could have been downloaded by anyone with the interest of its further sharing.
Also, on Wednesday, 27 July, it turned out that documents from the Russian Government, in particular the papers of Antimonopoly and Migration Committees, were indexed by Google. It has been noted, however, that no sensitive government information has been leaked.
The hackers used specially written codes to retrieve the information from websites. Yandex has explained that in the case with some websites the reason these "sensitive" pages became available was because they were not included in a robots.txt file as non-indexed pages. Whether this was really the case, the main point remains: the question of privacy protection online is going to become a point of great concern. Finally, one may add.
Identity and Privacy Online: Russian Perspective
It should be noted that for a Western observer or someone who was exposed to the development of Western Social Media for a period of time the Russian way of dealing with sensitive information is startling, to say the least. Whereas European and American employers have long been checking a prospective employee's social networks profile, to identify any illegal or inappropriate behaviour patterns, in Russia such practice is still rarely in use. The photos and texts people share online are occasionally jaw-dropping. As for private data, like date of bith, names, relatives, addresses, phone numbers and emails, this is often openly available online. The Social Networks also abound with fake celebrity profiles, prompting one to wonder, if any activity carried out in their name may lead to a scandal.
Obviously, no country is immune to identity thieves and hackers who operate online. There were incidents in Britain, for instance, when papers with private data were leaked on the Internet or forgotten on the train. Wikileaks proves that there are no closed doors for those who want to get hold of information. However, in Russia, with its long history of extreme data protection and persecutions for the breach thereof, the users still seem to revel in the newly found "freedom of information". The process of catching up with the realities of web sharing is taking longer, in spite of availability of best practices from abroad.
Analysts say that only last few incidents with online shopping and car accidents data should be considered truly problematic, as they do provide names, emails, and addresses of users. The leaking of SMS messages sent from Megafon website, although alarming, is not as harmful: there is no direct indication as to people's identities. The experts stress, nonetheless, that the lack of legal regulations in the fields of online data protection is the main reason why such cases are possible in the first place. The logic is that, had there been a clear possibility of punishment, the security would be better enforced.
Who Wanted the Data
Some are of the opinion that all three cases were masterminded by those who wanted to tarnish Yandex's reputation. The Russian Internet giant has been successfully withstanding Google's advances in the Russian market by producing more or less similar versions of Google products especially for Russian users. It would be easy to assume that someone from Google's camp wanted to prove just how unrealiable Yandex is - except that online shopping data also went into Google and Bing, not just Yandex.
The likely situation is that it was important to justify the corrections to the federal 'Act of Personal Data' that have recently been signed off by the President Medvedev. However, the law is still imperfect, while it will also likely have to be enforced. It is possible that these incidents were to play an important part in convincing those concerned that strict data protection measures must be adopted.
It is assumed that there will be a series of legal actions taken, most likely in accordance with the article 138 of the Criminal Code of Russian Federation (The Unlawful Interception of Private Communication, Telephone Calls, Telegrams, Postal and Other Correspondence). For now, the police interrogates representatives of Yandex and the companies which information was leaked, in order to establish the exact person who exposed the user data online.
And next?
There will surely be a plenty of criticism towards search engines, websites, and users themselves. It is necessary, however, to find a positive grain in the whole situation. Evidently, it is that now finally Internet users and online business owners in Russia will have to reconsider the ways they collect and share data on the web. A website that you think is only used by you still exists online and can be revealed, provided someone has enough skill and desire. Most importantly, these incidents that have acquired almost a snowball effect in the last two weeks, should bring the questions of online identity and privacy back into focus. Without this, it will be difficult for Russia to become a respected part of global online community.
Sources: RBC, Delovoi Peterburg, Argumenty i Fakty, 1Obl.ru.
Julie Delvaux
Author: Julia Shuvalova