Private Internet Access, a provider of virtual private network services, has shut down its Russian gateways and won’t do business there any longer, as it believes some of its servers were seized by the government for not following new internet surveillance rules.
The company said it had likely fallen foul of new rules that require providers to log local traffic for up to a year. Private Internet Access says it does not log traffic or session data.
“We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process,” the provider said in a blog post Monday.
It assured users that their data had not been compromised for the simple reason that it does not log any traffic or session data.
Private Internet Access is offered by London Trust Media in Los Angeles. It said in the wake of the development it was rotating all of its certificates and updating its client applications “with improved security measures to mitigate circumstances like this in the future, on top of what is already in place.” Users have been advised to update their client software. “In addition, our manual configurations now support the strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096,” Private Internet Access said.
Russia's Internet regulator Roscommandzor could not be immediately reached for comment.
The country has in place rules that tighten its control over the internet and more recently has also targeted anonymizing and circumvention tools like TOR, VPNs and web proxies. The Russian authorities have actively tried to limit internet users’ ability to remain anonymous online, while expanding the government’s capacity for surveillance, including by passing a data localization law in July 2014, which requires all foreign internet companies to host Russians’ data on servers within the country, according to watchdog organization Freedom House.