Further Russian law changes around international data movement

I wonder what the Storj implications are here.

1 Like

Thank you for bringing this to our attention, we have shared this with our legal team and will be closely following this news to take the appropriate measures as required once this law goes into effect.

3 Likes

I think as a node operators we do not transfer any data that can be considered as personal as it is defined by law. Last time I had some insight into topic of personal data in Russia (discussion with audit company), it starts to be considered “personal” as soon as one combines, lets say, phone number, with name of person, but if it is just phone number separately it is not a subject to any restrictions. Means that even if some data on nodes is collected, it is ok as long as it is not assotiated with specific person.

This is my opinion and I’m not a lawyer. I think the problem comes about in two areas:

  1. Any Russian clients who utilise storj could be required to Geolocate Russian data or be breaking the law.
  2. If overseas clients use a Russian node and then download their own data (and move it outside Russia) are they breaking Russian law?
    Just my 2 roubles worth.
1 Like

Regarding point 2, I wouldn’t give 2 f*cks about Russian law as I don’t live there…

1 Like

This is similar to GDPR or analogues.
As far as I understand, not any Russian clients are subject of this law, only those ones who stores personal information of Russian citizens must comply to this law.
If overseas clients (or Russian clients) stores personal information of Russian citizens, they must store this data in Russia. So, if they uses Storj DCS to store such information, they must comply to this law too, this is mean that they should request a geofencing feature enabled for buckets with that information.

2 Likes

This shows how important the geo-fencing feature really is. I don’t know why customers have to request this specifically. Many of them are probably not even aware that such feature exists I would assume.
This should become a feature that is openly available on a standard basis for every customer I think.

6 Likes

Wouldn’t this be because it’s an option in satellite config and that may make it hard/er to allow it for specific nodes tbh I think it would be easier to geo restrict from the sat
Then all nodes there on that sat should have fenced data

Because it is against decentralization and gives more information to the satellite about data (at least its geolocation). The content is still encrypted though.

It’s an attribute of the bucket in the metainformation related to this bucket.

There are also no good client-facing interface for this feature yet, and this attribute applies additional restrictions on such buckets - you cannot move or copy data to the bucket without geofencing from the bucket with geofencing. There also more complex repair - data should be placed only to nodes, which belongs to the specified region, thus it has a higher risk to lose data.
There is no good way to precise detect a geolocation of the particular node (VPN for example can easily mask the node from detecting a real geolocation).
If there are not enough nodes, the customer may face an issue with uploads and downloads as well.
So, this feature is not what we want to promote without cautions yet.

1 Like

I think I don’t agree. Data is still decentralized as it is still stored on many separate nodes. Only difference is, it is stored on different nodes within one specified region.

But my point is more that this is a feature that will become more and more essential for users and therefore for Storj DCS business. In Europe GDPR compliance is a major factor for the decision of companies, where they (are allowed to ) store their data.

I understand that the feature might not be “perfect” yet and still under development, but in my opinion it is essential in the future to solve all the current issues.

I see alot of these points I didn’t think of

We already offer geofencing for European customers that request it. But it is a real concern that finding sufficient nodes for storing and repairing data within a geofenced Zone that does not have sufficient number of available nodes would be a problem. We need to first assure we have a sufficiently large number of reliable nodes available before we can offer geofencing for specific regions.

2 Likes

There is no question that the availability of such a feature depends on the availability of nodes in the requested region. And certainly not all wishes which countries to include and which to exclude can get granted.
On the other hand I see that more than half of all nodes appear to be in the EU region. So that at least appears to be a sufficient number to make this option openly available. But maybe its not.
If there are not enough nodes in other regions, there is always the option to make some kind of marketing for becoming a node as of course I can see that the majority of nodes is the Europe/North America then Russia and then the rest…

I just want to make sure that Storj understands and does not underestimate the importance of this feature. Here in Germany it is important for enterprises to have a GDPR compliant storage.

As mentioned above we already offer geofencing for Europe. Our team is aware of the importance of geofencing but as also mentioned before, if a customer asks for it in a region that does not have sufficient nodes currently available, we will not be able to offer it or promote it. It won´t be a high priority other than for regions were there are legal requirements such as GDPR and/or high demand for it from our paying customers. We cannot dedicate significant resources to marketing to attract more nodes for specific regions unless there is demonstrated high priority for the region in question.

Another great point I didn’t think about not all regions having a good amount of nodes

As said I understand that Storj cannot offer that feature for regions without sufficient nodes. That’s trivial.
That’s why I have mentioned node marketing. Looking at the map of nodes, it is really interesting to see so few nodes outside of Europe/North America/Russia. There are only 152 nodes in Australia and a total of 28 in India. Compare that with alone 110 in tiny Austria.
Population in India is 1.3 billion, Austria has around 9 million. And India is known for their IT people. That’s why I believe node marketing would not necessarily require big investment. First of all would be to find an answer to the question, why is such a huge disproportion. And maybe that will already help to increase number of nodes in more regions as my expectation is that we will see tougher data protection laws in the future in more regions of the world.

However for the EU region with its 7500 nodes and more it seems there are sufficient number of nodes already. So my main point here is, that a customer has to request this feature. I have checked the information brief on geo-fencing and there is no mentioning that it is a request only feature nor an instruction for an interested party how to enable it.
Same goes for the satellite dashboard where I could not find this feature mentioned or a link to request it.
So I believe the visibility of the availability could and should be improved. As I customer I would prefer that this feature is “just there” instead of having to request it specifically.

1 Like

There is a form to request geofencing on our customer help desk.

That is, if it is a personal data. Geofencing feature discussed below sounds good in this regard.

It is different from what is restricted by law, so no issues at all.

Some news from India regarding that matter:

The data localisation norms under the bill were one of the key contention for Indian start-ups as well as the big tech companies as they prohibited the movement or export of data outside the country.

With only 26 Storj nodes in India according to http://storjnet.info/ such a bill would have effects on Storjs India customers I assume. Maybe there aren’t any but as said, I think it is safe to assume that there will be more laws like that from other countries in the future too.

This automatically make this countries self killing, in case of some big disaster in local. Lot of data will be lost or not accessible. I am talking not about stoj but local data at all in this countries with this kind of law. this mean that all this Data will be in local datacentres, big fire in one will cause data loss already.

1 Like