VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country.
The company claims that some of its Russian servers were seized by the national government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year.
‘We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process,’ wrote Private Internet Access in a blog post.
The provider assured users that as it does not log any traffic or session data, no information was compromised – ‘Our users are, and will always be, private and secure.’
Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region.
Private Internet Access also added that following the incident, it was updating all of its certificates and client applications ‘with improved security measures to mitigate circumstances like this in the future, on top of what is already in place.’
The company advised that users must now update their desktop clients, and noted that its manual configurations now support the ‘strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.’
Russian authorities are tightening control over the internet and have long targeted VPNs and anonymising tools such as Tor, and other web proxies, while expanding surveillance capacity.
In July 2014, the government passed a data localisation law which stipulates that all foreign internet services processing Russians’ data must host the information on local servers. According to Freedom House, a U.S. human rights NGO, privacy advocates at the time raised concerns that the rule could make Russians more susceptible to government surveillance.