10-04-2021 | | By Robin Mitchell
Recently, Russia introduced a law that requires developers of smartphones and smart devices to come pre-installed with Russian software. Why is Russia taking this action, how does it relate to electronics, and how could such moves erode privacy?
Recently, Russia announced the introduction of a new tech law that requires developers of smartphones and smart devices to come pre-installed with Russian software. The idea behind the move is to prevent large foreign tech companies such as Google and Apple from having a monopoly on software services. The new legislation also looks to improve Russia’s stance in the world by forcing foreign offices to open in Russian territories as well as providing tax breaks for Russian IT companies.
The importance of technology has completely changed the nature of national defence while also making technology a necessary resource. Thus, it is totally understandable that a nation would want to limit the external influence on their infrastructure and used platforms. For example, Google is a highly useful service for many billions, but the headquarters of Google resides in the US, and as such countries which are at odds with the US may feel uncomfortable using their services. Furthermore, the services in the US could potentially be accessed by agencies such as the FBI and CIA, thus providing the possibility of espionage and monitoring.
On the surface of the law, it would appear that the new legislation is a software concern as opposed to a hardware concern. However, the legislation also includes “smart devices” which is a very broad term and could affect a wide range of devices.
If such legislation affects even IoT devices, then hardware developers may need to consider what OS their system runs, the software it uses, and if they are required to pre-install Russian software. Of course, if the device in question uses an Android OS or Linux system but does not require user interfacing then surely the device does not require pre-installed Russian software? Right?
Currently, the legislation only applies to smartphones, tablets, TVs, laptops, and PCs so IoT devices and other similar systems are exempt. But this legislation could easily be extended to any smart system that utilises an OS such as Android, and if it gets to this point designers could face major problems.
If the law is extended to include all smart devices, there is a real concern from pre-installing Russian software. While it is understandable for Russia to want Russian devices to provide users with alternatives to Google and Apple, the desire to force companies to open companies in Russia rings alarm bells. To understand why one only has to look at China to recognise how this could quickly destroy user privacy.
Companies in China, regardless of where they are from, require to have members of the PRC (People’s Republic of China), stationed in the company. These individuals then directly report to the Chinese government on the companies activities. However, it is widely believed that these same individuals also provide the Chinese government access to the company and its resources. As such, the government could easily install backdoors into software systems, add backdoor hardware, and commit industrial espionage.
While Russia is a democracy, it is well understood that Russia is involved in cyberattacks on other nations around the world. As such, it would not be a great leap from having companies open offices in Russia to using those offices to gain access to potentially private data.
Furthermore, the use of force pre-installed software could provide Russia with the ability to integrate backdoor routines in said software. From there, the government could very quickly access the data of those using Russian services, or the phone itself from the very fact that the programs are pre-installed.
Privacy in electronics is a growing concern, and it will not be long before privacy can be capitalised (i.e. devices that prove their security and privacy will be valued more and sought after). However, engineers wishing to design electronics and systems for nations such as China and Russia should do so with caution, and systems such as ARM Trust Zone and Intel Trusted Execution could be the only defence against pre-installed malware.