Iran has ordered messaging app developers to move all Iranian users’ data to servers within Iran, reports Engadget. The government has provided a timeline of 1 year for developers to move the data to ‘ensure their continued activity.’
This move comes on the heels of various messaging apps introducing end to end encryption including WhatsApp and Viber last month. Other messaging apps like Telegram were built with encryption from ground up. Encryption makes it almost impossible for messages to be intercepted by anyone including the service provider, which makes it impossible for the provider to comply with government data requests.
Having local servers somewhat circumvents this limitation as local data can be immediately accessed without having to worry about laws of the country where the data would otherwise be stored. However, such a law is ineffective at best. Most service providers don’t keep the encryption keys themselves, consequently the content of such data will still be technically hard to access, although it can still be deleted, or such servers can be seized.
Additionally, users can use technologies like VPN, which offer easy and straightforward workarounds for anyone looking to circumvent country based blocks by service providers. Finally, even if such laws are brought into force, developers choose data centres based on high speed broadband networks, cheap power and cool climates; customer location is rarely relevant in this matter, and Iran is hardly the top choice for hosting data.
Indian Government wants local servers: In 2014, the Indian Government said it would ask social networking sites including Facebook, Twitter and Google, to have servers in India so as to keep tabs on objectionable content. It said that all such websites host content that is uploaded abroad, which creates a jurisdictional issue, hence the move. According to a Hindu report, last month the Government requested these companies to maintain servers in India, although the timeline for implementing it is not clear.
EU-US data agreement: In October, a European Court of Justice struck down the Safe Harbor mechanism which facilitated the transfer of personal data from the EU to servers hosted in the US, which essentially meant that user data generated in the EU would have to be hosted in the EU, and be governed by EU laws for data protection. The difference between the EU ruling and India and Iran’s plan is that the EU ruling is meant to protect its citizens from US spying, while India and Iran want to enable government spying and censorship on its own citizens.