Private Internet Access is informing users that some of its servers in Russia may have been seized by the authorities. The company believes that it may have been targeted due to its strict no-logging policy, something which puts it at odds with Russian data-retention rules.
In a digital world where surveillance and privacy invasions are becoming more commonplace, increasing numbers of Internet users are improving their online security.
As a result, in recent years there has been an explosion in people deploying privacy-enhancing tools such as VPNs, which enable anyone to add an extra layer of protection against online snoops.
One of the most successful companies in this field is London Trust Media, the makers of the popular Private Internet Access (PIA) service. The company prides itself on its dedication to security and is possibly the only operator to have its strict no-logging claims tested in public.
But while a no-logging policy is an essential requirement for thousands of VPN customers, authorities in some regions see them as a threat. This morning, PIA is reporting a development in Russia which has left it with no other option than to leave the country.
In an email sent out to its users, PIA explains that due to the passing of a new law last year which requires Internet providers to hold logs of Internet traffic for up to a year, it has become a target for Russian authorities.
“We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN provider,” PIA announced.
The law to which PIA refers was passed by Russia’s State Duma in July 2014 and enacted September 2015. It requires that all web services store the user data of Russians within the country. This means that international companies could be forced to have a physical local presence, to which Russian authorities potentially have access.
While the deadline for compliance is technically September 2016, Private Internet Access says that given the server seizure and future privacy implications, it will no longer be doing business in the region.
“Upon learning of the [seizures], we immediately discontinued our Russian gateways and will no longer be doing business in the region,” the company says.
“Luckily, since we do not log any traffic or session data, period, no data has been compromised. Our users are, and will always be, private and secure.”
Even though PIA has assured its users that there is nothing to fear, some remain concerned over the seizures. To those individuals, PIA is offering additional assurances that it’s going the extra mile to ensure total security.
“To make it clear, the privacy and security of our users is our number one priority,” the company says.
“For preventative reasons, we are rotating all of our certificates. Furthermore, we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place.”
If they haven’t already done so, users should update their PIA desktop clients and Android apps to get the new upgrades.
In response to the Russian incident, PIA says it will take the opportunity to evaluate other countries and their policies.
“In any event, we are aware that there may be times that notice and due process are forgone. However, we do not log and are default secure against seizure,” the company concludes.