The Evolving Policy on Geographical Data and Payment Information Transfer
A new decision by the Federal Security Service (FSB) regarding the transfer of geographical data and user payment details from Internet companies to law enforcement could impact the dynamics of the dark web market. This assessment comes from Igor Bederov, head of the information and analytical research department at T.Hunter, speaking to socialbites.ca.
The FSB’s directive targets owners of Internet sites and services that appear in the register of information dissemination organizers (ORI). The ORI list includes social networks, instant messengers, forums, and other services registered with Roskomnadzor. The FSB argues that storing geolocation data and payment information, and transmitting them to law enforcement, would enhance the effectiveness of operational search activities. Bederov cautions that this obligation could, however, spur growth in the shadow market for geodata and payment information on the dark web.
“I do not rule out the emergence of corrupt law enforcement officers who will sell citizens’ geodata and payment details to third parties on the dark web or in telegram forums. The current market for phone number punching functions on a similar model, but data is sourced from telecom operators rather than ORI,” Bederov explained.
According to the expert, payment information obtained through such channels could be misused for targeted fraud against affluent individuals, aiming to steal funds. Geolocation data, meanwhile, would be valuable for surveillance efforts by attackers.
“If this information is leaked on a broad scale, shadow services may arise to track people in near real time,” he added.
On the broader picture, Bederov argues that the transfer of these data categories serves as useful and necessary information for the bodies of the Ministry of Internal Affairs and intelligence services. He notes that similar practices are already in place in many other countries.
As an illustration, he pointed to the United States, where such data are not only transmitted but also automatically copied to the servers of the National Security Agency for careful analysis and monitoring.
The discussion around data transfer also touches on the practical realities of data management, including how data is stored, who can access it, and the safeguards in place to prevent abuse. The evolving regulatory framework raises questions about privacy, security, and the balance between public safety and individual rights.
Historical observations show that personal data such as photos and login details from smartphones frequently become vulnerable during repairs and similar service processes. This context underscores the ongoing need for robust privacy protections and transparent oversight as governments consider requiring cross-border data sharing and proactive analysis by security agencies.
Industry observers in North America note that any expansion of data access for law enforcement must come with strong accountability measures, strict audits, and clear limits on how data may be used. In the United States and Canada, policymakers are continually weighing the benefits of rapid investigative capabilities against the risks of misuse and unintended consequences for everyday digital life.
Ultimately, the policy shift under consideration signals a broader trend toward greater integration of law enforcement with digital service ecosystems. Stakeholders are urged to monitor developments closely, assess the potential impact on user trust, and advocate for safeguards that protect privacy while enabling lawful, necessary cooperation with authorities.