FSB Blocks MAX Messengers Access to Government Services Over Security Concerns

The FSB has presented a comprehensive list of concerns regarding the user data protection of the national messenger MAX, which must be addressed before the communication service can be connected to «Gosuslugi,» as reported by Runet.

In order for MAX to be launched fully as an official domestic messenger, it needs to be integrated with the Unified System for Identification and Authentication (ESIA), utilized for citizen authorization on the «Gosuslugi» portal and other government resources. This issue was discussed at a meeting of the Government Commission on Digital Development, where the FSB provided a list of observations and requirements to VK, the company responsible for developing the instant messaging service, that must be met prior to connecting MAX to the ESIA.

Among the document’s stipulations is the need to create a threat model to ensure the protection of user personal data, as well as a requirement to establish contracts with FSB-licensed entities for technical and export control, as well as with the FSB itself for auditing purposes. It will be necessary to implement certified FSB encryption tools of a specific class to establish a secure communication channel with the ESIA, along with providing the messenger’s source code for review.

Sources indicate that such requirements are standard for all systems handling ESIA data, as information leaks could pose significant risks for «Gosuslugi.»

As of now, there have been no official comments from MAX’s press service; however, insiders at VK believe that most of the FSB’s concerns can be resolved.