Most reactions from the expert community to recent government initiatives affecting Russian internet regulation bring to mind an old joke about the difference between an optimist and a pessimist: while a pessimist moans and groans that, ‘It can’t possibly get any worse!’ an optimist happily reassures him ‘Oh yes, of course it can!’
For the last few years, the Russian government has been developing an arsenal of regulatory tools devised for Russia’s online space. Starting with a series of laws aimed at child protection and combating piracy, it has recently moved on to blocking online access to alleged extremist content. This has been broadly seen by commentators as another attempt to impose control over an online space, which had developed fairly organically for two decades (on 7 April 2014, the RuNet celebrated its 20th birthday).
Anti-government protest in December 2011. One flag is a modified version of Yandex's logo that reads 'I know.' CC Bogomolov.pl
These regulatory moves have been recently followed up with a law requiring popular bloggers to register as media outlets; and a set of anti-terrorist laws – introduced into the Parliament as a response to the Volgograd terrorist attack in December 2013 – requiring online platform operators to retain user communications data for up to six months. A bill requiring almost the same of telecoms is also being considered.
Tightening the digital screws
From 1 August 2014, bloggers whose websites have over 3000 followers/visitors per day (the methodology of calculation is not clearly specified) will have to register as mass media outlets. In effect, this imposes upon them the same content restrictions as newspapers and television. Authors will be held responsible for moderating any libel or defamation, and any content deemed illegal under current legislation. Paradoxically, the law allows authors to use a pseudonym to publish content – provided that their true name and contact details are also published on the website. If any court decisions are passed regarding their websites, these must be published as well.
Facebook and Twitter don’t even have a formal representative entity in Russia.
Unsurprisingly, the Russian blogosphere has viewed this as another attack on freedom of expression, particularly following this year’s decision to allow the Prosecutor General to blacklist, without a court order, any online resource promoting ‘extremism.’ This term leaves much room for interpretation, and the timing of such a decision makes obvious its true motivation – the ruling’s first victims were a number of opposition news portals: grani.ru, ej.ru, kasparov.ru as well as Aleksey Navalny’s blog. The chilling effect has already set in: Yandex and LiveJournal used to publish how many people visited a blog over a given time period, they have now removed this feature; in the case of Yandex, supposedly because 'social media has killed blogs,' in actuality, so as to make it harder for the authorities to measure a blog's monthly audience.
On 29 April 2014, the upper house of the Russian parliament passed new anti-terrorist laws, further expanding the security services’ capacities in cyberspace. The data retention obligations for ‘organisers of information dissemination,’ such as social media, blogging platforms and forums are referred to in the other law included in the package of regulatory measures; this includes storing the metadata of its users (details about communications separate from their content) for six months, to be available to Roskomnadzor (Russia’s communications regulator) and other empowered authorities.
While the law is to be applied to all platforms used by Russian citizens, it is not clear how it can be applied practically to situations where Russian citizens use foreign platforms like Facebook and Twitter, which don’t even have a formal representative entity in Russia. This perhaps explains the political pressure being applied, for foreign internet companies to invest in local data storage facilities; Maksim Ksenzov, deputy director of Roskomnadzor, hinted last week that a complete switch off could follow if they fail to comply. Such a compliance mechanism has long been in place. In practice, however, such a compliance mechanism has long been in place: both companies have a system of responding to requests from any state to block of remove content, provided that they are supported by the relevant domestic legislation. This is reflected in Twitter's Transparency Report and Facebook's Global Government Requests Report.
As usual, the legal inconsistencies will most probably be dealt with by trial and error.
As usual, one can expect the law to be applied in a selective manner, and the legal inconsistencies will most probably be dealt with by trial and error. The aim, however, is not likely to be a complete cut off of Facebook and Twitter to Russian citizens, but rather to have unrestricted access to users’ data through a restricted and closely monitored range of channels. At the same time, given the wide-ranging and expanding scope of Russia’s online surveillance capabilities, it’s hard to believe that there are still any internet resources left to be uncovered – the authorities seem to want to leave nothing to chance.
A walled garden
The tempo and volume of new legislation being implemented poses many questions about the adequacy of these measures as a solution to the supposed problems they are aimed at. There now exists a sweeping range of lawful methods for Russian authorities to collect information about suspicious individuals as well as to block unwanted content online; and, as always, extra-legal and behind-the-scenes arrangements are always possible.
The latest rumours highlight the true rationale behind this grip on the online space. According to information first leaked by Kommersant, the Russian government supposedly plans to build an independent closed Internet system isolated from the outer world, by prohibiting the location of DNS-servers for domains .ru. and .rf outside Russia.
The proposed infrastructure of data traffic would ban ‘local’ and ‘regional’ networks from sending data to internet networks outside of the country.
The proposed infrastructure of data traffic would essentially turn the Russian internet into a ‘walled garden.’ This rebuild would incur immense expense, and while it makes little economic or business sense, it would likely squeeze out smaller players, thereby creating a monopolisation of the critical infrastructure by a few key players, like Rostelecom, for instance; and this would certainly facilitate content filtering, for whatever purposes. But, argues Andrey Kolesnikov, head of the Coordination Center for TLD .ru/рф (ccTLD), such a rebuild also represents a threat to the Russian infrastructure of the internet, making it easier to cut it off from the core IANA servers, and thus the global internet system, which contradicts the publicly voiced reason for such a makeover, i.e. national security.
Kolesnikov is also surprised by the plans to pass on the current functions of the ccTLD, which controls the allocation of top level domains .ru and .рф, to a specially designated government agency, explaining that Roskomnadzor and other related agencies have always had a final say on all matters, and there have not been any problems so far. But, whether these radical plans are followed through or not, the real point of the state takeover of the nuts and bolts of internet governance in Russia (direct regulation coupled with informal micromanagement and arrangements) was made clear long ago.
Cyber security is state security
This trend of ever increasing regulation testifies to the ongoing construction of the ‘digital sovereignty’ architecture started several years ago, and much precipitated by the opposition riots in 2011, when the distributed and demonstrable power of online participation in the protests, for the first time posed a palpable threat to the dominance of the official narrative promoted by mainstream media. The justification for these measures, which look like a gradual enclosure of Russia’s ‘internet segment,’ is predominantly national security considerations.
Historically, privacy concerns have been secondary to civil liberty.
While the recent post-Snowden debate in the West has revolved around the balance between privacy and security, in Russia, the internet debate is primarily about balancing security with freedom of speech and access to information. Historically, privacy concerns have been secondary to civil liberty. The debate takes place mostly on social media platforms and blogging resources – the very online public sphere which is increasingly monitored by the state to identify any signs of a tangible threat to the stability of the system. The mix of reactionary and pre-emptive measures is intended to rule out such a possibility by minimising the debate or rather localising it. The case of VKontakte, the most popular social media platform in Russia whose founder and CEO Pavel Durov was gradually squeezed out of ownership – and the country – for what is seen as a reluctance to comply with law enforcement authorities’ requests to disclose user data, during the Russian protests of 2011, and the recent Ukrainian riots, is illustrative of this process.
Pavel Durov, the 29-year-old founder of VKontakte, has been systematically hounded out of his company.
The security concerns that lie at the roots of this approach are well explored by Keir Giles of Chatham House, who pinpoints the divergence between the Russian and Western understanding of cyber security. What might sound like conspiracy theory paranoia to the rest of the world is the core understanding of Russian concepts of cyber security as ‘information security,’ which in turn is part and parcel of national security.
As Giles puts it, the key difference between Russian and Western approaches to cyber security is the ‘Russian perception of content as threat. In the Russian list of issues of concern, this is expressed as the “threat of the use of content for influence on the social-humanitarian sphere.”’ Conversely, in the West, hostile code is recognised as a threat, while the OECD promotes the ‘free flow of information and knowledge, the freedom of expression, association and assembly, the protection of individual liberties, as critical components of a democratic society and cultural diversity.’
The internet has been perceived as a potential hazard since it first appeared on Russian territory in the 1990s.
Despite its mostly unregulated development, until recently that is, the internet has always been perceived as a potential hazard since it first appeared on Russian territory in the 1990s. President Putin made this clear during his recent speech at the media forum in St Petersburg, where he voiced the strategy for Russian internet development. His description of the internet as a CIA project says much about how the internet is perceived at the higher echelons of power in Russia.
Snowden’s revelations last summer stoked these fears by exposing the electronic surveillance carried out by the US government through multiple digital channels, including popular social media platforms and other online service providers. However, the declared intended ‘protection’ of Russian users from foreign surveillance, by no means rules out domestic surveillance, which now will be strengthened by the new regulations.
Fighting the external enemy
The Russian government under Putin has often favoured a public policy of ‘fighting the external enemy,’ as a means of winning over public support for tough security-driven policies at home; and the latest developments in Ukraine have created a favourable backdrop for intensifying such measures. The perceived role of the US and the EU in the escalation of the Ukraine crisis serves as another justification for digital separatism. This is a policy not totally without valid reasons, given the mounting sanctions, which include demands on big IT companies like Microsoft and Oracle to stop cooperating with Russian partners, and Visa and MasterCard’s obligations to stop servicing a number of Russian banks.
The perceived role of the US and the EU in the Ukraine crisis serves as another justification for digital separatism.
At the same time this strategy has proved very popular with the majority of the Russian population, and has won overwhelming popular support through the ongoing state propaganda employed in the Ukrainian crisis. Pushing the emotional buttons of patriotism, the authorities obtain what could be seen as carte blanche to protect Russians outside Russia as well as inside the country, by fencing them off from a belligerent West.
Dependence and independence
Ironically, the desire to beef up Russia’s domestic IT industry could be beneficial to Russia. As Natalia Kasperskaya, head of a leading Russian information security firm, InfoWatch, points out, Russia is highly dependent on Western technologies in many vital sections of its economic and business life; although most banking and other financial institutions already operate on Russian software products, hardware would take much longer to substitute because, in the 1990s, foreign competition, and Russia’s destitute economic condition made its microelectronics virtually grind to a halt. It would, however, take long-term investment into IT and other sectors to remedy this dependent situation.
Plans for Skolkovo, billed as 'Russia's silicon valley.' Development has allegedly cost billions though little has been built.
In the short term, the policy of fencing off the RuNet would affect international business cooperation and scientific exchange across the world, slow down innovation and inflict reputational risks on Russian companies such as Yandex, Mail.ru etc, market leaders that have proved to be extremely successful competitors to Western internet giants, in mailing and search services not only in Russia but in the CIS. This risk was highlighted by the market reaction to Putin’s comments about alleged Yandex’s collaboration with Western actors.What is the point of targeting the foreign part of the Russian internet while suffocating domestic business?
What is the point of targeting the foreign part of the Russian internet while suffocating domestic business?
As ludicrous as it might seem, there is always a thought-through rationale based on weighing various risks and benefits. Freedom of speech and access to information – secured by the Russian Constitution – as well as business needs, are being sacrificed on the altar of security concerns; and these concerns represent an existential condition for the current power architecture of total vertical control over societal issues.
The great firewall of Russia
Yet, even in a worst-case scenario, it is unlikely that after so many years of successful development, the RuNet will be totally fenced off.
Firstly, Russia is deeply integrated economically and socially with the rest of the world, and given the effect of increasing sanctions, further isolation would deliver an extra blow to both sides. Secondly, a huge part of the Russian population, including but not confined to the progressive middle class, are used to having unrestricted access to some popular foreign internet platforms and services. Significantly restricting or cutting those off, coupled with other measures of squeezing the online space, could also enrage that part of the population, which the current authorities see as their core supporters. Finally, there is still the hope that there will some sort of push back by the industry, that would feel the effects of increasing regulation most directly.
While it is hard to imagine the RuNet being totally cut off from the rest of the world, the trend of ever-increasing state regulation does offer a troubling hint of the future systemic consequences. According to Vedomosti, state funding of ‘Information society’ programmes (2011-2020) will shrink over 2017-2020 by 10.49%, about 52 billion roubles (£870m). Reportedly, this cut will mostly affect the ‘Information environment’ part of the programme, which oversees bridging the digital divide and developing a digital information society. Of course, it is easy to suggest that this part of the agenda was never a top priority, unlike building up surveillance and secret communications tools as well as IT capacities for core industries like defence.
Cyber-arms competition and internet ‘Balkanisation’ means poorer internet access, slower speed and more content filtering.
The smooth annexation of Crimea, supported by an arsenal of cyber measures, could be just one example of this emphasis on increasing surveillance; and not only in Russia: despite their proclaimed commitment to revise their operations, with privacy concerns in mind, the US authorities also seem likely to further scale up their cyber security capacities, including foreign surveillance, a mutual development that recalls the long forgotten arms-race, but revised for a new generation, this time on a digital level.
Experts may still be divided into optimists and pessimists when it comes to the future of the RuNet, but for the ordinary Russian internet user one thing is clear: cyber-arms competition and internet ‘Balkanisation’ means poorer internet access, slower speed, more content filtering and, perhaps most importantly, higher prices. If the government is to go ahead with building this ‘great Russian firewall’ the costs will most likely be passed down to the service providers and communications operators, and then to the end users.
Standfirst image: CC RIA Novosti.