Digital sovereignty à la russe

Russia’s digital security doctrine is isolationist and authoritarian. It not only trumps the ​​development of the country, but blocks it. RU

Dmitry Lebedev
3 November 2017
photo_2017-07-23_23-11-28 (2).jpg

March "For free Internet", July 2017, Moscow. Source: "Leviy blok" / Telegram.

December 2016 saw Russia adopt a new Information Security Doctrine. Signed off by President Putin, the 2016 document replaced the outdated ISD from 2000. The new doctrine places even greater emphasis on the technological capabilities of a “number of foreign countries” that can be utilised to “impact information infrastructure for military purposes” and, perhaps most importantly, “destabilise the domestic political and social situation” in different countries, ultimately undermining their sovereignty.

This focus on technological and digital sovereignty in an era of communication that is challenging traditional political geographies is a crucial feature of the modern Russian state. For several years now, ever since the protests of 2011 and Edward Snowden’s US surveillance leak of 2013, the Russian authorities have been feeling out the limits of an acceptable level of online control. And, unfortunately for ordinary users, they’re not about to stop doing so anytime soon.

This focus on technological sovereignty in an era of digital communication represents a crucial hallmark of the modern Russian state

It’s not only odious State Duma deputy Sergei Zheleznyak who’s been speaking about digital sovereignty of late — various incarnations of digital sovereignty are integral to the public discourses of most countries. The idea of ​​reining in global information flows and at least partially subjugating them to the control of certain traditional or not so-traditional jurisdictions (the European Union, the nation state, municipal administrations) has become particularly attractive in the wake of the Snowden affair. The incriminating materials leaked by Snowden largely confirmed the thesis that the sole hegemon and sovereign in the modern world is a coalition of countries and institutions headed by the United States (especially in the wake of 9/11 and the adoption of the Patriot Act by the US government).

Both in Russia and the west, Snowden’s revelations, coupled with the growing influence of major American platforms like Google, Facebook and Uber, have served to catalyse the development of diametrically opposed conceptualisations of sovereignty. In west European intellectual discourse, which has been greatly influenced by the thinking of Belarusian-American internet critic Evgeny Morozov, technological sovereignty has come to be understood as a complex of democratic measures designed to contain the appetites of digital capitalism and to protect data from the National Security Agency. To a certain extent, this means popular sovereignty 2.0 at the regional and city levels. By way of example, this is precisely the direction being taken by the left-leaning municipality of Barcelona, which has been ​​striving to create a “digital city” in step with bottom-up initiatives and without pandering to platforms like AirBnB.


Evgeniy Morozov. Photo CC BY 2.0: Daniel Seiffert / Wikimedia Commons. Some rights reserved.

Unfortunately, Morozov hasn’t spoken quite as frequently about what happens when the concept of technological sovereignty is deployed by a state with strong isolationist and authoritarian tendencies. In Russia, for instance, democratic control over online norms has been almost completely supplanted by the authoritative decisions of the state. The apparent legitimacy of these decisions is periodically reinforced by interventions from Kremlin-puppeteered and reactionary social bodies such as the Safe Internet League, who happily support online censorship. Furthermore, as evidenced by the never-ending series of controversies around the American elections, technological sovereignty as understood by the Kremlin is clearly geopolitical in nature. It means hacking attacks (laying the blame for which directly at the door of the state is virtually impracticable); it means the recently adopted law on the security of critical information infrastructure; and it means attempts to create Russian-produced software for government agencies.

Technological sovereignty as understood by the Kremlin is clearly geopolitical in nature

In a sense, the steps being taken by the Russian state are consistent with the traditional logic of sovereignty as expounded by German lawyer and philosopher Carl Schmitt. In Schmitt’s eyes, the sovereign is the person who decides on the state of exception; the sovereign is also above the law and delineates the norms within a political community. On the other hand, sovereignty in the classical sense presupposes a specific physical territory within which these norms develop, and beyond which lie the territories of other sovereign states (and potential enemies). Russia is striving towards a geopolitical order of the Westphalian type, wherein sovereign states and public spheres are under sovereign control.

The networked structure of the internet, however, is blurring these customary geopolitical contours. States fixated on their own security are forced to adapt to the new reality in active fashion, spawning new monsters as they do so.

Sovereignty outsourced

Russia is not the only country in the post-Snowden era to have given serious consideration to the possibility of bringing the internet under control. For instance, Russia’s fellow BRICS member Brazil actively entertained the prospect of compelling internet companies to host data pertaining to Brazilian citizens within Brazilian territory, but ultimately, and in contrast to Russia, abandoned these plans. Moreover, various objectionable internet control laws have been adopted in ostensibly democratic and progressive countries as well: the UK’s Investigatory Powers Act of 2016 “legalised a whole range of tools for snooping and hacking […] unmatched by any other country in western Europe”, while Germany’s social media hate speech law proved such a hit with Duma deputies that it inspired a copy-and-paste Russian version.


"Hackers - free people, like artists, - they are in a good mood, they wake up in the morning and begin to draw". (c) Alexei Druzhinin / Zuma Press / PA Images. All rights reserved.

What sets Russia apart here is the emphasis placed on state security. This emphasis predates the 2011 protest wave (Bolotnaya Square, the Arab Spring and so forth), taking its rise from the Soviet military-industrial complex and the ideological injunction to preserve the Soviet system. This continuity has been effectively described in the book The Red Web. Journalist Andrei Soldatov, one of the book’s co-authors, stressed in an interview with oDR that the information security doctrines of 2000 and 2016 are governed by a common militaristic logic:

In 2000, during the Second Chechen War, a search was announced to find those responsible for Russia’s defeat in the first campaign, and it was journalists who were branded the guilty party. This represented a sweeping purge of the information realm, and the internet of today is just that: a vast new information realm which is being purged by those selfsame epauletted progenies of the Soviet system.

Today’s couching of the notion of digital sovereignty in militaristic terms has a foreign-policy basis. The annexation of Crimea, the ensuing military conflict in the Donbass, the information war with the west — all this amounts to the proverbial hybrid war, with hackers and internet trolls as the keyboard soldiers of the online frontline.

The geopolitical nature of digital sovereignty has given rise to a state of affairs wherein it has become almost impossible to imagine a contemporary media landscape unpunctuated by news of the successes (and screw-ups) of Russian hackers. Two of the latest stories, for example, concern the use of Moscow anti-virus giant Kaspersky Lab’s software in the search for classified National Security Agency material, as uncovered by Israeli special services, and Facebook’s recent investigation of fake accounts linked to Russian actors.

Meanwhile, responding to accusations of Russian interference in the US elections, Putin famously compared “patriotic hackers” to artists who act on their inspiration. In fact, this discursive ploy reflects a reality in which technological sovereignty has become the prerogative not only of the state itself, but also that of a myriad affiliated groups — “troll factories”, patriotic hackers and so on. When convenient, Russia’s sovereignty can (and should) be outsourced.

Technological sovereignty has become the prerogative not only of the state itself, but also that of a myriad affiliated groups, be it “troll factories” or patriotic hackers

Despite its strong-state rhetoric and professed desire, according to the information doctrine, to further the development and implementation of the norms of international law in the digital environment, the Russian state contravenes these norms through the activities of its proxies, whether trolls or hackers or volunteers in the Donbas.

Iron firewall

After the protest wave of 2011-2012 and the events of the Arab Spring, enthusiastically dubbed the Twitter Revolutions, the Russian state decided to systematically step up the pressure on the internet inside the country, both in its role as a public forum and in its capacity as an economic sector (whose key players are successful private companies like Yandex and VKontakte). Artem Kozlyuk, head of Roskomvoboda, an organisation specialising in digital rights protection, comments:

Five years ago, when internet penetration in Russia exceeded the 50% mark, the state felt the need to turn its attention to the digital sector. They were possessed by a certain fear back then, so all their steps towards regulation were chaotic. Now, though, the state has gained experience.

It might be said that in 2011 the state began to believe in the debatable thesis about the emancipatory and subversive function of the internet (and of social media in particular) — a thesis which effectively became mainstream in the wake of the Arab Spring. There were ample grounds for this. As oppositionist politician and IT expert Leonid Volkov tells me:

The parliamentary elections of 2011 witnessed falsifications that weren’t fundamentally different from the falsifications of 2007. But in 2007 there was no YouTube, there were no videos [concerning violations and falsifications]. These videos stirred people up and so people took to the streets. And now the authorities are doing their utmost to prevent this from happening again: they’re trying to increase the ‘viscosity’ of the media environment and slow down the dissemination of information.

One of their most often resorted-to and, at first glance, absurd tactics is the administrative and criminal prosecution of users for reposts on the grounds that they’ve violated Article 282 of the Russian Criminal Code (“actions aimed at inciting hatred and enmity”). If 2011 saw 82 people convicted under part one of that article, which encompasses incitements to hatred “via mass media”, that figure had more than quadrupled by 2015 to reach 369 convictions.

According to Volkov, “all these pinpoint repressions for likes and reposts [on social media] are designed to make the dissemination of information harder and slower, so that people think twice about whether or not to repost something. Thousands of people repost the same material, but ultimately only a single individual is accused of extremism — an element of pure chance that acts as a terrifying deterrent. That’s what official policy regarding the internet is really all about — it’s state-perpetrated terrorism.”


In August 2014, Darya Polyudova was sentenced to two years in a colony-settlement on charges of carrying out extremist activities. Source: Darya Polyudova's personal page in the VKontakte network.

Despite the fact that Russia is far from alone in its appetite for banning measures (one need only consider neighbouring China, whose Great Firewall must be the Great Wet Dream of the FSB’s top brass), its digital sovereignty has a rather paradoxical character. Control over the internet is subject to legislation, although the laws themselves would be declared unconstitutional in any independent court. Ever since the 1990s, ISPs have been obliged, as per a decision taken by the FSB, to install the infamous “black boxes” of the so-called Law Enforcement Support System (SORM). These black boxes intercept internet traffic, but the provider remains unnotified: although the law requires the FSB to have a warrant in order to access the data, its personnel aren’t obliged to show this warrant to anyone but their own superiors.

Control over the internet is subject to legislation, although the laws themselves would be declared unconstitutional in any independent court

A similar logic is at play in the recently adopted “Yarovaya law” (named after Russian lawmaker Irina Yarovaya), which, unprecedented in its scope, obliges telephone and operators to store records of all communications for six months. This measure unequivocally violates Russian citizens’ constitutional rights since the collection of such data cannot take place unless authorised by a court ruling or by consent of the citizens in question.


Irina Yarovaya. Photo CC BY-NC-SA 2.0: Council of the Federation / Flickr. Some rights reserved.

As Artem Kozlyuk emphasises, the Russian authorities want to regulate the internet “within the limits prescribed by law, but, at the same time, the laws themselves have manifestly undemocratic foundations that run afoul of the constitution, and they are implemented in an illegitimate manner.” The result is a textbook Schmittian scenario: the norm comes to be determined by way of an arbitrary departure from the constitutional order.

Blockhain blues

In the wake of the annexation of Crimea, the events in eastern Ukraine, the deterioration of relations with western states, and, concomitantly, Russia’s conservative turn (“spiritual bonds”, “traditional values”), the notion of digital sovereignty seems maximally ambiguous. On the one hand, it reflects Russia’s “unique path” in the global digital space; on the other, it seeks to emphasise the state’s supposedly keen interest in modern technologies and, consequently, its clout and ambitions in the world arena.

The culmination of this eagerness not only to prohibit but also to spearhead has been an abrupt pivot in semi-official discourse, what with recent remarks that Putin is “ill with the idea of blockchain” and the president’s own observation that the first country to perfect AI will come to rule the world. Thus, technological sovereignty is framed not simply as a reaction to threats from the west but also as a means of gearing Russia toward the future.


Blockchain is a method of data storage or a digital register of transactions and contracts. (c) Jens Kalaene/DPA/PA Images. All rights reserved.

Generally, Russia’s information security doctrine places particular emphasis on the need for domestic technological developments, serving once again to confirm the thesis that technological sovereignty in the twenty-first century is less a political than a politico-economic issue — as amply evidenced by the mutual economic espionage between China and the US. In the case of Russia, however, security — understood in an isolationist and authoritarian spirit as the sovereignty of lawlessness within the country and occasionally beyond its borders as well — not only trumps the idea of ​​development, but also blocks it. Thus, scrutinising the programme adopted by the Russian government for the development of the digital economy, one cannot fail to notice that the emphasis has yet again been placed on guaranteeing the country’s digital sovereignty, the conceptual foundation of which must, according to the programme, be elaborated by the end of 2018.

But all the complacent and ostensibly progressive conversations about building Russia’s “digital economy” have been rendered invalid by the adoption of the Yarovaya law, officially framed as an instrument in Russia’s fight against terrorism. Moreover, this law will impose a huge financial burden on communications service providers — and consequently on users as well: another example of outsourcing technological sovereignty while maintaining the image of a strong paternalistic state. Andrei Soldatov makes precisely this point: “In this case, we’re dealing with a mechanism of pressurising the market, wherein its players must essentially bear the brunt of all the repressive laws.”

Meanwhile, voices in the expert community have underscored the unworkability of the new initiative. Alexander Litreev, cybersecurity expert and creator of the popular Telegram channel CyberSecurity and Co., points out that “the Yarovaya law cannot be implemented. Firstly, the requisite number of hard drives simply doesn’t exist, and secondly, by no means all traffic is amenable to decryption. There could be an attempt to set up some kind of state SSL certificate to intercept secure HTTPS traffic — something that’s been happening in Kazakhstan — but, given the lay of the political land in Russia, such a scenario is highly unlikely.”

The law won’t be conducive to more effective surveillance of the citizenry, but it will help to rake in the big bucks

As Leonid Volkov has suggested, possible beneficiaries of this bill could include entrepreneurs with connections to state authorities — particularly Natalia Kaspersky and Igor Ashmanov, who actively lobby for the idea of ​​digital sovereignty. According to Volkov, the purpose of the law is to “enable the theft not of ten billion [roubles] a year, as happens on the SORM market, but one hundred billion. The law won’t be conducive to more effective surveillance of the citizenry, but it will help to rake in the big bucks [from the embezzlement of budget funds allocated for the implementation of the law]. Technically speaking, it cannot be implemented.”

The real meaning behind Putin’s “blockchain malady” and his desire to develop the digital economy manifests itself (for instance) in the idea of ​​bringing crypto-currencies under strict state control. Such a move would turn the Russian state into the sovereign guarantor of an emerging new market, potentially giving rise to monopolisation, as has occurred in many other industries.

Kozlyuk sees a similar logic of monopolisation both in the aforementioned law regarding the transfer of Russian users’ personal data to Russia-based servers and the draft law on critical infrastructure:

The law represents an attempt to put cross-border internet traffic under state control. This traffic is currently controlled by ten to twelve communications service providers, but there have been years of attempts to reduce their number and impose strict controls over them. But the transfer of cross-border traffic into the hands of the state won’t miraculously entail a degree of protection for our users. On the contrary, the risks will be greater.

Kozlyuk is echoed by Alexander Litreev, who believes that “the concentration of infrastructure in one place only serves to make the system as a whole more vulnerable. Which is why the law’s requirements regarding the protection of personal data, for example, not only fail to protect said data but actually make it more vulnerable.” As regards the transfer of data to Russia-based servers (a move ultimately rejected by the Brazilians) Andrei Soldatov maintains that “data localisation is a worldwide trend, and one that companies would adopt even without pressure from the state.”

Digital sovereignty à la russe means authoritarian control, monopolisation and centralisation

Digital sovereignty à la russe, then, means authoritarian control, monopolisation and centralisation. Much like Russia’s Constitution, the digital doctrine clearly articulates the rights and interests of citizens and society, and yet these rights and interests are ultimately relegated to the background as soon as the matter becomes one of “national interests 2.0”. Far from being legislatively positive and stimulating, contemporary digital sovereignty gives rise to an entire series of negative measures that only undermine this sovereignty in the long run.

Grey zone

Taking for an axiom the thesis about the subversive nature of the internet, the modern Russian state has become hostage to a dangerous illusion within the parametres of which it is compelled to act. According to Soldatov, aggressive controls over the information environment and a policy of isolation “are incongruous with the very logic of the net, evolving as it does in an open milieu.” And if, domestic policy-wise, the state is engaged in the active creation of precedents serving to block online democratic discussion, the principal foreign-policy consequence of the commitment to digital sovereignty has been the creation of an image of Russia as a global villain backed by an army of talented hacker patriots; what it certainly hasn’t ushered in is a return to a Westphalian world order with its geopolitical division of labour between advanced countries.

Russia, forced to operate in a digital environment it regards as suspiciously open, has set about intensifying its militaristic tendencies, even though it could, theoretically at least, offer the post-Snowden world a much-needed alternative vision for how to develop and manage the global digital space. This alternative could be a networked popular sovereignty based not on the Cold War-style paranoia that the US, too, is guilty of stoking, but on democratic controls over the net akin to those being implemented in Europe at the municipal level.

Yet classical Schmittian sovereignty, with all its moral-militaristic connotations, mutates in the information age into a paradoxical logic that deflects and masks state responsibility even as it puts a premium on the state interest. Technological sovereignty of this kind becomes a “grey zone”. A zone characterised by laws that run contrary to the constitution and are observed selectively, rather than consistently. A zone with a rhetoric of development that doesn’t impact the public sphere. Which safeguards sovereign democracy via technologies that exert pressure on the democratic element.

Technological sovereignty à la russe is nothing other than a mirror image of the suspended and frozen conflicts in which the Kremlin has had a hand in recent years. Its indeterminate and self-contradictory nature plays into the hands of Russia’s kleptocracy and its short-term economic interests, but in the long run is unlikely to lead to anything good — whether politically or economically.

Agora International Human Rights Group has a new report on how Russian state surveillance is ramping up. Read it here.

Get oDR emails Occasional updates from our team covering the post-Soviet space Sign up here


We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram WhatsApp yourData