Not only is the Kremlin discussing a “kill switch” program to unplug Russia from the global Internet in cases of emergency, but also it is accelerating the enactment of a personal data law that might result in Facebook, Twitter and Google eventually leaving the country.
Data Center Manager walks in one of the server rooms at the Facebook Data Center, its first outside the U.S., in Swedish Lapland. Photo: AFP
This week Russia’s Security Council might give the green light to a bill that could allow the Kremlin to switch off Russia's Internet in case of an emergency situation, for example, during a war or large-scale protests. This move has already been met with criticism and is seen as a warning sign for Internet freedoms in Russia, especially when viewed against the backdrop of other recent legislative initiatives, including the law on personal data storage that obliges foreign Internet companies to store information about Russian citizens on Russia-based servers.
Signed in July, this law on personal data storage was initially supposed to come into force in September 2016, but then the authorities rescheduled the enactment of the law to January 2015, which means that foreign companies such as Facebook, Twitter or Google should transfer all personal data of Russian users to Russia-based data centers within three months in order not to be blocked.
Such a quick timetable to enact the personal data law conjures up the image of a “digital iron curtain,” says Pavel Sharikov, a cyber security expert from the Institute for U.S. and Canadian Studies. According to him, both the Kremlin’s plan to discuss the kill switch program and the personal data law are “links in the same chain” that might result in Russia’s information isolation.
“They complicate the work of foreign telecommunication companies, which force them either to decrease their business in Russia or leave Russia’s market. It is hardly likely to happen, but Google left China four years ago and it doesn’t seem to have regretted it,” Sharikov said, adding that information isolation will not be a boon to Russia’s foreign policy in the 21st century.
However, the Kremlin claims that the law aims at withstanding increasing unpredictability in information security because it doesn’t trust the West, as indicated from the statement of Kremlin spokesperson Dmitry Peskov.
"We know [who] the main administrator of the global Internet is," he told the Interfax news agency, meaning the U.S. "And due to this unpredictability, we have to think about how to ensure our own national security.”
James Lewis, Director and Senior Fellow of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS) argues Russia is indeed concerned with ending the West’s “information hegemony” and, in fact, fears an attack by the U.S.
Likewise, Sharikov argues that, “Russian authorities clarified that they are not discussing the autonomous Russian Internet network, but the possibility that European and American leaders would cut Russia off the global Internet as another punitive sanction.”
There are many ways to seriously affect Russian cyberspace both from inside and outside, he said.
Meanwhile, Lewis argues that Russian Internet policy reflects larger trends."The politics of the Internet have changed as countries realize that the Internet has borders," he said. "It is a physical construct and all the devices that create it are subject to national jurisdiction. This means that countries can exert sovereign control.”
According to him, all this indicates that the nations seek to create “their own rules for their national networks” - for data localization, privacy, acquisitions, and security.
However, in Russia such restrictive and hasty policy may lead to serious implications, at least, because of the lack of necessary facilities. For example, storing a huge bulk of personal information in Russia will require building new data centers and change the whole architecture of Russia’s IT industry. This is time-consuming and hardly likely to be implemented in three months when the personal data law should take into force, as indicated from an open letter from the lobbying group, the Information & Computer Technologies Industry Association.
However, the Kremlin seems unlikely to wait. Russia’s Oversight Communication Agency (Roskomnadzor) warned Google, Facebook, and Twitter last Friday and demanded that they register as “organizers of information distribution” to observe the law.
Russia’s prominent blogger and IT expert Anton Nosik is concerned with the implications of the law for both Russia and foreign companies. He argues that the major goal of the law is political censorship because it is obvious that none of the Internet providers will be able to comply with it to a full extent.
“There is two-step cut-off technology. Initially foreign [Internet] companies are required to transfer all personal data to the platforms controlled by the FSB [Russia’s Intelligence service]. And then they are switched off for non-compliance. I mean we are switched off from them,” he wrote in his blog that was republished by the Echo of Moscow opposition radio station.
Beyond the Kremlin’s rapid move to step up Internet control
Meanwhile, Sharikov assumes that the Russian Security Council’s session on Internet security this week might be the response to the statement of U.S. Department of Commerce Representative Lawrence Strickling that the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based non-profit company, is likely to relinquish the idea of government control over the Internet. After all, such initiatives may challenge Russia, which advocates for greater government control of the Internet.
Given the current pressure to change the system of Internet governance in the U.S. and other countries, it may give “Russia an opportunity to buttress its national controls by getting international agreement to increase government’s ability to control ideas,” Lewis agrees.
“We are facing a messy, global debate to define the boundaries between sovereign control, extraterritorial networks, and universal rights, but there is a global expectation that nations will respect their commitments to universal rights in any new governance system,” he said.
An article published on the Kaspersky Lab website seems to echoes his view.
“The World Wide Web is starting to disintegrate,” it reads. “Countries don’t want to let even one single byte of information leak from their national webs. This trend will only increase even more extensively; legislative restrictions will be followed by technical ones.”
Yet both Sharikov and Lewis warn that greater regulation of the Internet (either in the form of fragmentation or “nationalization”) might have its side effects.
Even though it may give the Russian government more power in regulating traffic and “to some extent such measure is justified, understandable and consistent with legal practice of other countries,” it might at the same time pull down a new “digital iron curtain” and lead the world closer to a new Cold War between Russia and the West, Sharikov said.
Although governments are responsible for protecting their citizens in cyberspace and upholding the law, there are two problems: the flexibility of the idea of sovereignty and easier dissemination of ideas through the Internet.
“First, the idea of sovereignty is in flux,” Lewis said. “Before 1945, sovereignty meant that whatever nations did within their borders was their own business and no one should interfere with their internal affairs. This led to global war. After the war, nations adopted universal protections for human rights. They did this because states that don’t respect the rights of their citizens also won’t respect the rights of neighboring countries. Universal rights increase stability, but Russia and a few others still oppose them.”
As the Internet makes it much easier to send ideas across borders, it creates a second challenge, Lewis explains.
“Ideas are not weapons, but the Internet creates immense political risk for countries that fear political change,” he said. “A foreign website can host material Moscow finds objectionable, and efforts to block it won’t always work. National controls are inadequate for stopping digital samizdat, since the rules countries impose on their national networks lack extraterritorial reach.”
At first glance the Kremlin seems to have stepped up its tenacity in regulating the Internet in the wake of the information war over Ukraine on the Web. However, attempts to curb the Internet came long before the Ukrainian crisis, when Russian President Vladimir Putin came to power for a third presidential term.
The Internet blacklist law in Russia, which went into force almost six months after Putin’s presidential inauguration in 2012, and was aimed at protecting children from information "detrimental to their health and development," creates the so-called black list of dubious websites containing prohibited information such as child pornography, the promotion of suicide, drug use, extremism or religious and national hatred.
Even though the law aims at increasing information security, Russia’s Presidential Human Rights Commission viewed it as an attempt to censor the Internet, with Russia’s Media and Communications Minister Nikolai Nikoforov claiming that the law was supposed to bring transparency to existing practices, not “to introduce censorship or any sort of influence on media.”
Does Russia really want a fragmented Internet? Photo: Reuters
To what extent is the Russian Internet vulnerable?
In February 2013 Russian members of parliament came up with the controversial “Concept of Legal Regulation of the Internet”. Among the measures proposed by the document were not only the fight against cybercrime, and the rules of self-regulation for social networks, but also the protection of personal data and information “in accordance with the law of the Russian Federation," a move that became the precursor to the personal data law adopted when the Ukrainian crisis was in full swing.
In about five months, the Russian Communications and Mass Media Ministry conducted a drill aimed at testing Internet security and warding it off from “unfriendly” action. And the drill revealed that the Russian Internet is vulnerable, which provided a reason for the Kremlin to look for different ways to minimize the risks.
What seems to have been a catalyst for the Kremlin and its plans to increase control over the Internet was the revelation about U.S. mass surveillance by former National Security Agency contractor Edward Snowden, who received asylum in Russia last year. All these events seem to have anticipated the discussion of Russia’s Security Council on Internet blackouts.
In this context, some experts ask if Russia will follow the examples of other countries such as Egypt, Libya, North Korea and China that have been regularly cut off the internet during periods of protest and public unrest.
Internet fragmentation: Will Russia follow China’s example?
One of the most notorious cases of an Internet blackout was orchestrated by China in 2009, when it cut off the Internet for 10 months in its Xinjiang western province during large-scale protests between the Muslim Uighurs and Han Chinese that killed about 197 people.
In fact, before blackouts China stepped up its control over the Internet by coming up with the notorious Great Chinese Firewall and Golden Shield projects, a set of censorship and surveillance methods blocking opposition websites and filtering all controversial information. Since 2002, it has been systematically blocking many Western websites, including Facebook, Twitter, The New York Times, Voice of America, YouTube as well as less prominent websites of news groups and those of human rights organizations.
In addition, China’s authorities created their counterparts of Facebook, YouTube and Twitter, nationalized the Internet and created a new model of regulating Internet freedoms.
It remains to be seen if Russia will follow this example, given it has already established a national social network (Vkontakte), national search engines (Yandex and Sputnik) and a national Internet. And now it currently seeks to create data centers that will store personal data of its citizens.