Chinese President Xi Jinping and Russian President Vladimir Putin observe a parade in Beijing, Sept. 3, 2015.

Chinese President Xi Jinping and Russian President Vladimir Putin observe a parade in Beijing, Sept. 3, 2015. Ng Han Guan/AP

Science & Tech

Here’s How Countries Like China, Russia Control Online Dissent

Look at the physical systems that make up internet infrastructure, and you find a network that is a lot more centralized than you might think.

Nikhil Sonnad and Keith Collins ,
Quartz

|
By Nikhil Sonnad and Keith Collins ,
Quartz

In January 2011, protests broke out across Egypt to demand an end to the despotic and repressive regime of Hosni Mubarak. The protests were largely organized online, through social networks like Twitter and Facebook. Mubarak quickly realized this, and launched a counterattack: He severed all access to the internet from within Egypt.

Dyn Research, a internet performance company that analyzes how the internet performs, noted that Egypt’s Arab Spring shutdown started with just a couple phone calls from the government:

The prior day [before the internet shutdown], we had received a tip from an Egyptian telecom engineer that the government was warning some telecoms that they should be prepared to act quickly if the government ordered the shutdown of internet services. Just after midnight local time in Egypt, that order came and nearly all Egyptian access to the global internet was down in a matter of minutes.

This is what the Egyptian internet looked like after those phone calls.

Mubarak’s successful internet shutdown reveals the way we understand the internet is something of a paradox: On one hand, it looks like decentralized anarchy, a place where anyone can create and share information, and where these data make their way seamlessly from one user to another. But if that were the case, how could a country so easily turn off the entire internet overnight?

When you look at the physical systems that make up internet infrastructure, you find a network that is a lot more centralized than you might think. Users may access the internet through any number of networks, usually controlled by Internet Service Providers (ISPs), universities, or businesses. But on their way from point A to point B, they almost always have to stop at centrally located routing systems that handle huge amounts of traffic.

It is at these internet choke points that data become centralized, even if it is just passing through. The existence of these central servers is good news for the likes of Mubarak, by making it trivial to censor, spy on, or shut down the internet. In a more open ecosystem, no single entity—governmental, corporate, or otherwise—has access to enough of the traffic being sent along to exercise its will over the internet. And if the ecosystem is competitive, internet users can choose to abandon a provider that is known to be spying or censoring.

But we know that many countries are not open. Egypt in 2011 is a clear example. China, Iran, and others are known to regularly censor content and cut off sections of the internet. This is because, when the physical routes traffic takes are severely limited, it endangers the free flow of information the internet was supposed to provide.

Researchers at Harvard attempted to identify these choke points, and determine how easily a given country could control its internet. Theirresearch, published in 2011, analyzed data collected by the Center for Applied Internet Data Analysis on trace routes—actual paths taken by data transferred across the web. The resulting data come with some caveats: the particulars are a few years out of date, though they make up the most recent comprehensive, country-by-country analysis. Also, because there is no single source of data on internet routes, the methods they used to identify paths only produce an approximation of what the actual internet looks like. Still, this research provides a useful way of seeing how internet control works.

Arab spring: Egypt 2011

Let’s revisit the Arab Spring shutdown of 2011. The Harvard researchers identified three “points of control” for Egypt. They define these as the minimum number of points that together account for at least 90% of Egypt’s IP addresses, the unique numbers assigned to each device on the internet. Nearly all the paths data can take to get into or out of the country go through these three points. Each of these points represents an “Autonomous System,” or AS, each of which is responsible for sending data along to either another AS or, eventually, an end user.

If you live in Egypt, your home internet might connect via a local ISP like Yalla Online. But in order to access some part of the internet outside the country—like Facebook or Twitter—Yalla’s connection needs to first pass through a major AS, in this case one controlled by LinkDotNet, a larger ISP. The same happens for various other ISPs, businesses, or other networks, making LinkDotNet’s AS a gatekeeper between the internet inside and outside Egypt.

The largest AS shown here belongs to the Egyptian offshoot of Etisalat, a large telecom operator based in the United Arab Emirates. According to the researchers’ data, over 58% of Egypt’s IP addresses pass through the Etisalat AS. Again, this figure is just an approximation, but it shows the outsized influence of this point in Egypt’s network.

So to cut off nearly all of his citizens from Facebook, Twitter, and other sites, Mubarak only had to sever the global connections of these few AS’s.

China’s choke points

Egypt is not the only country with just a few choke points. Another is China, notorious for censorship and surveillance of the internet. China has had its share of blackouts, too: ethnic rioting in western China caused the government to completely cut off internet to the western region of Xinjiang for 10 whole months. The research estimates that nearly 75% of Chinese IP addresses go through AS number 4134, Chinanet-Backbone, the world’s 15th-largest AS in terms of the number of IPs it serves.

Chinanet-Backbone is known to be a point at which China performs filtering, preventing certain kinds of information from entering or leaving the country. A 2011 paper (pdf) from researchers at the University of Michigan found that, of all the AS networks in the country, the Chinanet AS, and those of its branch companies across China, were responsible for more filtering than any others. (China’s large internal Internet Exchange Points, or IXPs, are also believed to be major points of filtering and censorship, but don’t appear in most data looking at internet traffic because they normally appear as a direct transfer from one AS to another.)

“Resistant” countries

Centralization is not the default for a country’s internet systems, though. Dyn Research used the AS data it collected independently to assess how difficult it would be to disconnect a given country from the internet. It divided countries into four categories: “Severe risk” of internet disconnection, “significant risk,” “low risk,” and “resistant.” This is what the networks of six “resistant” countries look like, according to the Harvard research:

These countries have several things in common: they are all democracies, so it would be harder for their heads of state to get Mubarak-levels of authority to shut down the entire internet. (The researchers chose not to analyze the United States because that country has a very high number of IP addresses not allocated to actual internet users, making data on the importance of an AS unreliable.) But even if the Singaporean or Canadian president got approval to do so, there are many more opportunities for companies or organizations that provide access to the internet outside the country to refuse the order or find ways around it.

The “resistant” countries also have relatively vibrant and competitive economies. This ensures that no single, monopolistic ISP becomes large enough to be a single access point to the outside. A country for which this seems to be the case is South Korea, which Dyn categorized as “low risk” rather than “resistant.” The Harvard data show South Korea’s internet to be heavily centralized, even though the country is ardently democratic. The largest AS there belongs to Korea Telecom—one of the largest of the country’s massive pseudo-monopolies known as chaebol—which serves over 40% of Korean broadband subscribers.

Russia’s radical decentralization

There is a final structure a country’s internet can take: a radically decentralized one. This is the case with Russia, which, given its president’s authoritarian tendencies, may surprise you.

The best explanation for this is cybercrime. A 2007 study of the Russian Business Network, a massive cybercrime operation based in St. Petersburg, creates “a nebulous network to blur the understanding of their activities.” By creating intentionally complex systems, cybercriminals can both hide their tracks and make their systems very difficult to shut down from the outside. The trade-off with such a system is that Russia loses some ability to track and censor its networks. So while Russia may be consider a larger threat to the US than China when it comes to cybercrime, Russia has at the same time been soliciting China for advice on how to structure its internet.

The shape of a national internet system reflects a country’s values, much like its economic policies or laws. Should the power of the internet be distributed across the country, or a tool a government or company can use to its advantage? Mubarak chose the latter, angering his citizens enough to get him thrown into prison. China’s internet czars choose the same, allowing local internet companies to flourish, but severely restricting the information available to people in the country.

It’s easy to think of our relationship to the internet as primarily about the software that connects us to it, like apps and web browsers. The great thing about software is that it is easy to change. If a browser has a bug, it can be fixed overnight. If an app starts asking for access to too much of your data, you can uninstall it.

But underneath all internet software is physical hardware. Once in place, this infrastructure establishes how users access information, and who gets to see that information. This physical internet is being shaped by a battle between two diverging trends: Governments and companies that want more control over data, and the flattening of internet infrastructure. China has been a loud advocate of”internet sovereignty,” the idea that each country should be able to essentially exist entirely on its own network. Huge ISPs like Comcast and Verizon have been accused of treating their own services differently, leveraging the massive networks they control. Centralization of the internet allows the likes of the National Security Agency to spy on traffic by getting large companies to agree, as happened with AT&T.

A decentralized internet, meanwhile, means that no one entity has the power to shape the internet toward its own advantage. It makes censorship, surveillance, and internet shutdowns much more difficult. It makes the internet ecosystem more competitive, and it likely makes the internet faster, allowing connections to take the best route instead of the only route.

As more and more of what we do every day happens online, the way this battle plays out will determine how easy it is for governments and companies to shape our lives.

NEXT STORY: The CIA Says It Can Predict Social Unrest as Early as 3 to 5 Days Out

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.