A new law allows the Kremlin to spy on, filter, and control the country’s online activity, alarming human-rights watchdogs.
The Russian government is one step away from essentially cutting its population off from the global internet. The controversial “sovereign internet law” passed last week by the legislature’s upper house needs only President Vladimir Putin’s signature to require online traffic to pass through servers run by the government’s internet regulation agency by 2021, allowing the Kremlin to much better observe and control what Russian citizens are doing. Putin has long talked up the idea of a firewalled Russian internet, claiming that his government needs a better defense against cyber attacks from the West.
“But it’s more likely motivated by the Kremlin’s desire to control the flow of information online,” said Justin Sherman, Cybersecurity Policy Fellow at New America.
The move is not popular among Russians concerned about freedom of expression, notes Irina Borogan, deputy editor of Agentura.Ru, an independent Russian news site.
“There is a lot of protests against the law. Activists, some politicians and internet users openly expressed their outrage,” Borogan said. “But main local telecoms supported the law because the Kremlin promised not to charge them for the black boxes.”
The new law is the latest and most far-reaching legal action to limit Russians’ ability to interact with the outside world. Earlier such moves curbed access to Western social media services such as Linkedin and messaging services such as Zello.
In 2016, when Russia was exchanging encrypted messages with Julian Assange and Wikileaks in a bid to undermine the U.S. election, Russian lawmakers authorized the government to read encrypted messages and save message content from Russian citizens for six months.
The new sovereign Internet law also requires internet service providers to use Russia’s internal domain name service. This will allow the government, for example, to redirect searches from independent news organizations to pro-government websites.
“Ultimately, this boils down to the fact that the Russian government, its military, and its security services regard the population’s unrestricted Internet, social media, and mobile access as a significant vulnerability in what they see as future Western efforts to launch information and cyber ops against the state in order to disorient, confuse and otherwise divide the population and the government,” said Samuel Bendett, research analyst with the Center for Naval Analyses’ International Affairs Group. “Therefore, monitoring user content and recording user information is seen as pivotal in such a defensive effort.”
“The Russian government saw what such free information access can do in other countries, and defensive [information operations] is now part of the defense strategy,” Bendett said. “Therefore, access to user data is seen as key in preventing what Moscow sees as Western efforts to ferment some kind of ‘color revolution’ in the country.”
On Wednesday, Human Rights Watch issued the following statement: “These proposals are very broad, overly vague, and vest in the government unlimited and opaque discretion to define threats. They carry serious risks to the security and safety of commercial and private users and undermine the right to freedom of expression, access to information and media freedom.”
Yet there are questions about just how effective the new Russian firewall will be in keeping its citizens mute and in the dark.
“Iran has said this. Other nations have said this. But at the end of the day, what we’ve seen is that their citizens are very, very anxious to add apps that are very, very familiar to us, Gen. Paul Nakasone, the head of U.S. Cyber Command and the NSA, said last month. “So while we take note of what they’re trying to do, I guess I would say I’m a bit skeptical that they will be able to pull this off.”
He is not alone in that skepticism.
New America’s Sherman said the law means that “(A) requests for information from foreign servers would either need to be outright rejected or rerouted or (B) that the government will have to figure out how to host some of that content within its borders. It’s also to be determined how well the Russians could actually isolate the internet from foreign traffic, whether through manipulating networking protocols or literally cutting internet cables.”
Last year, the Russian government was working on a related project: setting up an intranet for its own use, a project that Herman Klimenko, one of Putin’s top technical advisors, described as “painful.”
Borogan said the new firewall will be a drag on Russian businesses. “Experts say that the implementation of the law can slow down the Internet in Russia, which will have a negative effect on the economy.” As the rest of the world races to build networks with higher speeds and lower latency, Russia appears to be going in the opposite direction.
Still, the new firewall may encourage the government, the military, and its hired hackers to launch more — and more disruptive — cyber attacks.
Said Sherman, “If Russia’s internet is isolated from the global one, it’s also possible that may remove or diminish some disincentives for the Russian government to wreak more havoc on the global network. The state’s manipulation of the Border Gateway Protocol that routes global internet traffic, for instance, might be a more attractive cyber option should Russia know its own systems are insulated from the potential damage.”