On 19th September the newspaper “Vedomosti” announced that at its next session the Security Council of Russia was going to discuss a possibility of isolating the country from the global Internet. The Runet got instantly flooded with angry and sarcastic comments. With its blitzkrieg on the cyberspace within the last six months, the Kremlin has caused suspicion among the web community about any state initiative concerning the Internet, even if it is a legitimate matter of information security. Unfortunately for the freedom of the Runet, the government does not seem to feel any discomfort regarding this problem.
Following Sudan’s path
One would think that behind Vedomosti’s slightly sensational headline about cutting Russia off the global Internet network, which has caused a lot of speculations, there is quite a typical concern of any government about the information security of its state and society, particularly the cyber security. The point at issue is that in case of emergency the key elements of infrastructure, including information one, should function as usual. The governmental strategy is partially aimed at the replication of international Internet-infrastructure in Russia for the Runet to function autonomously even if it is isolated from the global Internet.
However, according to Anton Nosik, the Internet-blockade of a whole country was carried out only once in history when in 1997 Sudan was thrown into cyber darkness without any functioning e-mail and payment systems. That experiment was not at all successful: in the end its victims were not so much the government of Sudan as a small stratum of intellectuals integrated into the global community. The world community acknowledged the failure of this practice and since then has never employed it. That is why Nosik characterised the “Sudanese argument” of some Russian officials as fraudulent. Regardless of the feasibility of the undertaking in Sudan, it was a scenario of international Internet-sanctions that they practised during the first Russian cyber drills in July this year learning how operators and governmental bodies should interact if there is some threat to the infrastructure of the Runet. Among the participants of the drills there were such state agencies as the Ministry of Defence, the Federal Security Service (FSB) and the Federal Guard Service (FSO), as well as the private company “The Technical Centre of Internet”.
A report about the results of the drills had to be submitted to the President at the session of the Security Council. Apparently, it was this very document that caused great agitation, firstly among journalists and then among users who interpreted the agenda of the session as the direct threat to the Runet. There were no formal grounds for that: any responsible government should maintain maximum information security because of the fast-growing importance of cyberspace as a political and economic domain. However, bearing in mind the Russian government’s propensity to apply prohibitive and restrictive measures to the Internet, netizens have every reason to be nervous.
“No unjustified restrictions”
At the session of the Security Council on 1st October, Putin assured that concerning the Internet “there will be no unjustified restrictions, especially absolute ones. Not only there will be nothing like that, but we do not even consider such a thing”. If one believes the President, there is no threat of total control, the governmental ownership of the Internet, restrain on legitimate interests and potential of people, non-governmental organisations and businesses in the information environment. Yet, the modern political history of Russia shows that the government’s understanding of the validity of such restrictions is often different from that of people, non-governmental organisations and businesses. Just think about municipal maintenance works that so often unexpectedly occur in places of public meetings, even though, according to the authorities, they are always “pre-planned”. Similarly, in the case of the Internet there is every chance that restrictions, which the government finds well-justified, may be completely groundless for civil society.
Mass rallies of the opposition, should they occur again, can be easily regarded as an emergency, which will be the official pretext for cutting off or restricting the flow of information on the Internet. It is a very realistic scenario from both political and technological points of view. For example, in early October, as a precautionary measure in the run-up to anti-governmental protests, the Internet was actually cut off in the Sughd region, the northern part of Tajikistan with a third of the country’s population living there. Only state websites could be accessed without problems, while other resources took 15 to 20 minutes to open, with photos and videos being completely unavailable. The parallel to Tajikistan is particularly relevant in view of Rahmon’s unfailing support of Russia’s international initiatives designed to increase the role of national governments in the regulation of the Internet, based on the idea of cyber sovereignty.
Damir Gainutdinov, an Analyst at the Human Rights Association “Agora”, is already looking at the Internet-initiatives of the Kremlin with caution. He has learnt from the experience of his own organisation what the government’s love for tricky legislative innovations and their immediate implementation is like. In 2013, under the pressure of the Public Prosecutor’s Office, Agora became one of the first non-governmental organisations forced to register as a “foreign agent”.
In the recent discussions Gainutdinov sees Russia’s return to the idea of creating boundaries on the Internet: “At the regional level the member states of the Shanghai Cooperation Organisation (SCO) had similar views [on the regulation of the Internet], but at every major international event, with China’s tacit support, Russia was consistently trying to promote these ideas. And each time nothing happened. I guess it was important for our authorities to gain such international recognition to legitimate their own tightening of the screws, which is taking place now,” concluded the expert.
For the first time the idea of creating virtual boundaries was discussed in 2009 at the summit of the Shanghai Cooperation Organisation, which includes Russia, China and the republics of Central Asia. It was then that the member states admitted that “the distribution of information across the border threatened political stability”. In 2011 Russia, China, Tajikistan and Uzbekistan introduced a draft resolution of the “International Code of Conduct for Information Security” to the General Assembly of the UN. Inter alia, this document emphasised a crucial role of state sovereignty regarding the regulation of the Internet.
In 2012 at the forum of the International Telecommunication Union (ITU) Russia proposed a number of additions to the ITU Constitution which would give states a wider control over the Internet governance. As lately as the middle of August, at the International Youth Forum “Taurida-2014” in the Crimea the Russian Minister of Сommunications and Mass Media, Nikolai Nikiforov again advocated “the absolute information sovereignty of Russia”. But, according to the official, in order to achieve the import substitution of IT products and services, it is necessary to train our own highly professional programmers within the next five to seven years. By the way, experts claim that this objective is completely unrealistic.
Alexey Lukatsky, an Information Security Consultant at Cisco, suggests doing a deeper research into the origins of the concept of Russian information sovereignty. According to the expert, everything started in 2000: soon after his inauguration, Putin adopted the first “Doctrine of the Information Security” of modern Russia. Already then the document contained an idea of the internationalisation of the Internet, i.e. the shift of a mandate on Internet governance towards national governments, and resistance to any external interference in their domestic policy by means of information technologies.
These and other similar ideas were consistently developed in the country’s doctrinal policy in the course of the next decade: from “The National Security Strategy of the Russian Federation until 2020” (2009) to “The Foreign Policy Concept of the Russian Federation” (2013). In other words, the agenda of the recent “Runet session” of the Security Council fits into the government’s logic concerning information security, which has prevailed for almost 15 years. At the same time, it is obvious that it was only last spring (as Russia’s relations with the West were rapidly deteriorating due to the Ukrainian conflict and the national, and nationalistic, rhetoric was getting tougher) that numerous doctrines began to come into force quickly and continuously like on an assembly line, taking the form of even more numerous restrictions in the field of media and communications.
Judging from the results of the Security Council’s session, commentators’ most apocalyptic prophecies did not come true: nobody is going to cut the Runet off the global network – at least, not yet. However, owing to dozens of millions of foreign cyber attacks on the Russian Internet infrastructure, which Nosik also disputes, the government might thoroughly address the issue of network defensive power. The strategy includes the whole set of measures: more intense lobbying for the internationalisation of the Internet at the UN and other international organisations; import substitution of IT products and services with their domestic equivalents; replication of the elements of the international Internet infrastructure for its autonomous work; the development of cooperation with partner states, particularly China. In addition to that, it is quite plausible to assume that the cyber drills will become regular, the FSB will be the main governmental body responsible for information security, and legislation on personal data will be consistently developed. At the same time, according to Igor Schegolev, an adviser to the President, the authorities are not planning to nationalise .ru and .рф domains, which has been a matter of concern for many people.
The Russian government has tightened its grip on the web and is not going to lose it. This session of the Security Council has left no doubts about it. Their determination and capabilities (political, economic and military) are also obvious and, most importantly, greatly exceed the joint efforts of the fragmented web community. Netizens’ humour, sarcasm and even anger can be ravishing. They often provide the best examples of modern political journalism and spread in social networks by thousands of “likes” and “shares”. However, for the real resistance to the largely meaningless and increasingly relentless pressure on the Runet it is hardly enough. Whether the inherently network-based online community can make some centralised efforts to survive is a question worth a million. If not dollars, then programmers.