The Russian government has been planning to up its control over the Web for quite some time, and now it has all but done it. Passed by the Duma this spring, the so-called “Independent Internet Law” takes effect on November 1. Though its pretext appears noble at a first glance — protection against cyberattacks and foreign pressure — its real purpose is very much clear to both involved parties: the government and the Russian people.
What the law requires
The official name of this piece of legislation has, as it often happens, the air of ceremonial innocence to it: “On amending the Federal Law ‘On Communication’ and the Federal Law ‘On Information, Information Technologies and Information Protection’”. Unofficially, it’s known as the “Independent Internet Law” or “On the Isolation of the Russian sector of the Internet”.
It’s hard to argue that these colloquial names reflect its true nature much better than any official one ever could. This much is obvious once you read what exactly the law demands of the general public and ISPs.
The task at hand is difficult, and thus the law itself is supplemented by a number of secondary regulations that detail the whats and the hows of Russia’s grand plans.
Let’s take a look at some of their contents:
Telecom providers now have to install special government-issued hardware at the intrastate Internet exchange points as well as at the transnational communication lines. Such hardware is aimed presumably at “countering threats to stability, security, and integrity of the Internet operations in the Russian Federation.”
All Internet traffic in Russia will be exchanged only through IXP registered with the government. Traffic exchange will be overseen by the Federal Service for Supervision of Communications, Information Technology and Mass Media, more commonly referred to as Roskomnadzor.
A national DNS must be created by the beginning of 2021. It’s meant to duplicate the global one in the case of Russia being cut off from it. The act prescribes that the national DNS must be compatible with the international DNS.
Those responsible for ensuring stability, security, etc. etc. have to take part in drills conducted by the government.
What it all means
The first requirement of the law sounds fishy as it is, what with government-issued hardware at every registered IXP. If anyone wanted to hope for the best despite that, well, don’t bother. The legislators didn’t make any effort to at least conceal their real goals.
In fact, the law says it outright: Internet providers do not have to block their customers’ access to government-banned websites anymore. The reason for it? Why, it’s because said hardware does it already for them.
Secondly, the Independent Internet law substantially empowers Roskomnzdor by giving it the authority to surveil the traffic going in and out of Russia as well as the domestic traffic. It’s obvious how it is a problem in its own right, but there’s more to it.
Roskomnadzor as an agency is known for blocking websites critical of the Russian government and its policies under the pretext of keeping children safe from “harmful information”. (Yes, it is definitely the age-old “think about the kids” argument. Only here it makes not a lick of sense).
However, Roskomnadzor itself believes that it “stands guard for freedom of speech” and against censorship. Are these bold claims true? I’ll let you decide.
The next requirement is perhaps the most disturbing. A national domain name system is meant to secure the Russian sector of the Internet (or “Runet”) from potential foreign interference.
If this plan gets implemented, it will be possible for the government to separate the Runet from the rest of the World Wide Web and create something similar to North Korea’s Kwangmyong, or a state-wide intranet. Really makes you think how Roskomnadzor will “stand guard” against Internet censorship then.
It won’t, however, just remain idle twiddling its metaphoric thumbs as it is precisely the entity that will assume “centralized control” over the Runet in the case of the Great Unplugging.
While Russian officials insist that this measure is going to be like nuclear weapons (as in, kept in case big trouble occurs), the Ministry of Digital Development, Communications and Mass Media has enumerated three types of threats to the Runet that call for centralized control of communication networks:
Network integrity threats that can prevent users from establishing an Internet connection or transferring data to one another
Network stability threats are caused by technical malfunctions, wear, or natural and manmade influence
Network security threats happen when an ISP is unable to protect the network’s hardware and software from unauthorized access or other malicious interference
What it means is that the next time something like the supposed recent cyberattack on the Russian power grid happens, the government will have legal and technical means to “segregate” the Internet in Russia from the rest of the world.
And while it might seem like a logical thing to do (if you squint really hard), it also opens up many possibilities of power abuse.
Can it even be implemented?
Such a great undertaking surely must cost a lot. And indeed it does: while the legislators had asked for the measly 20 billion Rubles ($306 million), the government saw it fit to provide as much as 30 billion ($459 million).
As was mentioned earlier, the law itself is supplemented by several other acts that are yet to be enacted. However, there’s little agreement between them.
For example, some of the secondary regulations require ISPs to route all the traffic to Roskomnadzor’s anti-threat hardware while the Independent Internet law says that it should only happen under centralized control over the made-autonomous Runet.
Additionally, the Ministry of Communications has another proposition. It includes compelling ISPs to provide protection against unauthorized access to hardware and software that are used for determining a website’s network address. The reason given is anti-phishing security.
However, it’s also not that easy to do. Gaining access to such information is possible (if rarely done), and to prevent it, Russia would need to essentially provide virtual private network-style secure connections from the national DNS to every website on the Russian Internet.
Needless to say, not only this measure would go contrary to Roskomnadzor’s policies regarding VPN services such as NordVPN (said policies mostly include bans to providers refusing to comply with the restrictions the government imposes on certain websites), but also demand insane financing.
Another point made by the Russian Union of Industrialists and Entrepreneurs is that Roskomnadzor compels both the users and the ISPs to use the national DNS. As it is worded, it can mean everything up to the ban on the use of non-Russian websites.
The national domain name system is supposed to include the websites located under the .ru, .рф, and .su domains. The problem with it is that while .ru and .рф refer to the Russian Federation in both Latin and Cyrillic symbols, the .su one is a tad more complicated.
Despite still being in use, it was made to be employed by the Soviet Union (hence the abbreviation). However, as that political entity is no more, this domain has an unclear future. It’s not registered with the ISO or ICANN as a top-level domain. Thus, ICANN can decide to terminate it at any moment, which may lead to some tensions.
As it stands right now, it would be quite difficult to implement the new law fully, due in no small part to contradictions in its secondary legislation. And if these contradictions are fixed, Russia will sadly drift even further away from Internet freedom.