Alexander Rojavin, Law & Policy Scholar, JD Anticipated May 2020
On October 19, Kremlin press secretary and hand watch enthusiast Dmitry Peskov announced that the country was not “technologically ready for a sovereign Runet,” even though in April, the Duma (the Russian parliament) passed by 307 votes to 68 the final version of a law that would isolate the Runet—the Russian segment of the internet—from the rest of the world. Per the law, beginning on November 1, the Russian analogue of the U.S. FCC—Roskomnadzor—would have absolute control over the Runet, filtering traffic as it pleases and blocking whatever websites raise its ire or taking them down outright, if their servers are on Russian territory. Russia appears committed in its wish to follow China’s example and try to cut itself off from the rest of the digital world. While this is an undesirable trajectory for Western democracies, which need a Russia connected to the outside world if they are to have an increased hope of successfully reintegrating it into the global community, the West’s own recent regulatory steps may inadvertently play into the narrative long proposed by Moscow and Beijing: that the internet is rife with threats to national security and should be strictly regulated by each nation in accordance with its government’s geopolitical goals.
Western democracies are understandably concerned about foreign interference in their democratic processes—Russia has interfered in the elections of the United States, France, Montenegro, the Netherlands, the Czech Republic, Ukraine, Germany…the full list will include most of Europe. Russia has supplemented its disinformation campaigns with occasional cyber-attacks that have kinetic effects, as with Georgia in 2008 and Ukraine in 2015. It is therefore understandable that Western democracies are introducing measures that would provide the federal government with a greater ability to assume direct control over aspects of the digital world. However, in doing so, the West must take careful steps to ensure that such measures play as little as possible into the Russo-Chinese narrative that the internet is a lawless wasteland in need of ruthless oversight.
Indeed, this narrative is the theme underpinning the entire aforementioned new law. The justifications for the law given by federal authorities and parroted by Kremlin-controlled outlets include ostensible security concerns, together with the absurd hypothetical eventuality that “the Russian segment of the internet is cut off from the global web”—presumably by ill-intentioned outside forces. As the Alexander Mamut-owned Gazeta.ru asserted, “This has nothing to do with isolating the Runet, and the bill’s primary focus is protecting the Runet from ‘outside threats.’”
However, the Klishas Law purports to protect the Runet by definitively consolidating power in the hands of Roskomnadzor and granting it the ability to eliminate cross-border pollination of Russian information space. While the 2013 amendments to the Law on Information already allow Roskomnadzor to block access to any site for any reason, this law—known colloquially as the Klishas Law, in honor of the senator who authored it and supported a recent law that criminalized criticizing the government—makes the language even more severe.
The law takes several key steps. First, it green-lights the creation of a government-controlled system of routers through which all Russian internet traffic will have to go, and subjugates ISPs completely to the will of Roskomnadzor, which will be able to shut down any non-compliers. ISPs’ new responsibilities include informing Roskomnadzor of any cross-border traffic on its networks and possibly choking such traffic off. The law then invokes the national security language: “In the case of threats to the stability, security, and functionality of the Internet on the territory of the Russian Federation, the executive federal organ responsible for control and oversight of mass media, mass communications, information technologies, and connectivity may exercise centralized control.” This includes “blocking internet resources for undesirable criticisms of federal organs, the publication of fake news, and insulting the government.” This language, together with the creation of the router network, grants Roskomnadzor the ability to oversee all digital activity of servers located on Russian territory and of computer terminals accessing the internet on Russian territory. The final important thing the law does is authorize Roskomnadzor to create a registry of Russian-only domain names; the DNS, router system, and language permitting Roskomnadzor to assume direct control of all domestic internet traffic theoretically ensures that the Runet would remain operational even if it were cut off from the worldwide web.
Russian lawmakers have attempted to evoke the spirit of Chinese cyber regulations with this bill. The Chinese justification for exclusive sovereign control of the internet is similarly shrouded in national security language, which belies the true intent. Worries about color revolutions, like those that organically occurred in Ukraine, Georgia, and Armenia, and the possibility of entry into Chinese information space of Western narratives and ideas are the true causes behind the Chinese firewall. A free internet poses security concerns in the sense that it may present risks for the communist regime, but admitting this would not be a good look, so tamping down on dissent is wrapped in language on “unchallengeable,” “unique national conditions, religious, and cultural backgrounds, [and] legitimate differences…between states.” Erecting a firewall is a nation-state’s prerogative, brought about by “national conditions,” which should be respected, just as cultural differences should be “tolerate[d].”
The Russian law is evocative not only of the Chinese justification, but of the Chinese infrastructure of control also. Aside from citing the “deteriorating security situation in cyber-space” and the possibility that Russia is cut off from the rest of the internet, the Kremlin is trying to imitate the enforcement methods of China’s ruling party. In addition to banning foreign social networks and messaging services, China has also banned VPNs and Tor-like browsers (which have been banned in Russia since 2017). It forces companies to store their data on servers located within China itself, subjugates telecom providers to the government’s absolute will, and instructs ISPs to choke cross-border traffic. Altogether a familiar picture to one acquainted with Russia’s cyber laws—such as 2006 Federal Law on Information, Information Technologies, and Protection of Information and the 2016 Yarovaya Package—and especially the new Klishas Law.
The fact that Russia is taking steeper and steeper steps to pull off the feat of self-isolation that China has achieved is unsurprising. Western democracies, naturally, should be alarmed by Russia’s move, not only for business reasons, but for human rights and geopolitical reasons. Russia behind another Iron Curtain means a Russia further out of reach of Western influence—and this time, there is no Voice of America playing surreptitiously in people’s apartments. Consequently, the Klishas Law is undesirable for a West interested in Russian reintegration. But because of this, Western democracies should maintain a birds-eye view of how introducing measures strengthening national control over a segment of the internet will be hungrily appropriated into the Russo-Chinese narrative.
These measures have come in different forms. In Ukraine, the government banned multiple Russian social media platforms and other sites controlled and exploited by the Kremlin. In France, the Macron administration pushed through a law that allows judges to order online platforms to remove online content deemed damaging to the electoral process. Other governments, such as those of Germany and the United Kingdom are exerting more and more pressure on social media platforms to police the content posted on them. Meanwhile, in the United States, there is a smattering of imperfect laws dealing variably either with foreign information warfare (such as the introduced Countering Foreign Propaganda Act of 2018) or other forms of hacking (such as the Active Cyber Defense Certainty Act). This list is by no means exhaustive, but it represents a slice of the regulatory steps currently considered and employed by various Western democracies.
The West unequivocally needs to respond to cyber threats; to do otherwise would be an abdication of duty that leaves democracy vulnerable. However, in undertaking the aforementioned measures, the West must be aware of the effect they will have on the global narrative of countries “withdrawing” into themselves, each seeking greater control over its own digital space. Such measures inadvertently strengthen the Russian and Chinese narrative that the internet is primarily a cesspool of national security threats. By responding to the legitimate threats posed by, for example, Russian cyber interference, the West only proves the cynical Russian argument that the internet is dangerous and in need of federal control. Thus, the West finds itself in something of a Catch-22: ignore the threat and allow foreign cyber interference or respond to it and indirectly legitimize the adversary’s own draconian laws.
To preempt Russian or Chinese appropriation of this narrative to justify their firewalls, the West must make a highly visible show of acting in unison. This may take the form of something as simple as a series of coordinated unilateral declarations by Western leaders or something more comprehensive as a framework agreement to develop national-level cyber regulations that asserts the power of each nation to regulate its digital space while affirming the values the internet is supposed to further, such as freedom of speech and universal access to information. Other steps include pursuing greater international public-private collaboration to inform policymaking, or a global “best practices” conference—with participants from the West and liberal thinkers originally from authoritarian countries—focusing on keeping the internet both safe and emblematic of the freedom of speech. There are plenty of ways for the Western democracies to go about strengthening individual power over the internet in the face of Russian and Chinese self-isolation, but if the democracies “withdraw” without a clearly broadcasted understanding of what they are doing, the Russian and Chinese narrative gains strength, and it will be more difficult both to reintegrate them into the international fold and to make the argument that the internet is not first and foremost a security risk.