Authored by Oleg Soldatov*

There are two different approaches to State cyber power: a more liberal “free Internet” approach when the proponents see the State as a mild regulator of the online domain and a more restrictive “national cyber sovereignty” approach that accentuates the authority of States to strictly control the information flows within their borders.

Internet control in Russia: a matter of national security...

According to Klimburg (2017) the authorities of Russia (together with like-minded states such as China and Iran), being the proponents of the second direction, have repeatedly emphasized the point that information in all its forms is a weapon, most often employed by terrorists. Essentially, their approach maintains and underscores that information on the Web should be managed rather than free-flowing, thus treating on an equal basis any information challenging the ruling elites and the regime arrangements alongside online terrorist threats. The peculiarities of the Russian approach to Internet governance have been discussed on this website on numerous occasions.

On the international arena, the Russian views on the nature of the Internet manifested themselves in the International Code of Conduct for Information Security , which was submitted for consideration to the UN General Assembly in January 2015 by the founding Member States of the Shanghai Cooperation Organisation – China, Russia and the “Stan” countries. This draft document was criticised for being “a fundamental challenge to the flourishing of global thought and discourse through the Internet, as well as to the established framework of international human rights law”.

Domestically, these views are put forward in the 2016 Doctrine of Information Security of the Russian Federation , which calls not only for “protecting the sovereignty of the Russian Federation in the information space through nationally-owned and independent policy to pursue its national interests” but also for “developing a national system of the Russian Internet segment management”. This approach of “managing the Internet” is vocally supported by the ruling elites in the media. After all, Russian President Vladimir Putin branded the Internet network a “CIA project” . In turn, one of the authors of the highly contentious recently adopted law package increasing State powers online, the Russian parliamentarian Irina Yarovaya, stated that the Internet undermines the idea of sovereignty, encroaches on internal sovereign interests and destroys national security.

...or rather a strategy to suffocate critics?

These internal and external manifestations of Russia’s willingness to control the flows of information on the internet happened simultaneously with the “colour revolutions” in the neighbouring countries, during which civil society actions were largely coordinated on the Internet . It should be further noted that 2011-2012 protests in Russia, the biggest scale opposition demonstrations during the Putin era, also had a large social networking component . In addition, over the last decade, the country has operated under the adverse impact of volatile oil and gas prices after the worldwide financial crisis of 2007-2009 and, more recently, of a range of economic sanctions imposed by the EU and the US following the annexation of Crimea.

All of these events correlated with the steady deterioration of Russia’s rating on Internet freedom by Freedom House, while the Russian legislative initiatives from 2013 onwards appeared to have been stretching the boundaries of what is possible in online regulation to make sure that critics of the regime do not become too vocal and that all the companies providing services on the Russian sector of the Internet are actively cooperating with the State authorities.

Restrictions on online messaging services

Some of the latest legislative initiatives are directed towards online messaging services – desktop software and mobile applications that allow Internet users to exchange instant messages among themselves. Telegram, founded by Russian internet-mogul in exile, Pavel Durov is one of the most popular of such services and boasts, at the time of writing, about 200 million monthly active users. Normally, Internet messaging may be coupled with optional:

  • end-to-end encryption of the message content (which Telegram offers for “secret chats” category of messages);
  • lack of storage of the message content by the messaging service provider (also offered by Telegram for “secret chats” category of messages);
  • user anonymity or pseudonymity without disclosure of personal information, such as real-world name, phone number and/or IP address (presently, Telegram requires verification of a phone number of any new user, however, since in a lot of jurisdictions it is possible to obtain SIM-cards anonymously , this measure does not equal to full user deanonymization).

The Russian steps in regard of the online messaging services include, in particular, the Federal Law On Information that prohibits companies registered in Russia as “organisers of information dissemination”, including online messaging applications, from allowing unidentified users. It should be noted that Telegram did register as such an “organiser” , although it appears from recent court documents that currently it is acting via a legal entity outside of Russian jurisdiction. This Federal Law also obliges such “organisers of information dissemination” to pass on the keys for decrypting user-encrypted messages to the State authorities. In addition, Russian police, under the Federal Law on Police , has wide powers to request personal data of citizens from all available sources including data vaults of private entities. The above norms, viewed together, meant that the clash between the Russian States and the messenger that prides itself in “collecting no data about its users” and allows sending encrypted messages that “self-destruct” would only be a matter of time.

On 13 April 2018, the Tagansky District Court of Moscow ordered to block access to Telegram messenger on the territory of the Russian Federation for its refusal to share encryption keys with FSB (the State intelligence service). In ordering this measure, Russia follows in the footsteps of China, Pakistan, Oman and Iran complementing the list of States where the authorities attempt to block this messenger. In Russia, such block is to be accomplished by Roskomnadzor , an executive agency for internet surveillance and monitoring, subordinated to the Ministry of Telecom and Mass Communications of the Russian Federation. The logistics of the blocking attempts by the Russian authorities warrant a detailed explanation.

Mechanism and consequences of the Telegram block

To grossly oversimplify, every Internet node – be it a user’s computer or a server hosting a website or Internet service – has a numeric Internet Protocol address (IP address) that identifies it. When a user wants to access a certain website or Internet service, the user’s Internet Service Provider (for instance, Vodafone) receives a request from the user’s IP address to exchange information with the IT equipment of the website or service the user wants to access. The easiest way to block an Internet service or website on a certain territory is to instruct all the Internet Service Providers (ISPs) located there to stop relaying the information from the IP addresses that correspond to the blocked services. The blocked addresses are included in blacklists that local ISPs are legally obliged to respect. In the Russian Federation, such a blacklist is maintained by the Roskomnadzor agency. Any attempts to access websites or services that correspond to blacklisted addresses would be unsuccessful from the territory of Russia.

By using a number of technological solutions, Telegram decided to mount its defences and to make it hard if not impossible for Roskomnadzor to block the IP addresses associated with the messenger. In essence, and again, oversimplifying, the gist of the primary solution employed by Telegram is connected with the fact that nowadays the online services may choose to not own all of the equipment for processing the requests of their Internet users. Rather, often they rely on using the so-called “cloud services”, where they “rent” the processing power of the equipment owned by such giants as Google, Amazon and other specialized providers. This also means that the IP addresses associated with the equipment used by, for instance, Telegram messenger, would, in fact, correspond to the IP addresses of a Google data centre in the US that is powering not only Telegram, but also a lot of other completely pedestrian and fully legal web services, such as Internet banking, online shopping applications et cetera.

The architecture of Telegram messenger heavily relies on using such “cloud services”, including the ones provided by Amazon and Google. As a result, in the course of April-May, blacklisting of a wide-scope of IP addresses by Roskomnadzor caused partial failure of many of such services on the territory of Russia. Collateral damage included many small and medium enterprises conducting their business on the Internet. Such enterprises frequently do not have technical expertise and/or monetary resources to switch from one “cloud services” provider to another to ensure business continuity. In other words, indiscriminate “umbrella” blocking of large numbers of IP addresses by Roskomnadzor resulted in temporary “breaking the Russian sector of the Internet”, which continues to this day.

A number of other technological solutions (beyond the scope of this article) have also been utilised by Telegram. To sum up, as of today, one month after the blocking judgment was signed, the operation of Telegram is still ongoing seamlessly on the territory of the Russian Federation. Simultaneously, top management of Telegram messenger is physically far away from the Russian borders and the Russian State enforcement has no way to coerce them.

These developments pose a number of important questions in relation to the Internet regulation. Have we arrived at the stage of the technological progress when government efforts to circumvent their citizens’ wish to anonymously communicate without fear of surveillance are futile? Or are we at the junction where the desire of the States to control and “manage” the Internet will result in collateral damage on such a scale that the users will have to change their paradigm of using the World Wide Web?

* Oleg Soldatov is a PhD researcher at Bocconi University in Milan. He worked as a lawyer at the European Court of Human Rights from 2011 to 2014 and as a legal advisor at the Council of Europe in 2015-2016.

Tags: Russia Censorship Encryption Surveillance

Come arrivare

Publication Date: 29/05/2018