The Russian authorities have embarked on unprecedented measures to control internet content. Under what has become known as the sovereign internet law passed by the State Duma on April 16, internet providers will be obliged to install devices to filter traffic, and the state communications watchdog Roskomnadzor will get unparalleled powers, including an official “off switch” to deploy as it sees fit.
The official reason given for introducing such drastic measures is the preponderance of illegal content on the internet, and the purported intentions of Russia’s enemies to cut the country off from the internet. But in all likelihood, the law is driven by growing discontent in Russian society, and the authorities’ falling ratings. On the horizon is a series of elections for regional governors and the State Duma, and, after all, 2024 — the end of Putin’s presidential term — is closer than it seems. It will be far easier to overcome these challenges if Internet content is under control.
Since March 2017, the authorities have repeatedly been taken off guard, first by mass protests organized by anti-corruption campaigner Alexei Navalny and then by ecological protests against landfill sites. Both the political and ecological protests took place across many Russian regions. Discontent was also expressed via protest voting at the gubernatorial and mayoral elections in fall 2018, when candidates backed by the authorities lost to spoiler candidates in several regions.
For the Kremlin, this is a serious problem. Traditional measures such as banning pro-Kremlin media from covering protests, or blocking mobile internet access in specific regions (such as in Ingushetia during protests over changing its border with Chechnya), did not produce the required results. The self-contained, regional nature of the protests makes it impossible to nominate and demonstratively punish a single scapegoat, so other solutions are needed.
The domestic policy bloc of the presidential administration increasingly tries to run Russia as a corporation. It’s not surprising, therefore, that they have resorted to typical corporate methods in the field of internet control.
In business, deep packet inspection (DPI) technology is used to identify leaks and monitor which websites employees are visiting. It analyzes both the titles of the packets being transmitted and their contents. DPI devices known as black boxes are installed at the edge of the provider’s network at the break with existing communication channels, and all the traffic leaving or entering the network goes through the devices, making it possible to monitor and control it. The technology enables traffic to be prioritized, speeding up some packets and slowing down others, such as social networks on which illegal content is being distributed. The new law will oblige all internet providers to install DPI devices on their networks.
The type of equipment will be chosen by Roskomnadzor, and it is the state communications watchdog that will, “in the event of threats to the stability, security, and functional integrity” of the internet, direct the routing of traffic and block sites (previously, it was the providers who were responsible for blocking sites when ordered to by the watchdog). In other words, Roskomnadzor will flick the on/off switch when the situation requires it. The cost of installation will be covered partly by budget funds and partly by internet users: providers have warned that the cost of internet services will increase.
It’s far from clear how capable automated systems are of filtering the internet in the way that the authorities would like. Roskomnadzor has unsuccessfully been trying to block the Telegram messaging service for an entire year, using DPI technology provided by the company RDP.ru, which is part-owned by the state telecom provider Rostelecom. Recently, training connected to Roskomnadzor’s ability to block sites and redirect traffic to black boxes caused some perfectly legal services provided by Russian internet giant Yandex to become unavailable.
Slowing down or switching off the internet at one company, even a huge one, undoubtedly results in losses and a certain amount of inconvenience, but it’s not fatal. At the national level, however, it’s a different story. Black boxes make the decision to forcibly route the traffic or degrade its speed automatically, without differentiating between individual internet users, companies, schools, or hospitals.
If that equipment affects the work of a network user, such as a hospital during a high-tech operation, the most that the provider can do is lodge an enquiry with Roskomnadzor as to whether filtration was in action at that moment. Clause 5 of the draft law made it quite clear that no one can be held liable in such situations.
Installing black boxes that will operate automatically will inevitably lead to lower network speeds. This will effectively put an end to the development of the Internet of Things, driverless transport, telemedicine, and other innovation-related initiatives that are supposedly on the government’s agenda. Proposed amendments to the bill pointing out these risks were apparently ignored.
What the law’s authors would really like to see is something akin to the Great Firewall of China, which blocks undesirable external traffic and filters out internal information that is negative or otherwise undesirable. But the Russian authorities acknowledge that it’s too late to introduce something similar here.
There are both technical and social reasons for that. The Chinese internet was built differently from the start, and has only a few traffic exchange hubs with the outside world, making it quite easy to control. Russia has several hundred, including ones of whose existence Roskomnadzor and the security services are not even aware, according to a participant in the relevant meetings in the presidential administration: hence the reliance on DPI, which is not used at a national level anywhere else in the world.
In addition, the Chinese authorities have successfully substituted most global internet services — from payment systems to social networks — with their own homegrown systems. When users are all congregated on the same platform, such as WeChat, they are easier to control. Furthermore, a convenient interface significantly reduces the risk of users leaving that platform for a Western rival.
Russia doesn’t have its own equivalent of WeChat, and moving over to domestic IT solutions would be painful for both ordinary people and businesses. Outlawing popular foreign services on the basis of ostensible threats would certainly not go down well.
The Kremlin sees technology as a modern solution to the growing wave of negative feeling among Russians that has been recorded by sociological research for the last few years. That research shows that people are spending less, social aspirations are declining, and expectations of improvement are low. A decrease in the standard of living has already led to a serious decline in the authorities’ ratings.
But Kremlin officials, who focus largely on the mood of the president rather than that of Russian society, apparently underestimate the political risks of this slump in their ratings.
One potential mechanism for maintaining stability is artificially inflating ratings by leveraging information: not just by focusing on the positive, but by literally blocking out the negative. It was right after the regional governor elections in September that the presidential administration discussed testing DPI technology. It’s possible that the technology will be tested at the upcoming Duma elections in 2021: after all, the authorities’ falling ratings are dragging down the ruling United Russia party’s too. Then it could be rolled out in full force in 2024 for the presidential election.
By that time, incidentally, Russia will be noticeably lagging behind the rest of the world in terms of technology as a result of its slow Internet. For that particular problem, the powers that be don’t yet have a solution.
This article was originally published in Carnegie Moscow Center.