Moscow is developing a ‘sovereign’ web that critics say will enhance official power to silence dissent
Thousands of protesters had gathered outside government headquarters in Magas, the capital of the heavily Muslim republic of Ingushetia in Russia’s north Caucasus. They were there to oppose concessions in a years’-long bitter border dispute with neighbouring Chechnya, but when they tried to share information about the protest on WhatsApp they found the internet was down on all three major Russian mobile providers across Ingushetia.
The October outage began late at night before the protest was scheduled to start, and lasted until it died down more than two weeks later. When protests sparked up again, the internet suddenly went out of action once more.
It amounted to a virtual blackout: locals’ fondness for voice messages has made WhatsApp the main form of communication in the north Caucasus.
No official explanation was given until spring, when the FSB security service — the successor to the KGB — admitted in court that it had shut down the internet because of “terrorist threats”. All but one of the supposed threats coincided with the dates of the protests, says Andrei Sabinin, who filed a lawsuit against the FSB and the interior ministry over the outages.
“They want to take down platforms for spreading information online,” the human rights lawyer says. “No WhatsApp means no communication in the Caucasus. As soon as you go into Ingushetia, it’s a black hole.”
Activists fear Ingushetia’s blackouts could be repeated across Russia thanks to a law signed by President Vladimir Putin in May. The measure ostensibly aims to create a “sovereign internet” — effectively a parallel web run entirely on Russian servers — that would allow Moscow to keep the internet operating in the event of a foreign cyber attack aimed at disabling it.
To do so, internet providers will be required to install equipment which Russia could use to separate itself from the worldwide web at the flick of a “kill” switch. The technology is meant to reroute all external traffic through Russian-controlled nodes while creating a back-up domain name system to help the country’s internet function independently.
Russia’s dependence on foreign systems would be vastly reduced, hastening a global Balkanisation of the internet where the west’s influence is fragmented. It also uses a technique known as deep packet inspection, or DPI, to centralise filtration powers in the hands of Russian censors, who have previously relied on internet providers to block access to banned content.
“It’s framed as a precaution, but it’s actually a means of control,” says Sergey Sanovich, a political scientist at Stanford University who specialises in Russian online censorship. “For the most part this is about making sure the Russian government can, when necessary, have more direct access to control of information space.”
Russia let its internet grow largely untrammeled until 2012, when Mr Putin’s return to the presidency met with mass street protests organised via social media. The Kremlin responded with an aggressive crackdown on online dissent: opposition pages were put on a list of banned websites, dozens of people went to prison for “liking” and reposting material, and independent news websites were brought to heel. But this ad hoc system was seen as inefficient.
In 2014, Mr Putin declared the internet a “CIA project” able to weaken Russia’s sovereignty. Officials blamed the US for using it to start the Arab spring and Ukraine’s Maidan revolution in 2013-14. Some pro-Kremlin figures spoke of emulating China’s Great Firewall — a mix of technologies and laws designed to regulate the internet domestically, whose architects were invited to Moscow to share advice.
The crackdown intensified after 2017, when opposition leader Alexei Navalny aired a video of an anti-corruption investigation — which racked up more than 20m views on YouTube — to help spark the largest nationwide protests since the Soviet Union collapsed. In 2018, Russia restricted access to almost 650,000 websites— a nearly fivefold increase on the year before, according to human rights group Agora.
Yet Russia’s late start meant it lacked both the infrastructure and the human resources to control the internet as effectively as Beijing. China boasts its own hugely popular messaging services, such as WeChat, and has a reported 2m people who police public opinion online. By contrast, Roskomnadzor — the communications ministry’s watchdog — has just over 3,000 employees.
“The Chinese have been blocking things since day one,” says a person close to Russia’s communications ministry. “We can’t do that.”
Roskomnadzor made its most ambitious effort to ban Telegram, the messaging service, last year, accusing it of failing to comply with FSB requests to share user data. The attempt to block the app was a disastrous failure. Pavel Durov, Telegram’s Russian founder, rerouted its traffic through cloud hosting services, forcing censors into a game of whack-a-mole that saw them temporarily take down more than 16m IP addresses, including their own website, while having little effect on Telegram.
The ban became a running joke among officials. At a ministry party last year, Roskomnadzor chief Alexander Zharov was taking photographs of a picturesque sunset on his phone when guests joked that he should share them on the app, prompting a foul-mouthed tirade, according to one guest.
“He’s a hostage to the situation,” says the person close to the ministry. “He knows you can’t block it. We have no control over the process. The guys with epaulettes [in the FSB] bring bills to [lawmakers] and we have to implement them, [but] we look like idiots.”
Part of the problem, experts say, is that Russia’s security bureaucracy rarely takes its own technical limitations into account.
“Attempts to implement Russia’s notion of information security on the internet have been distinguished by mishaps because they don’t really understand how the internet works,” says Keir Giles, a senior fellow of the Russia and Eurasia programme at Chatham House. “If you prevent free flow of information across national borders you’ll break the internet.”
Advocates for greater controls frame it as a way to ensure Russia’s independence from hostile powers. “A great deal of sectors of the real economy — power stations, transport infrastructure — depend very closely on the internet. It’s an issue of state security,” says Andrei Klishas, a member of the upper house of parliament, who co-authored the law.
Mr Klishas cites the latest US cyber security strategy, with its emphasis on making countries like Russia pay “costs likely to deter future cyber aggression,” as the impetus for Moscow to act. President Donald Trump added to those fears last month, when he admitted that the US carried out a cyber attack against a Kremlin-backed “troll farm” in St Petersburg during the 2018 US midterm elections in apparent retaliation for Russia’s online meddling in the 2016 presidential campaign.
Experts say Russia’s justifications for shutting the country off from the global internet are too vague to support such sweeping action. These scenarios include: a threat to network “integrity” that would prevent it from securing user communications; anything that would affect its ability to function such as a natural disaster; and “deliberate destabilising informational pressure from outside or within”.
“There needs to be a way to react to the threats,” says Irina Levova, head of a government working group on internet issues. “[But] you can’t just say let’s go to Mars tomorrow and have everyone go without having the technology to do so.”
Officials successfully tested the DPI system in a “fairly large region with a population of several thousand” — not Ingushetia — several months ago, says Mr Klishas, and plan to do a nationwide test later this year. But serious doubts remain about whether the law’s aims are even realisable.
According to Ms Levova, maintaining the DPI equipment alone may cost as much as Rbs134bn ($2bn) a year— seven times Mr Klishas’ estimate — while many of the law’s technical provisions have yet to be clarified. Roskomnadzor reportedly hired RDP.RU, a company partly owned by state-run Rostelecom, to supply the DPI equipment before the bill was even passed.
There is scepticism in the industry on whether Russia can produce the required technology. It has yet to undergo a full-scale test. And attempts to separate Russia from global technology value chains have failed: 96 per cent of state institutions still use unapproved foreign software despite an attempt to move them on to domestically produced alternatives, according to the audit chamber, which monitors the spending of government departments. Russia’s government bought Rbs82bn in foreign hardware last year, compared with just Rbs18bn of domestically-produced equipment, according to state defence conglomerate Rostec.
“Right now it’s totally impossible,” says a senior executive at a major Russian tech company. “There’s no capacity to produce really productive, powerful chips. It would take years to develop that industry and in that time Apple will have gone much further. We could buy everything from China, they’ve done it all themselves, but that would raise national security questions.”