On December 23, Russian news agencies began reporting that the government had concluded a series of tests designed to disconnect Russia from the Internet. The tests involved Russian government agencies, local internet service providers, and local Russian internet companies with the main aim of the tests to see whether the country's national internet infrastructure, called RuNet, could function without access to the global DNS system and global Internet infrastructure. The Russian government concluded that the test was a success as Internet traffic was routed internally, effectively creating a massive intranet.
At the time of writing the public will have to take the government’s word for it as no technical data has been released to the public. Government officials stated that several disconnection scenarios were tested, including a hostile cyber-attack scenario from a theoretical foreign power. Alexei Sokolov, deputy head of the Ministry of Digital Development, Communications and Mass Media, further stated that the results of the successful test would be presented to President Vladimir Putin next year. Sokolov further summarised the success of the test as,
“It turned out that, in general, that both authorities and telecom operators are ready to effectively respond to possible risks and threats and ensure the functioning of the Internet and the unified telecommunication network in Russia,”
The tests which were only recently concluded were initially scheduled for April 2019 but were delayed to the fall to ensure the legal framework had been firmly established by the Kremlin. Upon the first draft of the law, it was mandated that Russian internet providers should ensure the independence of the Russian internet space in the case of foreign aggression to disconnect the country from the rest of the internet. In addition, the firms were to provide technical measures that would re-route all Russian internet traffic to exchange points approved or managed by Roskomnazor, Russia's telecom watchdog.
The draft law further empowered Roskomnazor to inspect traffic to block prohibited content and make sure traffic between Russian users stays inside the country and is not re-routed uselessly through servers abroad, where it could be intercepted. This would, of course, all come at a cost to Russian ISPs, so the government announced that it would foot the bill. The final form of the law was enacted on November 1, 2019, and was named the “Internet Sovereignty” law.
Sovereignty or Surveillance
While the law is determined by Russian lawmakers to better protect the country against cyber-attacks be they from foreign powers or otherwise, many human rights experts have raised concerns. In April, Human Rights Watch, together with 9 human rights, media, and Internet freedom organizations, published an article imploring President Putin not to sign the bill into law. The main reason for the request is that experts believe it will lead to further limitations of the already restricted Internet and media freedoms in the country. Human Rights Watch argues that the law would create a centralized system of devices capable of blocking Internet traffic. Even from the Government’s discussion surrounding the law that is the case, but it is the ultimate purpose that is being contested by human rights experts.
While lawmakers argue that the law is needed to combat a security threat, others argue that the law is incredibly vague in the language used. The law itself provides now technical information on devices that ISPs will be mandated to install. It has been concluded that the blocking of traffic deemed a security threat will naturally be extra-judicial and in no way transparent. The law itself does little to define what constitutes a security threat giving the authorities complete discretion in determining what a threat is. This means that political dissidents who already face difficulty in speaking out against the government may find themselves further gagged.
For those who advocate privacy, another method that privacy rights could be ignored in the national DNS system proposed by the government. By forcing ISPs to use the national DNS system, authorities will have the ability to manipulate the results provided to the ISP outside the ISP's knowledge and control. Authorities will be able to answer any user's request for a website address with either a fake address or no address at all. This not only provides an excessive level of censorship but will also let the national DNS to redirect users to government-controlled servers in response to any DNS requests instead of to a website's authentic servers. It is the combination of the broad and vague law with the proposed devices that give the government unlimited discretion that has raised numerous questions. Many fear that the law will pose serious threats to the security and safety of commercial and private users while simultaneously undermining the rights to freedom of expression, access to information and media freedom.
Human Rights Watch further argued that,
“The bill contravenes standards on freedom of expression and privacy protected by the International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR), to which Russia is a party. Both treaties allow states to limit freedoms to protect national security but impose clear criteria for such limitations to be valid. The UN Special Rapporteur on freedom of expression, commenting on the ICCPR, has reiterated that these limits should be “provided by law, which is clear and accessible to everyone,” and is predictable and transparent.”
US Officials have doubted whether a complete disconnect from the global Internet is possible. In March, NSA Director General Paul Nakasone said he didn't expect Russia to succeed and disconnect from the global Internet. The technicalities involved are vast and it is in the realms of possibility that such a disconnect could throw Russia banking and healthcare sectors back by decades.