Russia plans to activate a version of the internet that’s walled off from the rest of the world, ostensibly so it can protect itself in the event of a cyber attack. But experts argue the move might do the country more harm than good.
By Adam Smith
Russia intends to disconnect from the internet on November 1—in theory. A long-planned bill will go into effect and lay the foundation for a national network whereby internet service providers are controlled by Roskomnadzor, Russia’s telecom agency.
The goal is to give Russia the power to disconnect from the global internet in the event of a cyberwar, and in the interim, to serve up a government-sanctioned, walled-off version of the web. It also gives Russian President Vladimir Putin greater control over Russian citizens.
Details of the bill are sketchy. Russian news agency RIA-Novosti says the aim is to provide a “sustainable, secure, and fully functioning” internet. And it will reportedly do so by developing its own version of the internet’s address system. Russians attempting to reach international sites will instead be directed to Russian versions. Citizens hoping to visit Facebook, for example, might be redirected to Russian social network VK.
Russian officials have argued that this so-called sovereign internet will protect the country from harm, but experts argue it could make Russia—and the entire open web—more vulnerable to attack.
Russia’s Great Firewall? Not Quite
With all the talk of clouds and wireless connectivity, many people think of the internet as ephemeral. But it’s powered by vast server farms, interconnected cables, and networking infrastructure that cross borders and oceans. That makes it difficult to control, which is why Russia’s law targets the internet’s address book, the Domain Name System (DNS).
In essence, the DNS converts a web address (such as www.pcmag.com) into an IP address (such as 192.168.1.1) that fetches the site you want. Russia’s system uses a proxy to steer packets of information away from the public DNS resolver by default, check where the data is located, and either let that information through, redirect it, or block it completely.
We see examples of this kind of control in Saudi Arabia, Turkey, and China. But Russia might have some difficulty in recreating China’s Great Firewall, in part because Russia’s internet was built to be open, according to Alex Henthorn-Iwane, VP of Product Marketing for network monitoring company ThousandEyes.
China restricted its web access from the start: The Communist Party legislated in 1996 (two years after the internet arrived there) that all service providers must be licensed by the government and that all internet traffic must go through state-owned telecommunication companies. Since then, it’s poured vast amounts of money into the effort, and the Chinese internet still is not completely airtight.
Russia has reportedly spent about $300 million on its sovereign internet plan. But while the country has restricted access to certain services in recent years—from VPNs to encrypted messaging apps—Henthorn-Iwane says it’s unlikely the Russian government will be able to exert the level of control China has accomplished with its Great Firewall by November 1.
“One of the major benefits about the internet is [its] cross-border trade mechanism, and Russia won’t be able to replicate every single service that is provided by non-Russian companies,” Henthorn-Iwane says. “If China allows Western companies to use SAAS (software as a service) tools, that tells you it’s not realistic. Office 365, or Salesforce, I would imagine they’re going to have to keep open, if they want to attract foreign direct investment.”
Also, China has also fostered a powerful e-commerce and mobile app ecosystem while Russia hasn’t, which makes it less likely that Russia will ever actually turn its internet off.
The plan is also questionable from a cybersecurity standpoint. “If cyber criminals or nation-states want to infiltrate and infect a machine, to command and control, you don’t need a lot of bandwidth. You could have a cross-border cell phone to get on the internal internet of the country. For that matter, you could have people inside the country, which all major states do, to enable cyber warfare.”
Breaking the Internet
Yet despite the low likelihood of Russia closing the doors on external internet connections, the proposed policy is indicative of a greater trend among governments: creating a “splinternet.”
The term was first used in 2001 to describe “parallel internets,” or multiple privately-run networks that exist to avoid heavy-handed and changing government regulation. “Splinternet” is now more likely to describe secondary networks run by those governments.
The concept is not alien to the West. San Francisco–based Twitter, which regularly comes under criticism from users in the United States for not taking enough action against white supremacists and other bad actors, is required by law to block those same harmful users in Germany. Google has also agreed to change names and borders on its mapping products upon request from certain governments. GDPR regulation, meanwhile, means many US news publishers are unable to show their content in European countries because of how they store data on European citizens.
The amount of regulatory control governments place on the internet is a sliding scale based on political ideology. For some, that’s shutting the internet off completely (or, at least, attempting to), while others focus on how data can or can’t move across countries.
And while the American view of the internet—heavily influenced by its history of free markets and free speech—might be closer in theory to the open internet that was proposed by the web’s pioneers, the hegemony of Silicon Valley has created a situation in which the majority of the internet is under the de facto control of the US government.
Google parent company Alphabet, for example, dominates how many people around the world access the web, whether that’s through search, its browser (Chrome), or its operating system (Android or Chrome OS). But should the US government wish to exercise its control in the name of security, as it did with Huawei, that would be entirely possible.
In a world of splinternets, it’s easier to say you have an open system when the nexus of power is within your borders. The future will likely bring more legislation like Russia’s, albeit with varying degrees of severity.
Originally published at https://www.pcmag.com on October 31, 2019.