Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Russia’s Sovereign Internet Law Took Effect November 1

November 5, 2019

And quite a law it is. As Naked Security reported, the Russian government calls it the "sovereign internet" law and from November 1^st it compels the country's ISPs to forward all data arriving and departing from their networks through special gateway servers.

Promoted since 2018, from the government's point of view the sovereign internet is a way of protecting the country from the bad stuff the internet – or other countries – might direct its way.

To its critics, Runet, as it's also known, is a straight power grab by a government obsessed with the idea of control, surveillance and censorship of its population.

If this sounds a bit like China's infamous Great Firewall, senior Russian politicians downplay the comparison. Said Prime Minister Dmitri Medvedev earlier this year:

"Certainly, we won't have Chinese-style regulations. No firewall will emerge here." Hmm. We will see.

On the contrary, he said, Runet was more about pushing back against the historic regulation of the internet by one country, the US, which had the power to threaten the integrity of Russia's internet infrastructure.

At face value, it seems the government's solution in Runet is to build a sort of parallel national internet, which is connected to global networks but can be disconnected from it if the government decides that's necessary. And one does wonder what would be behind such a decision.

The simplest element of this will be deep packet inspection (DPI), a technology already universally used by ISPs across the world to prioritize traffic, block unwanted protocols, and prioritize specific applications.

But unlike conventional quality of service DPI, this won't be controlled by ISPs, which will pass traffic to servers in the same racks controlled by communications regulator Roskomnadzor to do Runet's heavy lifting. If you find this confusing, no worries. So do I.

Arguably, this is similar to the Great Firewall because its design sets up government-controlled servers as gateways capable of blocking traffic to applications, websites, and keywords the authorities want to stop citizens from accessing. Now that does sound like both Russia and China.

DPI has its limits, which is why Runet is trying a much more radical concept that has some experts scratching their heads – a parallel DNS infrastructure. DNS is a complex, distributed global address book, listing which IP addresses are associated with which domain names.

Setting up a parallel DNS implies that Russia will somehow mirror or proxy this system, or set up rival root domain servers, allowing it to filter which domains will be resolved or what they resolve to.

OK, that scares me.

No country has ever tried before and it's hard to see how it can be done without creating a lot of potential bottlenecks or points of failure. It looks as if this part of Runet is some way off being operational, which suggests that the technical challenges have yet to be overcome.

There is some justification for Russia's worry about other countries launching cyber-operations against it – a scattering of reports suggest the US is probing Russian infrastructure (including its infamous 'troll factory' in St Petersburg) in a way that should concern its leaders.

To sceptics, the idea of Runet offering the country isolation is a far-fetched fantasy which ignores the realities of how ISPs and the internet works.

Internet traffic isn't like a pipe that can be turned on and off or diverted at will. It functions as a cooperative system in which Russian ISPs must peer traffic that is heading to other destinations in ways that belie simple concepts of internal and external, good and bad.

The Russian government's real battle is with a very narrow range of applications such as messaging app Telegram, VPN network providers (many of which were banned in 2017) and overlay privacy systems such as Tor.

If they are the real target, Runet is just another tool in the box. It won't stop these from working but it might make accessing them less reliable and dissuade some Russians from using them.

All in all, I find the law somewhat perplexing – and I'm not sure it can do what the Russians hope it will. Thoughts from others brighter than I am would be appreciated.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Russia’s Sovereign Internet Law Took Effect November 1

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer