Yesterday, Wired’s Danger Room blog featured a great — although disturbing — blog post on Russia’s new Internet Registry going into effect. Although the registry is ostensibly about combating internet pedophiles, the reality is that it is far broader and more insidious. The statutory authorizing language tells the tale:
“A uniform registry of domain names and (or) the universal locators to pages of sites on the Internet and network addresses of sites on the Internet that contain information prohibited to spread in the Russian Federation.”
The operative language being “contain information prohibited to spread in the Russian Federation,” which includes court orders on “extremist” material, which in practice has often been extended to political opponents of Putin’s regime. This uniform registry will make blocking and monitoring traffic from and to “illegal websites” much easier to implement. Furthermore, the article cites the increased use of Deep Packet Inspection (DPI) technology to more granularly target offending material.
Although DPI technology may be used to make blocking more targeted — say blocking just the Innocence of Muslims video rather than all of YouTube — it also is deployed in much more sophisticated, sinister ways, such as the real-time monitoring, mirroring and manipulating of specific internet communications. The Wired piece gives real examples of this practice:
The governments in many countries with questionable democracy and human rights records are fully aware of how to turn commercial advantages of DPI into the tool of suppressing dissent activity online. The secret services in Uzbekistan, for example, compel local providers to use DPI to change the URLs of discussion groups in social networks.
Technically, it poses no problem, Alexander Shkalikov of Inline Telecom confirmed. DPI allows for identification of those trying to access a site or page even if it’s blocked. “It’s possible to identify not only the IP, but logins, and that’s easier for the internet service provider. We advise our clients to configure DPI to work with logins. As a result they can have statistics about who is who. For example, some ISPs are interested in identifying who the spammers in their network are.”….
Technically [configuring DPI with Russia’s current legal intercept system] poses no problem, we were told by engineers dealing with DPI. “Allot [a DPI provider] is perfectly compatible with SORM, and we know it,” Roman Ferster [CEO of RGRCom, who distributes Allot DPI systems] confirmed. “There is a very simple solution,” Alexander Shkalikov said. “We did it. [With] DPI, [we] can simply mirror traffic, not redirect it. This is very convenient because DPI [helps] you copy not all traffic but only a certain protocol or traffic of certain customers. For example, if you know that [Alexei] Navalny, one of the most famous opposition leaders, is a customer of a known operator, you may get all Navalny traffic to be copied through the DPI to the external system. It’s real. And it even shows you which sites he has been to.”
As the OpenNet Initiative has diligently cataloged (both on their website and in their book, Access Controlled), the Russian Federation (and other CIS states) have pioneered the development of these more sophisticated second and third generation Internet control methods (first generation being outright blocking of banned content) — many of which are made possible by DPI.
The emergence and increased sophistication of DPI has also altered the early cyber-utopian reality that accompanied a burgeoning Internet, voiced by John Gilmore almost two decades ago, that “the Internet interprets censorship as damage and routes around it.” No longer is the Internet a libertarian mecca defying centralized control that many once thought it to be (if it really ever was, however, is debatable).
What the Russian registry is really about, as the testimony from the Wired article hints at, is reigning in the ability of the Internet to undermine government control and authority. And with this new reality, we have arrived at a global governance inflection point. The operative question for diplomats being: Will international governance bodies promulgate norms that elevate Internet freedom or state control as first-order priorities? At its core, that is what much of the fuss is about surrounding the ITU/WCIT process. And if you have any doubt that there is a global struggle for hearts and minds going on as we speak over the future of the Internet, let me direct your attention to the “International Code of Conduct for Information Security” (always helpful to use the cybersecurity when discussing curtailing human and civil rights) that was proposed by China, Russia, Tajikistan and Uzbekistan before the UN general assembly last year, which sought to commit UN members to “curbing the dissemination of information that incites terrorism, secession-ism, or extremism, or that undermines other countries’ political, economic, and social stability, as well as their spiritual and cultural environment.”
“Ensuring political, economic and social stability” is just another way of saying, “protect the status quo” or “defend political and commercial incumbents.” (I refer you to the great book by Daron Acemoglu and James Robinson, Why Nations Fail, to explain why that is objectively bad for both individual nations and most of the global population.) Understandably, many of the more authoritarian regimes around the world are afraid of the disruptive potential of the Internet. The struggle for the democracies of the world in this relatively new international political battle is to make sure that Russia’s behavior is shunned by the community of nations, not accepted as the new normal. With that being said, be sure to pay attention to the the Internet Governance Forum (IGF) 2012 that begins Monday in Baku and the WCIT meeting in Dubai in December. The stakes are very high.