German Council on Foreign Relations
No. 2 January 2020 ANALYSIS
Deciphering Russia’s “Sovereign Internet Law” Tightening Control and Accelerating the Splinternet
Alena Epifanova is program officer at the Robert Bosch Center for Central and Eastern Europe, Russia, and Central Asia KEY FACTS
In November 2019, Vladimir Putin’s regime introduced new regulations that create a legal framework for centralized state management of the internet within Russia’s borders. Although full implementation will be extremely difficult, this framework will likely lead to tighter state control over society and additional compli- cations for domestic and foreign companies. The regulations are expected to accelerate the fragmentation of the global internet and to increase Russian reliance on Chinese technology.
– Germany and the EU should assess the risks and long-term implications of Russia’s new internet legislation for European companies and civil society actors.
– EU institutions, particularly the European Commission with its geopolitical focus and ambitions, need to consider devising mechanisms to protect the companies and civil society actors of EU member states from disadvantages created by Russia’s new regulations.
– Germany and the EU should actively promote the advantages of the global internet and involve major stakeholders, civil society actors, and business entities in a broad discussion on how to sustain and enhance its future. 2 No. 2 | January 2020
Deciphering Russia’s “Sovereign Internet Law” ANALYSIS
THE NEW “SOVEREIGN INTERNET LAW” - The implementation of a Russian national Domain Name System (DNS) New regulations on the internet in Russia, most of which came into force on November 1, 2019 and oth- ers of which are due to follow in January 2021, have RUSSIA’S GOALS attracted international attention and been described publicly as Russia’s “sovereign internet law.” In fact, With these three key amendments, Russia is trying to there was no such new law, but rather a series of achieve at least three different goals. First, it aims to amendments to the existing federal laws “On Com- create a mechanism for effective surveillance of the munication” and “On Information, Information Tech- internet within its borders. To this end, the amend- nologies, and Information Protection.” ment concerning the installation of “technical equip- ment for counteracting threats,” allows for greater state control of information and the prevention of its dissemination if needed. Consequently, implemen- CONTENTS tation of the new legislation may give the Russian government the opportunity to curtail opposition THE NEW “SOVEREIGN INTERNET activity on social media sites, helping it to prevent protests such as those in 2011 through 2013 ahead LAW” 2 of elections to Russia’s parliament, the State Du- RUSSIA’S GOALS 2 ma, scheduled for 2021 and the presidential election scheduled for 2024. Even if this amendment is tech- RISKS TO OTHERS 3 nically difficult to implement, as will be explained below, the law itself is a part of the Putin regime’s CENTRALIZING STATE CONTROL OVER continuing intimidation strategy and it will impact Russian society. THE DECENTRALIZED INTERNET 3 IMPLICATIONS OF THREE KEY Second, the state aims to become the key regula- tor of the internet in Russia. The recent amend- AMENDMENTS 4 ment allowing the state to create centralized control RUSSIA WILL LIKELY BUILD UP ITS over the internet infrastructure by introducing the cross-border control of connection lines and the re- PARTNERSHIP WITH CHINA 8 routing of traffic is an attempt to enable the isola- RECOMMENDATIONS 10 tion of a national network from the global internet – for which the state can open and close “digital bor- ders” and determine the flow of information within them as it sees fit. While total state control of Rus- Officially, the amendments aim to protect the in- sia’s internet will remain impossible so long as the ternet within Russia from external threats. In fact, country is connected to the world via the existing they provide the crucial legal framework for creat- infrastructure of the global internet, the passing of ing a centralized management system of the internet this amendment by Putin’s regime was an attempt to by the state authority – theoretically enabling the present its control of telecommunication lines, net- isolation of Russia’s network from the global inter- works, and traffic as a fait accompli. net. These three amendments have particularly far reaching implications: Third, Russia intends to expand the state-centered model of the internet at the international level. The - The compulsory installation of technical equipment amendment aiming to create the infrastructure for for counteracting threats a national Domain Name System (DNS) could, if - Centralized management of telecommunication net- achieved as planned in January 2021, create a Rus- works in case of a threat and a control mechanism sian segment of the internet – parallel to and prob- for connection lines crossing the border of Russia ably not compatible with the existing one. With this move, Russia is not seeking to isolate itself from the rest of world, but rather to create a precedent, which other states aspiring to sovereignty over their seg- No. 2 | January 2020 3
ANALYSIS Deciphering Russia’s “Sovereign Internet Law”
ments of the internet could follow. Presumably, Russia will CENTRALIZING STATE CONTROL OVER need to cooperate even more closely with China than it has THE DECENTRALIZED INTERNET already to develop the technology to achieve its goals and coordinate its internet policy at the international level. In Russia has a long-standing information and internet poli- the long term, such cooperation could lead to the fractur- cy through which it has already attempted to control the ing of the global internet and a shift of stakeholders and internet in previous years, as was also described in a re- powers. cent DGAP paper by Andrei Soldatov1 (see Infobox on page 4). But, in current practice, the state authorities apply the restrictive internet laws that already exist in Russia2 selec- RISKS TO OTHERS tively for two reasons. First, due to the lack of technical ca- pability, some of the laws cannot be implemented. 3 Second- Although some implications of the three amendments are ly, certain internet services and applications are so popular still unclear and some regulations and requirements are not that the state does not block them in order to avoid public yet in place, the new legislation already carries concrete discontent.4 risks, which concern not only Russia itself, but also Germa- ny and other European countries that cooperate with Rus- Generally speaking, in order to gain more influence over sia and own companies operating within it. a domestic internet, state authorities can implement cen- tralized and decentralized control mechanisms. Which one The now compulsory “technical equipment for counteract- to choose is mainly defined by the network infrastructure ing threats” will, for example, also be able to prioritize traf- and the amount of control countries possess over their net- fic. It can delay the flow of certain types of network packets works.5 China, for example, opts for centralized control; the while prioritizing others, giving them better performance. country brought internet service providers (ISPs) under its In practical terms, users of particular websites and services yoke early on and traffic is guided through “choke points,” could experience slow access or unavailability. Such prior- network nodes through which data travels when entering itization could compromise network neutrality and lead to or exiting a country’s internal network. Countries such as discrimination against companies not protected by the Rus- the United Kingdom, India, and Russia currently have much sian state. less control over their networks and domestic ISPs. In their case, a decentralized approach is favorable. Authorities The fact that neither technical requirements nor certifica- roll out new laws and policy measures and oblige ISPs to tion for this new equipment exist also means that network comply.6 Up to this point, Russia was “the largest and most failures are likelier to happen. Companies operating in Rus- aggressive” country pursuing decentralized control,7 as sia could, in turn, suffer collateral damage caused by the new demonstrated by the laws enacted since 2012 regulating the equipment with limited possibilities for recouping losses. internet. The new amendments introduced in 2019 aim to give Russian authorities more centralized powers. Roskom- In addition, the likelier prospect of the so-called “splin- nadzor – the Federal Service for Supervision of Communi- ternet,” where segments of the internet are controlled and cations, Information Technology, and Mass Media – and the regulated by different states and actors, could lead to in- central point for control over communication networks and compatibility among technical, regulatory, and operation- facilities as well as personal data in Russia,8 wants to moni- al standards – thus impeding cross-border cooperation and tor traffic at its source, without having an ISP in between or the interoperability of the global internet. internet services that do not comply with new regulations.9
1 Andrei Soldatov, “Security First, Technology Second: Putin Tightens his Grip on Russia’s Internet – With China’s Help,” DGAP Kompakt, Nr. 3, March 2019,
Deciphering Russia’s “Sovereign Internet Law” ANALYSIS
Apparently, Russia is now attempting to catch up with what IMPLICATIONS OF THREE China quickly implemented in the early days of the internet: KEY AMENDMENTS centralized and effective control mechanisms at the root of the network. Below the implications of three key amendments included in the new regulations are explained in detail.
1. The Compulsory Installation of Technical Equipment RUSSIA’S INFORMATION for Counteracting Threats AND INTERNET POLICY This amendment requires all internet service providers to One of the first laws was passed in reaction to a series install “technical equipment for counteracting threats to of mass protests in 2011 through 2013. The protests stability, security, and the functional integrity of the inter- were against manipulation of the parliamentary election and the so-called rokirovka – the position net on the territory of the Russian Federation” (TSPU) on swap between then President Dmitri Medvedev their networks.14 The legislation does not specify which and Prime Minister Vladimir Putin. The opposition technical equipment should be used. Although, at this writ- made wide use of the internet to bring people to the ing, there has still been no official decree on this equipment streets. As a reaction from the state, in 2012, a law and its technical requirements, the articles of this amend- on a unified register of banned websites came into force.10 The register initially included sites containing ment state that Roskomnadzor will provide it to ISPs free of child pornography and drugs. But less than two years charge.15 The technology will apparently be installed nation- later, in 2014, it was amended to include websites wide by a single company called “Data – Processing and Au- promoting rioting or containing extremist content or tomation Center”16 and controlled by Roskomnadzor. participation in mass public events.11 Since 2015, all domestic and foreign internet companies The past attempt by the Russian state to block Telegram,17 are obliged to ensure the recording, systematization, a cloud-based messaging app, provides a good example of accumulation, and storage of the personal data of how the regime is attempting to use this amendment to Russian citizens on servers physically located within Russia.12 prevent unrestricted communication that could be utilized to coordinate social unrest and opposition movements.18 In 2016, Yarovaya’s Law (named after Irina Yarovaya, a Telegram claims to allow the secure exchange of informa- member of the party United Russia in the State Duma and co-author of the legislation) came into force. tion through end-to-end encryption, which makes commu- Since then, telecommunication companies have been nication possible without intelligence services being able to required to store the content of text messages, phone read it. In 2018, according to the founder of the company conversations, images, and videos for six months, as Pavel Durov, Telegram had over 15 million users in Russia.19 well as their metadata for three years within Russian territory. They must provide this information to securi- ty services upon request.13 In its attempt to block Telegram, Roskomnadzor tried to ban the IP addresses of Telegram servers without success.20 In order to finally ban the service21 and prevent undisclosed
10 Resolution of the Government of the Russian Federation No. 1101 dated October 26, 2012 (Moscow) “On the Unified Automated Information System ‘Unified Register of Domain Names, Indexes of Pages of Websites in the Information and Telecommunication Network ‘Internet’ and Network Addresses that Allow Identification of Websites in the Information and Telecommunication Network ‘Internet’ containing information the dissemination of which is prohibited in the Russian Federation’” [in Russian], Rossiyskaya Gazeta, October 29, 2012,
ANALYSIS Deciphering Russia’s “Sovereign Internet Law”
communication, Russian authorities might use, Wide Web.26 Unfortunately, this is not entirely the among others, a technology commonly referred to as case. Because data packets – even those sent via an Deep Packet Inspection (DPI). This new amendment encrypted connection – are always sent to a certain obliges ISPs to accept and cooperate in the installa- destination, they must always carry an address that tion process of DPI systems or a similar technology. is visible. This information cannot be encrypted be- cause an ISP would otherwise not know to which address it is supposed to send the user’s request. For DEEP PACKET INSPECTION example, an ISP will know that a user is requesting data from YouTube, the size of the request, and its The main technical components of DPI length. But, thanks to encryption, it will not know systems are so-called black boxes, which are which specific video the user is watching. installed at the hubs of internet providers to analyze both data packets and the content of For Russian authorities, the package destination communications. They enable the monitoring, might be indicator enough to block requests from filtering, and slowdown of requests as well undesired websites. One possible solution would be as the blocking of specific content. The black for a user to hide the address of the packet he or she boxes can also determine to which service or wishes to send by redirecting it through a Virtual application each data packet is attributed. Private Network (VPN). In this case, the user doesn’t Although DPI systems have been used in communicate directly with the ISP but through one Russia since 2012, when legislation creating or several entities in between. This makes the des- an internet blacklist was enacted,22 ISPs have tination of the request only visible to the VPN ser- yet to introduce them widely because of their vice provider but not the ISP. But, since Russian au- high cost, which they had to bear themselves. thorities are also trying to use DPI systems or similar technologies to shut down VPN services, this work- around may sooner or later cease to be a viable Anonymous sources have told the BBC that DPI sys- option. tems, which have already been tested on the net- works of all major mobile network operators in the Another workaround in current use is a technique Ural region,23 are indeed Roskomnadzor’s choice.24 called “domain fronting,” with which a request gets While it can therefore be assumed that the imple- redirected on the same server after a HTTPS con- mentation of the TSPU amendment will be based, at nection has been established. This technique, among least in part, on the use of Deep Packet Inspection others, was used by Telegram to bypass Roskom- technology – the exact specifications, capabilities, nadzor’s IP bans. However, this workaround, too, is and effectiveness of which are unknown – it might becoming more difficult to implement as compa- also include other hardware and software solutions, nies such as Amazon or Google, which operate serv- which are also unknown at this time. ers also used for domain fronting, seek to end this practice.27 Even Encrypted Connections Might Be Blocked If Roskomnadzor widely implements DPI systems or Traffic Speeds May Be Prioritized and similar technologies, they might be used to block Discriminated undesired traffic and severely censor the Russian DPI or similar technologies can also be used to pri- web. One might think that DPI systems cannot iden- oritize and discriminate traffic. Prioritizing traffic tify, and therefore block, packets of encrypted con- could have far-reaching consequences for net neu- nections such as HyperText Transfer Protocol Se- trality, especially if it is carried out by a state author- cure (HTTPS),25 which is widely used on the World ity. Roskomnadzor could slow down the traffic speed
22 Andrei Soldatov, Irina Borogan, “The Kremlin’s New Internet Surveillance Plan Goes Live Today,” Wired, November 1, 2012,
Deciphering Russia’s “Sovereign Internet Law” ANALYSIS
of all unknown or undesired connections and priori- 2. Centralized Management of Telecommunication tize trusted connections of entities that comply with Networks in Case of a Threat and a Control Mech- the fixed rules.28 anism for Connection Lines Crossing the Border of Russia European telecommunication operators may have confirmed that such prioritization and discrimina- This new amendment states that the media regulator tion of traffic works. Larger ISPs – including Deut- Roskomnadzor can take over the centralized man- sche Telekom – are suspected of using DPI for com- agement of the network31 in case of a “threat.” The mercial purposes in order to control traffic speeds three main threats are defined in a government de- to block intensive forms of consumption (for ex- cree on the “centralized management of a public ample streaming) that are not included in a user’s communications network,”32 which is currently still contract.29 And if ISPs can slow down connections, in its development phase and has not yet entered in- Roskomnadzor could do the same in order to put to force. These threats are: enormous pressure on companies that do not com- ply with its fixed rules. If a state authority massive- 1. to the integrity of the network, for example when ly slows down some connections, targeted compa- no connection can be established between users; nies could face issues that threaten their businesses. 2. to the stability of the network, for example when These could include seeing a marked decrease in equipment does not work correctly or is disabled their user base as customers dissatisfied with the due to natural or man-made disasters; inconvenience of substantially slower services are 3. to the safety of the functioning of the network, for pushed toward alternatives. example when hackers attack the network and ISPs cannot resist the attack, or when ISPs themselves If this amendment is fully implemented, bypassing cause disruption.33 DPI services and accessing restricted areas of the in- ternet will be very difficult except for highly skilled If any of these threats materialize, Russian ISPs will users, leading to an “asymmetry of blocking effec- have to comply with the rules fixed by Roskom- tiveness.”30 Since it must be assumed that IT special- nadzor, which then prohibit the routing of telecom- ists can circumvent DPI systems, the amendment’s munication messages through communication net- official goal – repulsing threats – is not entirely plau- works located outside of the territory of the Russian sible. In other words, it is likelier that the primary Federation.34 In addition, when two autonomous sys- target of wide implementation of DPI is Russia’s ordi- tems wish to communicate with each other, they will nary users, whose internet use will assuredly be re- have to do so through traffic exchange and connec- stricted. Private companies might also be targeted to tion points35 monitored by Roskomnadzor. The agen- cause them economic disadvantages. cy can ask any ISP or person running an autonomous system to “change the routes of telecommunication messages” and guide those messages through “tech- nical means to counteract threats to the stability, security, and integrity of the functioning of the […] internet.”36
28 Maria Kolomychenko, “Roskomnadzor proposed testing Runet for ‘sovereignty’” [in Russian], RBK, March 28, 2019,
ANALYSIS Deciphering Russia’s “Sovereign Internet Law”
Furthermore, this new amendment creates a control of the network and thus prevent information that is mechanism for connection lines crossing the border critical of the government from entering or spread- of the Russian Federation. All owners of such com- ing within the country. munication lines are obliged to report not only their purpose, but also which facilities exist on that line to In the past, several deliberate internet shutdowns Roskomnadzor.37 have occurred in different countries on differ- ent scales. An intentional local shutdown is theo- retically possible in any country with a weak legal system – because it can be pushed through with little juridical resistance. For example, one such Russia has more than shutdown took place in August 2019 during ral- lies in the center of Moscow; the BBC claims it was 40 providers on its requested by law enforcement agencies.39 In Novem- ber 2019, Iran cut off most of its internet for several borders, and – for now – days. However, this nationwide shutdown was only possible because the country relies on data connec- no large choke points tions through choke points40 and has a very limit- ed number of ISPs, which are all state-controlled. In contrast to Iran, Russia has more than 40 provid- ers on its borders, many ISPs, and – for now – no large choke points. These parameters had made any The Danger of a Kill-Switch major internet shutdown in Russia hard to execute.41 The aforementioned stipulations give state authori- The new amendments, however, create a new legal ties the potential to create a “kill-switch,” a relative- basis for just such a scenario, thus enhancing the ly easy to use mechanism that can be used to shut probability of a shutdown. down most of the Russian internet. In the event of such a shutdown, even DPI bypass systems, VPNs, or 3. The Implementation of a Russian National Do- other unidentified connections will not work – com- main Name System (DNS) munication becomes physically impossible. This key amendment concerns the creation of a Rus- The global internet is strong and redundant because sian national Domain Name System (DNS), which is its traffic is handled by a web of computers and serv- due to be implemented by January 2021.42 It aims “to ers; data can therefore take many different paths in ensure a stable and safe use of domain names on the order to reach its destination. The amount of cen- territory of the Russian Federation.”43 The Russian tralized traffic exchange and choke points strong- national domain zone will be composed of its own ly affects the power of a government to censor and infrastructure, which means root servers and propri- repress data flows.38 The lower the amount of choke etary domain names. Roskomnadzor is again vested points, the more easily they can be controlled. with enormous power: it will define regulations on the national DNS, requirements for it, and the pro- With implementation of this new amendment, Rus- cedure for its establishment, as well as the rules for sian authorities will weaken the robust structure of its use. It will also determine the list of domain name the Russian internet by guiding traffic through cen- groups constituting the Russian national domain tralized, state-controlled connection points, which system.44 can be shut down in case of a “threat.” Russian au- thorities might soon be able to cut off major parts
37 See note 14: Article 56² of “Federal Law No. 90-FZ.” 38 Monique Clement, “Choke points and censorship: Protecting free flow of information on internet,” Arizona State University, September 10, 2018,
Deciphering Russia’s “Sovereign Internet Law” ANALYSIS
The creation of a proprietary national DNS has nev- within the framework of the International Telecom- er been successfully achieved by any country. It is munication Union (ITU) of the United Nations.50 therefore very hard to predict if such a system could work in parallel to the worldwide DNS in current use, which is allocated and managed by the Internation- al Corporation for Assigned Names and Numbers (ICANN). A national DNS would only make sense if Russia is pushing for a country opts for a long-term and complete isola- tion of its internet. If Russia manages to implement an alternative internet the new amendments providing for the control of all networks and servers on its own territory and al- governance model with lowing for their disconnection from the global inter- net, it would then need its own domain name system. strong state sovereignty This would segregate Russian websites from the in- ternational DNS, making them unavailable in all oth- er parts of the world. At the same time, Russia would likely become unable to use the global DNS. Russian fears of getting cut off from the internet ex- Aspiring to Independence from ICANN pressed in the explanatory note are not fully plau- In an explanatory note about Russia’s new law on the sible. First and foremost, because ICANN is an in- “sovereign internet,” the Russian legislature claims dependent organization,51 interference from the that it was created in light of “the aggressive nature US government is legally almost out of the ques- of the US National Cyber Security Strategy adopt- tion. Moreover, the US government is most likely not ed in September 2018.”45 In it, the US accuses Rus- technically capable of shutting down domains relat- sia – along with China, Iran, and North Korea – of ed to Russian websites. The worldwide DNS is man- using “cyber tools to undermine [its] economy and aged by IANA (the Internet Assigned Numbers Au- democracy, [and to] steal [its] intellectual property.”46 thority), a function of ICANN located in California. Furthermore, the document states that the Unit- Top Level Domains (TLDs) like .ru or .de are stored ed States will punish those who use cyberattacks on so-called root zone files. These files, which are against them.47 According to the explanatory note, managed by ICANN and can be considered the back- Russia needs to take “protective measures to ensure bone of the internet, are primarily stored on 13 root the long-term and stable operation of the internet in zone servers worldwide – ten of which are located Russia, and to increase the reliability of Russian in- in the US, and one each in the Netherlands, Sweden, ternet resources.”48 and Japan.52 But TLD files are also stored on many other name servers.53 If the 10 root servers on US soil But it would be misleading to consider Russia’s new are modified so that the domains of Russian web- internet legislation as a mere reaction to the US Na- sites are redirected, for example, there are still three tional Cyber Security Strategy of 2018. Since 2012, other root servers and all the name servers left. As Russia has been actively criticizing ICANN’s domi- soon as manipulation of the root zone files is detect- nant position in coordinating the global DNS, allo- ed, DNS providers can stop the mirroring process cating IP addresses, and governing the internet.49 In from US root servers. Hence, all the remaining DNS parallel, Russia is pushing for an alternative internet servers would still have the files which grant access governance model with strong state sovereignty and to the Russian domain names. Consequently, even if
45 “The Sovereign Internet law has been passed” [in Russian], State Duma, April 16, 2019,
ANALYSIS Deciphering Russia’s “Sovereign Internet Law”
almost all the root servers are located in the USA, a and “interaction in the development and promotion shutdown of TLDs related to Russian websites by the of international law standards to ensure national and US government is not a realistic scenario.54 international information security.”57
Against this background, it seems as though the aim Additionally, in June 2016, Vladimir Putin and Xi Jin- of this new amendment is not to defend the inter- ping signed the joint statement on cooperation in in- net in Russia from outside attacks, but rather a pro- formation space development. Both leaders stress active step toward splitting its own national segment they “uphold as always the principle of respecting off from the infrastructure of the global internet in national sovereignty in information space,” and “ex- order to gain state sovereignty over it. First of all, plore the possibilities of developing universal rules of a proprietary DNS would make Russia independent responsible behavior in the information space with- from ICANN,55 which the Kremlin sees as being dom- in the UN framework.”58 Indeed, China has often sup- inated by the USA. And – although technical imple- ported Russia’s initiatives in setting rules in cyber- mentation seems far from easy – a national DNS space within the UN framework.59 is the key part which would allow the state to cut off the domestic internet for the long term. Russia would then not have to cope with international traf- fic and, thus, undesired information leaving or enter- ing the country. A Sino-Russian cooper- ation could lead to the RUSSIA WILL LIKELY BUILD UP ITS PARTNERSHIP WITH CHINA fracturing of the Russia’s ambitions to build a model of state-backed global internet internet control, create its own national DNS, and set new rules in cyberspace only make sense if it teams up with other countries. It remains to be seen how many countries would want to join its experiment. However, Russia already has a longstanding relation- Such cooperation with China can be beneficial for ship with China when it comes to the internet. Both Russia’s ambitions in the internet in both domestic countries have had several high-level meetings on and international politics in a number of ways. First cybersecurity and internet control. of all, Russia’s divergence from the West means it might need technology from China; in fact, it is al- In May 2015, Russia and China signed a bilater- ready striking deals with Chinese companies. In June al agreement on cooperation in the field of inter- 2019, for example, Huawei signed – in the presence national information security56 and defined a broad of President Vladimir Putin and President Xi Jin- range of forms in which such cooperation could take ping – a contract with MTS, one of the biggest Rus- place. The agreement includes the “creation of com- sian telecom companies, to develop Russia’s 5G net- munication channels and contacts to jointly respond work.60 Just a couple of months later, they jointly to threats,” “exchange of information on the legisla- launched the first 5G test zone in Moscow.61 tion of the states on ensuring information security,”
54 Roman Goncharenko, “Russia moves toward creation of an independent internet,” Deutsche Welle, January 17, 2018, Deciphering Russia’s “Sovereign Internet Law” ANALYSIS Secondly, Russian authorities can benefit from Chi- for instance, stores user data on many different serv- na’s experience in internet regulation and surveil- ers worldwide,65 making them hard to regulate. Be- lance when it comes to implementing its new legisla- cause Russia’s society and economy rely so heavily tion on internet control. According to press reports, on services such as social networks, search engines, Roskomnadzor and its Chinese counterpart – the financial services, and Software as a Service (SaaS), Cyberspace Administration of China – are going to replacing foreign ones with domestic versions seems cooperate in countering the spread of prohibited to be a nearly insurmountable task. Simply shutting information.62 down foreign platforms would also have tremendous negative consequences for the economy and likely Cooperation between Moscow and Beijing does not, generate social outrage. however, automatically mean that the Russian au- thorities can simply imitate China’s procedures in In addition, Russia needs to partner with China at blocking undesired traffic. As already mentioned, the international level to promote the idea of state given the fact that China began its isolation process sovereignty in cyberspace. As previously suggest- and the implementation of its so called “Great Fire- ed, Russian fragmentation from the global internet wall” in the early days of its participation in the in- would only make sense if the country had allies with ternet, the structure of China’s network is, for now, whom it could establish a parallel network. In No- very different from Russia’s, which has been fully in- vember 2017, it became known that Russia’s Securi- tegrated into the global, decentralized internet from ty Council instructed the Ministry of Communica- the outset. While the Chinese internet has only very tions and the Ministry of Foreign Affairs to develop few cross-border traffic exchange hubs, Russia’s has ideas for a separate internet infrastructure and its many – some of which are not even on the radar of own DNS root server system for the BRICS countries its state authorities.63 – Brazil, Russia, India, China, and South Africa – in- dependent from ICANN.66 Successfully establishing a regional segment of the internet will depend on Rus- sia and China developing a network infrastructure which can be sustained without the architecture of the global internet. As yet, it is difficult to predict if Germany should add they will succeed. It is also still unclear to what ex- tent it will be attractive for other countries to shut coordinating support for themselves off from the global internet. Howev- er, with the new legislation, Russia has created a le- the existing multi-stake- gal framework whose implementation must be tak- holder model of en seriously. internet governance RECOMMENDATIONS First, Germany and the EU should begin assessing the risks and long-term implications of Russia’s new Furthermore, as China has its own global internet internet legislation for European companies and civ- services, it does not rely on YouTube, WhatsApp, il society actors in a timely manner. The EU needs a Google, or Facebook. In Russia, the US companies clear understanding of Russia’s dependence on the Google and Facebook currently provide some of the internet ecosystem, its technical capability, and its most widely used internet platforms.64 Many of these political goals in order to differentiate between the companies operate on an international level. Google, officially proclaimed goals of the Russian state and International-relations/Russia-and-Huawei-team-up-as-tech-cold-war-deepens> (accessed January 6, 2020). 62 “Roskomnadzor will sign an agreement with China’s Internet regulator” [in Russian], RBK, October 8, 2019, Second, EU institutions need to consider taking ac- tive steps to protect the companies and civil soci- ety actors of EU member states operating in Rus- sia from disadvantages created by the Putin regime’s new regulations. The European Commission with its geopolitical focus and ambitions could play a par- ticularly key role in creating and implementing such measures. Third, the German government could play an im- portant role in advocating for an open and free in- ternet. Concretely, Germany should add coordinat- ing support for the existing multi-stakeholder model of internet governance to the tasks of its upcoming Rauchstraße 17/18 EU presidency, which begins in the second half of 10787 Berlin 2020. Standards for transnational legal regulations, for example, need to be developed as soon as possi- Tel. +49 (0)30 25 42 31 -10 ble – particularly because the ongoing cooperation between China and Russia in filtering, controlling, [email protected] and regulating the internet poses a real danger of www.dgap.org segmenting the existing internet and shifting glob- @dgapev al power. The German Council on Foreign Relations Finally, Germany and the EU should actively promote (DGAP) is committed to fostering impactful the advantages of the global internet and involve foreign and security policy on a German and major stakeholders, civil society actors, and busi- European level that promotes democracy, ness entities in a broad discussion on how to sustain peace, and the rule of law. It is nonpartisan and enhance its future. Ideally, they should devel- and nonprofit. The opinions expressed in op a common long-term strategy for preserving the this publication are those of the author internet in its current, non-segmented, truly global and do not necessarily reflect the views of form, which would involve widening the scope of ex- the German Council on Foreign Relations isting platforms such as the United Nations’ Internet (DGAP) Governance Forum. Publisher Deutsche Gesellschaft für Auswärtige Politik e.V. ISSN 1611-7034 Editing Helga Beck Layout Charlotte Merkl Design Concept: WeDo Acknowledgment: The author wishes to thank Philipp Author picture(s) © DGAP Dietrich for his excellent support in the research, writing, and discussion of this DGAP Analysis. This work is licensed under a Creative Commons Attribution – NonCommercial – NoDerivatives 4.0 International License.