Russia’s cyber world has grown in recent years, and now has more than 80 million users, or about 60% of the population. But in the name of digital sovereignty, Russian authorities are stepping up efforts to corral it, part of a worldwide race between running online technology and the desires of law enforcement to keep tabs on all that activity. The battle lines are forming around the challenge of encryption, which companies are increasingly upgrading in the post-Edward Snowden era to satisfy the privacy concerns of customers.
Russian authorities are fighting back with a law that comes into effect in September, requiring all global Internet platforms, such as Twitter, Google, Facebook, and Apple to store data of Russian users on Russian servers. Furthermore, it directly warned that due to the encryption employed, Russian servers may be forced to take down entire platforms in order to block one piece of objectionable content.
The idea is that data stored on Russian servers will be protected from the prying eyes of the US National Security Agency. Experts say it may also rope off Russian cyberspace and make it easier for Russian authorities to control what their own citizens are posting and reading on the Internet. The main way Russian authorities have been doing that so far is through a complex register of banned websites that Russia-based ISP’s are required to block.
The list currently contains over 10,000 websites, mostly for content even an ardent civil libertarian might have trouble defending, such as child pornography, pro-terrorist agitation, and sites that glamorize suicide. Last week, the Russian communication supervising entity Roskomnadzor sent out warning letters to Google, Twitter, and Facebook, reminding them that they are required by Russian law to hand over data about any Russian blogger who has more than 3,000 readers daily. Any user of the services who posts items calling for “unsanctioned protests and unrest” must be blocked, and due to the companies’ use of https encryption, that could force Russian ISPs to block the entire site.
In barely three months, the new law requiring all companies that operate in Russian cyberspace to store the data of all Russian users on local servers will come into effect. Experts say the law is a sweeping declaration of “digital sovereignty,” but it’s also impossible to guess how it may be enforced. And while Russia may be using its own unique mixture of threats and ill-focused laws to try to address the encryption challenge, it is a global issue.