September 1, 2017

Russia launches “summer offensive” in domain of information, cybersecurity

More

Russia is intensifying its previously launched effort to centralize control over the domestic cyber and information space.

The Russian parliament (Duma) adopted a piece of legislation on July 21, which virtually outlaws anonymous communication over Internet-based instant messengers (IM) (Rosbalt.ru, July 21). The new law forces all IMs operating in the Russian Federation to:

• identify users by their actual telephone number;

• store and protect data pertaining to the identification of its users;

• block the delivery of messages that contain information that fails to comply with normative acts and laws of the Russian Federation; and

• restrict the delivery of messages at the request of the Russian government.

Moreover, a week earlier, on July 12, the Duma adopted a package of laws (three in total) to regulate the protection of Russia’s critical informational infrastructure against viruses and cyberattacks (Rosbalt.ru, July 12). In order to achieve this goal, the legislation stipulates the creation of a system (directly controlled by government agencies) to detect, warn and liquidate virus threats and cyberattacks against online information resources.

These new laws also introduce severe punitive measures. For instance, anyone responsible for hacker attacks (and the creation of hostile online software) will be punished with up to 10 years in prison and a fine of 1 million rubles (approximately $16,000 U.S.). Whereas violations of rules and regulations pertaining to the storage, processing and transmission of protected information will be punished by six years of imprisonment. Both sets of laws come into legal force on January 1, 2018.

The newly adopted laws were marked in Moscow by a demonstration on July 23, which drew more than 800 people protesting against the restrictive measures governing online activities. Interestingly, the march took on an explicitly political character. The majority of the assembled protesters carried posters critical of President Vladimir Putin and shouted slogans such as “Shame,” “Freedom of speech everywhere and always,” “Russia without Putin,” “Say no to Roskomnadzor [the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media],” and “Putin lies.” In addition, the demonstrators demanded the freeing of activist Dmitry Bogatov, who was incarcerated for allegedly helping to organize the anti-government and anti-corruption protests in April (Dozhd, July 23).

The two most recent decrees on information and cybersecurity should be seen as the continuation of a broader Russian campaign pertaining to online activities. In March, LinkedIn Corporation announced that it had failed to reach a consensus with Russian authorities over the company’s refusal to localize the private data of its users (whose number reached approximately 5 million in 2016). This enables Rosmondanzor to continue blocking the professional career–focused social network on the Russian market (Kommersant, March 9). On the other hand, Twitter, one of the largest global social networks operating on the Russian market, had “agreed” to start localizing its users’ personal data in Russia. It is expected to complete this process by the middle of 2018 (Kommersant, April 19).

On May 30, Russian official sources revealed that Belgorod Oblast was chosen for a unique experiment: it is to become the first Russian region where the so-called “cyber-squads” (kiberdruzhiny) project will be launched (Rosbalt, May 30). Russian sources contend that these formations will be tasked with searching for “adverse” and/or “illegal” information found on domestic Internet sites. The decree, signed by the local governor, Evgenii Savchenko, explicitly states that these units will be concerned with the “formation of positive content [the meaning of this notion is not specified]” and the “stimulation of ‘social projects’ in the domain of information security.” Another task assumed by the kiberdruzhiny is defined as “participating in elaborating methods to counter information and cyber crimes and offenses”; this is to be conducted jointly with other governmental forces, agencies and institutions.

Particular emphasis is placed on recruitment of and cooperation with a younger generation of Russians. For instance, the project will be coordinated by the Center of Youth Initiatives, which is on the payroll of the regional Youth Policy Management Department. The work of the center will focus on daily analysis of data collected by the “cyber squads.” The main goals are “protecting young Russians from harmful information, [and] the elimination of extremist content, child pornography and gambling.” Yet, considering how legal charges of “radicalism” and “extremism” are frequently applied in Russia (see Eurasia Daily Monitor, May 21), the genuine tasks of the Center might be rather different.

Meanwhile, the cybersecurity powers that were expected to be granted to the Russian National Guard (Rosgvardia) (see EDM, March 21) are now coming to pass – despite initial dismissals by Russian officials. On May 19, Col. Gen. Sergey Melikov, the organization’s first deputy director, announced that the Rosgvardia will begin training IT specialists and personnel specifically tasked with monitoring online social networks (Interfax, May 19). He also admitted that these units are already operating under the umbrella of the Perm Military Institute. Moreover, he emphasized that IT and information security should now be seen as the main priority of the National Guard (Rublacklist.net, May 19).

Finally, on July 26, it was announced that the Russian Duma may adopt new amendments in the fall of this year regarding fines for spreading “illegal content and the dissemination of false information on social networks” (Vedomosti, July 26). The ruling United Russia party is vigorously promoting this proposed legislation and particularly wants to see it applied to so-called “foreign” social networks.

Clearly, Russia is intensifying its previously launched effort to centralize control over the domestic cyber and information space. And the latest legislation and developments look to be even more far-reaching than earlier laws and regulations. Aside from employing increased numbers of Russians – from youth to IT professionals to members of the Rosgvardia – in order to more effectively strangle the domestic information space, Moscow now looks ready to launch an offense against so-called “foreign” social networks. If successful, this would be a potential game-changer in the process of gradually eroding the Russian population’s connection to the outside world.

The article above is reprinted from Eurasia Daily Monitor with permission from its publisher, the Jamestown Foundation, www.jamestown.org.

Comments are closed.