Recent accusations of Russian interference during the presidential election in the US has led to worldwide concerns about network security. It has also bolstered Russia’s argument for more multi-lateral internet governance.
The revelations from classified documents leaked by former US National Security Agency contractor Edward Snowden has also highlighted the scale of global cyber espionage, including some cases in which products from US technology industries were used to spy online.
This evolving situation has now led Russia and China to make an effort to have more government control in the use of the internet facilities operating in their respective countries. This is being done in the name of national and collective security. These two countries are also maintaining a unified front in their respective challenges to the West’s conception of internet usage, particularly within the domestic realm.
A Russian law pertaining to data localisation of internet communications took effect last year with the stated intent of safeguarding Russian citizens from the growing threat of foreign interference, particularly from the US, in cyberspace.
The media has reported that this law requires companies obtaining information online from Russian citizens to store that data on servers physically located within the country.
Such an order means that companies like Google, Facebook, or Twitter are now required to move or build data centers in Russia if they wish to conduct business online in that country. Otherwise Russian internet users are blocked from accessing the contents of these companies.
Foreign technology industries and civic activists have been opposing the law but analysts agree that it is suitably addressing Russia’s network security concerns in several ways. The law is giving Russia another tool for controlling the flow of information within its borders. Moreover, the Kremlin is being enabled to closely monitor the flow of information into and out of Russia through the internet to protect its internet space from foreign actors -- whether state or non-state. This issue of data localisation is however being also seen as the Kremlin’s overall effort to shape the rules, architecture, and future development of the internet.
China has also been working on implementing its own network security laws and other national security policies that cover a much broader scope than Russia’s data localisation law.
These include enforcing the concept of internet sovereignty in legislation and banning foreign technologies in some cases for critical sectors.
It needs to be understood that China already employs much stricter measures than Russia regarding censorship and government control over its cyber space. However, China’s network security strategy intersects with its economic goals and leverages the demand of its enormous population of internet users in implementing national policies to help defy internet stakeholder opposition.
Russia and China, through their recent strategic measures, are among some of the notable countries that want to challenge the de facto model of a decentralised collection of loosely structured committees and internet stakeholders agreeing to technical standards for the internet. This is also being done in the name of cyber security. The status quo of the internet, and particularly the prominence of US and other Western stakeholders, is being viewed by them as an obstacle to the desired change in internet governance and future implementation of global internet policies.
Russia and China are among some of the notable countries that want to challenge the de facto model of a decentralised internet
Currently, the effort is revolving around a polarised view of governing the internet with either a multilateral model (with each country’s government dictating the rules) or a multi-stakeholder model (with all participants having an equal say in governing the current model).
Geo-politics is naturally interwoven into the evolution of these policies. Consequently, it is not surprising that China and Russia are promoting network security and internet governance issues that reflect their geopolitical situations and that mirror international relations in other areas. It is for this reason that Moscow and Beijing are pushing for global internet standards that better suit their geo-political needs, using network security as the impetus for change and greater authority in internet governance.
It appears that Russia’s approach has been towards the tightening of government control over the information flow both within its borders and between its internet space and the rest of the world. Russia’s data localisation law is therefore being interpreted as Kremlin’s latest attempt to address its network security concerns.
Reports indicate that the law has provoked some opposition, mainly from foreign technology companies concerned about the financial costs of compliance and from civic activists fearing the law’s use as a way to censor internet content in Russia. The Kremlin has tried to address some of these concerns and the government has narrowed the definition of personal data to ease the situation.
For example, the Kremlin assured Twitter that the information it obtains on its users is not considered personal data. This should however not be interpreted as capitulation by the Kremlin but more as an example of challenges that the existing internet governance model poses for governments seeking greater control over national network security policies.
In the meantime, Russia and the five other SCO members -- China, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan -- have submitted a document to the United Nations titled “The international code of conduct for information security,” to be circulated in the UN General Assembly.
The document has attempted to define the role of the state in information technology and has also emphasised on an intergovernmental model of internet governance. A similar effort was made earlier in September 2011 by Russia, China, Tajikistan, and Uzbekistan but was rejected by Western UN member states.
This attempt by Russia and China to impose similar views of governing the internet and their partnering in network security is bolstering each country’s clout in shaping otherwise separate domestic internet regulations and giving them more potential influence over global policies.
During Chinese President Xi Jinping’s last visit to Moscow, Xi and Putin signed a pledge that their governments would not conduct cyber attacks against one another. Instead, they agreed to share network security information between their respective law enforcement agencies and cyber technology experts. It is being expected that this will have a tactical impact on cyber warfare and online criminal activity.
The efforts of both these countries have met with serious challenges. They have had to modify their policies. China, for example has had to backpedal on forcing banking institutions to abandon foreign technologies.
Nevertheless, due to the evolving nature of the issue, their calls for multi-lateral internet governance and government control over network security, in all likelihood, will find some measure of success.
Muhammad Zamir, a former Ambassador and Chief Information Commissioner of the Information Commission, is an analyst specialized in foreign affairs, right to information and good governance, can be reached at [email protected]