Russia’s sovereign internet

Yandex headquarters, Moscow, Russia (Ralf Smallkaa, CC BY)

At the end of July 2018, the Russian daily Kommersant informed about a draft of legislation that, if approved, would oblige smartphone and computer producers in Russia to pre-install domestically developed software and applications.

The latest piece of legislation relating to the development of the Russian internet was drafted by the Federal Antimonopoly Service in the roadmap of competitiveness development. According to Kommersant, Russian-made applications took 11 places in the top 20 most frequently downloaded applications on the Russian market. These include social network VKontakte or Russia’s biggest search engine Yandex.Browser. Despite the relatively strong position of the Russian IT companies on the domestic market, policy makers in Moscow do not see the current position of Russian companies on the information technology market as strong enough; they want to see the Russian IT market completely dominated by domestic companies.

What does “internet sovereignty” actually mean?

The term “internet (digital) sovereignty” first appeared in the “Plan for a long-term development of the Russian segment of the information and communication network and related industries”, which was produced by the Institute for Internet Development at a direct order of the President of the Russian Federation Vladimir Putin on September 29th, 2015. The plan was put together after a meeting hosted by Mr. Putin in December 2015, where he invited representatives of Russian IT companies, including search engines, domain providers and security companies. Russia’s leading internet experts were tasked to configure a roadmap for the country’s future internet development.

The plan put forward a vision of a “digitally sovereign” Russia. The sovereignty on the internet presupposed both technological and economic sovereignty. The argument was made that only economically and technologically independent economy is able to maintain its sovereignty. The term “internet sovereignty” itself was defined as an adequately high level of self-sufficiency and technological independence.

The term is most commonly used in reference to three internet policy areas: Economic protectionism (hardware and software import substitution and support for domestic IT companies in their expansion to foreign markets); security of the Russian internet infrastructure, and use of big data and data localization.

Economic protectionism

Economic protectionism has been particularly effective in the public sector, where the potential negative consequences of market interventions on part of the state are less likely to manifest themselves than in the private sector. There have been demands placed on state institutions and all sorts of government bodies to purchase domestically produced software. For example, in July 2016, the Russian government issued an order requiring federal bodies of the executive branch to transition to the use of domestic software products. Moreover, federal bodies are expected to report directly to the Ministry of Communications and Mass media about their progress concerning the transition to the use of a domestically produced software. Similar rules apply to state corporations and companies with a state as a majority shareholder.

Besides the software substitution, restrictions have been imposed on foreign software producers’ participation in public procurements. To make it harder for foreign companies to compete for public procurements, Russian companies competing for the same public procurements organized by state bodies or state corporations get a deduction of 15 per cent from the price offered to the organizer of the public procurement. Such measure is designed to make Russian manufactures and service providers more competitive on the domestic market.

Security of the “critical information infrastructure”

One of the first steps that the Russian government took to assure the security of the critical information infrastructure was to create a list of all entities the functioning of which is considered critical for Russia’s information infrastructure. A single registry of those entities (both state and private companies, institutions, etc.) was created. These entities were then legally obliged to inform state bodies responsible for Russia’s internet security about any incidents threatening their information infrastructure.

The so called National Coordination Center for Computer Incidents is an integral part of that security infrastructure. The Center is tasked with detection, prevention, and elimination of computer attacks. The main responsibility of the Center is to coordinate the activities of all the entities designated as part of the critical information infrastructure of the Russian Federation.

Big Data and localization

Similar to the security of the critical information infrastructure, the issue of data gathering and localization is closely related to the economic aspects of the concept of internet/digital sovereignty of the Russian Federation. In general, in Russian policy papers, the development of domestic systems for data gathering, storage, and analysis, including cloud services, is seen as an essential aspect of developing a strong domestic IT industry.

The development of domestic big data infrastructure is aided by forcing foreign companies to store data about Russian internet users on the territory of the Russian Federation. These laws apply to all businesses which operate in Russia through subsidiaries, representative offices or through individual agents, to the extent they collect, record, systematize, accumulate, store, correct, extract personal data of citizens of the Russian Federation. In this way, the government wants to make sure that any foreign social networking, online shopping and other types of websites that receive information about Russian citizens install servers in Russia, and store or process information about Russian citizens only by using servers located in Russia.

One step further

A much more dramatic measure would be the establishment of a national government-controlled network which, in case of crisis, would function in an insulated environment, independently from the global internet. Such a measure seems to be very much within the realm of possibility. The so-called RuNet, or the Russian-language segment of the World Wide Web, is growing steadily each year. Given the increasing amount of internet users within the country, Russian government regulators made attempts to essentially nationalize the Russian-language internet traffic. For example, recent amendments to Communications Ministry’s “Information Society” program aim to have 99 per cent of Russian internet traffic contained within Russia’s physical borders by 2020.

Essentially, when it comes to the development of the domestic IT industry, Russia bets on the protectionist model, whereby it is made increasingly harder for foreign companies to operate in the country. However, the danger of protectionism is that the dominant companies get lazy due to the nipple of easy profits. The jury is out on whether the highly innovative Russian tech companies can use this advantage to develop or will fall foul of their privileged position and end up falling behind the rest of the world.

Filip Brokeš is an analyst and a journalist specializing in international relations.

Share this post

TOP