�鶹��ý

Just before Russia’s parliamentary elections began in September 2021, Apple and Google removed that was created and promoted by supporters of jailed opposition leader Alexei A. Navalny. The app was supposed to help voters who opposed Russian president Vladimir Putin consolidate their votes, and it’s likely the Kremlin viewed this as a threat. Russian authorities put pressure on Apple and Google to take the app down by threatening to prosecute . Acquiescence by the tech giants not only made headlines, it also exemplified one of the many steps that the Kremlin has taken to achieve an authoritarian and isolated version of cyber sovereignty.

A broad of cyber sovereignty is “the ability to create and implement rules in cyberspace through state governance.” Today many states claim to have some over the internet. After all, even are able to intervene in cyberspace to protect citizens’ privacy online and combat disinformation and cybercrime. But Russia’s —which mimics China’s—differs from this broad rule-based definition, as it enables digital authoritarianism, a government’s use of digital information technology to repress citizens. For Russia, a sovereign internet is one that the Kremlin can control and surveil as well as isolate from the rest of the world.

What Prompted the Kremlin to Pursue Cyber Sovereignty?

Before 2012, although the Russian government traditional media and many dissidents into silence, the Russian-language part of the internet (dubbed ) was fairly free. In the early 2000s, opposition activists could hold on the Russian blogging and social networking site LiveJournal; journalists could and directly communicate with their audiences through personal blogs; and informal groups could come together, a social networking site for Russian speakers that, at one point, was an unregulated environment for communication. These types of digital activities on RuNet the narratives of traditional Russian media.

During the Russian parliamentary and presidential elections that took place 2011-2012, activists took to social media to , while outlets exposed the scale of fraud in the elections and covered the protests. Activists by sharing internet videos that satirized and belittled the Kremlin and by venting their frustrations about Putin’s decision to run for president after serving as prime minister. When Putin unveiled his campaign website, a swarm of online comments called for . In response to the mass protests and dissenting voices on RuNet, the Kremlin created legal provisions and developed new technologies to crack down on the cyber public square.

Steps Russia has Taken Toward an Authoritarian and Isolated RuNet

Since 2012, the Kremlin has made a number of legal moves that, according to transatlantic relations expert Alina Polyakova and Brookings fellow Chris Meserole, criticism of the government, legalize unfettered surveillance of citizens’ online activities, and increase state control of RuNet.” Russian authorities framed the 2012 internet blacklist law as a way to protect children from harmful internet content by allowing the government to blacklist and force websites offline . , Russia’s media regulator, was put in charge of overseeing online and media content as well as maintaining of blocked sites. Because Roskomnadzor ��any site without accountability, it has placed major independent news sites and websites run by , among others, on the list.

, the Russian government further tightened its grip on RuNet by instituting a strict data localization law. This law mandates that Russian citizens’ data be stored on servers . Though the Kremlin has in enforcing the law, tech companies have faced consequences because of it. For example, Russian regulators from operating in the country because the company refused to locate a data center in Russia.

The Yarovaya law—named after the Duma member who proposed them, —is a set of so-called “anti-terrorist” amendments made in 2016, which include provisions that, according to Human Rights Watch, the right to privacy and are detrimental to freedom of expression on the internet.” For example, the amendments certain information and communications technology (ICT) companies retain copies of all communications content (text messages, voice, data, and images) for six months as well as communications metadata for three years. Companies impacted by the amendments must hand over such information to authorities upon request and without a court order. The Kremlin has also created legislation specifically like virtual private networks (VPNs), which allow users to access content that is banned in their countries.

(Система оперативно-разыскных мероприятий��or, in English, “System for Operative Investigative Activities”)is the Russian government’s surveillance system first developed by the KGB to monitor phone calls. Over the years, the Russian government has made updates to this system so it could encompass all Russian telecommunications and serve as the FSB’s backdoor to the internet. Since Putin’s rise to power, seven law enforcement and security government agencies have also received : the Interior Ministry, Federal Protective Service, Foreign Intelligence Service, Customs, Federal Drug Agency, Federal Prisons Service, and GRU.

In 2019, legislation came into effect to establish the According to the law, internet providers must install Deep Packet Inspection (DPI) equipment to auto-block banned websites, monitor cross-border communication, and allow Roskomnadzor to take the reins —a vaguely defined phrase. In other words, the Kremlin could isolate RuNet from the global web at its own discretion. According to the Kremlin, the country successfully tested an unplugged RuNet , and again . Authorities framed both as important tests of the country’s cyber security.

The Kremlin is further bolstering an isolated RuNet by building alternatives to foreign tech services and onto the Russian public. Russia’s government has proposed policies the domestic versions, including taxes on foreign digital services, tax cuts for domestic IT firms, and a requirement that digital devices bought in Russia offer Russian software to users when they turn them on. If Russian citizens become dependent on domestic services, then the Kremlin will more easily ban global platforms.

A Model That’s Tempting Other Countries

Russia’s digital authoritarianism not only stifles Russian privacy, freedom of expression, and civil society, the model has also become attractive to other countries. If a state wants to tighten its reins on citizens’ internet behavior and online content consumption, it can use aspects of Russia’s RuNet model to do so. , countries in Russia’s geopolitical sphere of influence have been importing its SORM tech and replicating its legal framework for surveilling domestic citizens.

Aspects of Russia’s version of cyber sovereignty are expanding to Brazil, India, and Turkey, where policymakers have been that can enable further crackdowns on free expression, privacy, and other human rights. These developments have set off alarm bells for human rights NGOs; one Freedom House report even states that the listed countries “may prove to be the of internet governance.” ��

How the US and Big Tech Should Respond

The original of the internet—idealizing personal freedom and individual rights—has evolved as states have adapted to it in ways that reflect governments’ (though not necessarily citizens’) interests. So how should the US and Big Tech respond to the Kremlin’s tightening grip on RuNet while prioritizing global connectivity?

While the US may not be able to fully preserve internet freedom for Russia’s citizens—as well as the citizens of other countries who choose digital authoritarianism—the US government should continue to coordinate with like-minded democracies to prevent digital authoritarianism from becoming the global cyber norm. The Biden administration, in fact, is already prioritizing such coordination, as the US government has been working on establishing the , which is meant to bring together democratic countries to develop a set of principles for a secure and open internet.

The US should also work with such democracies to develop of internet governance that is more appealing to states than digital authoritarian models are. Just as Russia has been offering SORM technology, the US’s and Europe’s tech sectors and policymakers should offer of digital surveillance tech that can improve security while protecting individual privacy and human rights.

Also, Big Tech must tread carefully when responding to the demands of the Kremlin. When Apple and Google removed the Navalny app in September, Navalny’s supporters and internet freedom advocates response to Russian government pressure. While it’s true that Big Tech companies influence global internet freedom, and their responses to authoritarian governments’ pressure impact the development of global cyber norms, they cannot always push back with blanket refusals—especially as RuNet heads closer to being fully functional without foreign platforms.

��like YouTube have served as platforms through which Russian online activism could function and flourish, and opposition leaders like Navalny gained an amplified voice because of such companies. In the face of future demands by the Russian government, western giants like YouTube, Google [Alphabet], Twitter, Facebook [Meta], and Apple should weigh whether their presence in Russia, even with Kremlin-set limitations, can help bolster the internet freedom of Russian citizens before deciding whether or not to comply. It may be better to comply and have some sort of presence in Russia rather than to push back and be banned all together (as in the case of LinkedIn).

All in all, the US should respond to Russia’s cyber sovereignty efforts by continuing its work to establish an internet alliance of like-minded democracies and working to create a democratic model of internet governance that’s appealing to other states. Meanwhile, Big Tech companies should not refuse all Kremlin requests and instead should calculate what response would best serve Russian citizens. Understanding the Kremlin’s cyber isolationist efforts is integral, especially since such sovereignty may embolden the country to more aggressively conduct cyberattacks on its neighbors and adversaries. After all, with a RuNet that’s fully capable of cutting itself off from the rest of the global internet, big tech’s leverage on Russia is sure to diminish.

��

About the Author:��

Emily Tavenner is a current graduate student in the School of International Service’s Intercultural and International Communication program. Her research interests include security, technology, and public diplomacy.

��

*THE VIEWS EXPRESSED HERE ARE STRICTLY THOSE OF THE AUTHOR AND DO NOT NECESSARILY REPRESENT THOSE OF THE CENTER OR ANY OTHER PERSON OR ENTITY AT AMERICAN UNIVERSITY.

��

��