Skip to main content
stories

Russian lawmakers have adopted the final version of new ‘Internet isolation’ legislation. Here’s how it’s supposed to work.

Meduza
Mikhail Abulkhatin / Russian State Duma / TASS

On Thursday, April 11, the State Duma adopted the second reading of draft legislation designed to “ensure the safe and sustainable functioning” of Internet service in Russia. Lawmakers say the law will defend the country against foreign aggression, serving as insurance, in case Russia’s global Internet access is shut off from abroad. The legislation effectively lays out how Russia’s Internet infrastructure would work in isolation from the outside world. Meduza reviews the project’s key features.

The legislation in a nutshell: According to lawmakers, this is a blueprint for what to do “in case of a rainy day.” If someone attacks the Russian segment of the Internet (if they threaten to restrict or disable Russia’s Internet access), Roskomnadzor will seize centralized control of Russia’s Internet. The federal agency will begin filtering all Internet traffic through special override systems that will be supplied to telecommunications providers free of charge. ISPs will have to obey Roskomnadzor’s direct instructions, observing the new traffic routing rules that effectively lock down Russia’s Internet from within.

It’s unclear what Russia’s authorities are guarding the Internet against

The legislation still doesn’t list potential threats against Russia’s Internet infrastructure. The prime minister’s cabinet will have to iron out these details, after the law is adopted, along with the regulations and bylaws explaining how to detect potential threats and respond.

But training maneuvers are already planned

“For the purposes of hands-on experience,” key players in Russia’s Internet infrastructure are required to participate in training maneuvers:

  • Internet service providers
  • Traffic-exchange-point owners
  • Communication-network owners
  • Owners of the communication lines that cross Russia’s national border
  • Owners of autonomous system numbers (large collections of IP routing prefixes controlled by single administrative domains)

The draft law still doesn’t actually clarify who must participate in these maneuvers, and neither does it lay out the drills’ specific goals or exercises. The federal government will be responsible for finalizing these policies, as well.

The law creates a second Internet censorship system for Russia

The new system will rely on “technical means” to “counter threats.” For now, it’s still unclear how this defense system will actually work, but the technical means devised by lawmakers would have the capacity to block any prohibited Internet resource in Russia, from websites on Roskomnadzor’s blacklist and “fake news” to the instant messenger Telegram and “disloyal” VPN services.

Roskomnadzor will supply this new equipment free of charge to Internet providers, and ISPs will be required to install the hardware on their networks and report back to the authorities where exactly they placed the gear. In certain circumstances, the government will permit service providers to exclude Internet traffic through these devices, but these conditions remain unclear.

These new regulations create a second censorship system that will activate only if Roskomnadzor centralizes control over Russia’s Internet infrastructure (in the event of a national threat). In “peacetime,” Russian ISPs are still obligated to rely on their own Internet filtration systems, which existing laws require them to have.

The legislation’s original draft charged Roskomnadzor with setting the timetable for installing, bringing online, and upgrading the hardware needed to counter foreign Internet threats. The bill’s parliamentary steering committee initially approved this language, but members suddenly revised the text a day before the bill went to the Duma floor for a second vote, transferring this authority to the prime minister’s cabinet. The legislature also deleted the law’s original copies from the State Duma’s online database, and replaced them with the new versions.

Service disruptions are expected, but no one will be responsible for them

The legislation stipulates that the new counter-threat system might cause Internet service disruptions, meaning that individuals could lose normal Internet access. ISPs can report outages associated with the new counter-threat hardware, but the government decides the procedure and timeframe for reviewing these grievances.

At the same time, Internet providers cannot be held responsible for these disruptions, which the legislation makes clear, without assigning liability to anyone else. Senator Lyudmila Bokova — one of the law’s co-authors — proposed an amendment that would have instructed ISPs to send clients’ complaints to Roskomnadzor for a compensation procedure, but lawmakers rejected this proposal.

The law creates a separate entity and special communications system for centralized Internet control

The legislation creates a new center for monitoring and managing a public communications network within Roskomnadzor’s radio-frequency service that will search for threats to Russia’s Internet access, and convey countermeasures and binding instructions to ISPs.

Roskomnadzor will transmit these instructions through special communications devices that all “key players” must install. This equipment has to be located within Russia’s borders, and the government will monitor the industry separately for compliance with this rule.

Roskomnadzor will finally be king of the RuNet

The agency will create a national domain name system — its own DNS — that Internet providers will be required to start using, beginning January 1, 2021. ISPs that refuse will be disconnected from Russia’s traffic exchange points.

Roskomnadzor will also become a cofounder of the nonprofit institution responsible for forming Russia’s national domain zone, which will combine the top level domains .RU, .SU, and .РФ. The nonprofit will be considered the owner of this zone’s databases in the international organizations that distribute network addresses and domain names (the Internet Corporation for Assigned Names and Numbers, or ICANN, and the Internet Assigned Numbers Authority, or IANA).

The law will take effect before the end of this year

According to the legislation’s revised text, these new rules and regulations will start rolling out on November 1, 2019.

Denis Dmitriev

Translation by Kevin Rothrock