In 1648, the Treaty of Westphalia was signed, ending 30 years of war across Europe and bringing about the sovereignty of states. The rights of states to control and defend their own territory became the core foundation of our global political order, and it has remained unchallenged since.
In 2010, a delegation of countries – including Syria and Russia – came to an obscure agency of the United Nations with a strange request: to inscribe those same sovereign borders onto the digital world. “They wanted to allow countries to assign internet addresses on a country by country basis, the way country codes were originally assigned for phone numbers,” says Hascall Sharp, an independent internet policy consultant who at the time was director of technology policy at technology giant Cisco.
After a year of negotiating, the request came to nothing: creating such boundaries would have allowed nations to exert tight controls over their own citizens, contravening the open spirit of the internet as a borderless space free from the dictates of any individual government.
Nearly a decade on, that borderless spirit seems like a quaint memory. The nations who left the UN empty-handed had not been disabused of the notion that you could put a wall around your corner of cyberspace. They’ve simply spent the past decade pursuing better ways to make it happen.
Indeed, Russia is already exploring a novel approach to creating a digital border wall, and last month it passed two bills that mandate technological and legal steps to isolate the Russian internet. It is one of a growing number of countries that has had enough of the Western-built, Western-controlled internet backbone. And while Russia’s efforts are hardly the first attempt to secure exactly what information can and can’t enter a country, its approach is a fundamental departure from past efforts.
“This is different,” says Robert Morgus, a senior cybersecurity analyst at the New America Foundation. “Russia’s ambitions are to go further than anyone with the possible exceptions of North Korea and Iran in fracturing the global internet.”
Russia’s approach is a glimpse into the future of internet sovereignty. Today, the countries pursuing digital “Westphalianism” are no longer just the usual authoritarian suspects, and they are doing so at deeper levels than ever before. Their project is aided as much by advances in technology as by growing global misgivings about whether the open internet was ever such a good idea to start with. The new methods raise the possibility not only of countries pulling up their own drawbridges, but of alliances between like-minded countries building on these architectures to establish a parallel internet.
What’s wrong with the open internet?
It’s well known that some countries are unhappy with the Western coalition that has traditionally held sway over internet governance. It’s not just the philosophies espoused by the West that troubles them, but the way those philosophies were baked into the very architecture of the internet, which is rather famously engineered to ensure no one can prevent anyone from sending anything to anyone.
That’s thanks to the baseline protocol the 2010 delegation were trying to work around: TCP/IP (transmission control protocol/internet protocol) allows information to flow with absolutely no regard for geography or content. It doesn’t care what information is being sent, what country it’s coming from, or the laws in the country receiving it; all it cares about is the internet address at either end of the transaction. Which is why, instead of sending data across predetermined paths, which might be diverted or cut off, TCP/IP will get packets of information from point A to point B by any means necessary.
It’s easy to dismiss objections to this setup as the dying cries of authoritarian regimes in the face of a global democratising force – but the problems that arise don’t just affect authoritarian regimes. Any government might be worried about malicious information like malware reaching military installations and critical water and power grids, or fake news influencing the electorate.
“Russia and China were just earlier than others in understanding the potential impact that a massively open information ecosystem would have on humans and human decision-making, especially at the political level,” says Morgus. Their view was that a country’s citizens are just as much a part of the critical infrastructure as power plants, and they need to be “protected” from malicious information targeting them – in this case fake news rather than viruses. But this is not about protecting citizens as much as controlling them, says Lincoln Pigman, a Russia scholar at the University of Oxford and a research fellow at the Foreign Policy Centre think tank in London.
A sovereign internet is not a separate internet
Russia and China started talking publicly about the “sovereign internet” around 2011 or 2012, as Russia’s two-year “winter of protest” was beginning to take hold, and as internet-borne revolutions rocked other authoritarian regimes. Convinced that these revolts had been stirred up by Western states, Russia sought to stop disruptive influences from reaching their citizens – essentially creating checks at its digital borders.
But internet sovereignty is not as simple as cutting yourself off from the global internet. That may seem counterintuitive, but to illustrate how self-defeating such a move would be, one need look no further than North Korea. A single cable connects the country to the rest of the global internet. You can disconnect it with the flip of a switch. But few countries would consider implementing a similar infrastructure. From a hardware perspective alone, it’s close to impossible.
“In countries with rich and diverse connectivity to the rest of the internet, it would be virtually impossible to identify all the ingress and egress points,” says Paul Barford, a computer scientist at the University of Wisconsin at Madison, who maps the network of physical pipes and cables through which the global internet runs. Even if Russia could somehow find all the hardware by which information travels into and out of the country, it wouldn’t serve them very well to close these faucets, unless they are also happy to be separated from the world economy. The internet is now a vital part of global commerce, and Russia can’t disconnect itself from this system without mangling its economy.
The trick, it would seem, is to keep some types of information flowing freely while impeding others. But how can this sort of internet sovereignty possibly work, given TCP/IP’s notorious agnosticism?
The leader in separating problematic from authorised internet content has traditionally been China. Its Golden Shield, otherwise known as the Great Firewall of China, famously employs filters to selectively block certain internet addresses, certain words, certain IP addresses and so on. This solution is by no means perfect: it’s software-based, meaning that programmers can design further software to circumvent it. Virtual Private Networks and censorship avoidance software like Tor get around it.
More to the point, the Chinese system won’t work for Russia. For one thing, “it relies heavily on the big Chinese platforms taking the content down”, says Adam Segal, a cybersecurity expert with US think tank, the Council on Foreign Relations, whereas Russia is “more reliant on US social media companies”.
Much of China’s advantage also comes down to the physical pipes its internet is built on. China, suspicious of the new Western technology from the get-go, only permitted very few entry and exit points to be built from the global internet into its borders, whereas Russia was initially quite welcoming of the internet boom and is now consequently riddled with interconnects. China simply has fewer digital borders to keep an eye on.
So, Russia can’t afford to turn itself into a corporate internet. And it can’t replicate China’s approach. Russia is therefore working on a hybrid method that neither relies entirely on hardware nor on software – instead messing with the set of processes and protocols that determine whether internet traffic can move from its origin to its intended destination. Internet protocols specify how all information must be addressed by your computer, in order to be transmitted and routed across the global wires; it’s a bit like how a Windows machine knows it can’t boot up an Apple operating system. This is not one specific thing. “In effect a protocol is a combination of different things – like data, an algorithm, IP address – across different layers,” says Dominique Lazanski, who works on international internet governance and consults on standards development.
One of the most fundamental of these is the DNS standard – the address book that tells the internet how to translate an IP address, for example 38.160.150.31, into a human-legible internet address like bbc.co.uk, and points the way to the server that houses that IP location.
It’s DNS that Russia has been setting its sights on. At the beginning of April, the country was supposed to test a new method of isolating the entire country’s internet traffic so that citizen internet traffic would only stay within the country’s geographical boundaries instead of bouncing around the world. The plan – which was met with skepticism from much of the engineering community, if not dismissed outright – was to create a Russia-only copy of the DNS servers (the internet’s address book, currently headquartered in California) so that citizens’ traffic would be exclusively directed to Russian sites, or Russian versions of external sites. It would send Russian internet users to Yandex if they typed in Google, or the social network VK instead of Facebook.
To lay the groundwork for this, Russia spent years enacting laws that force international companies to store all Russian citizens’ data inside the country – leading some companies such as LinkedIn to be blocked when they refused to comply.
“If Russia succeeds in its ultimate plans for a national DNS, there wouldn’t be any need for filtering out international information. Russian internet traffic would just never need to leave the country,” says Morgus. “That means that the only stuff that Russians – or anyone – would be able to access from inside Russia is information that’s hosted inside Russia, on servers physically in the country. That would also mean no one can access external information, whether that is their external cash or whether it’s Amazon to buy that scarf.”
Most experts acknowledge that Russia’s primary goal in doing this is to increase its control over its own citizens. But the action may have global consequences too.
The approaches taken by Russia and China are too expensive for smaller countries to emulate, but that doesn’t mean they won’t be influential. “The spread particularly of repressive policies or illiberal internet architecture is like a game of copycat,” says Morgus. His observation is borne out by research done by Jaclyn Kerr at Lawrence Livermore National Laboratory. Authoritarian adoption of digital solutions that shape the extent and type of Internet control they exert, she finds, is likely driven by three variables.
The first is just what’s available out there. The second is whether the regime can afford to implement any of the available options. The third variable – “the policies selected by the states in the regime’s reference group” – is a kind of keeping up with the Joneses that explains why it has been described as a game of copycat: what policies have its buddies endorsed or chosen? This often hinges on the attitude of the regime; are its friends open or illiberal when it comes to internet control?
Regarding the first variable, Russia’s neighbours, like the Central Asian Republics, could certainly leverage Russia’s architecture – like the Russian DNS – to connect only to the RUnet version of the internet. This would essentially expand the proposed borders of the RUnet to their periphery, says Morgus.
The digital deciders
As regards the third variable, the list of countries that find themselves attracted to more authoritarian internet governance seems to be growing. Not all countries fall neatly into one or the other of the “open internet” and “authoritarian repressive” peer groups when it comes to how they treat their countries’ internet. Israel for example, lies neatly between the two extremes, as Morgus and his colleagues Jocelyn Woolbright and Justin Sherman pointed out in a paper published last year. They found that over the past four years, “digital decider” states – Israel, Singapore, Brazil, Ukraine, and India among others – have drifted increasingly toward a more sovereign and closed approach to information.
The reasons for their drift are varied, but several of these countries are in similar situations: Ukraine, Israel, and South Korea, which exist in a perpetual state of conflict, have found their adversaries weaponising the internet against them. Some experts find that the strategic use of the internet – in particular social media – has become like war. Even South Korea – despite its reputation as open and global – has developed a groundbreaking technique to crack down on illegal information online.
But can the deciders really copy China or Russia’s model? China’s technological means to sovereignty is too idiosyncratic for smaller countries to follow; Russia’s is not yet fully tested. Both cost a minimum of hundreds of millions to set up.
Two of the largest “digital decider” countries, Brazil and India, have long sought a way to deal with the global internet that relies neither on the “open values” of the West nor on closed national intranets. “Their internet and political values sit very much in the middle of the spectrum,” says Morgus. For the better part of the last decade, both have tried to come up with a viable alternative to the two opposing versions of the internet we see today.
That innovation was hinted at in 2017, when the Russian propaganda site RT reported that Brazil and India would team up with Russia, China and South Africa, to develop an alternative they referred to as the BRICS Internet. Russia claimed it was creating the infrastructure to “shield them from external influence”.
The plan fell through. “Both Russia and China were interested in pursuing BRICS, but the rest were less enthusiastic,” says Lazanski. “Brazil’s change in leadership in particular derailed it.”
Belt Road Initiative
Some see the groundwork being laid for a second try in the guise of China’s Belt and Road Initiative, China’s “21st Century silk road” project to connect Asia to Europe and Africa by building a vast network of overland corridors, shipping lanes and telecommunications infrastructure in countries like Tajikistan, Djibouti and Zimbabwe. According to estimates from the International Institute for Strategic Studies in London, China is now engaged in some 80 telecommunications projects around the world – from laying cables to building core networks in other countries, contributing to a significant and growing Chinese-owned global network.
“There could be a very significant infrastructure element to these plans,”says Sim Tack, an analyst formerly with Jane’s who now works with the intelligence group Stratfor. One possibility is a scenario where enough of these countries join Russia and China to develop a similar infrastructure to a point where they could sustain each other economically without doing business with the rest of the world, meaning they could shut themselves off the Western internet. Smaller countries might prefer an internet built around a non-Western standard, and an economic infrastructure built around China might be the “third way” that allows countries to participate in a semi-global economy while being able to control certain aspects of their populations’ internet experience. Tack, however, argues that such a “self-sustainable walled off internet economy, while possible, is also extremely unlikely.”
Maria Farrell of the internet freedom campaign organisation Open Rights Group doesn’t think it’s too far-fetched, though the separate internet may take a slightly different form. The Belt and Road Initiative, she says, offers a plug-and-play internet that gives “decider” countries, for the first time, an option for getting online that does not depend on the Western internet infrastructure.
“What China has done is put together a whole suite of not just technology, but information systems, censorship training, and model laws for surveillance,” she says. “It’s the full kit, and the laws, and the training, to execute a Chinese version of the internet.” It’s cheap. And it’s being sold as a credible alternative to a Western internet that increasingly feels “open” in name only.
“Nations like Zimbabwe and Djibouti, and Uganda, they don’t want to join an internet that’s just a gateway for Google and Facebook” to colonise their digital spaces, she says. Neither do these countries want to welcome this “openness” offered by the Western internet only to see their governments undermined by espionage. Along with every other expert interviewed for this article, Farrell reiterated how unwise it would be underestimate the ongoing reverberations of the Snowden revelations – especially the extent to which they undermined the decider countries’ trust in the open web.
“The poorer countries especially, that scared the bejesus out of them,” she says. “It showed what we had all suspected was actually true.”
Just as Russia is working to reinvent DNS, the Belt and Road Initiative’s plug-and-play authoritarian internet gives countries that sign up access to China’s [bespoke] internet protocols. “TCP/IP is not a static standard,” points out David Conrad, chief technology officer of the International Corporation of Assigned Names and Numbers, which issues and oversees major domain names, and runs DNS. “It is always evolving. Nothing on the internet is unchanging.”
But their evolution is careful and slow and based on global consensus on a single internet. If that were to change, TCP/IP might well bifurcate, says Morgus. For well over a decade, China and Russia have been pushing the internet community to nudge the protocol toward greater identifiability, adds Farrell, a development that won’t surprise anyone familiar with its mass adoption of face recognition for tracking its citizens in the physical world.
Western contagion
But maybe the authoritarian countries have less of a job to do than they thought. “More and more Western countries are being forced to think about what that means, sovereignty on the internet,” says Tack. In the wake of recent election meddling, and the well-documented practice by Russian governments to sow discord on Western social media, Western policymakers woke up to the idea that an open and free internet could actually harm democracy itself, Morgus says. “The parallel rise of populism in the United States and elsewhere, coupled with concerns about the collapse of liberal international order, saw many of the traditional open internet sword-bearers retreat into their shells.”
“It’s not about bad countries and good countries – it’s about any country that wants to suppress communications,” says Milton Mueller, who runs the Internet Governance Project at Georgia Tech University in Atlanta. “The worst thing I’ve seen lately is the British online harms bill.” This white paper proposes the creation of an independent regulator, tasked with establishing good practices for internet platforms to follow and punishments to mete out if they don’t. These “good practices” limit the kind of information that would be familiar to anyone keeping up with recent Russian internet laws: revenge porn, hate crimes, harassment and trolling, content uploaded by prisoners, and disinformation.
Indeed, the very multinationals that decider countries fear today might be eager to be enlisted to help them meet their goals of information sovereignty. Facebook has recently capitulated to growing pressure by calling for government regulation to determine, among other things, what constitutes harmful content: “hate speech, terrorist propaganda and more”. Google is rather famously working to have its cake and eat it too, by providing an open internet in the West (which it may open to Western governments every now and again) and a censored search engine in the East. “I suspect there will always be a tension between desires to limit communication but not limit the benefits that communication can bring,” says Conrad.
A separate internet for some, Facebook-mediated sovereignty for others: whether the information borders are drawn up by individual countries, coalitions, or global internet platforms, one thing is clear – the open internet that its early creators dreamed of is already gone.
“The internet hasn’t been one globally connected thing in a long time,” says Lazanski.
Views: 300