Russia uses US data policy shortfalls to justify campaign against internet freedom

On August 10, the Kremlin announced that Russian President Vladimir Putin had met with the head of Roskomnadzor, the country’s media and telecom regulator, to discuss internet control issues, such as data governance, “illegal” content identification, and building communications networks. A transcript of the meeting shows, unsurprisingly, that the Putin regime continues using its rubber-stamped laws to justify internet censorship and control. But it also demonstrated the Kremlin’s growing desire to undermine the Western-led open democratic internet model.

The head of Roskomnadzor, Andrei Lipov, told Putin that the existence of nearly 5 million personal data processors in Russia requires tighter state regulation of the collection of citizens’ personal data. He also claimed his agency received some 43,000 complaints from Russians about these data issues in the past year.

Some of these state concerns would seem legitimate to many in the West, such as the public listing of volumes of citizens’ information. For example, last December Russian authorities found the data of a million Russians listed on a French-registered website and subsequently put the website on the government’s block list. But much of this talk about data risk simply masks the Kremlin’s desire for more internet control, driven by its perception of the open internet as a tool of Western, particularly US, subversion. This is what has compelled the Russian government to require the data of Russian citizens to be stored within Russia’s geographic borders (even though some US companies appear to continue ignoring the requirements and simply paying the small, court-ordered fines). It is what Lipov, the head of Russia’s internet regulator, speaks of when he says he wants to address this situation through stronger government powers to track data moving from one data processor to the next—the kind of official “someone should look into that” statement that’s often followed by someone doing just that.

But what the conversation between Putin and Lipov really underscored is the Kremlin’s growing opportunistic use of problems in the democratic technology sphere—of which there are clearly many—as justification to write off the democratic internet model, writ large, as hopeless. This is nothing new for the Kremlin under Vladimir Putin. Following the Snowden leaks in 2013, when a US National Security Agency contractor leaked classified documents about the United States’ global digital espionage operations, Russian officials were quick to jump on the situation as evidence that a global and open internet cannot be trusted due to potential US espionage.

In his conversation with Putin, Lipov highlighted the EU supreme court’s recent Schrems II ruling that the United States does not adequately safeguard the privacy of European Union citizens’ data. He specifically asserted that it meant US companies might have to move servers to Europe, an allusion to the Kremlin’s aforementioned wishes that foreign companies store its citizens data on servers located within Russia. But if that wasn’t enough, he then explicitly drew this parallel, saying that all governments have the right to make such determinations about data and that Russia’s internet regulator should do so as well.

But the Kremlin is not just concerned with data flows. Lipov claimed that more than 1.5 million pieces of material had been removed by Russian authorities from the internet within Russia since 2012. He also claimed that in 2019 alone, 531,000 pieces of material were removed, spanning anything from suicide-promotional content to child pornography to information on drugs. He claimed that 208,000 of those 531,000 pieces of material removed in 2019 were related to extremist and terrorist organizations, certainly including what many in liberal democracies would consider actual terrorism, but also likely encompassing many kinds of political speech the government doesn’t like, whether calling out corruption or advocating for LGBTQ rights.

The Kremlin uses two main justifications in this narrative on more internet control. Moscow often references US-familiar terms like “terrorist content” or “online extremism”—sources of great concern in democratic internet policy—to make Russia’s harsh internet policies seem equivalent to anti-terrorism laws in democracies, when in reality they are anything but. This deliberate conflation leverages concerns about democracies’ hands-off-the-web approach to internet content to try to justify blatantly oppressive policies towards internet speech. Second, in the Kremlin’s view, online content regulation is not separate from the issue of data flows, and it’s not separate from the criticisms opportunistically leveled at the United States in light of the EU’s Schrems II ruling. The Russian government’s conceptualization of “information security” is not just about technical cybersecurity as narrowly conceived in the West but also encompasses the regulation of content itself. Thus, pointing out problems with data management in the United States is in some ways linked to the Kremlin’s pointing out of problems of content moderation as well.

It should come as no surprise that the Kremlin continues to censor internet freedoms, but the rationale it has deployed is a form of signaling, part of its broader strategy to defend Russia’s “cyber sovereignty” and advocate for an alternative model to the relatively free, global, and open internet model that democracies have long promoted. By championing nationalistic internet policies, Russia and other authoritarian governments threaten to technically and regulatorily fracture the global internet which, relatively speaking, has yielded great benefits for education, for social movements in open societies, for international trade across the world. Russia has recently gotten more countries to agree on these notions of “information security” and data control at the United Nations, and it continues to promote this cyberspace vision through other diplomatic venues. A fractured global internet would shut technology companies out of foreign markets, much like data localization in Russia or source code inspections in China, and further limit the potential for continued open, interoperable digital communication across the globe.

The Putin-Lipov meeting shows that Russia is not backing down from its attacks on the open internet. While hope remains that the United States and democratic counterparts around the world will recognize the need for new policies to fix the many issues in the digital sphere, Russia and others will continue to be waiting in the wings, pushing for an alternative system that is anything but free.

Justin Sherman (@jshermcyber) is a fellow at the Atlantic Council’s Cyber Statecraft Initiative.

Further reading:

Image: The logo of Russia's state communications regulator, Roskomnadzor, is reflected in a laptop screen in this picture illustration taken February 12, 2019. REUTERS/Maxim Shemetov