In the next two weeks, Russia is planning to attempt something no other country has tried before. It’s going to test whether it can disconnect from the rest of the world electronically while keeping the internet running for its citizens. This means it will have to reroute all its data internally, rather than relying on servers abroad.
The test is key to a proposed “sovereign internet” law currently working its way through Russia’s government. It looks likely to be eventually voted through and signed into law by President Vladimir Putin, though it has stalled in parliament for now.
Pulling an iron curtain down over the internet is a simple idea, but don’t be fooled: it’s a fiendishly difficult technical challenge to get right. It is also going to be very expensive. The project’s initial cost has been set at $38 million by Russia’s financial watchdog, but it’s likely to require far more funding than that. One of the authors of the plan has said it’ll be more like $304 million, Bloomberg reports, but even that figure, industry experts say, won’t be enough to get the system up and running, let alone maintain it.
Not only that, but it has already proved deeply unpopular with the general public. An estimated 15,000 people took to the streets in Moscow earlier this month to protest the law, one of the biggest demonstrations in years.
So how will Russia actually disconnect itself from the global internet? “It is unclear what the ‘disconnect test’ might entail,” says Andrew Sullivan, president and CEO of the Internet Society. All we know is that if it passes, the new law will require the nation’s internet service providers (ISPs) to use only exchange points inside the country that are approved by Russia’s telecoms regulator, Roskomnadzor.
Sign up for The Download
Your daily dose of what’s up in emerging technology
These exchange points are where internet service providers connect with each other. It’s where their cabling meets at physical locations to exchange traffic. These locations are overseen by organizations known as internet exchange providers (IXPs). Russia’s largest IXP is in Moscow, connecting cities in Russia’s east but also Riga in neighboring Latvia.
MSK-IX, as this exchange point is known, is one of the world’s largest. It connects over 500 different ISPs and handles over 140 gigabits of throughput during peak hours on weekdays. There are six other internet exchange points in Russia, spanning most of its 11 time zones. Many ISPs also use exchanges that are physically located in neighboring countries or that are owned by foreign companies. These would now be off limits. Once this stage is completed, it would provide Russia with a literal, physical “on/off switch” to decide whether its internet is shielded from the outside world or kept open.
What’s in a name?
As well as rerouting its ISPs, Russia will also have to unplug from the global domain name system (DNS) so traffic cannot be rerouted through any exchange points that are not inside Russia.
The DNS is basically a phone book for the internet: when you type, for example, “google.com” into your browser, your computer uses the DNS to translate this domain name into an IP address, which identifies the correct server on the internet to send the request. If one server won’t respond to a request, another will step in. Traffic behaves rather like water—it will seek any gap it can to flow through.
“The creators of the DNS wanted to create a system able to work even when bits of it stopped working, regardless of whether the decision to break parts of it was deliberate or accidental,” says Brad Karp, a computer scientist at University College London. This in-built resilience in the underlying structure of the internet will make Russia’s plan even harder to carry out.
The actual mechanics of the DNS are operated by a wide variety of organizations, but a majority of the “root servers,” which are its foundational layer, are run by groups in the US. Russia sees this as a strategic weakness and wants to create its own alternative, setting up an entire new network of its own root servers.
“An alternate DNS can be used to create an alternate reality for the majority of Russian internet users,” says Ameet Naik, an expert on internet monitoring for the software company ThousandEyes. “Whoever controls this directory controls the internet.” Thus, if Russia can create its own DNS, it will have at least a semblance of control over the internet within its borders.
This won’t be easy, says Sullivan. It will involve configuring tens of thousands of systems, and it will be difficult, if not impossible, to identify all the different access points citizens use to get online (their laptops, smartphones, iPads, and so on). Some of them will be using servers abroad, such as Google’s Public DNS, which Russia simply won’t be able to replicate—so the connection will fail when a Russian user tries to access them.
If Russia can successfully set up its own DNS infrastructure across the country and compel its ISPs to use it, then Russian users are likely not to notice, unless they try to access a website that’s censored. For example, a user trying to connect to facebook.com could be redirected to vk.com, which is a Russian social-media service with an uncanny resemblance to Facebook.
This coming test—no official date has been given— will show us whether the necessary preparation has been done. For the West, it’s important not to underestimate the Russian state’s will, or ability, to make sure it happens.
Resilience and control
The purpose, the Kremlin says, is to make Russia’s internet independent and easier to defend against attacks from abroad. To begin with, it could help Russia resist existing sanctions from the US and the EU, and any potential future measures. It also makes sense to make the internet inside your country accessible in the event it gets physically severed from the rest of the world. For example, in 2008 there were three separate instances of major damage to the internet’s physical cabling under the sea (blamed on ships’ anchors), which cut off access for users in the Middle East, India, and Singapore. If the affected countries had been able to reroute traffic, this disruption might have been avoided.
Many observers see the move as part of Russia’s long tradition of trying to control the flow of information between citizens. Russia has already passed legislation requiring search engines to delete some results, and in 2014 it obliged social networks to store Russian users’ data on servers inside the country. It has also banned encrypted messaging apps like Telegram. Just this week, Russia’s government signed into law two new vaguely worded bills that make it a crime to “disrespect the state” or spread “fake news” online. The new plan to reroute Russian traffic is an “escalation,” says Sergey Sanovich, a Russian researcher at Stanford who specializes in online censorship. “I’d say it’s a dangerous escalation,” he adds.
If so, it’s an escalation that has been a long time coming. The conversation between ISPs and the security services has been going on for more than two decades, according to Keir Giles, an expert on Russian security who works for the think tank Chatham House. Security officials in Russia have always seen the internet as more of a threat than an opportunity.
“Russia wants to be able to do this while insulating itself from the consequences, by preemptively cutting itself off from global infrastructure,” Giles says.
If Russia is seeking inspiration, it need just look east. China has been terrifically successful in shaping the online experience for its citizens to its advantage. However, China decided to exert a high degree of control over the development of the internet while it was at a nascent stage. Russia was preoccupied at that time with the collapse of the Soviet Union, so it is quite late to the party. China embedded the homegrown ISP and DNS infrastructure that Russia hopes to construct way back in the early 2000s. Trying to impose this architecture retrospectively is an awful lot harder. “China took control very early on, and decided that all traffic in and out must be controlled and regulated,” says Naik.
In contrast, Russian businesses and citizens are firmly enmeshed in the global internet and use a lot more foreign services, such as Microsoft cloud tools, than Chinese people do. It’s not yet clear what impact the disconnection will have on these, but it’s possible that if the plug is pulled on external traffic routes, Russian citizens may lose access to them. While many cloud services can “mirror” their content in different regions, none of the major cloud services (Microsoft, Google or Amazon Web Services) have data centers based in Russia. Replicating these services within Russia’s borders is not trivial and would require significant investment and time, says Naik. The coming test might be intended to address this issue, according to Sullivan.
Another potential problem is that many Russian ISPs carry traffic on behalf of other companies or ISPs, with reciprocal arrangements that they carry traffic for Russian ISPs too. If it’s done incorrectly, Russia’s plan means a “whole bunch of the traffic going in and out of Russia will just fall into a black hole,” says Naik.
If the experiment goes wrong and large parts of the internet go down in Russia, it could cost the nation’s economy dearly (disconnecting from the internet has been incredibly costly for countries that have experienced it, deliberately or otherwise). That doesn’t mean the Kremlin won’t go ahead with it anyway, Giles believes.
If it happens, don’t expect Russians to hand over their internet rights freely: as in China, it’s likely that determined, tech-savvy citizens will be able to exploit any weaknesses in the system and circumvent it. For example, during protests in Turkey, people shared ways to access the global DNS directly, thus thwarting their government’s block on social-media websites.
One recent event that may have given Russia more impetus to push forward with the plan is the hacking by the US Cyber Command of the Internet Research Agency, the infamous Russian “troll factory” that allegedly used social media to sow division in the US during the 2016 election.
“The threat is real. The number of people who access antigovernment internet content is growing,” says Kirill Gusov, a journalist and political expert in Moscow. The government controls the media and television, but the internet remains beyond its grasp. “I’d not be surprised if the FSB [the successor to the KGB] approached Putin and reported on this attack, which coincided with their desire to suppress internet freedom because they are losing control over society,” he says.
Though it’s still not clear when if ever the law will become a reality, the Russian government isn’t known for being flexible or responsive to public pressure. It’s far more likely to be delayed than dead.