The Kremlin’s VPN ban has KGB roots

The new internet law signed by Putin will force providers to enforce the state's blacklisting of internet sites. The ban on VPN's helps the secret service to identify internet users and strengthens state control on the internet. The difficult and costly operation is passed on to the providers. It smells like KGB-times, says security expert Andrei Soldatov

by Andrei Soldatov

Putin went after technology last week and it probably won’t end well. The ban on Virtual Private Networks (VPNs), along with the move to de-anonymize messengers, are designed to weaken advanced internet technology that protects against government intrusion online.

The amendments signed by Putin have two aims: Тo make it impossible to access blocked websites using VPNs, which helps users hide their identity online, and to make it possible for the Russian secret services to immediately identify users on instant messengers.

There were three ways the government could have gone about this.

First, it could have invested in new surveillance technology. But that would have meant committing to a desperate game of technological catch-up with the developers of tools designed to circumvent restrictive measures, in order to try to decipher their techniques.

Second, like in China, the government could have attacked users themselves. Last month, Beijing began forcing residents of the autonomous Xinjiang region to install special surveillance applications on their smartphones. Authorities sent out a notice instructing Xinjiang residents to install this Big Brother app, or risk being caught during random checks and face imprisonment for up to 10 days.

The third option was to attack service providers, or companies. This is what the Kremlin has chosen to do.

Providers forced to complicity

The amendments signed by Putin force VPN providers to become complicit in Russia’s blacklist enforcement system, maintained by the internet communications watchdog Roskomnadzor. The law basically obliges providers to check the censor’s blacklist on a daily basis and take immediate action.

Meanwhile, the de-anonymizing measure requires messaging services to log and store users’ phone numbers, so that they can be handed over to the secret services.

Officially, the amendments apply to foreign companies. But in reality, they are not the prime target of the new legislation. Even the Kremlin’s advisers understand how unlikely it is that a market, whose entire business model is built on providing services that shield users from government surveillance, will cooperate.

Instead, it is Russian internet service providers (ISPs) that will come under most immediate pressure from the Kremlin. Having grasped how difficult, and costly, it is to win this technological rat race, the Russian authorities have passed on the problem to these providers.

They are now required to block those VPNs and messengers which don’t cooperate with the new rules. And if they are slow to catch up with, say, the engineers of Tor or Psiphon — the two most popular circumvention tools in countries with repressive regimes — the Kremlin will punish them mercilessly.

These amendments are clearly not good for business. But the concept that the internet offers more threats than benefits has defined the Kremlin’s policies since 2012, if not earlier.

This time, it’s not some ordinary threat it is trying to root out, but a threat to 'national security', which is the Kremlin’s euphemism for 'the stability of the present political regime'.

Back to the KGB

The Russian authorities have added a new enforcer into the system of Russian internet censorship, the Federal Security Service (or FSB), which will be tasked with detecting VPNs which have previously gone unidentified. Because, when the Kremlin talks of a threat to national security, no business is worth the risk.

The approach the Kremlin has taken is time-honored and can be traced back to Soviet times, before the internet came to Russia.

When the Soviet Union was busy preparing to host the Olympic Games in 1980, it was required to provide automatic international phone connections without an operator — something that was unheard of in the Soviet Union.

The KGB resisted fiercely. To appease them, the Soviet Ministry of Communications suggested that callers dial not only the number they wanted to call, but also their own, so that no one would go unidentified. This is exactly the same proposal the Russian government is offering internet users today.

Back then, the KGB got what it wanted. Today, it seems that for the people on Lubyanka Square nothing has changed.

This article was first published by
Moscow Times logo 100mm 2

Andrei Soldatov is an independent journalist and co-author of The Red Web.

Read also: Human Rights Watch report on new restrictions on the internet in Russia.

Wekelijkse update?

Iedere donderdag uitgelichte artikelen in uw mailbox

Eerst doorlezen? U kunt zich ook later aanmelden via de home pagina.

Als u in uw browser de cookies blokkeert, ziet u deze popup steeds weer. Daarvoor excuus.