How Putin Tried to Control the Internet
WRITTEN BY
ANDREI SOLDATOV AND IRINA BOROGAN
From
motherboard.vice.com
13 October 2015 // 03:00 PM CET
Russia is currently
busy rewriting the country’s doctrine of information security,
to be adopted in 2016. The internet is defined in the text as a major challenge
to the political stability of the regime.
"Special services” and Western
countries’ "controlled NGOs" actively use information and
communication technologies (the Russian euphemism for the internet) "as a
tool to undermine the sovereignty and territorial integrity" and "to
destabilize political and social situation” of other countries, reads the text
of the draft, published by Kommersant this week.
The fear of what goes on the
internet and what comes off it seems to be growing in the Kremlin, but it
reflects an old concern, as the horizontal and global nature of the Internet
has been a challenge for decades to the suspicious Russian secret services, the
direct successors to the KGB.
In the 1990s, when the internet in
Russia was mostly a telecommunication technology, it meant that the
information, including sensitive stuff, was circulated on the network built by
Americans using technologies designed by Americans. Russian generals openly
said that the Internet was a direct threat to national security.
In the 2000s, with the blossoming of
websites and then social networks, the new direction came up, now the Internet
was primarily made of content generated and stored under control of Americans.
For Putin's government, that meant that the large and mighty fortress Russia had
a huge breach, and this breach had to be dealt with as soon as possible.
In this exclusive excerpt from the
recently published The Red Web, Andrei Soldatov and Irina Borogan describe how
the Kremlin has been trying to rewrite the rules for the internet to make it
“secure” as it is understood by Russia’s secret services.
Vladimir Putin was certain that all things in the
world—including the internet—existed with a hierarchical, vertical structure.
He was also certain that the internet must have someone controlling it at the
top. He viewed the United States with suspicion, thinking the Americans ruled
the web and that it was a CIA project.
Putin wanted to end that supremacy.
Just as he attempted to change the rules inside Russia, so
too did he attempt to change them for the world. The goal was to make other
countries, especially the United States, accept Russia’s right to control the
internet within its borders, to censor or suppress it completely if the
information circulated online in any way threatened Putin’s hold on power.
Andrey Krutskikh devoted his entire career in the Russian
Foreign Ministry to arms control. He joined the diplomatic service in 1973,
right after university, and served in the ministry for the final eighteen years
of the Soviet Union’s existence. He admired the diplomatic style of the stolid
and uncompromising foreign minister, Andrei Gromyko, known informally in the
West as Mr. Nyet. Krutskikh often called Gromyko “great.”
From the very beginning of his service Krutskikh’s work
centered on disarmament, nuclear weapons, and the so-called main adversaries,
the United States and Canada. When he was 24 years old, in 1975, he was sent to
Salt Lake City as a member of the Soviet delegation to negotiate strategic
nuclear arms control. Krutskikh’s experience at the negotiations in Salt Lake
City left a strong impression on him. It was a time when Soviet diplomats had
stature; they decided the fate of the world and spoke on equal terms with the
Americans. After the Soviet collapse and into the late 1990s Krutskikh
continued to focus on arms-control issues and rose through the ranks of the
ministry.
Putin
was certain that the internet must have someone controlling it at the top.
He was not a smooth or slick diplomat; he had a rather
agitated manner—expressive, his hands always in motion. Krutskikh soon wondered
whether arms control could be useful in the emerging realm of cyber conflict.
Among a particular group of Russian generals who represented
FAPSI, the powerful electronic intelligence agency that had grown out of the
KGB, a similar mindset was developing.
The agency’s headquarters was located in a stark, modern
terraced building with giant antenna globes on the roof not far from the KGB
headquarters. Like the US NSA, FAPSI was responsible for information security,
signals, and electronic intelligence. For many years their generals watched the
growth of the internet with suspicion, thinking it was a threat to Russia’s
national security, because in the early days the Russian internet was built
with Western technology, and they were obsessed with the fear that it would be
thoroughly penetrated by the Americans.
The leader of this group of suspicious generals was
Vladislav Sherstyuk, a colonel-general in the intelligence wing of the agency
and a KGB officer since 1966. By the 1990s he became head of the very
mysterious and powerful Third Department of FAPSI, in charge of spying on
foreign telecommunications. All Russian centers of electronic espionage abroad
were subordinated to this department, including the radio interception center
at Lourdes in Cuba, which was in charge of monitoring and intercepting radio
communications from the United States. Sherstyuk was a spymaster, determined to
exploit communications to steal US secrets and protect Russia against espionage
of the same kind. This naturally made him wary of the internet, where so much
was beyond his control.
When the war in Chechnya began, Sherstyuk was put in charge
of FAPSI’s group there, and he organized the interception of Chechens’
communications. In December 1998 he was appointed director of FAPSI, a mighty
intelligence service in its own right that competed head-to-head with the FSB.
Among other things, they had a very special role in controlling the
government’s most sensitive communications networks.
Krutskikh and the FAPSI generals spoke the same language of
suspicion—a language of threats posed by the internet. In early 1999 Krutskikh
was helping to draft a resolution for the UN General Assembly that reflected
these views and warned that information—the internet—could be misused for
“criminal or terrorist purposes” and could undermine “the security of States.”
In other words, information technologies had to be controlled because they
could be dangerous. The resolution was adopted without a vote.
Krutskikh and the generals viewed the internet as a
battleground for information warfare. (This term should not be mixed with
cyberwarfare, which is mostly about protecting a nation’s critical digital
networks from hackers.) For Krutskikh and the generals, information warfare
encompasses something political and menacing, including “disinformation and
tendentious information” that is spread to incite psychological warfare, used for
altering how people make decisions and how societies see the world. In contrast
to those who celebrate free media and the internet as a glorious information
superhighway that opens limitless possibilities for discovery, Krutskikh and
the generals worried that it could become the front lines of conflict between
nations and hostile groups.
In December 1999 Sherstyuk moved out of FAPSI to the Russian
Security Council, an advisory group to the president on security. Once there,
he supervised a department for information security, which included the
internet, and brought his ideas with him. The Security Council normally is made
up of top officials, including the president, and meets periodically, but it
also has an influential staff, which Sherstyuk joined. In 2000 his team
composed the “Doctrine of
the Information Security of the Russian Federation,” which included
an unusually broad list of threats, ranging from “compromising of keys and
cryptographic protection of information” to “devaluation of spiritual values,”
“reduction of spiritual, moral and creative potential of the Russian
population,” as well as “manipulation of information (disinformation,
concealment or misrepresentation).”
Quite ominously, it identified one source of the threats as
“the desire of some countries to dominate and infringe the interests of Russia
in the global information space.”
A view of the Kremlin at night. (Image: Axel Axel/Flickr)
Putin approved the doctrine on December 9, 2000. In 2003
FAPSI was disbanded, but not the ideas of the suspicious generals. Sherstyuk
remained at the Security Council, and some of his views were reinforced when a
like-minded top official from the FSB, Nikolai Klimashin, was moved to the Security
Council. Sherstyuk founded and headed the Information Security Institute at
Moscow State University, which he built into a major think tank to define
Russian foreign policy on information security.
Meanwhile, Krutskikh rose to become deputy chief of the
Department for Security and Disarmament Issues at the ministry.
For years at international meetings Krutskikh had been
driving home that Russia wanted to govern its own space on the internet.
Whereas others, including the United States, saw the internet as a wide-open
expanse of freedom for the whole world, Krutskikh insisted that Russia should
be able to control what was said online within its borders. He expressed fear
that, without such control, hostile forces might use the internet to harm
Russia and its people.
“If
through the internet we would be forced to forget our mighty great Russian
language, and speak only using curse words, we should not agree with that.”
“If through the internet we would be forced to forget our
mighty great Russian language, and speak only using curse words, we should not
agree with that,” he told us, echoing Putin’s deep suspicions about the
internet and who was behind it. Krutskikh repeatedly proposed some kind of
international agreement or treaty that would give Russia the control it sought
over the internet. Influenced by his own career in arms-control negotiations,
he was convinced that such an agreement must be between Russia and the United
States. He wasn’t anti-American, but he grew emotionally attached to the idea that
the two former Cold War superpowers could somehow make a pact that would give
Russia control over its digital space.
The United States, however, never warmed to the idea—the US
government never attempted to control content on the internet, and many of the
first internet pioneers in America were very open about the internet as a
symbol of how information should roam free—but what Krutskikh wanted most was
to be taken seriously and to have his views treated with respect, as they were
during the Cold War.
But he didn’t get much respect. At a bilateral meeting in
March 2009 in Vienna, Krutskikh delivered a long monologue arguing that Russia
and the United States—and perhaps other nations—should collaborate to regulate
the internet as nations and governments.
He expressed fear that the internet was building beyond
their control, that there could be an arms race in cyberspace, and it was time
for governments to take charge.
Russian generals felt they were losing the global cyber arms
race and wanted to put some limits on the United States’ offensive
capabilities. But Krutskikh’s speech fell on deaf ears.
An American diplomat cabled back an account of
the meeting, saying, “There was little change, if any, between U.S. and Russian
long-held views” on the subject. Krutskikh desperately wanted some sort of
joint statement with the United States, but the US administration was reluctant
to sign anything.
But he didn’t give up. In 2010 Kaspersky Lab investigated Stuxnet,
the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges.
Krutskikh seized on the incident—with its destructive malware, designed in part
by the United States—as a justification for a ban on cyber weapons. In 2011,
Eugene Kaspersky, who was highly regarded in Russia as an internet
entrepreneur, added his voice to the idea of a ban on cyber weapons, and in
November he wrote on his
blog, “Considering the fact that peace and world stability strongly
relies on the internet, an international organization needs to be created in
order to control cyber-weapons. A kind of International Atomic Energy Agency
but dedicated to the cyberspace.”
In the Bavarian Alps a small mountain resort town,
Garmisch-Partenkirchen, is famous for its spectacular views and NATO’s Marshall
Center for Security Studies, which is based there.
Nearby is a pretty hotel, Atlas, with a traditional Bavarian
three-story lodge that is a twenty- minute walk from the Marshall Center.
Founded in the early sixteenth century as a tavern, the hotel proudly lists
among its previous guests Duke Ludwig from Bavaria, the Prince of Wales, and
the King of Jordan. Every April, for almost a week, the hotel hangs a Russian
flag from its balcony, hung personally by Sherstyuk, who, since 2007, has been
bringing to the lodge a group of Russian and American generals and high-placed
officials to talk quietly about information security and cyber conflict.
The first two days are always reserved for general
discussions, mostly on cybersecurity and what kind of research is required.
Russians gathered in one part of the hotel, and non-Russians gathered in
another, partly because many Russians didn’t speak English, and most Americans
didn’t speak Russian. The third day was devoted to individual meetings. The
real business was conducted in closed rooms with only a few participants.
Klimashin was among the guests, as well as Krutskikh, who
never tired of making speeches and arguing for agreement on “terms and
definitions” in cyberspace and for greater UN involvement in internet
governance. He favored the United Nations because it was filled with
governments, not companies, and many of them were sympathetic to Russia’s
desire to control the internet within their borders.
The US government took the gatherings in Garmisch very
seriously every year. High-level officials were sent;
in 2010 the US delegation included Christopher Painter, the second-ranking
White House official on cybersecurity, and Judith Strotz, the director of the
State Department’s Office of Cyber Affairs.
“The
Russians have a dramatically different definition of information security than
we do; it’s a broader notion, and they really mean state security.”
Russian officials in charge of information security often
spoke bitterly of US domination of the internet, believing all the tools and
mechanisms for technical control were in US hands.
Their main target was the internet Corporation for Assigned
Names and Numbers, known as ICANN, a nonprofit organization headquartered in
California. In 1997 President Clinton directed the secretary of commerce to
privatize the management of the domain name system, a critical part of the
internet that serves as a giant warehouse of web addresses looked up every time
a user wants to go somewhere online. The Defense Advanced Research Projects
Agency (DARPA), the National Science Foundation, and other US research agencies
had previously performed this task.
On September 18, 1998, ICANN was created and given a
contract with the US Department of Commerce to oversee a number of
internet-related tasks, but the most important among them was to manage the
distribution of domain names worldwide.
In the 2000s other nations campaigned to have a greater role
in ICANN, but the Kremlin’s idea was more radical: to strip ICANN of its powers.
The president of ICANN, Paul Twomey, hastened to the second
gathering in Garmisch in 2008. He and other high-ranking ICANN representatives
tried to keep open channels of communications with the Russians. One of the top
US ICANN representatives who made sure always to attend was George Sadowsky.
Looking always professorial, he taught mathematics at
Harvard and was a technical adviser to the United Nations in the 1970s. In 2001
Sadowsky became executive director of the Global internet Policy Initiative,
which promoted internet freedoms in the former Soviet Union and Central Asia.
In 2009 he was selected to the board of directors of ICANN.
Sadowsky had a great deal of experience in dealing with
Russian officials. He found the endless discussions to be frustrating, as both
sides saw the world differently and had trouble even agreeing to a common
language about the internet; there were very basic divisions over definitions
regarding the internet. “Is it a communications service or is it an information
service?” he recalled. “And this went on, and on, and on.”
In Garmisch both Russians and Americans tried to be pleasant and friendly, but
they were at a stalemate. And with each passing year the discussions became
increasingly difficult—after the conference in 2010 Sadowsky admitted,
“The Russians have a dramatically different definition of information security
than we do; it’s a broader notion, and they really mean state security.”
Andrei
Soldatov and Irina Borogan are
co-founders of Agentura.ru and
authors ofThe New Nobility. Their work has been featured in the New York Times,
Moscow Times, Washington Post, Online Journalism Review, Le Monde, Christian
Science Monitor, CNN, and the BBC. The New York Times has called Agentura.ru “a
website that came in from the cold to unveil Russian secrets.” Soldatov and
Borogan live in Moscow.
|