On November 1, Russia’s latest internet censorship law came into effect. The new measure, titled “On the Protection of Children From Information Harmful to Their Health and Development,” establishes a registry of sites with content judged harmful to children. Sites that contain child pornography or that promote self-harm or drug use may be placed on the registry without a court order; sites with other forms of “illegal” content may be placed on the registry after judicial approval. A government agency, Roskomnadzor, will be responsible for maintaining the list. Under the law, ISPs will be liable if they fail to block sites placed on the registry, and individuals will be liable if they circumvent the blocking.
Opponents of the law worry that the definition of “harmful content” is too broadly constructed and will be used to suppress the free flow of information. They also point out that the law makes it necessary for ISP’s to use highly intrusive methods of blocking such as deep packet inspection. Supporters argue that the law does not meaningfully curtail Internet freedom, because the blacklist is targeted toward only obviously harmful content.
How the blacklist works
After Roskomnadzor initially deems a site to have offensive content, the site owner is given three days to remove the content or to block access. If the owner does not comply, the site is placed on the registry to be blocked. Since November 1, Roskomnadzor has already added over 180 sites to the blacklist and is processing over 6000 additional reports of offending content. It has created a website for the registry that allows users to check whether a specific site has been placed on the blacklist.
Concerns for freedom of information
Critics have attacked the law for its lack of clarity in delineating what content is “harmful” to children. Moreover, critics are concerned about the lack of transparency or accountability in Roskomnadzor’s upkeep of the registry. The standards for evaluating content are unclear, as the language of the measure is vague enough to potentially encompass content such as vulgar language, references to violence, or anything deemed “extreme.” In the past, regional courts in Russia have been willing to block sites for political extremism or opposition to Putin; this law will allow those regional decisions to be extended nationally at Roskomnadzor’s discretion. Roskomnadzor has assured the public that “experts” are in charge of deciding whether sites should be blocked, but this has shed little light on the actual process; the identity and qualifications of its “experts” is unclear.
Radio Free Europe has pointed out that malicious parties could get a website placed on the registry by planting content prohibited under the new law. For example, an activist forum could be blocked if individual posts within that forum contain illegal material.
This censorship law comes in the wake of a series of restrictive legislative actions that have expanded the scope of treason laws, imposed harsh fines on protesters in “unsanctioned” demonstrations, and criminalized defamation. Reporters Without Borders concludes, “Taken as a whole, the latest legislative initiatives in the Duma give all the appearance of a concerted attack on freedom to disseminate information.”
Dramatically heightened capacities for state surveillance
Wired’s coverage of the law notes that ISP liability for blocking sites on the blacklist will likely require ISP’s to undertake deep packet inspection (DPI)– that is, equip themselves with the ability to investigate the content of packets that pass through their networks. Information transmitted via the internet is sent in packets, which are akin to mailed letters. A packet consists of a header–corresponding to the to and from addresses on an envelope– and actual data– corresponding to the letter inside an envelope. An ISP doing DPI is akin to the postal service opening and reading all letters. Even best practices such as using https or Tor are vulnerable to DPI.
ISP’s equipped with DPI technology are a potent threat to freedom of speech and information because Russia’s policies on lawful interception of electronic communications are subject to very little oversight. In Russia, as in the United States and many other countries, telecommunications providers are required to build into their networks wiretapping abilities for law enforcement. Wiretapping in the United States has traditionally required warrants (although legislation such as the Patriot Act and the Protect America Act have weakened this requirement). But in Russia, according to the Washington Post, “an obscure set of technical regulations issued in the late 1990s permits total access without ever approaching a judge.” The new censorship bill therefore pushes ISP’s to adopt sophisticated means of surveillance that law enforcement can then freely use.
The broad terms of the new censorship bill carry with it the risk of being applied to suppress political speech and the free flow of information. Moreover, by incentivizing ISP’s to adopt deep packet inspection practices, the bill appears to be arming the state with unprecedented means to monitor and circumscribe online activity.
Activists in Russia have vowed to create an online database listing sites that have been “illegitimately” blocked along with alternative ways of accessing those sites. The database itself, though, may eventually be blocked under the new law.
We encourage users from Russia to report to Herdict sites that are being blocked.