Exploring Russian Cyberspace: New Internet and Democracy Publication (and more to come!)

As you’ve likely discovered from personal experience, timing is everything. And so the Internet & Democracy team is especially pleased to announce that just in time for this Sunday’s Russian presidential election, Karina Alexanyan, Vladimir Barash, Robert Faris, Urs Gasser, John Kelly, John Palfrey, Hal Roberts, and I are releasing a new paper that assesses the relationship between the Russian Internet and Russian political and social life: “Exploring Russian Cyberspace: Digitally-Mediated Collective Action and the Networked Public Sphere.” This work was made possible thanks to the generous support of the John D. & Catherine T. MacArthur Foundation.

In English and in Russian (thanks to the translation expertise of Gregory Asmolov), here is the full abstract for the paper:


This paper summarizes the major findings of a three-year research project to investigate the Internet’s impact on Russian politics, media and society. We employed multiple methods to study online activity: the mapping and study of the structure, communities and content of the blogosphere; an analogous mapping and study of Twitter; content analysis of different media sources using automated and human-based evaluation approaches; and a survey of bloggers; augmented by infra- structure mapping, interviews and background research. We find the emergence of a vibrant and diverse networked public sphere that constitutes an independent alternative to the more tightly controlled offline media and political space, as well as the growing use of digital platforms in social mobilization and civic action. Despite various indirect efforts to shape cyberspace into an environment that is friendlier towards the government, we find that the Russian Internet remains generally open and free, although the current degree of Internet freedom is in no way a prediction of the future of this contested space.



В данной статье представлены основные результаты трехлетнего проекта, целью которого было изучить влияние Интернета на российскую политику, средства массовой информации и общество. Для исследования общения и деятельности пользователей интернета мы использовали различные методы: отображение и исследование структуры, сообществ и содержания блогосферы и контента в Твиттере; опрос блогеров, контент-анализ различных средств массовой информации: как с помощью автоматизированных методов, так и с помощью экспертов.

Мы открыли существование живого и чрезвычайно разнообразного публичного пространства, которое представляет собой альтернативу более контролируемым официальным средствам массовой информации. Мы считаем возможным говорить об электронных платформах, на основе которых происходит социальная мобилизация гражданских действий. Несмотря на различные попытки превратить кибер-пространство в пространство, поддерживающее правительство, наше исследование показывает, что Российский Интернет все еще остается свободным и открытым. Тем не менее, несмотря на существующую свободу Рунета, очень сложно делать какие-то предсказания относительно его будущего.


Please note that we are working to provide a full translation in the future.
In the meantime, we welcome your comments at the Internet & Democracy Blog.

If we’ve whetted your appetite for more research on all things related to the role of the Internet in Russian society, we welcome you to take a fresh look at our October 2010 Russian blog paper, Public Discourse in the Russian Blogosphere: Mapping RuNet Politics and Mobilization.

Also, please keep an eye on our paper series page for future publications over the coming months, and check out the same site for a short description of each paper we’re planning to release.


Posted in blogging, Elections, Free Speech, I&D Project, Media Cloud, Organizing, Russia. Comments Off on Exploring Russian Cyberspace: New Internet and Democracy Publication (and more to come!)

Coordinated DDoS Attack During Russian Duma Elections

By Hal Roberts and Bruce Etling

Over the course of the weekend, a seemingly coordinated distributed denial of service (DDoS) attack flooded a number of the leading Russian independent media, election monitoring and blogging sites. Many users and content publishers, including the Global Voices RuNet project, have been reporting the attacks against sites including LiveJournal, Echo of Moscow, Novaya Gazeta, New Times, Bolshoi Gorod, Golos.orgikso.org, ridus.ru, zaks.ru, and the online ‘map of violations’ created by the election monitoring group Golos (which has been the target since last week of a government campaign against ‘outside’ influence on the election (they are funded by US and European groups). LiveJournal, which is the biggest blog host in Russia and according to our research is the blogging platform where Russian political discourse is most prevalent, was also attacked. There are continued reports of LiveJournal’s inaccessibility inside Russia over the last couple days, and shorter term attacks on sites such as levada.ru, the Web site of the leading independent polling firm in Russia.

DDoS and other sorts of cyber attacks on independent media have been common in recent years. One of the difficult things about understanding the cause and impact of DDoS attacks is that it is rarely clear who is behind the attacks. We have little or no evidence, for instance, that the Russian government is involved in these or other attacks. This is partly due to the nature of DDoS attacks, which often come from large collections of infected computers and so are very difficult to track back to the responsible actor. Governments have also avoided taking responsibility for these sorts of attacks, in constrast to the way that many government happily defend their filtering practices, perhaps because the attacks are often associated with the cyber-criminal gangs who build and run botnets.

What makes these attacks different is the number of sites attacked at the same time, and their close timing around the elections. We asked our friends at Arbor Networks, a leading provider of DDoS monitoring and protection services for Internet service providers and large content hosts, for any data they have on these attacks. Among other DDoS monitoring systems, Arbor has a large collection of taps installed in botnets, through which they are able to listen to the commands sent to the botnets. Jose Nazario reported back to us that starting on December 1 and continuing through the election on December 4, they saw commands come from just two botnet controllers to attacks the following list of sites, nearly all of which are independent media or election monitoring sites:

New Times (Oppositional news site The New Times)
Echo of Moscow (Leading Independent radio station Echo of Moscow)
Novaya Gazeta (Major oppositional newspaper Novaya Gazeta, often critical of the Kremlin)
Novaya St. Petersburg (St. Petersburg Novaya Gazeta site)
Kommersant (Major Russian news daily)
Public Post (online news site, had published stories about map of violations and Golos)
Slon (Online News site, partnered with Golos to publish ‘map of violations’ after Gazeta backed out)
Bolshoi Gorod (St. Petersburg news site)
Golos (Website of independent election monitor Golos)
Ikso (an outlier, the election commission of Sverdlovsk region)
Ridus (online news/citizen journalism site)
Zaks (a popular political website in St. Petersburg)
Pryaniki (a popular portal in Tula)
Map of Violations (Golos crowdsourced election violations map/site)
files.kartanarusheniy.ru (sub domain of ‘map of violations’ site)
LiveJournal (Major Russian blog platform)
Kotlin Forum (not accessible: Yandex search indicates a forum related to Kronshdat)
Kotlin (not accessible, Yandex search indicates news and info related to Kronshdat region)
GosZakupki (another apparent outlier in the group, a portal for Russian federal and local government tenders)
The Other Tver (oppositional Tver news and analysis site)
RosAgit (Web site connected to activist and blogger Alexey Navalny, which today is focused on promoting protests across Russia scheduled for December 10).

Botnets are often rented out for a variety of reasons, including spam, click fraud, and credit card theft, as well as DDoS attacks. It could be a coincidence that two botnet controllers were independently rented by a collection of actors to attack these sites during the election, but that coincidence seems highly unlikely. It is much more likely that some one or two actors was trying to take down a broad swatch of the Russian independent media landscape during the critical period of the election. We have see many, many attacks against individual media sources in the past in Russia, but we are not aware of any previous coordinated attacks against this number of sites at the same time.

The Arbor data, of course, says nothing about why these sites were attacked, but one argument put forward by editor-in-chief of Echo of Moscow Alexey Vendediktov (and many others), certainly seems plausible: “The attack on the website on election day is clearly an attempt to inhibit publication of information about violations.” Several, if not most, of these sites invited users to submit information on election violations, especially Golos, their violations map, Slon and Echo of Moscow. The timing of the attacks is also hard to see as coincidental, overlapping closely with the times that polls were open on Election Day. Most of the attacks also ended once the polls were closed. As is usual for these types of attacks, no one has claimed responsibility, even though they seem to clearly serve the interests of the government.

As the Berkman Center noted in its DDoS report last year, for media and NGOs that think they might be subject to a DDoS attack, putting data and information on major social media and Internet sites (like Twitter, Facebook, YouTube, Google, etc.) is a good back up plan, especially for smaller organizations with limited tech staff, since these major hosting sites are far more well prepared to defend against these types of attacks. For example, to our knowledge, the Google doc with over 5000 election violations created by Golos after its site was disabled, was never taken down. Alexei Sidorenko also has other details of how sites like Novaya Gazeta that were better prepared for the attack were able to help host Echo of Moscow blogs, which argues for these groups to support each other and host one another’s content, acting as a sort of ‘mutual aid society,’ which Jonathan Zittrain has written about. Also, we checked with one prominent Russian independent media site that we had worked with during the writing of the DDoS report about whether they had been attacked, and that site responded that they had used Twitter for all of their election coverage, specifically to avoid DDoS attacks. That site’s strategy was successful, as Twitter was either not attacked or withstood any attack during the election.

Massive DDOS attack on Independent Media during Russian Duma Election

I’m just waking up to discover that, coinciding with today’s Russian Duma elections, there has been a series of major DDOS attacks that have at times brought down a number of leading independent media outlets, the LiveJournal blogging platform, and the online ‘map of [election] violations’ by election watchdog group Golos. Key independent mass media sites include the very influential Echo of Moscow radio and newspapers Kommersant, Novaya Gazeta (which is often critical of the Kremlin, has been the victim of DDOS attacks previously and has also had a handful of its journalists killed over the last few years), Bolshoi Gorod, slon.ru, and the more oppositional New Times. The election watch dog group Golos has been the target since last week of a government campaign against ‘outside’ influence in the election (they are funded by US and European groups). They were the subject of a thirty minute NTV special last week after warnings about outside interference in the election from Putin. The primary Russian blogging platform LiveJournal, which hosts the majority of blogs focused on politics and public affairs has also been attacked. The number of sites attacked at once seems unprecedented, and taking place during the Duma election cannot be considered a coincidence. As usual with DDOS attacks, it will likely be difficult if not impossible to determine who is behind the attacks.

Gregory Asmolov at Global Voices has the most exhaustive list of sites attacked that I’ve seen:

thenewtimes.ru, echo.msk.ru, novayagazeta.ru, kommersant.ru, publicpost.ru, slon.ru, Bolshoy Gorod (bg.ru), golos.orgikso.org, ridus.ru, zaks.ru (Saint Petersburg), pryaniki.org (Tula), crowdsourcing platform “Karta Narusheniy” and Livejournal platform.

Alexey Sidorenko has a couple updates on his Twitter feed @sidorenko_intl

And the Moscow times election live blog also has some details and updates.

Google Releases Transparency Report, Showcases Government Censorship Worldwide

On Tuesday, Google released a Transparency Report that shows the number of government inquiries it receives for information about users and requests for Google to take down or censor content.

The report, which Google presents in the form of an interactive map and traffic graphs, reveals the number of content removal and data requests that it received from government agencies around the world during the first 6 months of 2010. (See this Herdict post on the traffic graphs.)

The map tool allows one to see:

  • The number of government requests we received to remove content, per country;
  • The number of individual items asked to be removed, per country (as there may be many URLs per request) — this is new for 2010 data;
  • The products that contained the content; and
  • The percentage of those requests that we fully or partially complied with on a country-by-country basis.

Internet censorship around the world is on the rise, according to the report. A comparison of data from the internet service database that it released 5 months ago and the current version shows that there has been an increase in the number of government requests, suggesting that internet freedom may be taking a turn for the worst. Note: the map tool excludes data request information for a number of countries, most notably China and Iran. Using the traffic graphs, however, one can see how much traffic Google services get in those countries. The U.S. currently occupies the #1 spot with  4,287 government requests for data information during the first half of 2010. Directly behind it are Brazil with 2,435 and the U.K. with 1,343. Just five months ago, however, Brazil was in first place, the U.S. in second, and the U.K. in third.

While the report does contain important and telling information about censorship levels worldwide, the data that Google provides is not totally comprehensive and accurate. It fails to address a couple of major criticisms that arose when it first released an internet service database. Most notably, the  tool does not reveal query specifics, such as how many requests government agencies made for the same user data and what the total amount of requests across all categories of content is. Google also admits that among its limitations is the fact that that it has not included statistics for countries in which fewer than 30 requests for user data in criminal cases during the observation period.

Moreover, the report does not account for government-mandated service blockages—only content removal requests. A major addition that Google has made to the tool, however, is the ability to see how many requests it has honored: 138 in the US, 398 in Brazil, and 48 in the UK.

Google says that it would  like to be able to share more information with the public, but lack of standardization among user data requests, as well as the difficulty in categorizing and quantifying those requests, prevent it from doing so. But the internet search giant has expressed its intention to offer more information in the future, as well as a desire to fuel debate on government censorship.

“We hope this step toward greater transparency will help in ongoing discussions about the appropriate scope and authority of government requests,”  Corporate Development and Chief Legal Officer David Drummond said in a post on Google’s official blog.

Posted in Free Speech, Tech Tools. Comments Off on Google Releases Transparency Report, Showcases Government Censorship Worldwide

Piracy Raids Lead to Blanket Microsoft Licenses for Russian Advocacy Groups

By Marianna Tishchenko

This front page New York Times article, which describes how Russian officials have used trumped up charges of software piracy to pressure Russian advocacy groups, led quickly to a blanket license for Russian NGOs from Microsoft. The article appeared on Sunday; the blanket license was announced on Monday. Microsoft lawyers are now also are effectively prohibited from assisting in these cases.

The raids, however, have taken place since 2007. Russian security services have conducted dozens of raids on Russian NGOs and media organizations that voice their opposition to the country’s leadership, according to the article. Although Russian officials have claimed that the raids have no political basis, the Times notes the government “rarely if ever” conducts such inspections for advocacy groups and news organizations that support the government, suggesting that officials have used piracy concerns as an excuse to silence dissenters.

Cliff Levy of the Times focuses on one case involving the Russian environmental NGO Baikal Environmental Wave. Russian police stormed the NGO in January—supposedly in order to investigate its possession of illegal software after receiving a ‘civilian complaint’—and confiscated staff computers that may have contained illegally downloaded software. The NGO insisted that it had paperwork that could prove that the Microsoft products had been legally purchased. Russian officials were not interested in seeing it, however.

The fact that Baikal Environmental Wave had been planning protests against a government-sponsored reopening of a paper factory near Lake Baikal when Russian officials stormed their facility makes their intentions suspect.

Since the release of the NYT article, a great deal of speculation has surrounded Microsoft’s role in raids. And in an attempt to dispel rumors and ward off criticism, Microsoft issued a statement on Sept. 13, in which it expressed strong disapproval of the use of software piracy concerns as a scapegoat for “nefarious purposes.” The company also announced its intention to create a unilateral software license for NGOs that will give them free and legal software.

“Whatever the circumstances of the particular cases the New York Times described, we want to be clear that we unequivocally abhor any attempt to leverage intellectual property rights to stifle political advocacy or pursue improper personal gain,” Senior Vice President and Microsoft General Counsel Brad Smith said in the statement. “We are moving swiftly to seek to remove any incentive or ability to engage in such behavior.”

One hopes that Microsoft will get out ahead of any efforts by other governments to carry out similar raids in other countries.

Posted in Free Speech, Russia. Comments Off on Piracy Raids Lead to Blanket Microsoft Licenses for Russian Advocacy Groups

US Set to Relax Internet Restrictions Towards Iran, Syria and Cuba

This morning the New York Times quotes a ‘senior administration official’ who says that the US is set to relax sanctions against Iran, Syria and Cuba to allow US companies such as Google, Microsoft and Yahoo to allow downloads of personal Web-based services in those countries. Around the water cooler this morning, my colleague Jill York correctly pointed out that the article appears to conflate too many things together when it describes ‘Internet services’ that are currently banned, and that might be allowed as part of the planned waiver. My understanding is that any service that is based ‘in the cloud’ (gmail, twitter, etc.) is currently allowed to be used in Iran, Syria and Cuba because they do not require users to download software to use those services. It seems that Treasury’s Office of Foreign Assets Control (OFAC) is considering a blanket waiver that will permit US companies to allow users in those sanctioned countries to also use services (such as MSN chat) that require a download. It’s not clear if the type of software downloads will be limited to ‘communications’ services, or if broader downloads of services such as Google Earth or Adobe Photoshop will be allowed. It strikes me that the broader the type of downloads allowed the better, since the more services available not only allow for greater creativity in how users mash-up blogs, video, photos, email, etc., but that also makes it harder for states to block one type of service if many are available and being used together. However, given that circumvention tools will not be included in this waiver, it appears that the language may be fairly restrictive. Regardless of how the technicalities shake out, this seems like a positive step forward and I’m hopeful even smaller companies like Blue Host, that have been denying use of their Web hosting service in any country with even fairly limited US sanctions, will again make their services more widely available.

UPDATE: Here’s the official Treasury announcement and the updated rule–looks like Syria loses out on this one. From Deputy Treasury Secretary Wolin:

The new general licenses authorize exports from the United States or by U.S. persons to persons in Iran and Sudan of services and software related to the exchange of personal communications over the Internet, including web browsing, blogging, email, instant messaging, and chat; social networking; and photo and movie sharing. Today’s amendments also provide that specific licenses may be issued on a case-by-case basis for the exportation of services and software used to share information over the Internet that not covered by the general licenses.

Google Threatens to Pull Out of China, Cites Censorship and Cyberattacks

A bombshell out of Google today as they threaten to leave the very lucrative Chinese market entirely due to recent cyberattacks on human rights activists, Google itself, and a range of corporate and financial targets. Naturally, the news itself has been censored in China. From the Official Google Blog:

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

However, while a number of corporations were attacked, Google believes that the real goal was to attack human rights activists critical of China, albeit unsuccessfully:

[W]e have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

At the core of the decision to contemplate leaving China, according to Google, is their long internal struggle about how to access the huge Chinese market while living up to their corporate moto to ‘not be evil.’ This is pretty hard to do in what the OpenNet Initiative calls one of the most pervasive filtering systems in the world, which Google had to be a part of by prohibiting searches and access to a range of content the Chinese regime did not like. Former Berkman Fellow Rebecca MacKinnon told the Times today that “Google had endured repeated harassment in recent months and that by having operations in China it potentially risked the security of its users in China.” And as our own Jonathan Zittrain said in the same article:

‘I think it’s both the right move and a brilliant one’ said Jonathan Zittrain, a legal scholar at Harvard’s Berkman Center for Internet and Society.

It seems unlikely that the decision was based on human rights concerns alone, but I imagine that rights concerns taken together with the costs in bad PR, cyberattacks, and having to retreat from their own corporate mission are now outweighed by the relative small profits they make in China. The latest attack may simply have been the straw that broke the camel’s back.

China and Iran Lead Way in Detention of Journalists

According to a new report by the Committee to Protect Journalists, China and Iran are the leading jailers of journalists in the world, with those two states accounting for more than a third of all journalists held behind bars today. Increased arrests by Iran following post-election protests helped make 2009 even worse than 2008, with 11 more arrested worldwide this year than last. In its annual census, the CPJ also found that freelancers (who often write online) are more likely to be jailed than their counterparts at traditional news outlets. Last year was the first time ever that online journalists were more likely to be jailed than traditional ones.

If Iran had thrown just one more journalist in jail on December 1, it would have tied China (which has 24 journalists behind bars), as the leading jailer, a title China has held for the last 11 years. As Joel Simon writes in Slate, as opposed to 10 years ago when most of those Chinese journalists wrote for traditional media outlets, today they are primarily online authors, and this impacts how they are handled by the government:

[O]nline journalists can’t be fired, blacklisted, or, in most cases, bought off precisely because most work independently. They don’t have employers who can be pressured. Chinese authorities have few options when it comes to reining in online critics—censor them, intimidate them, or throw them in jail. This explains why 18 of the 24 journalists imprisoned in China worked online.

In Iran, there’s a similar dynamic. The 23 reporters jailed there fall roughly into two camps—those who worked for print media outlets allied with opposition candidates and those who worked independently online.

Iran Continues to Tighten Control Over Internet, Media

This New York Times piece nicely summarizes recent moves by the Iranian regime and the Revolutionary Guards to further clamp down on Iran’s already tightly controlled information space. The Times argues that the government is stepping up its ‘soft war’ in order to “re-educate Iran’s mostly young and restive population” by:

…implanting 6,000 Basij militia centers in elementary schools across Iran to promote the ideals of the Islamic Revolution, and it has created a new police unit to sweep the Internet for dissident voices. A company affiliated with the Revolutionary Guards acquired a majority share in the nation’s telecommunications monopoly this year, giving the Guards de facto control of Iran’s land lines, Internet providers and two cellphone companies. And in the spring, the Revolutionary Guards plan to open a news agency with print, photo and television elements.

As the article notes, these efforts to fight a ‘soft war’ seems to indicate the growing influence of the Revolutionary Guards in Iran, which some, like Abbas Milani, argue are more powerful than even the Supreme Leader.

In the end, however, these moves may be futile. The ‘police unit’ to monitor the Internet has only 12 people. Satellite TV has been illegal for years in Iran, and yet by the regime’s own account 40% of households have access to it, twice as many as last year. There are occasional crack downs that try to clear satellite dishes from everyone’s rooftop, but they always go back up eventually. And finally, as NYU’s Mehrzad Boroujerdi says:

By trying to gain more control of the media, to re-Islamize schools, they think they can make a comeback. But the enemy here is Iran’s demographics. The Iranian population is overwhelmingly literate and young, and previous efforts to reinstall orthodoxy have only exacerbated cleavages between citizens and the state.

China Requires Use of ‘Blue Dam’ Surveillance Software

Global Voices Advocacy tells us that China’s latest attempt to control the Internet – ‘Blue Dam’ – became active on September 13, and the government is requiring ISPs to use the software or face punishment. Blue Dam is an ISP-level surveillance application that is, apparently, meant to solve many of the problems stemming from the failed launch of Green Dam, which the Chinese government initially insisted must be installed on all PCs sold in China, even those sold by foreign companies, and even though large chunks of the code were stolen from existing, patented software applications.

Carrying surveillance out at the ISP level follows the methodology China employs to filter blogs, as Rebecca McKinnon (the go to source on Chinese Internet issues) has shown, by forcing ISPs to do much of the dirty work of the censors. This is also not dissimilar from how Russia apparently monitors Internet activity. How effective any government will be at monitoring the work of millions of Internet users remains to be seen, but it is certainly a development free speech advocates are going to be concerned about, and could lead to another backlash by Chinese Internet users.