On the last weekend in October, officials and high-profile media figures from Russia and China met in Guangzhou for the first ever China-Russia Internet Media Forum. Speakers congratulated each other on improved cooperation over traditional and digital media, and their collective effort to combat attempts by “Western mainstream media” to control the informational space. Aleksey Volin, Russia’s deputy minister of telecommunications and mass communications, delivered a speech at the conference detailing the countries’ overlapping cybersecurity concerns. He focused on network security and the development of “invulnerable information-communications systems.” “It is necessary to ensure the stability and invulnerability of the national segment of the internet from external action,” he argued.
Since the founding of the Shanghai Cooperation Organization (SCO) in 2009, Russian and Chinese officials have frequently discussed joint cybersecurity initiatives. A relatively substantial degree of collaboration was formalized in the context of heightened Russo-Chinese cooperation in 2014 and 2015, with both countries signing an agreement that included cybersecurity cooperation provisions in May of last year. In the words of the agreement’s signatories, its purpose was to limit the use of informational technology designed “to interfere in the internal affairs of states; undermine sovereignty, political, economic and social stability; [and] disturb public order.”
This emphasis on digital sovereignty remains a central tenet of both countries’ cyber policies, even as cooperation on the issue has ebbed and flowed. The non-aggression elements of the 2015 agreement floundered in the implementation stage, in part due to ambiguous language, but largely as a result of continued Chinese cyber espionage. This activity rose to unprecedented levels in 2016, with Russian cybersecurity company Kaspersky Labs reporting 194 Chinese cyberattacks in the first 7 months of the year alone—compared to just 72 in 2015. These attacks targeted government agencies, the defense and aerospace industries, as well as nuclear technology companies. And they’re probably underreported: a Kaspersky Labs spokesperson told Bloomberg that only around 10% of their corporate clients exchange data related to hacks with their security network.
Despite the attacks, Russia and China have continued their cybersecurity cooperation, at least publicly. In April, the first Russian-Chinese Forum on Internet Security was held in Moscow, and Mr. Volin’s China-Russia Internet Media Forum came a few months later. What's more, according to Deputy Minister of Foreign Affairs Oleg Syromolotov, representatives of the Ministry of Foreign Affairs and intelligence services hold consultations with Chinese officials on cybersecurity issues twice a year. Still, these exchanges do not amount to substantive agreements.
Железняк: Необходимо обеспечить цифровой суверенитет России https://t.co/wrBmOciGvo
— Единая Россия (@er_novosti) May 11, 2016
Zheleznyak [deputy secretary of the general council of Putin’s United Russia party]: It's necessary to support Russia's the digital sovereignty.
Digital sovereignty resembles, in many ways, the Kremlin’s conception of “sovereign democracy,” a term used to justify Russia’s right to eschew certain democratic principles in the name of “stability” and sovereignty in their own affairs. Similarly, cyber-sovereignty challenges the dominant American, internationalist approach to norms of digital governance. The Russian and Chinese view of internet regulation places much more authority in the hands of states, and views cyber activity as occurring within the jurisdictions of these states, rather than within a stateless data environment.
Rather than an alliance, Russia and China have a marriage of convenience that reflects a shared priority: regime stability. On the Russian side, this amounts in part to envy of China’s near-comprehensive control of national cyberspace. This has been particularly clear in Russian interest in the monitoring of internet traffic. In an interview with Gazeta.ru, Andrei Kolesnikov, director of the Coordination Center for Top-Level Domain RU, noted that efforts at monitoring, such as deep packet inspection (DPI), which are well established in Chinese internet infrastructure, have received a great deal of attention in Russia. He also suggests that more targeted measures, such as man-in-the-middle attacks (MitM), which China has employed effectively to bypass encryption efforts, may be receiving similar attention among officials in the Russian government. Given Russian hostility to consumer encryption, these tools are likely to be particularly attractive to the state.
Others in the Russian IT sector note that while Russia’s control of the internet may be increasing, the creation of a system similar to China’s “Great Firewall” would be extremely costly, and hindered by political and financial concerns. Aleksei Os’kin, director of technical support at the Moscow offices of ESET, an international cybersecurity firm, has observed increased surveillance and censorship, but not strictly in the Chinese model. While he has said that “our country is moving is moving in the same direction as China,” he has also pointed out that Russia “does not copy the Chinese version of the firewall.” Doing so would be too costly and technically difficult: “to block the addresses of a web site is one thing, but to filter and analyze the data being transmitted is another thing entirely.”
Video: The Safe Internet League, a group instrumental in organizing Russian-Chinese dialogue on cybersecurity, explains how to report sites that propagate terrorism and separatism.
The strategic partnership between the two states is more than a knowledge exchange. It is a push against norms developed at the beginning of this century that designated the internet as a realm of free expression. Indeed, Russo-Chinese cooperation on cybersecurity seems to be forged on the basis of opposition to American principles of internet governance.
Digital sovereignty seeks to make technology beholden to states, rather than vice versa. Proliferating sentiments of anti-Americanism and suspicion of collusion between Western companies and governments has only fueled the drive for digital sovereignty. In May of this year, Sergei Zheleznyak declared the use of domestic software as a critical step in securing Russia’s digital sovereignty. Public figures in Russia, particularly in the IT sector, including Igor Ashmanov, an outspoken tech entrepreneur and husband of Natalya Kasperskaya (former CEO of Kaspersky Labs), have similarly emphasized the concept.
This is not to say that Russia fears the level of internet penetration in its territory, or the proliferation of digital technology. It does however mean that Russia seeks a partner in establishing national, and perhaps in the future, international legal bases to ensure that the internet is a tool of the state rather than of its discontents. As Evgeny Morozov notes in his book The Net Delusion, “Most authoritarian governments have already accepted the growth of the Internet culture as inevitable; they have little choice but to find ways to shape it in accord with their own narratives – or risk having their narratives shaped by others.” Medvedev echoed this sentiment in his 2015 interview with Chinese publications People’s Daily, saying
Политика и политики должны опережать технический прогресс и находить своевременные решения прежде, чем технологии породят новую реальность.
Politics and politicians must stay ahead of technological progress and find timely solutions before technology has created a new reality.