Sovereign Runet Bill Passed in Third Reading
In December 2018, Federation Council members Andrey Klishas and Lyudmila Bokova, along with State Duma deputy Andrey Lugovoy, introduced bill No. 608767-7 to the State Duma. The bill aims to protect the stable operation of the Russian segment of the internet (Runet). It quickly became known as the “Sovereign Internet” or “Runet Isolation” bill and proposes amendments to the laws “On Communications” and “On Information, Information Technologies, and Information Protection.”
The main goal of the bill is to “protect the stable operation of the internet in Russia in the event of threats to its functioning from abroad,” although a specific list of such threats has not been provided. In particular, the bill calls for the creation of a monitoring and management center for the public communications network under Roskomnadzor. This center would ensure the availability of communication services in Russia during any “extraordinary” situations and coordinate the efforts of operators in such cases. The explanatory note to the original document stated that the bill was “prepared in light of the aggressive nature of the U.S. National Cybersecurity Strategy adopted in September 2018, which declares the principle of maintaining peace through strength.”
Today, April 16, 2019, the bill was considered in the State Duma in its third reading and was finally adopted. Amendments for the second reading postponed the law’s entry into force to November 2019, except for provisions on cryptographic information protection and the national domain name system, which will take effect on January 1, 2021.
Political and Industry Reactions
Representatives of Roskomsvoboda note that all factions except United Russia did not support the bill. Representatives from the LDPR, SR, and CPRF parties spoke from the Duma tribune, criticizing the legal act. You can read the transcripts of these speeches on the Roskomsvoboda website.
Interestingly, today, Yandex’s Director of Network Infrastructure Development, Alexey Sokolov, also criticized the “Sovereign Runet” bill. The bill calls for the widespread implementation of Deep Packet Inspection (DPI) systems, but due to the shortcomings of this technology, Yandex services experienced disruptions in March 2019.
“A couple of weeks ago, we unintentionally had a sort of ‘drill’ when, due to Roskomnadzor’s blocking actions, traffic to Yandex resources was routed through the DPI systems currently used by operators. As a result, most services crashed, users faced severe difficulties, and we experienced firsthand what it means to route traffic through DPI,” Sokolov said during the “Ensuring Trust and Security in ICT Use” conference. “From the context of the law, it’s clear that these means of combating external threats are essentially DPI systems, through which all traffic is planned to be routed. Currently, there are no DPI systems in the world, nor are any being developed, that could support such a mode without significant losses for services.”
Philipp Kulin, head of the provider Diphost and creator of Escher II, agrees with this view:
“The cost will be astronomical, and under abnormal loads, various delays may still occur. I assert that analyzing absolutely all passing traffic is currently unaffordable for anyone,” he explained.