Internet freedom in Russia took a hit yesterday, as the Kremlin implemented new online filtering protocols that could result in widespread government monitoring of web traffic — all due to a measure purportedly aimed at protecting Russia’s youth.
This is far from the first time protecting children has been invoked in support of laws requiring a significant online surveillance, just last year the U.S. House considered the Protecting Children from Internet Pornographers Act of 2011, which would have mandated internet service providers (ISPs) to maintain records of everything you do on the Internet every year, and give the government access to the data without a warrant under the same pretenses.
The evolution of the Russian law should make American citizens thankful the U.S. legislation failed: While it originated as a blocking mechanism for obscene content, since passage, Russian courts have said the measure can be used to ban political extremism and critics of President Vladimir Putin’s regime and the Ministry of Communications concluded Deep Packet Inspection (DPI) is the only way to implement it. DPI is a method of data processing involving looking at the details of the packets sent across networks to determine how to process or reroute the information. Logistically, this will require Russia’s ISPs to maintain detailed records of user traffic and would allow the Russian government a potential backdoor into the private lives of Russia’s internet users. As Eric King, head of research at Privacy International explained to Wired, this has some very troubling implications:
“No Western democracy has yet implemented a dragnet black-box DPI surveillance system due to the crushing effect it would have on free speech and privacy… DPI allows the state to peer into everyone’s internet traffic and read, copy or even modify e-mails and webpages: We now know that such techniques were deployed in pre-revolutionary Tunisia. It can also compromise critical circumvention tools, tools that help citizens evade authoritarian internet controls in countries like Iran and China.”
All of this makes DPI sound sinister, and it can be: the late Libyan leader Muammar Qaddafi used DPI to track online dissent in Libya, and has proven a cost effective way for totalitarian regimes to censor and target political opposition. Although, there are legitimate uses — particularly in network protection — most internet freedom advocates are against large scale implementation due to the damage potential abuse would for freedom of speech and privacy rights, especially in nations with poor track records on human rights issues (such as Russia).
However, most ISPs are already keeping tabs on what their subscribers are generally up to online and have the ability to use DPI on case by case basis — and as with much of the technology interacting with personal details, the questions of who has access to what breakdown of information, under what conditions, and with what safeguards to prevent abuse are critical to their responsible use. Even in countries with more respectable track records on these issues than Russia, DPI can cause considerable controversy, such as when it was proposed as part of new cybersecurity protocols in the United Kingdom.
Depending on how Russia’s mandated DPI processing is implemented and utilized, it may serve as a cautionary tale not only about how the justifications for legislation don’t represent their actual applications, but how structured surveillance can stifle the free flow of ideas online.