A series of joint events by Russia and China on cybersecurity has prompted speculation that Moscow is looking to the architect of the Great Firewall of China for inspiration on how to censor and otherwise regulate the Internet. But it's a two-way street, and Beijing is learning from Moscow, too, says Andrei Soldatov, co-author of the book Red Web: The Struggle Between Russia’s Digital Dictators And New Online Revolutionaries.
RFE/RL Russian Service correspondent Mark Krutov spoke to Soldatov about Russian-Chinese cybercooperation and its possible implications.
RFE/RL: How did Russian-Chinese cybercooperation come about?
Andrei Soldatov: At some point in the fall of last year, it became fairly clear that the system of [domestic] control over the Internet that was built by the Kremlin starting in 2012 was ineffective and that its objectives were not being met. From that moment, there were some fairly chaotic steps, such as a series of jail terms given to bloggers. Those steps, in the end, led to the emergence of new players from fairly unexpected quarters who proposed closer partnership with China as the solution.
We believe that the key agreements were reached at some point in December 2015 at a conference attended by [Prime Minister] Dmitry Medvedev and Fang Binxing, the main architect of the "Great Firewall of China." As a result of these agreements, in April in Moscow there was the first China-Russia cyberforum, and in the following months it gradually became clear what shape the partnership was taking.
RFE/RL: Is the cooperation bilateral in nature?
Soldatov: I would begin by saying that, firstly, we are talking here foremost of bilateral cooperation. Because Russia is not just taking from China, but China is also taking from Russia.
For instance, we [Russia] have the League Of Internet Security, a kind of quasi-independent organization of volunteers who patrol the Internet on a voluntary basis. Fang Binxing created a similar organization in March this year, effectively copying the League Of Internet Security but in the Chinese context. China only just passed new legislation on cybersecurity in November, in which there is an article about localizing data on Chinese territory, and it is very similar to Russian legislation in this sphere.
If we talk about what Russia is taking from China, then we are primarily talking about work on the development of a new, second phase of the Internet-filtration system. Because the current system is not very effective. In practice, we have a very primitive system that can only block websites and webpages. Now, specialists of the League of Internet Security are thinking how to move to a second phase that will allow them to search for content -- a method of filtering that is being used in China.
Another line of cooperation is the control over domain names and, most likely, the use of domain names as an instrument that allows for better controlling global corporations. In March, China demanded that foreign companies receive local domain names if they want to work in China. As a result of the Russian-Chinese forum, a "road map" was passed, and the issue of domain names and control over domains was one of only two points that effectively were included in the road map. A joint Russian-Chinese working group was created for specialists of the two countries to discuss what they should do about domain names.
And finally, lastly, but perhaps most importantly, the Russian system of control over the Internet was never very technologically advanced, and now China is seen as a country that could supply technology. Already in August it was clear there had been talks between Russian telecommunications-equipment manufacturers and Chinese manufacturers like Huawei and Lenovo. The talks concerned the licensing of Chinese manufacturing in Russia specifically to carry out the "Yarovaya law" [Russian federal legislation expanding authorities' cybercollection powers, signed into law in July 2016]. A path of import substitution has been proclaimed, and we are talking foremost about the need to replace Western telecommunications technologies with Russian ones. But when it's all said and done, we will have substituted Western technology for Chinese.
RFE/RL: Currently in Russia virtual private networks (VPNs) can be used to bypass Internet censorship. What would happen if the China model were implemented in Russia?
Soldatov: First of all, the Chinese model of control is a lot more effective at controlling tools to get around censorship. That's why the Chinese Internet is considerably slower than the Internets of other countries. There is the problem of access precisely because various VPN services are blocked fairly effectively.
What's more, China has a fairly successfully developed methods by which the Internet can be blocked in the territories of certain regions. So if a bureaucrat wants, a certain region can simply be switched off. And your website will simply not be visible on certain territories.
There is another important step that is being actively tested in China. Russian bureaucrats don't really know what to do with smartphone messengers that use end-to-end encryption. Because technologically this [end-to-end encryption] is a good resolution, and even if you have control of the company or have its servers on your territory, the encryption still won’t allow you to read the messengers that are sent because they are sent between two people.
What they are trying to do in China -- and this has already been tested in the Xinjiang Uyghur region -- is not an attempt to decrypt messengers but to identify the devices where these messengers or VPN services are installed. These devices are simply disconnected from the cell network.
In fact, it's not the case that the Chinese have learned well how to break all these systems. You simply are disconnected and your smartphone becomes a useless instrument that receives a single text message: "Go to the nearest police station." And that's it, you can't use it anymore. In this area, China is ahead of Russia.