Russia and China are both making an effort to have more government control in the use of the internet facilities operating in their respective countries. This is being done in the name of national and collective security. These two countries are also maintaining a unified front in their respective challenges to the West's conception of internet usage, particularly within the domestic realm.
A Russian law pertaining to data localisation of Internet communications took effect last year with the stated intent of safeguarding Russian citizens from the growing threat of foreign interference, particularly from the United States, in cyberspace. The media has reported that this law requires companies obtaining information online from Russian citizens to store that data on servers physically located within the country. Such an order means that companies like Google, Facebook and Twitter are now required to move their data centres to Russia or build such centres there if they wish to conduct business online in that country. Otherwise, Russian Internet users will be blocked from accessing the contents of these companies.
Foreign technology industries and civic activists have been opposing the law but analysts agree that it is suitably addressing Russia's network security concerns in several ways. The law is giving Russia another tool for controlling the flow of information within its borders. Moreover, this will enable Kremlin to closely monitor the flow of information into and out of Russia through the Internet to protect its Internet space from foreign actors - whether state or non-state. The data localisation move is, also being seen as the Kremlin's overall effort to shape the rules, architecture and future development of the Internet.
Russia and China are among some of the notable countries that want to challenge the de facto model of a decentralised collection of loosely structured committees and Internet stakeholders agreeing to technical standards for the Internet. This is being done in the name of cyber security.The status quo of the Internet, and particularly the prominence of U.S. and other Western stakeholders, is viewed by them as an obstacle to the desired change in Internet governance and future implementation of global Internet policies.
The internet world currently revolves round a polarised view of governing the Internet with either a multilateral model (with each country's government dictating the rules) or a multi-stakeholder model (with all participants having an equal say in governing the current model).
Internet governance could be broadly defined as " the processes that affect how the Internet is managed". The Internet from that viwpoint could be construed as the collection of networks of devices around the world that are voluntarily interconnected using some degree of shared standards and policies. This means that no single body dictates or enforces how the Internet expands, which underlying technologies are used, or what rules govern the use of the global network (though international committees set critical standards, such as defining addresses at which individual devices can reach one another).
The Internet architecture and the manner in which it is governed are still rooted in its country of origin, the United States. Western technologies and industries, particularly from the United States, dominate the Internet's current construct. Moreover, the U.S. government has designed the governing model and retains influence over small yet critical functions, such as managing network addresses, which define the accepted standards of the Internet community.
However, from the perspective of Internet users, the abstract world of online activity should not necessarily be tied to geographic and political boundaries. Nevertheless, it does rest on physical infrastructure inseparable from geography. As a result, every country has to adapt domestic and foreign policies incorporating the Internet - policies that can affect the activities of Internet stakeholders and users.
Geopolitics is naturally interwoven into the evolution of these policies. Consequently, it is not surprising that China and Russia are promoting network security and Internet governance issues that reflect their geopolitical situations and that mirror international relations in other areas. For example, just as the two countries' membership in the Shanghai Cooperation Organization (SCO) and the BRICS (Brazil, Russia, India, China and South Africa) grouping serve to counter U.S. economic, political and military power, their similar visions of network security and Internet governance serve to challenge what they perceive as a U.S.-centric Internet - one that also conflicts with their national security interests. It is for this reason that Moscow and Beijing are pushing for global Internet standards that better suit their geopolitical needs, using network security as the impetus for change and greater authority in Internet governance.
Washington's approach to network security is complex but also quite simple. It involves government agencies working with each other and with various stakeholders in the private sector to improve cyber defence for the stakeholders. Comparably, it appears that Russia's approach has been towards the tightening of government control over the information flow both within its borders and between its Internet space and the rest of the world. Russia's data localisation law is therefore being interpreted as Kremlin's latest attempt to address its network security concerns.
Reports indicate that the law has provoked some opposition, mainly from foreign technology companies concerned about the financial costs of compliance and from civic activists fearing the law's use as a way to censor Internet content in Russia. The Kremlin has tried to address some of these concerns and the government has narrowed the definition of personal data to ease the situation. For example, the Kremlin assured Twitter that the information it obtains on its users is not considered personal data. This should however not be interpreted as capitulation by the Kremlin but more as an example of challenges that the existing Internet governance model poses for governments seeking greater control over national network security policies.
In the meantime, Russia and the five other SCO members - China, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan - have submitted a document to the United Nations titled "The International Code of Conduct for Information Security," to be circulated in the U.N. General Assembly. The document attempts to define the role of the State in information technology and also emphasises on an intergovernmental model of Internet governance. This document, it may be recalled, is a minor revision to the initial document that Russia, China, Tajikistan and Uzbekistan submitted in September 2011, which Western U.N. members widely rejected.
The recent inter-active accusations of Russian interference during the United States Presidential election has led to growing worldwide concerns about network security. It has also bolstered Russia's argument for more multilateral Internet governance. The revelations from classified documents leaked by former U.S. National Security Agency contractor Edward Snowden has also highlighted the scale of U.S. global cyber espionage, including some cases in which products from U.S. technology industries were used to spy online.
China has also been working on implementing its own network security laws and other national security policies that cover a much broader scope than Russia's data localisation law. These include enforcing the concept of Internet sovereignty in legislation and banning foreign technologies in some cases for critical sectors. China already employs much stricter measures than Russia regarding censorship and government control over its Internet space. Its network security strategy intersects with its economic goals and leverages the demand of its enormous population of Internet users in implementing national policies to help defy Internet stakeholder opposition.
This attempt by Russia and China to enforce similar views of governing the Internet and their partnering in network security is bolstering each country's clout in shaping otherwise separate domestic Internet regulations and giving them more potential influence over global policies.
During Chinese President Xi Jinping's last visit to Moscow, Xi and Putin signed a pledge that their governments would not conduct cyber attacks against one another. Instead, they agreed to share network security information between their respective law-enforcement agencies and cyber technology experts. This will likely have a tactical impact on cyber warfare and online criminal activity.
The efforts of both these countries have met with serious challenges. They have had to modify their policies. China, for example has had to backpedal on forcing banking institutions to abandon foreign technologies. Nevertheless, due to the evolving nature of the issue, their calls for multilateral Internet governance and government control over network security, in all likelihood, will find some measure of success.
The writer, a former Ambassador and Chief Information Commissioner of the Information Commission, is an analyst specialised in foreign affairs, right to information and good governance.