Traffic control: that the authorities want to do with Runet

Minkomsvyazi developed a draft law “On amendments to the Federal law On communications and article 2 of the Federal law “On information, information technologies and protection of information”, reports the newspaper “Vedomosti”. The essence of the document — control over Internet traffic, says the publication.

The bill generated in December 2015, said a source close to the Ministry of communications. In the explanatory note (has a copy) bears the date 7 December 2015.

The amendments involve the creation of gosystem monitoring “of resource use global addressing and global identifiers of the Internet (DNS and IP addresses), and monitor critical infrastructure,” reads the note. If the project is accepted, an official register of addresses you’ll ever need.

Why you need a registry

It is about the introduction of a design similar to the European regional Internet registry RIPE Dutch organization, says a source familiar with the text of the bill. RIPE — colleague of Russian coordination center of TLD ru (KC), one of the regional Internet registrars, which acts as an Association of local providers.

In the register will be made “blocks” of the IP address ranges, not individual addresses of users, says a source close to the Ministry of communications. Telecom operators and any other organizations, if they create their own network, after receiving these addresses, the CC shall inform the authorized body that maintains the register.

A system similar to project Routing information service (RIS RIPE development) — it is intended for collection, storage and processing of routing information in the Internet. Such a state system will track, for example, DDoS attacks. “You can call it “Yandex.Tube” for the Internet,” explains a source close to the Ministry. In “Yandex.Tube” it is impossible to see what cars are coming, but you can see traffic load on a particular street, he added.

For example, in Internet banking apply the MITM attack (from the English. man in the middle) attack intermediaries who aimed at supplanting the source of the traffic, said a representative of one of the business associations, which includes IT companies. Theoretically, a new system of monitoring will restrict and even block unwanted traffic, he said.

Also the Ministry of communications offers to create a second registry — the traffic exchange points and to require operators to only use them. In return the government will offer owners to build the budget reserve communication channels, follows from the explanatory notes.

The largest network for the exchange of traffic in Russia is the company’s network MSK-IX: as data passes through about 60% of the Internet traffic in Russia. According to the forecast of Cisco Visual Networking Index, global Internet traffic in 2016 will exceed one zettabytes (equal to 1 trillion gigabytes) , and in 2019- two zettabytes. So far Russia, according to estimates SimilarWeb, ranked third in the world by volume of traffic — it accounted for just over 5%. The inflow from abroad is about 15% of total Russian Internet traffic, according to MSK-IX.

To organize international channels of communication can only operators are licensed for cross-border transmission of data. Now this thread is, in fact, is not subject to SORM (“System of technical means to ensure the functions of operative-search activities”, which shall establish each Russian operator), said one of the interlocutors .

According to him, collectively all activities will create a “backup copy” of the Runet it will be able to work, even if it will “disconnect” from the world Network.

Information about the plans of the authorities to monitor the Internet traffic is “free interpretation”, said the President’s press Secretary Dmitry Peskov. The authorities are not going to take the traffic under full control — it is only the intention to compensate for “possible unfriendly steps to bring down whole segments of the Internet,” he confirmed.

The initiative has three goals — awareness of how the Runet, the construction of the monitoring system problems at one or another of his plot, as well as increase its reliability and resiliency in the event of any emergency, said a top Manager of a large operator. Fault tolerance can be achieved both by redundancy of critical systems (for example, establishment of a database of IP addressing) and physical security of locations where trunk cables are laid across the border, he says.

What threatens the Runet

The bill is, in fact, the answer to the instructions of the President, which he gave in the fall of 2014 during the meeting of the security Council. “The current situation makes us think about insurance against failures [in Russian] and autonomy at the time of their elimination. The basic idea in this, but not in the control of traffic”, — believes a source in a major Internet company.

As explained by the Minister of communications Nikolay Nikiforov in an interview in June 2015, you need to be prepared to any scenario: “Today, the Internet continues to be managed by a legal entity within the jurisdiction of a particular country [the implication of the US-based non-profit organization ICANN]”. “American partners have repeatedly stated that they intend to transfer the management of critical Internet infrastructure, the international community — the body representing different public world organization”, but this did not happen, said the Minister.

“Our citizens must be assurance that external effects will not lead to a sudden disconnection of the usual services. The experience of the conflicts of recent years shows that the US and NATO countries are quite able to disconnect from the Internet the countries subjected to aggression, and to deny access to individual sites with completely unclassified information to users from certain countries”, — says the Chairman of the Duma Committee on information policy, information technologies and communications Leonid Levin. He believes “a clear threat” attempted information blockade or even active influence on the data channels in Russia “with the purpose of their distortion”.

Theoretically you can disable the Russian segment of the Internet so that it not only disappears from the Internet, but internal resources will become unavailable for Russians, explained previously head of analytical group Ru-Center Alexander Venerupin. If this happens, the Runet can be cut into a large number of interconnected “Islands”, he said.

Access to the Internet can be disabled from abroad at the level of the DNS system (from the English. domain name system — network service, servers which compare literal values the domain name with numeric value of the IP address and Vice versa), told the Director of the program “international information security and global Internet governance” Center for political studies of Russia Oleg Demidov.

According to the CEO of the provider “er-Telecom” Andrey Semerikova, in the spring of 2015 the Ministry of communications and Roskomnadzor carried out the experiment simulated a situation in which Russia would be cut off from the global Network. Despite the virtual shutdown of the main channels, the traffic still went abroad, claims Semerikov.

Exercises were held in the summer of 2014, their goal was to check whether you can disable the Russian Internet (websites domain sonypi I. RF) from the global Network from the outside — for example, through the introduction of Western sanctions. The event was attended by representatives of power structures — FSB, FSO, the Ministry of defense, Ministry of interior, as well as representatives of domain industry companies — “Rostelecom”, a call center, the technical center “Internet” and MSK-IX. The results were presented to Putin at a special meeting of the security Council. Later Nikiforov said that Russia will create a duplicate infrastructure, which will enhance the security of the Runet.

Possible consequences

The government’s initiative could have consequences for business, said a source close to the Ministry of communications. “Imagine, I invite big operator, he will invest the money and come to a specific point of traffic exchange, and it will be closed tomorrow for non-compliance of norms. These are the risks”.

Now the owners of exchange points are not required to install the equipment in accordance with the requirements of SORM is the operators are doing, but it is possible that from the points it is also necessary, said another source close to the Ministry of communications. The communication operators have installed equipment for SORM second generation — it still does not work with IP traffic, i.e. it does not, for example, to select voice messages that are transmitted over IP calls via Skype and other messengers, says the source. To pay for a new version of integration with SORM is unlikely to be the state most likely, these costs will shift to the operators, he suggested.

To talk about the particular impact on operators is difficult, as the texts and amendments is not yet available, said a representative of Orange Business Services Daria Abramova. It does not exclude that the new law will require large investments in network modernization, and this will lead to increased customer service fees of Internet access and data transmission. “Obviously, the idea of this bill arose in connection with the aggravation of the global geopolitical situation and strengthen the fight against terrorist activities, so the security of citizens this bill would impact positive,” said Abramov.

Implementing the necessary control measures, necessary to minimize the additional burden on business, which can later be passed on to the ordinary consumer, I am sure Levin.

The idea is to control the flow of Internet traffic is already implemented in several countries. One of the most advanced in the world is the Chinese system to limit Internet content — “the Golden shield” or “Great Chinese firewall”. The development is based on the analysis of traffic passing through three international gateway — Beijing, Shanghai and Guangzhou. The system was created in 1998, and at full capacity earned in 2003. It is blocking certain websites from black list by their IP or URL, as well as traffic filtering blocks sites by keywords, such as “Dalai Lama” or “human rights”.

With the participation of Alena Sukharevskaya and Elizabeth Arkhangelsk