Russia's Draft Information Security Doctrine at Odds With Realities of Modern Information Environment

Link to original story on Jamestown website

The Russian Security Council website announced that special discussions took place between June 25 and July 5 regarding the formulation of a new doctrine on information security. A draft "Information Security Doctrine of the Russian Federation"-reportedly prepared with input by members of the Security Council, various government bodies, as well as representatives of the scientific, expert and business communities-was posted to the website in order to solicit "public discussion" (Scrf.gov.ru, June 24). Though the official results of these discussions have not been published yet, the final Doctrine is expected to be approved by the Security Council before the end of 2016 (RIA Novosti, July 11).

In general, this draft document is rife with doctrinal contradictions. For example, it recognizes that "information technologies have a global cross-border nature." But at the same time, the main task of the Doctrine is formulated as follows: "to ensure the sovereignty of the Russian Federation in the information space"-in other words, this is an attempt to set state boundaries within the cross-border information space. The goal of this document is explicitly defined in military terms: to ensure "the stable and smooth functioning of the national information infrastructure […] in peacetime, during the direct threat of aggression, and in wartime" (Scrf.gov.ru, accessed July 14).

And with whom is Russia going to make war? The enemy is not explicitly identified within the document, but the Doctrine does allude to some "leading countries" that are having a "negative impact" on Russian and global information security. This "negative impact" is described as follows: "The special services of certain states provide information and psychological influence, aimed at destabilizing the political and social situation in various regions of the world, resulting in the undermining of the sovereignty and the territorial integrity of other states" (Scrf.gov.ru, accessed July 14).

This formulation is notable because it-inadvertently or not-accurately describes Russia's own information policy toward Ukraine. Specifically, Russian TV programs deliberately aim at destabilizing and undermining the sovereignty of the Ukrainian state, and Russian media was used to justify the annexation of Crimea. Nonetheless, the authors of the Doctrine represent Russia as solely a "victim" of external information influence.

The draft document in question provides a whole host of vague definitions to denote the enemy. Besides "the special services of certain states," it also speaks of "various terrorist and extremist organizations." And as Russian judicial practice shows, the vague legal definition of "extremism" means that anyone can be characterized as such by the authorities (Europarl.europa.eu, June 21, 2012; Loc.gov, November 20, 2015). It is quite significant that the draft Information Security Doctrine was published on the same date (June 24) as the adoption by the Russian State Duma (lower house of parliament) of the "Yarovaya Law." Named after parliamentarian Irina Yarovaya, the leading figure behind this legislation in the Duma, this law allows authorities to label organized opposition rallies as "terrorism" and to consider the act of reposting certain material on online social networks as "extremism" (Meduza.io, June 24; RFE/RL, July 7).

Especially significant is how the authors of Information Security Doctrine apparently see the information space developing in the future: "The development and improvement of information security of the Russian Federation is achieved by increasing vertical and centralized management" (Scrf.gov.ru, accessed July 14). This formulation demonstrates that the authors of the document fail to grasp the basics of today's information landscape, which has long been analyzed by such famous theorists as Daniel Bell, Marshall McLuhan, Manuel Castells and others. The information landscape operates via horizontally connected networks, which is fundamentally different from centralized "verticals."

Russia's supporters of the "vertical" management of the information space live in a world of centralized hierarchy and unified propaganda. Therefore, their main information tool has been television, with its unidirectional flow. Whereas the Internet, with its interactive network-based communication, looks like "the enemy"-not just because it allows for some oppositional ideas, but by its very structure. Russian political analyst Valery Solovey provides a similar assessment: "Now in Russia, the Internet is considered a hostile form of communication, as a hostile environment. The authorities are trying to take control of the whole digital environment and to intimidate society. By around 2018-2020, they want to cut the Russian Internet off from the outside world-completely or almost completely. But they do not understand how the Internet is constructed technologically and why this is unrealizable. They behave like guardians of the past" (Lb.ua, July 7).

Indeed, on July 7, Russian President Vladimir Putin ordered the Federal Security Service (FSB) to find a way, by July 20 at the latest, to obtain the encryption keys of all messages traveling over the Internet. The head of the FSB, Alexander Bortnikov, was given responsibility to execute this task (Newsru.com, Kremlin.ru, July 7). According to the "Yarovaya Law," which Putin signed on the same day, companies operating in Russia that offer encryption services for e-mail clients or instant messengers must provide the FSB with keys to decode these messages. Failure to disclose such information could result in a fine of up to 1 million rubles ($15,660) (TASS, July 7).

But technology experts note that Putin's order is feasibly impossible because messages can only be decrypted by devices of the sender and the recipient. Vice President and Technical Director of Mail.ru Group Vladimir Gabrielyan says: "All modern methods of encrypted communication are structured such that only participants in the correspondence possess keys. Thus, companies are being required to give something they do not have" (Newsru.com, July 7).

The Russian authorities' misunderstanding of the network-centric nature of the information space and their attempts to control it can only lead only to a further ballooning of the country's security forces. In early July, the Russian president signed a decree increasing the Ministry of Internal Affairs by around 64,000 additional employees, for a total staff of 1,067,876 (Spektr, July 7). With the Kremlin's fixation on top-down solutions to Russia's problems, more such dictates are to be expected.