- Russia and China are exerting increasingly tight control over their respective internet domains and advocating for states to have absolute authority over the contents of their domestic cyberspaces
- Russia’s fragile economy may be unable to cope with the associated costs of implementing cyber sovereignty, leaving the long term sustainability of the Sino-Russian partnership in question
- While numerous developing states—especially other BRICS nations—have shown interest in the cyber sovereignty concept, they also lack China’s economic capacity to follow the proposed Sino-Russian model
- How much momentum Sino-Russian advocacy will generate outside of a bilateral context is unclear
Russia and China have formed an increasingly tight front in cyber diplomacy since 2015, advocating for an alternative method of global internet governance dubbed ‘cyber sovereignty’. Cyber sovereignty is an extension to the internet of the Kremlin’s concept of ‘sovereign democracy’—the right of states to forgo certain democratic values in the name of “social stability” and sovereignty over their domestic affairs.
In addition to their joint act espousing cyber sovereignty on the global diplomatic stage, both Moscow and Beijing have recently begun stepping up domestic policies to assert strident control over their domestic digital spheres. In July, Russia’s Duma unanimously passed legislation banning Virtual Private Network (VPN) operators and Tor—the popular network that enables users to remain anonymous—unless they filtered out websites on the Kremlin’s blacklist. Similarly, it was reported in July that China would be banning all VPN access from February 2018. While the Chinese Ministry of Industry and Information has since denied the reports, many are saying to watch this space.
However, despite the considerable common ground, the Beijing-Moscow cyber relationship is a complicated one. For instance, in an ironic twist of fate, Russian regulators in May banned Chinese social media giant WeChat from operating in Russia by applying the very data localisation laws it adopted from China.
INTERNET SECURITY = STATE SECURITY
Establishing itself as the primary power of the internet-era is a key aspect of Beijing’s push to make up for the ‘Century of Humiliation’, where a weak Qing dynasty in the 19th century allowed China to be subjugated by the newly industrialised Western powers. While China initially missed the boat during the industrial revolution, it is determined to be the undisputed leader of the ‘digital revolution’.
Moscow doesn’t share this drive for economic rejuvenation through a technological revolution. This is largely attributable to the fact that the Kremlin, unlike the Chinese Communist Party, doesn’t source and maintain its legitimacy from ensuring relentless economic growth. However, what Moscow does share with Beijing is the belief that national security—read regime security—is not attainable until “informational security” is established. Accordingly, the 2015 Russia-China cybersecurity pact outlined the goal of limiting information technology designed “to interfere in the internal affairs of states; undermine sovereignty, political, economic and social stability; [and] disturb public order.”
A COMPLICATED RELATIONSHIP, DEFINED BY ITS OPPOSITION
Unlike most nations, Russia and China apply the nation-state paradigm to cyberspace. As such, the construction of digital borders—with states having jurisdiction over what occurs within those borders—is the main goal driving Moscow and Beijing’s cyber diplomacy. The desired end result is to offer a dominant alternative to the current status quo of US internet governance principles.
However, like so many other aspects of the Russia-China partnership, on a macro level the extent of cooperation seems robust, but on a granular level cracks start to appear. While the public front on cyber sovereignty is resolute, the mutual non-aggression element of the 2015 cybersecurity pact is already floundering. In the first seven months of 2016, there were 194 Chinese hacks on Russian entities compared to 72 for the entirety of 2015. Mirroring this tenuous environment, biannual exchanges on cyber cooperation between Russian and Chinese officials have so far rarely amounted to substantive agreements. Nevertheless, cyber espionage is of much less importance to Sino-Russian cyber cooperation than their joint opposition to an internet modelled on liberal Western ideals.
MOSCOW’S AMBITIONS TO CLASH WITH REALITY
Beijing’s cyberspace policy hasn’t blocked booming growth in China’s tech sector, which has progressed leaps and bounds in recent years. Reflecting this, China’s domestic tech giants Baidu, Tencent and Alibaba all happily subscribe to Communist Party internet control. The same can’t be said of the Russian context.
Building on its 2015 Personal Data Law, which requires data operators who collect personal information about Russian citizens to store it on databases located in Russia, the Kremlin implemented its Yarovaya Laws in July 2016. This piece of legislation—forcing telecoms companies and Internet Service Providers to retain user communications for six months and communications metadata for three years—signalled further moves by the Kremlin to emulate Chinese data industry mercantilism.
However, even with the help of Chinese telecoms company Huawei, which has agreed to provide Russia technology to enable data localisation, Russia’s fragile economy does not have the same capacity as China to absorb the associated costs. Data localisation decreases economic productivity as firms are often prevented from using global services and are instead forced to establish and fund their own data centres inside their home country. These increased costs are then passed by the data companies on to consumers which in turn drags down economic growth. The declining productivity also scares away potential investors in the data companies. Similarly, there is an innovation cost as domestic firms no longer need to compete against global firms in order to remain competitive.
Unlike the acquiescing tech giants in China, Russia’s major telecoms companies like MegaFon and Tele2 have complained about the blows to their hip pockets caused by data localisation. This industry malcontent, combined with the likely public backlash should consumers realise they’re bearing the financial brunt of the legislation, mean the Kremlin’s path to control of the internet may be a rocky one.
A CHINA-RUSSIA LED COALITION OF THE WILLING IN CYBER SOVEREIGNTY?
Recent signals from the US point to it pivoting away from efforts to build cyber norms with Russia and China, instead being ready to take a more punitive approach to what it perceives as persistent bad behaviour. This would increase polarisation between the Russia-China bloc and the US-led internet order, potentially pushing other nations to take sides. Iran, Egypt and Cambodia have already expressed interest in acquiring Chinese technology to enable tighter control over their domestic cyberspace.
Reflecting the impending ‘West vs the rest’ internet polarisation, many have pointed to the BRICS organisation (Brazil, Russia, India, China and South Africa) as a potential body that may follow the Sino-Russian lead in cyber sovereignty. BRICS nations already have some history in this area. Brazil moved in 2016 to require data localisation for public procurement contracts involving cloud-computing services. Additionally, all the BRICS nations played crucial roles in causing the US government to forfeit control over ICAN, the body responsible for running the infrastructure layer of the internet, so there is some momentum in this respect. However, the fact that the majority of Indian servers are located abroad—meaning the costs of pursuing wholesale data localisation would be astronomical—make it unlikely New Delhi will fall into line with Sino-Russian cyber sovereignty.
The desire to challenge US unipolarity has brought China and Russia together over cyber sovereignty. However, their starkly disparate domestic economic contexts may be the catalyst that eventually forces the partnership apart.