In recent years, Russia has actively mimicked China in its implementation of cyber sovereignty. While this may have strengthened Putin’s position vis-à-vis political opposition and protest groups, it also risks harming Russia’s national security and diminishing its influence in its near abroad.
While all states would claim some degree of sovereignty over the internet, Russia and China have tended to adopt an expansive definition of cyber sovereignty that allows for the control of what liberal democracies would view as legitimate political opinions. In 2018, Russia proposed a resolution at the United Nations General Assembly, which some argue legitimizes state surveillance and censorship through its emphasis on sovereignty and non-interference in the internal affairs of countries—terms which have been used by governments to cover up measures that infringe on human rights online. More importantly, the resolution created an OEWG (Open-ended Working Group) on the topic of cybersecurity at the United Nations to run parallel to the already existing UN Group of Governmental Experts (GGE), effectively bifurcating the discussion of cyber norms at the United Nations. This could allow Russia to use the OEWG as a forum for the reinterpretation of previous UN GGE reports to better align with Russian preferences for internet governance.
In multilateral fora, both Russia and China portray cyber sovereignty as one monolithic element. They argue that countries should be exercising it but do not present a specific plan for how to do so. Such a broad narrative allows countries to pick a repressive toolbox that suits them best—ranging from draconian censorship laws to network shutdowns.
Russia used to be quite distinct in its approach to enforcing cyber sovereignty and relied mostly on offline methods for controlling its digital environment (e.g., scaring dissidents into silence). However, since 2012, when it experienced large-scale anti-government protests that demanded sweeping political reform, it has gradually adopted measures closely resembling China’s approach to information control. In the years since, it has been shifting from blanket censorship towards the deployment of deep packet inspection tools, which make censorship more fine-grained. Like China, it hopes to seal itself off from the global internet and has pursued a crackdown on the use of VPNs.
In this process Russia has regularly consulted with China. In 2015, the two countries signed a cybersecurity treaty in which they laid out bilateral cooperation terms, such as the exchange of information and cooperation in law enforcement to investigate cases involving the use of information and communications technologies for terrorist and criminal purposes. Then, in 2019, Moscow and Beijing signed an international treaty on managing “illegal online content.”
Despite its cooperation with China, Russia faces challenges to its attempts to imitate Beijing’s model of information control. For example, two factors that have enabled China to successfully separate itself from the global internet are its large domestic market and the ability of Chinese companies to provide the social media platforms and homegrown content that satisfy domestic audiences. Russia lacks such conditions, and has also encountered technical difficulties, which have delayed the nationwide installation of deep packet inspection tools. It has even struggled to ban the messenger app Telegram, which has been nimble enough to circumvent blocking.
Despite these obstacles to successful implementation, the decision to imitate China’s cyber sovereignty model has at least two negative implications for Moscow. First, there could be intelligence and national security risks. Copying the China model has meant the import of and dependence on Chinese technology, which could leave Russia exposed to Chinese spying. Even though Moscow is considering banning foreign equipment from its critical infrastructure, it may be difficult to keep foreign technology completely out. For instance, facial recognition cameras in Russian cities use Russian software but run on Chinese hardware. Similar security concerns arise when considering Huawei’s building of Russia’s 5G infrastructure and supply of cloud services to prominent Russian businesses.
Second, Russia’s influence in Central Asia, which is of vital security and economic importance to Moscow, is likely to recede. Although Russia used to have information control ideas and technology to offer Central Asia, China is becoming the security equipment supplier of choice in the region. Specifically, it is upgrading surveillance equipment and supplying governments with safe city technology to monitor citizens and govern the internet. For example, in 2019 Huawei and CITIC Guoan pledged an investment of $1 billion to develop Uzbekistan’s surveillance infrastructure. A similar surveillance project in Dushanbe cost $22 million. Chinese safe city technology has also been deployed in Bishkek and Nur-Sultan.
Moreover, as Russia’s internet infrastructure looks increasingly like China’s, Central Asian states that still seek to imitate Russia will imitate China by proxy. As this becomes more obvious, they will be more likely to turn directly to Beijing for inspiration. Consequently, Russia would cease to be the ideational role model in the region, and the standards for internet governance in Central Asia would be ultimately “Made in China,” extending Beijing’s influence in the region.
In the short term, Russia’s embrace of China’s model of cyber sovereignty and its use of Chinese equipment could help the government maintain domestic stability. For the time being, President Putin and other Russian leaders think they can manage their dependence on China and tolerate its activities in Central Asia. However, the growing asymmetry in military and economic power between the two countries raises the question if they can do so for much longer.