Splintering the internet? Not just yet

(Image credit: Image Credit: Atm2003 / Shutterstock)

With recent news that the government in Russia has signed the “Russian Internet Law” and Iran’s recent test of a country-wide firewall, it would appear more and more countries are seeking to take control of their Internet infrastructure.

In the case of Russia, it appears that it has been planning some sort of structural changes to its Internet. The first changes to its Internet came in 2012, when the Russian government began blocking web users in the country from accessing some websites based on a set criteria.

Following this, in 2015, Russia passed a law requiring all software-as-a-service (SaaS) providers to maintain a local copy of all data of Russian citizens. Few complied with this requirement and as of yet, there has been little to no repercussions from non-compliance.

Most recently, in 2017, Russian officials issued a ban on all software and websites, related to Internet filtering, including virtual private networks (VPNs) and anonymisers, as well as all websites containing instructions on how to access websites blocked by the government.

With this new “sovereign Internet law”, it seems the government is attempting a great experiment aimed at testing the feasibility of isolation from the rest of the Internet.

In any conversation about control of the Internet within a country’s borders, one system comes to mind, the Great Firewall of China.

The largest example of attempting to control Internet is China because they started from the very beginning, building architecture for this from scratch. Built in 1999, the Great Firewall is the blanket term for the collection of techniques used to filter traffic in China. The Firewall has been possible because of two reasons. Firstly, some monopolies, which are state-run, control telecommunications within China and when it was decided to add a layer of censorship to the Internet, these state-run telecom firms complied. This created the largest filtering infrastructure of Internet traffic in the world, with a few choke points in and out of the country. Secondly, China introduced the policy in a much earlier era of the Internet, allowing the complete ecosystem to evolve in an organic manner, while a great firewall was also firmly in place.

Virtually all Internet traffic between China and the rest of the world travels through a small number of fibre-optic cables that enter the country at one of ten different backbone access points, seven of which had only been added in January 2015. A limited number of international entry points, coupled with the fact that all Internet service providers in China are licensed and controlled by the Ministry of Industry and Information Technology, mean that Chinese authorities can analyse and manipulate Internet traffic much more easily than, say, the United States.

Yet for Russia, its Internet has evolved in a much more integrated way, along with European and global Internet services. Now that these roots are firmly intertwined, it will be very difficult to separate.

Practical steps to “disconnection”

The first and easiest method of censorship is IP blocking, which is generally very low cost and easy to deploy. Equipped with a blacklist of undesirable IP addresses, routers drop all packets destined to blocked IPs, which could include the address of what a country would classify as a “sensitive” site, or of a public domain name system (DNS) resolver. In China, an IP blacklist is injected via Border Gateway Protocol (BGP) using null routing.

IP blocking is a particularly lightweight control solution — the government can maintain a centralised blacklist without much involvement from the ISPs, and thus without much risk of leakage.

As changing domain names is not nearly as trivial as changing IP addresses, DNS-related techniques are often used in conjunction with IP blocking. DNS tampering involves falsifying the response returned by the DNS server, either through intentional configuration or DNS poisoning. Used together, DNS tactics and IP blocking can effectively seal off censored sites and servers on both the domain and IP levels.

Apart from DNS tampering, routers can also disrupt unwanted communication by hijacking DNS requests containing banned keywords and injecting forged DNS replies.

Other techniques include:

  • Keyword filtering: Chinese authorities inspect content passing through their pathways, including URLs for blacklisted keywords. However filtering is inconsistent, functioning as more of a “panopticon” than a firewall.
  • Manual enforcement: An estimated 50,000 employees make up the Chinese Internet police force that manually monitors online content, directly deleting content or ordering websites, content hosts and service providers to delete material.
  • Self-censorship: The Chinese government has also been successful in fostering a culture of self-censorship on the Internet. Not only are ISPs expected to monitor and filter content on their networks according to state guidelines, but all Internet companies operating in China are also required by law to self-censor their content. If companies can’t successfully censor their content, they face penalties: warnings, fines, temporary shutdowns and possible revocation of their business licenses.

Global splintering?

There are attempts in countries with restrictive points of the Internet already. Saudi Arabia restricts Domain Name service. DNS allows to convert the URL into numerical address to be reached there. Saudi Arabia forces the DNS request traffic through nationally controlled proxy service. The same technology is used in China.

The Internet is mostly open today, but there’s a clear impulse to secure more sovereignty such as GDPR, and news privacy laws in different countries, but that still allows traffic to flow.

A US company wanting to do business in the EU, for example, any data needs to stay there. This also drives US companies for EU infrastructure investments.

Overall, Russia is a more severe example of trying to control the flow of traffic, requests and services. While there is a trend to fragmentation, but it’s not terribly common, there are lots of countries that are still fully open.

Alex Henthorn-Iwane, VP Product Marketing, ThousandEyes
Image Credit: Atm2003 / Shutterstock