The Russian presidential aide Igor Shchegolev said about the need to protect critical information infrastructure, the tolerance of governments in Internet governance, the management of large user data and the possibility of a slowdown in the speed of access to sites of companies that violate Russian laws
About the same time Shchegolev said in an interview with RBC.
In July 2014, Russia held a “digital learning.” Law enforcement agencies, including the Federal security service and the Ministry of defence, the state operator “Rostelecom” and the coordination center of national domain of the Internet under the guidance of the head of the Ministry of communications Nikolay Nikiforov evaluated the state of security and stability of the Runet “in the case of negative targeted impacts”. These teachings, says presidential aide Igor Shchegolev, showed the vulnerability of the Russian Internet. Before the relevant departments has been tasked to suggest measures for protection from external threats.
Two years later, in November 2016, the communications Ministry submitted proposals, the essence of which is to ensure the functioning of the Internet within the country in case of disconnection of Russia from the Network. A month later, in December 2016, the government submitted to the state Duma the draft law “On the security of critical information infrastructure of the Russian Federation” developed by the FSB. The document, in particular, provides for the establishment of a register of important objects of critical information infrastructure and the introduction of criminal liability for cyber attacks on them.
What threatens peace and stability in the Internet and what restrictions await in this regard, its users, Igor Shchegolev said in an interview with RBC.
“Disable a country from the Internet in General there is no problem”
— The threat for Russian market does exist, and require special protection measures?
— Was an exercise, they showed on a technical level that it exists. The threat is not hypothetical, it is practical. This show and the events of recent years, when the whole country suddenly for a few days disconnected from the Internet. There was a case of North Korea, was the case of Syria. There is evidence that at least one of these cases this was the result of deliberate action. Review the film “Snowden” if you want to understand how to do it. We are too big and the economy to afford to live with this threat.
— Experts say that to make the Internet fully Autonomous in any country is impossible.
— We have no problem to make the Internet was offline so we were disconnected from the outside world. In the case of targeted external influence which will not be infinite and will last for some time, inside our Internet should remain operational. This is the task. And disable the country from the Internet in General and that all happened just within us, there is no problem.
— This task is relevant regardless of what happens in foreign policy?
— We are talking about how the Internet, that is why Russia proposes to make the system of Internet governance more transparent. If there is any international instrument, legally binding, which will give us the guarantee of such action which would impose certain sanctions on those who initiate these actions, we will live in peace. Then maybe we won’t have to at the engineering level to defend themselves. But we don’t want to talk about it, we are told: “You’re the government, you do not understand the Internet, so your site tenth. We have a set of experts, international bodies, they will decide the fate of the international Internet, so-called the multi-stakeholder community”.
We are not satisfied. We have long led the debate at the international level, said, before to initiate the introduction of such initiatives, we continue to insist: “Let us define that the Internet has ceased to be an invention, which can be owned by one country.”
— You mean the reform of ICANN — Corporation for assigned names and IP addresses all over the world? You are not satisfied that the management of ICANN has suspended the U.S. Department of Commerce and from October 1, 2016, the focal point moved to a non-profit Corporation for public benefit?
— We are told that the fate of the Internet from now on will decide the kind of Autonomous organization, which is registered in California and living by the laws of the United States of America, and decisions can take Director. They, of course, the light may be very smart people. But “happy” coincidence that representatives of the United States, Canada, New Zealand and Australia.
How the reform was carried out, the exact situation has not improved. Before at least you could claim to the US government if something was going on. And now this kind of Autonomous or non-profit organization that just works on American law. And American officials can say “We here at anything. Go to court in California to sue these guys”.
—Those who support the independent governance of ICANN, I believe that governments should not influence the decision making…
Let’s look at the example of telephone communication. More than 150 years, the telephone communication in a world governed by the International telecommunications Union, which is now under the auspices of the UN. This organization was born over 80 years before the UN. And telephone communications around the world works, despite the fact that at the government level is coordinated how to develop it. Therefore, the possible adverse impact of government — is a weak argument.
Incidentally, many representatives of the American intellectual and political circles recognize that the current model is effective but illegitimate. These are not my words, said Joseph Nye, who coined the term “soft power”, who worked in the state Department and the U.S. Department of defense, and it is in a different kind of Pro-American non-governmental organizations on Internet governance. We insist that the role of governments should be clearly spelled out and that it may not be just Advisory.
— So, Russia will seek changes in the management of ICANN?
We believe that we should continue the discussion, to agree. Illegitimacy is not going anywhere, all the time you will have questions: how the Internet is managed, what happens to it? The country will be forced to seek technical and legal solutions that they are in this situation to protect. One such solution is a bill on the Russian segment of the Internet.
— You mean the draft amendments to the law “On communications”, prepared by the Ministry of communications in November 2016 and, in fact, involve the creation in Russia of the Autonomous Internet? It will help in the dialogue about the governance of ICANN?
Is a tool to ensure our security. Foreign colleagues will understand that in the world there are processes that can be will cause them to think about the fact that still hold true reform of the international governance of the Internet.
— At the end of December in the state Duma was introduced the proposals from the FSB, which involve criminal liability for cyber attacks to objects of the so-called critical information infrastructure. If there is redundancy in the protection of the Runet?
— These bills complement each other. Critical infrastructure is not a new concept we are introducing, it exists in the world, in a number of countries have already enacted laws that determine the policy of the state towards this infrastructure. Of course, it must be protected because in case of failure can stop working the whole of the economy, the public administration system.
In regard to the Russian segment of the Internet, it is generally vulnerable. Some of its elements will be a part of critical infrastructure, but in General all of our Internet, and critical and non-critical infrastructure vulnerable to external influences, deliberate or accidental. The vulnerability has been confirmed. After that task was, particularly before the Ministry of communications is to propose measures, as our Russian segment of the Internet to protect. And it sent them the bill.
Photo: Oleg Yakovlev / RBC
“Just in the dialogue to convince the largest online company does not work”
Now we discuss the changes in the law caused much debate in the industry — the so-called Spring package, which Telecom operators and Internet sites are required to keep records audio calls and the contents of the correspondence. What, in your opinion, it is necessary to change?
— Most of the laws that regulate relations in the Internet, perceived by the community and the market participants are very cautious. And, as practice shows, nothing tragic happens, after the laws.
As for the so-called law of Spring, it is not necessary to forget that it aims to protect against terrorism. And much will depend on how it will be implemented, from those regulations that will be accepted by the government. While minimising storage volumes of traffic, duplication of the information that will be accumulated in the different systems, the performance of the industry quite a force.
— Sectoral working groups that you oversee, discuss optimization of the law?
— Not directly. But in terms of overall approach to working with large user data — how it should be built, what principles to pass, — a work in progress. And indirectly, it can affect including on ways of implementing “law of Spring”.
— Can you explain?
— No final decision, we have not yet agreed, but this problem was posed within the framework of our working group (at the presidential administration, established in December of 2015. — RBC) is a relatively large user data. You need to understand how the government will protect them, what mechanisms will this be applied, what data is acceptable to collect, how to do it. As we will find the answers to these questions, can progress and means of implementation of the “law of Spring”.
— The draft law on the regulation of large user data should be available before the end of spring. It is assumed that the same document may be prescribed speed restriction of access to sites of companies that violate the laws. For example, it can be applied to Google, which does not execute the instruction of the Russian FAS about elimination of infringements of the law “On competition”. FAS requires that Google allowed the preset services of other companies in the mobile devices working under the Android operating system.
— No, they are different concepts — management of large user data and speed of access. These areas did to each other are not connected.
In early November 2016, the head of Roskomnadzor Alexander Zharov said that the working group on the development of the Internet in the presidential administration began developing a draft law regulating the work with large user data. A clear definition of this concept does not yet exist. As explained by the representative of the working group, it’s all the user’s data, which collect information system and devices, including user profiles on Internet resources. According to the head of Roskomnadzor, this category of data include virtually all information about geolocation, biometrics, and also about user behavior on different sites. “All this is subject to the review of transnational Internet companies and obviously require regulation, as it is now the law “On personal data”, — said Zharov. Personal data means information which can be linked to any specific individual. Movement of such data is regulated in Russia since 2007. In particular, from 1 September 2015, the law requires you to store the processed personal data of Russian citizens on the territory of Russia. Telecom operators and Internet companies, in turn, operate on the concept of big data, or big data, which imply the analysis of large amounts of de-identified information about users.
But the idea of limiting the speed of access to individual sites is really discussed? You participate in discussions?
— Would prefer to discuss the idea. It seems to me quite sensible. While no country in the world has not found adequate methods for rapid and effective dialogue with the major Internet companies. Of course, we have the search tools, how to convince them to comply with Russian legislation, the decisions of our government and courts. Just in the dialogue to persuade them does not work. Full lock is too radical way. If one of the measures is considered possible and advisable a traffic slowdown, it may be, remind the world of the giants, who are keen to abuse their dominant position in our market and are in no hurry to fulfill the decision of the Russian authorities.
— Slowing down access to the site would in any case have a negative impact on the users.
— More services. Users will have the opportunity to work with the similar services of Russian companies.
“The user should have more opportunities to influence the fate of the data obtained about him”
— Get back to the great user data. When it may be a draft bill?
— We are directly in the preparation of this document do not, we are discussing ideas. I hope that during this year, ideas will be formulated and then will be a clear timetable with a possible bill. While forecasts are not.
— What ideas are discussed? There is an assumption that management of large user data will be a continuation of the existing regulation of personal data of Russians. Is that so?
It is possible that this would happen. With the development of industrial Internet and Internet of things the amount of data which will definitely find the person with whom this information refers will increase. The data can be classified directly as personal. Now there are phenomena that are on the verge, in a gray area, just as long as this area is not regulated. When, for example, Telecom operators transmit subscriber data to banks and other companies. Strictly speaking, they collect data about users that is not explicitly spelled out in the law on personal data. But they clearly were not collected for the purposes that were agreed by the subscriber. How is it to be?
— Do you think that it should be banned?
No, we don’t want to ban. Want, users more opportunities to influence the fate of the data that he received. Since such data can begin to influence the fate of the owner.
Users always oppose everything, and for companies selling user data is a way to make money when all other sources of income fall.
We are not going to cover sources of income. Users, when signed user agreements, understand that their data is required for so-and-so. But over time they were used differently. People should be understanding that they are collected and for what purposes it is used. Must be able to say: “I am ready such data to provide ready and that they are thus used, and this is not ready. So, please, this data is more about me do not use”. We are here again, not pioneers. In the European Union, this regulation is also introduced. There is not only discussed such measures, but some are already accepted as part of the reform of the telecommunications market and the protection of personal data.
“Someone something is listening, watching, puts some servers…”
In addition to protection directly Runet constantly there are initiatives to transition to domestic equipment, the software, the creation of a special messenger for the civil servants… is This all really necessary? Or all of this lobbying to earn on government contracts?
I don’t see anything wrong with that, we have companies who want to promote their products and earn money. This, in my opinion, the meaning of the economy in which we live.
We regularly receive confirmation that our telecommunications infrastructure is in equally safe. Someone something is listening, watching, puts some servers that watching for someone, taken to our home via smart TVs. And that the state should just be OK with this? We see that a significant part of the problems can be addressed only through import substitution. At least in those areas where it is necessary for national security, economic, informational, physical, etc.
The question here is goal-setting state. It only cares about the safety from external threat or may pose a threat to their citizens, excessive penetrating into the telecommunication network and breaking the boundaries of privacy?
— That is something that the us or another state is embedded in our network and spies on our citizens is not alarming?
— I think that many people cause more fear the Russian security services. This assumes that the actions of the American special services will protect the government, and who from Russian is unclear.
— Such questions were asked, I think, not me alone, and in any case, I have not heard that someone in our government wants to prevent the abuse of our intelligence services against our citizens. So I can say quite clearly that what it is, is protection from external factors.
Igor Shchegolev graduated from the translation faculty of the Moscow state Institute of foreign languages. Maurice Thorez and the Germanic faculty of Leipzig University. In 1988-1997, he worked as editor, correspondent and Deputy chief editor of the service news Agency TASS/ITAR-TASS. In 1998 he started to work in the government and became the press Secretary to the Prime Minister Yevgeny Primakov and in 1999 took the post of adviser to the Prime Minister (first Sergei Stepashin, later — Vladimir Putin), and then in 2000, he headed the press service of President Vladimir Putin. In 2001-2008 Schegolev held the post of chief of Protocol of the President. In 2008-2012 — the post of Minister of communications and mass communications. After the election of Vladimir Putin as President in 2012, Igor Shchegolev was appointed assistant to the President. In 2014, fell under the sanctions of the USA and Canada in connection with the events in Ukraine.