Russia has a long history with Internet censorship, but recent legislation gives the government more power than ever to restrict online speech. Russia’s government has not needed special legislation in order to stifle online speech. For example, in 2004 the Kremlin pressured Lithuania into shutting down the Kavkaz Center, a website of an independent, international Chechen news agency. In June 2012 attackers subjected the same website, this time being hosted in Sweden, to a massive distributed denial of service attack (DDoS), resulting in its takedown. Although the attackers are unknown, there are indications that Russia was behind the DDoS.
Although the Russian government has proven adept at restricting access to online content, the government recently endowed itself with broad new powers over online speech. In July 2012, the Russian Duma passed an internet censorship bill. In general, free speech is protected under the Russian Constitution; the Constitution of 1993 declares Russia as a democratic, federative, law-based state, guaranteeing its citizens’ right of free speech in Article 29. These protections, however, leave room for the state to exercise police powers to ensure the safety of its citizens, and it is under that authority that the Duma enacted this law. Ostensibly, the law aims to protect children from child pornography, drug use, suicide and other “harmful content.” In order to effectuate the protection, the bill requires ISPs to block specific websites that appear on a secretive government blacklist.
Before the law was even implemented, a court ordered the shutdown of the entirety of LiveJournal (not as part of the government blacklist) due to a single neo-Nazi blog entry among the thousands hosted on the popular site. Recently, the government censored LJRossia.org, formed to support freedom of speech, over two posts which contained stories involving motives of child pornography. Instead of blocking or removing the particular posts, the entire site was made inaccessible on at least one Russian ISP, RosTelekom. Additionally, the site hosted blogs of at least two prominent journalists who have often been critical of the Kremlin: Andrei Malgin and Vladimir Pribylovsky, the latter of whom published a database that exposed government corruption.
Once ISPs implemented the blacklist, among the first websites to be integrated into the blacklist and blocked was Lurkomore, a satirical equivalent of Wikipedia, along with a Russian 4chan based discussion board – 2ch. 2ch and Lurkomore are especially popular among the Russia’s tech and hacking communities, frequently focusing on discussion of questionable topics, mocking of the president, drugs and violence. Despite the ban, the owners of these two sites circumvented the ban by switching to different IP addresses. Subsequently the ban on Lurkomore was removed after the owners deleted the pages featuring information on illegal substances.
In total more than 180 sites have been banned since the law came into effect. Although it is not possible to see the blacklist in its entirety, it is possible to check if a specific site is on the blacklist through an official government portal.
It is already apparent that the government can use the blacklist law to restrict content far beyond that which is dangerous to children. Despite this potential for overreach, Internet censorship in Russia has not yet reached China’s level of censorship. The Russian law does not yet criminalize use of proxy browsers that mask visited sites and keep browsing anonymous. This allows the use of software such as the Tor Onion Router to access restricted websites. The Duma has considered adding amendments to the law to include banning of services such as Tor, yet these amendments are currently unenacted.
It’s entirely possible that the Duma will only toughen the censorship laws in the future, particularly given the vibrancy of anti-Kremlin sentiment on online message groups and communities. However, even without amendments, the law could have substantial impacts on online speech in Russia. Even before the law went into effect, the government had proven adept at censoring online content. And in its current state, the vague language of the law allows wide-ranging interpretations and the censoring of websites in accordance with court orders.
Jean-Loup Richet, Special Herdict Contributor
Last month, Internet activist Aaron Swartz, one of the creators of RSS and Reddit and leaders of the campaign against SOPA/PIPA, sadly passed away after hanging himself in his New York apartment. He was due to stand trial on charges of computer fraud, after having allegedly downloaded millions of documents from JSTOR, an academic journal repository, to release them to the public for free.
His tragic death has strongly affected many of the communities in which Aaron was an important member. And some of those hurt by his passing believe that his death was due to his harsh treatment at the hands of federal prosecutors. His father went so far as to say that his son “did not commit suicide but was killed by the government. Someone who made the world a better place was pushed to his death by the government.” It’s easy to understand why many viewed Swartz’s prosecution as overly harsh. He had already spent most of his life savings on legal fees, and a conviction would have led to upwards of 35 years in prison and fines of up to $1,000,000. Even if the prosecutions’ offered plea bargain was harsh — under the offer, Swartz would have to plead guilty to every charge and face six to eight months in prison, after committing a crime that was purely for the benefit of the public.
As one of the creators of the Creative Commons copyright licenses, Swartz had been an advocate for the sharing of knowledge and creative materials. The vision of the Creative Commons license is to “realize the full potential of the Internet – universal access to research and education, full participation in culture — to drive a new era of development, growth, and productivity.” Swartz’s actions were in keeping with this idealistic vision.
Swartz’s death generated a lot of attention (and protests from groups like Anonymous), but in many ways it has overshadowed how many Internet activists have recently found themselves in the law’s crosshairs. For instance, in the past few months, two British men were arrested in Britain for their involvement with Anonymous’ recent DDoS (distributed denial of service) attack on PayPal (carried out due to PayPal’s refusal to process WikiLeaks donations). And last year six people in the US were arrested in connection with Anonymous’ activities, including alleged leader Barrett Brown. Some proponents of DDoS attacks argue that the attacks are a form of civil disobedience, and have even gone so far as to ask the White House to recognize them as such. But the law currently views DDoS as something more nefarious; participating in a DDoS attack can carry a maximum of ten years in prison in the UK and US. Moreover, because participation is as easy as downloading a free program and pressing a single button, many people may participate in such attacks without fully appreciating the significant legal risks they are taking. Those who do appreciate such risks may be dissuaded from engaging in this form of protest (for better or worse).
The security firm McAfee has predicted that participation in the Anonymous collective will decline in 2013, stating that too many “un-coordinated and unclear operations” are destroying the group’s reputation. The very fact that anyone can claim to be a member of Anonymous has created a situation where the group’s aims have become fragmented. To make matters worse, the main Anonymous Twitter account was hacked by rival group Rustle League, undermining its reputation.
Regardless of whether Anonymous continues in its current form, or splinters into many smaller groups, what is clear is that these forms of cyber protest will continue to become more prevalent as will the prosecutions for them. Considering Anonymous’ recent attack on PayPal was said to cost the company around $5m, it’s clear to see why businesses aren’t taking these attacks lightly.
The law, however, should leave room for digital protest. Although some punishment is a necessary component of civil disobedience, that punishment should not be the same for protest and outright vandalism. That said, distinguishing between protest and vandalism is not easy. Vandalism, by definition, involves the deliberate destruction or damage of property, DDoS attacks are conducted only for a set period of time (usually a few hours), and leave the website undamaged afterwards. In Swartz’s case, he did not physically damage or delete JSTOR’s archives; he intended to do nothing but share its contents with others. But his actions were not harm free. He shared 4 million articles from academic journals, representing a financial loss for JSTOR. JSTOR charges as much as $50,000 a year for an annual subscription fee, at least parts of which go to pay copyright fees to the owners of the articles in the databases. Thus, were Swartz’s actions more like protest or vandalism? According to legal expert Orin Kerr, the case was a reasonable application of the law and wasn’t an abuse of prosecutorial authority.
DDoS attacks can also have an economic impact through site downtime, lost customers, and lost sales, but in a digital world, how else can an angry public make its presence felt or its voice heard? Anonymous is currently calling for DDoS attacks to be recognised as a form of protest, and punished accordingly with a token fine rather than a prison sentence. Jay Leiderman of the Guardian agrees that these attacks are in fact a form of speech and should be protected under the first amendment. This right of protest, however, must be balanced against the potential harms that DDoS can have on online businesses and others uses of online content affected by DDoS.
Over the past year, Herdict has added several new features. During this process we realized that the privacy policy for the site hadn’t been updated since Herdict began. Although Herdict has grown and changed, what hasn’t changed is our strong commitment to maintaining responsible data practices–and making sure that our users understand what those practices are. So we recently updated our policy to better explain what we do. The updates to the privacy statement were intended to better explain the data we collect, use, and share in connection with our website, the reporter, and the browser add-ons. Most of the updates are stylistic, but there are a few sections where we added greater detail about our practices. These more substantive additions include descriptions of:
- How we collect information using session and persistent cookies in (“Collection of Information”);
- How information may be shared with third parties, including entities that provide services to Herdict, (in “Use and Sharing of Information”); and
- How information may be transferred in the event Herdict ever moves out from the auspices of the Berkman Center for Internet & Society at Harvard University (in “Use and Sharing of Information”).
Please take a few minutes to review the new privacy statement, and don’t hesitate to reach out to us with any questions you may have.
