Throttling Twitter traffic in Russia Here’s how Moscow’s regulators are doing it and why it’s not really working
Мы рассказываем честно не только про войну. Скачайте приложение.
1.
What happened?
2.
Twitter really doesn’t remove this stuff?
3.
Why can’t RKN and Twitter reach some agreement?
4.
Is it legal in Russia to throttle Twitter traffic?
5.
Maybe Twitter should just take RKN to court?
6.
How are Russian regulators actually throttling Twitter traffic? What’s the technology here?
7.
Has RKN ever done something like this before?
8.
Why has the slowdown affected Twitter users in Russia differently? It’s not being throttled for everyone.
9.
So DPI systems aren’t very effective, it turns out?
10.
What about Russia’s Twitter users whom RKN’s throttling has affected?
11.
Who’s actually executing the throttling? Is RKN managing all this itself?
12.
Does Russia’s censor come next for Facebook and YouTube?
13.
When RKN first started throttling Twitter, a handful of Russian state websites stopped working for several hours. Is the Russian government one of Akamai’s clients, too? Were these two service disruptions related?
What happened?
Russia’s federal censor, Roskomnadzor (RKN), announced this week that it’s now throttling local Twitter traffic in response to the network’s refusal to remove certain “illegal content,” supposedly including incitements to suicide, extremist materials, information about narcotics, and even child pornography. RKN says Twitter has flouted its demands since 2017. If the American company doesn’t fall in line, Russia’s regulators have vowed to escalate their “enforcement actions,” up to and including a total block on Twitter access.
Twitter really doesn’t remove this stuff?
Moderators delete content all the time, but they don’t erase everything that RKN flags. According to the company’s latest Transparency Report, Russian state officials filed 8,949 takedown requests in the first half of 2020, but Twitter acted in only about 20 percent of these cases, limiting access to 1,437 tweets inside Russia. Enforcing its own terms of service, Twitter also took unspecified actions against 628 accounts identified by the Russian authorities (possibly removing certain content or blocking the users completely).
Since 2017, RKN has filed more than 28,000 takedown requests with Twitter. The agency says the company still grants Russian users access to 3,168 materials containing illegal information.
Why can’t RKN and Twitter reach some agreement?
They’ve been at loggerheads for years. Since 2015, Twitter has ignored Russian regulations that require it to store Russian users’ personal data on domestic servers. In early 2020, RKN fined Twitter 4 million rubles (about $55,000) for noncompliance, which had precisely zero effect on the company’s policies.
In recent months, amid mass protests against Alexey Navalny’s imprisonment, Russia’s censor adopted a harder line, demanding the removal of tweets that helped mobilize opposition demonstrations. As of December 2020, Russian administrative statutes now impose penalties on entities that fail to restrict access to information that supposedly attracts minors to unpermitted public assemblies. So far, Twitter has declined to censor content that allegedly meets this description, though moderators have deleted hundreds of accounts suspected of “pro-Russian propaganda,” further upsetting RKN. In February 2020, the agency demanded an explanation for the removal of 100 accounts that allegedly belong to St. Petersburg’s infamous “troll factory.”
Is it legal in Russia to throttle Twitter traffic?
Maybe. Existing bylaws that lay out the state’s available enforcement measures don’t mention throttling explicitly, according to “Digital Rights Center” law firm partner Sargis Darbinyan and Karen Kazaryan, the CEO of the Internet Research Institute.
On at least two prior occasions, Russian regulators advocated throttling noncompliant Internet resources. In 2017, while prosecuting an antitrust case against Google, the Federal Antimonopoly Service suggested imposing Internet traffic “slowdowns” to punish offenders. A year later, Rostelecom head Mikhail Oseevsky floated the idea of throttling Western companies that refused to finance the purchase and installation of new equipment needed for data-storage and filtration requirements introduced in new counter-terrorism legislation. Neither initiative reached lawmakers in the State Duma.
Darbinyan and Kazaryan say RKN draws its authority to throttle Twitter from a loophole found in “Internet sovereignty” legislation that entered force in November 2019. In addition to requiring Russian telecom operators to install special network-filtration hardware, the law empowers RKN to designate “threats to the security of the Internet’s functioning inside Russia” and determine the appropriate response needed to eliminate these “threats.” Available measures include “changing the routes of telecommunication messages” and “changing the configuration of communications.”
Interpreted broadly, this could describe traffic throttling, which technically qualifies as “changing the configuration of communications.”
It’s not certain that RKN’s actions are entirely legal, however, given that bylaws specify a procedure for tackling “Internet threats,” and it’s unknown if the agency actually fulfilled these regulatory requirements. For example, RKN is supposed to describe the impact of all “threats” both qualitatively and quantitatively before adding each case to a “list of threats.” RKN’s actions also need the approval of the Federal Security Service and Russia’s Digital Development, Communications, and Mass Media Ministry. Did RKN do all this before throttling Twitter traffic? We don’t know.
Maybe Twitter should just take RKN to court?
Sure, the company has this option, of course. “But an American social network’s chances of prevailing in Moscow’s Tagansky District Court, on RKN’s ‘home turf,’ are slim to none,” says Sargis Darbinyan.
How are Russian regulators actually throttling Twitter traffic? What’s the technology here?
RKN hasn’t explained how it is slowing down Twitter, but the equipment needed to pull this off is now required for all telecom operators in Russia, thanks to the “Internet sovereignty” legislation that took effect in November 2019. To ensure that Internet service providers have the “technical means for countering threats,” RKN requires telecoms to buy and install specialized hardware for deep packet inspection (DPI) — a more advanced form of data filtration that allows network administrators to block and reroute targeted traffic.
DPI can locate, identify, classify, reroute, and block data packets with specific information or “code payloads” that conventional packet filtering, which examines only packet headers, cannot detect. Deep packet inspection makes it possible to streamline traffic by prioritizing certain data packets and throttling other transfers that might undermine network performance. (Think urgent messages and peer-to-peer abuse.) With DPI, administrators can slow data packets that use a particular protocol or network address — they can even block users’ access to particular online resources altogether (though these measures are still executed manually, much of the time).
DPI settings also make it possible to reduce the bandwidth of traffic, meaning that network administrators can limit access to specific online services to channels with data transfer rates far lower than the service provider’s actual speed capacity. The telecom “A1 Belarus” did exactly this when anti-government protests erupted in Belarus after last year’s presidential election.
Has RKN ever done something like this before?
Regulators have some experience here. Russia’s federal censor has tested DPI to throttle Internet traffic at least once. In 2019, when the Internet sovereignty legislation was under review at the State Duma, RKN reportedly invited the country’s three biggest telecoms (MTS, MegaFon, and VimpelCom) to test DPI equipment on its networks, including exercises that would slow YouTube traffic.
About a decade ago, Russian telecoms also used their own DPI systems to limit the bandwidth allocated to torrent trackers, says “Internet Protection Society” director Mikhail Klimarev. ISPs resorted to throttling peer-to-peer traffic to prevent it from overwhelming their still relatively low-capacity networks. In 2012, MTS confirmed that it assigned a lower priority to p2p traffic in order to maintain transfer rates for other kinds of data.
Why has the slowdown affected Twitter users in Russia differently? It’s not being throttled for everyone.
It’s possible that not every Internet provider has installed DPI.
RKN only started testing these systems in mid-2018, when it wanted to block the messaging app Telegram. A year later, the agency deployed hardware manufactured domestically by “Research & Development Partners” to local networks in the Urals region and conducted large-scale testing that likely informed the further rollout of DPI in other markets across Russia. RKN hasn’t reported its progress here, but the initiative is probably incomplete.
The more important reason why Russia’s Twitter slowdown has been so uneven is that the company relies on Akamai Technologies’ global content delivery network (CDN) to ensure that its service functions quickly and smoothly for users around the world. Consequently, Twitter users in different parts of Russia could be downloading their multimedia content from entirely separate Akamai servers.
According to “ValdikSS” (the creator of “AntiZapret,” a Russian service for circumventing online censorship), RKN has already started throttling traffic to some of Akamai’s maintenance domains (such as “video.twimg.com.eip.akadns.net”), where the company caches media files from Twitter, but the service has numerous such domains on Akamai’s network. As a result, some Twitter users in Russia are routed to content hosted on throttled Akamai addresses, while others reach Akamai addresses that RKN hasn’t identified.
So DPI systems aren’t very effective, it turns out?
Deep packet inspection isn’t the silver bullet that censors would like it to be. Despite being more sophisticated than conventional packet filtering, DPI is still a blunt instrument at times. As ValdikSS notes, RKN has managed to use DPI to start managing Twitter’s bandwidth in Russia (“traffic shaping”), but it initially applied this throttling to all domains containing the text string “t.co” (Twitter's link-shortening service), inadvertently slowing other major websites with this same letter combination in their domains, including reddit.com, microsoft.com, githubusercontent.com, and even rt.com (the home of Russia Today).
What about Russia’s Twitter users whom RKN’s throttling has affected?
They can utilize the same tools that circumvent complete blocks on online resources, such as virtual private networks (VPNs) that encrypt a user’s entire traffic and make it impossible for DPI systems to recognize where data packets are going, whether it’s to Twitter or anywhere else. Akamai’s content delivery network also makes it inherently difficult for censors to throttle or block its clients, even when censors use DPI, argues Mikhail Klimarev. (Located all over the planet, these “edge servers” are essential to distributing global services’ network loads and maintaining high speeds.) This array of servers means that Twitter users are simply rerouted to new nodes when traffic at one slows.
In other words, blocking a service like Twitter that uses CDN would essentially require restricting access to the CDN provider’s whole network by targeting tens of thousands of servers globally — no easy task. Additionally, Akamai has so many other clients that these measures would automatically disrupt access to a huge number of other Internet resources, such as Adobe, Airbnb, MailChimp, and even the National Basketball Association.
At the time of this writing, Twitter CEO Jack Dorsey had not commented on the company’s troubles in Russia.
Who’s actually executing the throttling? Is RKN managing all this itself?
Russia’s Internet sovereignty law created a new department within RKN called the Communication Network Monitoring and Management Center. This outfit is charged with countering threats to the RuNet and overseeing measures to restrict access to online resources that violate Russia’s Internet laws. In an emergency, the center has the authority to take full control over the country’s communication networks.
“Blocking and throttling the services that are added to the list of ‘threats’ is being carried out according to the new model, and telecom operators won’t even know what RKN is doing on their networks, since it will all be done from a single center created inside the agency,” says Digital Rights Center partner Sargis Darbinyan.
As Meduza reported more than a year ago, the man responsible for managing RKN’s powerful new branch is Sergey Khutortsev, a Federal Protective Service (FSO) veteran and the descendant of one of Russia’s most celebrated families of missile engineers.
Does Russia’s censor come next for Facebook and YouTube?
Maybe. But throttling or blocking these resources would be no cakewalk, either. Both services also use CDN, and Google (which owns YouTube) has its own massive content delivery network called Google Global Cache (GGC). In other words, RKN would struggle to find and restrict access to Google’s countless edge servers.
A couple of years ago, at the FSB’s request, RKN actually attempted a “crusade” against GGC, threatening Internet service providers with fines for hosting Google’s edge servers (yes, some are located inside Russia). The FSB argued that ISPs were running GGC without certification from Russian regulators, but officials later clarified that certification is only necessary for communication hardware, not servers. RKN subsequently withdrew its claims.
When RKN first started throttling Twitter, a handful of Russian state websites stopped working for several hours. Is the Russian government one of Akamai’s clients, too? Were these two service disruptions related?
We don’t know if these events were connected, but we can be sure that the Russian government doesn’t use Akamai’s global content delivery network.
Russian officials say the outage at several state websites had nothing to do with throttling Twitter traffic. According to the Digital Development, Communications, and Mass Media Ministry, the disruption was due to an equipment malfunction at Rostelecom, which provides hosting services to the government.
But this could also be more than a coincidence. All the state websites that encountered problems (kremlin.ru, government.ru, and resources at the domain gov.ru) are part of the Russian State Network (RSNet), a separate segment of the Internet managed by the Federal Protective Service, which is where Sergey Khutortsev (the head of RKN’s powerful Communication Network Monitoring and Management Center) previously served.
Multiple sources told Meduza that they don’t know if Sergey Khutortsev resigned from the FSO upon transferring to Rostelecom. The agency itself has declined to comment on this issue. If Khutortsev remains an FSO officer, it means he could be simultaneously involved in managing the RSNet and the RKN branch responsible for throttling Twitter traffic.
Translation by Kevin Rothrock