MOSCOW -- A Russian cybersecurity company has become the latest to comply with controversial government legislation on Internet freedoms, according to a watchdog group and VPN users who say they have been denied access to websites blacklisted by the state communications regulator.
Users of the Kaspersky Secure Connection VPN, sold by Moscow-based IT company Kaspersky Lab, have reported that sites blocked on Russian territory are no longer accessible.
Roskomsvoboda, an organization that monitors online censorship in Russia, said on July 1 that it had received e-mails from several users of Kaspersky’s service.
“It simply says the page doesn’t exist,” Roskomsvoboda cited one user as saying. The user added that the VPN “logs everything” by recording a list of websites visited by the service.
Other users attempting to access blacklisted content reported seeing a message from the government regulator, Roskomnadzor, that links to a searchable version of the state register on banned websites.
Responding to a request for comment, Kaspersky said that it “complies with the laws of all the countries where it operates, including Russia.”
“At the same time, Roskomnadzor requirements don’t affect the main purpose of Kaspersky Secure Connection, which protects user privacy and ensures confidentiality and protection against data interception, for example, when using open WiFi networks, making online payments at cafes, airports or hotels,” the company said in an e-mail.
“Additionally, the new requirements are relevant to VPN use only in Russian territory and do not concern users in other countries,” it said.
Banning VPNs
In July 2017, the Kremlin introduced fresh restrictions on Internet use as part of what observers say is an ongoing campaign to centralize control over Russia’s segment of the web. They included a ban on Internet proxy services -- including virtual private networks, or VPNs -- and a crackdown on anonymous use of instant messaging services.
Amnesty International called the development a "major blow to Internet freedom" in Russia.
"To understand how the ban will work, it is enough to look at China, where Apple has just made a deplorable decision to remove most major VPN apps from the local version of its App Store," Denis Krivosheev, its deputy director for Europe and Central Asia, said at the time.
Last March, Roskomnadzor sent a request to 10 VPN service providers demanding that they comply with the new law. All the companies except Kaspersky are foreign-based, and all except Kaspersky either ignored the request or refused to comply with it.
The watchdog’s deadline passed in May, but no direct action appears to have been taken.
Roskomnadzor head Aleksandr Zharov told business daily Vedomosti on June 26 that nine VPN services continue to violate the law. He added that the watchdog may fine the companies in question instead of trying to block them, though that would require a change in legislation.
“We have the right to block VPN services which do not comply with the law, but there’s no requirement to do this within a certain time frame,” he said.
It is unclear what force Russia’s fines will have outside its jurisdiction, where the majority of VPN providers are based. According to Sarkis Darbinyan of Roskomsvoboda, the online rights group, many companies view the threat of fines as an empty one.
“You can impose all the fines you like, but forcing compliance from companies based in different jurisdictions, many of which have no agreements on online cooperation with Russia, will do little,” Darbinyan told RFE/RL in a telephone interview.
He said the government has the legal power to block VPNs but it lacks the technical capability -- such services are complex enough to skirt even the notorious Chinese Firewall.
“Since they forge invisible bridges and encrypt traffic, they can’t be blocked by simple means. Only websites from which they’re downloaded can be blocked,” he said.
He suggested one way the Russian government could restrict access is by removing VPN services from app stores accessible in the country, as China has done.
Intelligence Ties?
Darbinyan said that compliance by Kaspersky would not be surprising.
“Kaspersky was never a company that fought with the Russian authorities. On the contrary, it’s actively cooperated with them,” he said. “So compliance with Russian laws won’t raise any dilemmas for them.”
In 2017, the U.S. government banned use of Kaspersky software on government computers, warning that the company has suspected links to Russian intelligence. Kaspersky denies any ties to the Russian government or its spies.
Darbinyan suspects such developments have made the company more reliant on its performance on the Russian market.
“Kaspersky is a Russian company, so it has to follow Russian laws or there’ll be consequences for them and all their products. They can’t afford that,” he said.
Since 2017, Roskomnadzor has kept a list of websites that search engines operating in Russia are legally obliged to censor. The list includes websites carrying content deemed extremist or promoting things like suicide or drugs. Illegal gambling and certain pornographic sites are also on the blacklist.
On February 7, Russian media reported that Google had begun to censor search results in Russia after a protracted standoff with Roskomnadzor. One anonymous official at the agency claimed the U.S.-based company was blocking some 70 percent of the websites blacklisted by Russia.