It’s been a few weeks since a Russian court ordered ISPs to block encrypted messaging service Telegram—and the country proceeded to break its own internet to enforce the ruling. Google and Amazon made changes that help the ban, and Russia has moved to blocking VPNs. Now, privacy advocates are asking Congress to step in and persuade American tech to help out.
Millions of Russians use Telegram to send private messages and its founder Pavel Durov has a long history of clashes with the Russian government over privacy issues. So when authorities decided to make Telegram the first high-profile app to be banned for refusing to hand over encryption keys, it wasn’t much a surprise. But the fact that service was able to hang on and continue functioning was unexpected. Russian ISPs proceeded to block as many as 18 million IP addresses in a heavy-handed effort to prevent Telegram from using a technique called domain fronting to escape the ban. This caused inadvertent disruptions to online gaming, YouTube, Gmail, the web version of Google Play, Google Drive, and reCAPTCHA, as well as small businesses.
Amazon and Google’s enormous cloud services were an essential tool for Telegram to avoid the ban, and thus, a primary target for the Russian government. But following reported talks between the two companies and government officials, the tech giants announced they would begin enforcing a ban on domain fronting. Russia has backed off on targeting the services, but according to TASS, it has now moved on to targeting VPN services that would provide a workaround for Telegram users. From the report:
The Russian telecom regulator Roskomnadzor blocked 50 VPN services and anonymizers providing access to the Telegram messenger in Russia, deputy head of the authority Vadim Subbotin told reporters on Thursday.
“Fifty for the time being,” the official said.
Subbotin did not indicate services that were blocked.
The Kremlin has said that Telegram’s ability to be used by terrorists is the primary reason for authorities needing access to its encryption keys. Telegram has argued that would be impossible because the keys are generated on individual users phones. But activists insist the ban is really intended to stifle free speech and political dissent. Over the weekend, thousands of people took to the streets to protest the inauguration of Vladimir Putin and Meduza reports that at least one telecom in Moscow thought it was the perfect time to perform maintenance on their networks, disrupting communications. Viber, another encrypted messaging app, is reportedly in the government’s crosshairs.
This week, digital rights group Access Now is asking members of Congress to try to persuade Google and Amazon to reevaluate their position on domain fronting. In a nutshell, the technique allows a service to get around censorship by hiding the true endpoint of a request and routing it through a separate website that hasn’t been banned. Amazon and Google never officially permitted this practice on their servers but they didn’t actively punish it. The biggest and most respected encrypted messaging service in the US, Signal, received a threatening message from Amazon last week insisting that it cease participating in the domain fronting it uses to get around censorship in countries like Egypt, Oman, and Qatar.
In a statement last week, Access Now’s Nathan White wrote: “Unless the world’s wealthiest companies want to be known for abandoning the world’s most vulnerable, then they now have an obligation to work with affected communities to ensure that human rights are not negatively impacted.” On Monday, the group wrote to Congress and outlined the numerous ways that domain fronting has helped activists, journalists, and citizens in countries that censor the open web. The letter reminds lawmakers that “Internet Freedom has received broad bipartisan support from Congress” for over a decade, and urges them to support efforts to encourage Google and Amazon to reverse their decision.
It’s true that members of Congress on both sides of the aisle have repeatedly criticized tech companies for not doing enough to stand up to censorship in China. Some legislators have even pushed back against the FBI’s demand for a backdoor into American’s devices. But the domain fronting issue might be a tough sell. The technique has been found to be useful for bad actors trying to spread malware.
Of course, lawmakers like to appear tough on Russia these days and they’re all trying to take shots at tech companies. It’s possible that the right kind of pressure could at least open a dialogue between the politicians who aren’t particularly tech-savvy and the companies that would rather go along to get along. Perhaps a compromise exists somewhere between an outright ban on domain fronting, and just letting anyone do it.