Security Index: A Russian Journal on International SecurityVolume 18, Issue 1, 2012Oleg Demidov
A harmless technology designed to help people socialize and while away their time is being portrayed as something of a weapon of mass destruction which poses a threat to the stability and security of individual nations and the international community as a whole. The current debate is focused on the role of social networks in the Arab Spring—but the range of the security issues being raised by the new phenomenon is of course much broader than that.
The purpose of this article is to analyze the individual social networking services and their impact on the world in terms of security. Given the trends in recent years, as well as the recent and ongoing “online revolutions” in the Middle East and other regions, the key question is what to make of the impact of social networks on international security and Russian national security. That question entails two related questions. First, should we regard social networks as a challenge and a threat—or as a technology that can potentially strengthen security? And second, how should government policy—Russian government policy, in particular—take into account internet technologies and use those technologies to strengthen security?
This analysis focuses on the political aspects of the problem; the legal and technical sides of it deserve a separate study. A discussion of social networks in the context of security—the main purpose of this article stated in its headline—requires legal issues to be set aside for the moment, and terms such as “national security” or “international security” to be used outside of any specific legal context. The technical aspects are also either omitted or relegated down the list of priorities in this article—they are not the main subject of our analysis. They are discussed only to the extent that is required to gain an understanding of the international politics aspect of the problem.


SOCIAL NETWORKS—THE DEFINITION



Jump to section


The subject of this analysis is social networking services, although there are several other terms for the phenomenon, such as “social networks,” “social networking communities,” and, in a narrower context, “the social media.” All of these terms are used to denote a combination of virtual services and platforms whose function is to build social networks and social relationships between their users. The Russian terms used in this context are copies of the English “social networking services” or “social networking sites,” though they do not convey the essence of the phenomenon quite as accurately. In the technical sense, social networking services are a classic example of Web 2.0. The term denotes a set of design principles that facilitate and enhance broad user participation.
One last thing that needs to be clarified is the internal classification of the social networking services. This article distinguishes between two categories of these services:|| •

the social networks in the proper sense, including universal, specialized, and professional communities (Facebook, Odnoklassniki, Vkontakte, LinkedIn, MySpace, Friendster, Google +); and

the quasi-social communities (blogging communities, microblogging services such as Twitter, communities based on interactive platforms such as Ushahidi, etc.—the list is open).
The line between these two categories is often blurred. Blogging can be one of the services offered by social communities; “normal” sites can have highly advanced social networking features; geosocial networks can function merely as a geolocation service, or they can acquire highly advanced social networking functionality.
For now let us just establish what qualifies a service as a social network. The list of key features of a social networking site was proposed back in 2008 in a notable study “Social Network Sites: Definition, History, and Scholarship” by Danah M. Boyd and Nicole Ellison of the University of California, Berkeley, and the University of Michigan.1 To qualify as a social network, the site must allow individuals to:|| •
construct a public or semi-public profile within a bounded system;

articulate a list of other users with whom they share a connection; and

view and traverse their list of connections and those made by others within the system.
This list probably requires a single qualification: the data in the user profile must be relevant to social communication. For example, a geolocation service will not qualify as a social network unless the user profile contains some socially significant information in addition to geographic coordinates, such as sex, age, hobbies, the purpose of visiting the geographic locations in the profile, etc. Therefore, the networking services that lack some of the functionality outlined above are designated in this study as quasi-social networks.
This classification is fairly generalized and does not reflect numerous technical details—but it will serve for the purposes of this study. For a more detailed classification of social networking services, please refer to a 2008 study by a group of authors from the IEEE Computer Society.2


THE “ONLINE REVOLUTIONS” THAT HAVE NOT MATERIALIZED



Jump to section


The initial enthusiasm and excitement in the world media and among the expert community over the role of social networks as the main driving force behind the revolutions in the Middle East and North Africa have now subsided. Skeptics include researchers at Harvard's Berkman Center for Internet and Society—Ethan Zuckerman, Danah M. Boyd, Jillian C. York, Mike Ananny, and Beth Coleman. In Russia skeptical opinions have been voiced by many leading scientists, including Ekaterina Stepanova from the Russian Institute of World Economy and International Relations (IMEMO) of the Russian Academy of Sciences, who has published a study of the role of IT in the Arab Spring.3
The general opinion in the Russian and Western expert community is that social networks did not play a key role in the Arab Spring, and that opposition forces and protesters mostly relied on other channels of communication. Nevertheless, social networks were one of the factors that allowed events in the Arab countries to unfold so rapidly that they took the governments and government supporters completely by surprise. As Yevgeny Morozov of Stanford University, who coined the term “Twitter revolution,” rightly put it in an interview with the Kommersant newspaper, without the social networks the revolutions in the Arab countries “would definitely have a different look.”
But can we actually claim that social networks did play a decisive, and, more importantly, independent role in the Arab Spring? In our opinion, such a claim is wrong, and for several reasons. First, protest actions in the social networks were fairly self-sufficient and self-contained. This conclusion is supported by evidence from the Arab Spring and, to a lesser extent, the Online Revolution in Belarus. Online protests did not peak at the same time at the real street rallies that fuelled the revolution. According to Andrey Korotkov, head of the Russian Union of IT Directors, “street protests in Egypt continue even now, in the absence of any significant influence from internet communications.” In Syria, meanwhile, the “days of anger” announced on Facebook failed to spark large street protests; the situation changed only after mass arrests of teenagers, which provoked violent clashes with the police.
Second, there have been protests even in places with very little social network activity. But the protests were less violent in countries where the use of IT was more widespread. Some experts believe this demonstrates the humanizing influence of the internet. But they are probably confusing the cause and the effect. The more likely explanation is that the more socially and economically advanced countries with liberal attitudes to freedom of information have greater levels of IT penetration, including the penetration of social networks.
Third, social networks were not the only (and not even the key) instrument used by the insurgents to communicate and coordinate their efforts. But, unlike satellite TV, mobile phones, text messages, mosques, and other communication tools and platforms, social networks were the main instrument for spreading the word about the protests in the outside world. In the Egyptian provinces and in Cairo itself the main platform for coordination of protest actions and for taking the protest to the masses was mosques, which the protesters turned into their command-and-control centers after Friday prayers. The situation was very similar in all the other countries in the region.
Fourth, Belarus also saw a large spike in online protests, with an emphasis on social networks. But the situation there has not followed the Arab Spring scenario. The leader of the opposition Future Movement in Belarus, Vyacheslav Dianov, is still hoping that social networks and micro-blogs will do the trick—but, after several months, local protests by his activists have failed to become nationwide. This is yet another demonstration that the decisive factor for the success of the protest movement is the social and political background in the country rather than the communication tools used by the protesters. The well-designed technology of street protests coordinated via the internet has worked well in the Middle East and the Maghreb, where there was fertile ground for a revolution after decades of social and political simmering. But once that technology was transplanted to another part of the world with a different social and political context, it failed to deliver.
Also, it is not true that social networks were prodded in the right direction by transnational corporations during the Arab Spring. The management of those corporations made no attempt to direct the protests or influence them in any way. Wael Ghonim, the senior Google executive described as “the international face of the Egyptian revolution” by the world media,4 was acting strictly in private capacity. He had been building up a protest community called “We are all Khaled Said” since 2010, using his employer's main competitor, Facebook, as a platform. Neither did he discuss or coordinate his actions with Facebook executives, although in an interview he did express his hope of meeting Facebookfounder Mark Zuckerberg to thank him for the opportunities his company had given to the Egyptians. Initially Ghonim combined his work as an internet activist with his duties as a senior Google executive in the Middle East, essentially leading, in his own words, a double life. All these facts are often ignored by the commentators who are trying to portray the Arab Spring as some artificial and orchestrated project, controlled in some way by IT industry giants.
It is interesting, however, that similar opinions have been voiced by the top Russian leadership. For example, on February 22, 2011, at the height of the protests in Egypt, Russian President Dmitry Medvedev called the whole thing “a scenario,” which “they had previously been preparing for us.”5 Russian Deputy Prime Minister Igor Sechin went even further. In an interview with The Wall Street Journal he said that “we need to look closer at what has happened in Egypt. We need to find out what, for example, senior Google executives were doing in Egypt, and what kind of manipulations with people's energies were performed.”6 Such an interpretation of events could be an alarming signal that the Russian political leadership either misunderstands or ignores the role played by social networking services in the Arab Spring.
Let us note, however, that Google is something of an exception among the main social networking services. UnlikeFacebook, Twitter, Vkontakte or other social media giants, Google has a clear vision of itself as a player in different segments, including the segment of relations with governments as part of PR, GR, or simply establishing friendly ties. In January 2010 Google's Chief Legal Officer, David Drummond, made a statement on behalf of his company sharply criticizing the Chinese government. Google named Beijing as the main suspect in a series of highly sophisticated hacker attacks to break into the mailboxes of Chinese dissidents in December 2009. The company then went even further by linking the episode to its decision to stop censoring search results on its Chinese website and threatening to quit the Chinese search engine market altogether. The episode highlighted two key elements of Google's strategy:|| •

The IT giant decided to link its possible departure from the Chinese market to a broader set of reasons related to freedom of information in China.7 By doing so Google portrayed its policies as a campaign for freedom of the internet, which sounded fairly provocative.

Google hastened to secure political support for its actions at the highest level, which later turned out to be very useful. U.S. Secretary of State Hillary Clinton said the very next day after Drummond's statement that “We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation….”8 Criticism of the Chinese government over the censoring of search results became one of the key topics of Clinton's famous speech on freedom of the internet made only a week later, on January 21, 2010.
Google's official explanation of its motives does not look very convincing. After all, Google is a commercial company, not some not-for-profit outfit campaigning for freedom of the internet. The Chinese search market was showing fantastic growth figures, censorship or no. One interesting detail is that ever since Google entered the fray for that market, which is the world's largest, it had always been a distant second after the local search engine, Baidu.9 It appears that the company's executives were merely looking for something to blame for the fiasco of their market strategy in China. There is more than a bit of truth in the argument that it is illogical and irrational for any large company to quit a market which has 384 million users and shows 29–35 percent annual growth.10
Be that as it may, Google showed itself capable of playing as an equal with the leading world powers, and using their motivations (i.e. America's campaign for freedom of the internet) in its own interests, while at the same time pursuing a hard line that could well trigger a new bout of tensions between the United States and China. According to the government-owned China Daily newspaper, Google had shown its “true face to the world, and the politicization of its campaign”11—but such an assessment is also an oversimplification. In actual fact Google had skillfully resorted to politicization so as to cast a more flattering light on its failed market strategy.
The truth is, big corporate giants behind the popular social media outlets are staying away from politics; they are not trying to play as equals on the same chessboard with state actors. That could well change, of course. Google is very different from Facebook—it is a far more diversified company, which had for a long time ignored social networking services. But that does not mean than Facebook will not become more like Google one day in terms of its influence on international politics and international relations, including issues of security.
At present, however, neither the social networking services as a type of internet technology, nor their audience as a distinct self-organized community, nor the corporations behind the social networks poses any threat to the security of individual nations or international security. Therefore, the whole discussion about how we should react to the security challenges posed by social networks is based on the wrong assumptions. Understanding that should be the starting point for any discussions of the social networks phenomenon among the Russian political leadership. There may certainly be some security challenges related to the spread of social networking services—but those challenges are not intrinsic to the technology itself. Neither are these challenges or threats posed by the executives of the corporations behind the social services, and certainly not by the users themselves.
One final touch to this conclusion is an attempt to view nation-states as stakeholders and active participants in these events. In any analysis of the Arab Spring and its aftershocks beyond the Middle East, nation-states are most often portrayed as passive victims of the social networking services actively used by the protesters. Actions by the governments are viewed only as a reaction to the threats allegedly posed by the internet. One exception is the United States, which is often ascribed the role of secret orchestrator of the Arab Spring. In most cases such theories are proposed by representatives of conservative or radically anti-Western political forces and movements.
Ideas of American involvement in the Arab revolutions via some secret channels of influence, such as the social networks, find fertile ground in Russia, and for a number of reasons. There is the traditional mistrust of Washington and strong anti-American sentiment among the Russian elite. Also, a combination of anti-Americanism with yet another conspiracy theory is a way to score political points for the leftist forces, whose influence in Russia is on the rise. Finally, the inclination to view global processes such as the Arab Spring as a geopolitical scenario orchestrated by some outside force often results from the lack of understanding of the true nature of these events and of their potential influence on Russia and its allies. As it tries to determine the possible source of the threat, the Russian political establishment turns its suspicions in the traditional direction, i.e. across the Atlantic.
But theories claiming that the Arab Spring was somehow orchestrated or coordinated from Washington fall apart under serious scrutiny. Washington's first official reaction to the events that were unfolding in Tunisia and Egypt suggested that the White House was taken completely by surprise, and that it was inclined to take a cautious wait-and-see stance. At first President Obama spoke in support of the Mubarak regime as a pillar of stability in the Middle East and as Washington's strategic partner in the region. Another important thing to consider is that the Arab Spring revolutions have failed to take off or to achieve their objectives in those countries where a regime change would clearly be in America's interests, such as Syria or Iran. The successful revolutions in the region, on the other hand, have jeopardized many of America's strategic interests in the Middle East.
For Washington, the fall of Mubarak meant the loss of a trusted ally who had for a long time pursued pro-American policies on important issues such as the fight with Islamic fundamentalism, Middle Eastern settlement, countering global terrorism, etc. Events in Libya, meanwhile, had dragged Washington into a military campaign which President Obama neither needed nor wanted, preoccupied as he is with the war in Afghanistan and the looming presidential election. Even worse, turmoil on the Arabian peninsula jeopardized vital American interests, including uninterrupted oil supplies from Saudi Arabia, loyalty of the Saudi regime, which serves as a counterbalance to Iran in the region, and the security of U.S. military bases in Saudi Arabia and Bahrain. To understand the scale of American interests on the Arabian peninsula, suffice it to recall that last year Riyadh announced long-term plans to buy $60 billion worth of American weapons.
Finally, one common outcome of all the Arab revolutions has been an outpouring of all the anti-American and anti-Western sentiment that was pent up during the previous decades. Right now Washington is in an unenviable situation, ostensibly welcoming a victory for freedom in Egypt and Tunisia while anxiously awaiting the results of parliamentary elections in those countries, in which Islamists are expected to do very well. The bottom line is that the idea of America's secret role in the Arab Spring has no serious basis—although there is no reason to deny that Washington has long been very interested in orchestrating similar transformations while keeping events firmly under control. Let us not forget, however, that while governments are scrambling to cope with the various effects of IT progress, they are also trying to use information technologies and the opportunities they present (including the social networking technologies) as an instrument to help them implement their own policies.


BEYOND THE TWITTER REVOLUTIONS AND THE INTERNATIONAL AGENDA



Jump to section


Of course, the role of social networks is not limited to being a conduit for social upheavals and protest actions, even if we limit the discussion to their effects on national security. The use of social networking services to strengthen national security is possible, and it has been making progress in several areas.
The first area is the various forms of “crowdsourcing”; the term was proposed by Jeff Howe in an article for Wiredmagazine in 2006.12 Crowdsourcing essentially means outsourcing some useful work or function to amorphous groups of people on an unpaid basis. In the several years since it was first invented, crowdsourcing has become widespread in the West as well as in many other regions and countries, including Russia.
As present one of the best examples of the use of crowdsourcing in Russia is the Map of Assistance to Victims of Firescreated in 2010 by Gregory Asmolov, a prominent internet activist and theoretician. The community uses the Ushahidi platform, which aggregates and rebroadcasts information received by mobile phone (text messages), email, and from other websites. The Map has proved to be a very useful information network, a hub that collects timely information supplied by various channels. The Ushahidi platform was created in 2008 to gather and exchange information on incidents of violence after presidential elections in Kenya. Projects built using the platform helped emergency services to rescue people after earthquakes in Chile and Haiti in 2010. A similar interactive mapping technology calledOpenStreetMaps was used to great effect in Haiti by American rescue workers; this was mentioned by Secretary of State Hillary Clinton in her freedom of the internet speech on January 21, 2010.13
There is no need to explain why governments would find cooperation with such communities useful. But in Russia such cooperation is practically nonexistent. As Gregory Asmolov said at a meeting between the Russian President and representatives of the internet community, “we are seeing more and more examples of internet communities being valuable partners to the state in addressing various social problems.”14 But the creator of the Map of Assistance also recognized that contacts with the Emergencies Ministry had to be initiated by the internet community itself, and that the ministry was very reluctant to offer any assistance. According to Aleksey Sidorenko, a co-author of Mr. Asmolov's projects, the Emergencies Ministry was an example “of a complete failure to make use of internet technologies.”
The same can be said about the government's cooperation with communities working to contribute to public security, such as fighting crime and stopping illegal activities. One Russian crowdsourcing project in this area is Gdekazino.ru(the name translates as “Where is the casino?”), which uses interactive mapping technology to exchange information about gambling establishments. Russian law-enforcement agencies made use of the information on the website only after President Dmitry Medvedev personally instructed Prosecutor General Yury Chaika to conduct inspections at the addresses listed on Gdekazino.ru.15
In a number of areas the government not only fails to launch long-overdue initiatives but also ignores the proposals and ideas voiced by communities and experts. At a meeting between President Medvedev and representatives of the Russian internet community on April 19, 2011, several proposals were made regarding cooperation between the authorities (the Emergencies Ministry, the Interior Ministry) and crowdsourcing communities. These proposals were welcomed by the President, but none of them has actually been followed through.16 As the President himself said at the meeting, at this moment government agencies take an interest in internet communities only sporadically; such cooperation has not become a matter of routine.
But in some areas regional authorities are already beginning to work with crowdsourcing projects. According to Aleksey Sidorenko, crowdsourced information from websites such as streetjournal.ru and roards.teron.ru is being used by the government of the Perm Territory. Blogger Aleksey Navalnyy's rospil.info and rosyama.ru projects, which have some crowdsourcing features, have received an official response from the authorities on several occasions. Also, there is growing interest in crowdsourcing from research institutions and think tanks linked to the government. “One positive example is the Virtual Alarm Bell—Help Atlas, a platform for mutual assistance in crisis situations which is being developed with the assistance of the Institute of Modern Development,”17 Gregory Asmolov has said.
So far, however, these trends have not spread to the realm of national security. There are several reasons for this. First, there are obvious limitations imposed by secrecy requirements and the centralized nature of information processing and decision-making, which is very different from the grass-roots crowdsourcing methods. But there are also the traditional shortcomings of the Russian government agencies responsible for national security, especially the uniformed agencies. They tend to be very secretive and conservative, bad at making use of new formats of cooperation with various communities, and mistrustful of these communities and of the technologies used by them. In other words, the problem is very deep-rooted, intrinsic to the Russian political and administrative system.
Meanwhile, the need for stronger ties and greater cooperation between government agencies and the internet community is obvious to a number of experts I have spoken to—including representatives of several federal agencies and of the internet community itself. The two main problem government agencies need to overcome in this area are:|| •

inertia and passivity regarding the use of social networking services as valuable partners—which is especially true of the Russian security agencies; and

the trend to micromanage and keep under firm government control all interaction between the government and representatives of the internet community; this trend is an obstacle to sustainable and systemic cooperation.
Also, not-for-profit organizations and local government bodies should serve as auxiliary links and mediators between the state and the people whose social networking projects can strengthen security. These organizations and bodies tend to be more sensitive and attentive to such initiatives. The least Russian government agencies should aim to achieve is to learn not to fear internet projects and the cooperation networks that coalesce around them. They should not be trying to create an environment of mistrust and rejection around such projects.
The second area where social networking services can be a useful instrument in terms of security comprises providing a snapshot of events and shaping public opinion. This area, however, can be rather controversial. The role of the traditional media and the internet media (including social networks) as far as security is concerned is usually discussed in a negative context; the term “information warfare” often crops up in such discussions. But the experience of Russia and other countries shows that this coin has two sides, and that social networking services can be used not just as a sword but also as a shield in information warfare.
A classic example of the social media being used as a defensive weapon is the campaign by Israeli bloggers during the Second War in Lebanon in 2006. The small but extremely active Israeli blogosphere did much to deflect a torrent of international criticism against the Israeli government from the Arab world, as well as from many Western nations and the UN. It played an especially important role in the notorious episode after the bombing of the city of Cana by the Israeli Air Force on the night of July 30, 2006, which killed 28 civilians. Israeli bloggers managed to disprove the casualty figures announced by Hezbollah, which were intentionally exaggerated by a factor of two. They also played a key role in establishing that some of the gruesome photos from the scene of the bombing, carried by leading media outlets including Reuters, had been doctored. Finally, Israeli bloggers were very energetic in defending their country in other national segments of the blogosphere, including the Russian segment. That had a discernible effect on Russian public opinion regarding Israel's actions during that conflict.
Another good example of the role played by online communities to counter an aggressive information campaign comes from Russia itself. During the Five Day War in the Caucasus in 2008, when Russia was roundly condemned internationally, the blogosphere became one of the few outlets for an alternative version and interpretation of the events. In essence, the blogosphere was the only thing that enabled Russia to score a few points in the information battle in August 2008. Efforts by Russian bloggers and sympathetic activists in other countries failed to turn the overall tide of public opinion on the internet and in the global media—but they did succeed in making some important points. For example, a flash mob organized by Russian bloggers led to a convincing victory of a pro-Russian position in an online poll held by the CNN website. Asked whether Russia's actions in Georgia were justified, some 92 percent of those who took part in the poll, or 273,914 people, said yes.18 Bloggers also drew a lot of attention to the episode during a news bulletin on Fox News when the anchor prevented two refugees from South Ossetia (Amanda Kokoyeva and Lora Tedeyeva-Koreviski) from voicing a pro-Russian opinion on air. Finally, blogs with personal accounts from the scene of the conflict by military specialists, journalists, and ordinary members of the public did much to corroborate the Russian interpretation of the events.
Compared with the energetic response by ordinary citizens in blogs, microblogging services, and social networks (Facebook, Vkontakte.ru) the Kremlin's official reaction looked painfully slow and unconvincing—which many commentators pointed out later. The only step the Russian government undertook as part of a pro-Russian information campaign was a tour of the South Ossetian capital Tskhinval organized for foreign journalists on August 12, when the fighting was already over and the mainstream anti-Russian view of the conflict was firmly set in international public opinion. What is worse, the inertia in the Russian uniformed agencies’ attitude to internet communities as a potential instrument in countering information aggression persists to this day. They have failed to establish any kind of relationship in this area with the blogger community or other internet communities. It has to be recognized that the Russian government is woefully slow to make use of the potential of social networks in information conflicts.
Another area where social networking services can be used to great effect to enhance security is very similar to crowdsourcing. These services can function as a public announcement system during various emergency situations, natural and man-made disasters, and other crises. This particular application was pioneered in the United States. In April 2011 it was announced that the Homeland Security Department plans to use popular social networking services such as Twitter and Facebook to alert the public in the event of a terrorist threat. What is more, according to some media reports, in the future this system could entirely replace America's traditional color scale of terrorist threat.
Another example was provided by the police in the Australian state of Queensland in December 2010 and January 2011. As the state was reeling from the effects of unprecedented floods and the resulting mass evacuation, the normal channels of providing information to members of the public became overwhelmed by a flood of requests to the websites of government agencies. The situation was compounded by a partial shutdown of cell phone coverage networks. The Queensland police department and the information service of Brisbane airport therefore decided to useFacebook and Twitter as a backup public announcement system. The idea achieved the desired effect. Servers of the social networking sites handled the increased number of requests without any problems, easing the strain on airport and police websites. Finally, users themselves are keen to obtain information from social networks during emergency situations. Immediately after the March 11, 2011 tsunami in Japan, there was a manyfold increase in the number ofTwitter messages sent by users in Tokyo; at one point more than 1,200 tweets were being sent every hour.19
It is therefore quite clear that in technologically advanced countries governments and the public itself are increasingly viewing social networking services as a source or a conduit of information in situations directly related to national security. This trend is set to gain momentum as governments continue to catch up with IT progress.
In Russia, meanwhile, government agencies have not made any tangible steps in this area. For example, the amendments to the law “On countering terrorism” approved by parliament on April 22, 2011 introduce the color scale of terrorist threat—but, unlike similar American legislation, they do not contain any provisions for using social networks to inform the public. One possible reason is that the penetration rate of these services in Russia is only about 20 percent of the population, compared with 45 percent in the United States.20 But, on the other hand, acts of terrorism are a much more frequent occurrence in Russia than in the United States. That is true even for territories outside the terrorism-prone North Caucasus Federal District, where internet penetration rates are extremely low compared with the Russian average.
Neither has the Russian government made any steps to make use of social networking services as an emergency public announcement channel. The only government initiative in this area is the Social Socket project, which has been in development since 2010. It aims to set up an emergency public announcement channel by turning the existing wired radio sockets in Russian homes into internet access points. The idea certainly has some merits, including the reliability and resilience of the connection and the targeted nature of the announcements it allows. But it also has some major drawbacks, such as low connection speed, the fixed and limited internet access it provides, and dubious commercial viability. All of this means that the project can never become a fully functional alternative to the use of social networking services for the same purposes. Russia, with its chronic problems with terrorism as well as natural and man-made disasters, needs a social networks-based emergency public announcement system more than most other countries—especially considering the explosive growth of the social networks user base. The expert community should send a clear signal to that effect to the Russian government.


Russian practice and prospects



Jump to section



Identification of users

One of the key issues in the discussion of the role of social networks in the context of security is identification of users. According to one leading Russian expert on information law, this is “the key problem facing Russia and other countries in the area of internet governance.” User identification in social networking services is inextricably linked to the overall problem of user identification on the internet. Its importance is highlighted by examples such as the case of the female blogger arrested in Syria on suspicion of spying—although that particular example does not demonstrate all the risks related to so-called active anonymity on the net. A situation whereby a user can easily circumvent the existing identification mechanisms throws the gates open to cyber fraud, socially dangerous and unacceptable content, extremism, and social aggression online.
This problem is already on the agenda of Russian national security agencies. According to our source in the Security Council, “the Council's agenda now includes the problem of terrorism in social networks.” The problem is largely rooted in the registration procedure of the Vkontakte network, which used to be extremely lax until June 2011. To this day Vkontakte produces hundreds and thousands of search results with pages, groups, articles and videos containing calls for waging “jihad against the infidels,” building “an Islamic emirate in the Caucasus,” launching a rebellion by Russia's Muslims against the “federals,” etc.
Such a torrent of unacceptable content results from the fact that it is next to impossible to establish the real identities of the users who have posted it. Hence the huge number of profiles of users describing themselves as “mujahedeen,” “warriors of Islam,” and other such things, which would be unthinkable on Facebook or Google+. Even as these users fill their profile with some personal information, they feel safe in the knowledge of their impunity, unless the FSB takes a personal interest in them (which is highly unlikely since there are simply too many of them). In addition, on March 15, 2011 Vkontakte won a precedent-setting court case over copyright-infringing content.21 The judges agreed with the social network's argument that responsibility for posting such content lies with the users. This gives the green light to similar violations by the users, who effectively remain anonymous.
Various technical solutions have been proposed to address the situation. In theory, the most reliable identification mechanism is provided by software and technologies that encrypt and digitally sign information exchanged by the users. A classic example of this approach is the PGP (Pretty Good Privacy) system launched in 1991 by prominent American software developer Phil Zimmermann. The very first version of his software, called Network of Trust, relied on a system of public and private keys and digital certificates. Mutual authentication and exchange of these keys were used to create a network where users could trust each other, and which made it impossible for interlopers, imposters, or fraudsters to break in.
But in this day and age such software is completely unacceptable to large commercially oriented social networking services, which compete on the simplicity and user-friendliness of their interfaces, and on the ease of adding new people to their users’ contact lists. What is more, social networks might find it difficult to implement even less radical approaches, such as using HTTPS connections (a secure version of the HTTP protocol), which support data encryption. It is important for social networking sites to give users easy access to external audio and video content posted using the HTTP protocol, so working in the secure HTTPS would be problematic. As a compromise solution, the social networks could use HTTPS only for user registration and sign-in pages.
Meanwhile, the social networks themselves—at least in Russia—are trying to find their own ways of solving the problem of user identification. The results are not always good. On July 11, 2011 Vkontakte.ru introduced a new registration system requiring users to submit their mobile phone number, a compromise between their previous open registration system and a closed one. Linking a user account to a phone number is a fairly effective mechanism of user identification in countries such as Russia, where citizens need to present a national ID in order to obtain a mobile phone number. But this mechanism also has gaping holes because Vkontakte users are not all Russian citizens. About 40 million of them live in other countries, meaning that they buy mobile phone numbers under different rules. As of early 2011, Vkontakte had about 16.5 million accounts for users from Ukraine,22 where buying a SIM card does not require any form of ID. In some European countries, such as Spain, mobile phone numbers are not even fixed to any specific mobile service provider. As a result, about 30 percent of Vkontakte users cannot really be identified, even though their phone numbers are known. The approach chosen by Vkontakte (which could well be followed by other social networks) therefore needs to be augmented by other solutions to close the aforementioned loopholes.
One possible mechanism is to link a social network account to the user's bank details, i.e. follow the approach already used by electronic payment systems such as PayPal, Webmoney, Yandex.Money and others. One clear advantage of such an approach is highly reliable user identification and higher value of the account in the eyes of the user (especially if the User Agreement includes a provision under which a certain sum of money in the bank account is frozen in the event of a breach of the agreement's terms by the user). But the idea has two vulnerabilities:|| •
First, it will not cover the entire user base. As of March 2011, only 47 percent of Russians had bank accounts23—although the figure is much higher for young people, who form the core of the social networks’ user base. Also, it is not clear what to do with users who have accounts in foreign banks which do not work in the Russian market.

Second, linking social network accounts to the users’ bank accounts could face resistance from the social networks themselves and from other stakeholders in this area, as well as from the banks, which will have to process a flow of information they have no use for.
On the second point, any progress is possible only if the social networks successfully commercialize their services, i.e. if the users start to pay for them using their bank accounts. First steps in that direction were made in July 2011 by Russia's two largest social networks, Vkontakte and Odnoklassniki, whose users can now pay for premium services using credit cards issued by certain banks (previously the only way was to send a text message to a premium number).24 The key question is, will the social networks be able to turn what is now a payment option into a compulsory mechanism, and will their security measures be enough to protect their users’ bank details? In terms of security Odnoklassniki seems to have come up with one of the better solutions. During initial registration the network's users work in a secure database operated by the bank itself before being directed to the Odnoklassniki user interface. In essence, such a mechanism is almost fully in line with the aforementioned recommendations by MGIMO institute of international relations expert V. Kabernik.
In any event, all of these measures do not offer a complete solution to the problem of user identification—this will require a holistic approach that encompasses the entire internet. At this moment such an approach is absent in Russia. First, there is no consensus on the role government should play in this area. Second, there is no single vision of the problem by technology experts and the legal profession. Given the situation, there is a clear need for a detailed and comprehensive study of international experience, both positive and negative. According to one renowned Russian expert on information law, “the Russian government needs to monitor the solutions and practices being used in other countries and international organizations in this area.”
Among foreign countries the most interesting proposals have been voiced in the United States. One initiative actively discussed in recent years is to introduce internet passports—and not just for the social networking services but for all internet users. In late 2010 the White House published a draft of the National Strategy for Trusted Identities in Cyberspace.25 The idea is to have a universal, comprehensive, multi-level, and secure internet environment in which users are securely identified and personal data are reliably protected. The strategy is aimed at individuals and other entities, including organizations, services, and software products. It takes into account the global nature of the internet and the need for the proposed user identity instruments to work across national borders. The key principle of security arrangements for the internet environment is to enable the entities exchanging information to provide only the minimum of information that is required for each individual situation, with a multi-level and very flexible range of requirements to each individual type of transaction or entity. In all other cases users remain anonymous and are not forced to disclose any personal information that is not required by the situation.
These proposals could be very interesting for Russia, and for several reasons:|| •
The technical instruments of identification as part of the Identity Ecosystem are extremely diverse. They include USB dongles, special software, electronic smart cards, security chips, software certificates, and even mobile communication instruments. The entire arsenal of these technical instruments relies on universal solutions, and the software modules and certificates can be integrated into almost any device that can access the internet. In that sense the strategy follows the trend of explosive diversification of the ways to access the internet, with a growing range of devices that enable internet access, including mobile phones. Russia should take note of that fact; its own government strategy on the internet is exemplified by the aforementioned Social Socket project, which obviously runs counter to the market trends in this area.

Despite predictions by alarmists, the document clearly states that there should be no monopoly control of the system by any government. It also proclaims the multi-stakeholder principle. The U.S. government plans to build the Ecosystem in equal partnership with businesses, NGOs, and other entities—although the strategy does say that government agencies should set the example and lead the way in identity solutions.26 Such a balance is very important for Russia, where the inevitably dominant role of the government in such large-scale projects must be counterbalanced by the private sector, with decentralization of control of the system as its development progresses.

Joining the Identity Ecosystem will be voluntary for users; they will also be given a choice between the providers of identification instruments, transaction methods, and Ecosystem services. Diversification of services and solutions is very important as it will make it possible to attract users as voluntary customers rather than foisting the identification system upon them by administrative or regulatory means.
Russian government agencies therefore need to conduct a comprehensive study of this initiative and to borrow some of its solutions and principles so as to develop a similar Russian strategy for a comprehensive user identification system. User identification in social networks would be an integral part of such a system.

Obstacles to government regulation

Although all the aforementioned problems of user identification in social networks and on the internet as a whole require active state involvement and regulation, government measures should follow several important principles. Most importantly, government efforts to solve the problems related to social networks must not treat these networks as a separate category that stands apart from the rest of the internet.
First, social networks and their users do not see themselves as a separate community that needs targeted and individual government regulation. If the government attempts to impose certain regulatory restrictions on social networks, they can just slip away from government control, with an upsurge in opposition and anti-government sentiment among their audience. The move could trigger the spread of secret methods of online communication, including those that are clearly illegal.
Second, such measures could disrupt the natural dynamics of the social networks and their market growth, as well as their technological and conceptual evolution. The networks whose servers are situated on Russian territory would be the hardest-hit by restrictive regulatory measures. Meanwhile, the globalized English-language networks such asFacebook would escape relatively unscathed (partly because they already have more stringent procedures for user registration and for posting multimedia content). As a result, any attempt by the Russian government to impose selective regulatory restrictions on social networking services would weaken the Russian networks such as Vkontakte.ru and Odnoklassniki.ru, who would lose out to Facebook, Google+ and other transnational projects.
That would hardly be in Russian national interests. Vkontakte.ru, for example, could be used as a valuable instrument for promoting the Russian language abroad. The network itself estimates that some 30 percent of its users, or 42 million people, live outside Russia. These figures look truly impressive compared with the potential reach of the Russian Language federal program for 2012–2015, whose audience will be a few million people at the very best.
Another thing to consider is that Vkontakte is a rapidly growing high-tech company. In late June 2011, in the run-up to its initial public offering (IPO), the company's value was estimated by Russian analysts at about two billion dollars,27 which is comparable to the value of the Novorossiysk sea port or the KamAZ group.28 A successful debut by Russian social networking services on the world market would be fully in line with the strategy for modernizing the Russian economy announced by President Dmitry Medvedev. Any government regulation of social networks would be an obstacle to their commercial success, which requires a lot of flexibility. Google, Facebook, Friendster and MySpacelargely owe their phenomenal success at various stages of their development to minimal government intervention in their environment. The same is true of many giants from Silicon Valley, which the Russian President and his team regard as a model for the project to creating a hub of innovative economy in Skolkovo.
Like all other products of IT progress, social networking services in and by themselves can never be a source or a cause of social unrest, let alone revolutions. What is more, unlike transnational corporations, social networking services have not become non-state actors. They do not have any independent interests or strategies in situations such as the Arab Spring. Similarly, there is no substance to the claims that the United States somehow orchestrated the Arab Spring.
Social networking services do not have any distinct or dominant role among other communication tools in social or political transformations. This is why social networks should not be viewed as a potential threat or a challenge to international or national security—that would be a classic example of a false problem.
Social networking services can serve the interests of national and international security in areas not related to international politics or military affairs. At present, there are at least three areas where they can be useful:|| •
countering hostile PR and propaganda campaigns;

doubling as a public announcement system during emergency situations and security threats; collecting and processing information about such threats; and

monitoring and stopping illegal activities, including extremism and terrorism.
As part of its IT-related security agenda Russia should concentrate on developing new user identification mechanisms, making use of international experience in this area.
There needs to be a detailed and comprehensive study of internet security and user identification projects such as the Identity Ecosystem. This project, which is now being developed by the United States, is a promising example of a comprehensive approach to the identification problem. It could serve as a starting point for developing Russia's own national strategy on user identification. Given that Russia's regulatory and legislative base in this area is still at an early stage, there is no point in trying to start from scratch and wasting precious resources in the process. But if Russian government agencies are to be able to study American experience and adapt it to Russia's own needs, they need to overcome their automatic skepticism about any American initiatives in this area.
Developing solutions for Russian projects of this kind should be based on multi-stakeholder principles, with active and equal participation of NGOs, businesses, and horizontal–vertical networks of government agencies at various levels. But in order to realize the importance of these principles, the Russian government needs to receive a clear message from the expert community. PIR Center could be one of the authors of such a message.
Establishing routine cooperation with the internet community, which can serve a variety of useful purposes in the area of security, should be a priority for the Emergencies Ministry, the Interior Ministry, the Federal Security Service (FSB), the Defense Ministry, and other security agencies. At present, cooperation between the government and the internet community is developing too slowly. The main obstacles include:|| •
conservatism and secrecy of government agencies involved in security matters;

lack of the skills and experience government agencies need for cooperation with the internet community and civil society in general; and

lack of understanding of the technologies behind the social services, and lack of appreciation of their potential.
Failure to act in a timely fashion in this area would reduce the efficiency and conserve the existing failures of the Russian government system, including the government agencies responsible for national security. The expert community must take the initiative and convince the Kremlin of the need for government agencies to adapt to the new reality that is being shaped by IT progress, including the rise of the social networking services.




Notes


1. D.M. Boyd and N.B. Ellison, “Social Network Sites: Definition, History, and Scholarship,” Journal of Computer-Mediated Communication 2007, 13, <http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html>, last accessed September 20, 2011.
2. M. Kienle Holger, Andreas Lober and Hausi A. Muller, “Policy and Legal Challenges of VirtualWorlds and Social Network Sites,” IEEE Computer Society, Washington, DC, 2008.
3. Ekaterina Stepanova, “The Role of Information Communication Technologies in the Arab Spring,” in Stepanova Ekaterina, Implications beyond the Region, PONARS, Eurasia Policy Memo. No. 159, 2011, May.
4. Rachman Gideon, “Reflections on the Revolution in Egypt,” Financial Times, February 14, 2011, <<http://www.ft.com/cms/s/0/bc459dfc-3880-11e0-959c-00144feabdc0.html>, last accessed September 20, 2011.
5. “Russian President Dmitry Medvedev chairs meeting of the National Counterterrorism Committee in Vladikavkaz,”Kremlin.Ru, <http://kremlin.ru/news/10408>, last accessed September 20, 2011.
6. “Moscow Troubled by Arab Turmoil and Revolutions,” Le Monde. InoSMI.ru, <http://www.inosmi.ru/politic/20110224/166817328.html>, last accessed September 20, 2011.
7. Gabuyev Aleksandr, “China to Respond with all Seriousness,” Kommersant No. 4 (4304), January 14, 2010, <http://www.kommersant.ru/doc/1302915>, last accessed September 20, 2011.
8. Gabuyev Aleksandr, “China to Respond with all Seriousness,” Kommersant No. 4 (4304), January 14, 2010, <http://www.kommersant.ru/doc/1302915>, last accessed September 20, 2011.
9. “Google Losing in China as New Users Go to Baidu,” PC World, 22 September, 2009, <http://www.pcworld.com/businesscenter/article/172362/google_losing_in_china_as_new_users_go_to_baidu.html>, last accessed September 20, 2011.
10. Bakhvalov Timofey, “Why is Google quitting China?,” Computerra Online, January 16, 2010, <http://www.computerra.ru/own/495624>, last accessed September 20, 2011.
11. “Google Looking For an Instrument against Censorship,” Kommersant Ukraina, No. 51, March 24, 2010.
12. Jeff Howe, “The Rise of Crowdsourcing,” Wired, Issue 14.06, June 2006, <http://www.wired.com/wired/archive/14.06/crowds.html>, last accessed September 20, 2011.
13. Statement by U.S. Secretary of State Hillary Clinton on the issue of freedom of the Internet. Website of the U.S. Embassy in Moscow, January 21, 2010, <http://russian.moscow.usembassy.gov/tr_hrc012110.html>, last accessed September 20, 2011.
14. “Meeting between the Russian President and Representatives of the Internet Community,” Kremlin.Ru, April 29, 2011, <http://kremlin.ru/news/11115>, last accessed September 20, 2011.
15. “Prosecutor-general's Office to Follow Leads provided by Websites Tracking Illegal Gambling Dens,” RBK, March 15, 2011, <http://top.rbc.ru/society/15/03/2011/559564.shtml>, last accessed September 20, 2011.
16. “Meeting between the Russian President and Representatives of the Internet Community,” Kremlin.Ru, April 29, 2011, <http://kremlin.ru/news/11115>, last accessed September 20, 2011.
17. The Institute of Modern Development was set up to bring together the best experts for drafting proposals and documents in key areas of state policy.
18. Anna Vrazhina, “First Bloggers’ War: The Ossetian War in the Blogosphere,” Lenta.ru, August 13, 2008, <http://www.lenta.ru/articles/2008/08/13/blogs/>, last accessed September 20, 2011.
19. “Twitter Progress: Follow the Blue Bird,” ORZ Blog, June 26, 2011. <http://blog.orz.com.ua/?p=1251>, last accessed September 20, 2011.
20. Debra Williamson, “U.S. Social Network Usage: 2011 Demographic and Behavioral Trends,” March 2011, <http://emarketer.com/Reports/All/Emarketer_2000777.aspx>, last accessed September 20, 2011.
21. “Vkontakte Eaken to Court over MakSim Songs,” Lenta.ru, April 25, 2011, <http://lenta.ru/news/2011/04/25/maksim/>, last accessed September 20, 2011.
22. Andrey Chumachenko, “Choosing the Right Platform to Promote a Brand in Social Networks,” Netpeak blog, April 28, 2011, <http://netpeak.ua/blog/choose-your-network>, last accessed September 20, 2011.
23. “Half of Russians do not have Credit or Debit Cards,” Lenta.ru, March 1, 2011, <http://www.lenta.ru/news/2011/03/01/cards/>, last accessed September 20, 2011.
24. “Odnoklassniki Allow Users to Link Bank Details to Accounts,” MoneyNews, July 6, 2011, <http://moneynews.ru/News/15271/>, last accessed September 20, 2011.
25. “Creating Options for Enhanced Online Security and Privacy: National Strategy for Trusted Identities in Cyberspace,” June 25, 2010, <http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf>, last accessed September 20, 2011.
26. “Creating Options for Enhanced Online Security and Privacy: National Strategy for Trusted Identities in Cyberspace,” June 25, 2010, <http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf>, last accessed September 20, 2011.
27. Nikolay Kononov and Valery Igumenov, “Pavel Durov's Code,” Forbes.ru, June 24, 2011; “Creating Options for Enhanced Online Security and Privacy: National Strategy for Trusted Identities in Cyberspace,” 2010, June 25, <http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf>, last accessed September 20, 2011.
28. “List of Russia's Largest Companies by Market Capitalization as of September 1, 2010,” Expert Online, <http://www.raexpert.ru/rankingtable/?table_folder=/expert400/2010/cap/>, last accessed September 20, 2011.