The government’s Ministry of Digital Development and Communications says that the changes are necessary for Russians to access government services and websites impacted by international sanctions.
nternational sanctions have heavily impacted Russia’s internet infrastructure because Certificate Authorities (CAs), the trusted notaries that underpin data security on the web, have begun refusing orders from domains ending in “.ru”, and revoked certificates from Russia-based banks.
Because international CAs like Digicert and Sectigo have largely stopped working for Russian websites, the Russian government has stepped in and suggested that citizens install its glorious “Russian Trusted Root CA.”
The certificate is valid for ten years. It has the capability not just to issue certificates for domains; it can inspect the traffic of the users who communicate with them.
But more obviously it will allow Tsar Putin to keep an eye on those who don’t think he is the great human alive, or refuse to believe that his “special operation” in the Ukraine is not a war crime.
Russia passed a “sovereign internet" censorship law in 2019, and last year the Russian government ran a test to see if it could disconnect from the global internet.
It could be that Russia is following Kazakhstan attempting dragnet surveillance with its own root certificate. The Iranian state has proposed a bill to control “international gateways,” so the country’s outbound traffic would be directed through an ad hoc agency controlled by the armed forces and security agencies.
To be fair though it is not just the world’s autocrats who think this is a nifty idea. In the EU there’s a proposal to mandate government CAs in browsers, with no ability to challenge or guarantee browser security and autonomy - in the name of user safety.