Practical Friendship Program · Domain #10 — Digital Customs Union

The same packets.

At the TCP/IP layer, American and Russian civilian traffic is structurally identical. Same protocols. Same APIs. Same JSON shapes. Same threat surface. Same memes about cats. The differences live in the UTF-8 language pack, not in the packet structure. A symmetric, packet-agnostic civilian-traffic doctrine is therefore not utopian — it's empirically obvious.

🇺🇸 US-side · POST /api/post

{
  "author":    "jane_doe",
  "platform":  "twitter.com",
  "content":   "my cat is being weird again",
  "likes":     2847,
  "created_at": "2026-05-19T16:18:00Z",
  "lang":      "en"
}
// 184 bytes over the wire

🇷🇺 RF-side · POST /api/post

{
  "author":    "masha_ivanova",
  "platform":  "vk.com",
  "content":   "мой кот опять странный",
  "likes":     2847,
  "created_at": "2026-05-19T16:18:00Z",
  "lang":      "ru"
}
// 198 bytes over the wire (UTF-8 Cyrillic)

↑ Same shape. Same schema. Same threat vector. Different language pack. ↑

The pure-bytes argument

Any senior network engineer who has stared at a Wireshark dump for long enough arrives at the same observation: civilian internet traffic between functionally similar populations is functionally similar at the wire. An American buying a burger via UberEats and a Russian buying a burger via Яндекс.Еда generate structurally identical HTTP requests with cosmetic differences in field naming and content language. Two ICBM-armed superpowers move the same digital substrate through fiber every second of every day.

This has policy implications. If the civilian traffic is the same, the filtering surface should be the same too — driven by universal threat models (malware, fraud, CSAM, exploitation) that apply symmetrically in every jurisdiction, rather than by national-origin discrimination that pretends Russian cat-memes are more dangerous than American cat-memes. They are, demonstrably, not.

Existing precedents — this is not novel

"Customs union for civilian data" sounds radical only if you forget that customs unions for civilian goods, people, and even ideas have existed between adjacent friendly states for decades. Four working precedents:

US-Canada Smart Border

Smart Border Declaration (2001) — pre-cleared cargo, joint targeting, shared threat intelligence. Two sovereign states, one functional border for low-risk civilian flow. 30-Point Action Plan still operative.

Union State RF + BY

Treaty on the Creation of the Union State (1999). Common information space provisions, harmonized regulatory environment, free movement of citizens. Direct two-state analogue for symmetric civilian traffic.

EAEU common space

Eurasian Economic Union (2015) — five-state customs union with common digital-market workstreams. Demonstrates that multilateral civilian-traffic harmonization is operationally tractable.

Schengen — humans

Schengen Area (1995) — 27 states, no internal-border checks for civilian human movement, shared external-border policy. The "people" analogue to what packet-customs would do for "data".

The doctrine: universal threat model, not national-origin filtering

The proposal is simple. Symmetric edge nodes (one in each jurisdiction, peering with each other under public auditable rules). Universal threat-model classifiers scan both directions. Filtering is driven by what the packet does, not by where it comes from.

Category	Filter?	Rationale
Malware / C2 / exploits	YES, symmetric	Universal threat. No language pack changes the threat surface. Filter regardless of origin.
CSAM / child exploitation	YES, symmetric	Universal moral prohibition. Both jurisdictions criminalize. Filter regardless of origin.
Financial fraud / phishing kits	YES, symmetric	Universal threat. Same attack patterns in both jurisdictions. Filter regardless of origin.
OFAC / SDN / counterpart-list payments	YES, identified entities	Sanctions enforcement is specific-entity, not nation-categorical. Block named SDN entities; do not block all citizens of a jurisdiction.
National security classified material	YES, by classification	Classified material was never civilian traffic. Outside the scope of this doctrine.
Cat memes · cooking videos · cooking apps	NO	Identical threat profile (zero) in both jurisdictions.
News articles · blog posts · public-record content	NO	Editorial content. Reader's freedom to read. No categorical block.
E-commerce / payments (non-sanctioned counterparties)	NO	Commerce flows symmetric. See Market Re-Entry Roadmap v1.0.
Social platforms (non-sanctioned operators)	NO	Platform-operator legality is jurisdictional question, but ordinary user traffic should pass.
Scientific / cultural / educational content	NO	Already the operating practice on the ISS uplink. Extend to civilian internet.

What the "customs" actually does

Five concrete operational provisions:

Symmetric edge-node pairing. Identical hardware + identical classifier stack on both sides. Public auditable filter rules. No "secret list" of blocked civilian categories.
Universal threat-model classifier. Trained on malware, CSAM, fraud, exploitation signatures. Language-pack agnostic. Same model, same flags, same false-positive rate in both jurisdictions.
Mutual non-discrimination clause. Traffic identified as benign in jurisdiction A is benign in jurisdiction B. Filter calls are reciprocally honored.
Sanctioned-entity enforcement preserved. OFAC SDN list, RF counterpart list, and any future sanctions stay in force at the specific-entity level. The doctrine never blocks "all citizens of X" — it blocks "Mr. Specific-Designated-Person, his named companies, and his named wallets".
Right of appeal, both sides. Filtered content gets a documented reason. Operators can appeal in either jurisdiction's courts. Filter rules are public.

What this is not

Scope discipline. This is a private editorial doctrine proposal published by a small Wyoming LLC under CC BY 4.0. It is not US foreign policy. It is not RF foreign policy. It is not a binding agreement. It is one possible operating model — derived from existing US-Canada, RF-BY, EAEU, and Schengen precedents — that could be negotiated bilaterally at the appropriate state level.

What stays in force regardless: OFAC sanctions, EAR/ITAR export controls, Section 889, Section 1260H, FAR Part 4.11, anti-CSAM law, anti-malware law, anti-fraud law, classified-material protections, all law-enforcement processes. The doctrine narrows nothing legally required. It just argues against extra filtering layered on top of those, applied categorically to all civilian users of a jurisdiction.

Same monkeys. Different language packs.

An American scrolls TikTok. A Russian scrolls VK Clips. The packets are the same shape. The threat model is the same. The cooperation is already happening at every layer below the headlines. NIGHTBOX's editorial doctrine just asks that the policy layer eventually catch up to the wire layer.

→ Liaison Framework v2.3 → ISS exhibit (Domain #4) → Machine-readable JSON → Читать по-русски

Doctrine published 2026-05-19. CC BY 4.0. NIGHTBOX LLC. Contact: artem@nightboxllc.com.