Russian digital authoritarianism at the time of COVID-19

Photo: CC / Pikist

Before the pandemic

In Russia, the internet, digital technologies and digital rights have been subject to growing securitisation, at least since 2012. This trend – which is the process of the state turning political matters into urgent “security” issues that need to be dealt with – is well-evidenced by the growing number of repressive laws aimed at restricting freedom of speech, privacy of correspondence and information pluralism. Mounting control over the Russian segment of the internet (the Runet) is discussed in, among other studies, the Freedom House’s Freedom on the Net reports which ranks Russia as a “not free” country, pointing to the continued deepening of its “digital authoritarianism”.

The systemic attack on online free speech started as a response to the mass protests which took place in Russia before Putin’s return to the presidency in 2012. Those demonstrations were coordinated and publicised through social media on an unprecedented scale. This growing role of the grassroots digital communication, in a way, resembled the Arab Spring which the Kremlin interpreted as a series of coups d’état organised with US-developed technologies. As Putin has put it, “the internet is a CIA project”.

Two factors determine the Kremlin’s attitude towards the internet as information and social communication space. First, it is the logic of the authoritarian regime which treats the safety of the authorities and social stability as uncompromising priorities. This explains why the Russian authorities fear the internet, recognising it as a popular source of information which offers an alternative to TV propaganda and is a channel of a grassroots mobilisation for social protest. These fears find ground in public opinion polls which now show an increase in protest mood and demand for change among Russians, as well as the lowest level of public support for Putin recorded in the last 20 years.

The second factor is the method of operation of Russian security services (from where the key decision-makers come from) and their perception of the outside world. Namely, in their view the internet is first and foremost an element of hard security: a battlefield in the information war between Russia and the West and an area of rivalry with foreign intelligence services. The latter are believed to be working towards destabilising and disintegrating Russia. The dissemination of information critical of the Kremlin by Russian internet users is also recognised as a part of this war. Thus the digital world is seen as a strategic defence line, one that does not follow state borders, but can be found inside them – within the Russian society.

By 2020 quite a large number of legal regulations limiting free speech were already adopted in Russia. Their scope includes: restrictions on media freedom; increased censorship; restricted privacy of correspondence; the blocking of websites without court ruling; growing and uncontrolled access by security services to personal data of the internet users; and repressions of the critics of the authorities. The “icing on the cake” came, however, with the 2019 law on “sovereign internet”, which formally aims to create an infrastructure for the safe functioning of the Runet, should it get cut off from foreign servers.

Yet, everything suggests that the Kremlin’s real intention is to create a smart, centralised system of internet management in order to block internet access domestically (in selected regions or for selected groups of users), for example in the case of mass public protests. It would permit the authorities to block not only selected IP addresses, but also particular web content and to selectively slow down the flow of specific data or online traffic on specific routes. The Russian authorities already have a record of cutting access to the internet. It took place during the 2018-2019 protests in Ingushetia and in 2019, during summer demonstrations in Moscow. Although the laws passed so far have not yet been used on a mass scale, and some provisions cannot be executed, they do play the role of a “bogey” which is used to discourage people from political activism and force them to self-censorship.

Two sides of the coin

Regardless of the authorities’ plans to control the cyber world in a similar way as the physical world, the internet and digital technologies remain one of the few areas where the true modernisation of the Russian state takes place. The last number of years have witnessed a drastic increase in Russians accessing the internet, particularly mobile internet. As a result of this, large parts of the Russian society are now active online and have access to digitalised public services.

On the other side of the coin, the Russian state has gathered large amounts of data on its citizens, including their activities and political views expressed online. For over a decade this has been especially the case in Moscow, the wealthiest part of Russia, which is inhabited by around a tenth of the country’s population. The city’s mayor, Sergey Sobyanin, reportedly set for himself an ambitious goal of creating a “smart city” programme which is aimed at the large-scale digitalisation of public services and urban space. Upon its implementation, Moscow ranked first out of 40 places in the 2018 United Nations’ ranking of cities with the best developed e-administration.

This accomplishment, however, means that the Moscow city authorities are in possession of huge quantities of data that can be used to enhance urban demographic, transport or supply provision planning. It can also be used to effectively manage the so-called information risk, including the monitoring of social media in order to recognise people’s attitudes towards initiatives and decisions of the local government. The authorities claim that the algorithms used as a part of the “smart city” system are aggregated and data are depersonalised. However, the functions of these algorithms show that they can easily be used for personal identification. Even more worrisome is that the procedures of data collection and their use are not available to the public.

In 2019 Moscow ranked 18th in the global ranking of cities with the most developed urban monitoring systems (measured by the number of CCTV cameras per 1,000 residents). Since 2017 this system has been using – on an increasingly greater scale – facial recognition techniques, which is in no way regulated by Russian law. There have already been cases of data collected in this way used for the identification and punishing of anti-government protesters.

Lastly, digital technologies, apart from their role in the security of Putin’s regime, are also a huge source of profits for Russian state enterprises as well as their large volume of contractors. This is especially true for Rostec corporation whose CEO, Sergey Chemezov, is one of Putin’s closest acquaintances. They worked together back in the KGB and now Chemezov is one of the main beneficiaries of Putin’s kleptocratic rule.

Pandemic surveillance

COVID-19 only accelerated the above processes. The fight against the spread of the virus, which includes the monitoring of social adherence to restrictions related to quarantine and self-isolation, has naturally increased the digitalisation of the public sphere. At the same time, the pandemic has become a testing ground for surveillance techniques, personal data collection and their larger application. It has also increased online censorship and allowed for the mastering of election fraud techniques. All of these will no doubt be used in the future to further eliminate political opponents and suppress social discontent.

Among the most important surveillance innovations are special QR codes (“digital passes”) which were introduced in many Russian regions to allow for the control of people’s movement, as well as the “social monitoring” application which has been introduced in Moscow. The app was envisioned as a device for monitoring the health status of those who are at home in quarantine. It also enables speedy access to emergency medical assistance.

The application also tracks the geographic location of its users and obtains an unidentified amount of their data. While installing it on their devices, phone owners agree to provide access to almost everything that is already there. As a result, sensitive data are delivered to the city council’s servers and are in no way protected. The authorities can also control the observance of public health regulations through geographic location data which is provided by cell phone operators and they have access to the geographic records of bank card payments.

The speed at which the implementation of these technologies in Russia took place, not to mention the frequent lack of appropriate technical and financial resources, explains both the number of glitches that emerge from their functioning and numerous complaints about system errors. The latter can cost users high fees for the alleged breach of quarantine provisions and lead to data leakages which in Russia are already a serious problem. However, its causes are not only limited to poor technical protection of data. The selling of personal data by officials of public administration and security services is also quite common.

The use of facial recognition software has also expanded greatly in Russia. Back in January 2020 Moscow authorities purchased the FindFace technology from NTechLab (one of its shareholders is the state-controlled Rostec corporation). According to media reports the software allows for “the tracking of suspicious activities in selected houses and stairwells”. This, for example, can translate into a full quarantine for some areas, but also the identification of registered residents and non-residents. Moreover, Russian doctors were instructed to photograph all patients diagnosed with COVID-19. These photographs were added to databases and allowed the facial recognition software to improve its functioning.

Importantly, the use of anybody’s biometric data without their written consent breaches personal data legislation and the constitutional right to privacy. Based on the observations of Roskomsvoboda, an organisation monitoring online freedom in Russia, surveillance usually changes people’s behaviour in public spaces and discourages them from using their constitutional rights, including the right to public gatherings. Considering that there is no independent judiciary in Russia and security services are notorious for breaching and bending the law, the potential cost for a citizen of being falsely identified is high.

With the pretext of preventing panic and disinformation referring to the course of the pandemic, Russian authorities increased censorship in media, including online. They did so by expanding the already existing censorship laws to include criminal liability for spreading “fake news” on public health issues. This includes information on the scale of the pandemic in Russia which is not in line with the official version presented by the authorities, but also information on the authorities’ reactions, readiness of the health care system to fight the pandemic, etc. These regulations were introduced at a time when official data on the pandemic were highly unreliable. In some regions, for example, COVID-19 statistics were underreported by almost twentyfold. This was partially a result of methodological and testing problems, something rather common in many countries worldwide. Much more often, however, the underreporting was politically motivated.

One of the reasons for the manipulation of COVID-19 numbers was the regime’s rush to hold a vote on the amendments to the Russian constitution. This was deemed crucial to cement the current authoritarian regime and allow Putin to remain in power even for 16 more years. Under the pretext of increased epidemiological risk, this time Russians were allowed to cast their vote also electronically. However, this form of voting, which was already tested in Moscow regional elections in 2019, proved to be highly non-transparent even by Russian standards. Illustratively, the Kremlin-backed candidates who then ran in districts where e-voting was used obtained much better results than those who ran in districts with traditional polling stations.

In Russia e-voting is indeed a black box. In addition to some serious technical deficiencies, it lacks the guarantee of secrecy or any form of control over the counting process. Hence, it is impossible to prove any malpractice. This, in turn, gives wide room for manoeuvre to those who want to rig the results or exert administrative pressure on voters. Unsurprisingly, many reports pointed out violations during the constitutional vote, which took place between June 25th and July 1st. They included: trading personal data, online registration (or voting) on behalf of somebody else, as well as forcing employees to vote online so that their superiors could control their participation in this constitutional “plebiscite” and guarantee a larger turnout.

Forecasting trends

The COVID-19 pandemic has clearly accelerated the implementation of advanced technologies in Russia which had been planned earlier but tested only on a limited scale. Their increased use by the state will not end with the pandemic, but will determine the “new normal” where civil liberties are restricted more than ever before.

It is only a matter of time how fast the data collected during the pandemic will be integrated into state-controlled databases which store extensive data on Russian citizens. Already in April 2020 the long-planned legislation was passed to establish a unified federal register, which will contain many kinds of information about each citizen. Until now these data were dispersed in different systems or were only available in paper form. The register is Prime Minister Mikhail Mishustin’s flagship project. Officially, it is meant to improve the quality of state management, which includes forecasts on long-term demographic and socio-economic trends as well as to enhance public services.

Given the situation in the Russian Federation, there are many questions as to: who will have access to the register and by what criteria but also in what way will the information be used and how to protect the data from leaking or trading. There is considerable risk that this register could be used for political purposes like, for example, repressing oppositionists. It is possible that with time the register could be linked with the “digital personal identification document” programme that would replace traditional paper IDs. Also worrisome is the idea to introduce – following the steps of the Chinese – something called the “social credit system”, which initially would only be applied to immigrants. It could include digital profile of a migrant linked to a special application and contain information on their social and legal status, biometric data, health status and criminal record.

While the discussion on the need to regulate the digital dimension of the government’s anti-pandemic activities is quite vivid in the West, Russia seems to be following the Chinese path, even though not as advanced. In the future, which is expected to bring about a deep economic recession and further decrease in public support for the authorities, the Kremlin (out of fear of large social protests) will attempt to perfect the existing defence mechanisms. Consequently, a greater use of digital technologies in Russia may lead it to adopt a model of rule which is less based on direct suppression (something that would be quite costly, politically) as it is on persuasion and manipulation techniques. Such forms of control and influence would possibly entail a better concealment of the real nature of Russian authoritarianism.

Translated by Iwona Reichardt

Maria Domańska is a senior fellow at the Warsaw-based Centre for Eastern Studies (OSW). She has a PhD from the Warsaw University in political science. Her publications on Russian topics are available on the centre’s website: www.osw.waw.pl.

coronavirus, COVID-19, Russia, surveillance