In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.
Autocracies always prioritize information control as the rulers are always distrustful of the populations they govern. They must constantly monitor the flow of information in society to be able to protect their version of reality and crush the formation of coalitions. This inevitably leads to massive scooping up of personal data from the entire population through state surveillance. This data is then used for the purposes of preparing dossiers and classifying the population into various segments so that they can be kept in check through reflexive control. Russia is one such autocracy. As the birthplace of the theory of reflexive control, the nation sees data security through the lens of information security.
Always distrustful of foreign powers, the country has mandated that the personal data of all its citizens must be stored within Russia via a data localization mandate similar to the one proposed by India in its Draft Personal Data Protection Bill, 2018. This policy was presented as something that would address citizens’ privacy concerns, yet the case of Russia demonstrates that the true purposes of the policy had little to do with a citizen’s privacy. It was simply part of a larger initiative to exercise more control over the internet, a medium that had for long remained outside the control of the state and allowed for coalitions to form against the current regime. Russia also recently rolled out the RuNet programme, a system meant to cut off parts of the internet within the country in order to control dissent by mandating that all internet traffic be routed through government checkpoints.
It also used data localization initiatives to demand that Apple store its encryption keys in servers located within Russia so that intelligence agencies and local law enforcement could use them to decrypt communication channels used by dissidents. These measures, which are used to manage ‘internal dissent’ and guarantee long-term stability for whoever is in charge of the regime, however, inevitably spawn several external vulnerabilities.
For instance, the Bellingcat team that investigated Navalny’s poisoning and outed the FSB officers involved in the poisoning of the opposition leader (covered earlier in the book) bought all the information that it used in its investigation from the thriving data markets of Russia. There are terabytes of data floating throughout such illegal data markets where anything is available for a fee—including call data records, location data, flight manifests, personal ID documents, bank records, online courses taken, court records, traffic challans, residential addresses and much more. While some of this is obtained by bribing low-level employees working in various government offices directly, it is risky for the employees. The system has evolved over the years to address safety concerns and developed a mechanism that maintains anonymity and consistency. The data is no longer sold from officials to the end purchaser.
This is an excerpt from the book The Art of Conjuring Alternate Realities: How Information Warfare Shapes Your World by Shivam Shankar Singh and Anand Venkatanaryanan which can be purchased at this link.
Instead, it goes through an intermediary who has created systems like Telegram bots, automated programmes that are integrated within the popular messaging app, that fetch all the information required via a chat interface for a fee of just 10 euros within two-three hours.
As documented extensively by Andrey Zakharov of the BBC, it is not just leaked databases that are available via Telegram bots, though. ‘Online breakthrough’, data that is relevant and current at the time of the request is now one of the most popular services available in the data markets. The data is gathered from ‘punchers’—employees who work in government offices, state bodies, mobile telephone operators and banks—at a predetermined frequency and is then sold over Telegram channels, with money being transferred for the services over online wallets. There are even sections called ‘State Breakthrough’ within the data markets, where even federal tax records are available for a fee.
Despite the fact that such dossiers are dangerous weapons, sentences for selling them are extremely rare since the state does not view crimes against privacy as significant and socially dangerous. As Zakhorov notes, ‘When I wrote about it, nothing changed. When Bellingcat started to use it more and more visibly, nothing changed. And I think that maybe nothing can change this time around, we’ll see.’ He may have a good reason for that scepticism. Zakhorov even wrote an article pointing out the existence of Putin’s secret daughter—who he had fathered with a mistress—information that was found using these techniques, and yet, except for the deletion of some photos from Instagram, nothing happened.
The data leaks and how they were used seem to be producing a different result this time around, though. After the Bellingcat investigation, Russian lawmakers passed a bill to ban the public dissemination of data about security and law enforcement members. The data protection law is part of a series of initiatives not to ensure data security for its citizenry, but to ensure that the same data that the state uses to crush dissent isn’t used against the state again. The initiatives are also part of a series of moves aimed at stopping Navalny’s allies from repeating the unexpected success they had in the local elections this autumn. This includes the passing of provisions that would brand opposition candidates as ‘foreign agents’, outlawing spontaneous protest, increasing government restrictions on content shared online and potentially banning YouTube, where Navalny has evaded censorship to build a nationwide audience.
These actions by the Russian state broadly follow the framework that Bruce and Henry have outlined. Autocratic regimes will always prioritize internal control, no matter how much external vulnerability it ends up creating. The state will continue to collect huge amounts of data on all its citizens, even though it understands the potential for this data to be used against the state, because of the utility that this data has in maintaining internal control and crushing dissent. No matter what the consequences are, the state will continue to invest in actions that will prevent the common knowledge of who is in charge from becoming contested knowledge.
The excerpt has been posted with permission from HarperCollins Publishers India.
- A Complete Guide To The Personal Data Protection Bill, 2019
- A Guide To Non Personal Data Regulation In India
- Summary: China’s Draft Personal Information Protection Law
- Reading List: Why Is China Cracking Down On Tech Companies?
- In The Next Ten Years, Russia To Introduce AI And Big Data Analysis ‘Everywhere’: Putin
Have something to add? Subscribe to MediaNama here and post your comment.