wordpress blog stats
Connect with us

Hi, what are you looking for?

Data Leaks – trading internal control for external vulnerability: Russian Edition

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia. 

Autocracies always prioritize information control as the rulers are always distrustful of the populations they govern. They must constantly monitor the flow of information in society to be able to protect their version of reality and crush the formation of coalitions. This inevitably leads to massive scooping up of personal data from the entire population through state surveillance. This data is then used for the purposes of preparing dossiers and classifying the population into various segments so that they can be kept in check through reflexive control. Russia is one such autocracy. As the birthplace of the theory of reflexive control, the nation sees data security through the lens of information security.

Always distrustful of foreign powers, the country has mandated that the personal data of all its citizens must be stored within Russia via a data localization mandate similar to the one proposed by India in its Draft Personal Data Protection Bill, 2018. This policy was presented as something that would address citizens’ privacy concerns, yet the case of Russia demonstrates that the true purposes of the policy had little to do with a citizen’s privacy. It was simply part of a larger initiative to exercise more control over the internet, a medium that had for long remained outside the control of the state and allowed for coalitions to form against the current regime. Russia also recently rolled out the RuNet programme, a system meant to cut off parts of the internet within the country in order to control dissent by mandating that all internet traffic be routed through government checkpoints.

It also used data localization initiatives to demand that Apple store its encryption keys in servers located within Russia so that intelligence agencies and local law enforcement could use them to decrypt communication channels used by dissidents. These measures, which are used to manage ‘internal dissent’ and guarantee long-term stability for whoever is in charge of the regime, however, inevitably spawn several external vulnerabilities.

For instance, the Bellingcat team that investigated Navalny’s poisoning and outed the FSB officers involved in the poisoning of the opposition leader (covered earlier in the book) bought all the information that it used in its investigation from the thriving data markets of Russia. There are terabytes of data floating throughout such illegal data markets where anything is available for a fee—including call data records, location data, flight manifests, personal ID documents, bank records, online courses taken, court records, traffic challans, residential addresses and much more. While some of this is obtained by bribing low-level employees working in various government offices directly, it is risky for the employees. The system has evolved over the years to address safety concerns and developed a mechanism that maintains anonymity and consistency. The data is no longer sold from officials to the end purchaser.

Advertisement. Scroll to continue reading.

This is an excerpt from the book The Art of Conjuring Alternate Realities: How Information Warfare Shapes Your World by Shivam Shankar Singh and Anand Venkatanaryanan which can be purchased at this link.

Instead, it goes through an intermediary who has created systems like Telegram bots, automated programmes that are integrated within the popular messaging app, that fetch all the information required via a chat interface for a fee of just 10 euros within two-three hours.

As documented extensively by Andrey Zakharov of the BBC, it is not just leaked databases that are available via Telegram bots, though. ‘Online breakthrough’, data that is relevant and current at the time of the request is now one of the most popular services available in the data markets. The data is gathered from ‘punchers’—employees who work in government offices, state bodies, mobile telephone operators and banks—at a predetermined frequency and is then sold over Telegram channels, with money being transferred for the services over online wallets. There are even sections called ‘State Breakthrough’ within the data markets, where even federal tax records are available for a fee.

Despite the fact that such dossiers are dangerous weapons, sentences for selling them are extremely rare since the state does not view crimes against privacy as significant and socially dangerous. As Zakhorov notes, ‘When I wrote about it, nothing changed. When Bellingcat started to use it more and more visibly, nothing changed. And I think that maybe nothing can change this time around, we’ll see.’ He may have a good reason for that scepticism. Zakhorov even wrote an article pointing out the existence of Putin’s secret daughter—who he had fathered with a mistress—information that was found using these techniques, and yet, except for the deletion of some photos from Instagram, nothing happened.

The data leaks and how they were used seem to be producing a different result this time around, though. After the Bellingcat investigation, Russian lawmakers passed a bill to ban the public dissemination of data about security and law enforcement members. The data protection law is part of a series of initiatives not to ensure data security for its citizenry, but to ensure that the same data that the state uses to crush dissent isn’t used against the state again. The initiatives are also part of a series of moves aimed at stopping Navalny’s allies from repeating the unexpected success they had in the local elections this autumn. This includes the passing of provisions that would brand opposition candidates as ‘foreign agents’, outlawing spontaneous protest, increasing government restrictions on content shared online and potentially banning YouTube, where Navalny has evaded censorship to build a nationwide audience.

These actions by the Russian state broadly follow the framework that Bruce and Henry have outlined. Autocratic regimes will always prioritize internal control, no matter how much external vulnerability it ends up creating. The state will continue to collect huge amounts of data on all its citizens, even though it understands the potential for this data to be used against the state, because of the utility that this data has in maintaining internal control and crushing dissent. No matter what the consequences are, the state will continue to invest in actions that will prevent the common knowledge of who is in charge from becoming contested knowledge.

Advertisement. Scroll to continue reading.


The excerpt has been posted with permission from HarperCollins Publishers India.

Also read:

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ