[BigDataSur-COVID] The Russian “Sovereign Internet” Facing Covid-19

What does the Covid-19 crisis say about the Russian state’s digital power, and the challenges it poses to public freedoms?

By Olga Bronnikova, Françoise Daucé, Ksenia Ermoshina, Francesca Musiani, Bella Ostromooukhova, Anna Zaytseva

Originally published in French on The Conversation France on April 29, 2020, under a Creative Commons BY-NC license. Translated by Francesca Musiani.


Despite the evolution of the Covid-19 pandemic in Russia, a state of emergency has not been declared in the country: only a state of “high alert” has entered into force in Moscow and in specific regions since early April. “Compulsory holidays” are only partially respected by a population plunged into a growing vagueness that is health-related, legal and economic at once. In this context, Russia is deploying and updating its digital strategy and infrastructure, which have been carefully scrutinized in recent years because of their (increasingly) strong centralizing and authoritarian dimensions. What does the Covid-19 crisis say about the Russian state’s digital power, and the challenges it poses to public freedoms?

The Russian state facing Covid-19: Digital ambitions put to the test

The Russian authorities very early advocated the massive use of digital tools to control the movements of citizens and limit the circulation of the virus. These uses aimed at “securitization” are inspired by foreign examples (China, Korea, Singapore), but they are also part of the “sovereignty” logic of the Russian Internet (Runet), already engaged before the start of the epidemic, and they are consolidating surveillance systems whose existence dates back several years (e.g. video surveillance cameras, aggregation of geolocation data supplied to the authorities by mobile operators).

As of February, Sergei Sobyanin, the mayor of Moscow, proposes the use of facial recognition to monitor people returning from abroad, using the surveillance cameras of the “Safe City” program, in force since 2018. Between February and March, 200 people who broke their quarantine were thus identified, including a man who took out his trash. But as a study by IT and SORM (a blog on Telegram devoted to Runet surveillance and regulation issues, with more than 73,000 subscribers) shows, this device is a catalyst for inequality: these surveillance cameras are mainly installed in the modest districts of Moscow because those who decide their location, who themselves reside in the upscale districts, do not wish their activities to be monitored.

On March 20, 2020, faced with an increase in contaminations, Prime Minister Mikhail Mishustin recommends monitoring citizens who are or have been in contact with infected people, by collecting geolocation data from operators, and transmitting them to local administrations. A patient monitoring application, “Social monitoring”, is made available on April 1 on GooglePlay. It quickly becomes controversial, as its surveillance goes far beyond the movement of patients and offers little protection of personal data; the application is finally withdrawn.

However, digital tracking of citizens has not been abandoned. Since April 13, all trips within Moscow that involve public transportation are carried out, under penalty of fines, with a digital pass, to be generated on an official website. In response to criticism of the “Social Monitoring” application, the Moscow municipality declares that with this new device, personal data will be stored on Russian territory (in accordance with the 2014 law, targeting in particular “giant” United States-based platforms such as Google) and will be deleted when the “high alert” state will be over. The same system works in Tatarstan and the Primorye region; QR-Code passes are also available and recommended but not mandatory in Nizhny-Novgorod, while other Russian regions resort to lighter measures.

Resistance and mobilisations of the free Internet

The use of digital data to strengthen surveillance of the population while coping with the disease is causing concern for defenders of online freedoms. Technologists, engineers and developers discuss government projects and conduct independent investigations to uncover security vulnerabilities, technical issues and other controversial aspects of the technologies deployed by the Russian state.

Several associations and independent media alert Internet users to the growing attacks on the protection of personal data and the development of online surveillance. The NGO Roskomsvoboda published, on March 27, a vademecum on digital rights in a pandemic period, stressing that the use of personal data, especially biometric data, legally requires the consent of individuals. But “the use of facial recognition is in a gray area,” argues lawyer Sarkis Darbinyan. The association is also launching, with other associations in the post-Soviet space, an inventory of restrictions on digital freedoms around the world, while the Agora association is opening a legal aid service linked to the pandemic. Its lawyers are also concerned about the use of facial recognition to enforce quarantine. Activists close to government-opposing personality Alexei Navalny (Society for the Protection of Internet) denounce, even more boldly, the establishment of a “digital gulag”, and call on citizens not to transmit their personal data to the applications that control movements and trace contacts.

At the same time, solidarity initiatives are developing on the Internet, aimed at supporting the poorest citizens and the caregivers. The Makers vs. Covid collective uses 3D printing techniques to provide doctors with the protective gear they need. An online hackathon, “Covidhack”, is developing a bot for Telegram that helps produce a citizen database allowing people with coronavirus to speak anonymously and map their symptoms and requests.

Internet infrastructures are also being weakened by the pandemic, due to the growth in traffic linked to the new digital habits of confinement. Russian networks are frequently down, but the on-site work of technicians and cable operators employed by the three thousand and more Internet service providers (ISPs) that manage these networks comes at the risk of legal threats. OrderKom, a consulting firm for ISPs, offers these workers legal support which includes the preparation of authorizations for movements due to on-site work, and legal defense in the event of a fine.

Faults and paradoxes of digital surveillance

Over the days and the weeks, gaps emerge between the authorities’ security ambitions and the realities of their implementation. Digital surveillance and health-related solutions are delegated to many public and private, federal and regional players, who often make contradictory decisions. The paradoxes and dysfunctions documented by online freedom activists show the limits of the announced “securitization” design. Perhaps the most obvious failure is that of digital passes in Moscow. The Nedoma.mos.ru site, developed to generate them, uses foreign hosting servers; the government was therefore accused of putting its own project of sovereign Runet in jeopardy.

Digital freedom activists, such as Mikhail Klimarev (Society for the Protection of the Internet), point to the ineffectiveness of technological solutions; Covid-19 strategies should focus on civic responsibility, while digital surveillance infantilizes citizens and is likely to be circumvented. This crisis highlights the lack of mutual trust between citizens and the state. Indeed, the information on the epidemic disseminated by the state is viewed with suspicion, oscillating between “they are hiding the true extent of the disaster to us” and “it is a plot to muzzle us even more”. If the authorities take the Covid-19 crisis as an opportunity to re-open their hunt for “fake news”, on their end, Youtubers and independent journalists denounce the incomplete or questionable information disseminated by representatives of power, and their behavior in public (such as that of Vladimir Putin’s spokesperson, who showed up at a press conference with a highly contested virus “blocker” badge). Sometimes, events are borderline ironic, such as the Ministry of Foreign Affairs’ opening of a thread of information for its nationals abroad on the Telegram application… officially banned in Russia.

Thus, part of civil society, without questioning the need for confinement, mobilizes against the threatening initiatives of the Russian Big Brother. It denounces the incompetence of the authorities to manage the implementation of technical devices as well as the institutional power’s violation of its own laws (like the provision on the storage of Russian data on Russian territory), as well as the non-protection of personal data, which exposes them to leaks in the databases black market.

While the wide and ambitious Russian Internet surveillance and sovereignty project is gaining strength during the coronavirus crisis, its implementation is uncertain and often contradictory. The pandemic demonstrates the limits of the Internet infrastructure centralization project, and the government ends up being obliged to relax specific regulatory measures, such as the Yarovaya law (which requires ISPs to keep the history and metadata of users for the purpose of legal interception and fight against terrorism). However, this apparent complexity is not necessarily synonymous with ineffectiveness. It is part of the flexible reconfigurations of digital constraints in Russia, adjusting as best it can to the recently rising challenges, and – legitimately so – raises the concerns of digital freedoms defenders.


About the authors. Olga Bronnikova, Associate Professor at Université Grenoble Alpes. Françoise Daucé, Professor at EHESS, Director of CERCEC. Ksenia Ermoshina, Assistant Research Professor at CNRS, Centre for Internet and Society. Francesca Musiani, Associate Research Professor at CNRS, Deputy Director, Centre for Internet and Society. Bella Ostromooukhova, Associate Professor at Sorbonne Université. Anna Zaytseva, Associate Professor at Université Toulouse 2 Jean Jaurès.

All authors are members of the ANR-funded ResisTIC research project. Thanks to Grégory Rayko for guiding the original article to publication.