11.03.2021
Does Coronavirus
Herald the Age of Totalitarian Surveillance in Russia and Eurasia?
When
the shock from the pandemic wears off, post-COVID societies will have to search
for new mechanisms to curb the desire of the authorities for total digital
control.
The new coronavirus pandemic and related lockdown
measures triggered a significant increase in digital control over people in
many countries. Government agencies monitor data from mobile operators on the
movements and contacts of their clients, collect personal data, and make use of
cameras connected to facial recognition systems and many other technologies.
Members of the public are rightfully concerned about their governments’ active
encroachment into what was recently their personal space.
The fight against the pandemic has merely legitimized
and brought into the spotlight technologies that had already been in use around
the world for years. And we can expect increased digital control to remain in
effect in Russia—and many other countries—even after the pandemic is over.
AI Experiments in
Moscow
In Russia, Moscow has been a testing ground for
digital city management. The Electronic Moscow targeted city program was
implemented in 2003–2017 to upgrade the digital equipment of state officials
and modernize communication infrastructure, while the Information City state
program was carried out in 2011–2017 to automate urban processes and digitize
services, including those in healthcare and education.
These initiatives allowed the Moscow government to
create a system to collect and analyze data on its residents’ movements,
health, education, and use of various state services. The Moscow mayor’s office
currently has 170 information systems at its disposal. Notably, prior to
becoming mayor of Moscow in 2010, Sergei Sobyanin oversaw the Information
Society program as the head of the presidential administration.
In 2018, following discussions with the public and the
business community, the Moscow Department of Information Technologies (DIT)
presented a digital strategy for the Russian capital: Smart City–2030. A
central element of the strategy is the use of artificial intelligence (AI) to
analyze data from various sources and provide solutions to the government and
businesses. Mobile operators are a key source of data on the movements of
Muscovites. DIT has been buying data from mobile operators since 2015,
including SIM-card tracking data. The mayor’s office also uses travel data from
the Moscow Metro’s Troika travel cards, taxi trip logs, images from photo and
video cameras, and data from public Wi-Fi networks.
According to Deputy Moscow Mayor Maxim Liksutov,
the city collects this information to track passenger flows and optimize the
operations of public transportation. Liksutov has asserted that the data the
city receives is anonymized. “We have no personal data whatsoever. This data
looks like a series of dots that travel around, and we don’t even have
approximate information about who they might be,” Liksutov assured the media.
However, research by U.S. and Belgian scientists shows that
“four spatio-temporal points are enough to uniquely identify 95 percent of the
individuals.” Thus, such data are not fully depersonalized and could
potentially be used to collect information on the movements of specific
individuals. Until the spring of 2020, the mayor’s office had not even
requested permission from Muscovites to use their mobility data, which made its
operations legally dubious.
The application of surveillance technologies,
including those that rely on AI, accelerated significantly as a result of the
coronavirus pandemic. In late April 2020, at the height of the first wave of
the infection, a Russian federal law creating conditions for the
development and implementation of AI technologies in Moscow was rushed through
the State Duma along with amendments relating to the use of depersonalized data
to the federal law on personal data. Under the new law, special regulations
were introduced for a term of five years effective July 1, 2020.
The new experimental legal regime envisaged the
creation of “digital sandboxes” for practicing technologies that aren’t yet
regulated by existing legislation. The stated objectives of this experiment
include improving residents’ quality of life, increasing the efficiency of
government and business operations, and forming a complex system of regulating
public relations in connection with the development and use of AI technologies.
The law professes to protect the public’s rights and
freedoms, and ensure the safety of the individual, society, and the state.
However, the vagueness of its language elicits some doubts about how the
mayor’s office will use the personal data of Muscovites.
Security and
Surveillance
In addition to buying mobility data in the 2010s, the
Moscow mayor’s office also installed a large-scale video surveillance system
(notably, this system was not mentioned in the publicly discussed Smart
City–2030 strategy). By 2012, the core of a centralized video surveillance
system was in place, and the Moscow government started increasing the number of
city cameras. By the beginning of 2020 there were 178,000 cameras, and their
total number was expected to exceed 200,000. Cameras were also installed on
public transportation vehicles. Both the total number and the density of
cameras in Moscow is modest by world standards, however, putting the Russian
capital in 23 and 30 place worldwide, respectively, based on findings from
Surfshark, an online privacy and security solutions toolkit.
The Moscow mayor’s office attributes the need for a
video surveillance system primarily to safety concerns. In January 2019,
Sobyanin posted on social media that CCTV camera recordings
are used in the investigation of 70 percent of offenses. The Moscow government
has also announced that it will install one of the largest facial recognition
systems in the world as an additional public safety measure.
About 1,000 CCTV cameras in Moscow were first
connected to a facial recognition system back in 2017, but the true test for
the system was the 2018 FIFA World Cup. According to Rostec state technology
corporation, 180 offenders listed in federal databases were detained during the
World Cup. The experiment was pronounced a success, paving the way for the
expansion of the system.
By January 2020, the facial recognition system was in
full force and included 105,000 “smart” cameras. The FindFace software can identify
individuals even if their faces are partially obscured (for example, by face
masks), as well as determine certain biological parameters such as age. Thus,
when the pandemic started, the Moscow government was armed with a number of
proven tools for monitoring the movements and other actions of city residents.
The system has been continually developed and
improved. In January 2021, the DIT announced plans to introduce an option to pay the
metro fare using facial recognition. City management systems are most effective
when they combine facial recognition technologies and geolocation data from
mobile operators. This model makes it easier to locate people in public places,
and simplifies the work of law enforcement agencies.
In February 2021, the Ministry of Digital Development,
Communications, and Mass Media proposed introducing amendments to the federal law
on communication that would remove mobile geolocation data from under the
protection of “secrecy of communication” laws. This initiative will purportedly
make it easier to find missing people. Nevertheless, if the law is passed, the
police will effectively gain unlimited access to geolocation data on
individuals throughout Russia.
Pandemic Peak
The coronavirus pandemic gave the Russian government
unprecedented capacity for monitoring the lives of its people. It also served
as a stress test for the surveillance system in Moscow.
Individuals returning to Russia from abroad were the
first required to self-isolate. Under an agreement with mobile providers, in
mid-March 2020 the Moscow authorities began to monitor returnees’ SIM cards and
send direct text messages and emails asking them to stay home. On March 26, a
mandatory self-isolation regime was introduced for those over the age of 65 and
individuals with chronic health conditions. On March 29, that regime was
extended to all residents of the capital: they were only allowed to leave their
homes to get emergency medical assistance, travel to work, visit a pharmacy or
food store, walk a dog, or take out the trash. Fines for violating the lockdown
were introduced on April 2. A system of digital passes required for travel
using both personal and public transportation was implemented on April 15. The
DIT’s “Social Monitoring” application was launched on April 23 to monitor
infected individuals who were recuperating at home (the application had been
used in a limited capacity since the beginning of April). The self-isolation
regime in Moscow was lifted on June 9.
Despite some hiccups, such as extra fines or lines in
the metro on the day the electronic passes were introduced, the Moscow
authorities had successfully implemented the lockdown overall. The digital
control system was tested and improved “in combat mode,” and by the end of the
lockdown it was operating without significant problems.
The federal government appreciated the efforts of the
Moscow authorities—and those in other regions—to fight the pandemic. The
digital monitoring methods were apparently also deemed to be effective. Even
after most lockdown restrictions were lifted, the government retained key
elements of digital monitoring, such as the facial recognition system, the use
of geolocation data for tracking people’s movements, and restrictions on
freedom of speech. (Article 207.1 of the Criminal Code on “Public Dissemination
of Knowingly False Information About Circumstances Posing a Threat to the Life
and Safety of Citizens” went into effect on April 1, 2020.)
Of course, even the best surveillance systems cannot
stop truly large-scale unrest. Even if the authorities tracked all individuals
who posted messages on social media or headed for a particular gathering point,
there would not be sufficient police resources to detain thousands of people.
At the same time, the authorities could track the activity of protest leaders,
identify their locations, and detain them prior to street demonstrations.
This is the tactic law enforcement agencies have used
in recent years, arresting both public figures and less prominent activists
prior to planned protests. Surveillance and facial recognition systems are also
effective for identifying—and subsequently fining and arresting—protest
participants. Furthermore, the police create databases and monitor the
individuals who come across their radar. According to a number of activists,
the Moscow authorities installed CCTV cameras connected to facial
recognition systems on metal detectors that participants of an authorized rally
held on September 29, 2019, had to pass through. A similar system was also used to track individuals
attending protests in January-February 2021.
Global Use
Today, major tech companies gather all kinds of data
on their users. Governments in developed countries use AI to process these data
for various purposes, including transportation and social policy planning. The
data are supposedly depersonalized, but it would be easy enough to identify
individuals. There has been ongoing discussion for many years about how to
protect privacy while promoting public safety and efficient governance.
That issue was thrust into the spotlight in 2013 by
Edward Snowden’s revelations about the U.S. Prism program, which
included the mass online surveillance of both U.S. and foreign nationals. Among
other things, Prism allowed the U.S. National Security Agency to read emails,
listen to voice messages, view videos and photos, monitor files being sent, and
collect information from social media.
Since then, many countries have passed additional
legislation to protect personal data; however, research by Cisco, Pew Research Center,
Salesforce, and other organizations shows that, on average, people have only a
vague understanding of what personal information is gathered about them and how
that information is used.
In the absence of global rules of the game, each
country must find its own balance between privacy and security. Countries that
opt for greater control inevitably run the risk of abuse of power by the
security services—for example, in political surveillance.
The undisputed global leader in digital monitoring is
China. In 2014, it launched the Social Credit System, which rates companies and
individuals based on their conduct—from obeying laws and traffic rules to paying
bills on time and picking up after their dogs. Those with high ratings receive
various social and economic benefits, while those with low ratings are subject
to administrative sanctions and restrictions affecting their ability to, for
example, get jobs, send their children to private schools, buy airplane
tickets, and use certain government services.
The Chinese authorities monitor their citizens using
the most advanced facial recognition systems in the world. A new
technology presented in February 2020 can even identify
people who are wearing medical masks; if connected to a temperature sensor, the
cameras can also identify individuals who might be sick, which is particularly
useful during a pandemic. Furthermore, since December 2019, Chinese smartphone
users have been required to scan their faces when signing up for new mobile
services or buying SIM cards.
The Chinese government has deployed a draconian public
control system in the Xinjiang Uyghur Autonomous Region. Citing the fight
against terrorism and separatism, the authorities introduced harsh restrictions
on the Uyghur people, including digital control: CCTV cameras with facial
recognition systems, license plate scanners, geolocation trackers on vehicles,
and the collection of biometric data and data from mobile phones. According to
the media, hundreds of thousands of residents are also under constant
supervision, with the surveillance system alerting the authorities whenever these
individuals stray more than 300 meters away from “safe areas” such as their
homes and workplaces. The list of “suspect” individuals is at least partially
compiled by an AI-enabled data system, and some individuals flagged by that
system are detained and sent to “reeducation camps.”
It should be noted that most of the information about
the system in Xinjiang comes from journalists and Western human rights
organizations. The Chinese authorities deny the total surveillance of local
residents and the existence of the camps.
During the pandemic, surveillance technologies helped
China suppress the spread of the coronavirus. In addition to CCTV cameras and
mobile tracking data, the authorities used drones, data from online stores, temperature
sensors, and a wide range of AI-based technologies to analyze the movements and
contacts of sick and potentially infected individuals.
Other countries that have successfully used their
advanced facial recognition and mobility tracking systems to control the
coronavirus outbreak include South Korea, Taiwan, and Singapore. South Korea,
which has a history of public criticism of the abuse of surveillance
technologies by the government, followed a policy of maximal openness and civic
responsibility: information on where infected individuals have been was
promptly published through the media, text messages, and special apps, but the
authorities did not restrict people’s freedom of movement.
Singapore has used geoanalytical data and facial
recognition cameras to maintain public order for many years. With the onset of
the pandemic, the authorities launched a special contact-tracing application,
TraceTogether. But in early 2021 it was reported that
the police were using data collected by the app for criminal investigations. In
Taiwan, there have also been public concerns that data collected within the
framework of the country’s digital quarantine system will be misused, even
though the government has promised to destroy all collected data.
India has actively used surveillance technologies to
fight the pandemic, but it has not had as much success due to a range of
factors, including its incomparably larger population and economic challenges.
In addition, while India’s cities are high up in the ranks based on the number
of cameras, the country does not have a centralized
database of images, and not all cameras are connected to the facial recognition
system. This is expected to change soon, with plans to create a nationwide
facial recognition system. Also, in some regions, the police have already used
CCTV cameras to identify the participants of political protests.
Central Asia
The first country in Central Asia to implement a
facial recognition system was Kyrgyzstan, which signed an agreement on the installation of
technologies to improve public and road safety with the China National
Electronic Import and Export Corporation (CEIEC) in March 2019. Notably, CEIEC
provided the facial recognition system to Kyrgyzstan at no cost. Within 2019, a
digital command center was set up in Bishkek and 60 cameras were installed. In
late 2020, the Kyrgyz government announced plans to add 70 more cameras. Human
rights organizations expressed concern about the use of surveillance technologies
in Bishkek, but the cameras did not prevent the opposition from deposing former
president Sooronbay Jeenbekov in October 2020.
In June 2019, the Uzbek Ministry for Development of
Information Technologies signed an agreement with two Chinese companies,
CITIC Group and COSTAR Group, on the establishment of an Uzbek-Chinese joint
venture within the framework of the Safe City project. The Chinese companies
plan to invest $300 million in the project, and potentially increase funding to
$1 billion going forward. A facial recognition system (Huawei) will be set up
first in Tashkent and later across Uzbekistan. As part of a pilot project, 898
“smart” cameras have been set up in the Shaykhontohur district of Tashkent.
Plans to install a Huawei facial recognition system in
Tajikistan were also announced in 2019, but no further information is
available on the project.
Likewise, the status of a facial recognition
system reported by opposition media to be in use in
Turkmenistan is unclear. The level of technological development and mobile
communications in Turkmenistan is low compared even to its neighbors, so it
would be more difficult to implement an effective digital control system in
that country.
In January 2020, the media reported on plans to set up a facial recognition
system in Almaty, Kazakhstan. The local police later denied the reports, but in September 2019 Kazakh
President Kassym-Jomart Tokayev had visited the office of the Chinese company
Hikvision, which is involved in facial recognition and data processing
technologies. After the visit, he publicly called upon the Kazakh government to follow
China’s example and introduce a system of digitizing personal data in
Kazakhstan.
Brave New World
The coronavirus pandemic gave governments around the
world a convenient opportunity to test out digital control technologies. Fear
of the virus virtually neutralized public backlash. Actions that would have
been seen as an impermissible violation of privacy before the pandemic were
suddenly perceived as a lifeline.
Even if the governments delete the personal
information they have collected, they will retain their improved skills of
monitoring citizens, which can then be applied for a range of objectives, from
fighting crime to monitoring “suspect” individuals or political
opponents.
Current technologies are not advanced enough to carry
out totalitarian control on a large scale. Digital surveillance cannot stop
truly large-scale unrest: it’s the police, not cameras, that actually detain
people. However, the existing toolkit is sufficient to monitor and neutralize
specific politicians and activists. Individuals might not notice the digital
control systems in their cities and countries until they find themselves in
their crosshairs.
The pandemic has shifted the balance between privacy
and security (interpreted differently in different countries) from the former
to the latter. When the shock from the pandemic wears off, post-COVID societies
will have to search for new mechanisms to curb the desire of the authorities
for total digital control.
This article was published as part of the “Relaunching
U.S.-Russia Dialogue on Global Challenges: The Role of the Next Generation”
project, implemented in cooperation with the U.S. Embassy to Russia. The
opinions, findings, and conclusions stated herein are those of the author and
do not necessarily reflect those of the U.S. Embassy to Russia.
By:
·
Nikolai Markotkin /Carnegie Europe
No comments:
Post a Comment