The relationship between the surveillance state and corruption is one of the most fascinating aspects of today’s increasingly data-based governance. The means by which Russian opposition leader Alexei Navalny claims to have discovered the names of the eight secret police agents who allegedly tried to poison him in August show how the same tech-based methods that governments use to track citizens also enable citizens to fight back.
Theoretically, corruption should be impossible in a strong surveillance state, which can constantly watch and track every potentially greedy official and every citizen hoping to grease the wheels. There are cameras everywhere, telephone, email and even online messenger records are routinely kept by operators and accessed by investigators, cash dealings have become far more difficult than in the 20th century. But, as Keith Darden from Yale University wrote back in 2002, a powerful surveillance state can also be corrupt:
A robust surveillance apparatus (including the tax ministry, interior ministry, and secret police) provides leaders with the ability to monitor and record the illegal activities of their subordinates necessary to insure their compliance through the implicit or explicit threat of a sudden decision to enforce the law. In this way, systematic graft, so long as it is tracked and recorded by a surveillance apparatus, provides both an added incentive to comply with leaders’ directives and increases the potency of the sanctions that leaders can impose on their subordinates for disobedience. Accordingly, it enhances rather than undermines state capacity.
That’s a good and, as of 2002, even prophetic description of the Russian state as it has emerged under President Vladimir Putin. The Russian state is both strong and corrupt, and it both hogs and leaks the data on which its strength increasingly rests.
Navalny’s certainty that eight specific agents were behind the attempt to kill him with a military-grade poison while he was traveling in Siberia is based on an investigation conducted principally by Bellingcat. The independent research organization is known for, among other journalist coups, exposing the two Russian military intelligence operatives who tried to kill ex-spy Sergei Skripal in the U.K. in 2018.
By their own account, Bellingcat journalist Christo Grozev and his team obtained non-public and closely guarded data from the passenger lists of flights that Navalny has taken in recent years and identified a group of people who consistently accompanied him or traveled to the same destinations right before or after him. They then acquired the group’s phone call metadata, including location tracking information that allowed them to triangulate exact positions. They ran the traveling companions’ names through publicly available and supposedly secret databases, ranging from the GetContact app that allows users to see how a phone contact is listed on other people’s phones to the Russian passport database. The people turned out to have links to the FSB, the Russian domestic secret police.
Grozev and team found out that while repeated, increasingly severe poisoning attempts were apparently made against Navalny and his wife Yulia, the mysterious traveling companions communicated frequently with operatives linked to the Russian chemical weapons program, which Bellingcat claims didn’t end with the supposed destruction of the last of such weapons in 2017. Accessing the content of the conversations appears to have been beyond Bellingcat’s powers, but the links they did discover form a highly suggestive picture. One of the operatives even lived in the same building as Navalny in Moscow.
This being Russia, the evidence will not be tested in an independent court of law in the near future. Its publication, though, is already another in a long line of public relations disasters for the Putin regime — and it’s enough for Navalny to be convinced, privately of course, of the identities of his would-be killers. Putting myself in his shoes, I’d probably be persuaded, too.
The first reaction from Navalny’s Russian opponents, albeit not government figures, was that the information used in the investigation would be impossible for a private outfit to obtain, and that it must have come from Western intelligence services. At a subsequent press conference, Putin added his official imprimatur: “This isn’t some kind of investigation, it’s the legalization of American intelligence material.” One Russian computer scientist claimed the information could only be gleaned from tools supplied by the secretive software company Palantir, a big Pentagon supplier. These protestations are why Bellingcat, and Grozev in an interview with the Russian-language news outlet Meduza, felt compelled to discuss their methods — even if this discussion, as Grozev made clear, could undermine Bellingcat’s ability to access the data in the future.
According to Grozev, he used his own money to buy data from black market dealers. Bellingcat puts the information it obtains in this way in a database that allows it to link people, events and locations. There’s an art to the purchases: Multiple dealers have to be used in an investigation so that no one has a clear idea of what Grozev is looking for. Sometimes information has to be checked against other sources to make sure no one is playing a game with Bellingcat.
I believe the explanations, because I know the black market exists and works as described: Nothing, not even data involving secret police agents, seems to be off limits. In a darknet store recently, I saw someone purporting to sell access to thousands of Moscow’s surveillance cameras, including the ability to operate them; I’m not sure this one is real, but tested passport databases and phone billing data are routinely offered, for hundred-to-thousand-dollar price tags, via Tor and Telegram bots. Recently, a database of Moscow Covid-19 patients leaked out, showing, among other things, that official statistics have been undercounting them — and no, this was no hacker’s feat but a leak by the people responsible for the tables.
I doubt there’s any government database in Russia that isn’t fully or partially on the black market. The more data the government collects, the more is offered for sale; Navalny thanked, in particular, pro-Putin legislator Irina Yarovaya for pushing through a 2016 law that requires telecom operators to store call metadata for three years, something without which the Bellingcat investigation might not have gotten as far as it did.
Can foreign intelligence services access the data? Of course. That would plausibly explain the detailed information about the Russian military intelligence’s hacking activities laid out in the 2018 U.S. indictment of officers allegedly involved in breaching the Democratic National Committee and the Hillary Clinton election campaign.
But can a savvy private citizen do it, too? No doubt. Intelligence work isn’t magic. Nothing prevents a dedicated journalist from using a corruption-fueled market to conduct investigations. Nothing, that is, except ethical considerations about paying for illegally obtained information and using private data. Grozev’s response in the Meduza interview: “An ambulance breaks the law, too, when it drives 100 miles an hour in a city. I think we are, in a sense, an ambulance, too.”
I’m not going to get into an ethical argument with people who have investigated clearly government-run poisonings when no one else would do so. Instead, I’ll confine myself to a relatively uncontroversial point: Where there’s widespread surveillance, corruption isn’t really eradicated; and where there’s corruption, opportunities abound for sousveillance, society’s answer to being watched and tracked. Of course, a public armed with data isn’t as dangerous to a regime as a public armed with guns. But investigations like those done by Bellingcat are still important because they show that it’s possible to turn the tables on the watchers, the oppressors and even the killers.-Bloomberg