It’s easy to forget that amid Russia’s continuing war of aggression against Ukraine, it is waging a relentless war to block the flow of uncensored information inside its own borders.
The Russian authorities have not wavered in their offensive on this front, with their latest objective the denial of censorship circumvention tools. Virtual private network (VPN) services are probably the censor’s most feared enemy since they provide users with an invisibility cloak to enable free access to information.
So the Digital Development Ministry adopted a strategy involving a “whitelist” of services, which by choosing a limited number of acceptable providers seeks effectively to ban everything that is not included.
The government — as so often — failed to consider the law of unintended consequences. Within a short time, the ministry’s bold efforts were under fire from numerous areas, not least companies that contribute to the war effort.
The association of IT specialists, investors, and organizations sent an open letter to the ministry asking that officials stop blocking VPN services at random because the companies “use those VPNs to bypass Western sanctions.”
In response, the minister advised those companies using corporate VPNs to contact his officials so that their VPNs could be added to the whitelist. The ministry had, in other words, introduced a manual system of control and censorship for the digital world.
The Kremlin’s methods of censorship prevent not only companies but private citizens from using VPNs to access uncensored information. As in a wholly totalitarian state, repression is carried out by organizations that have nothing to do with security or censorship; and the most effective turned out to be Russian banks.
The biggest banks were instructed to punish customers using credit cards to pay for VPN services, as became clear to a liberally minded, St Petersburg-based IT engineer called Sergei.
He has opposed the war from day one, and he viewed it as essential to have uncensored information from Russian media in exile. He subscribed to the services of a VPN service called Red Shield, which has been developed by Russian activists abroad.
But it is a challenge to pay for such subscriptions without using a Russia-issued credit card. This is why Red Shield uses an online service which is used to pay for online games — Lava.ru.
But when our engineer tried to pay his annual subscription, using a card issued by Sberbank, the country’s largest, the payment did not go through. Next came an SMS: “The card transaction was rejected to avoid fraud. Please wait for a call from a number beginning 900. Online transactions are banned until confirmed.”
The engineer called the bank, but they told him that all his cards were blocked, and if he failed to answer the call, he would have to reissue all his cards.
In time, a man from a 900 number called and introduced himself as a Sber security officer. He asked what kind of website he was using, and why. Perhaps he could consider other options?
Irritated, Sergei said that it was none of the bank’s business what he was buying and doing online. The Sber employee said that was a serious mistake, and that it was the engineer’s duty to help the state.
He also said that if Sergei refused to answer his questions, then all his cards, not just the one he had used, would be blocked: “You will go to the bank, and they will decide why you used this site and whether you should have any accounts at Sberbank.”
After that, the engineer changed tactics and came up with an excuse. He said that he had his online wallet on lava.ru to pay for gaming.
Ok, said the Sber employee, what kind of games?
Sergei said it was just some online game on the phone.
But the Sber man didn’t let it go, so the engineer urgently googled some game that was available on the platform.
Still, not enough, and the Sber man requested the details of the game account on the site. The engineer refused, citing personal data protection. The Sber man accepted the argument but then asked when the engineer opened his account and what kind of transactions he had engaged in.
The trapped engineer said he didn’t remember, but his bank interrogator stepped up his hostile questioning. “Maybe you were paying the terrorists from that account? I want to transfer the case to the police for further investigation,” he said.
When the engineer tried to argue the transactions had actually been made through another bank account, the investigator was ready for him.
“You mean this number?” the Sber man said, citing four digits from the engineer’s account at his other bank. The engineer was shocked — how on earth was Sber in possession of details from a credit card issued by another company?
The interrogation continued and became more sinister still. He was forced to divulge details including his passport, recent purchases, and recent travels outside his native St Petersburg.
Henceforth, he was told, you will install and use RuStore — the Russian analog to AppStore — and download the Sber application. He could refuse, of course, in which case everything would be blocked if he misbehaved again.
Our IT man balked at this but he was clearly not about to win this argument.
The Sber man haughtily informed him that that he was selling his data to hostile countries, and that the bank had the right to refuse him banking services and close his accounts. In fact, he added, he was ready to do that to the engineer’s accounts because the payment was dubious, the engineer didn’t use the Russian appl, and, most importantly, “You speak out in a dubious way.”
He said he was ready to send the case to the police, and until then the accounts and cards would be blocked.
The IT man pretended to succumb and agreed to everything. He was given another lecture, this time, about loyalty to the motherland. The Sber man then asked further questions to establish whether the engineer realized what was at stake and why he needed to install Russian apps and Russian certificates.
The engineer consented. What else could he do?
“Well, in this case, it appears you understand your responsibilities and I will unblock your cards.” said the Sber interrogator. The engineer dared to ask what about the payment that started this whole thing. Could he make it?
No, it is undesirable, said the Sber officer, and hung up.
Irina Borogan and Andrei Soldatov are Nonresident Senior Fellows with the Center for European Policy Analysis (CEPA.) They are Russian investigative journalists, and co-founders of Agentura.ru, a watchdog of Russian secret service activities.
Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.