On September 21, Russian President Vladimir Putin announced a “partial mobilization” of military reservists to bolster Russian forces in Ukraine. The hidden mobilization of public administration has been underway even before the start of the war, at least in an area that is sensitive for Putin – dealing with so-called “troublemakers” or protesters. The federal agencies, which are not part of the official repressive apparatus, help to spy on protesters and anti-war activists. 

Roskomnadzor, the Russian Internet censorship agency, has been operating a national system of monitoring online protest activities since 2020. In every Russian region, local branches of Roskomnadzor trace “points of tension,” or events that could cause public discontent. Their primary goal is to identify local troublemakers and then to share this data with the Federal Security Services (FSB) and the Interior Ministry to ensure they are punished. Roskomnadzor, which is part of the Ministry of Digital Development and whose mandate is to ensure that telecom companies comply with license requirements, is not officially a law enforcement agency. However, it acts as an element of a repressive apparatus.

In the spring and summer, when the Russian government did not yet completely suppress anti-war protests, activists in Moscow and St. Petersburg were surprised by how quickly and efficiently they were identified by the city CCTV systems through facial recognition. These systems (four of which are in the city of Moscow alone) are run not by the FSB or the Interior Ministry, but by Moscow’s Department of Information Technology (DIT). The DIT’s main objective is to introduce and run new technologies in the Moscow administration. In this case, the DIT acts as another arm of the security service. 

The roles assumed by Roskamnadzor and DIT suggest a new trend: the use of public administration to carry out nationwide repression.

That was not the case with Russia’s previous systems of surveillance. Take, for example, the infamous SORM (meaning “operative search measures” in Russian) which is a lawful Russian interception system, but essentially a backdoor into Russian communications. SORM technology has been in development since the late 1980s and was gradually introduced throughout the 1990s. Although SORM boxes once intercepted only phone calls, they now monitor emails, Internet usage, text messages, and social networks. 

Get the Latest
Get regular emails and stay informed about our work

The modern SORM is built on a principle that has not changed for 30 years: that telecom companies should not know the name of the target of a surveillance operation. Back in the Soviet Union, city phone company employees had no access to the secret rooms in their buildings occupied by the KGB. They saw the cables going in but had no idea whose conversations were listened to. These days, although the FSB officers must get an eavesdropping warrant from the court, they are not obliged to show it to the Internet or telecom provider whose traffic they are tapping. The providers, in turn, have no right to demand the FSB show it to them either.

Although Roskomnadzor employees and DIT officials do know who they are after, they now have become full members of the Russian surveillance state. The more technologically savvy a particular department is, the more it is ordered to conduct repression. The DIT provides data on protesters’ movements in Moscow. It now distributes summons-up to male Moscovites helping mobilization in Moscow, relying on its database of the Moscow population. The DIT has announced plans to build a national data center storing facial recognition data. Many experts believe it will be used to hunt down those Russians who are trying to hide from mobilization.

This significant development did not happen because of the war or preparation for it. Its foundations were laid out during the apparently “benign” presidency of Dmitry Medvedev between 2008 and 2012. In response to the Kremlin’s paranoia that the 2008 economic crisis could start a revolution, Medvedev authorized a national campaign against “extremism.” The huge campaign involved a massive restructuring of the Interior Ministry: regional centers to fight extremism were established across the country and a huge department in Moscow was tasked with coordinating their efforts.

More importantly, the principle of law enforcement was changed: instead of reacting to threats, the authorities emphasized prevention. The Interior Minister then announced that “the function of the department on countering extremism is first of all operative and recruiting work, aimed at the discovery and suppression of crimes, and also the prevention and monitoring of what is going on in the sphere of extremist activities.” But how does one prevent a crime which has not yet taken place? The answer was obvious for the Medvedev administration: by compiling lists of potential troublemakers.

A list of extremist targets was promptly prepared. In 2008, the General Prosecutor’s Office, the FSB, and the Interior Ministry approved a joint plan to fight extremism. The document stated that “extremism has become one of the major factors posing a threat to the national security of the Russian Federation.” It listed a broad set of groups designated as posing a potential threat, from civil society associations to religious communities outside of official supervision, including pagan cults and even “informal youth groups.” Targets included opposition parties and movements. 

Medvedev and his advisers loved cutting-edge information technologies and believed they were the solution to many public administration issues, including countering extremism. They insisted on a national campaign of systematic data collection on Russian citizens, led by the Interior Ministry and the FSB along with the significant help of banks, telecom companies, and Internet companies.  

Putin inherited an increased investment in surveillance. By 2022 it began delivering results.

Since the invasion of Ukraine, the Kremlin has enlisted private telecom companies and government agencies, which are not officially part of the intelligence and law enforcement community, to become part of the state’s repressive apparatus.  

This development was inevitable, with or without war in Ukraine. In a country set on a totalitarian path, the public administration is doomed to carry out the state’s repression. 

Irina Borogan  and  Andrei Soldatov are Nonresident Senior Fellows with the Center for European Policy Analysis (CEPA). They are Russian investigative journalists, and co-founders of Agentura.ru, a watchdog of Russian secret service activities.

This article is part of the Center for European Policy Analysis (CEPA)’s ongoing work to better understand Russia’s cyber operations and command-and-control structure. A recent report by Andrei Soldatov and Irina Borogan, “Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities,” found that, unlike in the conventional field of military operations, there are no strict foreign and domestic divisions of labor for the security services in the cyber domain. In fact, the Kremlin often tests its cyber technology on the domestic population before using it on foreign adversaries. In this article, Andrei and Irina explore how the Kremlin is building its network of domestic surveillance technology and quietly mobilizing the public administration to deal with “troublemakers” at home.

Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities

By: Andrei Soldatov, Irina Borogan

In the unsettling landscape of Russia’s ongoing war in Ukraine, cyber remains one of the most enduring mysteries.

September 8, 2022
Learn More

This publication was funded by the Russia Strategic Initiative, US European Command, Stuttgart, Germany. Opinions, arguments, viewpoints, and conclusions expressed in this work do not represent those of RSI, US EUCOM, the Department of Defense, or the US Government. This publication is cleared for public release.

Read More From Bandwidth
CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy.
Read More