Russia scrambles to hide sensitive data from investigative journalists


The Russian government has proposed a law that would, in effect, allow certain groups of state employees to edit, delete, or anonymize their personal information online. This is an admission of failure, a well-informed analyst tells Cybernews.

What is this about? At first glance, the bill, which was just submitted to the Duma and is certain to go through the rubber stamp lower house of parliament quite quickly, is rather rational from the government’s point of view.

It appears to allow important state institutions – the military, law enforcement, and intelligence agencies – to freely edit the personal information of their own employees in order to protect their identities or hide deep cover agents.

Famously leaky databases

This is not unusual. For instance, in the United States, a country widely considered to have one of the most extensive networks of agents in the world, efforts to identify and expose covert agents are considered to be a federal crime under the Intelligence Identities Protection Act.

Russia, of course, is also famous for its intricate web of spies and operatives both at home and around the globe. The agents and their activities are especially important now as Moscow is still waging war on neighboring Ukraine.

It’s then not really surprising that – as per TASS – the draft law allows the Russian president to place certain groups of individuals into a special category. Local data operators processing their personal data will have to follow special rules.

The rules, the proposed law says, will allow the Ministry of Defense, the Ministry of Internal Affairs, the Federal Security Service (FSB), the Federal Protective Service, and SVR – the Foreign Intelligence Service – to access the systems of local data operators in order to "clarify, extract, depersonalize, block, delete, or destroy personal data."

Finally, the draft bill also amends Russia's data protection law to prohibit state and municipal databases from storing information about the "departmental affiliation" of military, police, and intelligence agents.

That might be the most important – and telling – paragraph of the bill because the aforementioned databases are famously leaky. Bellingcat and other investigative organizations have found them to be a goldmine of precious information about Russian operatives, allegedly responsible for various crimes.

For example, people at Bellingcat themselves said in 2020 they had acquired sensitive information about the FSB operatives who were trailing Russian opposition figure Alexey Navalny in Russia’s porous data market. The information is often sold online – and it’s cheap.

“For example, to find a huge collection of personal information for Anatoliy Chepiga – one of the two GRU officers involved in the poisoning of Sergey Skripal and his daughter – we only need to use a Telegram bot and about 10 euros,” Bellingcat said.

An admission of failure

Naturally, the government now wants to fix things. However, the chosen method seems rather “distorted” to Mark Galeotti, honorary professor at the School of Slavonic and East European Studies, University College London.

“I have no doubt this is a result of the investigations by Bellingcat and others. The massive supply of 'probiv', leaked and stolen personal data, is a side-effect of the corruption within the Russian security services, and is a gift to investigators willing to turn to the black market,” Galeotti told Cybernews.

"They are simply allowing the kind of people journalists would want to track – secret police and the like – to fake their own data,"

Mark Galeotti.

According to the professor, the authorities tried to crack down on the practice at first – “but the people policing this are also the people leaking it.” Bellingcat has also said that the data merchants are often low-level employees at, say, police departments.

“So now they are simply allowing the kind of people journalists would want to track – secret police and the like – to fake their own data. It's in effect an admission of failure – that they can't actually stop ‘probiv’, only distort it,” said Galeotti.

With the new law, Russia is also once more moving away from the period of relative transparency seen during the presidency of Dmitry Medvedev in 2008-2012.

Back then, the Kremlin actually implemented various new laws and regulations to foster transparency and make it appear as if they were tackling corruption. Ironically, this helped groups like Bellingcat and the now-dismantled team of Navalny with their anti-corruption investigations.

“They used these resources to identify things like cell phone locations and call patterns to figure out who was where and who was communicating with whom or who owned what property," cyber threat intelligence researcher Roman Sannikov said.