It’s Sunday evening in Moscow, late January 2019. A nondescript fair-haired man is walking through the Tretyakov Gallery. All of a sudden, he approaches a picture, looks at it carefully, removes it from the wall, and calmly walks off with it under his arm in front of dozens of visitors. No one bats an eyelid. He’s obviously a museum employee.
A few hours later, police raid a small apartment in the suburbs. Almost knocking over a flower pot and a small flag of Russia (heaven forbid), they press that selfsame man head down on the floor. After some time, he is placed in a kneeling position in front of a camera, now sporting a shining black eye.
“Where were you this afternoon?” a male voice behind the camera asks gruffly.
A three-second pause.
“I don’t really remember. I need to think,” replies the black-eyed man with a detached look, trying not to look into the lens. In the grimy corridor, a policeman discovers a picture of a mountain landscape, wrapped in an old jacket.
That was how the chief suspect in one of the most high-profile cases in Russia in 2019 – the theft of the painting Ai-Petri by artist Arkhip Kuindzhi (worth about 20 million rubles ($318,000)) – was detained. The museum curator was duly dismissed, the museum itself got a new security system, and the thief was nabbed and put on trial. Ai-Petri was returned to the exhibition, after which it was sent back to the Russian Museum in St Petersburg, which owns the canvas. All’s well that end’s well.
Except that’s not the end. The fact is that the offender could have, and would have, evaded capture were it not for the 170,000 video cameras installed throughout Moscow as part of the “Safe City” program. This year, 105,000 of them are set to be equipped with face recognition technology.
Fighting criminals and snowdrifts
“The Kuindzhi case was a kind of high-end use of the system. It’s more often deployed to help catch bicycle thieves, etc., because everything is caught on camera these days,” Dmitry Golovin, head of urban video surveillance at the Moscow Department of Information Technologies, said in an interview with Channel One.
Cameras are installed in Moscow yards, entranceways, parks, schools, clinics, and other public places. Camera footage is used in the investigation of around 70% of all crimes, reports Moscow Mayor Sergei Sobyanin on his page on the Russian social network VKontakte.
Alongside conventional video cameras, there is a separate system with face recognition. The first such cameras were installed back in 2017. In March 2018, face recognition cameras were trialled in the subway. And so far this year, 1,500 video cameras have been plugged in.
In the past two years, the system has helped catch around 300 criminals, reports the newspaper Vedomosti (152 at events, 39 using outdoor cameras around the city, and 90 using cameras at apartment building entrances). However, the expansion of the video surveillance system is aimed not solely at crime reduction, explains Sobyanin.
“Video surveillance also helps to detect poor-quality maintenance work and to fine those responsible. The work of state institutions is also monitored,” he writes.
The grass in your communal yard hasn’t been cut? No one’s cleared the snow outside your apartment block? The light in the entranceway still isn’t working after a month? The video surveillance system is intended to remedy such situations, yet many Muscovites are unhappy. Some complain that the cameras themselves do not work, or are installed in the wrong place; others say that the monitoring and response efforts are not up to par. Still others describe such surveillance as 21st-century slavery or like something out of The Truman Show.
For its part, the Moscow Department of Information Technologies declined to comment on the operation of the video surveillance system.
Surveillance and data-buying as a cure for traffic jams
The system is not confined to yards and parks. Roads are also strewn with cameras for keeping track of motoring offenses. For instance, fines are automatically issued for breaking the speed limit or stopping in a prohibited place for more than 10 seconds. Taxi drivers are the first to complain about this, saying that it prevents them from dropping off clients where they want.
“The worst thing is that you can’t even explain why. The client either immediately cancels the order or kicks up a terrible fuss,” opines Alexander, a Moscow taxi driver.
Moscow Mayor Sobyanin thinks otherwise, noting, again in social networks, that the system helps to curb traffic violations and regulate traffic on the roads.
Meanwhile, his deputy, Maxim Liksutov, stated in an interview with the BBC that the Mayor’s Office analyzes the movement of private cars and procures data from licensed cabs throughout the city.
“We look at where these taxis are most often used to pinpoint areas that need additional public transport routes,” explains Liksutov.
The Mayor’s Office also buys up the data of Russian mobile operators. One such carrier, Tele2, says that the company provides information on the dynamics of population movement, as requested by the city authorities.
“This enables the authorities to implement its ‘smart city’ concept, which covers parking lots, public transport routes, stops, etc.,” announced Tele2’s press service.
A spokesperson for another mobile operator, MegaFon, adds that such data is used in the design and layout of new roads and junctions.
And that’s not all. The Moscow authorities use data from public Wi-Fi services that operate in public transport, both above and below ground. According to Liksutov, this helps to locate Wi-Fi technical issues, as well as to determine where additional ticket machines are needed.
One such public Wi-Fi operator, Maxima Telecom, uses data to inform Muscovites about changes in the subway schedule and other transport services.
“As a rule, we target only passengers who might be affected by such changes. For example, only those who frequently use a particular subway line. This helps them plan their journeys more efficiently,” says Maxima Telecom’s press service.
Walk past a cafe, get an advert and a free donut
Imagine you’re on your way to work one morning and pop into the first coffee shop you see. You drink a cup of coffee, pay up, and head for the office. The next few days, you don’t go there. Instead, you calmly brew your own coffee at home or buy it at the company canteen.
One fine day, you’re flipping through your Instagram news feed, and there among the cats and flowers is an advert for that coffee shop you already forgot about. And not just any old ad, but one offering a discount and a free donut. Sounds tempting.
That’s essentially how the MT_box system works. Created by the above-mentioned Maxima Telecom, it lets SMBs purchase advertising aimed at users who pass by their location. What’s more, such advertising appears not only in social networks, but on just about any website when the user connects to free Wi-Fi in the subway.
Maxima Telecom Internet business director Artem Pulikov told Rusbase that the system allowed one client, Benetton, to attract 17,000 people to three Moscow stores (without specifying the period).
The company’s press service explained that when someone connects to free Wi-Fi, the operator always asks consent to collect and process their data for marketing purposes. Moreover, no personal data is harvested.
“User data is stored on servers inside data centers. All data is aggregated, anonymized, and encrypted. The operator’s security systems are certified according to international standards, and the data is securely protected against outside access,” stated the press service.
Personal data is (almost) protected
Nevertheless, Moscow transport’s increasingly developed IT infrastructure is becoming a juicy target for hackers. One such incident occurred way back in May 2015. Thermometers outside were reading 30 C, and down in the subway it was like an oven. A student squeezed into a rail car at Serpukhovskaya Metro Station and tried to connect to free Wi-Fi to download some cheatsheets ahead of a test. However, instead of the requested page, he was shown a video of a woman having sex.
Such attacks are more like pranks than anything truly malicious, but it highlights the risks for users and their data. The subway Wi-Fi operator, Maxima Telecom, refused to describe the incident as a hacker attack or security breach. According to their official version, the pranksters used a personal Wi-Fi hotspot without Internet access and named the network something similar to Maxima Telecom’s, causing inattentive users to connect to it. Judging by the fact that the attack took place at just a couple of subway stations, that’s probably what happened.
In October 2015, the situation repeated itself, but instead of pornography, several passengers received a less-than-polite message explaining what to do with their iPhones and Androids.
Another incident was more unpleasant. In April 2018, programmer Vladimir Serov discovered a vulnerability that enabled him to see a “digital portrait” of Internet users in the Moscow subway. The portrait consisted of telephone number, approximate age, gender, marital status, and the stations where they likely lived and worked. Maxima Telecom immediately encrypted the phone numbers and other information, and moved it all to the server side.
All operators maintain that they collect only impersonal data. Maria Polikanova, head of the strategic committee of the Big Data Association, confirms this. She says that no amount of analyzing such anonymous information can reveal either the identity of a specific individual or any personal data belonging to them. Under Russian law, the personal data of citizens may not be transferred to anyone without their consent.
The video surveillance system is also safe, asserts Yuri Nametestnikov, head of the Russian research unit at Kaspersky Lab.
“The technology basically works according to the following principle: The camera ‘reads’ the individual’s face and sends to the server not a photograph, but a set of data defining that person. This data set is compared with sets obtained from analyzing photographs, for example, mugshots,” says Namestnikov about Moscow’s video surveillance system.
He claims that it is impossible to “reverse-engineer” the photograph from this data set.
“It’s logical, because the process involves the use of neural networks, which means that even the programmers often don’t know why the neural network sees these two data sets as characterizing one and the same person,” he attempts to explain.
That said, Kaspersky Lab is less sure about the reliability of cellular and public Wi-Fi operators. It all depends on how they store and handle data. And faults, as we all know, have a nasty habit of creeping into any system.