RosKomSvoboda calls for a moratorium on Moscow’s facial-recognition system

The public organization RosKomSvoboda is preparing a lawsuit against Moscow’s Ministry of Internal Affairs and the Department of Information Technologies (DIT) demanding a moratorium on the use of facial-recognition technologies until the necessary legal safeguards against abuse are in place. This was reported on сайте «РосКомСвободы».

«We intend to prove in court that the system is not adequately protected, there are no public access regulations, and there is no public oversight. All documents regulating access to the system have the status «for official use». Therefore, no one is protected from abuse and leaks,» said ForkLog’s lawyer Sarkis Darbinian.

This step was prompted by the results of monitoring the darknet data market. It turned out that on the darknet one can still buy a service to track almost anyone using city surveillance cameras.

«As part of the experiment, a volunteer agreed to be scanned by the cameras. As a result, she received a report with results from 79 Moscow cameras, with facial-recognition accuracy of 71%.»

The report also listed all the addresses where she had been over the past month.

In December 2019, MBH Media published an investigation into vulnerabilities of the city’s video-surveillance system, as well as the possibility of buying access to cameras on the darknet.

Despite media attention to the problem, no adequate response from official authorities followed, RosKomSvoboda said:

«They reported finding data-leaking employees, but remained silent about systematic vulnerabilities (odd architectural decisions of the system and the ease of access of employees to data on citizens’ movements).»

At RosKomSvoboda’s request, the author of the MBH Media investigation has been monitoring offers to sell such data on the darknet since the end of winter.

The monitoring showed that problems with direct-access links to cameras, as well as the ability to copy access links and pass them to third parties, have not been resolved.

By the end of the lockdown, it again became possible to buy extracts from the data of ‘smart cameras’ on the darknet — for a while this was not possible.

«According to the monitoring results, the city’s street surveillance and facial-recognition system still do not protect data from leaks and unauthorized access,» RosKomSvoboda stressed.

In July, it was reported that access to all cameras of Moscow’s video-surveillance system was being sold.

RosKomSvoboda has sent requests to the Ministry of Internal Affairs and the Department of Information Technology asking whether unauthorized users could gain access to the Unified Data Storage Center by generating a direct access link to the cameras, and what measures have been taken to protect against leaks.

Earlier, Rostec head Sergei Chemezov proposed deploying a facial-recognition system operating in Moscow to other regions.

Using the facial-recognition system installed on Moscow’s cameras, there have already been attempts to counter it — former deputy energy minister Vladimir Milov and public figure Alena Popova filed a complaint with the European Court of Human Rights about the use of the technology during a rally in September 2019 in Moscow.

ForkLog previously reported how, against the backdrop of the coronavirus, authorities have increasingly begun to deploy tools to track citizens.

For details on how the data darknet market works and who sells personal information, read a separate материале.

Subscribe to ForkLog News on Telegram: ForkLog Feed — all the news, ForkLog — the most important news and polls.