The System for Operative Investigative Activities (SORM; russian: Система оперативно-разыскных мероприятий) is the technical specification for
lawful interception Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require ...
interfaces of
telecommunication
Telecommunication is the transmission of information by various types of technologies over wire, radio, optical, or other electromagnetic systems. It has its origin in the desire of humans for communication over a distance greater than that fe ...
s and
telephone network
A telephone network is a telecommunications network that connects telephones, which allows telephone calls between two or more parties, as well as newer features such as fax and internet. The idea was revolutionized in the 1920s, as more and more ...
s operating in
Russia
Russia (, , ), or the Russian Federation, is a List of transcontinental countries, transcontinental country spanning Eastern Europe and North Asia, Northern Asia. It is the List of countries and dependencies by area, largest country in the ...
. The current form of the specification enables the
targeted surveillance
Targeted surveillance (or targeted interception) is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance (or bulk interception). Both untargeted and targ ...
of both
telephone
A telephone is a telecommunications device that permits two or more users to conduct a conversation when they are too far apart to be easily heard directly. A telephone converts sound, typically and most efficiently the human voice, into e ...
and
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
communications. Initially implemented in 1995 to allow access to surveillance data for the
FSB, in subsequent years the access has been widened to other
law enforcement
Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term en ...
agencies.
History
SORM-1
SORM was first implemented in 1995, requiring telecommunications operators to install FSB-provided hardware allowing the agency to monitor users’ communications metadata and content, including phone calls, email traffic and web browsing activity, despite the low internet penetration rate at the time.
SORM-2
In July 1998 the system was replaced by SORM‑2. Under SORM‑2, Russian
Internet service provider
An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
s (ISPs) must install a special device on their servers to allow the
FSB to track all credit card transactions,
email messages and web use. The device must be installed at the ISP's expense.
It has been estimated to cost $10,000–30,000.
Other reports note that some ISPs have had to install direct communications lines to the FSB and that costs for implementing the required changes were in excess of $100,000.
In July 2000, Russia's
Minister of Information Technology and Communications Leonid Reiman
Leonid Dodojonovich Reiman (Russian: Леонид Дододжонович Рейман; born 12 July 1957, in Leningrad) is a Russian businessman and government official, former Minister of Communications and Information Technologies of the Russi ...
issued the order No 130 "Concerning the introduction of technical means ensuring investigative activity (SORM) in phone, mobile and wireless communication and radio paging networks" stating that the FSB was no longer required to provide telecommunications and Internet companies documentation on targets of interest prior to accessing information.
In August 2014, SORM-2 usage was extended to monitoring of
social networks
A social network is a social structure made up of a set of social actors (such as individuals or organizations), sets of dyadic ties, and other social interactions between actors. The social network perspective provides a set of methods for an ...
,
chats and
forums, requiring their operators to install SORM probes in their networks.
SORM-3
A
ministerial order
A ministerial decree or ministerial order is a decree by a ministry. With a ministerial decree the administrative department is delegated the task to impose a formal judgement or mandate. Ministerial decrees are usually imposed under the authority ...
from the
Russian Ministry of Communications
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation (russian: Министерство цифрового развития, связи и массовых коммуникаций Российской Фед ...
from 16 April 2014 introduced requirements for the new wiretapping system SORM-3. Telecommunications operators were required to install compliant equipment by 31 March 2015.
According to regulations of Russian Ministry of Communications, SORM-3 equipment supports the following selectors for
targeted surveillance
Targeted surveillance (or targeted interception) is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance (or bulk interception). Both untargeted and targ ...
:
# Single
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
or
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
address
# IPv4 or IPv6 networks identified with
address mask
A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting.
Computers that belong to the same subnet are addressed with an identical ...
# User ID within telecom operator's system, supporting "*" and "?" as
globbing symbols (wildcards)
#
email address
An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
, if targeted user connects via
POP3
In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common p ...
,
SMTP
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
or
IMAP4
In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by .
IMAP was designed with the goal of per ...
; connections protected with cryptography are specifically excluded
# email address, if targeted user connects to a webmail system from a predefined list of services:
mail.ru
VK, known as Mail.ru Group until 12 October 2021, is a Russian technology company. It started in 1998 as an e-mail service and went on to become a major corporate figure in the Russian-speaking segment of the Internet.
VK operates an e-mail s ...
;
yandex.ru;
rambler.ru
Rambler (russian: Рамблер) is a Russian search engine and one of the biggest Russian web portals, owned by the Rambler Media Group. The site was launched in 1996 by Stack Ltd, went public in 2005, was acquired by Prof-Media in 2006, and h ...
;
gmail.com;
yahoo.com
Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo Inc., which is 90% owned by investment funds managed by Apollo Global Manage ...
; apport.ru; rupochta.ru; hotbox.ru; again, connections protected with cryptography are specifically excluded
# User's phone number
#
IMSI
#
IMEI
The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can al ...
#
MAC address
A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking techno ...
of user's equipment
#
ICQ UIN
The equipment has
deep packet inspection
Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is oft ...
(DPI) capability.
Architecture and deployment
Russia uses deep packet inspection (DPI) on a nationwide scale, with part of the DPI infrastructure used for SORM. Some mobile networks use DPI to additionally filter traffic.
The SORM device recommended by the FSB is named ''Omega''.
Equipment by
Cellebrite
Cellebrite is an Israeli digital intelligence company that provides tools for federal, state, and local law enforcement as well as enterprise companies and service providers to collect, review, analyze and manage digital data. On April 8, 2021, C ...
appears to be in use. SORM also enables the use of mobile control points, a laptop that can be plugged directly into communication hubs and immediately intercept and record the operator's traffic.
Roskomnadzor
The Federal Service for Supervision of Communications, Information Technology and Mass Media, abbreviated as ''Roskomnadzor'' (RKN) (russian: Роскомнадзор КН, is the Russian federal executive agency responsible for monitoring, co ...
, a federal executive body responsible for media control, reported that several local ISPs were fined by the government after they failed to install FSB-recommended SORM devices.
Access by government agencies
On January 5, 2000, during his first week in office,
President
President most commonly refers to:
*President (corporate title)
*President (education), a leader of a college or university
*President (government title)
President may also refer to:
Automobiles
* Nissan President, a 1966–2010 Japanese ful ...
Vladimir Putin
Vladimir Vladimirovich Putin; (born 7 October 1952) is a Russian politician and former intelligence officer who holds the office of president of Russia. Putin has served continuously as president or prime minister since 1999: as prime min ...
amended the law to allow seven other federal security agencies (next to the
FSB) access to data gathered via SORM. The newly endowed agencies included:
* Russia's
tax police
*
Russian Police
The Police of Russia () is the national law-enforcement agency in Russia, operating under the Ministry of Internal Affairs from . It was established by decree from Peter the Great and in 2011, replacing the Militsiya, the former police service. ...
*
Federal Protective Service
*
Border patrol and customs
*
Ministry of Internal Affairs
An interior ministry (sometimes called a ministry of internal affairs or ministry of home affairs) is a government department that is responsible for internal affairs.
Lists of current ministries of internal affairs
Named "ministry"
* Ministry ...
*
Kremlin Regiment
The Kremlin Regiment (russian: Кремлёвский полк, Kremlyovskiy polk), also called the Presidential Regiment (russian: Президентский полк, Prezidentskiy polk), is a unique military regiment and part of the Russian F ...
*
Presidential Security Service
* Parliamentary security services
Warrant and notification regulations
The acquisition of communications by entitled security services in general requires a court warrant, but at the same time they are allowed to start wiretapping before obtaining such warrant. The warrant is also only required for communications ''content'', but not
metadata
Metadata is "data that provides information about other data", but not the content of the data, such as the text of a message or the image itself. There are many distinct types of metadata, including:
* Descriptive metadata – the descriptive ...
(communicating parties, time, location etc.), which may be obtained without the warrant.
In cases where an FSB operative is required to get an eavesdropping warrant, he is under no obligation to show it to anyone. Telecom providers have no right to demand that the FSB provide a warrant, and are denied access to the surveillance boxes. The security service calls on the special controller at the FSB headquarters that is connected by a protected cable directly to the SORM device installed on the ISP network.
Since 2010, intelligence officers can wiretap someone's phones or monitor their Internet activity based on received reports that an individual is preparing to commit a crime. They do not have to back up those allegations with formal criminal charges against the suspect.
According to a 2011 ruling, intelligence officers have the right to conduct surveillance of anyone who they claim is preparing to call for "extremist activity."
''Zakharov v. Russia''
In December 2015, The
European Court of Human Rights
The European Court of Human Rights (ECHR or ECtHR), also known as the Strasbourg Court, is an international court of the Council of Europe which interprets the European Convention on Human Rights. The court hears applications alleging that a ...
ruled on a case on the legality of Russian SORM legislation.
In a unanimous Grand Chamber decision, the Court ruled that Russian legal provisions "do not provide for adequate and effective guarantees against arbitrariness and the risk of abuse which is inherent in any system of secret surveillance." It noted that this risk "is particularly high in a system where the secret services and the police have direct access, by technical means, to all mobile telephone communications." It ruled that therefore, the legislation violated
Article 8 of the European Convention on Human Rights Article 8 of the European Convention on Human Rights provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and "necessary in a democratic ...
.
Yarovaya law
In July 2016, President
Vladimir Putin
Vladimir Vladimirovich Putin; (born 7 October 1952) is a Russian politician and former intelligence officer who holds the office of president of Russia. Putin has served continuously as president or prime minister since 1999: as prime min ...
signed into law two sets of legislative amendments commonly referred to as the Yarovaya law, after their key author,
Irina Yarovaya
Irina Anatoleyvna Yarovaya (russian: Ири́на Анато́льевна Ярова́я; born in Makiivka, Donetsk Oblast, Ukrainian SSR, 17 October 1966) née Chernyakhovskaya is a Russian political figure, a Deputy Chairman of the State Duma f ...
, a leading member of the ruling party
United Russia
United Russia ( rus, Единая Россия, Yedinaya Rossiya, (j)ɪˈdʲinəjə rɐˈsʲijə) is a Conservatism in Russia, Russian conservative List of political parties in Russia, political party. As the largest party in Russia, it hold ...
. The new regulations took effect on July 1, 2018.
According to the amendments, Internet and telecom companies are required to disclose communications and metadata, as well as "all other information necessary," to authorities, on request and without a court order.
See also
*
Lawful interception Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require ...
*
Mass surveillance in Russia
Mass surveillance is the pervasive surveillance of an entire or a substantial fraction of a population. Mass surveillance in Russia includes surveillance, open-source intelligence and data mining, lawful interception as well as telecommunicat ...
*
Sovereign Internet Law
References
External links
Media
*
Russian Spies, They've Got Mail- Regulations Allow Security Services to Tap Into Systems of Internet Providers''.
Sharon LaFraniere,
Washington Post
''The Washington Post'' (also known as the ''Post'' and, informally, ''WaPo'') is an American daily newspaper published in Washington, D.C. It is the most widely circulated newspaper within the Washington metropolitan area and has a large nati ...
, March 7, 2002
*
Russia: Surveillance of communications Statewatch Statewatch is a non-profit organization founded in 1991 that monitors civil liberties and other issues in the European Union and encourages investigative reporting and research.
The organization has three free databases: a large database of all its ...
, June 2000.
*
New KGB takes internet by SORM'
Mother Jones Magazine February 2000.
*
'
Numbers & Oddities Newsletter 1999 December 20
Official instructions
Об утверждении типовых Требований к плану мероприятий по внедрению технических средств для проведения оперативно-разыскных мероприятий15 January 2008
Об утверждении Требований к сетям электросвязи для проведения оперативно-разыскных мероприятий. Часть I. Общие требования16 January 2008
{{Portalbar, Russia, Internet
1995 establishments in Russia
Computer surveillance
Federal Security Service
Internet in Russia
Mass surveillance
Law of Russia