Reference Note on Russian Communications Surveillance

April 18, 2014

Edward Snowden, perhaps under duress, recently participated in a call-in program where selected viewers can pose pre-screened questions directly to Vladimir Putin. Snowden asked President Putin, “Does Russia intercept, store or analyze in any way the communications of millions of individuals?” Putin denied Russian mass surveillance, saying “Thank God, our special services are strictly controlled by the state and society, and their activity is regulated by law.”

Three programs, SORM-1, SORM-2, and SORM-3, provide the foundation of Russian mass communications surveillance. Russian law gives Russia’s security service, the FSB, the authority to use SORM (“System for Operative Investigative Activities”) to collect, analyze and store all data that transmitted or received on Russian networks, including calls, email, website visits and credit card transactions. SORM has been in use since 1990 and collects both metadata and content. SORM-1 collects mobile and landline telephone calls. SORM-2 collects internet traffic.  SORM-3 collects from all media (including Wi-Fi and social networks) and stores data for three years. Russian law requires all internet service providers to install an FSB monitoring device (called “Punkt Upravlenia”) on their networks that allows the direct collection of traffic without the knowledge or cooperation of the service provider. The providers must pay for the device and the cost of installation.

Collection requires a court order, but these are secret and not shown to the service provider.  According to the data published by Russia’s Supreme Court, almost 540,000 intercepts of phone and internet traffic were authorized in 2012. While the FSB is the principle agency responsible for communications surveillance, seven other Russian security agencies can have access to SORM data on demand. SORM is routinely used against political opponents and human rights activists to monitor them and to collect information to use against them in “dirty tricks” campaigns. Russian courts have upheld the FSB’s authority to surveil political opponents even if they have committed no crime. Russia used SORM during the Olympics to monitor athletes, coaches, journalists, spectators, and the Olympic Committee, publicly explaining this was necessary to protect against terrorism. The system was an improved version of SORM that can combine video surveillance with communications intercepts.

SORM is buttressed by regulations that limit the use of encryption, and restrictive internet laws that allow the Government to shut down websites it finds objectionable. Russia has a national filtering system that can block foreign sites and it has used the threat of blockage to coerce western companies into removing objectionable postings. Russian agencies such as “Roskomnadzor” (Agency for the Supervision of Information Technology, Communications, and Mass Media) provide the name and address of websites to be blocked to internet service providers, who must take action within 24 hours. Russia monitors foreign communications using techniques used by NSA and China. Wireless and landline communications are monitored in major capitals: American officials believe that Russia chose to build an Embassy complex on a hill in Washington D.C., for example, to improve interception of mobile communications.

A number of sources provide information on Russian surveillance activities, including Agentura.ru (http://www.agentura.ru/english/), Citizen Lab (https://citizenlab.org/), Reporters Without Borders (http://en.rsf.org/russia.html), Privacy International (https://www.privacyinternational.org/) and (albeit with dated material) the Federation of American Scientists (http://www.fas.org/irp/world/russia/index.html).