The Russian law and surveillance system SORM is becoming more and more frequently used. In fact several “-stan-countries”, eastern Europe and Asian countries have more or less copied the Russian law and system, implementing it into their own laws and regulations. According to statistics published by a NGO on the Russian Supreme Court, the number of legal telephone and email intercepts in Russia have doubled, from about 266,000 intercepts in 2006 to almost 540,000 in 2012.
In the “Tele2-countries”, SORM and corresponding devices are used in Croatia, Kazakhstan and the Baltics (but without actually calling it SORM). The systems and regulations varies from country to country, but they are built on the same Russian principle. In explaining how surveillance is conducted, we have therefore decided to use Russia as general example.
SORM, System for Operative Investigative Activities, was established in Russia during 1996 to let the Federal Security Service monitor telephone communications. Already in 1998-2000, the system got an addition – SORM-2, which allows monitoring of the internet in addition to telephone communication. Today three types of SORM exists where SORM-3 can gather information from all types of communication media. Seven different federal state agencies in Russia are authorized to carry out operative investigative activities and therefore gather information via SORM. Among these agencies are for example the Russian police and National Security Agencies.
SORM is not only affecting Russia, it affects people travelling to Russia. If you connect to a Russian Wi-Fi, it will involve a risk of surveillance. Russia is also helping counterparts in the rest of the Soviet Union to use SORM and it is imported to other CIS countries as well. Kazakhstan, the Baltics and Croatia are countries where Tele2 operates and where they have SORM or corresponding devices for monitoring.
That surveillance systems, as SORM, is getting such a wide spread is not the main reason for concern (even though it is a challenge). The foremost concern is that operators are not allowed to see the warrant. This means that the operator cannot know if the ruling is lawful and that there is a warrant behind each and every case (e.g. the system is not overused or misused).
Tele2 is a strong believer of Privacy and Freedom of Expression as human rights. They are two of our most important topics within Corporate Responsibility and are clearly stated in our Code of Conduct. We are however obligated to follow local laws and we cannot refuse systems like SORM, which is ultimately not the problem in itself. Our responsibility in these cases is to try to communicate and analyze the ruling systems, especially identifying the supervising party behind the monitor decisions. This to try to increase transparency about the system controls and potential statistics, from the Authorities, so no human rights are violated through surveillance.
Here are four examples from how national surveillance ’SORM-like’ systems work in Lithuania, Estonia, Latvia and Kazakhstan.
State Security Department supervises lawful interception and provides technical conditions for intelligence and pre-trial investigation institutions to monitor content of data transmitted through digital communication networks in Lithuania. Prosecutor General or his assignee directs initiation and termination of surveillance also ensures that any surveillance data is not accessible to telecommunication companies. This means that Tele2 has no access to interception systems and does not archive interception data.
Purchase and installation of interception system, technical support, data archiving are performed by State Security Department. Tele2 in Lithuania has only one legal obligation – to inform State Security Department and communication regulatory authority before making any network changes which could affect performance or result in data interception limitations.
There are legal intercept obligations in all EU member states, including in Estonia. The system operates in Estonia in the following way. Certain authorized Police agencies have access to the intercept system which they can use without the involvement of Tele2 Estonia. Tele2 Estonia keeps logs of each time the system is used. These logs are provided to the State Prosecutors office once a year. They in turn match each such activity to the specific court order (permission). The results are scrutinized in the Parliamentary surveillance establishment’s supervisory commission. Therefore, Estonian State Prosecutors office has all the statistics about the intercept activities and all the required checks and balances are in place.
All system related info is confidential and cannot be published.
Telephone tapping and recording are strictly regulated in many countries. The laws of Latvia provide for tapping and recording of telephone conversations only after a separate request from The Constitution Protection Bureau director. Tele2 Latvia is not involved in these activities and not informed when it is happening. All information is strictly protected by Law of Latvia and used to detect important crimes for State.
The laws of Kazakhstan provide for tapping and recording of telephone conversations, which certain state authorities designated by the law are entitled to carry out in specific cases. In some cases it requires a prosecutor’s sanction whereas in cases of urgency it does not. Such activities are performed without the involvement of Tele2 Kazakhstan. The role of Tele2 Kazakhstan is limited to the installation of technical equipment for SORM, provision of access to the equipment for designated state authorities and collection and retention of personal information of subscribers, as well as submission of the information to them at their lawful request. The intercept activities are carried out in a highly confidential manner and therefore are unbeknownst to Tele2 Kazakhstan. It is the General Prosecutor who is the supervising Authority ensuring a correct usage of SORM and surveillance as a whole.
The documents were found on an unprotected backup drive owned by an employee of Nokia Networks (formerly Nokia Siemens Networks), which through a decade-long relationship maintains and upgrades MTS’s network — and ensures its compliance with SORM.
Russia – network on internet companies – SORM surveillanc
2012 – 2014 – The Russian Prime Minister Dmitry Medvedev has signed a decree that will extend the use of SORM-2 to social network surveillance. It’s known that the Russian Government is applying a strict surveillance on the Internet within the country, the Kremlin has developed a system code named “SORM-2” to monitor Russian citizens.