Translated by
2019/09/19 11:56:11

SORM System for Operative Investigative Activities

Some data on the system of technical means for ensuring functions of operational search actions (SORM) in Russia. SORM – is not just the equipment and the software necessary for carrying out legal interception. Today is the separate industry including scientific research of a question, production and technical support of the equipment, development of software products and interfaces, the industry which extends the influence on all existing communication networks, except for telegraph channels.


SORM (abbr. from the System of technical means for ensuring functions of operational search actions) is a complex of the technical means and measures intended for conducting investigation and search operations in networks of telephone, mobile and wireless communication and a radio communication (according to the Law "About Communication" and the order of the Ministry of Communications No. 2339 of August 9, 2000.[1]).

The order of the Ministry of information technologies and communications of the Russian Federation of January 16, 2008 N 6 "About the approval of Requirements to networks of telecommunication for conducting investigation and search operations.]

It is necessary to distinguish the concepts "SORM-1" (the system of telephone tapping organized in 1996) and "SORM-2" (the name is offered V. Ionov — the system of recording of appeals to the Internet) developed by the working group of representatives of the State Committee on Communications of Russia, FSB of Russia, Central Research Institute Svyazi and Glavsvyaznadzor under the leadership of Yu.V. Zlatkis[2] and organized in 2000 (PTP, KTKS).

In brief the SORM system includes three components:

  • Hardware-software part (is established at the telecom operator);
  • Remote operations control room (is established at law enforcement agencies);
  • The channel(s) of data transmission (it is provided with provider for installation of communication with point of remote control).

If as an example to consider Internet service provider, then system operation looks following in the way. At provider the special device is installed. This device is connected directly to an Internet channel, and the equipment of provider for the organization of Internet access is connected already to the equipment SORM. As a result it turns out that all entering and outbound traffic will pass through the special-device, so, it will be able to be in case of need intercepted by law enforcement agencies.

SORM provides two transmission modes of information:

  • Transfer of statistical information;
  • Transfer of the complete information.

SORM has several generations:

  • SORM - 1 this tracking analog communication, telephone negotiations.
  • SORM - 2 it is created for listening of mobile communication and the basic is of course control of the Internet.
  • SORM is the 3rd latest option, provides consolidation of all above-stated systems and in addition controls a part of VPN servers, listens on the air of Skype, ICQ, satellite communication and some other innovations. But the key factor of SORM 3 is a uniform global database which is mutually connected with the SORM different directions.

Tracking - though and not the main SORM function, the main SORM function is global traffic observation in country scales, systems similar to SORM are also in other countries.

SORM costs in all data centers of the country, at all providers of different levels, in points of communication of traffic, on all largest searchers, on all largest social projects (a la schoolmates).

Moreover SORM (not a system of course, employees) very actively interact with programmers who write the systems of communication (An IP telephony, messengers, etc.) or roughly speaking they promote implementation of tabs (backdoors) in these programs to have a possibility of listening.

The third element of a system - obligatory certification of cryptographic programs and devices, i.e. to you will not permit to trade and develop cryptoprograms or cryptographic devices, or protocols, them you should certify everything. I will not stop in detail on these moments, you should understand the main thing as it is important to use for security of the program with open source codes, especially in the field of communication and cryptography.


As operators monitor Russians on the example of MTS. Classified documents got to the Internet

On September 18, 2019 it became known of date leak at Nokia as a result of which some details of work of the systems of technical means for ensuring functions of investigation and search operations (SORM) were disclosed.

According to TechCrunch, the documents which appeared in Network give an idea of scales of SORM and the fact that Russian authorities get access to calls, messages and these clients of MTS.

The scheme of work of solution integration of SORM with MTS network in Belgorod

Confidential files were detected by the director of research of cyberrisks in UpGuard company (specializes in information security support) Chris Vickery. Data were stored on Rsync backup server on the unprotected network drive which belonged to the employee of Nokia Networks company which supplies many years MTS the equipment and services for updating of telecommunication networks.

In open access there were detailed data on placement in the territory of the Russian Federation of the System for Operative Investigative Activities. In particular, it is about installation instructions of the equipment and its detailed schemes and images, information on accounts and employee names and subcontractors, their phone numbers, the list of the cities where servers were located. The total amount of information was 1.7 Tbyte.

Besides, 245 Gbytes of data of Outlook in the PST format (archives of mail), different contractual agreements (PDF files) and also RAR, ZIP and other archives containing backup copies of storages of documents, project offers, operation manuals, progress reports, etc. were published.

Inventory of network equipment, information on the IP addresses and employee names and also notes about a work progress were stated in Excel tables. One more type of the confidential files which snared — schemes and constructions of network equipment. They were followed by technical documents and location information.

Among the data which appeared in the general access, experts detected the photos and installation instructions of SORM of production of Nokia company delivered to MTS in 2014-2016. Judging by these materials, systems are in Vladimir, Lipetsk, Ivanovo, Kaluga, Kostroma, Bryansk, Smolensk, Ryazan, Belgorod, Voronezh, Kursk, Oryol, Tula, Tver, Tambov and Yaroslavl.

The detailed plan of the floor on which the equipment SORM is placed

The published UpGuard of exposure from confidential archive do not allow to estimate precisely, information — photos of gray metal cabinets with fans and letters SORM is how critical and also plans of premises where they are set, hardly create threat of national security of Russia.

Nokia explains that the company provides and sets "port" in network which provides connection of SORM and the subsequent legal interception of data. At the same time Nokia does not store, does not analyze and does not process such data. The Malvin Systems company which offers the technology, compatible to SORM, set over that "port" Nokia is engaged in it. This technology provides collecting and storage of data of users. 

It became clear that the upgraded possibilities of SORM in MTS network allow the government to get access to the database about everyone, it is authorized to whom to use a cellular network, including its international mobile subscriber identity and these sim cards. 

Besides, follows from documents that using SORM security officers can get access to HLR base (Home Location Register) which contains data on each subscriber, including location and information on services which the user requested or received.

In documentation it is also mentioned Signaling System 7 (SS7) — a set of the signal protocols used for setup of most telephone exchanges. SS7 allows cellular networks to set and route calls and text messages. It is noted that this protocol cannot be considered safe, and it can be used for cracking.

Operators realize shortcomings of security of SS7 and implement additional resources of protection, but cannot solve completely a problem because of features of architecture of network: it is designed long ago and does not consider modern opportunities of cybercriminals. Security of SS7 remain relevant, despite emergence of 4G networks using other signaling system as telecom operators should provide support of standards 2G and 3G and interaction between networks of different generations.

According to experts, malefactors for the hacker attacks or far off to interfere with work of SORM and to damage the equipment theoretically could use these data.

The equipment SORM placed indoors at one of telephone exchanges of MTS

UpGuard told Nokia about hit in open access of information unappropriated for public viewing. The Finnish company reacted to the notification only in four days and solved a problem.

As the representative of Nokia Katja Antila explained, the acting employee of the company connected the UBS drive with ancient working documents to the home computer. Because of a configuration error access to the computer and a flash card was freely open on the Internet without authentication. The company continues investigation, said in the publication of TechCrunch of September 18.

Though shadowing users in Russia is resolved by the law, the work connected with SORM is secret and demands from engineers of special certificates for work. The equipment for SORM is bought only from the small list of the elected companies.[3]

The Ministry of Telecom and Mass Communications made changes to rules of the equipment SORM

On July 5, 2019 it became known that within performance of Article 13 of law No. 374-FZ "About introduction of amendments to the federal law "About Counteraction to Terrorism" the order of the Ministry of Telecom and Mass Communications of the Russian Federation makes changes in the Federal Law "About Communication". In particular, in "Rules of use of the equipment of switching systems, including the software, providing accomplishment of the set actions when conducting investigation and search operations. Part III". It is possible to study the complete text of the order here.

According to the document on telecom operators subsidiary duties are assigned:

  • equip additionally the technical means of the investigation and search operations (ISO) installed on communication hubs of data networks by technical means of information storage;
  • perform certification of the equipped additionally ORM technical means.

As reported, the document becomes effective in 10 days after the publication which took place on July 3, 2019. According to data on the federal portal of drafts of regulations, work on the draft of this order began fall of 2016.[4]

Information means of accumulation for SORM should be the Russian origin

On May 31, 2019 it became known that information means of accumulation which the Russian law enforcement authorities use for wiretap of communication lines during the investigation should have the Russian origin from now on. It is about the systems of technical means for ensuring functions of investigation and search operations (SORM).

The corresponding order of the Government of the Russian Federation appeared on the portal of official publication of legal acts. The resolution makes necessary changes to rules of storage by telecom operators of messages and calls of users. The document was prepared the Ministry of Telecom and Mass Communications, FSB and Minpromtorg.

According to the resolution, "the technical means of information storage which are a part of the equipment of means of communication providing accomplishment of the set actions when conducting investigation and search operations should have the conclusion about confirmation of production of industrial output existing at the time of installation of the specified equipment on network of the telecom operator in the territory of Russia".

These means of accumulation of information should conform to requirements to the storage systems installed by the government decree "About Confirmation of Production of Industrial Output in the territory of Russia" which was accepted in July, 2015.

The introduced rules do not extend to the equipment, agreements on which acquisition were signed before the resolution became effective.

As authors of the document in the explanatory note noted, these rules should help to ensure information security of the Russian communications infrastructure in the conditions of sanctions from the western countries. The purpose of the resolution is to secure infrastructure against the hacker attacks in which vulnerabilities in the foreign equipment are used. Also the resolution should support the Russian producers of radio electronics and increase their competitiveness[5].


Most of telecom operators do not ensure stable functioning of SORM-2

FSB experiences difficulties on search of the malefactors using the IP telephony because of problems in the system operation of investigation and search operations (SORM-2) set on networks of operators reports RBC.

As correspondents of the edition found out during journalistic investigation, most of telecom operators anyway violate requirements for installation and support of smooth operation of SORM-2. A system works with violations or does not work for 70% of operators at all.

According to experts, this statistics is caused by several factors. The first of them - economic, the SORM installation is performed by the operator on own account according to the individual plan approved by local management of FSB. Thus it is cheaper to most of operators to pay a penalty (about 30 thousand rubles), than to install the expensive equipment.

Secondly, some operators experience technical difficulties concerning compatibility of their equipment with complexes of FSB. In particular, in the Sakhalin and Kostroma regions VimpelCom did not write traffic of users as it was technically impossible and required large-scale replacement of the equipment.

Having analyzed judicial practice for 2016 - 2017 journalists found out that for the reporting period Roskomnadzor on the basis of appeals of FSB initiated 451 proceedings about administrative violations in connection with problems in work of different types of SORM or tightening of an implementation time and upgrades of complexes. In 86% of cases operators were found guilty of "implementation of business activity with violation of the requirements and conditions provided by the license". In 196 cases operators paid the penalties in the amount of 30 thousand rubles provided by Part 3 of Article 14.1 of the Code of the Russian Federation on Administrative Offences, and in 192 cases to the companies warnings were issued.

The greatest number of violations, work-related SORM, is recorded at the operator "VimpelCom" (Beeline) concerning which in the last two years on different regions it was got the 29th administrative cases, from them 25 ended with a penalty. On the second place by the number of violations the company MTS, concerning it 13 administrative cases are opened. On six arbitration cases it was initiated in the relation of Rostelecom, "Skartela" (Yota) and MTT, two cases were opened in the relation "MegaFon", in one case by the defendant was "T2 of Mobile" (Tele2).

By the appeal to SORM FSB can record a system works or not. Operators only connect the equipment to the network, but cannot control appeals of intelligence agencies to data on users. Intelligence agencies can listen to citizens only after obtaining the corresponding leave of the court. According to judicial department at the Supreme Court of Russia, in 2016 courts of law issued to law enforcement agencies 893.1 thousand similar permissions. Statistically, during the period from January to June, 2017 decreased number of requests for disclosure of a mystery of correspondence and wiretap of telephone conversations of citizens.

The Ministry of Communications prepared requirements to the equipment SORM for Internet services

Developed requirements to the equipment SORM for the Internet services operating in Russia and entered in the Register of organizers of dissemination of information. Acted as their author the Ministry of Telecom and Mass Communications - department prepared the draft of the order "About the Approval of Requirements to the Equipment and the Program Technical Means Used by the Organizer of Dissemination of Information to Internet Networks in the Information Systems Operated by It Providing Accomplishment of the Set Actions when Conducting Investigation and Search Operations including Storage System", and exposed it for public discussion.

According to the current legislation, the services entered in the Register of the organizers of dissemination of information (ODI) should transfer the information about users at the request of authorized state agencies (FSB). If services refuse to do it, they are included in other register - the prohibited websites - and are blocked for access for users to territories of the country.

At the same time, according to the Federal Law of May 5, 2014 No. 97 "About introduction of amendments to the Federal law "About Information, Information Technologies and on Data Protection" and separate legal acts of the Russian Federation concerning streamlining of information exchange using information and telecommunications networks", organizers of dissemination of information to the Internet, as well as telecom operators, are obliged to use the special equipment for collecting of the user metadata.

Until now nobody asked executions of this requirement with ORI as there were no industry requirements to the necessary equipment and program technical means. The situation is going to be corrected for what the Ministry of Telecom and Mass Communications and prepared the corresponding draft of the order.

By the way, the document contains requirements not only to the equipment, but also to information which ORI are obliged to collect with its help. It is the user ID, date and time of registration (in case of signing of the contract on service also date and time of conclusion of an agreement), the alias, the Full Name, the dat of the birth specified by the user a residence address, passport details or other identity documents, the list of languages which are known by the user, the list of the relatives specified by the user information on accounts in other services, the date and time of authorization and an exit from service, the IP address, a contact information (the phone number and the e-mail address) used by the user the application, text messages, records of audio-and video calls, the transferred files, data on effected payments, location.

The main issue (as well as in a case with telecom operators) which rises before Internet services - who will pay acquisition and installation of the corresponding equipment? At the moment in the document of it it is not specified. Most likely it will lay down on shoulders of organizers of dissemination of information.


The SORM developer began to look for contractors for interpretation of correspondence in messengers

The Con Certeza company which develops the systems of technical means for ensuring functions of investigation and search operations (SORM) on networks of telecom operators looks for the contractor for carrying out a research whenever possible of interception and interpretation of traffic of WhatsApp, Viber, Facebook Messenger, Telegram and Skype.

About it, Kommersant[6] writes[7], it became known from correspondence of the employee of Con Certeza with the technical specialist of one of the Russian companies in the field of information security, which contents the edition managed to study[8].

Research purpose — "implementation or the argumentation about impossibility of implementation [these functions] in the SORM systems according to regulatory requirements to cellular operators", said in the letter of the employee of Con Certeza.

On a research of one messenger, follows from correspondence, two months are given, it is offered to begin works with Viber. Payment for work according to each messenger makes 130 thousand rubles for accomplishment of the main part of a research and 230 thousand rubles of a bonus "in case of obtaining identifiers of the parties or the text when using MiTM".

The State Duma Committee approved three years' storage of calls and correspondences by operators

The State Duma Committee on Security and Anti-Corruption Activity recommended to approve in May, 2016[9]by the Chairman of the State Duma Committee on security Irina Yarovaya and the Chairman of the Committee of the Federation Council on defense Victor Ozerov[10]the anti-terrorist draft of amendments trained in the first reading[11]. About it writes RBC[12].

The document contains amendments in the law "About Communication" which oblige the Russian operators to store data on voice and text messages of citizens three years. According to the project, operators should store within the country within three years all information "about the facts of acceptance, transfer, delivery and processing of voice information and text messages, including their contents and also images, sounds or other messages of users communication services". Operators are obliged "provide this information to the authorized state bodies performing operational search activity or security of the Russian Federation".

According to the estimates of VimpelCom operators (a brand Beeline), MegaFon and MTS, three years' storage of calls and correspondences will cost $70 billion. It several times exceeds total revenue of the companies[13].

Later the head Ministry of Telecom and Mass Communications Nikolai Nikiforov agreed that introduction of similar amendments will lead to collapse in the market[14]. He also noted that the bill needs completion. With respect thereto the ministry already prepared the corresponding response, and the bill will be changed to the second reading.

In Russia the "impracticable" law on total shadowing users of Runet is adopted

May 13, 2016. The State Duma accepted the "anti-terrorist" packet of amendments offered by deputies Victor Ozerov and Irina of Yarovaya[15] in the first reading[16].

It is, in particular, about amendments in the laws "About Communication" and "About Information, Information Technologies and Data Protection" which oblige to store telecom operators and the Internet company within three years all negotiations of the subscribers and users.

Before it the response on the bill was published by the Government. It recognized relevance of this document and agreed that its acceptance will make fight against terrorism and extremism of more effective.

Total control of citizens

Telecom operators will have to store during the three-year period in the territory of Russia information "about the facts of acceptance, transfer, delivery and (or) processing of voice information and text messages, including their contents and also images, a sound or other messages of users of communication services". Thus, it is about storage of all telephone negotiations, Sms, Internet traffic, etc.

Now telecom operators store within three years information about only about subscribers and the communication services rendered to them (i.e. detailing of negotiations). Besides, there is a System for Operative Investigative Activities (SOIA) thanks to which law enforcement agencies can intercept telephone negotiations and Internet traffic of subscribers.

In 2014 SORM-3 system which obliges to store telecom operators at the request of law enforcement agencies Internet traffic of certain subscribers within 12 hours was put into operation.

The adopted bill reinstalls for the benefit of intelligence agencies regulation of storage of all negotiations of all subscribers within three years.

Amendments in the Law "About Information" concern "organizers of dissemination of information". This term was entered by legislators in 2014 the so-called Law "About Bloggers". It concerns the Internet services performing communications between users: social networks, blogging platforms, etc.

Now they should store in the territory of Russia all information on the users and messages transferred to them within half a year. The new bill obliges them to store also messages, and storage life as was already noted, lasts up to three years.

Expenses of 5 trillion rubles in size

Expenses of telecom operators and the Internet companies on implementation of this bill in its current form will make 5.2 trillion rub. Interfax with reference to the conclusion of the working group "Communication and Information Technologies" at the Government of the Russian Federation reports about it. Such expenses are very heavy, experts warn: for fulfillment of requirements of the law telecom operators have no technical and financial resources as there are no relevant free storages and in principle.

Implementation of the bill will demand cardinal reorganization of the existing system of interaction of telecom operators with law enforcement agencies, said in the expert opinion. Now operators are connected to intelligence agencies communication channels with a speed of 150 Mbps, it is not enough for several hundred exabytes of information.

Experts of the center believe that the bill objectives all the same will not be achieved as already now 49% of all transferred traffic are ciphered, and within three years its share will grow to 90%.

2013: FSB gets full access to traffic of users

In October, 2013 it became known that the Internet service providers working in Russia will have to install the equipment for record of Internet traffic and its storage not less than 12 hours by July 1, 2014. Direct access to this equipment will be had by the Russian intelligence agencies, the Kommersant newspaper reported.

At the disposal of the newspaper there is a letter of VimpelCom in the Ministry of Telecom and Mass Communications in which the operator criticizes the draft of the order of the ministry on investigation and search operations on the Internet which is already approved by FSB. The document expects registration in Ministry of Justice and will probably become effective in 2013.

The provider specifies in the letter that order provisions "violate the rights guaranteed by the Constitution of the Russian Federation (Article 23, 24, 45)" in which the right to personal privacy to the mystery of correspondence, telephone negotiations, mail, cable and other messages is affirmed restriction of this right is allowed only on the basis of the judgment, and collecting, storage, use and dissemination of information on private life of the person without its consent are not allowed.

Information on existence of this order to the newspaper was confirmed by three sources in the telecommunication market, including the manager of Rostelecom.

As a result of entry into force of the document, the equipment installed at providers will fix all data packets arriving to providers and to store them not less than 12 hours.

In the order it is described what information on Internet users will be transferred to intelligence agencies. In particular, it is phone numbers, the IP addresses, names of accounts, "the e-mail addresses in,,,, services, etc."; the identifiers ICQ, identifiers of mobile devices (IMEI), identifiers of the called and causing subscribers of Internet telephony.

Besides, the draft of the order obliges providers to transfer information on location of exchange service stations of users of services of Internet telephony to intelligence agencies: Skype, etc.

By this time in networks of the Russian providers the equipment SORM-2 (System for Operative Investigative Activities), and, by rules of 2008 is installed, they are already obliged to transfer phone numbers and location of subscribers of mobile communication to intelligence agencies, but not obliged to write these data.

The new order as the newspaper with reference to the security director of the united company of "Afisha-Rambler-SUP" Alexander Rylik writes, this updating of requirements of 2008 taking into account "modern realities": "We give our traffic to a node of FSB. The SORM equipment which is installed at us is just the interface of interface to technical means of FSB. All processing is performed on a node of FSB".

According to the expert, after entry into force of the draft of the order providers will send no more data to FSB, than sends now, and responsibility for potential abuses should lie on bodies which obtain information.

On predesigns of VimpelCom, annual investments into the equipment will make $100 million, by estimates of MTS - about 300 million rubles. According to the source newspapers in one of the ministries, installation and operation of the equipment SORM now are paid by operators though under the law should pay the state[17] for SORM[17].

2008: Start of the updated SORM-2

The order which appeared at the beginning of 2008 did not cause such strong resonance as it was 8 years ago. His creators considered old errors, and did not begin to submit for public consideration the document containing requirements to channels, interfaces and the equipment of data networks for ensuring conducting investigation and search operations unlike the similar document for the PSTN and SPS.

However, some features of carrying out SORM on a data network after all are known. So, for example, the SORM Control panel should have an opportunity to work with AAA protocols of provider (RADIUS or TACACS+), and, in case of dynamic selection of the IP addresses, all necessary addressing information should be sent to PU SORM.

The main point of legal interception on SPD is the possibility of receiving by law enforcement agencies of all information transferred and accepted by the controlled user. In the conditions of a packet switching network this task is not so trivial and requires individual approach for each specific network. The choice of the most acceptable option of the OSRM organization on network falls on the operator, besides, that he should observe all demands made by law enforcement agencies.

It is natural that in this case the option of implementation of SORM-2 on network of providers of services will be the unique project. Respectively, its cost will be rather considerable that is unwanted to the operator and also time of project implementation can extend for many months that is already unacceptable for law enforcement agencies. For both parties implementation of the standard universal project which distinctions will consist only in the parts which are not affecting its main architecture will be the most suitable.

Solutions and installations of SORM-2

When choosing option of legal interception law enforcement agencies nominate the solutions proceeding from requirements to SORM-2 which they need to execute to communication networks. And as requirements for legal interception of data networks remain rather "amorphous" concept, and the operator should adapt to them in each case.

The most appropriate solution allowing to solve the majority of the arisen problems was the system of passive monitoring of information and interception of information on network. The general scheme of connection of the equipment of passive interception is provided on[18].

Image:СОРМ-2 схема подключения оборудования пассивного перехвата.jpg

Advantages of this scheme are obvious both to the telecom operator, and to law enforcement agencies. However, it did not turn out to avoid also some difficulties connected first of all with installation and installation specialized "the aggregating router" on network of the operator. This equipment is a point of concentration of all traffic on network through which there pass 100% of information circulating on network.

In case of application of this scheme on IP-telefonii networks we receive the powerful tool allowing at the minimum costs from the operator and when preserving all necessary requirements from law enforcement agencies to implement a full range of actions of SORM. Such efficiency of its use is explained telephone networks by the fact that requirements to SORM-1 order interception only of telephone traffic and signaling messages. Respectively, its implementation allows to implement all requirements fully.

Situation on data networks not so iridescent. The huge number of different types of traffic, their most unusual combinations, and also universal use of cryptography considerably complicates process of "legal interception" and makes additional difficult and solvable requirements to the equipment SORM-2. Let's dwell upon these features of implementation of SORM-2 on network.

Today the end user can transfer on network a huge number of information, and, the most various type (video, e-mail, speech given, etc.).

The additional complexity to legal interception is added by universal hobby for cryptographic information protection. At interception of information ciphered one way or another impracticablly to decrypt it without use of keys and specialized decoders. Naturally in case of passive monitoring it is possible to intercept also keys which are transferred on network, but at the same time it is necessary to learn to apply them and to use for a certain user. It is quite feasible functionality, but its implementation considerably will complicate all system of legal interception and also will affect its high-speed performance.

Except the given difficulties process of installation and implementation of a subsystem of SORM on data networks is followed by a number of the difficulties connected with organizational features. But one of the most widespread problems are possible disagreements with SORM Control panels.

In lack of accurately formulated requirements and standards to channels of data exchange between the device of filtering and PU SORM difficulties at information transfer are inevitable, and even at connection of the equipment to each other. This problem expires from the fact that the equipment SORM installed at law enforcement agencies and the system of passive monitoring working for networks of the operator are usually made by the different companies, often foreign, and incompatible with each other have unique interaction interfaces.

In this situation control instructions will be executed by process of SORM-2 not fully or in general to be ignored. Therefore joining of such equipment will require additional devices – converters which will be able fully to transfer all information volume from PU SORM to the device of filtering and back.

Thus, implementation of the end products allowing to set SORM-2 on the existing communication networks is rather tangled and ambiguous process which is followed by big costs for development and installation. Unfortunately the majority of these costs lay down on shoulders of the telecom operator and provider.

Besides, the lack of the accurate legal base and extremely formulated requirements do not allow to create products which unambiguously can be set on communication networks, unlike SORM on telephone networks.

With respect thereto implementation of these products for providers of Internet services and operators of SPD for 2009 is not reasonable therefore many companies equipment manufacturers of SORM do not hurry to create products within SORM-2. Also continue to develop the direction of telephony, including the IP telephony, bringing legal interception in this area to qualitatively new level.

As monitoring of Internet traffic works at practice

According to license conditions, the telecom operator before operation of the network (i.e. provision of services to subscribers) should get the Permission to operate at that body which was called the Federal Information Technologies Agency, Rossvyazyokhrankultura and one thousand other names (they changed on average every two years). For 2009 it is called the Rossvyazkomnadzor. Permissions are issued according to the Rules approved by the Government to whom it is in black and white written that the operator should resolve an issue with SORMOM about what to show "piece of paper" in Supervision[19].

This issue is resolved, and the piece of paper is shown signed by only FSB and nobody else. Any bodies of the Ministry of Internal Affairs — neither local Department of Internal Affairs, nor department "To" — or tax, someone else has no relation to it. Only FSB can monitor Internet traffic. Other bodies or departments for this purpose physically have no technical capabilities — they do not put any equipment anywhere. By the way, it still indirectly follows from the fact that when from an operator/hoster something is necessary for the same department "To" — it is forced to send the white paper on the form and signed by the head. Nobody can just call and ask "throw off an infa on traffic here from this IP" — operators/hosters in such cases usually just "send" and ask to send official request.

Let's return to our telecom operator which needs to agree on issue SORMA with FSB. Yes, formally the operator really should purchase the special equipment for $10 of k and stretch the selected communication wire in local UFSB. However, really nobody does of small providers of it. All are limited to the arrangement to cooperate with FSB if they have questions (in fact just exchange contacts with the officer-curator and the Fsbshny technician), and signing of "The protocol on an order of interaction within commissioning of SORM" (or "The plan of commissioning...") which essence if to state briefly, comes down to the fact that the provider undertakes to make "this" SORM sometime then (normally in about five years). The classical principle of Hodzhi Nasreddin — in five years works or the company will be closed, or money for full of SORM will earn, or something else will change. Moreover, many in five years sign the following same protocol and in a mustache do not blow.

What occurs if someone from clients of provider really sells spare parts from helicopters or somehow differently threatens federal security? Well, just call (or even write by e-mail) and ask to make traffic tcpdump from a certain address, and then to throw off them on ftp. The provider takes and does. That's all, actually.

If the provider became rather big and already "ripened" not to potter with dump — he puts at himself the Fsbshny equipment. What is it? I cannot warrant for all and everything, but what I saw — there were normal self-combined computers in the rack GenesysRack body with the set Linux and two setevushka — "input" and "exit". On "input" the provider simply of mirror'it traffic (Internet, but to NAT'a, it is natural), and on "exit" appropriates (well, i.e. reports in FSB, and they will appropriate) external IP on which all this is controlled. That under Linux I specifically turn, of course, it is not aware, but here and seven spans in a forehead it is not necessary to be — some analyzer of packets that it was possible "pull out" only that it is required and not to drive traffic tons in Fsbshny data center.

In comments pointed that the self-collecting mentioned in a topic is not used any more. Yes, I really saw this case about 3 years ago. I am glad for our FSB officers that they began to order the equipment from other contractors — who use or ready vendor servers or collect something more or less decently looking.

If to look really from a practical side, then "terrible and awful" SORM is not the Big Brother and not attempt of all to promonitorit and to enslave. It is valid means of protecting of interests of security of the state which are used only for this purpose and in general solves rather modest and limited problems.

2000: Implementation of SORM-2 is postponed

Attempts of legal monitoring of Internet activity of users were made more than once, so in 2000 a number of decrees which regulated rules of the SORM organization on communication networks was issued. However this fact caused strong reaction of the public, and then through court it was succeeded to suspend orders that allowed to delay implementation of SORM-2 on INTERNET network.

Development of the new order, requirements and related documents took about eight more years, being followed by numerous discussions and discussions. For this term rather much managed to change, both in the market of telecommunications, and in the world around.


The first system of phone tapping

In 1913 in premises IV of the State Duma in St. Petersburg the equipment allowing to overhear telephone negotiations was installed. After that any references of installation and development of the equipment SORM did not meet, up to 1992 when order No. 226 "About use of means of communication for ensuring investigation and search operations of the Ministry of security of the Russian Federation" in which it was required to provide the premises and the equipment to law enforcement agencies for carrying out legal interception was published. After that to the public, with enviable constancy, there were new orders which supplemented or replaced separate points of the previous documents.

Restriction of a mystery of communication in Russia

Requirements of approval of the actions plan for implementation of "SORM",[20][21] are imposed on all telecom operators in Russia[22] otherwise their license can be cancelled.[23]Ошибка цитирования Неверный вызов: нет входных данных

According to Article 23 of the Constitution of Russia restriction of a mystery of communication is allowed only by a court decision. At the same time in the law the possibility of use of SORM before court's decision, "in the cases set by federal laws" is mentioned.[24]:

In Russian SORM the intelligence agency independently, without appeal to the court, defines the user who needs to be delivered on control and independently it performs therefore on model Russian SORM there is no separate administrative function, one may say, that it is integrated into PU SORM.[25]

From Article 64: "About Duties of telecom operators during the conducting investigation and search operations and implementation of investigative actions" the federal law "About Communication":

1. Telecom operators are obliged to provide to the authorized state bodies performing operational search activity or security of the Russian Federation, information on users communication services and about the communication services rendered to them and also other information necessary for accomplishment of the tasks assigned to these bodies, in the cases set by federal laws.[26][27]

For directly listening of a talk official court's decision is required, but for obtaining other information (for example, about the facts of commission of calls) the sanction of court is not required. As a rule, the SORM systems technically differentiate access rights of operators to a system, and record the history of use that provides protection against abuses of individual employees of law enforcement agencies.

See Also


  1. About an order of system implementation of technical means on ensuring investigation and search operations — Order No. 130 of 7/25/2000
  2. SORM-2 on the website
  3. Documents reveal how Russia taps phone companies for surveillance
  4. The Ministry of Telecom and Mass Communications made changes to rules of the equipment SORM
  5. Phones of Russians will begin to listen within SORM only on domestic "iron"
  6. [ of Shifrofreniya
  7. . Messengers are prepared for opening]
  8. , the SORM Developer began to look for contractors for interpretation of correspondence in messengers
  9. data on calls and correspondence up to 3 years
  10. want to oblige to store
  11. Operators
  12. In the State Duma decided to adopt anti-terrorist amendments of Yarovaya
  13. Operators will spend up to $70 billion for three years' storage of calls and perepiso
  14. the Ministry of Telecom and Mass Communications warned about collapse in the industry in case of adoption of the bill of storage are given
  15. [ of CNews
  16.  : In Russia the "impracticable" law on total shadowing users of Runet is adopted]
  17. 17,0 17,1 [ of FSB
  18. fig. 1 SORM-2 history, formation, perspectives
  19. Terrible and awful COPM2: it is a little practice
  20. "About the approval of Rules of interaction of telecom operators with the authorized state bodies performing operational search activity" — the Order of the Government of the Russian Federation of August 27, 2005 N 538
  21. [ "About the approval of Requirements to networks of telecommunication for conducting investigation and search operations
  22. . Part I. General requirements" — Order No. 6 of 1/16/2008]
  23. Cancellation of the license because of not implementation of the Plan of СОРÌ
  24. Listen it is given
  25. Legal interception of messages: Approaches of ETSI, CALEA and SORM
  26. Federal law of July 7, 2003 No. 126-FZ "About communication"
  27. Order of the Government of the Russian Federation of August 27, 2005 N 538