SORM System of operational-search measures

SORM (abbreviated from the System of technical means for ensuring the functions of operational-search measures ") - a set of technical means and measures designed to carry out operational-search measures in telephone, mobile and wireless communication and radio communication networks (according to the Law "On Communications" and Order of the Ministry of Communications No. 2339 of August 9, 2000^[1]

Order of the Ministry of Information Technologies and Communications of the Russian Federation dated January 16, 2008 No. 6 "On Approval of Requirements for Telecommunication Networks for Operational Search Activities.]

It is necessary to distinguish between the concepts of "SORM-1" (a system for listening to telephone conversations, organized in 1996) and "SORM-2" (the name was proposed by V. Ionov - a system for logging calls to the Internet), developed by a working group of representatives of the State Communications Committee of Russia, the FSB of Russia, the Central Research Institute of Communications and Glavsvyaznadzor under the leadership of Yu. V. Zlatkis^[2] website and organized in 2000 (PTP, KTKS).

Briefly, the SORM system includes three components:

• Hardware and software part (installed at the telecom operator);
• Remote control point (installed by law enforcement agencies);
• Data link (s) (provided by the provider to establish communication with the remote control point).

If we consider the Internet provider as an example, then the operation of the system looks like this. The provider is installing a special device. This device connects directly to the Internet channel, and the provider's equipment for organizing Internet access is already connected to the SORM equipment. As a result, it turns out that all incoming and outgoing traffic will pass through a special device, which means that, if necessary, it will be able to be intercepted by law enforcement agencies.

SORM provides two modes of information transmission:

• Transmission of statistical information;
• Transfer of complete information.

SORM has several generations:

• SORM - 1 is tracking analog communications, telephone conversations.
• SORM-2 is designed to listen to mobile communications and the main thing is of course Internet control.
• SORM - 3 is the latest version, provides the unification of all the above systems and additionally controls part of the VPN servers, listens live to Skype, ICQ, satellite communication and a number of other innovations. But the key factor of SORM 3 is a single global database that is mutually connected with various directions of SORM.

2024: The Ministry of Digital Development of the Russian Federation will oblige Internet resources to transfer extended data on IP addresses and ports to the security forces

On April 27, 2024, the Ministry of Digital Development of the Russian Federation published a bill that would expand the list of information about users that Internet resources should be stored and transmitted at the request of bodies engaged in operational-search activities. It is expected that the changes will simplify the task of identifying specific users of sites for security officials and help in the fight against blocking evasion tools.

Amendments are being made to the decree of the Government of the Russian Federation of September 23, 2020 No. 1526 on the rules for the organizers to store information (ARI) on the Internet about users. The explanatory note says that as of April 2024, the problem of establishing the ownership of IP addresses allocated to subscribers by Russian telecom operators using network address translation (NAT) technology has become particularly relevant. In addition, there are difficulties in determining the IP addresses issued to users of virtual server services (VDS/VPS), virtual private networks (VPN) and proxy servers.

𝓲

Unsplash

The authors of the bill emphasize that in fact, user ports are not logged. At the same time, ARIs use various load optimization mechanisms, redirecting requests and protecting against DDoS attacks, which makes it impossible to establish the IP address of the server. Thus, the lack of expanded information about IP addresses and user ports by the security forces prevents the identification of persons when placing and (or) sending illegal content.

In order to solve the problem, Ministry of Digital Development proposes to include in the list of stored information information information about the network addresses and ports of the user, network addresses and ports of the communication Internet service, with the help of which users register, as well as receive, transmit and process electronic messages. It is said that the standard functionality of the most common software for web servers provides for logging information about network addresses and ports of the client and server. Therefore, the implementation of the changes will not require additional costs.

The introduction of these changes will significantly increase the effectiveness of law enforcement agencies in solving crimes, as well as make it possible for the ARI to implement effective mechanisms for preventing the facts of illegal access to user identifiers in communication Internet services, the document says.[3]

2023

Hosting providers obliged to connect to SORM until mid-2024

The Government of the Russian Federation, by its resolution No. 1952 of November 22, 2023, approved^[4] of the rule for the interaction of hosting providers with authorized state bodies carrying out operational-search activities. They come into force on December 1 simultaneously with Law No. 406-FZ, which legalizes the activities of hosting providers.

The rules determine the interaction of the hosting provider's equipment with the SORM-2 system already built by the FSB of Russia and Roskomnadzor and are almost similar to those approved for Internet providers by government decree No. 538 of August 27, 2005, which has been edited five times since adoption. (in 2008 - Decree No. 761, in 2013 - No. 325, in 2017 - No. 1721, in 2018 - No. 1138 and in 2021 - No. 613).

The parameters of the new decree are very similar to the requirements for Internet providers: hosting providers must submit an application to the FSB within 45 days from the date of the start of the provision of services to determine the authorized body. Both regional units of the FSB and the Ministry of Internal Affairs can act as it. The Central Directorate of the FSB of Russia gives an answer within 30 days, while within 3 months from the date of submission of the application, the hosting provider, together with the authorized body, must develop an action plan for the implementation of SORM equipment on the hoster infrastructure. The same scheme is already in effect for Internet providers, so hosting service providers are likely to be built into the already built SORM-2 system.

SORM (aka SORM-1) is a recording of telephone conversations that was built back in 1996. It involves installing devices in the infrastructure of a mobile or fixed operator that record telephone traffic and provide employees of operational services with access to these records. SORM-2 is an Internet traffic recording system built in 2000 jointly by the FSB of Russia and the predecessor of Roskomnadzor. It involves the installation of special equipment at the provider and at its expense, which records all traffic transmitted over the provider's networks and gives operational services access to these records. The location of the devices (implementation plan) is consistent with authorized organizations in order not to miss information.

An example of equipment for small providers that combines SORM-1 and SORM-2 (photo of RTK NT Group of Companies)

He initiated the process of introducing control over the activities of hosting providers adopted in the summer by law No. 406-FZ, which defined the concept of a hosting provider in the "three-chapter" law No. 149-FZ. On December 1, 2023, its part comes into force (Article 10.2-1 of Law No. 149-FZ), which regulates the hosting market and requires Roskomnadzor to create a register of hosting providers.

It is this law that requires existing hosting providers to send a notice to Roskomnadzor no later than December 15 to start providing computing power for rent, that is, providing hosting services.

The same law determines that from February 1, 2024, only those providers that will be included in the corresponding register will be able to provide hosting services to Russian companies. However, as soon as the hosting provider enters the register of Roskomnadzor, the deadline for the adopted resolution No. 1952 on connecting to SORM begins to be counted. Therefore, in fact, by June 2024, all hosting providers must be connected to this control system or, at a minimum, must have a plan to put SORM equipment into operation. If they do not fulfill this plan, then they may also lose their license to provide hosting services.

However, the hosting provider can, in agreement with the authorized body, use the SORM equipment of another hoster, which allows small operators to connect to wiretapping systems of larger providers. Internet providers have the same opportunities.

The Ministry of Digital Development of the Russian Federation approved new requirements for SORM equipment

In early September 2023 Ministry of Justice of the Russian Federation , the Order " Ministry of Digital Development On Amendments to the Order of Ministry of Digital Development, Communications and Mass Media Russia October 29, 2018 No. 573" On Approval of Requirements for Technical and Software Tools of Information Systems, containing databases of telecom operator subscribers and communication services provided to them, as well as information about users with communication services and communication services provided to them that ensure the implementation of established actions during operational-search measures (SORM). " The published document will enter into force on March 1, 2024 and will be valid for six years.

According to the order of the Ministry of Digital Development, the technical and software tools used in the conduct of operational-search measures must be certified. The systems shall ensure continuous collection and accumulation of information on connections, telephone communication sessions, facts of entry and exit in the personal account of subscribers, incoming and outgoing SMS and USSD, both delivered and not delivered to the subscriber.

Technical and software tools used during operational-search activities shall be certified

Information on connections using VoWiFi, including WiFi Calling, should be stored in the ISS OPM in the format of statistical records about telephone connections of subscribers. Additionally, records of the subscriber's location in the mobile radio and radio telephone communication network should be generated, including when the subscriber device is turned on or off and any information exchange between the subscriber device and the switching equipment.

The time interval for processing information about the connection, disconnection and change of the subscriber's location should not exceed five minutes. When making calls through Internet messengers, statistical records should be formed with data on the external and internal details of the subscriber and his contact.

Ministry of Digital Development of Russia Order No. 630

Telecom operators in Russia began to be issued fines for the lack of systems of operational-search measures

On August 11, 2023, it became known that the first fine was imposed on a telecom operator in Russia for the lack of a system of operational-search measures (SORM).

Negotiable fines for operators on whose networks SORM funds are not installed were introduced in May 2023. The amount of recovery varies from 0.001% to 0.003% of annual revenue for the first violation and from 0.01% to 0.03% of annual revenue - for repeated violation. The authors of the initiative declare that the equipment should be installed on the networks of each telecom operator, but small companies save and evade the implementation of the system. The main tasks of SORM are to help investigate crimes and prevent terrorist attacks.

The first penalty was imposed on the telecom operator for the absence of the SORM system

It is reported that the court brought the telecom operator to justice under Part 4 of Article 14.1 of the Administrative Code and sentenced him to a fine of 4,000 rubles. We are talking about an unnamed company from the Krasnodar Territory. The Operator did not implement SORM prior to commencement of activities under the Communication Services License. The case presents evidence of an administrative offense: an act of verification, a letter from the FSB of Russia for the Krasnodar Territory, a protocol on an administrative offense, etc.

The telecom operator did not fulfill the licensing obligations and paragraph 6 of Rules No. 445 on the introduction of hardware and software necessary for SORM, the court materials say.

It is also noted that the defendant did not provide evidence indicating that he had taken all measures dependent on him to properly comply with the requirements of the current legislation. Therefore, the court issued a ruling on the imposition of penalties. Whether the operator will appeal is not specified.^[5]

The Ministry of Digital Development will postpone the introduction of traffic storage systems in the LPR

On July 13, 2023, information appeared that the Ministry of Digital Development intends to postpone the introduction of traffic storage systems in the Luhansk People's Republic (LPR). We are talking about solutions for systems of operational-search measures (SORM).

According to the Kommersant newspaper, the deployment of traffic storage systems, the most costly part of launching a system of operational-search measures, in the LPR will be postponed to the end of 2024. The Ministry of Digital Development says that operators in the new territories will be allowed not to install their own SORM systems. Instead, they will be able to conclude an agreement with the operator to whose network they are connected for the provision of relevant services.

The Ministry of Digital Development will postpone the introduction of traffic storage systems in the LPR

Sources of the publication associated with Luhansk telecom operators claim that local companies actually do not have the financial capabilities to connect SORM and deploy large-scale traffic storage systems. The fact is that the cost of SORM equipment is 2-7.5 million rubles, depending on the data transfer rate provided. Not all market participants can allocate such funds. At the same time, for the absence of SORM on communication networks, operators face a fine of 0.001-0.003% of annual revenue for the first violation and 0.01-0.03% for repeated.

As of the beginning of July 2023, Lugak, the Mobile Communication Systems brand, operates in the LPR. At the end of May 2023, it became known that + 7Telecom, the structure of the Crimean operator K Telecom, received permission to enter the republic. In addition, about 40 small providers operate in the region.

It is noted that the provision of "outsource" services (a platform of technical means to ensure the functions of operational-search measures) can increase the traffic of the base operator by 15% per year. Thus, even a large operator will not have enough capacity to contain several dozen companies. As a result, in order to increase the volume of capacity, the operator will begin to inflate tariffs in various ways. Internet^[6]

Putin introduced negotiable fines for telecom operators for refusing to install traffic storage systems

The President Russia Vladimir Putin signed a law on working fines for telecom operators for failure to fulfill the obligation to implement the requirements for networks and means of communication used for carrying out events by bodies carrying out operational-search activities or ensuring the security of the Russian Federation. The corresponding document was published on the official portal of legal information on June 14, 2023.

For such violations, for individual entrepreneurs and legal entities, the fine will be from 0.001 to 0.003 of the revenue (but not less than a million rubles) from the sale of goods on the market of which an administrative offense has been committed for a calendar year (the previous year in which the offense was detected, or for the previous date of detection of an administrative offense part of the calendar year).

Russian President Vladimir Putin

For repeated violation, fines can already be from one hundredth to three hundredths of the annual revenue, but at least a million rubles.

Changes are made to Article 13.46 of the Administrative Code. It already establishes liability in the form of fines, only for owners or other owners of a technological communication network. The federal law comes into force on January 1, 2024.

The explanatory note to this law provides statistics from Roskomnadzor on the number of violations identified related to the introduction of SORM requirements by telecom operators. In 2021, 1.11 thousand violations were revealed, of which 206 fall on legal entities. In 2022, these values ​ ​ were 867 and 177, respectively.

As noted by CNews, an analysis of judicial practice for considering materials on such violations shows that the courts impose punishments in the form of imposing an administrative fine of less than the minimum amount for individual entrepreneurs or small and medium-sized businesses. And when simultaneously identifying violations related to the implementation of SORM requirements for several licenses, the offender is prosecuted as for committing one administrative offense.^[7]

In Russia, adopted a law on working fines for telecom operators for the non-establishment of SORM

On May 23, 2023, the State Duma of the Russian Federation adopted in the third (final) reading a bill that introduces negotiable fines for telecom operators for refusing to install a system of operational-search measures (SORM) on their networks. Such decisions help to investigate crimes and prevent terrorist attacks. The equipment should be installed on the networks of each telecom operator, but small operators save and evade the introduction of SORM, the authors of the initiative note.

The law introduces a fine of 0.001 to 0.003% of annual revenue for the first violation and 0.01 to 0.03% of annual revenue for repeated violation. The norm will enter into force on January 1, 2024.

The law introduces a fine in the amount of 0.001 to 0.003% of annual revenue for the first violation and 0.01 to 0.03% of annual revenue for repeated violation

Thus, from this day on, administrative responsibility will operate for the failure of the telecom operator to ensure the implementation of requirements for networks and means of communication for operational-search measures. For this, a "negotiable fine" is provided from the provision of communication services of the corresponding type of licensed activity, during the provision of which an administrative offense was committed, received on the territory of a constituent entity of the Russian Federation, where the offense was revealed. This revenue for the calendar year preceding the year in which the offense was identified is explained in the document.

According to Dmitry Galushko, General Director of the Orderkom consulting company, most small SORM operators have not established Yarovaya to implement the law. Therefore, the possible adoption of a law on the introduction of working fines from the operator's revenue in a particular region will most strongly affect small companies, he says. The innovation can lead to the unification of small operators and a decrease in the revenue of medium-sized players, the lawyer said.

The explanatory note to the bill states that the cost of such equipment ranges from 2 million to 7.5 million rubles, depending on the provided data transfer rate.^[8]

2022

The Ministry of Digital Development has developed requirements for action plans for the introduction of equipment within the framework of the Spring Law

In September 2022, the Ministry of Digital Development of the Russian Federation presented standard requirements for an action plan for the implementation of operational-search measures (SORM) systems. The corresponding document is posted on the portal on the preparation of regulatory legal acts and the results of their discussion.

Requirements have been developed for action plans for the implementation of equipment within the framework of the Spring Law

In the action plan, companies will have to indicate the scheme for organizing a technological communication network, as well as provide information on the number of users and the planned volume of traffic, on contracts with telecom operators. In addition, information should be included on the timing of the provision of technical specifications for connecting technical means to the control center of the division of the authorized government agency carrying out operational-search activities or ensuring the safety of the Russian Federation, the timing of the development of the technical means scheme, the list of persons involved in the installation of software and hardware and their maintenance, as well as the timing and procedure for conducting preliminary and acceptance tests of technical means. The plan should inform about the period of commissioning of software and hardware.

The SORM plan will be approved by the head of the authorized subdivision and the head of the organization, which is the owner or owner of the autonomous system, or other persons authorized by them.

The terms of coordination with the authorized body of the technical decision on the introduction of technical means, the terms of organization of round-the-clock remote access of the authorized unit to the InformSystem of the owner or owner of the autonomous system, the term of work on the organization of lines and communication channels for connecting technical means to the control point of the authorized unit, the term of development of the scheme for the introduction of technical means are also indicated.^[9]

The Ministry of Digital Development proposed to punish telecom operators with negotiable fines for refusing to introduce SORM

As it became known on August 8, 2022, Ministry of Digital Development proposed to punish telecom operators with revolving fines for refusing to introduce operational search measures (SORM) systems. The corresponding bill, developed by the department, was published on the federal portal of draft regulatory legal acts. The document can supplement article 13.46 of the Administrative Code of the Russian Federation.

The Ministry of Digital Development proposes to impose an administrative fine for legal entities in the amount of 300 thousand rubles to 500 thousand rubles for failure by a telecom operator to ensure the implementation of the requirements for networks and communications established in accordance with federal law, used for carrying out by authorized state bodies carrying out operational-search activities or ensuring the security of the Russian Federation, in cases established by federal laws, measures for the implementation of such activities.

The Ministry of Digital Development put forward a proposal to punish telecom operators for refusing to introduce SORM

In case of a repeated violation, the telecom company may be fined from one ten thousandth to five ten thousandth of the amount of the offender's revenue from the provision of communication services for the calendar year preceding the year in which the administrative offense was identified, but not more than two ten thousandth of the total amount of proceeds from the sale of all goods (works, services) and at least 1 million rubles.

In early August 2022, the discussion of another bill of the Ministry of Digital Development on amending the requirements for SORM was completed. Despite the fact that the department declared that the changes would not require additional costs from operators, the telecom companies themselves do not share this opinion. In particular, Rostelecom warned about the costs, the company proposed to postpone the entry into force of the project until December 2023.^[10]

FSB sent letters to operators demanding to provide plans for the introduction of equipment under the "Spring Law"

As it became known in mid-June 2022, the Federal Security Service (FSB) sent letters to telecommunications operators demanding to provide plans for the introduction of technical means systems to ensure the functions of operational-search measures (SORM) as part of the implementation of the requirements of the "Spring Law."

The 12th FSB Center began to send letters to Telecom Operators of the Moscow Region who do not have a valid SORM plan for Yarovaya with "ay-ay-ay" and the threat of sending a notification to the ILV. Potentially faces a fine of 100 thousand rubles for one license, - reports the Telegram channel "WarrantCom."

FSB sent letters to operators demanding to provide plans for the introduction of equipment under the "Spring Law"

Sources of the magazine "Cabelshchik" (covering events in the field of television and telecommunications) among telecom operators in the Moscow region confirmed the receipt of this document.

In the letter, the FSB Center indicates that operators are legally obliged to store text messages, voice information, video and other data of users of communication services. Since some operators by mid-June 2022 did not agree with the FSB Center on the introduction of technical means of accumulating information in SORM, the department cannot carry out operational-search measures in operator communication networks.

The FSB considers this "unacceptable" and reminds that for this it is possible to bring to administrative responsibility under Article 14.1 of Part 4 of the Administrative Code. Since 2018, telecom operators must install SORM on their networks. The system allows intelligence agencies to access calls, Internet traffic and other data of mobile subscribers and Internet users.

In mid-June 2022, it became known about the amendments to the Administrative Code prepared by the Ministry of Digital Development, the Tax Code and the Law "On Communications," according to which operators who do not use operational-search measures on their networks are proposed to be punished with revolving fines. ^[11]

2021

Small telecom operators in the Russian Federation cannot afford the equipment required by the "Spring Law"

In mid-April 2021, it became known that Roskomnadzor warned more than 50 small home Internet providers from the Moscow region about the need to install systems of technical means for operational-search measures (SORM) as part of the implementation of the "Spring Law." However, despite the threats of a fine (up to 200 thousand rubles), operators are in no hurry to introduce such equipment, since they often cannot afford it.

By mid-April 2021, only large telecom companies and several small operators have SORM, Oleg Grishchenko, president of the Rostelecet association (unites 195 telecom operators), told Kommersant. According to him, small providers with up to 5 thousand subscribers are not able to afford to install such equipment and data storage systems, the price of which can range from 5 million to hundreds of millions of rubles, depending on the volume of traffic.

Small telecom operators in Russia cannot afford the equipment required by the "Spring Law"

Dmitry Galushko, general director of the Orderkom consulting company, believes that many small players are likely to leave the market due to the requirements of the Yarovaya Law. In his opinion, based on the established practice, Roskomnadzor will hardly revoke licenses from operators who do not install SORM, but will continue to issue fines. Roskomnadzor notifies the Federal Security Service (FSB) of the operator's lack of the necessary equipment and may fine the company within the framework of a government decree adopted on December 30, 2020.

According to Galushko, problems with the organization of data storage, which is required by the "Spring Law," persist with most operators. He noted that the price of the necessary equipment for small providers is too high, it starts from 2.5 million rubles. The operators themselves also complained about the lack of certification of SORM equipment.^[12]

FSB and Ministry of Digital Development approved the requirements for the introduction of SORM equipment

On March 22, 2021, an order of the Ministry of Digital Development and the FSB "On Approval of Standard Requirements for the Plan of Measures for the Introduction of Equipment and Software and Hardware" used for operational-search measures and ensuring the security of the Russian Federation was published on the official Internet portal of legal information.

According to the document, when implementing SORM equipment and software in the action plan, among other things, it is necessary to indicate:

• details of the record on the inclusion of the information distribution organizer in the register of information distribution organizers;
• the period of provision of technical specifications for connection of software and hardware to the control center of the division of the authorized state body carrying out operational-search activities or ensuring the security of the Russian Federation;
• the period of organization of round-the-clock remote access of the authorized subdivision to the information system of the information dissemination organizer;
• the period of development of the scheme for the introduction of software and hardware;
• the period of development of the list of persons involved in the installation of software and hardware, as well as persons involved in their maintenance;
• the period of development of instructions for interaction of the personnel of the information dissemination organizer and (or) persons serving software and hardware with the authorized subdivision.

The FSB and the Ministry of Digital Development approved the requirements for the introduction of equipment and SORM software

The following shall be attached to the action plan:

• a functional diagram of the information system of the information dissemination organizer and its description;
• information on the number of users and the planned traffic volume, the method of organizing additional coding of electronic messages and (or) providing Internet users with the possibility of such coding;
• information on contracts regulating relations with telecom operators, etc.^[13][14]"

2019

How operators follow the Russians on the example of MTS. Secret documents hit the Internet

On September 18, 2019, it became known about a data leak from Nokia, as a result of which some details of the operation of technical means systems to ensure the functions of operational-search measures (SORM) were disclosed.

According to TechCrunch, the documents that appeared on the Web give an idea of ​ ​ the scale of SORM and the fact that the Russian authorities gain access to calls, messages and data of MTS customers.

Diagram of the integration of the SORM solution with the MTS network in Belgorod

Confidential files were discovered by the director of cyber risk research at UpGuard (specializing in information security) Chris Vickery. The data was stored on an Rsync backup server on an unprotected network drive owned by an employee of Nokia Networks, which for many years has been supplying MTS with equipment and services for updating telecommunications networks.

In the public domain there were detailed information about the deployment of operational-search measures on the territory of the Russian Federation. In particular, we are talking about instructions for installing equipment and its detailed diagrams and images, information about the accounts and names of employees and subcontractors, their phone numbers, a list of cities where the servers were located. The total amount of information was 1.7 TB.

In addition, 245 GB of Outlook data in PST format (mail archives), various contractual agreements (PDF files), as well as RAR, ZIP and other archives containing backups of document repositories, project proposals, operating manuals, progress reports, etc.

Inventory of network equipment, information on IP addresses and names of employees, as well as notes on the progress of work were spelled out in Excel tables. Another type of confidential files that have entered the network is the diagrams and designs of network equipment. They were accompanied by technical documents and information about the location.

Among the data that turned out to be in the public domain, experts found photographs and instructions for installing SORM manufactured by Nokia, supplied by MTS in 2014-2016. Judging by these materials, the systems are located in, Vladimir,, Lipetsk,, Ivanovo,, To Kaluga,, To Kostroma,, Bryansk,, Smolensk,,,, and Ryazan. Belgorod Voronezh Kursk Eagle Toole Tver Tambov Yaroslavl

Detailed floor plan on which SORM equipment is located

Excerpts published by UpGuard from the secret archive do not allow us to accurately assess how critical the information is - photographs of gray metal cabinets with fans and SORM letters, as well as plans for the premises where they are installed, are unlikely to pose a threat to Russian national security.

Nokia explains that the company provides and installs a "port" in the network that provides SORM connection and subsequent legitimate data interception. At the same time, Nokia itself does not store, analyze or process such data. This is done by Malvin Systems, which offers SORM-compatible technology installed on top of the very "port" of Nokia. This technology collects and stores user information. 

It turned out that the modernized SORM capabilities in the MTS network allow the government to access the database of everyone who is allowed to use the cellular network, including its international mobile subscriber ID and SIM card data. 

In addition, it follows from the documents that with the help of SORM, security officials can access the HLR (Home Location Register) database, which contains data about each subscriber, including location and information about the services that the user requested or received.

The documentation also mentions Signaling System 7 (SS7), a set of signaling protocols used to configure most telephone exchanges. SS7 allows cellular networks to set up and route calls and text messages. It is noted that this protocol cannot be considered secure, and it can be used for hacking.

Operators recognize the security flaws of SS7 and implement additional protections, but cannot completely solve the problems due to the peculiarities of the network architecture: it has been designed for a long time and does not take into account the modern capabilities of cybercriminals. SS7 security problems remain relevant, despite the emergence of 4G networks using a different signaling system, since telecom operators must provide support for 2G and 3G standards and interaction between networks of different generations.

According to experts, this data could theoretically be used by attackers for hacker attacks or in order to remotely intervene in the operation of SORM and spoil the equipment.

SORM equipment located indoors on one of the MTS telephone exchanges

UpGuard told Nokia about the public access of information not intended for public viewing. The Finnish company responded to the alert only four days later and solved the problem.

As Nokia spokesman Katja Antila explained, an existing employee of the company connected a UBS drive with old work documents to a home computer. Due to a configuration error, access to the computer and flash drive turned out to be freely open over the Internet without authentication. The company is continuing to investigate, TechCrunch said in a Sept. 18 release.

Although surveillance of users in Russia is allowed by law, work related to SORM is classified and requires engineers to have special work certificates. Equipment for SORM is purchased only from a small list of selected companies.^[15]

The Ministry of Communications has made changes to the rules of SORM equipment

On July 5, 2019, it became known that as part of the implementation of Article 13 of Law No. 374-FZ "On Amendments to the Federal Law" On Countering Terrorism "by order of the Ministry of Communications of the Russian Federation, amendments were made to the Federal Law" On Communications. " In particular, in the "Rules for the use of equipment of switching systems, including software that ensures the implementation of established actions during operational-search measures. Part III. " You can get acquainted with the full text of the order here.

In accordance with the document, telecom operators are assigned additional duties:

• to equip technical means of operational-search measures (OPM) installed on communication nodes of data transmission networks with technical means of information accumulation;
• perform certification of re-equipped ORM hardware.

The document reportedly comes into force 10 days after publication, which took place on July 3, 2019. According to the data on the federal portal of draft regulations, work on the draft of this order began in the fall of 2016.^[16]

Information accumulation means for SORM shall be of Russian origin

On May 31, 2019, it became known that the means of accumulating information that Russian law enforcement officers use to wiretap communication lines during the investigation should henceforth be of Russian origin. We are talking about systems of technical means to ensure the functions of operational-search measures (SORM).

The corresponding decree of the Government of Russia appeared on the portal of the official publication of legal acts. The resolution makes the necessary changes to the rules for the storage of messages and calls of users by telecom operators. The document was prepared the Ministry of Digital Development, Communications and Mass Media, FSB and Minpromtorg.

According to the decree, "the technical means of accumulating information included in the equipment of communication means that ensures the implementation of the established actions during operational-search measures must have a conclusion on confirmation of the production of industrial products in Russia valid at the time of installation of the specified equipment on the network of the telecom operator."

These means of accumulating information must comply with the requirements for data storage systems established by the Government Decree "On Confirmation of Industrial Production in Russia," which was adopted in July 2015.

The rules introduced do not apply to equipment whose purchase agreements were entered into before the regulation came into force.

As the authors of the document noted in an explanatory note, these rules should help provide Russian information security communication infrastructure in the face of sanctions from Western countries. The purpose of the decree is to protect the infrastructure from vulnerabilities in hacker attacks foreign equipment. Also, the decree should support Russian manufacturers of radio electronics and increase their competitiveness^[17]

2017

Most telecom operators do not provide stable operation SORM-2

The FSB is experiencing difficulties in finding attackers using IP telephony due to problems in the operation of the operational-search measures system (SORM-2) installed on operator networks, RBC reports .

As the correspondents of the publication found out during a journalistic investigation, most telecom operators in one way or another violate the requirements for installing and maintaining uninterrupted operation of the SORM-2. The system works with violations or does not work at all for 70% of operators.

According to experts, these statistics are due to several factors. The first of them is economic, the installation of SORM is carried out by the operator at his own expense in accordance with an individual plan approved by the local department. FSB Thus, most operators are cheaper to pay a fine (about 30 thousand) rubles than to install expensive equipment.

Secondly, some operators are experiencing technical difficulties regarding the compatibility of their equipment with FSB complexes. In particular, in the Sakhalin and Kostroma regions, VimpelCom did not record user traffic, since this was technically impossible and required a large-scale replacement of equipment.

After analyzing the judicial practice for 2016-2017, journalists found that during the reporting period, Roskomnadzor, on the basis of appeals from the FSB, opened 451 cases of administrative violations in connection with problems in the work of various types of SORM or delaying the deadlines for the introduction and modernization of complexes. In 86% of cases, operators were found guilty of "carrying out entrepreneurial activities in violation of the requirements and conditions provided for by the license." In 196 cases, operators paid fines in the amount of 30 thousand rubles provided for in Part 3 of Article 14.1 of the Administrative Code of the Russian Federation, and in 192 cases, companies were issued warnings.

The largest number of violations related to the work of SORM was recorded by the operator VimpelCom"" ("Beeline"), in respect of which 29 administrative cases were opened in various regions over the past two years, of which 25 ended in a fine. In second place in terms of the number of violations, the company has MTS 13 administrative cases against it. Six arbitration cases were initiated against Rostelecom, "" Yota() Yota and, MTT two cases were instituted against "," in MegaFon one case the defendant was "" T2 Mobile(). Tele2

By contacting SORM, the FSB can fix the system or not. Operators only connect equipment to their network, but cannot control the access of special services to user data. Special services can listen to citizens only after receiving the appropriate permission of the court. According to the judicial department at the Supreme Court of Russia, in 2016, courts of general jurisdiction issued 893.1 thousand similar permits to law enforcement agencies. According to statistics, in the period from January to June 2017, the number of requests for disclosure of the secrecy of correspondence and wiretapping of telephone conversations of citizens decreased.

The Ministry of Communications has prepared requirements for SORM equipment for Internet services

For Internet services operating in Russia and included in the Register of Information Dissemination Organizers, developed requirements for SORM equipment. Their author was the Ministry of Telecom and Mass Communications - the department prepared a draft order "On approval of requirements for equipment and software and hardware used by the organizer of the dissemination of information on the Internet in the information systems it operates, ensuring the implementation of established actions during operational-search measures, including the storage system," and put it up for public discussion.

According to the current legislation, services entered in the Register of Information Dissemination Organizers (ARI) must transfer information about users at the request of authorized government agencies (FSB). If services refuse to do this, they fall into another register - banned sites - and are blocked for access by users in the country.

At the same time, according to the Federal Law of May 5, 2014 No. 97 "On Amendments to the Federal Law" On Information, Information Technologies and Information Protection "and certain legislative acts of the Russian Federation on the streamlining of information exchange using information and telecommunication networks," organizers of the dissemination of information on the Internet, as well as telecom operators, are obliged to use special equipment to collect user metadata.

Until now, no one has asked for this requirement from the ARI, since there were no industry requirements for the necessary equipment and software and hardware. The situation is planned to be corrected, for which the Ministry of Telecom and Mass Communications has prepared an appropriate draft order.

By the way, the document contains requirements not only for the equipment itself, but also for the information that ARI is obliged to collect with its help. This is the user ID, the date and time of registration (in the case of a service contract, also the date and time of the agreement), pseudonym, full name, ​data of birth, the address of residence specified by the user, passport or other identity documents, a list of languages ​ ​ owned by the user, a list of relatives specified by the user, information about accounts in other services, the date and time of authorization and exit from the service, IP address, contact information (phone number and email address), the application used by the user, text messages, audio and video call records, transmitted files, payment data, location.

The main question (as in the case of telecom operators) that faces Internet services is who will pay for the purchase and installation of the relevant equipment? At the moment, this is not indicated in the document. Most likely, this will fall on the shoulders of the organizers of the dissemination of information themselves.

2016

SORM developer began looking for contractors to decrypt correspondence in instant messengers

Con Certeza, which develops systems of technical means to provide the functions of operational-search measures () SORM on the networks of telecom operators, is looking for a contractor to conduct a study if possible to intercept and decrypt traffic,,, WhatsApp Viber Facebook Messenger Telegram and. Skype

About this, writes "Kommersant"^[18], it became known from the correspondence of a Con Certeza employee with a technical specialist of one of the Russian companies in the field of information security, the content of which was familiarized with the publication^[19].

The purpose of the study is "the implementation or argument about the impossibility of implementing [these functions] in SORM systems in accordance with the regulatory requirements for cellular operators," according to a letter from a Con Certeza employee.

To study one messenger, it follows from the correspondence, two months are given, it is proposed to start work with Viber. Payment for work on each messenger is 130 thousand rubles for performing the main part of the study and 230 thousand rubles of the bonus "in case of receiving party identifiers or text when using MiTM."

State Duma Committee approved three-year storage of calls and correspondence by operators

The State Duma Committee on Security and Anti-Corruption recommended in May 2016 to adopt in the first reading the anti-terrorist draft amendments prepared by^[20]by the Chairman^[21]State Duma Committee on Security Irina Yarova and the Chairman of the Federation Council Committee on Defense Viktor Ozerov. Writes about this RBC^[22]

The document contains amendments to the law "On Communications," which oblige Russian operators to store data on voice and text messages of citizens for three years. According to the project, operators should store within the country for three years all information "on the facts of receiving, transmitting, delivering and processing voice information and text messages, including their content, as well as images, sounds or other messages of users by communication services." Operators are obliged to "provide this information to authorized state bodies carrying out operational-search activities or ensuring the security of the Russian Federation."

According to estimates by the operators of VimpelCom (Beeline brand), MegaFon and MTS, a three-year storage of calls and correspondence will cost $70 billion. This is several times higher than the total revenue of companies^[23].

Later, the head of the Ministry of Telecom and Mass Communications Nikolai Nikiforov agreed that the introduction of such amendments would lead to a collapse in the market^[24] if the ^[25] was adopted]. He also noted that the bill needs to be finalized. In this regard, the ministry has already prepared an appropriate review, and the draft law will be changed for the second reading.

Russia adopted an "impossible" law on total surveillance of Runet users

On May 13, 2016, the State Duma adopted in the first reading an "anti-terrorist" package of amendments proposed by deputies Viktor Ozerov and Irina Yarovaya^[26].

We are talking, in particular, about amendments to the laws "On Communications" and "On Information, Information Technologies and Information Protection," which oblige telecom operators and Internet companies to keep all negotiations between their subscribers and users for three years.

Before that, the Government published its response to the bill. It recognized the relevance of this document and agreed that its adoption would make the fight against terrorism and extremism more effective.

Total control over citizens

Telecom operators will have to store information "on the facts of receiving, transmitting, delivering and (or) processing voice information and text messages, including their content, as well as images, sound or other messages of communication service users" in Russia for a three-year period. Thus, we are talking about storing all telephone conversations, SMS messages, Internet traffic, etc.

Now telecom operators store for three years information about only subscribers and the communication services provided to them (that is, the details of the negotiations). In addition, there is a system of operational-search measures (SORM), thanks to which law enforcement agencies can intercept telephone conversations and Internet traffic of subscribers.

In 2014, the SORM-3 system was put into operation, which obliges telecom operators, at the request of law enforcement agencies, to store Internet traffic of certain subscribers for 12 hours.

The newly adopted bill establishes in the interests of the special services the norm for storing all negotiations of all subscribers for three years.

Amendments to the Law "On Information" relate to "organizers of the dissemination of information." The term was introduced by lawmakers in 2014 by the so-called Bloggers Act. It concerns Internet services that communicate between users: social networks, blog platforms, etc.

Now they must store on the territory of Russia all information about their users and messages transmitted to them for six months. The new bill obliges them to store the messages themselves, and the shelf life, as already noted, is extended to three years.

Expenses of 5 trillion rubles

The costs of telecom operators and Internet companies for the implementation of this bill in its current form will amount to 5.2 trillion rubles. This was reported by Interfax with reference to the conclusion of the Communications and Information Technologies working group under the Russian government. Such costs are unbearable, experts warn: telecom operators do not have technical and financial resources to fulfill the requirements of the law, as there are no corresponding free storage facilities in principle.

The implementation of the bill will require a radical restructuring of the existing system of interaction between telecom operators and law enforcement agencies, the experts say. Now operators are connected to special services by communication channels at a speed of 150 Mbps, this is not enough for several hundred exabytes of information.

The center's experts believe that the goal of the bill will still not be achieved, since now 49% of all transmitted traffic is encrypted, and within three years its share will grow to 90%.

2013: FSB gains full access to user traffic

In October 2013, it became known that Internet providers operating in Russia will have to install equipment for recording Internet traffic and storing it for at least 12 hours by July 1, 2014. Russian special services will have direct access to this equipment, the Kommersant newspaper reported.

The newspaper has at its disposal a letter from VimpelCom to the Ministry of Communications, in which the operator criticizes the draft order of the ministry on operational-search measures on the Internet, already agreed by the FSB. The document awaits registration with the Ministry of Justice and is likely to enter into force in 2013.

In the letter, the provider indicates that the provisions of the order "violate the rights guaranteed by the Constitution of the Russian Federation (Articles 23, 24, 45)," which enshrine the right to privacy to the secrecy of correspondence, telephone conversations, postal, telegraph and other messages, restriction of this right is allowed only on the basis of a court decision, and the collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed.

Information about the existence of this order to the newspaper was confirmed by three sources in the telecommunications market, including the manager of Rostelecom.

As a result of the entry into force of the document, the equipment installed by the providers will record all data packets coming to the providers and store them for at least 12 hours.

The order describes what information about Internet users will be transmitted to the special services. In particular, it is phone numbers, the IP addresses, names of accounts, "the e-mail addresses in mail.ru, yandex.ru, rambler.ru, gmail.com, yahoo.com services and dr".; ICQ IDs, Mobile Device IDs (IMEIs), Called Subscriber IDs, and Internet Telephony Caller IDs.

In addition, the draft order obliges providers to transmit to special services information about the location of subscriber terminals of users of Internet telephony services: Skype, etc.

By this time, SORM-2 equipment (the System of Operational-Search Measures) was installed in the networks of Russian providers, and, according to the rules of 2008, they are already obliged to transmit phone numbers and the location of mobile subscribers to special services, but are not required to record this data.

The new order, as the newspaper writes with reference to the security director of the combined company Afisha-Rambler-SUP Alexander Rylik, is an update of the requirements of 2008, taking into account "modern realities": "We transfer our traffic to the FSB hub. The SORM equipment that is installed here is simply an interface for interfacing with the FSB technical means. All processing is carried out at the FSB node. "

According to the expert, after the entry into force of the draft order, providers will send no more data to the FSB than they are sending now, and responsibility for possible abuses should lie with the authorities that receive the information.

According to preliminary calculations of VimpelCom, annual investments in equipment will amount to $100 million, according to MTS estimates - about 300 million rubles. According to a newspaper source in one of the ministries, operators now pay for the installation and operation of SORM equipment, although according to the law^[27] state must pay for SORM].

2008: The start of the updated SORM-2

The order, which came out in early 2008, did not cause as much resonance as it did 8 years ago. Its creators took into account old mistakes, and did not submit for public consideration a document containing requirements for channels, interfaces and equipment of data transmission networks to ensure the conduct of operational-search measures, in contrast to a similar document for PSTN and ATP.

However, some features of conducting SORM on a data network are still known. So, for example, the SORM Control Panel should be able to work with AAA provider protocols (RADIUS or TACACS +), moreover, in the case of dynamic allocation of IP addresses, all the necessary address information should be sent to the SORM Control Panel.

The main point of legal interception on SPD is the ability of law enforcement agencies to receive all information transmitted and received by a controlled user. In a packet switching network, this task is not trivial at all and requires an individual approach for each specific network. The choice of the most acceptable option for organizing OSRM on the network falls on the operator, despite the fact that he must comply with all the requirements put forward by law enforcement agencies.

Naturally, in this case, the implementation of the SORM-2 on the network of service providers will be a unique project. Accordingly, its cost will be quite significant, which is undesirable for the operator, and the project implementation time may stretch for many months, which is already unacceptable for law enforcement agencies. For both parties, the most suitable will be the implementation of a typical universal project, the differences of which will be only in the details that do not affect its main architecture.

Solutions and Installations SORM-2

When choosing the option of legal interception on a communication network, law enforcement agencies put forward their decisions based on the requirements for SORM-2 that they need to fulfill. And since the requirements for legal interception on a data network remain a rather "amorphous" concept, the operator also has to adapt to them in each specific case.

The most suitable solution to solve most of the problems encountered was a system for passive monitoring of information and interception of information on the network. The general connection diagram of passive intercept equipment is shown in Figure 1^[28].

The advantages of this scheme are obvious for both the carrier and law enforcement agencies. However, it was not possible to avoid some difficulties, primarily related to the installation and installation of a specialized "aggregating router" on the operator's network. This equipment is the point of concentration of all traffic on the network, through which 100% of the information circulating through the network passes.

If this scheme is used on IP telephony networks, we get a powerful tool that allows us to implement a full range of SORM measures at minimal costs on the part of the operator and while maintaining all the necessary requirements on the part of law enforcement agencies. This efficiency of its use on telephone networks is explained by the fact that the requirements for SORM-1 prescribe the interception of only telephone traffic and signal messages. Accordingly, its implementation allows you to fully implement all the requirements.

The situation on data networks is not so rosy. A huge number of different types of traffic, their most unusual combinations, as well as the widespread use of cryptography greatly complicates the process of "legitimate interception" itself and puts forward additional difficult-to-resolve requirements for SORM-2 equipment. Let's dwell in more detail on these features of the implementation of SORM-2 on the network.

Today, the end user can transmit a huge amount of information over the network, moreover, a wide variety of types (video, e-mail, voice data, etc.).

The widespread fascination with cryptographic information protection adds additional complexity to legitimate interception. When intercepting information encrypted in one way or another, it is almost impossible to decrypt it without using keys and specialized decoders. Naturally, in the case of passive monitoring, you can intercept keys that are transmitted over the network, but you need to learn how to use them and use them for a specific user. This is quite executable functionality, but its implementation will significantly complicate the entire legal interception system, as well as affect its performance.

In addition to the above difficulties, the process of installing and implementing the SORM subsystem on data transmission networks is accompanied by a number of difficulties associated with organizational features. But one of the most common problems is possible inconsistencies with the SORM Control Panels.

In the absence of clearly formulated requirements and standards for data exchange channels between the filtering device and the SORM CP, difficulties are inevitable in transmitting information, and even when the equipment is connected to each other. This problem expires from the fact that the SORM equipment installed in law enforcement agencies and the passive monitoring system operating on the operator's network are usually manufactured by various companies, often foreign, and have unique interaction interfaces incompatible with each other.

In this situation, the SORM-2 process control commands will not be fully executed or ignored at all. Therefore, for the docking of such equipment, additional devices will be required - converters that will be able to fully transfer the entire amount of information from the SORM control panel to the filtering device and vice versa.

Thus, the implementation of end products that allow you to install SORM-2 on existing communication networks is a rather confusing and ambiguous process, which is accompanied by high development and installation costs. Unfortunately, most of these costs fall on the shoulders of the telecom operator and the provider.

In addition, the lack of a clear legal framework and maximum formulated requirements do not allow creating products that can definitely be installed on communication networks, unlike SORM on telephone networks.

In this regard, the implementation of these products for Internet service providers and LDS operators for 2009 is not advisable, therefore, many companies manufacturers of SORM equipment are in no hurry to create products within the SORM-2. And they continue to develop the direction of telephony, including IP telephony, taking legal interception in this area to a qualitatively new level.

How Internet traffic monitoring works in practice

In accordance with the license conditions, before starting operation of its network (i.e. provision of services to subscribers), the telecom operator must obtain the Operation Permit from the authority that was called RosSvyazNadzor, RosSvyazOkhorokultura and a thousand other names (they changed on average every two years). For 2009, it is called RosSvyazComNadzor. Permits are issued in accordance with the Rules approved by the Government, in which it is written in black and white that the operator must resolve the issue with SORM, about which to present a "piece of paper" to the Supervision^[29].

This issue is being resolved, and a piece of paper is presented signed only by the FSB and no one else. No bodies of the Ministry of Internal Affairs - neither the local police department, nor the "K" department - or the tax department, nor anyone else has anything to do with this. Only the FSB can monitor Internet traffic. Other bodies or departments do not physically have technical capabilities for this - they do not put any equipment anywhere. By the way, this still indirectly follows from the fact that when the same department "K" needs something from the operator/hoster, he is forced to send an official document on his form and signed by the head. No one can just call and ask to "drop the traffic information from this IP" - operators/hosters in such cases usually simply "send" and ask to send an official request.

Let's return to our telecom operator, who needs to coordinate the issue of SORM with the FSB. Yes, formally, the operator really must buy special equipment for $10k and stretch a dedicated communication cable to the local FSB. However, no one really does this from small providers. Everything is limited to an agreement with the FSB to cooperate if they have questions (in fact, they simply exchange contacts with their officer-curator and FSB technician), and the signing of the "Protocol on the procedure for interaction within the framework of commissioning SORM" (or "Commissioning Plan..."), the essence of which, to put it briefly, boils down to the fact that the provider undertakes to make a "real" SORM sometime later (usually five years later). The classic principle of Khoja Nasreddin is valid - in five years either the company closes, or the money for a full-fledged SORM will earn, or something else will change. Moreover, many in five years sign the next same protocol and do not blow into the mustache.

What happens if one of the provider's customers actually sells helicopter parts or somehow otherwise threatens federal security? Well, they just call (or even write by e-mail) and ask to make tcpdump traffic from a certain address, and then throw it to ftp. The provider takes and does. That's all, actually.

If the provider has become large enough and is already "ripe" in order not to mess with dumps, he is installing FSB equipment. What is it? I can't vouch for everyone and everything, but what I saw - there were ordinary self-assembled computers in GenesysRack rack cases with Linux installed and two network devices - "input" and "output." At the "entrance" the provider simply mirrors traffic (its Internet traffic, but before NAT, of course), and assigns (well, i.e. reports to the FSB, and they themselves will assign) an external IP, according to which all this is controlled. Of course, I don't know what exactly is spinning under Linux, but here you don't need to be seven inches in your forehead - some packet analyzer so that you can only "hook up" what is required and not drive tons of traffic to the FSB data center.

The comments indicated that the self-collection mentioned in the topic is no longer used. Yes, I really saw this case 3 years ago. I am glad for our FSBshnikov that they began to order equipment from other contractors - who use either ready-made vendor servers or assemble something more or less decent-looking.

If you look really from the practical side, then the "terrible and terrible" SORM is not Big Brother and not an attempt to monitor and enslave everyone. This is really a means of protecting the security interests of the state, which is used only for this and, in general, solves rather modest and limited tasks.

2000: Implementation of the SORM-2 is delayed

Attempts to legally monitor the Internet activity of users have been made more than once, so in 2000 a number of decrees were issued that regulated the rules for organizing SORM on communication networks. However, this fact caused a strong reaction from the public, and then through the court it was possible to suspend the orders, which made it possible to postpone the introduction of SORM-2 on the Internet.

The development of a new order, requirements and related documents took another eight years, accompanied by numerous discussions and discussions. During this period, quite a lot has changed, both in the telecommunications market and in the surrounding world.

1913

First Phone Wiretapping System

In 1913, equipment was installed in the premises of the IV State Duma in St. Petersburg to eavesdrop on telephone calls. After that, no mention of the installation and development of SORM equipment was found, until 1992, when order No. 226 "On the use of communication equipment to ensure operational-search activities of the Ministry of Security of the Russian Federation" was published, in which it was required to provide premises and equipment to law enforcement agencies for legal interception. After that, new orders were published, with enviable constancy, which supplemented or replaced certain points of previous documents.

Restriction of secrecy of communication in Russia

All telecom operators in Russia are required to agree on an action plan for the implementation of SORM,^[30][31], otherwise their license may be revoked.^[32]Ошибка цитирования Неверный вызов: нет входных данных

In accordance with Article 23 of the Constitution of Russia, restriction of the secrecy of communication is allowed only by a court decision. At the same time, the law mentions the possibility of using SORM before a court decision, "in cases established by federal laws."^[33]:

the Russian SORM, the special service independently, without going to court, determines the user who must be put under control and independently performs this, therefore there is no separate administrative function on the Russian SORM model, we can say that it is integrated into the SORM PU.^[34]

From Article 64: "On the Duties of Telecom Operators in Conducting Operational-Search Measures and Conducting Investigative Actions" of the Federal Law "On Communications":

1. Telecom operators are obliged to provide authorized state bodies that carry out operational-search activities or ensure the security of the Russian Federation with information about users with communication services and about the communication services provided to them, as well as other information necessary to fulfill the tasks assigned to these bodies, in cases established by federal laws.^[35][36]

An official court decision is required to directly listen to conversations, but no court sanction is required to obtain other information (for example, about the facts of making calls). As a rule, SORM systems technically distinguish the rights of operators to access the system, and record the history of use, which provides protection against abuse by individual law enforcement officers.

Notes