The conference “Actual issues of implementing the SORM on telecommunication networks of Russia” (SORM-2015) was held on November 24, 2015 in Moscow, Russia. At this conference the issues of interaction between telecommunications companies, telecommunications operators and special services were discussed.

The reason – the launch of new technologies VoLTE and VoWiFi to make VoIP communications in 4G and Wi-Fi networks. The problem is that now the intelligence agencies have specific requirements for the system of interaction of operators with special services. But these requirements are technically obsolete, and prevent introduction of new technologies.

The Federal Security Service has developed rules for Russian companies which deal with personal data in digital form.

The document says that if the company plans to use encryption, these funds must be certified by FSB. At the same time it can be obtained only by the technical tools that implement domestic cryptographic algorithms, but they can be supported by neither iOS, nor Android. The cost of using these algorithms is very expensive, for example installing "Crypto CSP" on one computer will cost about two thousand rubles. The document also states that the servers with crypto must be sealed in buildings with bars on the windows at night. 

The state plans to oblige Internet companies to store and transmit information about their users to the authorities for the law enforcement requests. Intelligence agencies can receive e-mail addresses, user names, contact lists and other users’ data, but the transference of posts, comments, and personal correspondence is not provided in the document.

Russian Communications Ministry and FSB developed a list of amendments to the legislation, according to which Internet companies will have to transmit user data to law enforcement officials after receiving the request. The document also provides a list of sites that must either wait for receipt of notice from the representatives of law and order, or register in Russian Communications Ministry by itself. 

Russian law gives Russia’s security service, the FSB, the authority to use SORM (“System for Operative Investigative Activities”) to collect, analyze and store all data that transmitted or received on Russian networks, including calls, email, website visits and credit card transactions.

SORM has been in use since 1990 and collects both metadata and content. SORM-1 collects mobile and landline telephone calls. SORM-2 collects internet traffic. SORM-3 collects from all media (including Wi-Fi and social networks) and stores data for three years. Russian law requires all internet service providers to install an FSB monitoring device (called “Punkt Upravlenia”) on their networks that allows the direct collection of traffic without the knowledge or cooperation of the service provider. 

Russia’s Federal Security Service (FSB) wants to gain maximum control over the information on the internet. This was reported today by Kommersant newspaper, which obtained access to a letter of VimpelCom, aimed at the Ministry of Communications. In the letter, the operator gives a number of comments on the draft ministerial order on investigative activities on the internet.

In accordance with the draft order of the Ministry of Communications, from July 1, 2014 all internet providers are required to install network equipment for recording and storing internet traffic for minimum 12 hours, and the security forces will have direct access to these records.