Russian Internet Surveillance: Meet the New Boss, Same as the Old Boss

Nikolai Nikiforov, Russia's young Minister of Communications. Nikiforov's appointment in 2012 was supposed to usher in a new era of effective internet policy.

Nikolai Nikiforov, Russia's young Minister of Communications. Nikiforov's appointment in 2012 was supposed to usher in a new era of effective internet policy.

In the latest news from Russia's slow but inexorable march to tighter control over the Internet, the Russian security apparatus is now expanding its surveillance requirements for Russian ISPs. The newspaper Kommersant recently published an article [ru] detailing a complaint made by Vympelkom (the owner of the mobile network Beeline) to the Ministry of Communications about a new decree that is due to come into force next year. The decree (PDF found here [ru]), which was jointly developed by the Ministry and the FSB (Federal Security Service), will require ISPs to monitor all Internet traffic, including IP addresses, telephone numbers, and usernames. Not only that — the traffic will have to be stored for 12 hours after collection. Vympelkom argues that the decree runs contrary to several articles of the Russian Constitution, including the rights to privacy and due process.

Some bloggers were rightly scandalized by the news. Journalist and blogger Matvei Ganapolsky argued [ru] that the new regulations will be used to target members of the opposition, and that any arguments to the contrary will be explained away with the needs of the War on Terror. Ganapolsky also conspiratorially noted that the recent Volgograd suicide bombing coincides with the news of the new law:

Россия устроена так, что предложение подобного приказа удивительным образом совпадает со взрывом автобуса в Волгограде. И если я сейчас начну возражать, то тут же выпрыгнет господин Бастрыкин. И он скажет, что если бы могли читать всё это раньше, то теракта, возможно, не было бы, террористку засекли бы.

Russia is made in such a way that the suggestion of this decree miraculously coincides with a bus exploding in Volgograd. And if I start complaining, then Mr. Bastrykin (head of the Investigative Committee) will appear. And he will say that if only they could monitor it all before, then maybe there would be no bombing, the terrorist would have been caught.

Of course, as some bloggers cynically pointed out, the FSB already monitors the Internet, and already requires ISPs to place duplicating “black boxes” on their servers, routing all internet traffic through FSB offices in real time. ISPs are also already required to keep track of IP addresses and user IDs. These regulations already in place, called SORM –the System for Operative Investigative Activities — are just as bad in violating the Constitution as the new decree, argues [ru] exasperated LiveJournal blogger Daniil Lazoukov. Lazoukov also wondered why Vympelkom didn't protest when the surveillance system was first implemented in 2008.

According to Echo Moskvy blogger Eldar Murtazin [ru], an analyst at the Mobile Research Group, the explanation lies in the game-changing requirement that ISPs store all internet data for 12 hours. Currently the FSB simply does not have the resources or the technology to effectively monitor all Internet traffic in real time, especially because the volume of data has grown “exponentially” over the years. The 12 hour clause will allow the security apparatus a buffer, essentially outsourcing initial data collection and storage to the ISPs. The FSB would then be able to request any part of this data, provided they did it within the 12 hour window. This, in turn, says Murtazin, means that a large part of the cost of monitoring the Internet will be shifted to the ISPs, which is what they are really up in arms about.

Regardless of whether Murtazin is correct in ascribing purely pecuniary motives to Russia's ISP, the new SORM, while certainly similar to the old SORM, promises to be more effective at monitoring the Internet. The difference, to Habrahabr user shifttstas [ru], is in the spirit and the scope — the current SORM, while it does provide a small stream of data to the FSB for analysis, isn't concerned with “mass surveillance.” With the new SORM, everyone is a target.

It remains to be seen if the new regulations will change the experience of the average Russian Internet user, but the trend is clear. More control, less freedom.

3 comments

  • […] In the latest news from Russia's slow but inexorable march to tighter control over the Internet, the Russian security apparatus is expanding its surveillance requirements for Russian ISPs.  […]

  • Komm

    So… essentially. This will allow them to more easily locate and oppress/beat/torture anyone who isn’t straight or people support the LGBT-community in Russia, who might be getting word and evidence out of their mistreatment, or forming societies online for information and protection.

    Considering the climate of Russia that this is proposed in, I hardly see this as counter-terrorism. Much like how America claims much of its spying and the like on its own people is to ‘protect us’, yet there’s no solid proof that they’ve ever stopped actual terrorist plots using it. Instead, others actually benefit from the data collection, and people who don’t deserve incarceration get arrested for crimes that should be as minor as jaywalking, but aren’t because the people with billions to spend say it’s a big deal.

    We’re onto you, governments. All the facts line up, this isn’t mere speculation or theory.

Join the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.