The question Edward Snowden should have asked Russian President Vladimir Putin on Thursday was: “Would you please describe how the three versions of SORM operate and what is done with the intercepted phone, email and other electronic media those systems collect?”
The former National Security Agency contractor who in May leaked tens of thousands of highly classified NSA documents that described hundreds of U.S. electronic interception programs, must know about SORM (System of Operative-Investigative Measures), the decades-old but continually upgraded Russian electronic surveillance system.
Putin — who said at one point, “We don’t have a mass system of such interception, and according to our law it cannot exist” — was far from truthful in his answers, but I will deal with that later.
Although details about the Russian system have gotten little publicity amid the stories about the NSA’s operations, it is described on Google and dozens of open websites. Much of what has been published recently about the Russian system has been the product of investigations by Andrei Soldatov and Irina Borogan, editor and deputy editor of Agentura.ru, a journalistic source on Russia’s secret services.
In the 1980s, the Soviet Union’s security service, the KGB, developed an automated nationwide communications interception system for government-run telecommunications. When the Soviet structure collapsed, the Russian government’s Ministry of Communications approved a system that required newly privatized telecom companies to allow the FSB, successor to the KGB, to continue surveillance under what was referred to as SORM-1.
The FSB requires telecom companies to install a device that allows the security service continuous capability to listen or record calls without the telecom’s knowledge. The device rerouts communications to an FSB controller, allowing the agency full access to the communications. Every regional FSB headquarters is connected by cable to all telephone operators and Internet providers in its region.
To monitor particular phone conversations or Internet communications, an FSB agent gets a warrant that he must show to superiors, but no one else.
It was disclosed in 1998 that SORM-2 had been put into operation, allowing the FSB to monitor the Internet along with all telephones, conventional and mobile. Russian Internet service providers (ISPs) had to install a special device on their servers that allowed the security service to collect directly any traffic it sought, without the knowledge of the ISP or its users.
In January 2000, shortly after he became president, Putin showed his awareness of the SORM system by amending the law to give other security services access. These included the Interior Ministry, the Federal Protective Service, the Foreign Intelligence Service, Customs and Excise, the Federal Antidrug Agency, the Federal Prisons Service, and the Main Intelligence Directorate of the General Staff.
More recently, SORM-3 has been installed. It not only continues to provide all data on subscribers — including social networks and credit card transactions — but reportedly also has storage capabilities for three years. In October, in advance of the Sochi Winter Olympics, the SORM system was upgraded again, with deep packet inspection (DPI) that allows identifying the originator and recipient of specific packets of electronic information and also the capability to filter the information within those packets.
The U.S. government is familiar with SORM. In a May 22 report, the State Department’s Bureau of Diplomatic Security issued a warning to people traveling to the Olympics that they should be aware of SORM, which “permits the monitoring, retention and analysis of all data that traverses Russian communications networks.”
The State Department’s security people advised travelers to Russia: “Do not check business or personal electronic devices with your luggage at the airport. . . . Do not connect to local ISPs at cafes, coffee shops, hotels, airports or other local venues. . . . Change all your passwords before and after your trip. . . . Technology is commercially available (in Russia) that can geo-track your location and activate the microphone on your phone.”
Putin made a point that “court permission (was needed) to stalk a particular person.” But while the Snowden disclosures have not brought forth any examples of a U.S. individual’s civil liberties being violated by NSA operations, the Russian press has recorded misuse of the SORM system in that country.
On Dec. 19, 2011, the pro-government website Lifenews.ru published audio files of nine tapped phone calls of then-opposition leader Boris Nemtsov, who sought an official probe, but the perpetrator was never found.
On Nov. 12, 2012, Russia’s Supreme Court upheld a decision by a court in Yekaterinburg that had ruled that intercepting telephone calls by a regional opposition leader, Maxim Petlin, was lawful because he had participated in rallies against increasing the FSB’s powers.
The court’s decision has been seen as justification for SORM to be used against Putin’s political opponents, and several of them have discussed interrogations in which intercepts were used against them.
One final word about the Snowden-Putin exchange. In his published response to critics Thursday, Snowden seemed to acknowledge SORM’s scope when he said journalists should ask Putin “for clarification as to how millions of individuals’ communications are not being intercepted, analyzed or stored, when at least on a technical level the (Russian) systems that are in place must do precisely that in order to function.”
Snowden offers Putin the opportunity to clarify his denial that his country intercepts, analyzes or stores millions of individual communications.
On the other hand, Snowden refers to Director of National Intelligence James Clapper’s answer at a Senate Select Committee on Intelligence as a “lie,” when Clapper said that the NSA was not collecting records on millions of Americans. Snowden then ignores Clapper’s apology — and fuller statements about NSA programs. Different strokes?
© 2014, The Washington Post