Nokia Documents Reveal How Russia Puts its Citizens Under Surveillance
SORM, a system used to monitor the Internet and telecommunication activity of Russians, has once again become a subject of controversy. The disclosed Nokia documents show how the system helps Russia to keep track of its citizens. One might start asking some uncomfortable questions about human rights violation.
Russia collects data from Internet and telecommunication providers within the country. There is nothing unusual about that - other countries do it as well. Such information, closely guarded and available only in reasonable circumstances to selected individuals, is intended to counter-terrorism or prosecute criminals. Few people, apart from conspiracy theorists, assume that the governments of the United States or the United Kingdom can use such data for morally questionable purposes. In the case of Russia, whose approach to the rule of law and human rights is considered by many to be 'controversial', the issue of data collection is no longer so clear.
SORM / COPM
An Federal Security Service (the FSB) system, monitoring internet and telephone activity of Russians. Enables government agencies and police to access private data. Devices connected to the network constantly collect data, recording conversations, messages and e-mails of users. Everything is in compliance with the law - companies and service providers are obliged to install the equipment under penalty of a fine or ban (see: LinkedIn). Despite such a wide range of activities, the information on monitoring is not particularly known among the citizens.
According to TechCrunch, Mobile TeleSystems, the largest mobile telephony operator in the country, also participates in SORM. Nokia Networks is responsible for the network and compliance with the monitoring system. Thanks to a vulnerability in the security of a home PC of one of the employees of the corporation, almost two terabytes of documents have seen the light of day, some of which show Nokia's involvement in the data collection process.
TechCrunch revealed fragments of the company's proposal to improve the data collection system (guaranteeing direct access to data, messages and connections) in cities such as Belgorod, Kursk and Voronezh and a photo of the device used for this purpose:
The improvement referred to above also gives access to IMSI (International Mobile Subscriber Identity) numbers and SIM card data. The documents also mention SS7 (Signalling System 7), a set of protocols enabling telecommunication networks to manage and redirect calls and SMS, which is known to be hackable and therefore not particularly secure. Mobile TeleSystems did not in any way address the doubts that this raises.
What is Nokia's direct contribution to these practices? According to its representatives, it grants network access to data interception devices in accordance with the law, on the basis of court orders. However, the company refuses to store, process and analyze them - this is what other companies are supposed to do (in Russia it is Malvin Systems, who also ignored questions from the editorial staff of the website). Nokia defines the advantages of its technology in this way:
"It allows telecom companies — like MTS — to respond to interception requests on targeted individuals received from the legal authority through functionality in our solutions.”
And that's where the problems begin. The majority of public opinion agrees that Russian services are not entirely trustworthy. In the wrong hands, such a system can be used to violate human rights. The legitimacy of the limited trust is confirmed by a comment by Adrian Shahbaz from Freedom House, a non-profit organization observing the state of freedom and the rule of law in the world, whom TechCrunch asked for his opinion:
"The companies will always say that with lawful interception, they’re complying with the rule of law. But it’s clear when you look at how Russian authorities are using this type of apparatus that it goes far beyond what is normal in a democratic society."
Nokia ensures that, before deciding to start cooperation, the company always checks that a country is not on the 'list' of countries that violate human rights, and that that the devices are not used to illegally eavesdrop on citizens.
"When we see a match between a technology that we think has potential risk and a country that has potential risk, we have a process where we review it internally and decide to go forward with the sale."
In August, Russian programmer Leonid Evdokimov revealed that thousands of e-mail addresses, phone numbers, logins and location data of Russians collected by SORM are too easily accessible. He also warned that the networks of many Internet providers are infected by software that intercepts and analyzes data.
