[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) [NEWS] WSJ on SORM




------- Forwarded message follows -------
Date sent:      	Mon, 27 Nov 2000 12:59:32 -0500
From:           	Marc Rotenberg <rotenberg@epic.org>
Subject:        	[NEWS] WSJ on SORM
To:             	gilc-plan@gilc.org
Send reply to:  	gilc-plan@gilc.org



The Wall Street Journal Interactive Edition --
November 27, 2000 Tech Center

Russian ISP Defends Privacy Rights, Challenges Government Snooping

By GUY CHAZAN

Special to THE WALL STREET JOURNAL

VOLGOGRAD, Russia -- Nail Murzakhanov would much rather talk
gigabytes than human rights. A self-confessed computer nut, he has
little time for politics. But that changes when you ask him about
spying on the Internet.

"Next thing they'll be asking for a spare set of keys to our
apartments," he fumes. "They want to control anyone, wherever and
whenever they want."

Despite his unassuming demeanor, Nail Murzakhanov is a folk hero in
Russian high-tech circles. As head of a tiny Internet-service provider
in this southern city, he was the first person ever to challenge the
government's right to eavesdrop on private e-mail correspondence.
Perhaps more impressive, the government backed down.

"They wanted me to let them snoop on people, without any outside
checks or controls," says the 34-year-old head of Bayard Slavia
Communications. "But I sign a confidentiality agreement with my
customers, and I won't violate that for anyone."

The object of Mr. Murzakhanov's wrath is the system for
operative-investigative measures, or SORM. Based on a 1995 law, it
gives Russian security services -- among them the FSB domestic
intelligence agency -- the right to tap phones, read postal
correspondence and intercept e-mail. Police say it's a vital weapon in
the fight against crime. Civil-rights campaigners say it's a snooper's
charter, the first step on the road to a Big Brother-style police
state.

SORM's supporters like to cite laws in the West, such as Britain's
Regulation of Investigatory Powers Act, which sets down the rules
police must follow when they monitor e-mail and tap phones, or the
U.S. National Security Agency's Echelon project. Also in the U.S., the
Federal Bureau of Investigation has had a hard time trying to sell its
controversial Carnivore Internet-surveillance software to Congress.

But SORM differs from RIP, Carnivore and Echelon in one crucial
respect. Russian law requires Internet service providers to
integrate surveillance equipment into their own systems -- and do so
at their own expense. Mr. Murzakhanov says the FSB told him he would
have to buy the SORM hardware and install cables connecting it to the
local FSB headquarters -- and train FSB personnel how to use it. He
says it would have cost up to $100,000 to set up -- enough to drive
him out of business.

The debate about SORM goes to the heart of liberals' fears about
President Vladimir Putin, a former spy who came to power last March
promising to create a "dictatorship of law." SORM wasn't his
initiative; nonetheless, liberals see it as symptomatic of an
administration in which former KGB officers are playing an
increasingly active role.

That's why the ministry's backing down in the Murzakhanov case is
viewed as significant by many in Net circles. If a small provincial
ISP -- with only 1,420 subscribers and a staff of six -- operating out
of the corner of a Volgograd electrical goods shop can fight SORM,
then maybe others can, too. "It shows you can challenge the
authorities and not only survive but win," says Anatoly Levenchuk,
head of Moscow-based human-rights group Liberatarium.


SORM Storm

A summary of Russian state actions

 Russia passed a law on "operative-investigative activity"
 (SORM) in August 1995, giving the state the right, among
 others, to control postal, telegraph and other communications,
 wiretap phones and intercept information from technical
 communication channels.

 In July 2000, the Ministry of Communications issued order No.
 130, stating that the technical means allowing for
 operative-investigative measures must be installed at
 electronic telephone exchanges, and at switching centers for
 mobile and wireless communications and paging services.

 In August 2000, the Ministry of Communications dropped all
 claims against Bayard Slavia Communications and withdrew the
 threat to revoke its license.


Under SORM's provisions, ISPs and telephone operators are mandated to
install a kind of black box that reroutes traffic to the headquarters
of local law-enforcement agencies, allowing them to listen in on phone
or e-mail conversation. Those that refuse can lose their licenses.

In theory, the authorities require a court warrant to read a
criminal suspect's e-mail. But critics of SORM say judicial
oversight of Russia's security services is so weak that there's no
guarantee they'll always ask first -- especially if the information
they want is just a click away.

Police counter that without this kind of clout they're powerless to
deal with Russia's newest scourge -- high-tech crime. Russia's hackers
are gaining a reputation as perhaps the most talented in cyberspace --
especially after Microsoft Corp. disclosed that passwords used to
access its source code had been sent to an e-mail address in St.
Petersburg. Low-tech, low-paid Russian policemen are ill-equipped to
deal with these problems.

Anatoly Stolbikhin, a police lieutenant-colonel and head of a
regional computer-crime department, says the ISPs are on their side.
"The kind of people we investigate are hackers illegally using other
people's passwords or credit-card details," he says. "These are crimes
that can severely damage a provider's commercial interests."

Mr. Murzakhanov says he was first asked to install SORM by the
Volgograd branch of the FSB domestic intelligence agency a month
after Bayard Slavia Communications began operations in January 1998.
He says he told the FSB that he would be quite happy to cooperate on a
case-by-case basis, and only if the FSB showed him a court order
confirming that a given subscriber was under criminal investigation.
He says the agents refused, and told him that they never tell anyone
whom they are investigating.

According to Mr. Murzakhanov, the FSB referred to Bayard Slavia's
license, which says a provider must assist law-enforcement agencies in
carrying out "operative-investigative measures". But Mr. Murzakhanov
says he cited another clause of the license that makes any disclosure
of a client's personal data a criminal act. He refused to sign.

The authorities went on the offensive in April last year, switching
off Bayard Slavia's satellite dish, which forced it out of business
for two months, according to Mr. Murzakhanov. Then in November, the
Communications Ministry threatened to revoke his license unless he
complied with the FSB. The businessman responded by taking the
ministry to court.

A session of the Moscow Arbitration Court was scheduled for Aug. 21,
2000, but a week before it met, Mr. Murzakhanov received a letter
>from the ministry saying it had dropped its claims against Bayard
Slavia and canceled its threat to withdraw the license.

"We realized that we just didn't have the necessary legislation in
place to proceed," said Sergei Grigorenko, a ministry spokesman. The
case was closed, and since then, Bayard Slavia has been left in peace.
Mr. Grigorenko didn't rule out the possibility of pursuing the
ministry's case against Bayard Slavia further once additional laws
have been passed.

Mr. Murzakhanov says the FSB is fooling itself if it really thinks it
can monitor all e-mail correspondence in Russia. "Internet traffic is
doubling every month," he says. "You need a hundred highly qualified
people, well-versed in cryptography, to monitor just 10,000
subscribers."

But Liberatarium's Mr. Levenchuk expressed doubt that other
operators would follow Bayard Slavia's example. "Most people think
it's easier to give in to the state than oppose it," he says. "They
just want a quiet life."



------- End of forwarded message -------