FITUG e.V. Förderverein Informationstechnik und Gesellschaft

[NEWS] WSJ on SORM

------- Forwarded message follows ------- Date sent: Mon, 27 Nov 2000 12:59:32 -0500 From: Marc Rotenberg <rotenberg@epic.org> Subject: [NEWS] WSJ on SORM To: gilc-plan@gilc.org Send reply to: gilc-plan@gilc.org

The Wall Street Journal Interactive Edition -- November 27, 2000 Tech Center

Russian ISP Defends Privacy Rights, Challenges Government Snooping

By GUY CHAZAN

Special to THE WALL STREET JOURNAL

VOLGOGRAD, Russia -- Nail Murzakhanov would much rather talk gigabytes than human rights. A self-confessed computer nut, he has little time for politics. But that changes when you ask him about spying on the Internet.

"Next thing they'll be asking for a spare set of keys to our apartments," he fumes. "They want to control anyone, wherever and whenever they want."

Despite his unassuming demeanor, Nail Murzakhanov is a folk hero in Russian high-tech circles. As head of a tiny Internet-service provider in this southern city, he was the first person ever to challenge the government's right to eavesdrop on private e-mail correspondence. Perhaps more impressive, the government backed down.

"They wanted me to let them snoop on people, without any outside checks or controls," says the 34-year-old head of Bayard Slavia Communications. "But I sign a confidentiality agreement with my customers, and I won't violate that for anyone."

The object of Mr. Murzakhanov's wrath is the system for operative-investigative measures, or SORM. Based on a 1995 law, it gives Russian security services -- among them the FSB domestic intelligence agency -- the right to tap phones, read postal correspondence and intercept e-mail. Police say it's a vital weapon in the fight against crime. Civil-rights campaigners say it's a snooper's charter, the first step on the road to a Big Brother-style police state.

SORM's supporters like to cite laws in the West, such as Britain's Regulation of Investigatory Powers Act, which sets down the rules police must follow when they monitor e-mail and tap phones, or the U.S. National Security Agency's Echelon project. Also in the U.S., the Federal Bureau of Investigation has had a hard time trying to sell its controversial Carnivore Internet-surveillance software to Congress.

But SORM differs from RIP, Carnivore and Echelon in one crucial respect. Russian law requires Internet service providers to integrate surveillance equipment into their own systems -- and do so at their own expense. Mr. Murzakhanov says the FSB told him he would have to buy the SORM hardware and install cables connecting it to the local FSB headquarters -- and train FSB personnel how to use it. He says it would have cost up to $100,000 to set up -- enough to drive him out of business.

The debate about SORM goes to the heart of liberals' fears about President Vladimir Putin, a former spy who came to power last March promising to create a "dictatorship of law." SORM wasn't his initiative; nonetheless, liberals see it as symptomatic of an administration in which former KGB officers are playing an increasingly active role.

That's why the ministry's backing down in the Murzakhanov case is viewed as significant by many in Net circles. If a small provincial ISP -- with only 1,420 subscribers and a staff of six -- operating out of the corner of a Volgograd electrical goods shop can fight SORM, then maybe others can, too. "It shows you can challenge the authorities and not only survive but win," says Anatoly Levenchuk, head of Moscow-based human-rights group Liberatarium.

SORM Storm

A summary of Russian state actions

Russia passed a law on "operative-investigative activity" (SORM) in August 1995, giving the state the right, among others, to control postal, telegraph and other communications, wiretap phones and intercept information from technical communication channels.

In July 2000, the Ministry of Communications issued order No. 130, stating that the technical means allowing for operative-investigative measures must be installed at electronic telephone exchanges, and at switching centers for mobile and wireless communications and paging services.

In August 2000, the Ministry of Communications dropped all claims against Bayard Slavia Communications and withdrew the threat to revoke its license.

Under SORM's provisions, ISPs and telephone operators are mandated to install a kind of black box that reroutes traffic to the headquarters of local law-enforcement agencies, allowing them to listen in on phone or e-mail conversation. Those that refuse can lose their licenses.

In theory, the authorities require a court warrant to read a criminal suspect's e-mail. But critics of SORM say judicial oversight of Russia's security services is so weak that there's no guarantee they'll always ask first -- especially if the information they want is just a click away.

Police counter that without this kind of clout they're powerless to deal with Russia's newest scourge -- high-tech crime. Russia's hackers are gaining a reputation as perhaps the most talented in cyberspace -- especially after Microsoft Corp. disclosed that passwords used to access its source code had been sent to an e-mail address in St. Petersburg. Low-tech, low-paid Russian policemen are ill-equipped to deal with these problems.

Anatoly Stolbikhin, a police lieutenant-colonel and head of a regional computer-crime department, says the ISPs are on their side. "The kind of people we investigate are hackers illegally using other people's passwords or credit-card details," he says. "These are crimes that can severely damage a provider's commercial interests."

Mr. Murzakhanov says he was first asked to install SORM by the Volgograd branch of the FSB domestic intelligence agency a month after Bayard Slavia Communications began operations in January 1998. He says he told the FSB that he would be quite happy to cooperate on a case-by-case basis, and only if the FSB showed him a court order confirming that a given subscriber was under criminal investigation. He says the agents refused, and told him that they never tell anyone whom they are investigating.

According to Mr. Murzakhanov, the FSB referred to Bayard Slavia's license, which says a provider must assist law-enforcement agencies in carrying out "operative-investigative measures". But Mr. Murzakhanov says he cited another clause of the license that makes any disclosure of a client's personal data a criminal act. He refused to sign.

The authorities went on the offensive in April last year, switching off Bayard Slavia's satellite dish, which forced it out of business for two months, according to Mr. Murzakhanov. Then in November, the Communications Ministry threatened to revoke his license unless he complied with the FSB. The businessman responded by taking the ministry to court.

A session of the Moscow Arbitration Court was scheduled for Aug. 21, 2000, but a week before it met, Mr. Murzakhanov received a letter

>from the ministry saying it had dropped its claims against Bayard

"We realized that we just didn't have the necessary legislation in place to proceed," said Sergei Grigorenko, a ministry spokesman. The case was closed, and since then, Bayard Slavia has been left in peace. Mr. Grigorenko didn't rule out the possibility of pursuing the ministry's case against Bayard Slavia further once additional laws have been passed.

Mr. Murzakhanov says the FSB is fooling itself if it really thinks it can monitor all e-mail correspondence in Russia. "Internet traffic is doubling every month," he says. "You need a hundred highly qualified people, well-versed in cryptography, to monitor just 10,000 subscribers."

But Liberatarium's Mr. Levenchuk expressed doubt that other operators would follow Bayard Slavia's example. "Most people think it's easier to give in to the state than oppose it," he says. "They just want a quiet life."

------- End of forwarded message -------

Zurück