Russia revs up “PRISM on steroids” to monitor all Winter Olympics communications

Russia revs up PRISM on steroids to monitor all Winter Olympics communications

Sochi. Image courtesy of Shutterstock.All communications coming from visitors and athletes at the 2014 Winter Olympics in Russia will be monitored by newly strengthened telephone and internet spying technologies.

Investigative work to document Russia’s massive surveillance ramp-up was undertaken by a team of Russian journalists looking into preparations for the Games, The Guardian reports.

According to a dossier compiled by the journalists, their country’s powerful security service – the Federal Security Service of the Russian Federation (FSB) – has been taking the steps to install near-ubiquitous monitoring.

Documents compiled by the journalists – Russian security services experts Andrei Soldatov and Irina Borogan – track government procurement and tenders from Russian communication companies showing that newly installed telephone and internet spying capabilities will give the FSB “free rein to intercept any telephony or data traffic and even track the use of sensitive words or phrases mentioned in emails, webchats and on social media”, The Guardian’s Shaun Walker writes.

Walker reports that the Russian journalists have collated dozens of open source technical documents published on Zakupki, the Russian government’s procurement website, as well as public records of government oversight agencies.

The duo’s investigations show that while surveillance technology is being modernized throughout the country, particular attention has been paid to overhauling telephone and Wi-Fi networks in the Black Sea resort of Sochi, where the Games will be hosted.

Walker describes how “major amendments” to the infrastructure have focused on SORM – the nation’s interception system for phone and internet communications.

At this point, SORM is so tied into Russian communications architecture that, Edward Snowden revelations aside, it makes the US National Security Agency’s (NSA’s) level of surveillance seem almost like an afterthought.

The Guardian quoted Ron Deibert, a professor at the University of Toronto and director of Citizen Lab, which co-operated with the Sochi research, as calling the Winter Games SORM upgrades “PRISM on steroids”.

The difference in the two countries’ surveillance infrastructures can be found where the communications providers’ rights intersect with the government’s pre-emptive power to force its will upon them, he said:

The scope and scale of Russian surveillance are similar to the disclosures about the US programme but there are subtle differences to the regulations... We know from Snowden's disclosures that many of the checks were weak or sidestepped in the US, but in the Russian system permanent access for Sorm is a requirement of building the infrastructure.

In fact, Russia has been beefing up SORM for some time, as Soldatov and Borogan, writing for Wired in December 2012, described.

In the article, the journalists delve into the difference between where the US and Russian governments insert surveillance into their countries’ respective communications infrastructures:

In the U.S. and Western Europe, a law enforcement agency seeks a warrant from a court and then issues an order for LI [the Western term LI, short for lawful interception, as used in press releases from SORM equipment providers] to a network operator or internet service provider, which is obliged to intercept and then to deliver the requested information.

In Russia, an FSB operative is also required to get an eavesdropping warrant, but he is not obliged to show it to anyone. Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes.

Thus, the FSB does not need to contact the ISP’s staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network. This system is copied all over the country: In every Russian town there are protected underground cables, which connect the HQ of the local FSB department with all ISPs and telecom providers in the region

The FSB since 2010 has been upgrading SORM to ensure it can cope with extra traffic during the Games, the journalists have discovered.

Olympics logoThe work has included laws that require all telephone and ISP providers to install SORM boxes in their technology.

Technically, the FSB requires a warrant to intercept a communication, but it’s not obliged to actually show it to anyone.

Once a SORM box is in place, the FSB can get at any and all phone calls or internet communications, without any of it being logged and without the provider ever knowing, Walker writes.

This will enable Russia to not only track suspected foreign spies, but also possibly to immediately break up any type of rally for gay rights amidst the controversy over Russia’s crackdown on such rights, Walker comments.

The US State Department’s Bureau of Diplomatic Security earlier this year warned those traveling to the Games to take precautions with communications and devices, The Guardian notes.

It sent out a brochure that read, in part:

"Business travellers should be particularly aware that trade secrets, negotiating positions, and other sensitive information may be taken and shared with competitors, counterparts, and/or Russian regulatory and legal entities."

Or as Naked Security’s Mark Stockley puts it, “Sochi is a surveillance trap set by one the globe’s experts in surveillance. So the only sensible advice is don’t do, say or bring anything you aren’t prepared to share with the Russian Federation.”