SORM System Development

Government procurement documents and tenders from Russian communication companies indicate that newly installed telephone and internet spying capabilities will give the FSB free rein to intercept any telephony or data traffic and even track the use of sensitive words or phrases mentioned in emails, webchats and on social media.

The journalists, Andrei Soldatov and Irina Borogan, who are experts on the Russian security services, collated dozens of open source technical documents published on the Zakupki government procurement agency website, as well as public records of government oversight agencies. They found that major amendments have been made to telephone and Wi-Fi networks in the Black Sea resort to ensure extensive and all-permeating monitoring and filtering of all traffic, using Sorm, Russia’s system for intercepting phone and internet communications.


The Sorm system is being modernised across Russia, but particular attention has been paid to Sochi given the large number of foreign visitors expected next year. Technical specifications set out by the Russian state telecoms agency also show that a controversial technology known as deep packet inspection, which allows intelligence agencies to filter users by particular keywords, is being installed across Russia’s networks, and is required to be compatible with the Sorm system.

"For example you can use the keyword Navalny, and work out which people in a particular region are using the word Navalny," says Soldatov, referring to Alexei Navalny, Russia’s best-known opposition politician. "Then, those people can be tracked further."

Ron Deibert, a professor at the University of Toronto and director of Citizen Lab, which co-operated with the Sochi research, describes the Sorm amendments as "Prism on steroids", referring to the programme used by the NSA in the US and revealed to the Guardian by the whistleblower Edward Snowden. "The scope and scale of Russian surveillance are similar to the disclosures about the US programme but there are subtle differences to the regulations," says Deibert. "We know from Snowden’s disclosures that many of the checks were weak or sidestepped in the US, but in the Russian system permanent access for Sorm is a requirement of building the infrastructure."

"Even as recently as the Beijing Olympics, the sophistication of surveillance and tracking capabilities were nowhere near where they are today."

Gus Hosein, executive director of Privacy International, which also co-operated with the research, said: "Since 2008, more people are travelling with smartphones with far more data than back then, so there is more to spy on."

Wary of Sorm’s capabilities, earlier this year a leaflet from the US state department’s bureau of diplomatic security warned anyone travelling to the Games to be extremely cautious with communications.

"Business travellers should be particularly aware that trade secrets, negotiating positions, and other sensitive information may be taken and shared with competitors, counterparts, and/or Russian regulatory and legal entities," the document reads. The advice contains an extraordinary list of precautions for visitors who wish to ensure safe communications, such as removing batteries from phones when not in use and only travelling with "clean" devices.

Soldatov and Borogan have discovered that the FSB has been working since 2010 to upgrade the Sorm system to ensure it can cope with the extra traffic during the Games. All telephone and ISP providers have to install Sorm boxes in their technology by law, and once installed, the FSB can access data without the provider ever knowing, meaning every phone call or internet communication can be logged. Although the FSB technically requires a warrant to intercept a communication, it is not obliged to show it to anyone.

Tellingly, the FSB has appointed one of its top counterintelligence chiefs, Oleg Syromolotov, to be in charge at Sochi: security will thus be overseen by someone who has spent his career chasing foreign spies rather than terrorists.

Another target may well be gay rights, likely to be one of the biggest issues of the Games. Putin has said that competitors who wear rainbow pins, for example, will not be arrested under the country’s controversial new law that bans "homosexual propaganda". However, it is likely that any attempts to stage any kind of rally or gathering to support gay rights will be ruthlessly broken up by police, as has been the case on numerous occasions in Russian cities in the past. Using DPI, Russian authorities will be able to identify, tag and follow all visitors to the Olympics, both Russian and foreign, who are discussing gay issues, and possibly planning to organise protests.

"Athletes may have particular political views, or they may be openly gay," says Deibert. "I think given recent developments in Russia, we have to be worried about these issues."

At a rare FSB press conference this week, an official, Alexei Lavrishchev, denied security and surveillance at the Games would be excessive, and said that the London Olympics featured far more intrusive measures. "There, they even put CCTV cameras in, excuse me for saying it, the toilets," said Lavrishchev. "We are not taking this kind of measure."

The FSB did not respond to a request for comment from the Guardian, while a spokesperson for the Sochi Olympics referred all requests to the security services. But Russian authorities often express a belief that NGOs working on human rights and other issues have subversive agendas dictated from abroad, and the FSB apparently feels that with so many potentially dangerous foreigners descending on the Black Sea resort for the Olympics, it has a duty to keep an eye on them.

In the end, the goal is overarching, but simple, says Soldatov: "Russian authorities want to make sure that every connection and every move made online in Sochi during the Olympics will be absolutely transparent to the secret services of the country."


SORM (Russian: Система Оперативно-Розыскных Мероприятий, literally "System for Operative Investigative Activities") is a technical system for search and surveillance in the internet. A Russian law passed in 1995 allows the FSB to monitor telephone and internet communications.




SORM-1 system has been established in 1996 to monitor telephone communications.


In July 1998 the system was replaced by SORM-2 to allow monitoring of the internet, in addition to telephone communications. According to some reports, under SORM-2 Russian Internet service providers (ISPs) must install a special device on their servers to allow the FSB to track all credit card transactions, e-mail messages and web use. The device, which has been estimated to cost $10,000-$30,000, must be installed at the ISP’s expense. Other reports note that some ISPs have had to install direct communications lines to the FSB and that costs for implementing the required changes were in excess of $100,000.

On July 25, 2000, Russia’s Minister of Information Technology and Communications Leonid Reiman issued the order No 130 "Concerning the introduction of technical means ensuring investigative activity (SORM) in phone, mobile and wireless communication and radio paging networks" stating that the FSB was no longer required to provide telecommunications and Internet companies documentation on targets of interest prior to accessing information. ([1], full text of the order in Russian: [2])

Access by seven additional government agencies

On January 5, 2000, during his first week in office, president Vladimir Putin amended the law to allow seven other federal security agencies access to intelligence gathered via SORM. The newly endowed agencies included:

Notification ruling

In late 2000, a Russian Supreme Court ruled that the FSB was required to inform ISPs when its agents were using the system. The case was started by a complaint filed by a 26 year old St. Petersburg journalist who was "fed up waiting for civil rights groups and ISPs to protest".

See also

External links


Official Instructions

Retrieved from ""



About this entry