Manufacturers of telecom equipment will be forced to update it to improve the quality of SORM

Posted by


The Ministry of Digital Transformation has published a draft order that amends the requirements for the system of technical means to ensure the functions of operational-search activities (SORM). Now manufacturers of equipment that is installed on communication networks at the request of the FSB must provide not only storage, but also systematization of user call traffic, geo-locations and browser histories.

Traffic – in convenient reports

The Ministry of Digital Development has prepared adjustments to the requirements for systems of technical means to ensure the functions of operational-search activities (SORM). The regulator proposes, through changes in the equipment for SORM, to systematize already collected user data and separately isolate and save Internet call traffic, geolocation and browser history.

The document was published on the regulation.gov.ru website for public discussion on June 7, 2022. The changes concern manufacturers of SORM equipment and certification bodies for this equipment. The key players in this industry in Russia are VAS Experts, Norsi-trans, Tehargos, Signaltek, Special Technologies, Citadel Group.

The changes, in particular, relate to the draft law from the “Yarovaya package”, according to which, from July 1, 2018, all operators were obliged to install SORM on their networks, along with the mandatory storage of telephone conversation data, messages, pictures and videos. All conversations and messages should be stored for six months, and Internet traffic – for a month. FSB officers get access to SORM systems after the court allows it.

sormsorm600.jpg

Manufacturers of telecom equipment will be required to lay out user data on the shelves

SORM should have “the functionality for setting the rules for generating HTTP statistics strings according to the criteria “Request Type (HTTP Request Methods)” and “Content Type (HTTP Content-Type),” the document says. The parameters for collecting various information and the format of its storage are also changing. Some categories of data are proposed to be identified and analyzed for user identification.

Also, the draft order corrects the requirements for the parameters of encoding information between the SORM control panel, which the FSB has and the technical means of SORM-3, which are located at the operators, and with the help of which they collect information and store it.

Why adjustments were needed

The market calls innovations a half-measure that will only minimally improve the situation with the investigation of cybercrime. In particular, this opinion was expressed by the head of the department of information and analytical research of the company T.Hunter Igor Bederov.

“Many years ago, IT specialists suggested creating a system for forensic accounting and identification of Internet users in the country, which would be based on collecting logs from communication providers, Internet operators and the largest Internet portals and would have a system for cross-analysis of data,” the CNews expert said. – This would allow you to see which person used traffic anonymization tools, which site he visited. And in the end, it would be possible to identify any users in the Russian segment of the Web, no matter whether they use the darknet, TOR, VPN, VPS, what services they access, and whether these services provide Russian authorities with information about their visitors.”

Facial biometrics in Russia expects rapid growth

Import substitution

According to Bederov, the new adjustments to the requirements for SORM are “minimal offer” and “ordinary fingerprint” (browser fingerprint), since they only suggest using the existing structure to highlight individual data on them.

“This will not solve the whole problem of extremely low investigation of Internet crimes,” Bederov emphasized. “In addition, there are questions about how this data will be analyzed, how it will be used, who will have access to it, and when it will all start. So far, the effectiveness of the information collected within the framework of SORM is small. Data is collected, but it needs to be centralized and a system of end-to-end analytics implemented. Otherwise, the FSB is just sitting on the data like a dog in the manger.”

Riot Operators

It is still unclear how Russian operators will react to the new requirements of the Ministry of Digital Development, however, regional players have already figured out how to circumvent the regulator’s instructions and protect their subscribers from excessive attention of special services. Internet providers began to unite in cooperatives in order to avoid spending on the purchase of SORM equipment and not store user traffic. Operators chose this strategy immediately after the adoption of the Yarovaya package, which forces operators to store user traffic for six months and at the same time increase storage capacity by 15% annually.

At the same time, the Ministry of Digital Development was not enthusiastic about the behavior of the operators and proposed to tighten the legislation in this area. So, on June 8, 2022, the regulator prepared amendments to the Tax Code, the Code of Administrative Offenses and the Law “On Communications” in order to apply turnover penalties for operators for the lack of SORM equipment in their networks. The amount of fines will reach from 0.01% to 0.05% of the operator’s annual revenue for communication services, but not more than 0.02% of the annual revenue from the sale of all services. The minimum fine is 1 million rubles. Until now, operators have been punished with 100-200 thousand rubles.

Angela Patrakova



Source link

Leave a Reply

Your email address will not be published.