Hubbry Logo
SORMSORMMain
Open search
SORM
Community hub
SORM
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
SORM
SORM
SORM
View on Wikipedia
from Wikipedia

The System for Operative Investigative Activities (SORM; Russian: Система оперативно-разыскных мероприятий, romanizedSistema operativno-razysknykh meropriyatiy) is the technical specification for lawful interception interfaces of telecommunications and telephone networks operating in Russia. The current form of the specification enables the targeted surveillance of both telephone and Internet communications. Initially implemented in 1995 to allow access to surveillance data for the FSB, in subsequent years the access has been widened to other law enforcement agencies.

History

[edit]

SORM-1

[edit]

SORM was first implemented in 1995, requiring telecommunications operators to install FSB-provided hardware allowing the agency to monitor users’ communications metadata and content, including phone calls, email traffic and web browsing activity, despite the low internet penetration rate at the time.[1]

SORM-2

[edit]

In July 1998 the system was replaced by SORM‑2. Under SORM‑2, Russian Internet service providers (ISPs) must install a special device on their servers to allow the FSB to track all credit card transactions,[2] email messages and web use.[3] The device must be installed at the ISP's expense.[4] It has been estimated to cost $10,000–30,000.[2] Other reports note that some ISPs have had to install direct communications lines to the FSB and that costs for implementing the required changes were in excess of $100,000.[citation needed]

In July 2000, Russia's Minister of Information Technology and Communications Leonid Reiman issued the order No 130 "Concerning the introduction of technical means ensuring investigative activity (SORM) in phone, mobile and wireless communication and radio paging networks" stating that the FSB was no longer required to provide telecommunications and Internet companies documentation on targets of interest prior to accessing information.[5]

In August 2014, SORM-2 usage was extended to monitoring of social networks, chats and forums, requiring their operators to install SORM probes in their networks.[6][7]

SORM-3

[edit]

A ministerial order from the Russian Ministry of Communications from 16 April 2014 introduced requirements for the new wiretapping system SORM-3. Telecommunications operators were required to install compliant equipment by 31 March 2015.[8]

According to regulations of Russian Ministry of Communications,[9] SORM-3 equipment supports the following selectors for targeted surveillance:

  1. Single IPv4 or IPv6 address
  2. IPv4 or IPv6 networks identified with address mask
  3. User ID within telecom operator's system, supporting "*" and "?" as globbing symbols (wildcards)
  4. email address, if targeted user connects via POP3, SMTP or IMAP4; connections protected with cryptography are specifically excluded
  5. email address, if targeted user connects to a webmail system from a predefined list of services: mail.ru; yandex.ru; rambler.ru; gmail.com; yahoo.com; apport.ru; rupochta.ru; hotbox.ru; again, connections protected with cryptography are specifically excluded
  6. User's phone number
  7. IMSI
  8. IMEI
  9. MAC address of user's equipment
  10. ICQ UIN

The equipment has deep packet inspection (DPI) capability.[1]

Architecture and deployment

[edit]

Russia uses deep packet inspection (DPI) on a nationwide scale, with part of the DPI infrastructure used for SORM.[10] Some mobile networks use DPI to additionally filter traffic.[11]

The SORM device recommended by the FSB is named Omega.[11] Equipment by Cellebrite appears to be in use.[12] SORM also enables the use of mobile control points, a laptop that can be plugged directly into communication hubs and immediately intercept and record the operator's traffic.[4]

Roskomnadzor, a federal executive body responsible for media control, reported that several local ISPs were fined by the government after they failed to install FSB-recommended SORM devices.[11]

Access by government agencies

[edit]

On January 5, 2000, during his first week in office, President Vladimir Putin amended the law to allow seven other federal security agencies (next to the FSB) access to data gathered via SORM. The newly endowed agencies included:[13][14]

Warrant and notification regulations

[edit]

The acquisition of communications by entitled security services in general requires a court warrant, but at the same time they are allowed to start wiretapping before obtaining such warrant. The warrant is also only required for communications content, but not metadata (communicating parties, time, location etc.), which may be obtained without the warrant.[15]

In cases where an FSB operative is required to get an eavesdropping warrant, he is under no obligation to show it to anyone. Telecom providers have no right to demand that the FSB provide a warrant, and are denied access to the surveillance boxes. The security service calls on the special controller at the FSB headquarters that is connected by a protected cable directly to the SORM device installed on the ISP network.[4]

Since 2010, intelligence officers can wiretap someone's phones or monitor their Internet activity based on received reports that an individual is preparing to commit a crime. They do not have to back up those allegations with formal criminal charges against the suspect.[16] According to a 2011 ruling, intelligence officers have the right to conduct surveillance of anyone who they claim is preparing to call for "extremist activity."[16]

Zakharov v. Russia

[edit]
Main article: Zakharov v. Russia

In December 2015, The European Court of Human Rights ruled on a case on the legality of Russian SORM legislation.[17][18] In a unanimous Grand Chamber decision, the Court ruled that Russian legal provisions "do not provide for adequate and effective guarantees against arbitrariness and the risk of abuse which is inherent in any system of secret surveillance." It noted that this risk "is particularly high in a system where the secret services and the police have direct access, by technical means, to all mobile telephone communications." It ruled that therefore, the legislation violated Article 8 of the European Convention on Human Rights.[17][18] In response, the Duma passed a law that allowed the Constitutional Court of Russia to overrule any international court orders that it found to contradict the Russian Constitution.[19]

Yarovaya law

[edit]
Main article: Yarovaya law

In July 2016, President Vladimir Putin signed into law two sets of legislative amendments commonly referred to as the Yarovaya law, after their key author, Irina Yarovaya, a leading member of the ruling party United Russia.[20] The new regulations took effect on July 1, 2018.

According to the amendments, Internet and telecom companies are required to disclose communications and metadata, as well as "all other information necessary," to authorities, on request and without a court order.[21]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

SORM

View on Grokipedia
from Grokipedia
SORM (Система оперативно-розыскных мероприятий), or System for Operative Investigative Activities, is a technical infrastructure mandated by Russian law that enables the (FSB) and other security agencies to conduct of , including telephone calls, , emails, text messages, and activity, through direct remote access to providers' networks without prior disclosure of warrants to the operators. Established in 1995 under initial requiring operators to install SORM-1 equipment for voice at their own expense, the system expanded with SORM-2 in 2000 to cover communications and SORM-3 in 2014, which introduced mandatory , IP address logging, and advanced analytical capabilities for broader monitoring. Providers are prohibited from accessing the FSB-controlled hardware, creating a "" setup that ensures operational while shifting all costs—including installation, maintenance, and upgrades—to private entities. While designed for criminal investigations and akin to interception systems in other nations, SORM's architecture facilitates mass with minimal judicial oversight, as FSB access occurs via centralized probes rather than individualized orders presented to providers, raising documented concerns about its application to monitor political dissidents, journalists, and activists. Recent geopolitical shifts, including Western companies' withdrawal from , have disrupted SORM's reliance on foreign hardware like components, prompting efforts to indigenize the technology amid ongoing expansions to allied nations in and beyond.

History

Origins and Early Implementation (SORM-1, 1995–1999)

The System for Operative Investigative Activities, known as SORM-1, originated in 1995 as a mandated technical framework for telecommunications surveillance in , succeeding informal Soviet wiretapping practices. Formalized under the Federal Law on Operational-Investigative Activity (No. 144-FZ, enacted August 12, 1995), it required communication service providers to enable direct access for the newly established (FSB) to intercept transmissions, reflecting the post-Soviet transition to institutionalized state monitoring. This legal basis emphasized operational efficiency for counterintelligence, with the FSB assuming primary oversight following its creation in December 1995 from the . Implementation of SORM-1 from 1995 onward compelled operators, including those handling and emerging mobile networks, to install specialized hardware interfaces supplied by the FSB at their own expense. These devices created dedicated, encrypted channels linking operator switches directly to FSB regional control centers, allowing automated or manual of voice communications and call metadata without requiring operator personnel to process or filter data. By 1998, the system had expanded to cover most major telecom , though initial deployments faced logistical challenges such as compatibility with analog-digital hybrid networks prevalent in mid-1990s . During this period, SORM-1 operated under protocols theoretically requiring judicial warrants for targeted interceptions, yet FSB access was streamlined for cases, enabling broad application in and investigations. No comprehensive public data exists on interception volumes, but the system's design prioritized FSB autonomy, with operators bearing installation and maintenance costs estimated in the millions of rubles per site. This early phase laid the groundwork for subsequent evolutions, remaining focused on until internet-specific mandates emerged toward 1999.

Expansion to Internet Surveillance (SORM-2, 2000–2013)

SORM-2 represented the extension of Russia's System for Operative Investigative Activities to digital communications, mandating surveillance capabilities for beyond the focus of SORM-1. Formally developed in 2000 through collaboration between the (FSB) and regulatory predecessors to , it required all internet service providers (ISPs) to equip their networks with specialized hardware for intercepting online activities, including email, web browsing, and early forms of VoIP. This shift aligned with growing penetration in Russia, where user numbers rose from approximately 1 million in 2000 to over 50 million by 2010, necessitating broader monitoring infrastructure to address security threats as defined by federal law. Central to SORM-2 was the "Punkt Upravlenia" (Control Point), a FSB-supplied device installed at ISP facilities that enabled direct, real-time access to traffic data without operator mediation or per-target warrants. ISPs were obligated to provide dedicated high-speed channels—often 1 Mbit or fiber links—to regional FSB centers, routing intercepted content such as IP logs, packet headers, and full payloads upon agency request. Providers financed the installations and connections themselves, with costs including hardware setup and maintenance, though exact figures varied by network scale; non-compliance risked license revocation, leading to actions against dozens of smaller ISPs in the early . Resistance from ISPs, citing financial strain and technical burdens, delayed full rollout until mid-decade, after which major operators like integrated the system nationwide. By the late 2000s, SORM-2 had evolved to capture metadata and content from emerging platforms, supporting FSB operations under operational-search mandates without judicial pre-approval for access, distinguishing it from warrant-based systems elsewhere. The framework emphasized operator neutrality, prohibiting ISPs from decrypting or logging FSB queries, which centralized control and minimized leaks but raised concerns over unchecked agency discretion, as operators lacked oversight into interception volumes—estimated in thousands of daily sessions by independent analyses. Through 2013, the system underpinned efforts, including monitoring of extremist forums and dissident networks, with compliance verified via FSB audits; this period solidified SORM-2 as a foundational tool for state security amid Russia's digital expansion.

Modernization and Broadening (SORM-3 and , 2014–2018)

In April 2014, Russia's Ministry of Digital Development, Communications and Mass Media issued an order establishing technical requirements for SORM-3, mandating telecommunications operators to install specialized hardware capable of real-time across expanded channels including , Wi-Fi networks, and platforms. This modernization introduced (DPI) capabilities, enabling the analysis of packet contents for keywords, user identification, and traffic filtering, thereby shifting SORM from primarily metadata collection to content-aware monitoring without altering prior legal access protocols. Operators were required to bear the full costs of and installation of this equipment, estimated in billions of rubles, with non-compliance risking license revocation; SORM-3 systems buffered intercepted data for short periods, typically up to 12 hours for content, to facilitate immediate handover to agencies like the FSB upon request. SORM-3's deployment broadened to internet service providers and hosting entities, requiring them to integrate compatible interfaces for direct agency connectivity, including provision of keys for decryption where applicable. This expansion addressed gaps in monitoring encrypted or high-volume digital communications, with technical specifications demanding hardware from approved vendors that supported scalable to handle nationwide traffic volumes exceeding petabytes daily. Unlike predecessors, SORM-3 emphasized proactive threat detection through DPI, allowing automated flagging of suspicious patterns, though access remained nominally tied to operational-search warrants under No. 144-FZ. The Yarovaya package, signed into law by President on July 6, 2016, further intensified SORM's scope by imposing mandatory obligations on operators, requiring storage of full communication contents (voice, text, images, and video) for six months and metadata (such as timestamps, locations, and endpoints) for three years. These amendments, effective for retention requirements from July 1, 2018, integrated with SORM infrastructure by designating retained data as accessible via existing agency protocols, effectively creating a centralized repository for retrospective analysis without additional warrants for metadata queries. The law applied to all organizers of communication dissemination, including messaging apps and social networks operating in , compelling them to localize servers and install SORM-compatible storage systems, with estimated compliance costs reaching 1.4 trillion rubles over three years due to expanded hardware and data center needs. This broadening under Yarovaya addressed prior limitations in SORM-3's short-term buffering by enforcing long-term archiving, purportedly to aid counterterrorism efforts following incidents like the 2015 Sinai plane bombing, though critics from organizations like argued it enabled indiscriminate by decoupling storage from individualized judicial oversight. Implementation involved government-approved technical standards for data formats and secure transmission to SORM nodes, ensuring compatibility with FSB databases, while exemptions for state secrets or military communications highlighted prioritized access for national security entities. By 2018, major operators like and MTS had deployed compliant systems, marking a transition to pervasive, retained ecosystems that amplified SORM's operational efficacy across digital domains.

Recent Enhancements and Enforcement (2019–2025)

In 2023, Russian authorities intensified SORM enforcement through Federal Law No. 406-FZ, signed by President Putin on June 14, introducing revenue-based administrative fines for telecommunications operators refusing to install or maintain required SORM equipment, effective January 1, 2024; fines range from 0.001% to 0.003% of annual revenue (minimum 1 million rubles) for initial violations, escalating to 0.01%–0.03% (minimum 10 million rubles) for repeats. The State Duma had adopted the measure on May 23, 2023, targeting non-compliance with operational-search mandates under Article 13.5 of the Code of Administrative Offenses. This marked a shift from fixed penalties, aiming to compel larger operators via financial deterrence, as proposed by the Ministry of Digital Development in August 2022. Enforcement actions commenced promptly, with the first documented fine of 4,000 rubles levied on August 11, 2023, against a operator in for operating without SORM systems, prosecuted under Article 14.1 Part 4 of the Code of Administrative Offenses. By July 17, 2025, the approved further amendments multiplying fines tenfold for SORM refusal: individuals face 15,000–30,000 rubles (previously 3,000–5,000), officials 100,000–500,000 rubles (previously 30,000–50,000), and legal entities the escalated revenue percentages with higher minima. These measures reflect ongoing pressure on operators, including demands from the FSB for SORM installation plans in regions like as early as June 2022 under the "Spring Package" laws. Technical enhancements focused on equipment standardization and expanded applicability. On September 2023, the Ministry of Digital Development issued Order No. 630, approving updated SORM hardware and software requirements effective March 1, 2024, for a six-year period; these mandate certification, enhanced data accumulation capabilities, and compatibility with traffic storage systems to support real-time interception and metadata retention. Government Resolution No. 1952, dated November 22, 2023, extended SORM mandates to hosting providers, requiring connections by mid-2024 to enable of server-based communications. Earlier, on March 22, 2021, the FSB and Ministry of Digital Development jointly approved protocols for introducing SORM equipment, emphasizing secure integration for operators. In April 2024, the Ministry of Digital Development proposed amendments obligating resources to store and transmit additional user data—including IP addresses and ports—to security agencies, building on SORM-3's for broader metadata capture. A July 5, 2019, amendment by the Ministry of Communications reinforced requirements for certified, domestically sourced SORM accumulation devices, following a May 31, 2019, government decree prioritizing Russian-origin components to mitigate foreign dependencies. These upgrades, amid sanctions, have sustained SORM's interception of , , and emerging protocols, though a 2019 leak of Nokia-supplied SORM configurations for MTS highlighted vulnerabilities in vendor-dependent implementations.

Technical Architecture

Core Components and Hardware Requirements

The SORM system comprises three primary components: hardware and software complexes installed at operators, remote control points operated by law enforcement agencies such as the FSB, and dedicated communication channels linking the two. The operator-side hardware includes specialized interception devices, such as passive monitoring systems and aggregating routers, designed to capture all traffic including voice calls, , data, and location information in real time. These devices must be certified by Russian authorities and integrated directly into the operator's network , enabling seamless handover of intercepted data without operator decryption or filtering. Hardware requirements mandate that operators bear full installation and maintenance costs, with equipment typically ranging from 2 to 7.5 million rubles per setup, excluding ongoing storage and channel expenses. For SORM-3, implemented from 2014 onward, operators must provide compatible interfaces, often including protocol converters, to connect their systems to FSB control panels, supporting protocols for unified monitoring of diverse media like VPNs, VoIP services (e.g., ), and messaging apps. Additionally, Yarovaya amendments enacted in 2016 require operators to equip storage systems capable of retaining communication content for six months and metadata (e.g., call logs, IP addresses) for three years, necessitating high-capacity servers and data centers with secure, FSB-accessible facilities to prevent unauthorized access. Operators must also furnish dedicated leased lines for data transmission to remote points, along with physical such as secure rooms, uninterruptible power supplies, and redundant connectivity to ensure continuous . Non-compliance, including failure to meet these hardware standards, incurs fines escalated tenfold in 2025, reaching up to 0.003% of annual for large entities. This architecture evolved from SORM-1's focus on analog hardware to SORM-3's comprehensive digital , prioritizing FSB direct access over operator involvement.

Software Integration and Data Handling

Telecommunications operators in are required to integrate SORM software components directly into their network infrastructure, enabling the (FSB) to conduct real-time interception and data extraction without operator intervention. This integration involves installing FSB-approved hardware and software modules, such as tools, at operator facilities, with providers bearing the full costs of deployment and maintenance while being prohibited from accessing the surveillance interfaces themselves. Compliance solutions, including ready-made SORM-3 systems offered by specialized vendors, facilitate this by providing standardized software that links network packets to secure channels meeting Ministry of Digital Development regulations. Data handling under SORM-3 mandates operators to process and route intercepted traffic—including voice, messaging, and metadata—through dedicated, encrypted channels to FSB data centers, supporting selectors like IP addresses, phone numbers, and geolocations for targeted queries. Complementing this, the 2016 Yarovaya amendments require operators to retain all communication metadata for 12 months and content (such as recordings and texts) for 6 months in on-premises located within , ensuring immediate availability for agency access upon warrant. These systems employ protocols for bulk data handover, with operators providing FSB direct technical access to servers, including keys and infrastructure details, to bypass manual processing delays. Storage volumes are substantial; for instance, major operators must accommodate petabytes of data, often necessitating expanded server capacity certified for SORM compatibility. Software architectures prioritize passive monitoring to minimize network disruption, integrating via APIs or proprietary interfaces that filter traffic in real-time while logging access for audit trails limited to FSB oversight. Non-compliance risks license revocation, with enforcement intensified post-2018 through mandatory audits of integration efficacy. This framework has drawn criticism for enabling mass data collection beyond , though Russian authorities maintain it adheres to operational necessities under .

Deployment Mandates for Operators

Russian law mandates that all licensed operators, including mobile providers, fixed-line carriers, and service providers, install and operate SORM-compatible hardware and software interfaces to enable interception of communications by the (FSB) and other authorized agencies. This requirement applies universally to entities handling voice, text, and data traffic, with operators responsible for ensuring seamless connectivity to FSB regional control centers without prior notification of specific targets. Operators must procure and deploy equipment from FSB-approved Russian vendors, such as Peter-Service, , or Norsi-Trans, at their own expense, covering installation, , and upgrades; costs have been estimated in the billions of rubles annually across the sector, with no reimbursement from the state. The hardware, often termed "" or "Punkt Upravlenia" devices, must support real-time traffic mirroring and decryption capabilities where is used, while operators are prohibited from accessing intercepted data or queries to preserve operational secrecy. For SORM-3, deployed progressively from 2014, mandates expanded to require handling of IP-based traffic, including IPv4/IPv6 selectors, , VPNs, and metadata, with full compliance enforced by July 31, 2018, for major operators like and MTS; smaller providers received extensions but faced audits and penalties for delays. Newly licensed operators must submit a detailed SORM deployment plan to the FSB within 30 days of licensing and achieve operational readiness shortly thereafter, or risk license suspension. Integration with the 2016 Yarovaya package further obligates operators to retain call recordings for six months and metadata (e.g., URLs, IP logs) for one month—or three years in some enhanced cases—on domestic servers, facilitating post-facto analysis and handover to agencies upon warrantless FSB directives in matters. Non-compliance incurs fines up to 1 million rubles per violation or operational shutdowns, as enforced by and the FSB since 2018.

Domestic Laws Governing SORM

The primary legal foundation for SORM (System for Operative Investigative Activities) is established by No. 144-FZ "On Operational-Search Activity," enacted on August 12, 1995, which authorizes Russian security and law enforcement agencies, including the (FSB), to conduct measures such as communications using specialized technical means. This law mandates that operators install and maintain FSB-provided hardware at their own expense to enable real-time access to voice, data, and without prior notification or disclosure of warrants to the operators. Subsequent amendments expanded SORM's scope, particularly Federal Law No. 126-FZ "On Communications" of July 7, 2003, which requires internet service providers and telecom operators to integrate SORM-2 capabilities for monitoring digital communications, including and web activity, while prohibiting operators from using that impedes access. Operators must ensure "technical feasibility" for FSB remote connections, with non-compliance punishable by fines up to 1 million rubles or license revocation. In 2016, the Yarovaya amendments—primarily Federal Law No. 374-FZ of July 6, 2016—further broadened SORM by imposing data retention obligations on operators: metadata for all communications must be stored for 6 months (3 years for organizers of communications), and content (voice, text, video) for 30 days (6 months for certain organizers), all accessible via SORM interfaces without operators verifying judicial warrants. These provisions, effective from July 1, 2018, apply to both domestic and international traffic routed through Russian networks, with operators funding the infrastructure upgrades estimated at over 60 billion rubles annually. Additional regulations, such as Federal Law No. 139-FZ of July 28, 2012, on information blocking, indirectly support SORM by enabling rapid shutdowns or rerouting of traffic for purposes, while Federal Law No. 352-FZ of July 29, 2017, on "sovereign " mandates centralized traffic control points compatible with SORM for enhanced monitoring. Judicial oversight is nominally required for interceptions under Article 8 of the Operational-Search Activity Law, limiting use to specified crimes like or , but FSB retains unilateral control over initial connections and data extraction.

Warrant Procedures and Agency Access Protocols

Access to data under the SORM system requires authorized and security agencies, primarily the , to obtain judicial warrants for the interception of communication content, such as phone calls, emails, or messages, as stipulated in Russia's on Operational-Investigative Activities (No. 144-FZ of 1995, with amendments). However, these warrants are approved through a process that often involves prosecutorial oversight rather than independent , allowing for expedited authorization without mandatory court hearings in many cases. For metadata and traffic data queries, no warrant is typically required, enabling agencies to access location, IP addresses, and connection logs directly via SORM interfaces. Telecommunications operators and service providers are mandated to install SORM equipment, providing seamless, direct technical access to agencies without intermediaries or verification of warrants by the operators themselves. FSB operatives are legally required to secure a warrant for content interception but face no to disclose or present it to providers, who lack the right to demand proof or challenge requests. This protocol ensures operational secrecy, with operators prohibited from monitoring or logging agency queries to prevent leaks. Beyond the FSB, access extends to other entities including the Ministry of Internal Affairs (police), Federal Protective Service, border guards, and customs authorities, often routed through FSB-controlled SORM nodes or via coordinated protocols. Protocols emphasize real-time capability: agencies connect remotely to SORM boxes using encrypted channels, querying data by identifiers like phone numbers or IP addresses, with results filtered and delivered without operator involvement in content decoding. Amendments since 2018 have further streamlined access, reducing warrant prerequisites for certain metadata retrievals and enabling broader FSB discretion in contexts. No post-access notification to surveilled individuals or operators is required under SORM protocols, contrasting with stricter regimes in other jurisdictions and facilitating covert operations. Violations of access rules by agencies are rare and internally adjudicated, with limited external due to state secrecy classifications.

Judicial Oversight and Notification Rules

Under Russian federal legislation, particularly Federal Law No. 144-FZ "On Operational-Investigative Activities" of 1995 (as amended), the and other authorized agencies must obtain a judicial warrant for conducting communications interception via SORM. Warrants are issued by district courts upon application by FSB operatives, typically justified by suspicions of crimes such as , , or threats to , with approvals granted for durations of up to six months, renewable as needed. However, courts rarely deny requests; data from 2010–2015 indicate approval rates exceeding 99% for FSB surveillance applications, reflecting limited scrutiny of necessity or proportionality. The warrant process emphasizes secrecy: FSB officers are not required to disclose the warrant's contents or the target's identity to operators, who must provide SORM-compatible interfaces for direct agency access without intermediary knowledge of specific interceptions. This structure minimizes operational leaks but circumvents operator-level checks, as providers cannot verify or challenge the legality of individual accesses. For surveillance under SORM-3, while prosecutorial approval may suffice for certain metadata queries, full content interception still nominally requires judicial sanction, though enforcement varies by agency protocol. Notification rules for surveillance subjects are absent in SORM's framework, with no statutory obligation to inform targets either prior to or following , enabling indefinite covert monitoring. This lack of post-facto disclosure—unlike in systems requiring eventual after threats dissipate—preserves operational but has drawn international criticism for undermining accountability, as evidenced by rulings highlighting inadequate safeguards against abuse. Domestic law prioritizes imperatives, allowing agencies to withhold evidence of even in subsequent legal proceedings unless deemed essential for defense rights. Amendments via the 2016 Yarovaya laws reinforced this by expanding without introducing notification mandates, further entrenching non-disclosure as standard practice.

Operational Applications

Accessing Entities and Surveillance Scope

All operators, service providers, and hosting providers in are mandated to install SORM interfaces and equipment, bearing the full costs of installation and maintenance, to enable direct access by state security agencies. This requirement originated with SORM-1 in 1996 for and expanded under SORM-2 in 2000 to providers, with SORM-3 further broadening obligations to all handlers; as of November 2023, hosting providers faced a mid-2024 deadline for compliance, enforced by fines escalated in July 2025 up to 0.003% of annual revenue or a minimum of ₽1 million for legal entities. Access to SORM data is primarily granted to the (FSB), which oversees the system's deployment and operation, including the installation of control points in major cities like and St. Petersburg as per a presidential . Additional authorized entities include the Ministry of Internal Affairs (MVD), Federal Prisons Service, Federal Antidrug Agency, , and up to seven other security agencies that can demand data on request without operators verifying warrants. Operators lack visibility into interception targets or warrant details, as FSB personnel handle queries directly via dedicated interfaces, rendering providers unable to challenge or log access attempts. The surveillance scope encompasses targeted interception of both content and metadata across multiple communication channels, using selectors such as phone numbers, IPv4/ addresses, ports, and user identifiers. SORM-1 facilitates monitoring of landline and mobile calls; SORM-2 covers internet traffic, VoIP (e.g., , ), VPNs, and ; while SORM-3 extends to all media types including social networks, satellite communications, , location data, and transactions, with mandatory storage of intercepted data for three years. In 2011, Russian courts authorized 466,152 intercepts of phone calls and emails alone, illustrating the system's capacity for real-time and retrospective analysis under operational-search mandates.

Data Retention and Analysis Capabilities

Telecommunications operators in are obligated under the SORM framework to retain communication data to enable (FSB) access for operational investigations. The Yarovaya amendments to the on Communications, enacted via Federal Law No. 374-FZ on , 2016, require operators to store the full content of communications—including text, audio, and video—for at least six months, and metadata such as facts of communication (e.g., parties involved, timestamps, durations, and IP addresses)—for three years. This retention applies to all traffic handled by telecom providers and internet service organizers, with data stored on domestic servers to ensure immediate availability. SORM-3, deployed starting in 2014 and integrated with Yarovaya requirements by 2018, extends retention infrastructure to encompass , , and traffic, mandating operators to install FSB-provided hardware for automated handover without prior notification or operator mediation. The system incorporates a System (DRS) capable of archiving metadata and select content for up to three years, supporting bulk collection from diverse media. Analysis capabilities in SORM leverage deep packet inspection (DPI) to scrutinize payload contents, not merely headers, enabling real-time filtering, application identification, and detection of encrypted sessions or specific protocols. FSB operators can query retained datasets for targeted searches, cross-correlating metadata with content to trace communication patterns, user locations, and associations, often using automated tools for efficiency in large-scale processing. This facilitates proactive threat detection, though implementation relies on operator-funded equipment costing billions of rubles annually.

Integration with Broader National Security Systems

SORM facilitates seamless data flow from telecommunications infrastructure to the (FSB), Russia's primary domestic intelligence agency, via dedicated hardware interfaces installed at operators' facilities. These interfaces, mandated under Federal Law No. 126-FZ of July 7, 2003, enable the FSB to remotely query and retrieve intercepted communications, including voice calls, metadata, and content, directly into its centralized operational systems without intermediaries or real-time operator involvement. This direct linkage positions SORM as the foundational layer for FSB-led surveillance, supporting operational activities such as and threat monitoring across Russia's 85 federal subjects. Beyond the FSB, SORM integrates with other entities through shared access protocols, allowing agencies like the Ministry of Internal Affairs (MVD) for criminal investigations and the Investigative Committee to petition for data retrieval via FSB channels. While the FSB retains administrative control, amendments to the Federal Law on Operative-Investigative Activities (1995, updated 2016) permit inter-agency data sharing for purposes, with SORM-3's enhancements enabling analysis of IP traffic that feeds into joint platforms for cyber threat attribution. The Foreign Intelligence Service (SVR) may indirectly leverage SORM-derived domestic intercepts for cross-border operations, though primary SVR focus remains external; evidentiary gaps in public records limit confirmation of routine SVR integration, underscoring FSB dominance in the ecosystem. Complementing SORM, the (Federal Laws No. 374-FZ and 375-FZ, July 6, 2016) mandates three-year retention of communications metadata by operators, which SORM queries aggregate into FSB databases for fusion with from military units under the Main Intelligence Directorate (). This enhances for and , as evidenced by FSB reports of over 1.5 million intercepts processed annually by 2020, though independent verification of efficacy remains constrained by state opacity. Integration challenges arise from post-2022 sanctions disrupting Western-sourced hardware, prompting reliance on domestic or Chinese alternatives that may degrade real-time across the network.

Controversies and Criticisms

Privacy Violations and Human Rights Allegations

The System for Operative Investigative Activities (SORM) has been accused of enabling systemic privacy intrusions by granting Russia's direct technical access to telecommunications networks, often without operators verifying warrants or targets being notified. Under SORM protocols, FSB agents connect surveillance equipment to providers' infrastructure for real-time interception of communications, including metadata and content, with laws prohibiting providers from disclosing such connections. This setup, established since SORM's expansions in the and 2000s, lacks independent oversight mechanisms to prevent abuse, raising concerns over arbitrary incompatible with norms. In the landmark 2015 European Court of Human Rights (ECHR) judgment in Zakharov v. Russia, the court found that SORM-related legislation violated Article 8 of the , which protects the right to respect for private and family life, correspondence, and home. The applicant, a and activist, challenged the system's blanket interception powers, arguing they permitted undue interference without safeguards; the ECHR concurred, citing the absence of requirements for prior judicial scrutiny of network connections, inadequate rules on selecting interception targets, and no obligation to inform individuals post-surveillance unless it risked thwarting investigations. The ruling emphasized that while interception could be lawful in principle for , 's framework failed to minimize discretion or ensure proportionality, applying even to non-suspects via generalized access. was ordered to pay €9,000 in , though it has not substantially reformed the system in response. Amendments under the 2016 Yarovaya package intensified allegations by requiring telecom operators to retain all communication contents for six months and metadata for three years, with FSB gaining warrantless access to metadata for "counter-terrorism" purposes and broader interception capabilities integrated into SORM-3. Critics, including , contend this fosters a surveillance state that chills dissent, as stored data enables retrospective targeting without individualized suspicion, conflicting with ECHR standards on necessity and proportionality. The law's implementation has imposed billions in compliance costs on providers, indirectly subsidizing state monitoring, while exemptions for "operational necessity" undermine judicial warrants. Human rights allegations extend to politically motivated abuses, with SORM implicated in monitoring opposition figures, journalists, and activists, though classified operations limit public evidence. For instance, the system's direct access has been linked to broader crackdowns on online expression, where intercepted data supports extremism prosecutions under vague laws, contributing to over 200 convictions for posts by 2017. Organizations like and report a pattern of device seizures and wiretaps targeting critics, attributing the opacity of SORM to unchecked FSB overreach that disproportionately affects non-violent dissidents rather than genuine threats. Russian authorities defend SORM as essential for security, citing prevented attacks, but independent analyses question efficacy given persistent incidents post-implementation. In Roman Zakharov v. Russia, decided by the Grand Chamber of the on 4 December 2015, the applicant—a lawyer and editor of a legal journal—challenged the compatibility of Russia's SORM legislation with Article 8 of the , which protects the right to respect for private and family life, home, and correspondence. Zakharov claimed victim status despite not being personally subjected to interception, arguing that the system's broad authorization for secret surveillance of mobile communications created a pervasive risk of arbitrary interference for all users. The Court accepted this status, noting the legislation's application to an indeterminate number of persons without individualized suspicion thresholds. The Court found unanimous violations of Article 8, identifying critical deficiencies in the domestic legal framework governing SORM. Interception orders, required under Federal Law No. 126-FZ on Communications, were issued by prosecutors rather than independent judges, lacking prior judicial scrutiny to ensure necessity and proportionality; this procedural flaw allowed executive-branch officials to authorize invasive measures with minimal checks. Additionally, the enjoyed direct, unmediated technical access to operators' hardware and databases for real-time interception and metadata retrieval, bypassing intermediaries and eliminating verifiable trails for such access. The absence of statutory limits on duration, rules for destruction of non-relevant intercepts, and post-facto notification mechanisms to targets further undermined foreseeability and , rendering the regime incompatible with the . Russia defended SORM as essential for operational efficiency in combating and , emphasizing that prosecutorial warrants incorporated judicial elements via appeal possibilities and that blanket access prevented delays in urgent threats. The Court acknowledged legitimate aims under Article 8(2) but ruled that justifications could not override the need for precise, accessible safeguards; vague operational decrees and the system's "blanket" character failed to provide adequate protection against abuse, particularly given the secret nature of . The judgment awarded Zakharov €4,000 in non-pecuniary damages and €10,000 for costs, obliging Russia to address systemic flaws. Subsequent ECHR scrutiny reinforced these concerns. In Podchasov v. (12 July 2021), the Court examined extensions of SORM-like powers to decrypt communications, again citing Zakharov to highlight persistent gaps in oversight and the risks posed by mandatory technical access for security agencies. Domestic challenges within have been negligible, constrained by prosecutorial dominance in communications courts and limited , with no reported successful constitutional invalidations of SORM provisions as of 2025. Russia's partial non-compliance—evident in 2016 expansions mandating six-month metadata retention without bolstering judicial prior review—underscores ongoing tensions between security imperatives and standards.

Economic Burdens and Operator Resistance

The implementation of SORM requires Russian telecommunications operators and internet service providers to install and maintain specialized interception equipment, including interfaces for real-time data access by security agencies, at their own expense without state reimbursement. Initial SORM-1 deployments in the imposed costs of approximately $25,000 per installation site, prohibitive for smaller providers and contributing to early market exits or consolidations. The 2016 Yarovaya package, which integrated SORM-3 for , content recording, and mandatory —metadata for three years and communications content for six months—exacerbated these burdens, with operators estimating total compliance costs at over 2.2 trillion rubles ($30 billion at the time). Independent analyses projected expenditures for mobile operators alone reaching 10 trillion rubles ($154 billion) over the rollout period, driven by needs for expanded data centers, high-capacity storage, and FSB-certified hardware. Major firms like MTS, , and Vimpelcom anticipated 40-50 billion rubles ($600-700 million) in initial hardware outlays for SORM-3 upgrades, alongside ongoing operational expenses for and maintenance. These financial strains have prompted resistance from operators, including public warnings of technical infeasibility and requests for subsidies. In , leading telecoms lobbied for compensation to cover equipment purchases tied to Yarovaya-mandated storage, arguing the mandates exceeded their capacity without fiscal support. Smaller ISPs reported implementation delays due to prohibitive costs, with non-compliance leading to fines; by August 2023, regulators began penalizing operators for deficient SORM systems. The economic pressure has accelerated industry consolidation, as marginal providers unable to fund compliance merged with or were absorbed by larger entities better equipped to handle the load. To offset burdens, the government authorized tariff hikes of up to 10 percent in 2018, allowing operators to pass surveillance costs to consumers through elevated service fees. Operators have also highlighted supply chain challenges post-sanctions, complicating SORM maintenance with domestic alternatives deemed insufficiently advanced, further straining budgets amid import restrictions on Western technology.

Security Effectiveness and Achievements

Counter-Terrorism and Crime Prevention Outcomes

The Federal Security Service (FSB) of , which relies on SORM for intercepting communications in operational investigations, has reported annually preventing numerous acts of through surveillance-enabled intelligence gathering. For instance, in 2016, the FSB claimed to have thwarted 20 planned terrorist attacks and prevented 400 crimes of a terrorist nature, including the neutralization of cells affiliated with Islamist in regions like the . Similar figures were cited for subsequent years, with the FSB stating in 2017 that it stopped 27 attacks and dismantled 500 extremism-related groups. These outcomes are attributed in part to SORM's access capabilities, which allow monitoring of phone, , and messaging traffic to identify plots before execution, as outlined in Russia's counter-terrorism legal framework. Independent analyses, however, question the verifiability and scale of these claims, noting that many reported "prevented" incidents involve minor offenses like possession of propaganda rather than imminent large-scale attacks, potentially inflating FSB achievements for political purposes. Despite SORM's integration into broader counter-terrorism operations, high-profile failures, such as the March 2024 Crocus City Hall attack that killed over 140 people, highlight limitations in preemptive detection even with extensive surveillance infrastructure. Russian officials maintain that SORM's technical enhancements under laws like the 2016 Yarovaya amendments have bolstered proactive threat neutralization by mandating and provider cooperation. In , SORM supports by enabling the tracing of criminal networks through telecom metadata and content interception, contributing to operations against , drug trafficking, and cyber offenses. FSB and interior ministry reports aggregate such uses under general investigative successes, but detailed public statistics linking outcomes directly to SORM are scarce, with emphasis placed on its role in facilitating warrants for over a million interceptions annually as of the early . Critics argue that while it aids detection in some cases, the system's opacity and broad application often prioritize political suppression over routine crime reduction, with limited of net preventive impact beyond official narratives.

Empirical Evidence of Threat Mitigation

The Federal Security Service (FSB) of Russia, which operates the SORM surveillance system as its primary tool for lawful communications interception, has reported substantial outcomes in preempting terrorist threats through intelligence-driven operations. In 2019, Russian law enforcement agencies, leveraging surveillance and investigative measures, prevented 39 planned terrorist attacks, neutralized 32 militants, detained 679 terrorism suspects, and dismantled 49 terrorist cells across the country, particularly in regions like the North Caucasus. These figures reflect a coordinated effort involving real-time monitoring of communications, where SORM enables the FSB to access telephony metadata, content, and internet traffic under judicial warrants, facilitating the identification and disruption of plots before execution. Official FSB assessments indicate a sustained downward trend in terrorist incidents attributable to proactive and . During a 2020 FSB board meeting, President highlighted a "positive dynamic" in counter-terrorism results, including a reduction in the overall number of terrorist crimes compared to prior years, with over 200 terrorism-related crimes prevented and more than 60 active members of illegal armed groups neutralized in the preceding period. This decline aligns with expanded SORM capabilities since the early , when upgrades to SORM-2 and SORM-3 integrated for internet and mobile data, enhancing the detection of encrypted or covert communications used by extremists. U.S. Department of State analyses corroborate the low incidence of successful attacks in recent years, noting no reported terrorist incidents in in 2023, a stark contrast to the high-frequency bombings and hostage crises of the and early in and . Empirical indicators of SORM's operational scale include the authorization of approximately 540,000 phone and intercepts in 2012 alone, as documented by Russia's , many of which supported counter-terrorism probes by providing actionable on suspect networks. While declassified specifics tying individual SORM intercepts to particular preventions remain limited due to classifications, the system's mandatory integration into all telecom —requiring providers to route data to FSB terminals—underpins the FSB's ability to conduct mass screening and targeted surveillance, contributing to the neutralization of threats like ISIS-inspired cells and domestic extremists. In October 2025, for instance, FSB operations thwarted multiple attempted attacks on Jewish sites, detaining plotters through communications tracing, though direct SORM attribution was not specified. Notwithstanding these metrics, mitigation is not absolute, as evidenced by the March 2024 Crocus City Hall attack in , which killed 145 civilians and was claimed by ISIS-K, exposing gaps in perimeter security and real-time threat response despite prior FSB warnings. Aggregate data from FSB-coordinated efforts, however, demonstrate a net reduction in realized threats: from dozens of annual attacks in the post-9/11 era to sporadic failures amid hundreds of reported preemptions, suggesting surveillance infrastructure like SORM has shifted the balance toward prevention over reaction. Independent verification of these claims is constrained by opacity in Russian reporting, but cross-referenced U.S. assessments accept the broad efficacy of such operations in curbing domestic terrorism propagation.

Comparative Analysis with Western Surveillance Practices

SORM's technical mandates require telecommunications operators in Russia to install specialized hardware and software interfaces directly accessible by the (FSB), enabling real-time interception of voice, internet, and metadata without per-instance warrants in many cases, as established under laws dating to 1995 and expanded in 2014 to include capabilities. In contrast, the ' Communications Assistance for Act (CALEA) of 1994 compels carriers to design networks capable of facilitating court-authorized intercepts, but limits implementation to three capability levels: call-identifying information (metadata), content delivery upon warrant, and , with no provision for direct agency hardware installation on provider premises. This results in SORM's more intrusive, operator-borne infrastructure for continuous FSB connectivity, whereas CALEA emphasizes post-order activation by providers, reducing constant government access points. Oversight mechanisms diverge significantly: Russian SORM operates under prosecutorial authorization often aligned with executive priorities, lacking independent for bulk access, as evidenced by its routine application against domestic political figures without foreign nexus requirements. Western systems, such as the U.S. Agency's (NSA) Section 702 of the Foreign Intelligence Surveillance Act (FISA), mandate Foreign Intelligence Surveillance Court (FISC) approvals for targeting non-U.S. persons abroad, with annual certifications and minimization procedures to restrict U.S. person data querying—though the FISC approved over 99% of applications from 2015 to 2020, raising questions about review rigor. Similarly, the UK's requires double warrants for targeted intercepts ( and judicial commissioner) and thematic warrants for bulk acquisition, supplemented by oversight from the Investigatory Powers Commissioner, who reported 17 errors in warrants in 2022 but noted systemic compliance improvements. These formal checks in the West, absent in SORM's framework, aim to balance security with privacy, though empirical critiques highlight incidental collection of citizens' data in both, with U.S. "backdoor searches" on Section 702 data exceeding 200,000 annually by 2019. Data retention policies under SORM, reinforced by the 2016 Yarovaya amendments, compel operators to store communications content for six months and metadata for three years, accessible via FSB interfaces without individualized suspicion in aggregated forms. Western equivalents vary: the U.S. lacks a universal mandate, relying on voluntary provider retention or program-specific holds under FISA, while EU directives were invalidated by the in 2014 for disproportionality, leading to targeted national laws like Germany's requiring two-week IP retention only for serious crimes. This positions SORM as more comprehensive in mandatory, long-term domestic storage, potentially enabling broader profiling than Western warrant-tied or time-limited collections, though U.S. NSA programs like have ingested petabytes of upstream data from fiber optics since 2007, blurring lines on scale. In terms of scope and application, SORM prioritizes domestic operational-search activities, integrating with Russia's siloviki agencies for counterintelligence, with documented use in monitoring over 100,000 targets annually by the mid-2010s, often extending to civil society. NSA and GCHQ practices under Five Eyes alliances emphasize foreign signals intelligence, with PRISM collecting from U.S. tech firms under 2007-2013 authorizations targeting non-U.S. persons, yielding millions of selectors but incidental U.S. data minimized post-collection. UK's bulk personal dataset powers under the 2016 Act permit retention of intercepted material for six months unless renewed, focused on national security threats. Empirical outcomes show both systems claiming terrorism disruptions—e.g., NSA attributed foiled plots to metadata analysis pre-Snowden—but independent audits question overreach, with SORM's opacity fostering unverified abuse allegations and Western transparency post-2013 leaks prompting reforms like the USA Freedom Act's 2015 metadata shift to providers. Ultimately, while SORM embeds surveillance as an overt infrastructure mandate with executive primacy, Western models layer statutory limits and periodic reviews, though causal analyses suggest neither fully mitigates mission creep in digital ecosystems.

References

  1. https://www.csis.org/analysis/reference-note-russian-communications-surveillance
  2. https://therecord.media/russia-telecommunications-sorm-surveillance-western-technology
  3. https://geohistory.today/symmetry-state-surveillance-us-russia/
  4. https://www.piscium.net/2025/04/01/sorm-the-digital-surveillance-network-and-its-global-impact-2/
  5. https://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/soldatov_presentation_/soldatov_presentation_en.pdf
  6. https://cepa.org/article/russias-surveillance-state/
  7. https://www.nytimes.com/2022/03/28/technology/nokia-russia-surveillance-system-sorm.html
  8. https://www.recordedfuture.com/research/tracking-deployment-russian-surveillance-technologies-central-asia-latin-america
  9. https://www.infosecinstitute.com/resources/general-security/russia-controls-internet/
  10. https://www.theguardian.com/world/2015/sep/08/red-web-book-russia-internet
  11. https://cassandravoices.com/society/law/how-russian-internet-surveillance-operates/
  12. https://privacyinternational.org/blog/1296/lawful-interception-russian-approach
  13. https://tadviser.com/index.php/Article:SORM_%28System_of_operational-search_measures%29
  14. https://www.schneier.com/blog/archives/2014/04/info_on_russian.html
  15. https://hal.science/hal-03190007/document
  16. http://privacyinternational.org/blog/1296/lawful-interception-russian-approach
  17. https://securityaffairs.com/27611/intelligence/new-powers-sorm-2.html
  18. https://stratcomcoe.org/cuploads/pfiles/Nato-Cyber-Report_11-06-2021-4f4ce.pdf
  19. https://go.recordedfuture.com/hubfs/reports/ta-ru-2025-0107.pdf
  20. https://firstmonday.org/ojs/index.php/fm/article/download/11698/10127
  21. https://www.globalprivacyblog.com/2016/07/yarovaya-law-new-data-retention-obligations-for-telecom-providers-and-arrangers-in-russia/
  22. https://www.gorodissky.com/publications/articles/yarovaya-law-and-new-telecoms-data-storage-requirements/
  23. https://www.medialaws.eu/data-retention-under-the-2016-yarovaya-law-in-russia-disrupting-the-european-status-quo/
  24. https://www.hrw.org/news/2016/07/12/russia-big-brother-law-harms-security-rights
  25. https://base.garant.ru/407458727/
  26. https://www.tadviser.com/index.php/Article:SORM_%28System_of_operational-search_measures%29
  27. https://www.tadviser.ru/images/2/22/0001202309050014.pdf
  28. http://publication.pravo.gov.ru/Document/View/0001201907030003
  29. https://techcrunch.com/2019/09/18/russia-sorm-nokia-surveillance/
  30. https://gowlingwlg.com/en/insights-resources/articles/2016/yarovaya-law-russian-parliament-passes-package-of
  31. https://www.cloud4y.ru/en/cloud-hosting/sorm-for-rent-and-outsourming/
  32. https://www.sciencedirect.com/science/article/pii/S0267364920301175
  33. https://freedomhouse.org/country/russia/freedom-net/2023
  34. https://www.heise.de/en/news/SORM-Co-Russia-at-the-forefront-of-digital-mass-surveillance-9770015.html
  35. https://www.brookings.edu/articles/russia-is-weaponizing-its-data-laws-against-foreign-organizations/
  36. https://www.wired.com/2012/12/russias-hand/
  37. https://www.bankinfosecurity.com/blogs/nokia-supported-russias-lawful-surveillance-program-p-3212
  38. http://privacyinternational.org/blog/1332/zakharov-v-russia-refresher-how-far-europe-has-come
  39. https://www.eff.org/deeplinks/2016/07/russia-asks-impossible-its-new-surveillance-laws
  40. https://techcrunch.com/2017/09/19/wikileaks-releases-documents-it-claims-detail-russia-mass-surveillance-apparatus/
  41. https://hudoc.echr.coe.int/eng?i=001-159324
  42. https://www.theguardian.com/world/2014/sep/24/strasbourg-court-human-rights-russia-eavesdropping-texts-emails-fsb-
  43. https://www.hrw.org/report/2017/07/18/online-and-all-fronts/russias-assault-freedom-expression
  44. https://www.amnesty.org/en/latest/news/2024/06/russia-authorities-punishing-imprisoned-anti-war-critics-and-dissenters-by-denying-family-contact/
  45. https://hudoc.echr.coe.int/eng?i=001-211286
  46. https://www.themoscowtimes.com/2016/08/26/anti-terror-big-brother-law-to-cost-russian-companies-154bln-says-expert-a55125
  47. https://meduza.io/en/feature/2019/08/07/russia-s-new-anti-terrorism-restrictions-on-telecoms-lead-to-skyrocketing-profits-for-interception-technology-companies
  48. https://www.reuters.com/article/technology/russian-telecoms-firms-want-government-compensation-for-data-storage-law-costs-idUSKBN1X813P/
  49. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/RAD298.pdf
  50. https://finance.yahoo.com/news/russian-government-telcos-face-cost-161735105.html
  51. http://en.kremlin.ru/events/president/news/53883
  52. https://jamestown.org/program/fsb-inflates-its-role-in-combating-terrorism/
  53. https://www.state.gov/reports/country-reports-on-terrorism-2020/russia
  54. https://reconn.ru/isp/zakon-yarovoy/
  55. https://www.state.gov/reports/country-reports-on-terrorism-2019/russia
  56. http://en.kremlin.ru/events/president/transcripts/62834
  57. https://www.state.gov/reports/country-reports-on-terrorism-2023/russia
  58. https://www.i24news.tv/en/news/international/diaspora-affairs/artc-russian-security-service-thwarts-terror-attacks-targeting-jews
  59. https://my.rusi.org/resource/how-russias-war-in-ukraine-is-creating-domestic-security-gaps.html
  60. https://www.nsa.gov/Press-Room/Speeches-Testimony/Article-View/Article/1619167/judicial-oversight-of-section-702-of-the-foreign-intelligence-surveillance-act/
  61. https://www.crossborderdataforum.org/u-s-and-european-surveillance-law-regimes-time-to-adjust-the-contrast/
  62. https://jsis.washington.edu/news/controversy-comparisons-data-collection-fisas-section-702/
  63. https://www.interface-eu.org/storage/archive/files/upping_the_ante_on_bulk_surveillance_v2.pdf
Add your contribution
Related Hubs
User Avatar
No comments yet.