Surveillance at the Sochi Olympics 2014
Andrei Soldatov, Irina Borogan
Stories in The Guardian:
The story of FSB's system of metadata collection during the Olympics was published in The Moscow Times:
The main role in providing security for the Olympics was handed over to the country's all-powerful Federal Security Service, FSB. In May 2010 an FSB generaláOleg Syromolotov, has been appointed the chairman of the interdepartmental operations staff to provide security at the Games. Remarkably, inside of the FSB Oleg Syromolotov is not in charge of counterterrorism operations, as it might be expected, but a long-standing chief of the counter-intelligence department, and has spent his entire career at the KGB and then FSB hunting down foreign spies.
In September 2010 at a conference in Sochi, a presentation that had been ordered by the FSB was given on security in Sochi. The presentation, which we have obtained, was mostly about cyber threats, but it also said that SORM, Russia’s main system for intercepting communications, should be significantly updated in Sochi, and it also specified that this should be done in secret.
SORMĺs tactical and technical foundations were developed by a KGB research institute in the mid-1980s, and recent technological advances have updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations.
In most Western nations, law enforcement or intelligence agencies must receive a court order before wiretapping (in the UK a warrant signed by a Secretary of State, usually the Home Secretary). That warrant is sent to phone operators and Internet providers, which are then required to intercept the requested information and forward it to the respective government agencies. In Russia, FSB officers are also required to obtain a court order to eavesdrop, but once they have it, they are not obliged to show it to anybody except their superiors in the FSB.
Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes. The FSB does not even need to contact the ISPĺs staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network.
Since 2010 Russian authorities have been busy making sure that SORM equipment is properly installed in the Sochi region – and several local ISPs were fined when it was discovered they had failed to install Omega ľ the SORM device recommended by the FSB (see this court decision, as example).
The Russian authorities made sure that visitors of the Olympics will have no trouble with wireless high-speed Internet. Special efforts were made to turn Sochi into the wireless area. áIn November 2012 it was announced that there will be free Wi-Fi access at all the competition venues «for the first time in Olympic history», as well as in the media centers and media hotels. Itĺs also promised that the free Internet package will provide Wi-Fi access at a speed of up to 10 Mb guaranteed in all media-zones of all the competition venues, Main and Gorki Media Centers as well as on the territory of the Olympic stadium. This free solution źhas superior speed parameters to similar paid-for services that were offered to the public at previous Games in London╗ (speeds of up to 8Mb, Sochi ľ 10Mb), and will be 5 times quicker than the paid-for solution in Vancouver.áThe task to launch the Greater Sochi WiFi public access network with over 57 WiFi areas was handed over to Rostelecom, Russiaĺs national telecommunications operator.á
What was not so widely announced is that by April 2011 most of telecom equipment suppliers to Russia modified their WiFi equipment according to new Russian rules introduced by the FSB. According to the rules, all means of encryption in the wireless controllers should be disabled, if sent to wired network segments. It means customers could use wireless encryption in public to secure their communications against casual eavesdropping by hackers but the FSB would still be able to intercept the traffic.
Mobile networks in Sochi have been also significantly updated. In June, Rostelecom, Russiaĺs national telecom operator, launched a 4G LTE network in the area around Sochi, and there is a promise that visitors will have access to the fastest Wifi networks in Olympic history, for free. But simultaneously, according to documents seen by our investigation team, Rostelecom is installing DPI (Deep Packet Inspection) systems on all its mobile networks, a worrying technology which will allow the FSB not only to monitor all traffic, but to filter it.
Those who are determined to take their laptops and smartphones with them to Sochi anyway could be under the impression that their communications will be relatively safe, due to the sophisticated encryption provided by most of the Internet giants such as Google, Facebook and so on. They are likely to be wrong.
In March, Russiaĺs Communications Ministry introduced new SORM Regulations for Internet Service Providers. The regulations are the first document where major servers based in the West, such aságmail.comáandáyahoo.comáare specifically mentioned as services that should be able to be intercepted. The decree is not yet signed, but the intention is clear.
On November 8th, 2013 Russia's Prime MinisteráDmitry Medvedevásigned the decreeáwhich expressly authorizes theágovernment toácollect data onátelephone calls andáInternet contacts made byáthe Olympic Games' organizers, athletes andáforeign journalists.
Theádecree provides foráthe creation ofáa database foráthe users ofáall types ofácommunication, including Internet services atápublic Wi-Fi locations "in aávolume equal toáthe volume ofáinformation contained ináthe Olympic andáParalympic identity andáaccreditation cards." That is, theádatabase will contain not only each subscriber's full name, but also detailed information guaranteed toáestablish his identity. What's more, theádatabase will contain "data onápayments forácommunications services rendered, including connections, traffic andásubscriber payments."
That is called "gathering metadata" ináthe language ofáintelligence agencies.á
Which individuals will be included ináthe database authorized byáMedvedev's decree? According toáthe text ofáthat document, Russian authorities will be monitoring theáorganizers andáparticipants ofáthe Games, including members ofáthe International Olympics andáParalympics Committees, theáWorld Anti-Doping Agency, theáCourt ofáArbitration foráSport, national Olympics committees, as well as athletes, team doctors andátechnical assistants andáeven referees andáevent judges.
But that's not all. Aáseparate clause lists foreign news agencies andámedia services, andáone paragraph lower, accredited journalists andáphotographers are mentioned aásecond time just inácase.
What's more, theáinformation collected during theáOlympic Games will be stored foráthree years andáthe Federal Security Service will have "round-the-clock remote access toáthe subscriber database." That means theáFSB, operating fromáa remote location, will have three years toáexplore toáwhom, when andáhow often athletes, judges andájournalists attending theáGames made calls. á
The video surveillance project was launched as a part of the bigger “Safe Sochi” project.áMain contractor of the project is mobile operator Megafon (planning and development of the system). The person in charge ľ Tigran Pogosian, Deputy General Director of Strategy Projects at MegaFon OJSC.áAccording to the contract documentation and media reports, there are more than 5500 videocameras in Sochi installed because of the project. 309 cameras out of 5500 are manned by the FSBáwith the 90 days period of keeping records (others cameras should keep 10 days records).á
Surveillance analysis equipment provided by the Israeili company NICE Systems. In September 2012 NICE announced that the city of Sochi got the complete NICE Surveillance portfolio as part of źSafe Sochi╗ initiative.á
The FSB and the Interior Ministry both deployed drones for the Olympics. The regional Krasnodar's aviation section of special purpose of the Interior Ministry have a number of Zala 421 drones (a small plane with a wingspan of just over 1.5m, weighing about 5kgs and able to fly at 3000m for 90 minutes. The Zala is equipped with thermal vision, can plot map grid references of objects below and transmits video- and photographic images live to an operatorĺs screen (first used by the Russian police during G8 Summit in Saint-Petersrburg in 2006). The designer and manufacturer of the drone is a group of companies called Zala Aero, set up at the beginning of the 2000s ináIzhevsk. The police reported to get the drones because of the Olympics.
The FSB also acquired drones for the Olympics. The drones, known as Gorisont-Air S-100, developed by the the Austrian company Schibel, but made on the plant of the Russian Gorisont company in Rostov-on-Don.áThe drones bought by the local branch of the Border service of the FSB, but the FSB reported that the drones are to be used during the Olympics.
Detection of submarines
From two contracts published in May and July 2013 it became clear that the Defence Ministry was to deploy the system of sonars to detect and identify submarines. The Ministry acquired the ôAmga-Mö system (Autonomous submarines sonar system, made by JSC Aquamarin, Saint-Petersburg) The system of 20 sonars could cover 80 kilometers, and the radio-sonar complex ôAnapaö, described in the documentation as ôantidiversionaryö equipment, usually installed on military ships. The contract documentation made clear that both systems were to be deployed because of the Olympics.
In six years, Russiaĺs use of SORM has skyrocketed. According to Russiaĺs Supreme Court, the number of intercepted telephone conversations and email messages has doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These statistics do not include counterintelligence eavesdropping on Russian citizens and foreigners.
Agentura.Ru. October 2013
Joint investigation of Agentura.Ru, Privacy International and CitizenLab