Circling the Lion's Den

Surveillance at the Sochi Olympics 2014

Andrei Soldatov, Irina Borogan

Stories in The Guardian:

The Issue of surveillance in Sochi put in context of larger surveillance state in our story in The World Policy Journal (Fall 2013 Issue):
The story of FSB's system of metadata collection during the Olympics was published in The Moscow Times:

Basic facts

The main role in providing security for the Olympics was handed over to the country's all-powerful Federal Security Service, FSB. In May 2010 an FSB generalOleg Syromolotov, has been appointed the chairman of the interdepartmental operations staff to provide security at the Games. Remarkably, inside of the FSB Oleg Syromolotov is not in charge of counterterrorism operations, as it might be expected, but a long-standing chief of the counter-intelligence department, and has spent his entire career at the KGB and then FSB hunting down foreign spies.

Communication interception

In September 2010 at a conference in Sochi, a presentation that had been ordered by the FSB was given on security in Sochi. The presentation, which we have obtained, was mostly about cyber threats, but it also said that SORM, Russia’s main system for intercepting communications, should be significantly updated in Sochi, and it also specified that this should be done in secret.
SORMs tactical and technical foundations were developed by a KGB research institute in the mid-1980s, and recent technological advances have updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations.
In most Western nations, law enforcement or intelligence agencies must receive a court order before wiretapping (in the UK a warrant signed by a Secretary of State, usually the Home Secretary). That warrant is sent to phone operators and Internet providers, which are then required to intercept the requested information and forward it to the respective government agencies. In Russia, FSB officers are also required to obtain a court order to eavesdrop, but once they have it, they are not obliged to show it to anybody except their superiors in the FSB.
Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes. The FSB does not even need to contact the ISPs staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network.
Since 2010 Russian authorities have been busy making sure that SORM equipment is properly installed in the Sochi region – and several local ISPs were fined when it was discovered they had failed to install Omega the SORM device recommended by the FSB (see this court decision, as example).
The Russian authorities made sure that visitors of the Olympics will have no trouble with wireless high-speed Internet. Special efforts were made to turn Sochi into the wireless area. In November 2012 it was announced that there will be free Wi-Fi access at all the competition venues «for the first time in Olympic history», as well as in the media centers and media hotels. Its also promised that the free Internet package will provide Wi-Fi access at a speed of up to 10 Mb guaranteed in all media-zones of all the competition venues, Main and Gorki Media Centers as well as on the territory of the Olympic stadium. This free solution has superior speed parameters to similar paid-for services that were offered to the public at previous Games in London (speeds of up to 8Mb, Sochi 10Mb), and will be 5 times quicker than the paid-for solution in Vancouver.The task to launch the Greater Sochi WiFi public access network with over 57 WiFi areas was handed over to Rostelecom, Russias national telecommunications operator.
What was not so widely announced is that by April 2011 most of telecom equipment suppliers to Russia modified their WiFi equipment according to new Russian rules introduced by the FSB. According to the rules, all means of encryption in the wireless controllers should be disabled, if sent to wired network segments. It means customers could use wireless encryption in public to secure their communications against casual eavesdropping by hackers but the FSB would still be able to intercept the traffic.

Mobile networks in Sochi have been also significantly updated. In June, Rostelecom, Russias national telecom operator, launched a 4G LTE network in the area around Sochi, and there is a promise that visitors will have access to the fastest Wifi networks in Olympic history, for free. But simultaneously, according to documents seen by our investigation team, Rostelecom is installing DPI (Deep Packet Inspection) systems on all its mobile networks, a worrying technology which will allow the FSB not only to monitor all traffic, but to filter it.

Those who are determined to take their laptops and smartphones with them to Sochi anyway could be under the impression that their communications will be relatively safe, due to the sophisticated encryption provided by most of the Internet giants such as Google, Facebook and so on. They are likely to be wrong.
In March, Russias Communications Ministry introduced new SORM Regulations for Internet Service Providers. The regulations are the first document where major servers based in the West, such asgmail.comandyahoo.comare specifically mentioned as services that should be able to be intercepted. The decree is not yet signed, but the intention is clear.

Metadata collection

On November 8th, 2013 Russia's Prime MinisterDmitry Medvedevsigned the decreewhich expressly authorizes thegovernment tocollect data ontelephone calls andInternet contacts made bythe Olympic Games' organizers, athletes andforeign journalists.

Thedecree provides forthe creation ofa database forthe users ofall types ofcommunication, including Internet services atpublic Wi-Fi locations "in avolume equal tothe volume ofinformation contained inthe Olympic andParalympic identity andaccreditation cards." That is, thedatabase will contain not only each subscriber's full name, but also detailed information guaranteed toestablish his identity. What's more, thedatabase will contain "data onpayments forcommunications services rendered, including connections, traffic andsubscriber payments."

That is called "gathering metadata" inthe language ofintelligence agencies.

Which individuals will be included inthe database authorized byMedvedev's decree? According tothe text ofthat document, Russian authorities will be monitoring theorganizers andparticipants ofthe Games, including members ofthe International Olympics andParalympics Committees, theWorld Anti-Doping Agency, theCourt ofArbitration forSport, national Olympics committees, as well as athletes, team doctors andtechnical assistants andeven referees andevent judges.

But that's not all. Aseparate clause lists foreign news agencies andmedia services, andone paragraph lower, accredited journalists andphotographers are mentioned asecond time just incase.

What's more, theinformation collected during theOlympic Games will be stored forthree years andthe Federal Security Service will have "round-the-clock remote access tothe subscriber database." That means theFSB, operating froma remote location, will have three years toexplore towhom, when andhow often athletes, judges andjournalists attending theGames made calls.

Video surveillance

The video surveillance project was launched as a part of the bigger “Safe Sochi” project.Main contractor of the project is mobile operator Megafon (planning and development of the system). The person in charge Tigran Pogosian, Deputy General Director of Strategy Projects at MegaFon OJSC.According to the contract documentation and media reports, there are more than 5500 videocameras in Sochi installed because of the project. 309 cameras out of 5500 are manned by the FSBwith the 90 days period of keeping records (others cameras should keep 10 days records).

There is the Situation Center built to deal with the cameras, with 40 personnel.

Surveillance analysis equipment provided by the Israeili company NICE Systems. In September 2012 NICE announced that the city of Sochi got the complete NICE Surveillance portfolio as part of Safe Sochi initiative.

Drones

The FSB and the Interior Ministry both deployed drones for the Olympics. The regional Krasnodar's aviation section of special purpose of the Interior Ministry have a number of Zala 421 drones (a small plane with a wingspan of just over 1.5m, weighing about 5kgs and able to fly at 3000m for 90 minutes. The Zala is equipped with thermal vision, can plot map grid references of objects below and transmits video- and photographic images live to an operators screen (first used by the Russian police during G8 Summit in Saint-Petersrburg in 2006). The designer and manufacturer of the drone is a group of companies called Zala Aero, set up at the beginning of the 2000s inIzhevsk. The police reported to get the drones because of the Olympics.

The FSB also acquired drones for the Olympics. The drones, known as Gorisont-Air S-100, developed by the the Austrian company Schibel, but made on the plant of the Russian Gorisont company in Rostov-on-Don.The drones bought by the local branch of the Border service of the FSB, but the FSB reported that the drones are to be used during the Olympics.

Detection of submarines

From two contracts published in May and July 2013 it became clear that the Defence Ministry was to deploy the system of sonars to detect and identify submarines. The Ministry acquired the Amga-M system (Autonomous submarines sonar system, made by JSC Aquamarin, Saint-Petersburg) The system of 20 sonars could cover 80 kilometers, and the radio-sonar complex Anapa, described in the documentation as antidiversionary equipment, usually installed on military ships. The contract documentation made clear that both systems were to be deployed because of the Olympics.

Context

In six years, Russias use of SORM has skyrocketed. According to Russias Supreme Court, the number of intercepted telephone conversations and email messages has doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These statistics do not include counterintelligence eavesdropping on Russian citizens and foreigners.

Agentura.Ru. October 2013

Joint investigation of Agentura.Ru, Privacy International and CitizenLab