SORM: New Ex-KGB Moves in Telecom

25 June 1998
From: "Maksim Otstavnov" <maksim@volga.net>
To: cypherpunks@toad.com
Date: Thu, 25 Jun 1998 22:28:02 +0400
Subject: SORM: New ex-KGB moves in telecom
CC: John Young <jya@pipeline.com>, Chris Oakes <chriso@wired.com>

-----BEGIN PGP SIGNED MESSAGE-----

To whom it may concern:

The text between [Start of translation] and [End of translation] lines below
is a verbatim translation of the two drafts of documents which are currently
in the state of approvement by the two Russian ministries: Federal Security
Service (FSB, one of the five special services inheriting to KGB) and State
Committee on Communications (Goskomsvyaz'). The originals (and comments) are
available at the Libertarium Webpages (www.ice.ru/libertarium/sorm).

Inconsistencies of the original texts (including but not restrictive to:
paragraph misnumbering, language vagueness etc.) are left intact. I left the
two Russian abbreviations: SORM for the System of efficient research measures,
and FSB for the Federal Security Service, to avoid confusion in future.

In short: if approved, the rules will provide ex-KGB with technical facility to
_directly_ and covertly wiretap _any_ information transmitted via
telecommunication networks including telephone, telegraph, Internet etc. and
there will be no means to ensure KGBists obtained a court warrant (required by
Constitution and other federal legislation) before wiretapping.

Any informed comments (of legal and technological, not emotional nature) from
both organisations and from individual experts are welcome.

I am grateful to all involved with obtaining the documents. Hope some day I
will be in a position to mention them by their names...

- - Maksim Otstavnov

[Start of translation]

Approved                                                   
Deputy Director Federal Security Service
A.A.Bespalov
"____"___________1998

Confirmed
"____"___________1998

TECHNICAL  REQUIREMENTS 
TO THE SYSTEM OF TECHNICAL MEANS 
PROVIDING FOR THE FULLFILMENT OF EFFICIENT RESEARCH MEASURES 
IN THE DOCUMENTAL TELECOMMUNICATIONS NETWORKS

Approved
Head of the Telecommunications Management
A.Yu.Rokotyan
"____"___________1998Ç.

First Deputy to the Director General 
Of the Central Research Institute 
of the State Telecommunications of Russia
Yu.A.Alekseev
"____"___________1998Ç.

1. PURPOSE

1.1. The system of technical means destined to provide for the system of
efficient research measures (SORM) in the networks of the documental
telecommunications (NDTC) is being arranged at the basis of the Russian
Federation legislation and is meant to provide for technical support of the
above research measures in the telecommunications networks which are used for
supplying customers with telematic services, data transmission services, and
access to the world global information network of INTERNET. 

1.2 The actual technical requirements (TR) concern all NDTC regardless of
their forms of ownership formed previously or being currently formed according
to the Russian State Communications Committee licenses. 

1.3. SORM should provide for reading of all information (both incoming and
outgoing) belonging to the specific subscribers of the network(s) in question.

1.4. The actual TR should be observed regardless of what means of
information protection may be used in the NDTC.

1.5. The actual TR should be observed while providing additional services to
the NDTC subscribers.

1.6. The actual TR should be observed for each individual subscriber
regardless of the type of his connection to the DTC networks (individual or
collective). 

2. SET OF EQUIPMENT The set of SORM equipment should include:

  hardware and software means (HSM) providing for the requirements
fulfillment by SORM, these means should be part of the distant control center
(DCC) -  HSM SORM DCC;

  hardware and software means (HSM) providing for the requirements
fulfillment by SORM these means should be part of the NDTC node equipment -
HSM SORM NDTC;

  communication channel (communication lines and channeling hardware)
providing for establishing of communication between HSM SORM DCC and HSM
SORM NDTC; 

Note: The channeling hardware should be part of the HSM SORM NDTC equipment. 

  SORM software security and confidentiality protection means.

3. GENERAL REQUIREMENTS FOR THE SORM ORGANIZATION

3.1. NDTC SORM management should be controlled from the DCC by way of its
cooperation with the HSM SORM DCC via communication channels providing for
controlling commands transmission from the DCC to HSM SORM NDTC and for
information transmission from HSM SORM NDTC to the DCC. 

3.2 SORM should provide for transmission of the following information from the
HSM SORM NDTC to the DCC: 

  about the HSM SORM NDTC readiness; 

  about the results of DCC commands fulfillment; 

  about unauthorized interference with the HSM SORM NDTC work. 

3.3. SORM should provide for transmission to the DCC the NDTC
subscribers data base with the following information about subscribers at the
request of the DCC operator: 

  registration date in the DTC networks; 

  electronic address; 

  registration address; 

  additional services provided (including internet roaming (and voice
communication services). 

3.4. At the DCC command SORM should provide for receiving of the following
information pertaining to any individual user: 

  statistic information reading; 

  reading of information (both incoming and outgoing) belonging to specific
subscribers. 

Note: This command may be documented by the communications operator. 

3.5. SORM should provide for determination of: 

  subscriber's telephone number if he uses common carrier telephone line
(providing this line allows for this) for using telematic services and data
transmission;

  subscriber's electronic address if the latter uses other telecommunication
networks for using telematic services and data transmission. 

3.6. While reading statistical information SORM should provide for
transmission of the following information to the DCC HSM SORM NDTC: 

  period of work in the NDTC;

  telephone or commuted telephone line number or network address (of an other
network) used for NDTC access; 

  network addresses used for reception or transmission of information via
NDTC. 

3.7. While reading information SORM
should provide for transmission of the following information to the DCC HSM
SORM NDTC: 

  period of work in the NDTC; 

  telephone or commuted telephone line number or network address (other
network address) used for NDTC access; 

  real-time information transmitted via NDTC and belonging to specific
subscribers. 

3.8. The SORM reaction time from the moment of DCC command transmission to the
moment of its fulfillment confirmation by the HSM SORM NDTC reception should
not exceed 30 seconds (excluding the communication services access
discontinuation). 

4. HSM SORM NDTC AND HSM SORM DCC COMMUNICATION  INTERFACE 

4.1. Communication between SORM and DCC should be
conducted via the data transmission channel. 

4.2. Data transmission channel reservation should be provided. 

4.3. Switch to the reserve channel should be provided in case of the main
channel fault. 

4.4. The information exchange should be conducted via isolated communication
channel in a duplex regime at a speed not less than maximally allowed for the
NDTC subscribers. 

4.5. Interface of communication with the channeling equipment should comply
with the ITTU recommendations V.36, V.24, G.703. 

4.6. Protocol of digital data exchange between SORM and DCC should comply with
the X.25 ITTU recommendation (edition of 1995) for single chain LAPB
procedure. 

Note: When protocols used for the networks information exchange differ from
those recommended by the ITTU X.25 (such as TCP/IP), the protocol of
information exchange between SORM and DCC may differ from the protocol
mentioned in paragraph 4.6. as agreed with the FSB of Russia and the network
administration. 

4.7. The protocol of connection between SORM and DCC (the type of service
information, SORM/DCC interaction algorithm, arrangement of the information
transmission) should be defined in the process of SORM software development by
agreement with the FSB of Russia. 

5. SORM EFFICIENCY CONTROL 

5.1. Functional control of the SORM hardware and software efficiency against
the background of the NDTC equipment functioning should be provided for during
the exploitation. 

5.2. DCC should receive information concerning faults interfering with the
work of the NDTC SORM. 

5.3. Performance control of the information exchange channels between SORM and
DCC should be provided for. In case of the damage of information exchange
equipment data transmission should be cancelled and a corresponding message
should be transmitted to the maintenance personnel while automatic switch on
to the reserve channel should be fulfilled. 

6. UNAUTHORIZED INFORMATION ACCESS CONTROL 

6.1. The possibility of unauthorized interference with the process of
functioning and interaction between the HSM SORM NDTC and HSM SORM DCC should
be excluded. 

6.2. The possibility of unauthorized access to the data and software
providing for the HSM SORM NDTC interaction should be excluded. 

6.4. DCC should receive reports on all attempts of unauthorized access and
interference with the HSM SORM NDTC functioning. 

6.5. Information exchange between SORM and DCC should be secured. 

7. SORM INITIALIZING AND RESTART 

7.2. In case of SORM node software restart the information about this fact
should be transmitted to the DCC. 


7.3. Technological conditions of the SORM node software restart should
include the procedure of HSM SORM NDTC restart. 

7.4. A possibility of restarting part of the software controlling the work of
the HSM SORM NDTC should be provided for at the DCC command. 


_____________________________________________________________________________

Approved 
Deputy Director 
of the Federal Security Service 
of the Russian
Federation 
A.A.Bespalov 
"____"___________1998

Confirmed
"___"___________1998

THE ORDER OF IMPLEMENTATION OF THE SYSTEM OF THE EFFICIENT RESEARCH MEASURES
IN THE DOCUMENT TELECOMMUNICATIONS NETWORKS 

First Deputy to the Director General 
of the Central Research Institute 
of the State Telecommunications of Russia 
Yu.A.Alekseev

"____"___________1998


Administrations of the telecommunications documental networks (DTC) including
the services of data transmission, telematic services, Internet informational
resources access services that are guided by the "Technical  Requirements To
The System Of Technical Means Providing For  The Fullfilment Of Effecient
Research Measures In The Documental Telecommunications" should conduct the
following technical and administrative operations. A plan of measures to be
taken in order to implement the system of efficient research measures (SORM)
in the network consisting of two stages (the first stage may be missing)
should be developed and coordinated with the Federal Security Service of the
Russian Federation. 

The first stage - implementation of limited functions SORM using standard
equipment of the telecommunications provider, experimental running of the
system and evaluation of its compliance with the main technical SORM
requirements. 

The second stage - full fledged SORM implementation considering the results of
the experimental exploitation. The first stage provides for: 

1. Development and coordination with the FSB of the technological scheme and
SORM functioning algorithms at the telecommunications operator's network based
on the technical requirements. 

2. Correction if necessary of SORM technical requirements considering the
results of the first stage implementation. 

3. Development of the list of SORM hardware and software used at the first
stage and according to the results of the first stage (stating type, cost,
supply conditions and payer for each item). 

4. Preparation of proposals and coordination with the FSB of Russia of the
necessary communication protocols for data exchange between SORM equipment and
standard equipment of the telecommunications provider if the provider complies
with the SORM technical requirements (stage 2). 

5. Purchase and delivery of the SORM equipment in accordance with the list
provided by p. 3 

6. Allocation of necessary technical means for checking and tuning of the SORM
software at the provider's equipment. 

8. Organization of the intercity communication line between
telecommunications operator and the DCC.

9. Preparation of the exploitation and technical documentation for the SORM
including the regulations for the duty services interaction. 10. Testing and
tuning of the SORM hardware and software during interaction with the
telecommunications operator standard equipment. 

The first stage is completed as the SORM acceptance report is signed and it is
accepted for experimental exploitation as the result of the joint tests (FSB
as the contractor and the telecommunications operator as the performer.)

The second stage provides for:

1. Development of the SORM requirements for the telecommunications operator
equipment based on the "Technical  Requirements To The System Of Technical
Means Providing For  The Fulfillment Of Efficient Research Measures In The
Documental Telecommunications" (adjusted if necessary according to the results
of the first stage) containing the list of: 

  hardware and software means providing for the implementation of the SORM
requirements and included into the equipment of the node (nodes) of DTC
network - HSM SORM NDTC; 

  hardware and software means providing for implementation of the SORM
requirements and included into the DCC equipment - HSM SORM DCC; 

  type of channel for communication between NDTC and HSM SORM DCC; 

  type of equipment for the communication channel between the HSM SORM NDTC
and HSM SORM DCC; 

  the data exchange velocity between the HSM SORM NDTC and HSM SORM DCC; 

  protocol of the data exchange in the communication channel between HSM SORM
NDTC and HSM SORM DCC; 

  protocol of junction between HSM SORM NDTC and HSM SORM DCC; 

  information security and privacy protection software for the SORM.
Telecommunications operator should coordinate technical requirements with the
FSB of Russia. 

2. The specification of the specific hardware and software that should be
included as part of the standard equipment of the telecommunications operator
and of the DCC (stating type, cost, supply conditions and payer for each item)
is compiled according to the technical requirements. The specification is
coordinated by the telecommunications operator with the FSB of Russia organs. 

3. Technical design development for the SORM implementation by the
telecommunications operator's enterprise is fulfilled by the organization
licensed for the fulfillment of design works by the order of the
telecommunications operator. 

4. Development of the SORM technical exploitation documentation  including
regulation for duty services interaction. 

5. SORM equipment assembling at the telecommunications operator's enterprise
is fulfilled by the organization licensed for the fulfillment of assembling
works by the order of the telecommunications operator. 

6. Testing and tuning of the SORM software at the telecommunications
operator's equipment. 

7. Conducting joint SORM tests (FSB of the Russian Federation as a contractor
and the telecommunications operator as a performer). The second stage is
concluded with the SORM industrial exploitation acceptance report which is
jointly approved by the telecommunications operator management and the FSB of
Russia representatives. 

[End of translation]

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0.1iRu
Charset: noconv

iQCVAwUBNZJq7XGCEHWOiJDhAQE6cwP9Fm9c8js94liPIbQa+UHUAsPFuOAmEUQd
QsMIlNgJjTtRvmoDZS6fjxYbLgbO4imEOtsKEeIMJsZqX8UC0er2tk7VO3eK0968

EzM8w3+t8yFLB98/tWGE9Ghz2HiZh/ywoRiGX8Y08ZkKitYgOk/Aq4EmBHVQp92X
ePOimdtAtdY=
=BdJi
-----END PGP SIGNATURE-----
-- Maksim Otstavnov <maksim@volga.net> http://www.ice.ru/otstavnov/
--   - chief, Labs of Civil & Financial Crypto
--   - editor, "CompuNomika" monthly
--   - maintainer of The Russian PGP HomePage