"Do we have total control?" Security forces will receive personal data of citizens automatically

Elena Petrova, Tatyana Sviridova

The Ministry of Digital Development has published a draft resolution according to which the FSB and the Ministry of Internal Affairs will be able to receive personal data of clients of mobile operators not upon request, but automatically through the System of Interdepartmental Electronic Interaction (SMEV), implemented through the State Services portal.

Within 24 hours, law enforcement officers will receive full information about the citizens of interest to them from mobile operators: Last name, first name and patronymic, place of residence, date of birth, date of contract with the operator, place and time of access to the telephone network. If the communication contract is concluded with a legal entity, the FSB and the Ministry of Internal Affairs will additionally receive from the operator the international subscriber identifier IMSI and the SIM card identifier ICCID. Calls will be "marked".

"NI" asked the president of AMOR (Association of Small Regional Telecom Operators) Dmitry Galushko what "call marking" is:

— You call, and I get a message about who is calling me. For example, you call from the media, and I will have it written: media. If it is an unknown, unsaved number, I will have a mark on the screen about who the number belongs to. This applies to legal entities. Not to individuals. Mass calls are legal entities. They buy.

Today, all personal data is uploaded manually by telecom operators into the SORM system. Each telecom operator buys equipment for SORM (the System of Operational Investigative Measures. — NI), but only security forces use it.

— Each operator has a subscriber database. It contains full names and passport details linked to the number. Access to this database is granted to the FSB. There is a requirement to upload this data correctly. If the subscriber deceived the operator, the FSB turns on the passport data check and receives an error. If the check reveals that the data was recorded incorrectly, or the passport is no longer valid, and the new data has not been entered into the database, then the operator does not sign the document on the commissioning of SORM, and there may be a fine of one million rubles, — says Dmitry Galushko.

From September this year, the government plans to transfer the provision of connection and subscriber data to the police and the FSB to an automatic mode.

The Law on the FSB, the Criminal Procedure Code, and the Law on the Police allow employees of special agencies to request and receive information about personal data, Doctor of Law, lawyer Lyudmila Aivar told NI:

— We are already tired of not trusting our valiant law enforcement officers, some of whom abuse their official powers, and their own leaders cover for them. Under good intentions, under the protection of citizens and society from illegal acts, they expand, expand, expand their powers.

What is scary is that you and I will never in our lives know that some data or information was requested about us and that this data or this information was used by law enforcement officers for an unclear purpose. They do not inform citizens.

In Lyudmila Aivar’s practice, there was a case when lawyers observed with absolute certainty that operational investigative measures were being taken against their client, that their phone was being tapped, that surveillance was being carried out, etc. The lawyers could have requested information from law enforcement officers, but they were sure that they would not achieve anything.

— And we filed a complaint under Article 125 of the Criminal Code to challenge the actions of the FSB, which carried out operational and investigative activities and demanded to see these documents. Naturally, we received a response that no activities were carried out, no documents exist, and we had imagined and dreamed everything. But, if any documents had been collected or falsified, they would simply no longer have legal force. This is how we covered my client, — said Lyudmila Aivar.

The court will consider a complaint about the legality of actions only if the injured party provides confirmation that the communications operator received a request from the Ministry of Internal Affairs or the FSB and provided this data.

The new unlimited access order is causing great concern among lawyers.

— We have total control. Not only does artificial intelligence listen to all our conversations, read text messages, and programs are activated for certain words, everything is recorded and placed on analysts’ desks. We also have an additional tool that can lead to violation of citizens’ rights, — Lyudmila Aivar expresses the concern of many.

IT business expert Leonid Delitsyn believes that the new requirements will not affect the business of telecom operators. Of course, they will have to modify their information systems and significantly expand the number of information points that they currently share with the Ministry of Internal Affairs and the FSB.

— The task of programmers is to create a query to this table, which will extract this information within a couple of seconds. And operators are given 24 hours to respond. Naturally, they will cope in this time. It is unlikely that they will be bombarded with thousands of requests a day. Even if thousands, this is nonsense against the background of the loads that telecom operators experience. That is, from the point of view of telecom operators' costs, it seems to me that this is insignificant. This should not affect business in any way, — the expert believes.

Dmitry Galushko has a different understanding of the situation. An entire system of state counteraction and prevention of fraud is being created. It is called GIS PP (State information system for counteraction to offenses committed using information and communication technologies) .

You won't read about it on the Internet, because the legal framework is being created right now. In total, 20 documents are supposed to be created, and "call marking" is a small stone in a large wall being built.

Both banks and digital platforms will be included in the online data exchange. The new "big brother" is designed to combat not only telephone fraud, but also virtual PBX, website substitution, and SIM boxes. Another target is Starlink and other foreign satellite communication systems. If a PBX is used, Roskomnadzor will only allow an IP address in the Russian Federation. Operators must inform Roskomnadzor about domains and IPs to which access is restricted.

Another innovation: mobile operators are required to identify subscribers using biometrics.

— We need to look more globally, at the State Information System of the PP. In addition to mandatory labeling of calls, there will be some automatic monitoring system for the purpose of identifying suspicious actions, blocking and notifying law enforcement agencies about a potential crime. Someone will create this automatic monitoring. Data needs to be transferred there, technical adjustments need to be made. All this increases the cost of communication. This is a more global issue, — the head of AMOR warns.

Oleg Chirukhin, an expert in the field of artificial intelligence and big data, believes that the new rules will not fundamentally change anything for ordinary users within the framework of the existing laws that oblige operators to store user data and transfer it to law enforcement agencies.

"Those who came up with this didn't really consider the issue of how huge this data is. You won't find anything in the automatically saved archives. Even six months of recording under the 'Yarovaya law', on a national scale, is a huge haystack," the expert says.

According to Oleg Chirukhin, connecting telecom operators via SMEV will enable security forces to quickly link a person's profile on Gosuslugi with records from surveillance systems. This will increase the speed of response to calls from FSB officers, who will receive an "automatic number identification system" that works automatically in cases where they previously had to submit requests, wait and dig through the data.

That is, the security forces will be able to quickly and more successfully identify a “telephone scammer” while the trail is still hot, but spies and “enemies of the authorities,” according to the expert, have not used open data transmission channels and free messengers for a long time.

Those who refer to the dangers of violating the Constitution forget that the Russian Basic Law does not provide a clear answer to the question of protecting personal data, says Lyudmila Aivar.

According to Article 23 , every citizen has the right to privacy, personal, family. Everyone has the right to the secrecy of correspondence and negotiations.

Article 24 states: the collection, storage, use, and dissemination of information about a citizen’s private life without his or her consent is not permitted.

All this sounds like music to law enforcement practice, having little to do with reality, the lawyer believes:

— According to the Constitution, personal data is protected only with the exception of cases provided by law. When the law provides for such a right, if the operator receives a request from the FSB, and the operator does not respond to this request, then he can be brought to administrative responsibility. There is also the International Covenant on Civil and Political Rights, which in Article 17 also speaks about the prohibition of arbitrary illegal interference in personal and family life. And this is personal life when you buy a SIM card, a phone.

Personal data is very poorly protected in Russia. The new system would protect citizens from fraudsters, but there is one "but": this information "leaks" very easily. The more data is exchanged between government and private structures, the higher the probability of leaks.

— I am deeply unsure that these rules will be observed as they should be observed and will not affect the private territory of individuals and legal entities when there is no reason for this. I am sure that personal data will leak because it is profitable for those who distribute it and, secondly, it is used for certain schemes by fraudsters, — says Lyudmila Aivar about the obvious.

But practically the entire population is under surveillance. And if banks are included in the data exchange, the tax service and the Ministry of Finance will rejoice. And in general, does the state have enough important and urgent matters?