Russia’s Digital Development Ministry has drafted new requirements for telecom operators on transferring user data through the system of operational-search measures, SORM. Kommersant drew attention to the document опубликованный on the official legal information portal.
What data must be transferred
Under the document, telecom operators must make it possible to search for and transfer to security agencies a broad range of user data. The list includes passport details and addresses, tax identification numbers, banking details, IP addresses, domains, logins, geolocation, and organizational information.
As Igor Bederov, director of investigations at T.Hunter, told Kommersant, the previous requirements were “far more general.” In his words, the state is “closing technological gaps” and making the data-collection system “not just comprehensive, but intelligent.”
SORM is the system through which security agencies gain access to data held by telecom operators and internet providers as part of operational-search activities.
Context
Russian agencies are increasingly demanding broader user information. Earlier, Roskomnadzor fined 85 telecom operators that failed to provide the authorities with subscribers’ IP address data.
Roskomnadzor said collecting such data is necessary for “countering computer attacks, including DDoS attacks.” At the same time, a source cited by Izvestia and described as close to one telecom operator claimed that IP address information can also help determine whether a user is using a VPN.