Where did Echelon come from? How are we controlled and how much does this contradict our rights and freedoms?

cripo.com.ua

12 min

View Original

WikiLeaks founder Julian Assange said that the web platforms of Facebook, Google and Yahoo have a hidden interface for tracking users. Representatives of social networks and these online services do not confirm this information in any way - and, most likely, there really are no such interfaces. They are simply not needed.

We live in a free society, and in Russia there are practically no restrictions on topics discussed on the Internet. Timid attempts by legislators to slightly limit the flow of disinformation and pornography are met with hostility by the online community, largely due to a sense of contradiction and reluctance to impose any restrictions on themselves. We will not discuss here the technical possibility of limiting the dissemination of any information - this has already been discussed more than once and will be discussed. Let's talk about something else. How much are you and I being controlled and how much does this contradict our rights and freedoms?

Let's start with Russia

Few people know that our country has SORM-1 and SORM-2 systems. The first was organized in 1996 and is intended for listening to telephone conversations, the second was organized in 2000 and is used to record calls on the Internet.

SORM stands for System of Technical Means for Ensuring the Functions of Operational Investigative Activities and operates on a completely legal basis. SORM operates in accordance with the Law “On Communications” and the order of the Ministry of Information Technologies and Communications. dated January 16, 2008 No. 6 (for a detailed description of the possibilities, see here and here.

And one should not think that this is a legacy of terrible totalitarianism. It all started long before Stalin - back in 1913, equipment was installed in the premises of the IV State Duma in St. Petersburg that made it possible to eavesdrop on telephone conversations of people's representatives.

In 2005, the system was slightly changed and received the name SORM-3 in the press. It operates within the framework of the Decree of the Government of the Russian Federation of August 27, 2005 No. 538 “On approval of the rules for interaction of communication operators with authorized state bodies carrying out operational investigative activities.”

According to the decree, operators are required to connect information systems containing databases, as well as technical means, to the control center of the federal security service. In this case, the databases must contain the following information about subscribers of the telecom operator: last name, first name, patronymic, place of residence and details of the main identification document, presented upon personal presentation of the specified document by the subscriber - for a citizen subscriber.

Secondly, the name of the legal entity, its location, as well as a list of persons using the terminal equipment, certified by an authorized representative of the legal entity, which indicates their last names, first names, patronymics, places of residence and details of the main identification document. Thirdly, database information on payments for communication services provided, including connections, traffic and subscriber payments. The operator undertakes to store all information for three years.

Organization of data transmission channels between the automatic telephone exchange and the SORM control unit

And the operator cannot refuse to store data about users, nor in general refuse to help the intelligence services - if the requirements are not met, the telecom operator’s license can be revoked.

There are hundreds of Internet access service providers in Russia, and it is unrealistic to control the traffic going through all providers. But this is not necessary. Trunk communication channels are serviced by a small number of large providers (including Rostelecom) - and the main traffic one way or another goes through them. And, no matter what you do, you will in any case be identified by one of those who implemented the equipment. And only then, if they consider you a violator of the law, having received a warrant, they will come to the small provider for assistance.

SORM equipment is installed on PBXs and Internet providers, and the remote control is located in FSB departments. SORM allows you to control outgoing and incoming calls to subscribers, disconnect an established connection upon command from the control point, secretly connect to any subscriber lines, including those in a connected state, and also capture any incoming and outgoing information from users when they work on the Internet - including email. In mobile networks, you can get information about who you talked to (subscriber number, duration), your location, your SMS correspondence, information about the content or services you ordered.

There are quite a lot of companies in Russia and abroad developing equipment for tracking purposes. As an example, you can look at the sites www.norsi-trans.ru/pcategory/sorm-123, www.mfisoft.ru/products/sorm/sorm2/sormovich, www.edecision4u.com, www.mantech.com.

Will you be able to detect the surveillance? According to Order of the Ministry of Communications of the Russian Federation No. 6 of January 16, 2008, “In communication networks, it is ensured that the possibility of detection by participants in a controlled connection or participants in the transmission of telecommunication messages of the fact of conducting operational investigative activities is excluded.” That is, if you do not know that you are being watched, it does not mean that you are not under surveillance.

In 2011 alone, law enforcement agencies received 466,152 permits from Russian courts to listen to and record telephone conversations, as well as messages transmitted “via electrical and postal networks,” that is, to intercept e-mail.

But you shouldn’t think that our own and other people’s citizens are monitored only in our country. The initiator of surveillance was the most democratic country - the United States. And due to the fact that it currently has the greatest technical capabilities, and thanks (to whom war brings tears, and to whom money in their pockets) the terrorist attack on the World Trade Center and in accordance with the adopted Patriot Act - control over their own and others citizens in the United States is much more total and not limited by legislative frameworks. The New York Times reports that the National Security Agency's massive wiretapping of telephones was authorized by the president alone, without a court order or notice to Congress.

Traditional disclaimer. Although general information about tracking systems is available, implementation details are carefully kept under wraps. For example, a list of words to which one of the systems reacts has been published, but in essence it does not give anything.

The rules in which keywords are involved, the way of analyzing the context in which they are used, are important, but this data is not freely available.

And the reasons for this are clear - knowing the rules for constructing queries, they can be bypassed much easier and without attracting attention to the fact that technical means of protection against tracking are used. Therefore, everything that is said in the article is taken from publicly available sources, which, as a rule, describe a system created long before SORM and therefore much more covered in the media - the American ECHELON.

"Echelon" wheels

In 1945, control reached a new level - US President Harry Truman set his intelligence services the task of intercepting all radio signals coming from the “dangerous” Soviet Union at that time. In 1948, the United States and Great Britain signed an agreement on full cooperation in the field of electronic espionage UKUSA, which established that the main rights to use the new system belonged to the United States and Great Britain, and other countries (Canada, Australia and New Zealand) that also took part in the project , received the status of “minor users”.

The system gradually developed, and at the moment it covers the entire globe. According to reports, Western Europe, North Africa and Russia up to the Ural Range are controlled by the British Government Communications Centre. The US NSA is responsible for the American continent and the eastern part of Russia, while the Pacific and South Asian regions are handled by the intelligence services of Australia and New Zealand. Recently, China has been included in the Echelon system. On the border with Kazakhstan and Altai in the Xinjiang Uyghur Autonomous Region, the National Security Agency has built two interception stations. With their help

The US NSA intercepts 90 percent of electronic communications in eastern Russia.

The Americans themselves were monitored by another NSA station for a long time, located in the former independent Hong Kong, in the town of Chang Hom Kok.

Information transiting through the United States is considered subject to local laws, so everything from phone calls to email is monitored.

One method of intercepting information could be to install equipment in close proximity to the routers of large fiber optic backbones, since most Internet traffic passes through them, and their number is relatively small. Echelon uses orbital reconnaissance satellites, radio reconnaissance bases throughout the planet, which also receive information through commercial communications satellites, and various radio networks. All this is automatically accumulated and processed.

Echelon can do a lot. For example, fight international terrorism. And for these purposes, it can track information about bank transfers and large contracts, collect “political compromising evidence,” etc.

Subsequently, tracking systems multiplied like mushrooms - Carnivore, DCSNet, Frenchelon... But Echelon was and remains the most powerful control system.

The contents of European and American data centers and backhaul links have been controlled since the early 1990s based on the International Interception Requirements (IUR). The results and methods of this work are described in a document called Enfopol, which is updated approximately every year and a half. The databases of payment systems Visa, MasterCard, Diners Club are monitored in search of strange purchases, senseless movements around the country, cashing out large sums of money in potentially dangerous regions, etc. All in the name of control over criminal groups, naturally. The spread of control systems is greatly facilitated by the development of plastic cards as payment systems.

Security, Law and Privacy

Is it possible to protect yourself from eavesdropping? Can. Use encryption of correspondence, dedicated channels, the Tor network, acoustic jamming devices to block the microphone of cellular phones. But there are a few but:

1. if you are encrypted, it means that you have something to hide, and you may be looked after more carefully;
2. not the Internet alone. Can't hack the communication channel? There are more than enough other control methods. For example, according to media reports, the German Ministry of Internal Affairs was recently at the center of a scandal, distributing the Quellen-TKÜ virus, intended for espionage.

But will it be legal? Decree of the President of Russia No. 334 “On measures to comply with the rule of law in the field of development, production, sale and operation of encryption means...” in Russia, “activities of legal entities and individuals related to the development, production, sale and operation of encryption means, as well as secure technical means” are prohibited storage, processing and transmission of information, provision of services in the field of information encryption without licenses.”

That is, if you want to hide your information from the attention of the state, you must obtain a license from the state! Again, in Russia you need to use only certified encryption tools that have passed the appropriate test.

Are you being personally followed? Extremely doubtful.

Even under totalitarian regimes, you cannot assign a spy to everyone. Terabytes of information passing through the Internet do not allow us to analyze it all. But the cat does not catch mice all the time - 70 percent of its working time it brazenly sleeps on the stove or your laptop. But as soon as something rustles in the corner... Intelligence services annually report on a significant number of prevented terrorist attacks. And who knows how many of them were prevented thanks to correspondence control?

What about your right to privacy? Most likely, in practice, everything happens the same as when using DLP systems (leakage monitoring systems) in commercial companies.

The system controls the flow of information without paying attention to the sender and recipient

- controlling only the content. When suspicious information is found, an alert is sent to the appropriate person. In commercial companies, they must come to the suspect and politely ask to show the correspondence - otherwise there is no way - a violation of the right to correspondence. In the case of intelligence services, permission from a judicial authority must be obtained. The fact is that we live according to the Constitution, and Article 23 of the Russian Constitution clearly establishes the secrecy of personal correspondence. Its restriction is allowed only by court decision. True, according to the law, it is possible to use SORM before a court decision - “in cases established by federal laws.” One of the contradictions that our life is full of, but in any case, the Supreme Court of the Russian Federation does not see it until the law is violated.

But this is in our country, in a country of rampant corruption and lawlessness. Things are completely different in countries where the rights of citizens are supposedly inviolable.

Spy Billions

In 1993 and 1994, with the help of industrial espionage, American companies managed to obtain foreign contracts with a total value of about 16.5 billion dollars. A number of French companies and agencies have sued the US National Security Agency, accusing it of using the Echelon system to obtain multimillion-dollar contracts for American companies.

Former CIA Director James Woolsey said then that the United States at one time managed to disrupt a deal worth $6 billion between Airbus and Saudi Arabia when, thanks to Echelon wiretapping, the NSA found out that the Europeans were offering kickbacks to the Arabs. Also, the NSA interception helped the American firm Raytheon secure a contract worth $1.4 billion to supply radars in Brazil, rather than the French firm Thomson-CSF.

What threatens you personally? In general, nothing. We are not fish in an aquarium - we can swim wherever we want. But as soon as we cross the invisible border, a signal goes off. Most likely, you will not notice anything, but one day you will be denied a visa or access to a secret facility without explanation. Do you think that a letter you wrote with the note “erase upon receipt” or a deleted post on Twitter will hide your shame? From ordinary Internet users - yes. But from those who hold the Network in their hands - no. If necessary, all your correspondence will be provided to the customer. Almost nothing goes missing on the Internet. All your posts on Twitter, Facebook, LiveJournal... - everything ends up in the cache of search engines, Internet content storage systems, etc.

Not SORM alone...

But it’s not SORM that’s scary to us. This system is aimed at protecting national security, and it is unlikely to be interested in our minor sins such as piracy (but who knows). Not SORM alone. Continuing the theme of the fight for a clean Internet, Roskomnadzor planned round-the-clock monitoring of online media using a special software and hardware complex. It was planned to check texts, photos, audio and video materials for compliance with Russian laws. It follows from the competition documentation that it was planned to monitor all content for the presence of words, expressions and other tags from a given list. The dictionary of expressions and keywords, according to the terms of reference, should be replenished with up to 5 million entries.

Well, for a snack. WikiLeaks founder Julian Assange said that the web platforms of Facebook, Google and Yahoo have a hidden interface for tracking users. Representatives of social networks and these online services do not confirm this information in any way - and, most likely, there really are no such interfaces. They are simply not needed. This is easy to understand (thanks to journalists from Boston) from the example of a dossier on a Facebook user, provided at the request of law enforcement agencies. And also using the example of monitoring suspects during the investigation.

Author: VYACHESLAV MEDVEDEV, Polit.ru