Security forces will be able to receive data from electronic devices until a court decision

The Ministry of Internal Affairs has developed amendments to the law “On operational-search activity”, according to which any information transmitted via the Internet is equated to the data necessary for investigative actions. The changes will give the security forces the right to quickly and before a court order get remote access to data from data centers, cloud storage, from telecom operators and citizens’ devices. This will speed up search activities, but may lead to abuse.

The Ministry of Internal Affairs proposes to directly describe the right of law enforcement agencies within the framework of operational-search activities (ORM) to gain access to a wide range of information in real time. Amendments to the Federal Law of 1995 “On operational-search activity” (ORA), developed by the Ministry of Internal Affairs and published on the portal of legal acts on August 14, add to the law the possibility of researching any “information contained in technological systems for its transmission”, including the Internet. ORM in the Russian Federation can be carried out, in particular, by employees of the Ministry of Internal Affairs and the FSB.

The explanatory note says that data, including text messages, within the framework of the ORD can be received from servers in data centers, from cloud storages and other electronic media. That is, we are talking about remote access to information. The initiative is explained by the fact that Internet crimes are widespread in Russia, for example, using private networks (VPNs). According to the Ministry of Internal Affairs, more than 522,000 such crimes were detected in 2022, which accounted for 22% of their total number.

Now, in order to gain access to citizens’ messages (they are protected by secret correspondence), the Ministry of Internal Affairs needs a court decision, but the amendments will simplify the procedure and shorten the time, Artem Yablokov, partner at the Yablokov Brothers law firm, explains: “This will allow law enforcement officers to immediately start researching information. But the permission of the court will be needed in any case, albeit after the fact.” The source of information can be the devices of individuals, data of telecom operators, providers and IT companies, says the head of the Internet Search Igor Bederov: “The traffic also falls under the project: the history of access to the network, data transmitted via messengers, work with external cloud services etc.”.

The Ministry of Internal Affairs did not respond to Kommersant’s request. The interlocutor of “Kommersant” in law enforcement agencies explained that the main goal of the amendments is to officially “include the Internet and other means of communication in the list of what can be investigated as part of the ORD.” Major telecom operators declined to comment.

Now it is problematic for law enforcement officers to attribute to an operational event, for example, fixing (certifying) the contents of a web page or correspondence on a forum, says a specialist from the FAC.C.T. Computer Forensics Laboratory. (formerly Group-IB) Igor Mikhailov: “Because of this, it is impossible to use them to prove a crime.” Also, the changes will eliminate the legal conflict when foreign IT companies store the data of Russians physically outside the country, and police officers by law have the right to work only in the Russian Federation, he clarifies: “Now the data can be studied through a user in the Russian Federation – a company or an individual” .

Any hosting provider deals with ORM requests, says RuVDS provider CEO Nikita Tsaplin. But now data collection has already been implemented in the form of SORM (System of operational-search activities) and TSPU (technical means of countering threats), which are installed on communication networks, he notes. Therefore, the expert considers the amendments redundant.

Anton Gusev, a partner at Timofeev, Gusev & Partners, agrees with him: “Already now, law enforcement agencies have no particular difficulties in legally seizing a phone, laptop, tablet and examining them, including correspondence and other information. Nothing has changed in this regard.” But the simplification of remote access to citizens’ data, according to lawyers, “is fraught with abuse” by the security forces.

Tatyana Isakova, Anna Zanina