UPDATED: June 2015 | SOURCE: Telecommunications Industry Dialogue with support from Hogan Lovells

Provision of Real-time Lawful Interception Assistance

FEDERAL LAW NO. 144-FZ DATED 12 AUGUST 1995 (THE “LAW ON INVESTIGATIVE ACTIVITIES”)

Under article 8 of the Law on Investigative Activities, any state investigatory authority may apply to court for permission to intercept a person’s private communications.  Article 13 of the Law on Investigative Authorities defines the state investigatory authorities in Russia as including the police, the state intelligence authorities, the customs authorities and the external intelligence agencies, (the “SIAs“).

The court will only grant permission for an interception where the SIA has evidence that:

  • a crime has been or may be committed and the interception will assist with the investigation;
  • the person whose communications are to be intercepted is preparing to commit or has committed a crime and the interception will assist the investigation; or
  • there is evidence of a threat to national security.

Article 8 of the Law on Investigative Activities also provides that private communications may be intercepted without a court order where the person whose communications are to be intercepted consents to the interception. Consent may be sought where the interception relates to the collection of information about, for example, information leaks (including leaks of state secrets), corruption within the security services, or protection of officers of investigative authorities and their families who have assisted with operations and whose lives are under threat.

FEDERAL LAW NO. 126-FZ DATED 7 JULY 2003 (THE “LAW ON COMMUNICATIONS”)

Under article 64 of the Law on Communications, an operator of any licensed telecommunications network or telecommunications service provider (a “Network Operator“) is obliged to provide assistance to the SIAs in accordance with the provisions of Russian criminal law, and to provide all information requested by an SIA in accordance with a court order made under the Law on Investigative Activities.

Article 64 of the Law on Communications also provides that a Network Operator must, at its own expense, ensure that its networks and equipment meet the technical standards required to fulfil these obligations. These standards are set out by the Ministry of Communications in consultation with the SIAs.  Network Operators are obliged to ensure that information about any of the methods used by the SIAs or specific operations remain confidential.

FEDERAL LAW NO. 149-FZ DATED 27 JULY 2006 (THE “LAW ON INFORMATION”)

It remains unclear in Russian law whether a company providing internet services that does not operate its own telecommunications network requires a state license to operate. Internet services are defined in article 10.1 of the Law on Information (this article was added by an amendment to the Law on Information made by Federal Law 97-FZ dated 5 May 2014) as information technology services or software designed to accept, transfer, deliver or process electronic communications over the internet.  Furthermore, article 10.1 of the Law on Information provides that an unlicensed internet service provider (“Pure Internet Service Provider“) must provide all information requested by an SIA in accordance with a court order, as described in paragraph 1.1 above.

Article 10.1 of the Law on Information places a further obligation on both Pure Internet Service Providers and Network Operators providing internet services outside the scope of their licence. They must store information relating to the reception, transmission, delivery and processing of all electronic communications engaged in by their customers taking place over the internet for six months after these communications take place, and on servers located within the Russian Federation.

RULES APPROVED BY THE DECREE OF THE GOVERNMENT OF THE RUSSIAN FEDERATION NO. 538 DATED 27 AUGUST 2005 (THE “RULES OF COOPERATION”) AND RULES APPROVED BY DECREE OF THE GOVERNMENT OF THE RUSSIAN FEDERATION NO. 743 DATED 31 JULY 2014 (THE “RULES OF COOPERATION FOR PURE INTERNET SERVICE PROVIDERS”)

The Rules of Cooperation set out the terms of the relationship between Network Operators and the SIAs. Network Operators must, within 60 days of receiving their licence to operate a telecommunications network, file an application with the regional head of the Federal Security Services, the state authority responsible for national security.

After this application has been filed, a department of the regional Federal Security Service will be assigned to that particular Network Operator. These parties will agree a plan to ensure that all network equipment will comply with the requirements under the Law of Communications for the purposes of the interception of communications, set out more particularly in the Orders of the Ministry of Information Technologies and Communications No. 6 dated 16 January 2008 and No. 73 dated 27 May 2010.  These orders do not impose any specific obligation on SIAs to inform Network Operators that they have received a court order allowing an interception to take place.

Under the requirements in the Rules of Cooperation, the Network Operators must ensure that their networks are capable of transferring data to the SIAs. To do this, the Network Operator must connect its network to a control hub managed by the competent SIA. The exact requirements of the connecting link between the control hub and the relevant telecommunications network are designated on a regional basis by the Federal Security Services.

Similar provisions apply to unlicensed Pure Internet Service Providers under the Rules of Cooperation for Pure Internet Service Providers. However, the specific technical requirements applicable to both equipment and software have not yet been published and it is unclear precisely when they will be finalised.

Disclosure of Communications Data

FEDERAL LAW NO. 144-FZ DATED 12 AUGUST 1995 (THE “LAW ON INVESTIGATIVE ACTIVITIES”)

Under article 8 of the Law of Investigative Activities, state investigatory authorities (see paragraph 1.1 above, the “SIA“s) may access metadata held by licensed operators of telecommunications networks (“Network Operators“) as part of their investigations. The procedure for accessing such data differs from that for intercepting private communications, however, because article 8 of the Law on Investigative Activities is limited to the content of communications. Therefore, the SIA does not require a court order to access this communications data.

FEDERAL LAW NO. 149-FZ DATED 27 JULY 2006 (THE “LAW ON INFORMATION”) AND RULES APPROVED BY THE DECREE OF THE GOVERNMENT OF THE RUSSIAN FEDERATION NO. 538 DATED 27 AUGUST 2005 (THE “RULES OF COOPERATION”)

Article 10.1 of the Law on Information, point 14 of the Rules of Cooperation, points 7 and 8 of the requirements adopted by the Order of the Ministry of Information Technologies and Communications No. 6 dated 16 January 2008 and point 3 of the requirements adopted by Order of the Ministry of Information Technologies and Communications No. 73 dated 27 May 2010 state that the laws relating to interception activities also apply to the access to communications data. Furthermore, they set out a non-exhaustive list of what is defined as communications data, and therefore may be accessed by the SIAs. This includes data relating to the identity of all parties to a communication, the time and duration of a communication, and the geographical position from where the communication was made.

Under Section 12 of the Rules of Cooperation, all communications data should be kept up to date and should be retained by Network Operators for three years. As set out in paragraph 1.3 above, article 10.1 of the Law on Information sets out a similar provision for unlicensed internet service providers and Network Operators providing internet services outside the scope of their licence. They are only required to retain communications data for six months. During this period of retention this data may be accessed by an SIA in accordance with the procedures set out in paragraphs 1.1 to 1.4 above.

National Security and Emergency Powers

FEDERAL LAW NO. 144-FZ DATED 12 AUGUST 1995 (THE “LAW ON INVESTIGATIVE ACTIVITIES”)

Under article 8 of the Law on Investigative Activities, there are specific circumstances in which the state investigatory authorities (see paragraph 1.1 above, the “SIA“s) may intercept communications without the requirement to get a court order permitting it.

These circumstances are where there is:

  • an immediate risk of a grievous crime or an extremely grievous crime (as such terms are defined article 15 of the Criminal Code of the Russia Federation. Grievous crimes are intentional acts where the maximum penalty is ten years’ imprisonment, while extremely grievous crimes are intentional acts for which the maximum penalty exceeds ten years’ imprisonment); or
  • evidence of an immediate threat to national security.

Provided that one of these grounds is met, the director of an SIA may set out in a resolution that certain communications may be intercepted without the requirement for a court order.

The SIA must inform the court of the interception within 24 hours of the interception commencing. The court must make a decision on whether the interception was correctly undertaken within 48 hours of the start of the interception, or the interception must be terminated.

FEDERAL CONSTITUTIONAL LAW NO. 35-FZ DATED 6 MARCH 2006 (THE “LAW ON COUNTER-TERRORISM”)

Under article 11 of the Law on Counter-Terrorism, for the purposes of gathering evidence about past and potential acts of terrorism and people involved in those acts, the head of the Federal Security Service (or a person directly appointed by him) can implement ‘control’ over private communications within the scope of the counter-terrorism operation as set out by the head of the Federal Security Service. ‘Control’ of communications is not defined in the Law on Counter-Terrorism, but it is possible that this provision could be interpreted widely to include the interception of, the blocking of, or imposition of restrictions on communications.

FEDERAL LAW NO. 126-FZ DATED 7 JULY 2003 (THE “LAW ON COMMUNICATIONS”) AND REGULATIONS ADOPTED UNDER THE DECREE OF THE RUSSIAN GOVERNMENT NO. 895 (THE “REGULATIONS AFFECTING COMMUNICATIONS IN A PUBLIC EMERGENCY”)

Under article 66 of the Law on Communications, the Federal Communications Agency (the state body responsible for communications) may, in the case of a public emergency which can be declared by the Federal Government of Russia, take control of telecommunications networks, and may authorise certain government agencies to shut down telecommunications services or networks temporarily. The government agencies with this power are set out in the Regulations affecting Communications in a Public Emergency and the list includes, but is not limited to, the Ministry of Defence, the Ministry of Internal Affairs, the Federal Security Service and the Ministry of Justice.

Each of these bodies will act in cooperation with the Federal Communications Agency in either an actual or suspected emergency scenario, which includes both natural disasters and technological emergencies, and may issue an order to shut down a particular telecommunications network or a service.

Oversight of the Use of Powers

It is a general principle of Russian administrative law that any decision of a state authority may be appealed, either to the state official supervising the body that made the original decision or to the court.

FEDERAL LAW NO. 144-FZ DATED 12 AUGUST 1995 (THE “LAW ON INVESTIGATIVE ACTIVITIES”)

Under article 21 of the Law on Investigative Activities, the General Prosecutor of Russia and any other prosecutors authorised under the Order of the Prosecutor-General’s Office No. 33 dated 15 February 2011 will ensure that any interceptions comply with the Law on Investigative Activities. They are entitled to request any materials relevant to the interception from the state investigatory authorities (as defined in article 13 of the Law on Investigative Activities, see paragraph 1.1 above, the “SIAs“) to ensure compliance.

Article 5 of the Law on Investigative Activities provides that claims can be brought against SIAs for carrying out unauthorised interceptions. These claims can be brought to the court or to an authorised prosecutor, who can order damages to be awarded. However, as explained in paragraph 1.4 above, there is no obligation on SIAs to notify the licensed operators of telecommunications networks (“Network Operators“) when intercepting communications or collecting communications data.  In practice, therefore, claims will only be made where the Network Operator has been notified of a particular interception or collection of communications data.

Under article 20 of the Law of Investigative Authorities, there is a general monitoring system of internal oversight in place for all interceptions of private communication.  The directors of the SIAs report directly to the Federal Government of Russia, and the Government Commission on Federal Communications and Information Technology is tasked with oversight of this.

This oversight procedure for interception and censorship activities is also used to oversee such activities undertaken on the grounds of national security or in a time of public emergency.

FEDERAL LAW NO. 40-FZ DATED 3 APRIL 1995 (THE “LAW ON THE FEDERAL SECURITY SERVICE”)

Under article 6 of the Law on the Federal Security Service, where a Network Operator believes that the regional department of the Federal Security Service has imposed excessive demands on its network, it may make a claim with the central office of the Federal Security Service or file a claim at court to recover damages.

FEDERAL CONSTITUTIONAL LAW NO 1.FKZ DATED 30 JANUARY 2002 (THE “LAW ON MARTIAL LAW”) AND FEDERAL LAW NO. 35-FZ DATED 6 MARCH 2006 (THE “LAW ON COUNTER-TERRORISM”)

If a Network Operator believes that a request from an SIA under article 7 of the Law on Martial Law or under article 11 of the Law on Counter-Terrorism (to censor communications under martial law and to control communications for the purposes of combatting terrorism respectively) is groundless or excessive, they may file a claim at court.

It is worth noting, as above, that in many circumstances the Network Operator will not be notified of actions taking place on its network. It is only, therefore, in respect of requests for which they have been notified that this provision is likely to apply in practice.

Censorship-related Powers

POWER TO SHUT DOWN NETWORKS OR SERVICE CATEGORIES

FEDERAL LAW NO. 126-FZ DATED 7 JULY 2003 (THE “LAW ON COMMUNICATIONS”)

Under article 6 of the Law on Communications, the director of a state investigatory authority (as defined in article 13 of the Law on Investigative Activities, see paragraph 1.1 above, “SIA“) may order the licensed operator of a telecommunications network (“Network Operator“) to shut down its network or some of its services. This can be ordered on the following grounds:

  • as part of an investigation by the SIA (Federal Law No. 144-FZ dated 12 August 1995);
  • in relation to terrorist activities (Federal Law No. 35-FZ dated 6 March 2006); or
  • in case of war (Federal Constitutional Law No. 1-FKZ dated 30 January 2002).

FEDERAL CONSTITUTIONAL LAW NO. 1-FKZ DATED 30 JANUARY 2002 (THE “LAW ON MARTIAL LAW”)

Article 7 of the Law on Martial Law provides that where a state of martial law has been declared, the military will have the power to censor communications, including those being transmitted via telecommunications networks.

BLOCKING IP ADDRESSES AND WEB PAGES

FEDERAL LAW NO. 149-FZ DATED 27 JULY 2006 (THE “LAW ON INFORMATION”)

Under article 15.1 of the Law on Information, the Federal Service for Supervision of Telecommunications, Information Technology and Mass Communication (“Roskomnadzor“) is entitled to block or blacklist IP addresses and web pages that contain:

  • images of child sexual abuse or invitations to participate in child sex abuse;
  • information on the preparation, distribution or consumption of drugs and the raw materials used to make drugs;
  • information on methods of suicide or invitations to commit suicide;
  • information about victims of offences who are under 18; and
  • information about online gambling.

Roskomnadzor may exercise this power on the basis of evidence it has found itself, or on the application of the Federal Drug Control Service or the Federal Service for Surveillance on Consumer Rights Protection and Human Wellbeing.

The court may also advise Roskomnadzor to block or blacklist an IP address or web page on the basis of any illegal activity, not just those activities listed above.

Decree No.1101 of 26 October 2012 “On the Unified Registry of illegal online information“.

The government agencies authorised to request that Roskomnadzor block or blacklist IP addresses and web pages, the criteria used to identify content that may be blacklisted and the procedure related to the blacklisting is set out in this law.

Once a web page has been blacklisted by Roskomnadzor, the relevant internet service provider must shut down access to that web page within 24 hours.

Publication of Laws and Aggregate Data

FEDERAL LAW NO. 126-FZ DATED 7 JULY 2003 (THE “LAW ON COMMUNICATIONS”) AND FEDERAL LAW NO. 149-FZ DATED 27 JULY 2006 (THE “LAW ON INFORMATION”)

Publication of Aggregate Data

Russian law is silent on the specific question of whether licensed operators of telecommunications networks (“Network Operators“) or unlicensed internet services providers that do not operate a telecommunications network (“Pure Internet Service Providers“) may publish aggregate data relating the number of requests government agencies have made for metadata or how many interceptions of communications have been made (to the extent they have this information).

However, article 64 of the Law on Communications and Article 10.1 of the Law on Information states that Network Operators or Pure Internet Service Providers may not provide information about any tactical or organisational actions taken or methods used by SIAs to conduct investigations by using data from a Network Operator’s network.

It is possible that this law might be broadly interpreted such that if a Network Operator were to publish such aggregate data, it would be construed as providing information on the actions taken by SIAs when intercepting communications.

Publication of Laws

It is also possible, therefore, that Network Operators and Pure Internet Service Providers may be construed as publishing information disclosing the specific activities or methods of SIAs if they were to publish the laws and regulations to which they are subject. However, these laws are not confidential and there is no regulation to prohibit Network Operators from publishing information relating to these laws.