"Attack on SORM": an interview with the author of the project

Earlier this month, I published the news that the "People's Provider", created under the project "Attack on SORM", successfully issued a license to provide telematic communication services. Due to this, the company may soon begin work - it remains to issue not so many documents, including contracts for connecting to the networks of backbone providers and documents for commissioning the communication center.

Leonid Volkov, the author of the project, presented it in the spring of this year. The project initiators claim that the FSB requires the providers to coordinate the SORM plan and purchase the necessary equipment at their own expense from several licensed firms, including Spetstekhnologii and MFI Soft. The purpose of the creation of the “People’s Provider”, according to Volkov, is to fight against the violation of the Federal Security Service’s law “On operational investigative activities”. In an interview, Leonid Volkov clarifies a number of project details and answers to which questions that usually arise from people who learn about Attacking SORM for the first time.

When and how did you get the idea to create a “national provider”?
The idea appeared a long time ago, when creating the Society for the Protection of the Internet (OZI). The hands did not reach immediately - at first they tried their strength on more modest and simple projects.

What stage of the project are you in now?
We have received a license for telematics, and now we are preparing documents for the commissioning of a communication center.
')
Did problems appear at the previous stages that at first glance seemed insurmountable? How did they decide?
No, until such problems have arisen. The co-founder of OZI Sergey Boyko for many years led the company provider, he ate the dog on it all.

You say that if you can win in court, it will lead to the fact that SORM in its current form will cease to exist. Why do you think so? How can the SORM system change?
SORM system is not needed to read the correspondence. 49% of all traffic goes via HTTPS (and this share is growing rapidly), and just the traffic volumes are so large that the FSB does not have anything reasonable to do with them. The SORM system has not coped for many years with its “declared” functionality; you will not recall a single “resonant” (and any) case that was investigated with the help of it. SORM exists for another: to cut money from providers.

If this “functionality” is lost (due to our attack), SORM will bend, at least in its current form. He simply will not have the meaning of existence.

Why do you think that everything will change, if your provider will be returned funds for the installation? After all, other providers may not achieve the same.
We, of course, have no case law, but if we lay a trodden path in the arbitration court (which, of course, is the most decent and most functioning part of the Russian judicial system), we believe that other providers will also be able to use it. We will help them in this.

Another question - you write that many providers simply do not want to take legal action for fear of losing the license. Do you think that if you win the process, will other companies stop being afraid? Why?
It seems to us that our example - if it is successful - will be contagious. We will see, of course. Let's eat the bishop in parts, see if we can win.

Will your provider comply with site blocking requirements? If not, how do you think, how long will the company last without the threat of closure?
So far, our provider is thought of as a virtual one - he is not going to provide real services, only to fight the FSB. But if things go well and the FSB is behind the fence, let's think about the provision of services. And then, of course, we will look for ways to counteract all the illegal and unconstitutional restrictions on the freedom of the Internet in Russia — extrajudicial blocking of sites among them.

In the comments to one of your posts, you were advised to contact the users of the nag.ru resource with a request to provide a server for telematic services. Please tell me if you posted this message, and if so, what is the result?
We communicate with the administration of nag.ru - I have known them for a hundred years, these are great guys from my native Yekaterinburg - but they found the server themselves. We successfully accumulated money for our “attack on SORM” project.

What if you are not bound to install SORM? What then are you going to do?
We did everything to ensure that - in particular, we do two uplinks, and some other things that, according to the established practice, should lead to the fact that we are forced to put SORM. If they do not force them - well, there will be a “provider without SORM”, we will start providing services!

What is the probability that your provider will have to fulfill the requirements of the so-called “Yarovaya-Ozerov” law? Is there any way around this law and if so, how?
The law of Spring must be implemented from 01/01/2018 - it is still necessary to live. If our provider wins SORM, he and the law of Spring will win. Of course, we will not execute it, because it directly contradicts Art. 23 and 24 of the Constitution of the Russian Federation.

What are the similarities and differences of SORM in Russia after the adoption of the “Spring Law” with the famous project PRISM in the USA?
I am not too familiar with the details of the functioning of PRISM; I am much more interested in Internet freedom in Russia than in the United States. I know that things are not perfect there. Very many restrictions, including those adopted after 9/11, are excessive, meaningless, too politicized. Those huge amounts of data that are supposed to be stored and analyzed, stored and analyzed is actually impossible. European legislation - and it is more interesting for me to focus on it, as an example, and not on American - has long been on the way back, on the path of giving up excessive control. So, for example, the Constitutional Court of Germany not long ago even declared the storage of information about connections (i.e. billing) illegal, let alone the contents of calls.

How far do you think power is ready to go in terms of control over the Internet? Will they stop at the level of China, reach the level of North Korea, or is everything not so bad?
They want to go far, but how far they have enough resources and skills is a big question. Even “China” is very difficult to do here, there are too many cross-border transitions and too competitive environment. Still, the Chinese initially built their Internet as a closed system - we do not have this.

What is the status of the project " Democracy 2 "? What projects currently exist in Russia (or in the world) that fit into the concept of cloud democracy? Have you yourself been disappointed in this idea?
The project is frozen. I was not disappointed in ideas, but I have no resources for their development. In the world, now similar projects are already full; over the past five years, the e-democracy industry has received quite a few impetus to development; Now even large venture capital funds are actively investing in this area.