Russia
Law : “Yarovaya Law”
Three programs, SORM-1, SORM-2, and SORM-3, provide the foundation of Russian mass communications surveillance. Russian law gives Russia’s security service, the FSB, the authority to use SORM (“System for Operative Investigative Activities”) to collect, analyze and store all data that transmitted or received on Russian networks, including calls, email, website visits and credit card transactions. SORM has been in use since 1990 and collects both metadata and content. SORM-1 collects mobile and landline telephone calls. SORM-2 collects internet traffic. SORM-3 collects from all media (including Wi-Fi and social networks) and stores data for three years. Russian law requires all internet service providers to install an FSB monitoring device (called “Punkt Upravlenia”) on their networks that allows the direct collection of traffic without the knowledge or cooperation of the service provider. The providers must pay for the device and the cost of installation.
Collection requires a court order, but these are secret and not shown to the service provider. According to the data published by Russia’s Supreme Court, almost 540,000 intercepts of phone and internet traffic were authorized in 2012. While the FSB is the principle agency responsible for communications surveillance, seven other Russian security agencies can have access to SORM data on demand. SORM is routinely used against political opponents and human rights activists to monitor them and to collect information to use against them in “dirty tricks” campaigns. Russian courts have upheld the FSB’s authority to surveil political opponents even if they have committed no crime. Russia used SORM during the Olympics to monitor athletes, coaches, journalists, spectators, and the Olympic Committee, publicly explaining this was necessary to protect against terrorism. The system was an improved version of SORM that can combine video surveillance with communications intercepts.
SORM is buttressed by regulations that limit the use of encryption, and restrictive internet laws that allow the Government to shut down websites it finds objectionable. Russia has a national filtering system that can block foreign sites and it has used the threat of blockage to coerce western companies into removing objectionable postings. Russian agencies such as “Roskomnadzor” (Agency for the Supervision of Information Technology, Communications, and Mass Media) provide the name and address of websites to be blocked to internet service providers, who must take action within 24 hours. Russia monitors foreign communications using techniques used by NSA and China. Wireless and landline communications are monitored in major capitals.
Citizen Lab, University of Toront
United states
Law : Section 702 of the Foreign Intelligence Surveillance Act (FISA)
FISA 702 enables the US government to obtain intelligence by targeting non-Americans overseas who are using US-based communications services.
We have been writing on FISA before as it is the law that affects most western citizens, corporations and organizations
China
Law : Counter-Espionage Law and 2017 National Intelligence Law
These far-reaching legislation compels Huawei and other companies to cooperate in gathering intelligence for the Chinese government. According to former staff “it is no secret that employees often work with intelligence officials embedded in the company”, with 25,000 Huawei employees previously serving in the MSS or the PLA, including former chairwoman Sun Yafang.
Comparison with the EU:
- The EU’s approach to surveillance and data protection is generally more privacy-focused compared to the countries mentioned. The EU’s General Data Protection Regulation (GDPR) sets stringent standards for data privacy and limits how personal data can be used and processed.
- Unlike the centralized systems in Russia, China, or the US, the EU’s decentralized governance structure means surveillance and data protection laws can vary between member states. However, all EU countries are bound by the overarching principles of the GDPR and the European Convention on Human Rights, which includes the right to privacy.
- The EU lacks a unified surveillance system like SORM in Russia or the capabilities under FISA in the US. Surveillance activities in EU countries are typically more regulated and subject to stronger judicial oversight.
- The EU’s fragmented government structure could be seen as a limitation in implementing widespread surveillance similar to that in Russia or China. However, this fragmentation also serves as a check against the abuse of surveillance powers, aligning with the EU’s commitment to individual rights and privacy.
EU’s Legal Position:
- The EU’s legal position regarding surveillance and data protection is arguably stronger in terms of individual rights and privacy protections. The GDPR and other EU legal frameworks provide robust safeguards against unwarranted surveillance and misuse of personal data.
- While this approach may limit the EU’s ability to conduct surveillance to the extent seen in Russia, China, or the US, it aligns with the EU’s values of democracy, rule of law, and respect for human rights.
- However, the decentralized nature of the EU’s governance can lead to challenges in coordinating and enforcing uniform standards across all member states, potentially creating gaps in the legal framework.
In conclusion, the EU’s stance on surveillance and data protection contrasts with the approaches of Russia, the US, and China, prioritizing individual privacy and rights over centralized surveillance capabilities. This reflects the EU’s broader commitment to democratic values and human rights.