WikiLeaks says Russian software firm is ‘surveillance partner’ for security services
A St. Petersburg firm which makes billing software for telecommunications companies has been targeted by WikiLeaks, which accused the Russian company of working closely with the security services to enable electronic surveillance as mandated by Russian law.
The firm, PETER-SERVICE, offers software and hardware solutions to communications providers. Its products manage traffic, bill customers, store and analyze metadata, and provide other services a company with a large customer base may need.
PETER-SERVICE lists major Russian providers among its clients, including giants such as MegaFon, MTS, Yota and Rostelecom. The company’s website says it provides some 200 million customers with communication services with the help of its products.
According to WikiLeaks, PETER-SERVICE products are also a key part of the Russian system of electronic surveillance. The whistleblower site also says that the company works in close cooperation with Russia’s Federal Security Service (FSB), the Interior Ministry and Russian surveillance contractors.
“The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control,” WikiLeaks said.
“Although compliance to the strict surveillance laws is mandatory in Russia, rather than being forced to comply PETER-SERVICE appears to be quite actively pursuing partnership and commercial opportunities with the state intelligence apparatus.”
In support of the claims, WikiLeaks published 34 documents related to the company, dated between 2007 and 2015 in different versions. Most of them are user manuals for its products, but one is a presentation by Valery Sysik, then-software development director at PETER-SERVICE, which he delivered at the Broadband Russia Forum in 2013.
The same presentation can be found online. Made shortly after the public revelation of mass surveillance in the United States, the presentation argues that big Russian communication companies should not use foreign billing solutions because they would expose collected metadata to the US government, and suggested using PETER-SERVICE “sovereign” solutions instead. The presentation seems to be intended for clients interested in monetizing big data rather than security services.
Among the products, the architecture of which has been exposed by the leak, is one that provides access for law enforcement services to bases of metadata collected by PETER-SERVICE clients. Russian law allows investigators to access such data without a court order, while snooping on the content of communications must be ordered by a judge.
The Russian legal framework for surveillance has been updated as mobile phones, email, social networks and other forms of communication have emerged, not unlike how other nations have dealt with innovations. For example, Britain’s so-called “snooper charter” was passed last year despite resistance from privacy groups, while German and French security services want a legal backdoor to communications through messenger apps.
Russia’s SORM system, however, has been criticized by WikiLeaks. The acronym, meaning “System of technical means to provide function for operative search measures,” is the interface that Russian law enforcement agencies use to access landline and electronic communications. The European Court for Human Rights ruled in 2015 that the system violated the right of privacy, citing flaws in Russian law that allow its broad use.
Public opinion in Russia, however, doesn’t seem to consider the issue of government surveillance as highly important. The so-called Yarovaya law gives the government the right to require that communication providers store all traffic data for several months to assist counterterrorism investigations. A 2016 poll by the Public Opinion Foundation found that 52 percent of Russians viewed the measure positively and 39 percent negatively. The Yarovaya law remains controversial for the Russian IT community, with experts complaining about the cost of implementing it and questioning the technical feasibility of such a plan.
