How to adjust the law of Spring so that it becomes lift for small providers? Cancel it
On June 7, 2019, a heated discussion unfolded on Habré , which developed around the small Internet provider Firm Svyaz from the city of Yeysk in the Krasnodar Territory (5,000 customers, annual revenue of 20 million rubles). The provider refused to comply with the requirement of Roskomnadzor under the law of Spring - to purchase equipment that has not yet been certified - and began to challenge the results of the audit. Roskomnadzor sued . At the same time, the court, having made procedural violations, made a decision seven working days after the ILV application was received, which violates the constitutional right to judicial protection. The Ministry of Communications and Mass Media recognized the presence of a gap in the legislation and promised to eliminate the “legislative gap”.
We asked to comment on the situation of the lawyer representing the interests of Svyaz Firm, General Director of Orderkom Dmitry Galushko.
He said that after the entry into force of the Spring Law, a deplorable situation developed on the market. For small providers, installation of equipment costs 50–70% of annual revenue. Many leave the market in black or gray schemes, or are forced to sell.
On the sale of equipment for SORM "feed" the same supplier companies that have connections in government and the ability to obtain a state license. “This is a closed market, which not everyone is allowed into ... Now, in the Krasnodar Territory, only three manufacturers are recommended. Recently, in some regions there was only one (St. Petersburg for example), ”says Dmitry Galushko.
Apparently, in Russia onlyfive companies passed certification tests for compliance with the requirements of SORM-2 (carries out selective control of Russian Internet users, is a server that passes all the provider’s traffic through itself, collects and transfers the requested information to special services):
No one has certified equipment for the "Spring Law" yet, however, Roskomnadzor and the FSB still push providers to enter into agreements with manufacturers. “We are offered to invest in storage systems, which may be later certified, but we were in a similar situation with the implementation of the requirements for SORM-2 and SORM-3. We spent the money, and SORM-3 equipment is still not certified, ”said Sergey Suboch, director of the Firm Svyaz company.
One of the laws of the “Spring Package” obliges telecom operators to store calls and subscriber traffic for a period determined by the government of the Russian Federation (but no more than six months) in accordance with article 64 of the federal law “On Communications”, and information on facts Reception, transmission, delivery and processing of messages and calls (metadata) - three years.
On April 12, 2018, the Russian government signed a decree that telecom operators are required to store text, voice, video and other messages from users for 30 days. Further, the operator is obliged to increase the storage system by 15% per year.
If there is no certified equipment, and the authorities insist on installing non-certified equipment, the question arises: why buy it? Maybe it's possible to install the equipment yourself? Dmitry Galushko published his correspondence with authorities at the industry forum of Russian Internet providers, from which we can draw such a conclusion.
But in practice, the FSB requires providers to agree on an implementation plan for SORM and to purchase equipment as soon as possible. Svyaz Firm submitted all the documents according to the equipment implementation plan, but there were disagreements on the timing: “We are fulfilling all the requirements. Only the FSB Directorate of the Krasnodar Territory requires signing the Implementation Plan 374-ФЗ Spring with the end in January 2020, but by this date there may not be any certificates, ”the lawyer explains. “Other departments act according to the law, allowing them to be attached in the Plan to the date of receipt of the certificates (see the answers of the Ministry of Communications).”
Thus, in January 2019, the FSB department in the Krasnodar Territory refused to approve the plan for the introduction of SORM equipment due to the fact that the proposed period exceeded the year. “After that, the local department of Roskomnadzor began an audit, and on May 27 filed four lawsuits to bring the company to administrative responsibility, it follows from the file of the court. On June 6, having examined two protocols, the court upheld the position of Roskomnadzor, and will consider two more later, ”said General Director Sergei Suboch.
The representative of the Ministry of Communications said that they are aware of a problem in the legislation, which will be eliminated by order in the near future. “I know that this is not about a corrective order,” Dmitry Galushko corrects, “but about the second stage of the path to certification - the adoption of a test procedure. By the way, this order was returned for revision, as the manufacturers did not agree on a test procedure (it is approved by order of the Ministry of Communications in coordination with the FSB). After three more steps: installing a stand for SORM in the data center, where test telecom operators will be connected (there should be enough space and time for all manufacturers who want to be certified. Then the tests themselves must be performed (this is not a quick procedure, because SORM technical measures equipment should be correctly visible from the SORM control panel). Then issuing certificates (three months). And there should also be FSTEC certificates for monitoring database security (so that SORM does not hack and steal personal data).
According to Galushko’s forecasts, the realistic timeframe for introducing the system is mid-2020.
But what to do to small providers for whom the purchase of equipment is an impossible task? How do I change the Spring package so that it becomes feasible for providers of your size?
Dmitry Galushko categorically answers this question: “Cancel. For before, 12 hours of storage were provided, and then the norms were simultaneously increased by 60 (!) Times. ”
We asked to comment on the situation of the lawyer representing the interests of Svyaz Firm, General Director of Orderkom Dmitry Galushko.
He said that after the entry into force of the Spring Law, a deplorable situation developed on the market. For small providers, installation of equipment costs 50–70% of annual revenue. Many leave the market in black or gray schemes, or are forced to sell.
On the sale of equipment for SORM "feed" the same supplier companies that have connections in government and the ability to obtain a state license. “This is a closed market, which not everyone is allowed into ... Now, in the Krasnodar Territory, only three manufacturers are recommended. Recently, in some regions there was only one (St. Petersburg for example), ”says Dmitry Galushko.
Apparently, in Russia onlyfive companies passed certification tests for compliance with the requirements of SORM-2 (carries out selective control of Russian Internet users, is a server that passes all the provider’s traffic through itself, collects and transfers the requested information to special services):
- MFI Soft
- "Kon Certise"
- Norsi Trans
- Zirodey Technologies
- Special Technologies (Phoenix)
No one has certified equipment for the "Spring Law" yet, however, Roskomnadzor and the FSB still push providers to enter into agreements with manufacturers. “We are offered to invest in storage systems, which may be later certified, but we were in a similar situation with the implementation of the requirements for SORM-2 and SORM-3. We spent the money, and SORM-3 equipment is still not certified, ”said Sergey Suboch, director of the Firm Svyaz company.
One of the laws of the “Spring Package” obliges telecom operators to store calls and subscriber traffic for a period determined by the government of the Russian Federation (but no more than six months) in accordance with article 64 of the federal law “On Communications”, and information on facts Reception, transmission, delivery and processing of messages and calls (metadata) - three years.
On April 12, 2018, the Russian government signed a decree that telecom operators are required to store text, voice, video and other messages from users for 30 days. Further, the operator is obliged to increase the storage system by 15% per year.
If there is no certified equipment, and the authorities insist on installing non-certified equipment, the question arises: why buy it? Maybe it's possible to install the equipment yourself? Dmitry Galushko published his correspondence with authorities at the industry forum of Russian Internet providers, from which we can draw such a conclusion.
But in practice, the FSB requires providers to agree on an implementation plan for SORM and to purchase equipment as soon as possible. Svyaz Firm submitted all the documents according to the equipment implementation plan, but there were disagreements on the timing: “We are fulfilling all the requirements. Only the FSB Directorate of the Krasnodar Territory requires signing the Implementation Plan 374-ФЗ Spring with the end in January 2020, but by this date there may not be any certificates, ”the lawyer explains. “Other departments act according to the law, allowing them to be attached in the Plan to the date of receipt of the certificates (see the answers of the Ministry of Communications).”
Thus, in January 2019, the FSB department in the Krasnodar Territory refused to approve the plan for the introduction of SORM equipment due to the fact that the proposed period exceeded the year. “After that, the local department of Roskomnadzor began an audit, and on May 27 filed four lawsuits to bring the company to administrative responsibility, it follows from the file of the court. On June 6, having examined two protocols, the court upheld the position of Roskomnadzor, and will consider two more later, ”said General Director Sergei Suboch.
The representative of the Ministry of Communications said that they are aware of a problem in the legislation, which will be eliminated by order in the near future. “I know that this is not about a corrective order,” Dmitry Galushko corrects, “but about the second stage of the path to certification - the adoption of a test procedure. By the way, this order was returned for revision, as the manufacturers did not agree on a test procedure (it is approved by order of the Ministry of Communications in coordination with the FSB). After three more steps: installing a stand for SORM in the data center, where test telecom operators will be connected (there should be enough space and time for all manufacturers who want to be certified. Then the tests themselves must be performed (this is not a quick procedure, because SORM technical measures equipment should be correctly visible from the SORM control panel). Then issuing certificates (three months). And there should also be FSTEC certificates for monitoring database security (so that SORM does not hack and steal personal data).
According to Galushko’s forecasts, the realistic timeframe for introducing the system is mid-2020.
But what to do to small providers for whom the purchase of equipment is an impossible task? How do I change the Spring package so that it becomes feasible for providers of your size?
Dmitry Galushko categorically answers this question: “Cancel. For before, 12 hours of storage were provided, and then the norms were simultaneously increased by 60 (!) Times. ”
UFO care minute
This material could cause conflicting feelings, so before writing a comment, refresh something important in your memory:How to write a comment and survive
- Do not write offensive comments, do not get personal.
- Refrain from obscene language and toxic behavior (even in a veiled form).
- To report comments that violate the rules of the site, use the "Report" button (if available) or the feedback form .
What to do if: minus karma | blocked an account
→ Code of authors Habr and habraetiket
→ Full version of site rules