ZAKHAROV v. RUSSIA
Doc ref: 47143/06 • ECHR ID: 001-142532
Document date: October 19, 2009
- Inbound citations: 0
- •
- Cited paragraphs: 0
- •
- Outbound citations: 2
22 October 2009
FIRST SECTION
Application no. 47143/06 by Roman ZAKHAROV against Russia lodged on 20 October 2006
STATEMENT OF FACTS
THE FACTS
The applicant, Mr Ro man Andreyevich Zakharov , is a Russian national who was born in 1977 and lives in St Petersburg . He is represented before the Court by Mr B. G ruzd , a lawyer practising in St Petersburg .
A. The circumstances of the case
The facts of the case, as submitted by the applicant, may be summarised as follows.
The applicant is the editor-in-chief of a publishing company. He subscribed to the services of several mobile network operators.
On 23 December 2003 he brought judicial proceeding against the mobile network operators, the Ministry of Communications and Information Technologies (hereafter “the Ministry of Communications”) and the Department of the Federal Security Service (“the FSB”) for St Petersburg and the Leningrad Region, complaining about interference with his right to privacy for his telephone communications. He claimed that pursuant to Order no. 70 (see below) by the Ministry of Communications ’ predecessor, the State Committee of Communications and Information Technologies, the mobile operators had installed equipment which permitted unrestricted interception of all telephone communications by the FSB without prior judicial authorisation. The applicant argued that Order no. 70, which had never been published, unduly restricted his right to privacy. He asked the court to issue an injunction to remove the equipment installed pursuant to Order no. 70, and to ensure that access to telecommunications was given to authorised persons only.
On 5 December 2005 the Vasileostrovskiy District Court of St Petersburg rejected his claims. It found that the applicant had not proved that the mobile operators had transmitted any protected information to unauthorised persons or permitted unrestricted or unauthorised interceptions of communications. The equipment to which he referred had been installed to enable law-enforcement agencies to conduct operative search activities in accordance with the procedure prescribed by law. Installation of such equipment did not in itself infringe the privacy of the applicant ’ s communications. The applicant had failed to demonstrate any facts sufficient to warrant a finding that his right to privacy for his telephone communications had been violated.
The applicant appealed. H e complained, in particular, about the District Court ’ s refusal to accept several documents in evidence. Those documents included two judicial orders authorising the interception of telephone communications retrospectively and an addendum to the standard service provider agreement issued by one of the mobile operators. One of the judicial orders in question, made on 8 October 2002, authorised interception of several persons ’ communications during the periods from 1 to 5 April, from 19 to 23 June, from 30 June to 4 July and from 16 to 20 October 2001. The other judicial order, made on 18 July 2003, authorised interception of Mr E. ’ s telephone conversations during the period from 11 April to 11 October 2003. As to the addendum, it contained a warning to the subscriber that if his number were used to make terrorist threats, the mobile operator might suspend the provision of telephone service and transfer the collected data to the law-enforcement agencies. In the applicant ’ s opinion the judicial orders and the addendum proved that the mobile operators and law-enforcement agencies were technically capable of intercepting all telephone conversations without obtaining prior judicial authorisation, and routinely resorted to unauthorised interceptions.
On 26 April 2006 the St Petersburg City Court upheld the judgment on appeal. It confirmed the District Court ’ s finding that the applicant had failed to prove that his telephone conversations had been intercepted. Nor did he show that there was a danger that his right to privacy for his telephone communications might be unlawfully infringed. To establish the existence of such danger the applicant had to prove that the respondents acted unlawfully. Yet the mobile network operators were required by law to install equipment enabling law-enforcement agencies to conduct operative search activities and the existence of that equipment did not in itself infringe the privacy of the applicant ’ s communications. The refusal to admit in evidence the judicial orders of 8 October 2002 and 18 July 2003 had been lawful, as the judicial orders had been issued in respect of third persons and were irrelevant to the applicant ’ s case. The City Court further decided to admit in evidence and examine the addendum to the service provider agreement, but found that it did not contain any information warranting reconsideration of the District Court ’ s judgment.
B. Relevant domestic law and practice
1. Communications Act
The Communications Act of 7 July 2003 ( no. 126 ‑ FZ ) guarantees privacy of postal, telegraphic and other communications transmitted by means of telecommunications networks or mail services . Restrictions on privacy of communications are permissible only in cases specified in federal laws (section 63 § 1).
Communications operators must ensure privacy of communications. Interception of communications is subject to prior judicial authorisation, except in cases specified in federal laws. Information about the communications transmitted by means of telecommunications networks or mail services, and the contents of those communications may be disclosed only to the sender and the addressee or their authorised representatives, except in cases specified in federal laws (section 63 §§ 2 to 4).
Information about subscribers and the services provided to them is confidential. Information about subscribers includes their family names, first names, patronymics and nicknames for natural persons; company names and family names, first names and patronymics of companies ’ directors and employees for legal persons; subscribers ’ addresses, numbers and other information permitting identification of the subscriber or his terminal equipment; data from payment databases, including information about the subscribers ’ communications, traffic and payments. Information about subscribers may not be disclosed to third persons without the subscriber ’ s consent, except in cases specified in federal laws (section 53).
In those cases specified in federal laws communications operators must provide to the law-enforcement agencies information about subscribers and services received by them and any other information necessary for fulfilment of their aims and objectives (section 64 § 1).
Communications operators must ensure that their networks and equipment comply with the technical requirements developed by the Ministry of Communications in cooperation with law-enforcement agencies. Communications operators must also ensure that the methods and tactics employed by law-enforcement agencies remain confidential (section 64 § 2).
In cases specified in federal laws communications operators must suspend provision of service to a subscriber upon receipt of a reasoned written order by the head of the law-enforcement agency conducting operational-search activities or protecting national security (section 64 § 3).
2. Operational-Search Activities Act
The interception of communications is governed by t he Operational-Search Activities Act of 12 August 1995 ( no. 144 ‑ FZ ).
The aims of operative search activities are: (1) detection, prevention, suppression and investigation of criminal offences and identification of persons conspiring to commit , or co mmitting, or having committed a criminal offence ; (2) retrieval of fugitives from justice and missing persons; (3) obtaining information about events or activities endangering the State, military, economic or ecological security of the Russian Federation (section 2).
State officials and organs performing operational-search activities are to show respect for private and family life, home and correspondence of citizens. It is prohibited to perform operational-search activities to attain aims or objectives other than those specified in this Act. A person claiming that his or her rights were violated by a State official performing operational-search activities may complain to the official ’ s superior, a prosecutor or a court. If a citizen ’ s rights were violated in the course of the operational-search activities by a State official, the official ’ s superior, a prosecutor or a court must take measures to remedy the violation and compensate the damage (section 5 §§ 1 to 3).
A person whose guilt has not been proved in accordance with the procedure prescribed by law, that is, he or she has not been charged or the charges against him have been dropped, and who has learned that he or she was subjected to operational-search activities, has a right to access the data collected in the course of the operational-search activities, unless that data contains State secrets. The person is entitled to know the reasons for the refusal of access and may appeal against such refusal to a court. To ensure full and thorough judicial examination, the law-enforcement agency responsible for the operation-search activities must produce before the judge all operational-search materials, including those to which the access was refused, except materials containing information about undercover agents or police informers. If the court finds that the refusal of access was unjustified it may compel the law-enforcement agency to disclose the materials to the person concerned (section 5 §§ 4 to 6).
The data collected in the course of operational-search activities is to be stored for a year and then destroyed, if the person ’ s guilt has not been proved in accordance with the procedure prescribed by law. Audio records and other materials collected as a result of interception of telephone conversations or other communications are to be stored for six months and then destroyed, if the person has not been charged with a criminal offence. The judge who authorised the interception is to be informed about the planned destruction three months in advance (section 5 § 7).
State officials and organs may not (1) conduct operational-search activities in the interest of political parties, non-profit or religious organisations; (2) conduct secret operational-search activities in respect of federal, regional or municipal authorities, political parties, or non-profit or religious organisations with the aim of influencing their activities or decisions; (3) disclose to anyone the data collected in the course of the operational-search activities if that data concerns private or family life of citizens or damages their reputation or good name, except in cases specified in federal laws; (4) incite, induce or entrap anyone to commit a criminal offence; (5) forge the results of the operative-search activities (section 5 § 8).
In cases where a person ’ s rights or interests were breached by the operation-search activities, a prosecutor or a court is to take measures to remedy the breach and compensate the damage (section 5 § 9).
Operational-search activities include , inter alia , monitoring of postal, telegraphic and other communications , interception of telephone conversations and collection of data from technical channels of communication . Audio and video recording, photography, filming and other technical means may be used during operational-search activities, provided that they are not harmful to the person ’ s life or health or to the environment. Operational-search activities involving monitoring of postal, telegraphic and other communications, telephone interception through telec ommunication companies , and the collection of data from technical channels of communication are to be carried ou t by technical means by the F ederal S ecurity S ervice and the agencies of the I nterior Ministry in accordance with decisions and agreements signe d between the agencies involved (section 6).
Operational-search activities involving interference with the constitutional right to privacy of postal, telegraphic and other communications transmitted by means of a telecommunications network or mail services, or with in the privacy of the home , may be conducted , subject to prior judicial authorisation , following the re ceipt of information (1) that a criminal offence has been committed or is ongoing, or is being plotted; (2) about persons conspiring to commit , or co mmitting, or having committed a criminal offence ; or (3) about events or activities endangering the State, military, economic or ecological security of the Russian Federation (section 8 § 2).
In urgent cases where there is an immediate danger of the commission of a serious crime or where there is information about events or activities endangering the State, military, economic or ecological security of the Russian Federation , the operational-search activities specified in paragraph 2 of section 8 may be conducted without prior judicial authorisation. In such cases a judge must be informed within twenty-four hours of the commencement of the operational-search activities. If judicial authorisation has not been obtained within forty-eight hours of the commencement of the operational-search activities, such activities must be interrupted immediately (section 8 § 3).
Interception of telephone and other communications may be authorised only in cases where a person is suspected of, or charged with, serious or particularly serious criminal offences, or may have information about such offences. Records of telephone and other communications must be sealed and stored under conditions excluding any risk of their being listened to or copied (section 8 § 4).
If the person whose telephone and other communications were intercepted is charged with criminal offences, the records are to be given to the investigator and attached to the criminal case file. Their further use and storage are governed by criminal procedural law (section 8 § 5).
The e xamination of requests for the taking of measures involving interference with the constitutional right to privacy of correspondence and telephone, postal, telegraphic and other communications transmitted by means of telecommunications networks or mail services, or with the right to privacy of the home , shall fall within the competence of a court at the place where the requested measure is to be carried out or at the place where the requesting body is located. The request must be examined immediately by a single judge; examination of the request may not be refused (section 9 § 1).
The request must state reasons justifying application of the measure. Relevant supporting materials, except materials containing information about undercover agents or police informers, must be also produced at the request of the judge (section 9 §§ 2 and 3).
The judge examining the request shall decide whether to authorise measures involving interference with the above -mentioned constitutional right s , or to refuse authorisation, indicating reasons. The judge must specify the period of time for which the authorisation is granted, which shall not normally exceed six months. The judge may subsequently extend the authorised period if necessary (section 9 §§ 4 and 5).
Law-enforcement agencies conducting operational-search activities may create and use databases or open personal files. The personal file must be closed after the aims specified in section 2 of this Act have been reached or it has been established that it was impossible to reach them (section 10).
Data collected as a result of operational-search activities may be used for the preparation and conduct of the investi gation and court proceedings and used as evidence in criminal proceedings in accordance with legal provisions regulating the collection, evaluation and assess ment of evidence. The decision on transferral of the collected data to other law-enforcement agencies or to a court is taken by the head of the State agency performing operational-search activities (section 11).
I nformation about the facilities used in operational-search activities, the methods employed, the officials involved and the data collected is confidential. It may be disclosed only pursuant to a special decision of the head of the State agency performing the operational-search activities (section 12).
3. Federal Security Service Act
Federal Security Service Act of 3 April 1995 (no. 40-FZ) requires communications operators to install equipment permitting the conduct of operational–search measures by the FSB (section 15).
The FSB may develop and use information systems, communications equipment, data transmission systems and data protection systems. Information systems may contain information about natural and legal persons. The fact that information about a person is stored in such an information system may not serve as a basis for taking measures restricting that person ’ s rights (section 20).
Information about a person ’ s private life collected by the FSB in the course of its activities may not be disclosed to anyone without the person ’ s consent, except in cases specified in federal laws. A person claiming that his or her rights were violated by a FSB official may complain to the official ’ s superior, a prosecutor or a court. If human rights or freedoms were breached by the FSB officials the head of the respective FSB department, a prosecutor or a court is to take measures to remedy the breach, to compensate the damage and to punish those responsible (section 6).
4. Technical requirements to the equipment for operational-search activities
The main characteristics of the system of technical facilities enabling the conduct of operational-search activities (the so-called “SORM”) are outlined in a number of orders and regulations issued by the Ministry of Communications.
(a) Order no. 70
Order no. 70, On technical requirements to the system of technical facilities enabling the conduct of operational-search activities on telecommunications networks, issued by the Ministry of Communications on 20 April 1999, directed that equipment installed by telecommunications providers is to meet certain technical requirements described in the addendums to the Order. Those addendums were never officially published.
Copies of the Addendums were however submitted by the applicant. Addendums nos. 1 and 3 describe the technical requirements for the SORM on mobile networks. They specify that monitoring of communications is performed by law-enforcement agencies from a remote-control terminal connected to the monitoring equipment installed by the mobile operators. The equipment shall be capable, inter alia , of (a) creating databases of monitored subscribers managed from the remote-control terminal; (b) monitoring communications and transmitting the data thereby obtained to the remote-control terminal; (c) protecting the data from unauthorised access, including by the employees of the mobile operator; (d) providing access to the subscriber address databases (paragraphs 1.1. and 1.6 of Addendum no. 1).
More precisely, the equipment is to ensure (a) monitoring of all incoming and outcoming calls of the monitored subscriber; (b) access to information about the monitored subscriber ’ location; (c) maintenance of monitoring capability in cases of handover of the ongoing connection between networks of different mobile operators; (d) maintenance of monitoring capability in cases involving supplementary services, such as call forwarding, call transfer or conference calls, with a possibility to register the number or numbers to which the call is routed; (d) monitoring of data transmitted in any form, including through a fax service, short message service and others; (e) access to information about the services provided to the monitored subscriber (paragraph 2.1.2 of Addendum no. 1).
There are two types of monitoring: total monitoring and statistical monitoring. Total monitoring is real-time monitoring of communications-related data and the contents of all communications of the monitored subject. Statistical monitoring is real-time monitoring of communications-related data only, to the exclusion of monitoring of the communications contents. Communications-related data includes the telephone number called, the time of the start and end of the communication, supplementary services used, location of the monitored subject and his or her connection status (paragraphs 2.2 and 2.4 of Addendum no. 1).
The equipment installed must be capable of launching the monitoring of communications within 30 seconds of receiving a command from the remote-control terminal (paragraph 2.5 of Addendum no. 1).
Information about monitored subjects or about transmittal of any data to the remote-control terminal shall not be logged or recorded (paragraph 5.4 of Addendum no. 1).
The remote-control terminal receives from the mobile operator a password giving it full access to the SORM. The remote-control terminal then changes the password so that unauthorized persons cannot gain access to the SORM. The SORM performs the following commands from the remote-control terminal: place a subscriber under monitoring, interrupt or discontinue the monitoring, intercept a subscriber ’ s ongoing communication, submit specified information about a subscriber and others (paragraph 3.1.2 of Addendum no. 3).
The remote-control centre is to receive the following automatic notifications about the monitored subjects: short messages (SMS) sent or received by the monitored subject, with an indication of their contents; a number being dialled; a connection being established; a connection being interrupted; use of supplementary services; a change of the monitored subject ’ s connection status or location (paragraphs 3.1.4 of Addendum no. 3).
(b) Order no. 130
Order no. 130, On the installation procedures for technical facilities enabling the conduct of operational-search activities, issued by the Ministry of Communications on 25 July 2000, reiterates that mobile operators are to install equipment meeting the technical requirements described in Order no. 70. The installation procedure and schedule are to be approved by the FSB (paragraph 1.4).
Mobile operators are to take measures to protect information regarding the methods and tactics employed in operational-search activities (paragraph 2.4)
Mobile operators are to ensure that any monitoring of communications is performed or access to communications-related data is granted only pursuant to a court order and in accordance with the procedure established by the Operational-Search Activities Act (paragraph 2.5).
Mobile operators do not receive information about subscribers monitored or judicial orders authorising monitoring (paragraph 2.6).
Monitoring is carried ou t by the human resources and technical facilities of the F ederal S ecurity S ervice and the agencies of the I nterior Ministry (paragraph 2.7).
Paragraphs 1.4 and 2.6 of Order no. 130 were challenged by Mr N. before the Supreme Court. Mr N. argued that the reference to Order no. 70 contained in paragraph 1.4 was unlawful, as Order no. 70 had not been published and was invalid. As to paragraph 2.6, it was incompatible with the Communications Act, which provided that mobile operators had an obligation to ensure privacy of communications. On 25 September 2000 the Supreme Court found that reference to Order no. 70 in paragraph 1.4 was lawful, as Order no. 70 was technical in nature and was not liable to publication. As to paragraph 2.6, the Supreme Court considered that it might be interpreted as requiring mobile operators to give law-enforcement agencies access to information about subscribers without judicial authorisation. Such a requirement was, however, incompatible with the Communications Act. The Supreme Court therefore found that paragraph 2.6 was unlawful and inapplicable.
On 25 October 2000 the Ministry of Communications amended order no. 130 by repealing paragraph 2.6.
(c) Order no. 538
Order no. 538, On cooperation between mobile operators and law enforcement agencies, issued by the Ministry of Communications on 27 August 2005, provides that mobile operators are to diligently update databases containing information about subscribers and the services provided to them. That information shall be stored for three years. Law-enforcement agencies should have full-time remote access to the databases (paragraph 12).
Databases are to contain the following information about subscribers: (a) first name, patronymic and family name, home address and passport number for natural persons; (b) company name, address and list of persons having access to the terminal equipment with their names, patronymics and family names, home addresses and passport numbers for legal persons; (c) information about connections, traffic and payments.
(d) Order no. 6
Order no. 6, On requirements to telecommunications networks concerning the conduct of operational-search activities, issued by the Ministry of Communications on 16 January 2008, replaced Order no. 130.
It repeated the requirement that communications providers are to ensure transmittal to the relevant law enforcement agency ’ s remote-control terminal of information about (a) subscribers ’ numbers and identification codes; (b) the contents of the communications. The information should be transmitted in real time following the request from the remote-control terminal. Communications providers are also to ensure that the subscriber ’ s location is identified (paragraphs 2, 3 and 5).
The remote-control terminal is to have access to databases containing information about the subscribers, including their numbers and identification codes (paragraphs 7 and 8).
Communications providers are to ensure that the monitored subject remains unaware of the monitoring of his communications. Monitoring-related data shall be protected from unauthorised access by the employees of the communications providers (paragraph 9).
5. Criminal responsibility for breach of privacy
Unauthorised collection or distribution of information about private or family life of a person without his or her consent, if those actions are committed out of mercenary or other personal interest and are damaging to the rights and lawful interests of citizens, are punishable by a fine, correctional labour or up to four months ’ arrest. The same actions committed by an official through abuse of office are punishable by a fine, prohibition on occupying certain positions or up to six months ’ arrest (Article 137 of the Criminal Code).
Breach of privacy of postal, telegraphic, telephone and other communications of citizens is punishable by a fine or correctional labour. The same act committed by an official through abuse of office is punishable by a fine, prohibition on occupying certain positions or up to four months ’ arrest (Article 138 of the Criminal Code).
COMPLAINTS
1. The applicant complains under Article 8 of the Convention that the domestic law on secret monitoring of telephone communications violates his right to respect for his private life and correspondence. In particular, he alleges that the domestic law does not contain sufficient procedural safeguards against unauthorised monitoring of communications by law-enforcement agencies. Law-enforcement agencies have unrestricted access to all telephone communications and thus are technically capable of monitoring the communications of any person without obtaining prior judicial authorisation. Moreover, the relevant domestic law does not meet the requirement of accessibility, as the technical requirements for the SORM have never been published.
2. The applicant complains under Article 13 of the Convention that he has no effective domestic remedy for his complaint under Article 8. In particular, he cannot challenge Order no. 70, describing the technical requirements for the SORM, as it was not published and is considered by the Supreme Court to be purely technical in nature.
QUESTIONS TO THE PARTIES
1. The Government are requested to explain the safeguards, controls and guarantees against abuse which apply to monitoring of mobile phone communications and processing of the collected data. In particular:
(a) safeguards against unauthorised monitoring, to ensue that prior judicial authorisation is obtained in all cases;
(b) safeguards to ensue that collected data is kept confidential and not transferred or disclosed to unauthorised persons;
(c) review by an independent body of the monitoring process and of the processing of the collected data;
(d) notification or possibility to request information about monitoring or collected data, and possibility to complain to an independent body in case of abuse.
2. Does the system of interception of communications constitute an interference with the applicant ’ s right to respect for his private life and correspondence?
3. Is any such interference in accordance with the law? Given that the addendums to Order no. 70, On technical requirements to the system of technical facilities enabling the conduct of operational-search activities on telecommunications networks, issued by the Ministry of Communications on 20 April 1999, have not been published, is the domestic law accessible? Is the domestic law foreseeable as required by Article 8 (see Liberty and Others v. the United Kingdom , no. 58243/00, 1 July 2008 , and Weber and Saravia v. Germany , (( dec. ). no. 54934/00, §§ 93-95, 10 January 2000, with further references ) ?
4. Is any such interference proportionate to the legitimate aim(s) sought to be achieved (see Klass and Others v. Germany , 6 September 1978, Series A no. 28 ; Weber and Saravia v. Germany ( dec. ), no. 54934/00, 29 June 2006, with further references )?
5. Does the applicant have an effective domestic remedy within the meaning of Article 13 of the Convention, in respect of the alleged violation of Article 8 (see Klass and Others v. Germany , 6 September 1978, Series A no. 28 )?