MGIMO HEADLINES
XV Asian Conference of Valdai Discussion Club
Visit of IORA Secretary General Salman Al-Farisi
Regulation of Digital Space in the Russian Federation
Ekaterina E. Gruzdeva,
School of Governance and Politics, MGIMO University
Abstract
The article is devoted to the problem of the regulation of digital space in the Russian Federation as all the spheres of social life and the state are moving into virtual space and digital technologies are tightly connected with them. This applies to the defense sphere and the system of banking transactions of individuals and legal entities, as well as the daily flow of information from the Internet. The diversity of the areas where information technologies are currently being introduced or have already been introduced, demonstrate that the standards for regulating these relations need to be set. However, the difference in digital relations causes several problems in universal regulation. Nowadays, there are no specific legislative acts relating to the definition, limitation, regulation of the sphere of digital technologies. However, at the end of the XX century and at the beginning of the XXI centuries the rules concerning the information danger or partially determine the rights and obligations of the parties of information relations appeared in the legal documents of some countries. The problem is that they are quickly becoming irrelevant due to an impetuous progress in information relation.
Key words: informational sovereignty, internet, digital technologies, informational security, digital sovereignty
Main body
While digital technologies are developing it has become necessary to streamline the relations of subjects of information relations, as well as to determine the boundaries, rights and obligations of each of them. In my work, I will consider the legal regulation of the information technology sphere in the 'state-society-individual' system, as well as the boundaries of sovereignty and its regulation in the digital space.
The purpose of my work is to conclude whether the state should limit the digital sphere and determine its sovereignty in accordance with its interests, or is it a global network that does not imply the classical concept of state sovereignty.
Since the legal regulation of the information sphere is poorly studied in Russia and the practice of other states cannot always approach the social, political and economic conditions of another country the research in this area is relevant.
Overview of the concept of “digital sovereignty”
The concept of “digital sovereignty” in literature and in the IT community in Russia appeared about 10 years ago. One of the first to speak about digital sovereignty in Russia was I.S. Managing Partner, General Director of “Ashmanov& Partners”. He defines digital sovereignty as “the right of the state to determine its information policy independently, manage infrastructure, resources, ensure information security, etc.” (Ashmanov, 2013) It means digital sovereignty is adjacent to the concept of state sovereignty except the fact that it does not include a territorial component. It is the key issue in the legal regulation of digital sovereignty. Internal information sovereignty is the highest power in the implementation of information policy and maintaining information order in the country (Gong, 2005).
Several types of digital sovereignty can be distinguished. The first one is the so-called electronic sovereignty, which includes the technological side of the digital sphere: protection against cyber-attacks, information leaks, stability of the information infrastructure. One of the threats to electronic sovereignty is viruses designed to seize an access to weapons control through a digital network. The second type is informational sovereignty. It includes the protection of information from unwanted outside interference, data falsification, control over the information space, “protection of minds”, or ideology.
The legislative framework for the regulation of digital sovereignty in the Russian Federation
Despite the fact that there are several legal acts in Russia regulating relations in the information space that protect, for example, copyright ‘digital sovereignty’ does not appear in any of them. At the international conference “Digital Transformation: Intellectual Property and Blockchain Technologies” the counselor of Russian President M. Fedotov said that “the state has not yet determined the boundaries of digital sovereignty for itself.”(Fedotov, 2018) He noted that those ways of protecting intellectual and copyright rights that existed earlier (including those used in modern Russian regulatory documents) "are experiencing a crisis." According to this statement, copyright and data protection are the main components of the digital sovereignty. Actually, the legal acts regulating security and the information sphere imply “sovereignty” as a reflection of the concept of state independence in domestic and foreign policy. For example, the National Security Strategy of the Russian Federation (82 points)[1] and the Doctrine of Information Security of the Russian Federation [2] where digital sovereignty is considered as a control over the information, in other words as a mean of informational and ideological influence. Another example, the Federal Law “On Information, Information Technologies and Information Protection” [3] defines information technologies, establishes the basis for the activities of subjects and objects of the information sphere. It is concerned with the rights and obligations of information owners, but there is nothing about information sovereignty as a state policy, or as a basic part of state sovereignty.
Informational or digital sovereignty, in comparison to the sovereignty in general, comes from the idea of independence which leads to security, but not from the idea of security which leads to independence.
According to the Russian Constitution and other legislative acts, every citizen has the right to freely seek, receive, transmit, produce and disseminate information (clause 4 of article 29) [4] except for information that can be regarded as agitation that stimulates social racial, national or religious hatred and enmity, propaganda of social, racial, national, religious or linguistic superiority.[4] However, since the legislation in this area has many gaps and loopholes and technologies are developing fast enough to bypass any protection systems useful information resources may be mistaken for extremists’ ones and truly extremists’ may remain in the public domain. Therefore, the control over the information sphere is not sufficiently effective what is directly related to the weakness of sovereignty in the information sphere in The Russian Federation.
In 2018, the Office of the President of the Russian Federation for the development of information and communication technologies and communication infrastructure was created in the Presidential Administration. The main tasks [5] of the Office, according to the official website of the Kremlin, are as follows:
a) Ensuring the activities of the President of the Russian Federation on public policy issues in the field of information technology and the development of e-democracy;
b) Preparation of proposals to the President of the Russian Federation concerning the appliance of information technology and the development of e-democracy in state and municipal government;
c) Participation on behalf of the President of the Russian Federation in the implementation of these proposals.
The creation of a specialized Office testifies to the concern of the authorities with the problem of introducing information technologies into administrative structures. This step should be followed by increased control over the digital space, which includes not only information resources but also various services, platforms and databases. These measures should contribute to the beginning of the establishment of information sovereignty, independence both in the technological and information sphere. At the same time it is important to prevent total government control of cyberspace. If the information spaces of each country are isolated, it will result in an imbalance in world relations and an increase in psychological tension. Therefore, it is important to establish the boundaries of the digital space through copyright tools and data security guarantees.
The Prospects and the problems of digital and informational development
The lag of Russia from Western countries in the information space began in the 1990s, when Russian entrepreneurs did not invest in technologies because they did not want to take risks. The domestic Russian technical base was not form in time, although there were some developments. After the restoration of political and economic stability, the market was filled with imported computers, processors, microcircuits, software, etc. As a result, Russia has become dependent on foreign products in the field of information technology. By now the Russian Federation has not achieved a sufficient level of application and does not have advanced cryptographic means of protection, data processing on the servers of this state (data sovereignty), lacks domestic microelectronics (Bukharin, 2016).
Firstly, the lack of domestic products is contrary to the idea of digital sovereignty. If at least one component of the information processing and dissemination system is produced by another state, there is a chance of information leak. Scientists at the University of Massachusetts have proved that a virus can be placed in the processor that cannot be detected by other programs (Becker, Regazzoni, Paar and Burleson, 2013).
Secondly, information leaks and data protection are largely related to the professionalism of the personnel involved. According to InfoWatch reports, information leaks due to the dismissal of employees [6] or by privileged users [7] for various reasons are very common and, moreover, tend to increase in scale. Despite the development of information technology data protection remains a serious issue. The solution to this problem is to create reliable means of data protection, advanced training of employees working with databases.
Unfortunately, all the problems above are being compounded despite developments in the digital field. Probably, in order to overcome the backwardness of the Russian developments it is necessary to be in complete informational isolation. The second solution to the problem is “open source software” — that is domestic developments based on foreign codes that consist in the public domain. It implies the creation of a domestic operating system is possible by borrowing the source code or by studying its algorithms and technologies with their subsequent implementation in their own software.
Conclusion
Digital sovereignty in the modern world is the basis of state sovereignty. However, its definition and organization requires considerable efforts both from the state and society. The state should create a flexible and dynamic system of legal regulation of the digital sphere which will meet new trends but not impede development. The digital sphere should not belong to the state but should be a platform where the state and society can coexist. Society and individuals must respect copyrights and obey the developed rules (but only if they do not contradict their rights).
Digital sovereignty is the key to a national security. Firstly, it protects against unwanted interference of other states in internal political processes by means of cyberattacks, viruses or data theft. Secondly, digital sovereignty implies “purity of information” from foreign propaganda, which is currently actively used as a corridor of soft power.
The problems of the formation of digital sovereignty are closely connected not only with the slowness of government towards the information sphere, but also with technological and technical backwardness, as well as low competition in the market (almost oligopolistic) of the components of the information processing chain. Moreover, under the name of information sovereignty, the state can pursue a policy of total control over the Internet, which contradicts the constitutional rights of citizens.
Thus, to the question whether the restriction of the digital sphere and the establishment of digital sovereignty is necessary it is impossible to give a definite answer due to the fact that restriction and sovereignty are unequal concepts. The state should strive for digital sovereignty but by improving legal mechanisms, not through doctrinal attitudes.
References
Ashmanov I. Information sovereignty of Russia: a new reality // Russia forever. 05/13/2013. [Electronic resource]. URL: http://rossiyanavsegda.ru/read/948/
Becker GT, Regazzoni F., Paar C., and Burleson WP Stealthy Dopant-Level Hardware Trojans // Cryptographic Hardware and Embedded Systems - CHES. 2013. Vol. 8086 of the series Lecture Notes in Computer Science. p. 197 – 214.
Bukharin VladislavV iktorovich Components of the digital sovereignty of the Russian Federation as the technical basis of information security // Vestnik MGIMO. 2016. No6(51). URL: https://cyberleninka.ru/article/n/komponenty-tsifrovogo-suvereniteta-rossiyskoy-federatsii-kak-tehnicheskaya-osnova-informatsionnoy-bezopasnosti
Fedotov M. Digital Transformation: Intellectual Property and Blockchain Technologies. 04/18/2018 [Electronic resource]. URL: http://akitrf.ru/news/eksperty-kto-ne-investiruet-v-novye-tekhnologii-seychas-okazhetsya-vne-rynka/
Gong W. Information Sovereignty Reviewed // Intercultural Communication Studies. 2005. Vol. XIV. Issue 1. P. 119–135
[1] National Security Strategy // URL: http://www.consultant.ru/cons/cgi/online.cgi?req=doc&base=LAW&n=191669&fld=134&dst=100014,0&rnd=0.2478218595152002#09104798868233412
[2] Information Security Doctrine of the Russian Federation // URL: http://www.consultant.ru/cons/cgi/online.cgi?req=doc&base=LAW&n=208191&fld=134&dst=100012,0&rnd=0.8840681909437122#09044486031026493
[3] Federal Law “On Information, Information Technologies and Information Protection” // URL: http://www.consultant.ru/cons/cgi/online.cgi?req=doc&base=LAW&n=322880&fld=134&dst=1000000001,0&rnd = 0.523516876254535 # 015340766180024023
[4] Constitution of the Russian Federation, clause 4, article 29 // URL: http://www.constitution.ru/10003000/10003000-4.htm
[5] Departments of the Administration of the President of the Russian Federation. Office for the Development of Information and Communication Technologies and Communication Infrastructure // URL: www.kremlin.ru/structure/administration/departments
[6] InfoWatch’s second annual study of incidents of confidential information security related to the actions of retiring or retiring employees of government organizations and commercial companies. 2018 // URL: https://www.infowatch.ru/resources/analytics/reports/17083
[7] And the InfoWatch investigation of information security incidents that led to leaks from government organizations and commercial companies through the fault of privileged users. 2018 // URL: https://www.infowatch.ru/resources/analytics/reports/16137