Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

NB: Administrative Law and Administration Practice
Reference:

Actual Problems of Administrative Responsibility in the Field of Information Security

Duben' Andrei Kirillovich

Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice

119019, Russia, Moscow region, Moscow, Znamenka str., 10

k.duben@mail.ru
Other publications by this author
 

 

DOI:

10.7256/2306-9945.2022.4.38792

EDN:

SGNCJO

Received:

18-09-2022


Published:

26-09-2022


Abstract: The article emphasizes the relevance of drawing attention to the increasing role of administrative and legal provision of information security. The current administrative legislation is analyzed, and proposals are formulated aimed at finding administrative and legal means and methods, problems of ensuring information security. Based on the current administrative legislation, the article presents the author's approach to the problem of legal responsibility in the field of security in the global cybernetic space. The article examines the legal and organizational aspects of the implementation of administrative responsibility measures in the mechanism of ensuring information security, the importance of administrative coercion in the mechanism of building an information society is noted in the work.   The main conclusions of the study are that over the last period of time a number of changes have been made to the administrative legislation in terms of legal regulation of information security. These changes indicate that in the Russian Federation, state control is being strengthened to prevent information threats and risks, while the legislator responds in a timely manner to changes in society in the context of the digitalization of law and geopolitical instability in the world. To date, measures of administrative responsibility for offenses in the field of information security are constantly being developed and improved.With the advent of new information technologies, means of communication and objects of critical information infrastructure in the Russian Federation, it is necessary on an ongoing basis to conduct scientific research on issues of legal liability for unlawful influence on such information objects with the active participation of public authorities in order to introduce scientific and technical developments into practical activities.


Keywords:

administrative law, information law, legal responsibility, administrative responsibility, information security, digital development, offense, administrative coercion, government measures, management methods

This article is automatically translated.

Information security as a sub-branch of information law in modern conditions is becoming increasingly important. Issues of legal responsibility in the field of information security are particularly relevant both theoretically and practically.

Information, having become one of the most important economic and political resources, expands the range of ways for its positive and socially useful use for educational, social, economic and cultural purposes, however, at the same time opens up a wide range of opportunities for its use as a weapon that destroys the stability of public relations and affects the quality of human life.

The issues of ensuring the information security of the country are increasingly relevant in the national security system of Russia, the domestic legislator promptly responds to the challenges and threats arising in this area. To date, a direction has been formed in the state in which danger and threat in the information space occupy leading positions. Thus, in the context of the development of the information society, the transformation and digitalization of law, the emergence of new challenges, threats and risks, the issues of legal responsibility in the field of information security are of particular importance for Russian legislation.

It is important to note that the Russian doctrine failed to bring to a common denominator the general concept of legal responsibility, there are different positions on what should be understood by the term "legal responsibility".

According to S.S. Alekseev, the concept under study has been transformed taking into account external and internal conditions, meanwhile responsibility is state coercion expressed in legal norms and acts as an external influence on the behavior of subjects of law [1]. I.S. Samoshchenko, on the contrary, notes that legal responsibility is expressed in state coercion of certain adverse actions on the part of individuals and legal entities [2]. Complementing this definition, Vitruk N.V. believed that legal responsibility is carried out in strict accordance with the law, i.e. it is one of the forms of state coercion [3]. Summarizing the theoretical positions of scientists, it is worth noting that legal responsibility in the field of information security is, to a certain extent, the reaction of the state to the commission of illegal socially dangerous actions, which has a mandatory and compulsory nature.

At the same time, legal responsibility acts as an effective way to implement the regulatory and protective function of the state in order to prevent illegal actions, as well as to protect and restore violated rights. It is worth agreeing with the position of the luminary of information law I.L. Bachilo, who noted that the institute of responsibility in information and legal relations acts as a general institution, but in information law this institute has special methods and means of legal regulation [4]. Thus, the institution of legal responsibility in the field of information security has an intersectoral nature associated with the norms of administrative law.

Today, information technologies and information infrastructure facilities have acquired a cross-border and comprehensive character and have become an integral part of all spheres of human activity, society and the state.

Taking into account the above features, it should be recognized that the regulation of Internet relations through various legislative measures, including the norms of administrative law, is not always possible, which is primarily due to the lack of a definition of "legal responsibility for offenses in the field of information security". Based on theoretical provisions, we believe that legal liability for offenses in the field of information security is a measure of state coercion based on legal and public condemnation of the offender's behavior and the application of appropriate measures of legal responsibility to the guilty person for the committed act infringing on information security.

Considering the current Information Security Doctrine of the Russian Federation, it is worth noting that the institute of legal responsibility in the field of information security has a certain procedure for preventing the commission of offenses that infringe on information, informatization objects, information systems, websites and other objects in the Internet information and telecommunications network, communication networks, etc. [5].

In turn, information security is expressed in the public interest, in this regard, the main role of the legal mechanism for the protection of legal norms is played by the provisions of administrative and tort legislation. Consequently, the risks of the digital environment, information threats are the driver of modernization of the provisions of the Code of Administrative Offences of the Russian Federation (hereinafter – the Administrative Code of the Russian Federation).

Administrative offenses in the field of information security are characterized by the following signs:

- socially dangerous and illegal act;

- violation of the rights and freedoms of citizens;

- use of information and communication technologies;

- encroachment on public relations regulating the procedure for ensuring information security.

The main administrative offenses in the field of information security are provided for by Chapter 13 of the Administrative Code of the Russian Federation "Administrative offenses in the field of communications and information". At the same time, the subject composition includes: telecom operators (Articles 13.2.1, 13.30, 13.34), organizers of the dissemination of information on the Internet information and telecommunications network (Article 13.31), owners of the news aggregator (Article 13.32), owners of the audiovisual service (Articles 13.35, 13.36, 13.37), organizers of the instant messaging service (Article 13.39), search engine operators (Article 13.40), hosting providers (Article 13.41), owners of websites or other information resource on the Internet information and telecommunications network (Article 13.41).

The analysis of administrative and legal norms showed that the offenses provided for by Chapter 13 of the Administrative Code of the Russian Federation, depending on the area of influence of the subject, can be divided into three groups:

- in the field of communication;

- in the field of mass media;

- in the field of the procedure for collecting, storing, using, distributing and protecting information.

It should be emphasized that offenses in the field of information security, as a rule, are committed on the Internet information and telecommunications network. On this information platform, no special efforts and costs are required, it is enough for offenders to have information, software and computer tools with access to the Internet information and telecommunications network. At the same time, according to data analysis, the subjects of this type of administrative offenses do not have a professional technical education. It has been revealed that there are special forums, groups and chats on information platforms that provide access to malicious and viral computer programs that provide the ability to steal customer bank card numbers, disclose personal and identification data of users, commit electronic theft and carry out attacks on computer systems of information objects.

As D.A. Savenkova rightly notes in her dissertation research, open access to the information and telecommunications network of the Internet allows you to easily commit administrative offenses using the global network. Since it is quite difficult to identify the person who committed the offense on the network. The anonymity of the Internet information and telecommunications network, free and wireless access, and the use of proxy servers make it impossible to identify the offender, because modern attackers use the so-called "chain of servers" [6].

The main problem of bringing to administrative responsibility for offenses in the information sphere is related to the problem of low efficiency of investigation of the category of offenses under consideration and judicial proceedings. Certain problems in the fight against administrative offenses in the information sphere are associated with a high level of latency of this group of offenses and the definition of the offense event itself, including the place and time of its commission. At the same time, the judicial authorities, when making a decision, examine and evaluate the submitted materials in totality and interrelation, guided by the provisions of the Administrative Code of the Russian Federation and Federal Law No. 149-FZ "On Information, Information Technologies and Information Protection" [7]. From the analysis of judicial practice, it should be noted that cases of administrative offenses in the information sphere are mainly initiated either on the basis of information received during the implementation of administrative measures, or on the fact of an already committed offense [8].

Consequently, the investigation of administrative offenses committed on the Internet information and telecommunications network requires prompt analysis and preservation of electronic data, which by their nature are vulnerable and are quickly destroyed by offenders. These characteristic features apply to all cyber-violations, since it takes a short period of time to commit these illegal actions. In addition, the offender can use various places where he will use his technical devices when committing illegal actions, this factor is a feature inherent in computer crime that has a cross-border character [9].

It follows from the above that today, the issue of territorial jurisdiction in the case of administrative offenses in the field of information security on the territory of another state is relevant. In our opinion, it is necessary to develop certain means to bring to administrative responsibility for the illegal actions of a computer attacker both from the State on whose territory he used technical devices, and from the state to which the damage was caused.

In turn, the domestic legislator responds in a timely manner to new challenges and threats in the information sphere, in particular, by Federal Law No. 62-FZ of March 25, 2022 "On Amendments to Articles 8.32 and 20.3.3 of the Code of Administrative Offences of the Russian Federation" [10]. These changes were made in order to solve the problems of distinguishing criminally punishable acts from administrative offenses in a variety of criminal law offences by fixing the criteria for criminalizing acts that are inherently related to the amount of harm caused. In this regard, in our opinion, the legislator needs to abandon the use of evaluation categories, which, in turn, can have a positive impact on overcoming difficulties in their qualification. In this regard, it is necessary to adopt an appropriate explanation of the Plenum of the Supreme Court of the Russian Federation on information offenses, the provisions of which could contribute to the uniform application of the norms of administrative legislation [11].

Thus, at present, the problems of qualification of administrative offenses are caused by the lack of a clear definition of the amount of damage caused in the information environment, in this regard, the issue of determining the damage caused as a result of committed offenses using information methods and means is particularly acute. The adoption of a number of new regulatory legal acts regulating responsibility in the field of information security of the Russian Federation contributes to the prevention and suppression of offenses in the information sphere [12].

Despite the allocation of administrative offenses in the information sphere to an independent chapter 13 of the Administrative Code of the Russian Federation, most of the norms are concentrated in other chapters of the Administrative Code of the Russian Federation. For example, responsibility for violating the rules of information protection (Article 13.12 of the Administrative Code of the Russian Federation); for illegal activities in the field of information protection (Article 13.13 of the Administrative Code of the Russian Federation); for violating the established procedure for collecting, storing, protecting and processing information constituting a credit history (Article 14.30 of the Administrative Code of the Russian Federation); for using official information in the securities market securities (Article 15.21 of the Administrative Code of the Russian Federation); for disclosure of information about security measures (Article 17.13 of the Administrative Code of the Russian Federation); for concealment or distortion of environmental information (Article 8.5 of the Administrative Code of the Russian Federation), etc.

It is worth noting that the size of administrative fines imposed for the commission of the above administrative offenses, in general, do not correspond to the achievement of the goals of administrative punishment, the legal consequences in the information sphere are several times higher than the real damage [13]. We believe that in order to solve this problem, the domestic legislator needs to review the procedure and sequence of administrative punishment using the expertise and assessment of authorized persons in the field of information security.

Thus, from the comparative legal analysis of the normative legal acts of the Russian Federation, it follows that state coercion in the form of legal liability for an offense in the field of information security is carried out through measures provided for by information legislation [14].

In turn, the current administrative and legal measure is more effective and effective in the field of information security in the Russian Federation. It is worth agreeing with the position of E.V. Klimovich, who noted "...a special role in ensuring the implementation and preservation of law and order in the information sphere is assigned to the institute of administrative responsibility. On the one hand, this institution has the properties of economy and speed of applying various measures of administrative responsibility to the offender, and, on the other hand, it contains such administrative and legal norms that protect certain categories of confidential information that do not fall under the protection of other norms of Russian legislation" [15]. Thus, the norms of administrative legislation establishing legal responsibility in the field of information security are of great social importance, since information as a source of certain information affects the rights, freedoms and interests of an individual subject of law.

Summing up, it should be noted that over the last period of time, a number of changes have been made to the administrative legislation in terms of legal regulation of information security. These changes indicate that in the Russian Federation, state control is being strengthened to prevent information threats and risks, while the legislator responds in a timely manner to changes in society in the conditions of digitalization of law and geopolitical instability in the world. Today, measures of administrative responsibility for offenses in the field of information security are constantly being developed and improved. With the advent of new information technologies, means of communication and objects of critical information infrastructure in the Russian Federation, it is necessary on an ongoing basis to conduct scientific research on issues of legal liability for unlawful influence on such information objects with the active participation of public authorities in order to introduce scientific and technical developments into practical activities.

References
1. Alekseev S.S. (1971). The social value of law in Soviet society (223). Moscow.
2. Samoshchenko I.S. (1974). The essence of legal responsibility in Soviet society (44). Moscow.
3. Vitruk N.V. (2009). General theory of legal responsibility (432). Moscow.
4. Bachilo I.L. (2015).Information law: textbook for masters. 3rd ed., reprint (564). Moscow: Yurayt Publishing House
5. The Information Security Doctrine of the Russian Federation, approved by By Decree of the President of the Russian Federation. N. 646. SZ RF. 2016. N. 50. St. 7074.
6. Savenkova D.A. Institute of Legal Responsibility in the system of legal provision of information security in the Russian Federation: abstract of the dissertation of the Candidate. jurid. Sciences: M. 2019.25 p.
7. Federal Law No. 62-FZ of March 25, 2022 "On Amendments to Articles 8.32 and 20.3.3 of the Code of the Russian Federation on Administrative Offenses" // SPS "Consultant Plus".
8. Ruling of the Supreme Court of the Russian Federation dated July 21, 2021 No. 305-ES21-10915 in case No. A40-59179/2020 // SPS "Consultant Plus".
9. Decision of the Odintsovo City Court of the Moscow Region dated June 24, 2022 in case No. 2a-7284/2022 // SPS "Consultant Plus".
10. Polyakova T.A., Savenkova D.A. (2018) Actual problems of legal responsibility in the field of information security (concept, grounds for occurrence, types) // Bulletin of the South Ural State University. Series: law. 3. 88-94.
11. Sukhanov A.G. (2019) Actual problems of bringing to administrative responsibility for offenses in the information sphere // Court Administrator. 1. 23-27.
12. Romanov A.N., Shainurov A.Z. (2022) On the issue of administrative responsibility of territorial network organizations for violation of information security standards // Organizational and legal foundations of economic security of business entities in the conditions of new challenges of the external environment: problems and ways to solve them: collection of scientific articles of the International scientific and practical conference. Yekaterinburg. 226-234.
13. Grigoriev O.V. (2022) On the question of the implementation of administrative responsibility for offenses in the information sphere // Symbol of Science: International Scientific journal. 1-1. 38-41.
14. Smirnov A.A. (2021) Issues of legal responsibility for offenses in the field of information and psychological security // Agrarian and land law. 12. 202-204.
15. Klimovich E.V. (2006) Administrative responsibility as a means of legal protection of confidential information // Omsk Scientific Bulletin. 5(40). 42-45.

First Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Current problems of administrative responsibility in the field of information security". The subject of the study. The article proposed for review is devoted to topical issues of "... administrative responsibility in the field of information security". The author has chosen a special subject of research: the proposed issues are investigated from the point of view of information and administrative law, while the author notes that "Issues of ensuring the information security of the country are increasingly relevant in the national security system of Russia, the domestic legislator promptly responds to challenges and threats arising in this area." Russian legislation relevant to the purpose of the study is being studied. A large volume of scientific literature on the stated issues is also studied and summarized (although it cannot be said that there are only two modern works in 2019 and 2021), analysis and discussion with the opposing authors are provided. However, it should be noted that the author goes from one extreme to the other. He writes about information responsibility, then goes on to administrative and criminal responsibility. Which makes it impossible to assess the degree of his confidence in a particular responsibility. At the same time, the author notes that "In this regard, as A.V. Smirnov rightly notes, it is necessary to separately single out the institute of information and legal responsibility as an independent type of legal responsibility [8]." Research methodology. The purpose of the study is determined by the title and content of the work: "Information security is expressed in the public interest, in this regard, the main role of the legal mechanism for the protection of legal norms is played by the provisions of criminal and administrative-tort legislation ...". It can be designated as the consideration and resolution of certain problematic aspects related to the above-mentioned issues. Based on the set goals and objectives, the author has chosen a certain methodological basis for the study. In particular, the author uses a set of general scientific, special legal methods of cognition. In particular, the methods of analysis and synthesis made it possible to generalize various approaches to the proposed topic and influenced the author's conclusions. The most important role was played by special legal methods. In particular, the author used a formal legal method, which allowed for the analysis and interpretation of the norms of current Russian legislation. The following conclusions are drawn: "...the investigation of administrative offenses committed on the Internet information and telecommunications network requires prompt analysis and preservation of electronic data, which by their nature are vulnerable and are quickly destroyed by offenders," etc. Thus, the methodology chosen by the author is adequate to the purpose of the article, allows you to study certain aspects of the topic. The relevance of the stated issues is beyond doubt. This topic is one of the most important both in the world and in Russia, from a legal point of view, the work proposed by the author can be considered relevant, namely, he notes that "... it is necessary to develop certain means in order to bring to administrative responsibility for illegal actions of a computer attacker both on the part of the state in whose territory he used technical the device, and from the side of the State to which the damage was caused. In this regard, it is necessary to improve and modernize the norms of administrative law." And in fact, an analysis of the opponents' work should follow here, and it follows and the author shows the ability to master the material. Thus, scientific research in the proposed field is only to be welcomed. Scientific novelty. The scientific novelty of the proposed article is questionable. It is not expressed in the specific scientific conclusions of the author. Among them, for example, is the following: "Thus, from a comparative legal analysis of the normative legal acts of the Russian Federation, it follows that state coercion in the form of legal liability for an offense in the field of information security is carried out through measures provided for by information legislation." As can be seen, these and other "theoretical" conclusions cannot be used in further scientific research. Thus, the materials of the article in the presented form may be of interest to the scientific community only in the case of high-quality revision of the article. Style, structure, content. The subject of the article corresponds to the specialization of the journal "Administrative Law and Practice of Administration", as it is devoted to topical issues of "... administrative responsibility in the field of information security". The article contains an analysis of the opponents' scientific works, but not modern ones, so the author notes that a question close to this topic has already been raised and the author uses their materials, discusses with opponents. The content of the article corresponds to the title, since the author considered the stated problems and partially achieved the purpose of his research. The quality of the presentation of the study and its results should be recognized as not fully developed. The subject, tasks, and methodology directly follow from the text of the article, but there are no results of legal research and scientific novelty. The design of the work meets some of the requirements for this kind of work. Significant violations (remarks): the lack of a clear justification for "legal responsibility for an offense in the field of information security is carried out through measures provided for by information legislation"; a large number of uncoordinated proposals and conclusions, for example, "legal responsibility ... is ... the reaction of the state to the commission of illegal socially dangerous actions, having a generally binding and compulsory character", "... in an independent chapter 13 of the Administrative Code The Russian Federation, most of the norms ... are concentrated in other chapters of the Administrative Code of the Russian Federation. For example, responsibility for violating the rules of information protection is established in Article 13.12 of the Administrative Code of the Russian Federation; for illegal activities in the field of information protection in Article 13.13 of the Administrative Code of the Russian Federation ...". We need a spell check in the entire article. Bibliography. The quality and quantity of the literature presented and used should be evaluated poorly. The lack of recent literature and judicial practice narrows the validity of the author's conclusions. The works of these authors correspond to the research topic, have certain signs of sufficiency, and contribute to the disclosure of some aspects of the topic. Appeal to opponents. The author has not conducted a serious analysis of the current state of the problem under study. The author describes different points of view on the problem, argues for a more correct (but in general) position in his opinion, based on the work of opponents, offers solutions to individual problems. Conclusions, the interest of the readership. The conclusions are not logical, specific, they are well-known, obtained using a generally accepted methodology. The article in this form cannot be of interest to the readership in terms of the presence in it of the author's systematic positions in relation to the issues stated in the article, which should be typical for legal research. Based on the above, summing up all the positive and negative sides of the article, I recommend "sending it for revision".

Second Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Current problems of administrative responsibility in the field of information security". The subject of the study. The article proposed for review is devoted to topical issues of qualification of actions as administrative responsibility in the field of information security. The proposed issues are considered in the context of ensuring Russia's national security in general, as well as based on the essence of the category of "legal responsibility". The subject of the study was the norms of current legislation, opinions of scientists, materials of judicial practice. Research methodology. The purpose of the study is not stated directly in the article. At the same time, it can be clearly understood from the title and content of the work. The purpose can be designated as the consideration and resolution of certain problematic aspects of the issue of administrative responsibility in the field of information security. Based on the set goals and objectives, the author has chosen the methodological basis of the study. In particular, the author uses a set of general scientific methods of cognition: analysis, synthesis, analogy, deduction, induction, and others. In particular, the methods of analysis and synthesis made it possible to summarize and share the conclusions of various scientific approaches to the proposed topic, as well as draw specific conclusions from the materials of judicial practice. The most important role was played by special legal methods. In particular, the author actively applied the formal legal method, which made it possible to analyze and interpret the norms of current legislation (first of all, the norms of the legislation of the Russian Federation on administrative offenses). For example, the following conclusion of the author: "The analysis of administrative and legal norms showed that the offenses provided for in Chapter 13 of the Administrative Code of the Russian Federation, depending on the area of influence of the subject, can be divided into three groups: - in the field of communications; - in the field of mass media; - in the field of the procedure for collecting, storing, using, distributing and protecting information." It is necessary to positively assess the possibilities of an empirical research method related to the study of judicial practice materials (the author draws conclusions based on the practice of the Supreme Court of the Russian Federation, the Ruling of the Supreme Court of the Russian Federation dated July 21, 2021 No. 305-ES21-10915 in case No. A40-59179/2020, the Decision of the Odintsovo City Court of the Moscow Region dated June 24, 2022 in the case No. 2a-7284/2022). Thus, the methodology chosen by the author is fully adequate to the purpose of the study, allows you to study all aspects of the topic in its entirety. Relevance. The relevance of the stated issues is beyond doubt. There are both theoretical and practical aspects of the significance of the proposed topic. From the point of view of theory, the topic of ensuring information security in Russia is complex and ambiguous. To achieve it, a set of measures is necessary, which are carried out by various subjects of activity, primarily public authorities. Bringing to administrative responsibility is one of such measures. At the same time, as practice shows, this measure is not always the most effective, which is due, among other things, to the lack of development of scientific ideas about information security. The author is right to highlight this aspect of relevance. On the practical side, it should be recognized that scientifically sound recommendations are needed to improve legislation in this area. The examples from judicial practice given by the author in the article clearly demonstrate this issue. Thus, scientific research in the proposed field should only be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. Firstly, it is expressed in the author's specific conclusions. Among them, for example, is the following conclusion: "over the last period of time, a number of changes have been made to the administrative legislation in terms of legal regulation of information security. These changes indicate that in the Russian Federation, state control is being strengthened to prevent information threats and risks, while the legislator responds in a timely manner to changes in society in the context of digitalization of law and geopolitical instability in the world. To date, measures of administrative responsibility for violations in the field of information security are constantly being developed and improved. With the advent of new information technologies, means of communication and objects of critical information infrastructure in the Russian Federation, it is necessary on an ongoing basis to conduct scientific research on issues of legal liability for unlawful influence on such information objects with the active participation of public authorities in order to introduce scientific and technical developments into practical activities." These and other theoretical conclusions can be used in further scientific research. Secondly, the author suggests ideas for improving the current legislation. In particular, "It is worth noting that the amounts of administrative fines imposed for the commission of the above administrative offenses generally do not correspond to the achievement of the goals of administrative punishment, the legal consequences in the information sphere are several times higher than the real damage [13]. We believe that in order to solve this problem, the domestic legislator needs to review the procedure and sequence of administrative punishment using the expertise and assessment of authorized persons in the field of information security." The above conclusion may be relevant and useful for law-making activities. Thus, the materials of the article may be of particular interest to the scientific community in terms of contributing to the development of science. Style, structure, content. The subject of the article corresponds to the specialization of the journal "NB: Administrative Law and Practice of Administration", as it is devoted to legal problems related to issues of administrative responsibility in the field of information security. The content of the article fully corresponds to the title, as the author considered the stated problems and achieved the research goal. The quality of the presentation of the study and its results should be recognized as fully positive. The subject, objectives, methodology and main results of the study follow directly from the text of the article. The design of the work generally meets the requirements for this kind of work. No significant violations of these requirements were found. Bibliography. The quality of the literature used should be highly appreciated. The author actively uses the literature presented by authors from Russia (Alekseev S.S., Samoshchenko I.S., Savenkova D.A., Romanov A.N., Shaynurov A.Z., Grigoriev O.V. and others). Many of the cited scientists are recognized scientists in the field of legal theory and legal aspects of information security. I would like to note the author's use of a large number of materials of judicial practice, which made it possible to give the study a law enforcement orientation. Thus, the works of the above authors correspond to the research topic, have a sign of sufficiency, and contribute to the disclosure of various aspects of the topic. Appeal to opponents. The author conducted a serious analysis of the current state of the problem under study. All quotations of scientists are accompanied by author's comments. That is, the author shows different points of view on the problem and tries to argue for a more correct one in his opinion. Conclusions, the interest of the readership. The conclusions are fully logical, as they are obtained using a generally accepted methodology. The article may be of interest to the readership in terms of the systematic positions of the author in relation to the issues of improving the mechanism for ensuring information security in Russia. Based on the above, summing up all the positive and negative sides of the article, "I recommend publishing"