Certain Aspects of Legal Regulation of Information Security

Duben' Andrei Kirillovich Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice 119019, Russia, Moscow region, Moscow, Znamenka str., 10 k.duben@mail.ru Other publications by this author

In modern conditions, the issue of forming a unified information and legal space in order to form a space of trust, information protection and information security becomes important. In this regard, the problem of legal provision of information security is becoming one of the most significant today. It is no coincidence that a lot of attention is being paid to information security issues today, since information security is one of the key priorities of national security. Thus, in accordance with the National Security Strategy of the Russian Federation, one of the key national interests is the development of a secure information space, thereby preventing future information risks and threats ^[1]. Thus, the Russian Federation defines information security as the priorities of planning in the field of national security.

Today, under the influence of certain objective conditions for the development of the system of legislation of the Russian Federation and the adoption of a number of normative legal acts of strategic planning, information security is considered as a sub-branch of information law. As T.A. Polyakova rightly notes, the position of the theory of law on the relationship between the branch of law and the branch of legislation, the definition of the subject and methods of legal regulation, as well as the analysis of legislation in the field under consideration allow us to state that legislation in the field of information security consists of a number of legal institutions characterized by internal isolation of legal norms within one or several branches of law and having a certain autonomy of functioning, based on the unity of legal principles ^{[2, p. 136]}.

Information law as a legal branch has been formed as a system, including in its scientific and theoretical aspect, having its own special conceptual and categorical apparatus with an accurate definition of many legal terms, the question of the concept of information security is still relevant. The luminary of information law I.L. Bachilo noted that the conceptual apparatus determines the effectiveness and culture of legal science and legislation ^{[3, p. 8]}.

Terminological uncertainty and inconsistency of the conceptual apparatus often become a problem of interpretation of the norms of law carried out at the stage of law enforcement activity. It is impossible to observe and apply legal norms without a clear textual expression. This problem is most aggravated when there is no legislative or scientific consensus on the meaning of concepts that are fundamental to a particular legal field. Such cases include the imperfection of the concept of "information security".

In our opinion, the most common problem regarding approaches to the definition of the concept of information security is that these approaches somehow "lock in" around the legal definition formulated by the legislator.

Information security is considered as a kind of national security, in connection with which its broad public and public-legal significance is emphasized. It should be noted that the current National Security Strategy of the Russian Federation differs in some political aspects that correspond to the current political conjuncture of relations between Russia and other countries. Thus, it is emphasized that the number of computer attacks on Russian information resources is increasing, most of which are carried out from the territories of foreign states.

Subsequently, the legal definitions of the concepts of "security" and "national security" became a model for the legislative consolidation of the definition of "information security" in the Information Security Doctrine of the Russian Federation, according to which information security is "a state of protection of the individual, society and the state from internal and external information threats, in which the implementation of constitutional human rights and freedoms and citizens, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state".

It seems that part of the above definition can be more briefly and succinctly described as "constitutionally significant values", given their direct content in the Constitution of the Russian Federation and acts of the Constitutional Court of the Russian Federation mentioning these definitions in this capacity.  Thus, in one of its rulings, the Constitutional Court of the Russian Federation stated: "Given that the above legal regulation is aimed at protecting such constitutionally significant values as the sovereignty of Russia, the integrity and inviolability of its territory, ensuring the defense of the country and the security of the state ..." ^[4]. Decent quality and standard of living of citizens, in our opinion, is understood as nothing more than the policy of the Russian Federation as a social state aimed at creating conditions that ensure a decent life and free human development (Part 1 of Article 7 of the Constitution of the Russian Federation). The implementation of sustainable socio-economic development of the Russian Federation is consistent with Article 75.1 of the Constitution of the Russian Federation, according to which conditions are created in the Russian Federation for sustainable economic growth of the country and improving the welfare of citizens.

In the doctrine of information, there is a scientific discussion regarding the concept of "information security". According to the position of U.M. Sheremetyev, information security is "the protection of information and supporting infrastructure from accidental or intentional impacts of a natural or artificial nature that can cause unacceptable damage to subjects of information relations, including owners and users of information and supporting infrastructure" ^{[5, p. 8]}.

I.M. Rassolova notes that the doctrinal significance of information security can be considered from several positions. As one of the options, it is proposed to consider information security as the activity of subjects to ensure the state of security of the object of protection ^{[6, p. 325]}. Other experts in the field of information security consider this term narrowly as a set of hardware and software tools to ensure the safety, availability and confidentiality of data in computer networks having "measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access" ^{[7, p. 50]}.

Ensuring information security, in essence, is a characteristic of the dynamics of public relations, measures taken by the information security forces to achieve the objectives established by the Information Security Doctrine of the Russian Federation. Despite the fact that most modern definitions of "information security" are focused on the legal definition in the Information Security Doctrine of the Russian Federation, nevertheless, it should be noted that for the most complete description of this definition, it is impossible not to take into account the provisions of the National Security Strategy of the Russian Federation, namely goals and objectives ^[8]. A positive step on the part of the legislator was that the National Security Strategy of the Russian Federation contains a separate section dedicated to information security, which separately states that the purpose of ensuring information security is to strengthen the sovereignty of the Russian Federation in the information space. These provisions are also reflected in the Strategy for the Development of the Information Society in the Russian Federation for 2017-2030 (hereinafter referred to as the Strategy for the Development of the Information Society) ^[9]. Considering that the Information Society Development Strategy sets the vector of development for the entire information security system, it is important to note that the provisions of this regulatory legal act address the problems of information security, at the same time, concepts such as: "digital economy", "information society" are specified and the model of its elements is determined. The priority directions defined by Article 46 of the Strategy for the Development of the Information Society indicate the need to improve legislation implementing the inclusion of new information relations in the mechanism of legal regulation. We believe that the legislator in this case speaks of a systemic, complex nature, eliminating the vastness of the basic concepts in the field of legal provision of information security.

It should be concluded that information security is a sub–branch of information law that has a complex character due to the specific needs of legal regulation of public relations related to information security. At the same time, in the conditions of the Russian legal mechanism for ensuring information security, it is necessary to further improve the legal regulation of the protection of the information space of the state and its information infrastructure as a whole.