Features of ensuring the confidentiality of information about a protected participant in criminal proceedings in the context of digitalization

Kolichenko Artem Andreevich ORCID: 0000-0002-1962-197X PhD in Law Lecturer; Department of Criminology; Nizhny Novgorod Academy of the Ministry of Internal Affairs of Russia 603950, Russia, Nizhny Novgorod region, Nizhny Novgorod, Ankudinovskoe highway, 3 kolichenkoaa@mail.ru Mushakov Vitalii Evgen'evich Lecturer; Department of Internal Affairs Agencies; Omsk Academy of the Ministry of Internal Affairs of Russia 644092, Russia, Omsk region, Omsk, Komarova Ave., 7 mushakov.2018@mail.ru

Gracheva Olesya Aleksandrovna Senior Lecturer; Department of Criminology; Nizhny Novgorod Academy of the Ministry of Internal Affairs of Russia 603950, Russia, Nizhny Novgorod region, Nizhny Novgorod, Ankudinovskoe highway, 3 olesya_leushkina@mail.ru

Introduction. In modern conditions of scientific and technological progress, the Internet information and telecommunications network has accumulated an array of information that allows one way or another to identify citizens, or to obtain other necessary information about them. Thus, according to preliminary estimates alone, 1.12 billion personal data were illegally posted on the network in 2023, which is almost 60% higher than in 2022 ^[1]. And, for example, according to Roskomnadzor, already in 2024, 500 million Russians' data were illegally posted on the network in one case ^[2]. The prevalence of the public information network, as well as the availability of the content broadcast by it, cause problems in the field of protection of human and civil rights and freedoms in criminal proceedings, which, in turn, may jeopardize the implementation of the provision enshrined in Article 2 of the Constitution of the Russian Federation – "A person, his rights and freedoms are the highest value. Recognition, observance and protection of human and civil rights and freedoms is the duty of the state"^[1].

The current situation requires decisive action. At a minimum, it is necessary to work out how to ensure the safety of participants in criminal proceedings in such conditions, who may be affected both physically and psychologically. In both the first and second cases, this may become possible due to the receipt by interested parties-intruders from the Internet (including from relevant databases) of personal data about a person's place of birth, registration and residence address, information about pages on social networks, etc. – i.e. those information that will allow to influence a person, for example: to exert psychological pressure on a person, namely to intimidate him through messages in messengers and social networks. The situation is aggravated by the fact that "every day, every hour, smart devices, social networks and search engines collect personal information from users ... banking, insurance, medical organizations also require the provision of personal data to provide services" ^{[3, p. 101]}.

Literature review. The direction presented for review is poorly researched, despite the multiple increase in the work of procedural scientists on the risks and benefits of digitalization in relation to criminal proceedings.

The lack of research, firstly, is indicated by the fact that there are no monographic-level studies, and, secondly, the presence of single publications that in one way or another affect the topic of ensuring the confidentiality of information about the protected participant in the criminal process in the context of digitalization. Let's identify some of them.

Thus, one of such publications is the work of R.M. Ramazanov, in which the emphasis is on the use of information technology in ensuring the safety of participants in criminal proceedings. However, according to the results of the study, the named author only states the fact that there are problems related to ensuring information security of persons involved in criminal proceedings ^{[4, p. 620]}.

Attention should also be paid to the article by N.O. Nikuradze, who discusses ensuring cybersecurity of data when using electronic means of processing and storing information in the field of criminal proceedings. According to Natalia Olegovna, the effectiveness of protecting information in electronic form, including the process of processing, storing and transmitting it, is "directly proportional to the quality of the investigation and resolution of the criminal case on the merits, as well as ensuring the protection of the rights and legitimate interests of participants in the criminal process" ^{[5, p. 137]}.

It is known about the problem of ensuring the protection of personal data of participants in criminal proceedings from the research of N.V. Sofiychuk and L.A. Kolpakova – but only if recordings of web sessions are posted on the websites of courts (which, according to these scientists, is already practiced) ^{[6, p. 76]}.

Materials and methods. The article analyzes the provisions of normative legal acts regulating legal relations in the field of state protection of participants in criminal proceedings. The methodological basis of the research is primarily represented by the dialectical method of cognition; the authors of the article used general scientific research methods (analysis, synthesis, deduction, induction, formal logical, forecasting) and private scientific research methods (statistical and formal legal).

The results of the study. In order to avoid cases of physical and psychological impact on victims and witnesses in order to change the content of their testimony, or refuse to testify in a criminal case, the legislation of the Russian Federation provides for the implementation of procedural and non-procedural measures to ensure the safety of participants in the criminal process. Thus, if there is sufficient evidence that participants in criminal proceedings, their close relatives and close persons are threatened with murder, violence, destruction or damage to their property or other dangerous illegal acts, the court, the prosecutor, as well as officials of the investigative or inquiry bodies have the right to apply security measures against these persons, which follows from Part 3 of Article 11 of the Criminal Procedure Code of the Russian Federation (hereinafter – the CPC of the Russian Federation)^[2].

The relevance of the application of security measures in the field of criminal procedural relations is confirmed by statistical data provided by the Government of the Russian Federation. So, in the period from 2006 to 2022, more than 94 thousand security measures were implemented in respect of 39 thousand protected persons, among which personal protection, protection of housing and property, issuance of special personal protective equipment, communications and danger alerts, ensuring confidentiality of information about the protected person, as well as temporary placement in a safe place were prioritized^[3].

Ensuring the confidentiality of information about the protected person as a security measure for participants in criminal proceedings is specified in paragraph 4 of Article 5 of Federal Law No. 45-FZ dated 04/20/1995 "On State Protection of Judges, Law Enforcement Officials and Supervisory Authorities"^[4] and paragraph 3 of Part 1 of Article 6 of Federal Law No. 119-FZ dated 08/20/2004 "On state protection of victims, witnesses and other participants in criminal proceedings"^[5] (hereinafter – Federal Law No. 119). At the same time, Part 1 of Article 9 of Federal Law No. 119 discloses the following list of measures aimed at preserving the confidentiality of participants in criminal proceedings:

1) "prohibition on the dissemination of information containing information about the protected person (personal data), the issuance of information about the protected person (personal data) held by the operator;

2) replacement of subscriber phone numbers of the protected person and state registration plates of vehicles used by him or belonging to him"^[6].

In law enforcement practice, ensuring the confidentiality of information about the protected person is carried out by removing his personal data from public access, which is a guarantee of keeping the identity of a participant in criminal proceedings secret. In the system of the Ministry of Internal Affairs of Russia, the body responsible for the implementation of the considered security measure of a person involved in the orbit of criminal procedural relations is the Directorate for Ensuring the Safety of Persons Subject to State Protection (hereinafter referred to as the UOGZ of the Ministry of Internal Affairs of Russia). The territorial divisions of the Ministry of Internal Affairs of the Russian Federation, endowed with law enforcement powers, carry out operational search and other measures in order to protect the life and health of persons subject to state protection, as well as to ensure the safety of their property.

In order to implement the duties assigned to them, the units of the Ministry of Internal Affairs of the Russian Federation have the right to independently determine the security measures necessary to ensure state protection of participants in criminal proceedings. At the same time, the Rules for the implementation of security measures in the form of ensuring the confidentiality of information about the protected person, approved by Decree of the Government of the Russian Federation No. 705 dated 07/14/2015 (hereinafter – Decree of the Government of the Russian Federation No. 705)^[7], provide for a mechanism for removing personal data of the protected person from public access, both in the material and in the virtual environment.

Based on the materials provided by the investigation, inquiry, prosecutor's office or court authorities, officials of the departments of the Ministry of Internal Affairs of the Russian Federation make a reasoned decision on the application of a security measure in the form of ensuring the confidentiality of information in relation to the protected person and hand it over to the heads of organizations (institutions) that may have such information. In modern conditions, these organizations are various personal data operators with information and reference systems (databases and data banks, card files, archives, registers, reference books) containing information about the protected person presented on tangible and digitized media.

In each specific case, the list of organizations under consideration is independently determined by the divisions of the Ministry of Internal Affairs of the Russian Federation within the boundaries of the serviced territory, and, as a rule, includes multifunctional centers for the provision of state and municipal services, credit organizations, mobile operators, passport services, public authorities, state and municipal enterprises and institutions. In particular, the identification data about a person (his last name, first name, patronymic, date of birth, etc.), contact information (mobile and work phone numbers, addresses of residence, work and education), information about basic documents (passport of a citizen of the Russian Federation, passport, driver's license, insurance certificate) are subject to deletion and anonymization state pension insurance, TIN certificate, education documents, etc.), biographical information (place of birth, education, work, etc.). From the moment of receipt of a reasoned decision, the personal data operator undertakes not only to hide information about the protected person from the sources it processes, but also to limit the issuance of this information to third parties.

Given that in the modern era, it is often customary for citizens to make public various aspects of their daily lives on their own, the virtual environment has become the primary source of obtaining any information that allows them to be identified. For this reason, in order to ensure the confidentiality of information about the protected person in the context of digitalization, the withdrawal of personal data mediated on the Internet from public access is particularly relevant: data from messenger accounts (WhatsApp, Telegram) linked to a contact phone; digital communications (personal and corporate emails, phone calls); bank transactions; online applications used that require client verification; social network user data; published text, photo and video materials; as well as other "digital" traces. The presence in the virtual environment of the listed information, which makes it possible to identify the witness and the victim in a criminal case, threatens their physical and mental safety, as well as the safety of property.

The removal of an exhaustive amount of information about the protected person depends on the technical capabilities of the authorities ensuring their safety. For this reason, paragraph 9.5 of the Decree of the Government of the Russian Federation No. 705 provides for the procedure for interaction of the Ministry of Internal Affairs of the Russian Federation with the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor). The divisions of the Ministry of Internal Affairs of the Russian Federation independently determine the list of domain names, network addresses and page indexes of sites on the Internet containing information about the protected person and send it to Roskomnadzor. The latter enters the specified Internet resources into the Unified Register of Domain Names, site page indexes on the Internet and network addresses that allow identifying sites on the Internet containing information the dissemination of which is prohibited in the Russian Federation^[8].

In addition, in order to delete the personal data of the protected person, it is necessary to send requests to the administration of the VKontakte social network, the most popular among Russian citizens. Information about the user of the social network includes his digital profile data, text and audio messages, as well as audio, photo and video materials that are freely available and allow identifying the protected person. This ensures the confidentiality of information about the protected person in this segment of the virtual environment.

Despite the interaction of the departments of the Ministry of Internal Affairs of the Russian Federation with Roskomnadzor and the administrations of social networks, currently the mechanism for removing information about the protected person from the Internet is insufficiently effective.

Firstly, VPN technology allows the user to establish an encrypted connection to a website on the Internet and, thereby, bypass the blocking of virtual resources prohibited by Roskomnadzor.

Secondly, various virtual resources operate in the information network, which make it possible to obtain personal data on citizens of the Russian Federation on a commercial basis, including those who are participants in criminal proceedings. So, according to the statement of claim of Roskomnadzor by the Decision of the Tagansky District Court of Moscow dated 07/01/2021, the activity of the Internet resource "https://t.me/eogdatabotbot " recognized as illegal and violating the rights of citizens to privacy, personal and family secrets^[9].

Currently, Roskomnadzor, in the course of monitoring the Internet and considering citizens' appeals for violation of their rights in the field of personal data processing, continues to identify Telegram bots that provide an unlimited number of people with access to personal data without the consent of their owners. However, after blocking, such Telegram bots are systematically recreated, because against the background of demand among citizens, they bring monetary benefits to their administrators.

Discussion and conclusions. Considering the above, the prevalence and accessibility of shadow segments of the virtual environment poses a problem of ensuring the confidentiality of information of protected persons.

Under these conditions, the task of removing an exhaustive amount of personal data from public access seems to be unsolvable. Therefore, it is necessary to strive to minimize the possibility of disclosing confidential information about protected persons via the Internet.

In addition to the ongoing non-procedural measures to ensure the confidentiality of information of protected persons by the Ministry of Internal Affairs of Russia and Roskomnadzor, the protected person, having information about the "digital" traces left, can independently take measures to remove them from the virtual environment. It is advisable for the investigator, inquirer or prosecutor who initiated the application of the security measure in question to inform participants in criminal proceedings about this.

Thus, in the context of digitalization of society, when applying security measures in the form of ensuring the confidentiality of information of participants in criminal proceedings, it is necessary to withdraw information that allows them to be identified not only in the material, but also in the virtual environment. Given the dynamic development of the shadow segments of the Internet, it is difficult to seize the entire array of personal data of protected persons.

^[1] The Constitution of the Russian Federation: adopted on December 12, 1993 by popular vote (as amended by the Law of the Russian Federation on Amendments to the Constitution of the Russian Federation dated March 14, 2020 No. 1-FKZ and approved during the all-Russian vote on July 1, 2020) // SPS "ConsultantPlus".

^[2] The Code of Criminal Procedure of the Russian Federation dated 12/18/2001 No. 174-FZ (as amended on 04/22/2024) (with amendments and additions, intro. effective from 05/15/2024) // SPS "ConsultantPlus".

^[3] Decree of the Government of the Russian Federation dated 09/06/2023 No. 1454-47 "On approval of the State Program "Ensuring the Safety of victims, witnesses and other participants in criminal Proceedings for 2024-2028" (together with the "State program "Ensuring the safety of victims, witnesses and other participants in criminal proceedings for 2024-2028" // SPS "ConsultantPlus".

^[4] Federal Law No. 45-FZ of 04/20/1995 (as amended on 12/25/2023) "On State Protection of Judges, officials of law enforcement and supervisory authorities" // SPS "ConsultantPlus".

^[5] Federal Law No. 119-FZ of 08/20/2004 (as amended on 07/01/2021) "On State protection of victims, witnesses and other participants in criminal proceedings" // SPS "ConsultantPlus".

^[6] Ibid.

^[7] Decree of the Government of the Russian Federation dated 07/14/2015 No. 705 (ed. dated 09/17/2022) "On the procedure for protecting information on the implementation of State protection, providing such information and implementing security measures in the form of ensuring confidentiality of information about the protected person" // SPS "ConsultantPlus".

^[8] For more information, see: URL: https://eais.rkn.gov.ru / (date of access: 05/06/2024).

^[9] The decision of the Tagansky District Court of Moscow dated July 01, 2021 in case no. 02-2418/2021 // URL: https://clck.ru/3AyQf7 (date of application: 05/20/2024).