INFORMATION SECURITY DOCTRINE OF THE RUSSIAN
FEDERATION
Ian Leigh
The Doctrine gives an analysis the existing state of policy and law governing ‘information
security’ in the Russian Federation and makes suggestions for areas where reform is
necessary. ‘Information security’, while not actually defined, is conceived very widely. It
covers not only individuals’, but also societal and state, interests. In scope the doctrine
ranges over many policy areas, from data protection, personal privacy, copyright and
computer misuse (hacking) through to state secrets, access to information and the control of
the media.
Inevitably, in view of the wide compass, the policy is in places highly
generalized.
Part I (“Information Security of the Russian Federation”) describes in detail the individual,
social and state interests underlying the policy. Individual interests focus on the importance
of civil rights and the benefits of access to information in terms of personal development.
Social interests include consolidating the democratic process and strengthening social
consent. The national interests are described in greater detail and they focus on four issues:
strengthening democratic values as the rule of law in this policy field; using information
technology to keep Russian people informed of government policy; promotion of domestic
developments and capabilities in information technology; and providing a secure
environment for information in the public and private sectors.
Threats to information security are identified. With commendable frankness, the Doctrine
acknowledges government policy and legislation can pose a threat, just as much as private
monopolies and organised criminals. The Doctrine distinguishes between foreign threats
(mentioning particularly aggressive foreign corporations and international terrorists) and
domestic threats. Among the latter it rightly stresses that the under-development of the legal
regime can constitute a barrier to full exploitation of information technology – particularly,
where e-commerce s concerned.
It is acknowledged that, despite legal progress in laws concerned with state information,
much remains to be done, both in giving individuals access to information and protection for
their personal privacy and in creating the legal and technical infrastructure to allow an
information society to flourish.
Part II describes the “Methods of Ensuring Information Security of the Russian Federation”
and focuses on legal and economic reform. Some domestic aspects of this analysis suggest
that freedom of expression has not been fully embraced as a democratic value.
For
example, ‘public unions’ are identified as a threat because of ‘stirring up social, racial,
national and religious hostilities, as well as dissemination of these ideas in mass media’
(sic). Consequently, ‘activation of counter-propagation (sic, propaganda?) activities, aimed
at the prevention of negative consequences of dissemination of misinformation about home
policy’ is suggested as a main means of ensuring information security.
Similarly, it is
suggested that a contribution to ensuring information security in the spiritual sphere can be
made by countering the spreading growth of mass consumerism through the media,
censorship of broadcasting propagating anti-social behaviour and ‘opposition to negative
influence of foreign religious organizations and missionaries’. This degree of control over
the media that these comments envisage would be unacceptable in many democracies,
which leave such decisions to the individual recipient of the information, rather than to the
state. Other aspects of Part II deal with policies for the protection of telecommunications
and security from so-called ‘cyber-warfare’ for government bodies.
Parts III and IV deal with the contribution of government. Part III sets out – at a high level of
generality – the policy of government.
This ranges from observing the Constitution to
supporting the development of new technologies. Part IV maps the broad contributions of
different constitutional actors to the policy.
Overall, the Doctrine is a comprehensive document.
It enunciates many aspects of
information policy. It fails, however, to give concrete examples of specific reforms to address
the various dangers and shortcomings that it identifies.
In view of the broad range of
information security under review little practical guidance is given of how the state intends to
resolve potentially conflicting policy objectives. For example, is access to information or
privacy to take priority in relation to access to personal files, containing sensitive details on
other people? Will individuals be permitted unrestricted use of cryptology to protect their
privacy, but potentially sheltering illegal or fraudulent computer activities? Will legislation on
intellectual property rights in information technology encourage innovation or be act as a
barrier to the benefits of new technologies? Hard questions like these receive no analysis or
discussion.
It appears that more specific policies on the range of issues covered, such as
telecommunications, broadcasting, intellectual property rights, electronic commerce, the use
of personal files and so on, would be more useful than an all-enforcing policy document
which attempts- somewhat unsuccessfully- to cover every aspect of information policy.