15.1 of the Federal Information Law. Analysis of the Information Law - Law. Analysis of the work of the Gurk National Archives of the Komi Republic in various aspects of its activities
Article 2. Basic concepts used in this Federal Law
Article 3. Principles of legal regulation of relations in the field of information, information technology and information protection
Article 4. Legislation of the Russian Federation on information, information technologies and information protection
Article 5. Information as an object of legal relations
Article 6. Owner of information
Article 7. Public information
Article 8. Right of access to information
Article 9. Restriction of access to information
Article 10. Dissemination of information or provision of information
Article 10.1. Responsibilities of the organizer of information dissemination on the Internet
Article 10.2. Features of the blogger’s dissemination of publicly available information. (No longer valid)
Article 10.3. Responsibilities of a search engine operator
Article 10.4. Features of information dissemination by a news aggregator
Article 11. Documentation of information
Article 11.1. Exchange of information in the form of electronic documents in the exercise of powers of state authorities and local governments
Article 12. State regulation in the field of application of information technologies
Article 13. Information systems
Article 14. State information systems
Article 15. Use of information and telecommunication networks
Article 15.1. A unified register of domain names, page indexes of sites on the Internet and network addresses that allow identification of sites on the Internet containing information the distribution of which is prohibited in the Russian Federation
Article 15.2. The procedure for restricting access to information distributed in violation of exclusive rights to films, including movies, television films
Article 15.3. The procedure for restricting access to information distributed in violation of the law
Article 15.4. The procedure for restricting access to the information resource of the organizer of information dissemination on the Internet
Article 15.5. The procedure for restricting access to information processed in violation of the legislation of the Russian Federation in the field of personal data
Article 15.6. The procedure for restricting access to sites on the Internet on which information containing objects of copyright and (or) related rights, or information necessary to obtain them using information and telecommunication networks, including the Internet, has been repeatedly and unlawfully posted.
Article 15.6-1. The procedure for restricting access to copies of blocked sites
Article 15.7. Extrajudicial measures to stop the violation of copyright and (or) related rights in information and telecommunication networks, including on the Internet, taken at the request of the copyright holder
Article 15.8. Measures aimed at countering the use of information and telecommunication networks and information resources on the territory of the Russian Federation, through which access to information resources and information and telecommunication networks is provided, access to which is limited on the territory of the Russian Federation
Article 16. Information protection
Article 17. Responsibility for offenses in the field of information, information technology and information protection
Article 18. On the recognition as invalid of certain legislative acts (provisions of legislative acts) of the Russian Federation
The fundamental law among Russian laws devoted to information security issues should be considered the law “On Information, Informatization and Information Protection” dated February 20, 1995, No. 24-FZ (adopted by the State Duma on January 25, 1995). It provides basic definitions and outlines directions for the development of legislation in this area.
Let us quote some of these definitions:
information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation;
documented information (document) - information recorded on a tangible medium with details that allow its identification;
information processes - processes of collecting, processing, accumulating, storing, searching and distributing information;
Information system - an organizationally ordered set of documents (arrays of documents) and information technologies, including the use of computer technology and communications that implement information processes;
informational resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other information systems);
information about citizens (personal data)- information about the facts, events and circumstances of a citizen’s life, allowing his personality to be identified;
confidential information - documented information, access to which is limited in accordance with the legislation of the Russian Federation;
user (consumer) of information- a subject who turns to an information system or intermediary to obtain the information he needs and uses it.
We will, of course, not discuss the quality of data in the Law of Definitions. Let us only pay attention to the flexibility of defining confidential information, which cannot be reduced to information constituting a state secret, as well as to the concept of personal data, which lays the foundation for the protection of the latter.
The law identifies the following purposes of information protection:
prevention of leakage, theft, loss, distortion, falsification of information;
preventing threats to the security of individuals, society, and the state;
prevention of unauthorized actions to destroy, modify, distort, copy, block information;
preventing other forms of illegal interference in information resources and information systems, ensuring the legal regime of documented information as an object of property;
protection of the constitutional rights of citizens to maintain personal secrets and confidentiality of personal data available in information systems;
maintaining state secrets, confidentiality of documented information in accordance with the law;
ensuring the rights of subjects in information processes and in the development, production and application of information systems, technologies and means of supporting them.
It should be noted that the Law places the highest priority on maintaining the confidentiality of information. Integrity is also presented quite fully, although in second place. Very little is said about accessibility (“preventing unauthorized actions to... block information”).
Let's continue quoting:
“Any documented information is subject to protection, the unlawful handling of which may cause damage to its owner, possessor, user or other person.”
In essence, this provision states that information protection is aimed at ensuring the interests of subjects of information relations.
in relation to information classified as state secrets - by authorized bodies on the basis of the Law of the Russian Federation “On State Secrets”;
in relation to confidential documented information - by the owner of information resources or an authorized person on the basis of this Federal Law;
in relation to personal data - by federal law."
Three types of protected information are clearly identified here, the second of which includes, in particular, commercial information. Since only documented information is subject to protection, a necessary condition is to record commercial information on a tangible medium and provide it with details. Let us note that in this place of the Law we are talking only about confidentiality; other aspects of information security are forgotten.
Please note that the state takes upon itself the protection of state secrets and personal data; Other confidential information is the responsibility of its owners.
How to protect information? As a basic principle, the law offers powerful universal means for this purpose: licensing and certification. Let us quote article 19.
Information systems, databases and data banks intended for information services to citizens and organizations are subject to certification in the manner established by the Law of the Russian Federation "On Certification of Products and Services".
Information systems of government bodies of the Russian Federation and government bodies of constituent entities of the Russian Federation, other government bodies, organizations that process documented information with limited access, as well as the means of protecting these systems are subject to mandatory certification. The certification procedure is determined by the legislation of the Russian Federation.
Organizations performing work in the field of design, production of information security equipment and processing of personal data receive licenses for this type of activity. The licensing procedure is determined by the legislation of the Russian Federation.
The interests of the information consumer when using imported products in information systems are protected by the customs authorities of the Russian Federation on the basis of the international certification system.
Here it is difficult to resist a rhetorical question: are there information systems in Russia without imported products? It turns out that in this case only customs is responsible for protecting the interests of consumers...
And a few more points, now from Article 22:
2. The owner of documents, an array of documents, information systems ensures the level of information protection in accordance with the legislation of the Russian Federation.
3. The risk associated with the use of uncertified information systems and means of supporting them lies with the owner (possessor) of these systems and means. The risk associated with the use of information obtained from an uncertified system lies with the consumer of the information.
4. The owner of documents, an array of documents, information systems can contact organizations that certify means of protecting information systems and information resources to analyze the sufficiency of measures to protect their resources and systems and receive advice.
5. The owner of documents, an array of documents, information systems is obliged to notify the owner of information resources and (or) information systems about all facts of violation of the information security regime.
It follows from point 5 that all (successful) attacks on the IP must be detected. Let us recall in this regard one of the survey results (see lecture 1): about a third of American respondents did not know whether their IP had been hacked in the last 12 months. According to our legislation, they could be held accountable...
2. Protection of the rights of subjects in this area is carried out by a court, an arbitration court, or an arbitration court, taking into account the specifics of the offenses and the damage caused. The clauses of Article 5 regarding legal force are very important. electronic document And electronic digital signature:
3. The legal force of a document stored, processed and transmitted using automated information and telecommunication systems can be confirmed by an electronic digital signature. The legal force of an electronic digital signature is recognized if the automated information system contains software and hardware tools that ensure signature identification, and the established regime for their use is observed.
4. The right to certify the identity of an electronic digital signature is exercised on the basis of a license. The procedure for issuing licenses is determined by the legislation of the Russian Federation.
Thus, the Law offers an effective means of controlling integrity and solving the problem of “non-repudiation” (the inability to refuse one’s own signature).
These are, in our opinion, the most important provisions of the Law “On Information, Informatization and Information Protection”. The next page will discuss other laws of the Russian Federation in the field of information security.
1. This Federal Law regulates relations arising when:
1) exercising the right to search, receive, transmit, produce and disseminate information;
2) application of information technologies;
3) ensuring information security.
Some of the basic concepts used in this Federal Law.
1) information - information (messages, data) regardless of the form of their presentation;
2) information technologies - processes, methods of searching, collecting, storing, processing, providing, distributing information and methods of implementing such processes and methods;
3) information system - a set of information contained in databases and information technologies and technical means that ensure its processing;
4) information and telecommunication network - a technological system designed to transmit information over communication lines, access to which is carried out using computer technology;
5) owner of information - a person who independently created information or received, on the basis of a law or agreement, the right to permit or restrict access to information determined by any criteria;
6) access to information - the ability to obtain information and use it;
7) confidentiality of information - a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner;
Article 5. Information as an object of legal relations
1. Information may be the object of public, civil and other legal relations.
Article 6. Owner of information
1. The owner of information can be a citizen (individual), legal entity, the Russian Federation, a subject of the Russian Federation, a municipal entity.
Article 7. Public information
1. Public information includes generally known information and other information to which access is not limited.
Article 8. Right of access to information
1. Citizens (individuals) and organizations (legal entities) (hereinafter referred to as organizations) have the right to search and receive any information in any forms and from any sources, subject to compliance with the requirements established by this Federal Law and other federal laws.
Article 9. Restriction of access to information
1. Restrictions on access to information are established by federal laws in order to protect the foundations of the constitutional system, morality, health, rights and legitimate interests of other persons, to ensure the defense of the country and the security of the state.
Article 10. Dissemination of information or provision of information
1. In the Russian Federation, the dissemination of information is carried out freely subject to the requirements established by the legislation of the Russian Federation.
Article 13. Information systems
1) state information systems - federal information systems and regional information systems created on the basis of, respectively, federal laws, laws of constituent entities of the Russian Federation, on the basis of legal acts of state bodies;
Article 16. Information protection
1) ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to such information;
2) maintaining the confidentiality of restricted information;
3) implementation of the right to access information.
Article 17. Responsibility for offenses in the field of information, information technology and information protection
1. Violation of the requirements of this Federal Law entails disciplinary, civil, administrative or criminal liability in accordance with the legislation of the Russian Federation.
This Federal Law uses the following basic concepts:
1) information - information (messages, data), regardless of the form of their presentation;
2) information technologies - processes, methods of searching, collecting, storing, processing, providing, distributing information and methods of implementing such processes and methods;
3) information system - a set of information contained in databases and information technologies and technical means that ensure its processing;
4) information and telecommunications network - a technological system designed to transmit information over communication lines, access to which is carried out using computer technology;
5) owner of information - a person who independently created information or received, on the basis of a law or agreement, the right to permit or restrict access to information determined by any criteria;
6) access to information - the ability to obtain information and use it;
7) confidentiality of information - a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner;
8) provision of information - actions aimed at obtaining information by a certain circle of persons or transmitting information to a certain circle of persons;
9) dissemination of information - actions aimed at obtaining information by an indefinite circle of persons or transmitting information to an indefinite circle of persons;
10) electronic message - information transmitted or received by a user of an information and telecommunication network;
11) documented information - information recorded on a tangible medium by documenting with details that make it possible to determine such information or, in cases established by the legislation of the Russian Federation, its material medium;
11.1) electronic document - documented information presented in electronic form, that is, in a form suitable for human perception using electronic computers, as well as for transmission via information and telecommunication networks or processing in information systems;
(as amended by Federal Law dated July 27, 2010 N 227-FZ)
12) information system operator - a citizen or legal entity engaged in operating an information system, including processing information contained in its databases.
13) site on the Internet - a set of programs for electronic computers and other information contained in an information system, access to which is provided through the information and telecommunications network "Internet" (hereinafter referred to as the "Internet") by domain names and (or ) by network addresses that allow you to identify sites on the Internet;
(as amended by Federal Laws dated July 28, 2012 N 139-FZ, dated June 7, 2013 N 112-FZ)
14) page of a site on the Internet (hereinafter also referred to as an Internet page) - part of a site on the Internet, access to which is carried out using an index consisting of a domain name and symbols defined by the owner of the site on the Internet;
(as amended by Federal Law dated July 28, 2012 N 139-FZ)
15) domain name - a symbol designation intended for addressing sites on the Internet in order to provide access to information posted on the Internet;
(as amended by Federal Law dated July 28, 2012 N 139-FZ)
16) network address - an identifier in the data transmission network that identifies the subscriber terminal or other means of communication included in the information system when providing telematic communication services;
(as amended by Federal Law dated July 28, 2012 N 139-FZ)
17) owner of a site on the Internet - a person who independently and at his own discretion determines the procedure for using a site on the Internet, including the procedure for posting information on such a site;
(as amended by Federal Law dated July 28, 2012 N 139-FZ)
18) hosting provider - a person providing services for the provision of computing power for placing information in an information system permanently connected to the Internet.
(as amended by Federal Law dated July 28, 2012 N 139-FZ)
19) unified identification and authentication system - a federal state information system, the procedure for use of which is established by the Government of the Russian Federation and which provides, in cases provided for by the legislation of the Russian Federation, authorized access to information contained in information systems.
(as amended by the Federal Law
Article 15.1. A unified register of domain names, page indexes of sites on the Internet and network addresses that allow identification of sites on the Internet containing information the distribution of which is prohibited in the Russian Federation
1. In order to limit access to sites on the Internet containing information the dissemination of which is prohibited in the Russian Federation, a unified automated information system is being created “Unified Register of domain names, indexes of pages of sites on the Internet and network addresses that allow the identification of sites on the Internet containing information the distribution of which is prohibited in the Russian Federation (hereinafter referred to as the register).
2. The register includes:
1) domain names and (or) page indexes of sites on the Internet containing information the distribution of which is prohibited in the Russian Federation;
2) network addresses that allow you to identify sites on the Internet containing information the distribution of which is prohibited in the Russian Federation.
3. The creation, formation and maintenance of the register are carried out by the federal executive body exercising control and supervision functions in the field of the media, mass communications, information technology and communications, in the manner established by the Government of the Russian Federation.
4. The federal executive body exercising control and supervision functions in the field of mass media, mass communications, information technology and communications, in the manner and in accordance with the criteria determined by the Government of the Russian Federation, may involve a registry operator in the formation and maintenance of the register - an organization registered on the territory of the Russian Federation.
5. The grounds for inclusion in the register of information specified in part 2 of this article are:
1) decisions of federal executive bodies authorized by the Government of the Russian Federation, adopted in accordance with their competence in the manner established by the Government of the Russian Federation, in relation to those distributed via the Internet:
a) materials with pornographic images of minors and (or) advertisements for the involvement of minors as performers to participate in entertainment events of a pornographic nature;
b) information on the methods, methods of development, production and use of narcotic drugs, psychotropic substances and their precursors, new potentially dangerous psychoactive substances, places of their acquisition, methods and places of cultivation of narcotic plants;
c) information about methods of committing suicide, as well as calls to commit suicide;
d) information about a minor who has suffered as a result of unlawful actions (inaction), the dissemination of which is prohibited by federal laws;
e) information that violates the requirements of the Federal Law of December 29, 2006 N 244-FZ "On state regulation of activities related to the organization and conduct of gambling and on amendments to certain legislative acts of the Russian Federation" and the Federal Law of November 11, 2003 N 138- Federal Law "On Lotteries" on the prohibition of activities related to the organization and conduct of gambling and lotteries using the Internet and other means of communication;
f) information containing offers for remote retail sale of alcoholic products, and (or) alcohol-containing food products, and (or) ethyl alcohol, and (or) alcohol-containing non-food products, the retail sale of which is limited or prohibited by legislation on state regulation of production and turnover ethyl alcohol, alcoholic and alcohol-containing products and on limiting the consumption (drinking) of alcoholic products;
g) information aimed at inducing or otherwise involving minors in committing illegal actions that pose a threat to their life and (or) health or to the life and (or) health of other persons;
2) a court decision that has entered into legal force recognizing information distributed via the Internet as information the distribution of which is prohibited in the Russian Federation;
3) a resolution of the bailiff to restrict access to information distributed on the Internet that discredits the honor, dignity or business reputation of a citizen or the business reputation of a legal entity.
6. The decision to include in the register domain names, indexes of pages of sites on the Internet and network addresses that allow identification of sites on the Internet containing information the distribution of which is prohibited in the Russian Federation may be appealed by the owner of the site on the Internet ", hosting provider, telecom operator providing services for providing access to the Internet information and telecommunications network, to the court within three months from the date of such decision.
7. Immediately upon receipt from the registry operator of a notification about the inclusion of a domain name and (or) index of a site page on the Internet in the registry, the hosting provider is obliged to inform the owner of the Internet site it serves about this and notify him of the need to delete the Internet - a page containing information the distribution of which is prohibited in the Russian Federation.
8. Immediately upon receipt from the hosting provider of a notification about the inclusion of a domain name and (or) index of a site page on the Internet in the register, the owner of a site on the Internet is obliged to delete the Internet page containing information the distribution of which is prohibited in the Russian Federation . In the event of refusal or inaction by the owner of a site on the Internet, the hosting provider is obliged to limit access to such site on the Internet immediately.
9. If the hosting provider and (or) owner of the Internet site fails to take the measures specified in parts 7 and 8 of this article, a network address allowing identification of the Internet site containing information the distribution of which is prohibited in the Russian Federation , is included in the register.
10. Within 24 hours from the moment of inclusion in the register of a network address that allows identifying a site on the Internet containing information the distribution of which is prohibited in the Russian Federation, a telecom operator providing services for providing access to the Internet information and telecommunications network is obliged restrict access to such a site on the Internet.
11. The federal executive body exercising the functions of control and supervision in the field of media, mass communications, information technology and communications, or the registry operator engaged by it in accordance with Part 4 of this article, excludes from the registry the domain name, the index of the website page on the network “Internet” or a network address that allows you to identify a site on the Internet, based on a request from the owner of the site on the Internet, a hosting provider or a telecommunications operator providing services for providing access to the information and telecommunications network “Internet”, no later than within three days from the date of such a request after measures have been taken to remove information, the dissemination of which is prohibited in the Russian Federation, or on the basis of a court decision that has entered into legal force to cancel the decision of the federal executive body exercising control and supervision functions in the field of mass media , mass communications, information technology and communications, on inclusion in the register of a domain name, a site page index on the Internet or a network address that allows identifying a site on the Internet.
12. The procedure for interaction between the registry operator and the hosting provider and the procedure for obtaining access to information contained in the registry by a telecom operator providing services for providing access to the Internet information and telecommunications network are established by the federal executive body authorized by the Government of the Russian Federation.
13. The procedure for restricting access to sites on the Internet, provided for by this article, does not apply to information, the procedure for restricting access to which is provided for in Article 15.3 of this Federal Law.
14. The federal executive body exercising the functions of control and supervision in the field of media, mass communications, information technology and communications, or the registry operator engaged by it in accordance with Part 4 of this article within 24 hours from the date of receipt of the decisions specified in the subparagraphs “a”, “c” and “g” of paragraph 1 of part 5 of this article, notifies the federal executive body in the field of internal affairs via the interaction system.
