!Учебный год 2024 / IX_SYuF_T_3
.pdf
IX СТУДЕНЧЕСКИЙ ЮРИДИЧЕСКИЙ ФОРУМ
Keywords: Internet governance, internet piracy, The Great Firewall, «Stop Online Piracy Act» (SOPA), «Protect Intellectual Property Act» (PIPA), The Sovereign Internet Law.
Internet governance can be viewed from the perspective of two approaches. In accordance with a narrow approach, Internet governance is the technological coordination of Internet elements, including the management of the domain name system andthedistributionofIPaddresses,aswellasthedevelopmentandapplicationofprotocols and standards. In accordance with a broad approach that considers the economic, political and socio-cultural aspects of this process, Internet governance is the development and application by governments, the private sector and civil society of general principles, norms, rules, programs, and decision-makingprocedures governing the evolution and use of the Internet.
In addition, in the context of the Internet and due to its decentralized and open nature, the term «management» should not be considered as a direct «disposal» of its resources and capabilities. The diversity of participants and forms of regulation and development of the Internet is currently its inherent property.
TheissueofInternetgovernanceconcerningthepreventionofinternetpiracyand copyright infringement is particularly often raised.
The fight against piracy in Russia has been going on for a long time, but, unfortunately, does not always lead to the victory of copyright holders.
In accordancewith the current legislation, itwas possible toapply to the court for the protection of their copyrights earlier, but the new law greatly simplified and accelerated the resolution of such cases by the court. As we mentioned above, the AntiPiracy Law was adopted in 2013. Its official name is Federal Law No. 187 «On Amendments to Legislative Acts of the Russian Federation on the Protection of Intellectual Property Rights in Information and Telecommunication Networks». At the request of the copyright holder, the main novelty of the law is the ability to block sites containing illegal content.This law is most often applied in cases of distribution of video products. It allows the site to remove illegally posted content, however, in case of refusal, the resource can be blocked completely. Roskomnadzor has been appointed as the executor of court decisions under this law.
The fight against piracy on the Internet in the CIS countries is conducted no less rigidly than in Russia. In Belarus, for example, the use of pirated software on personal and work computers is a serious administrative offense and entails not only a fine, but also the confiscation of the equipment used in favor of the state. In some cases, if the use of unlicensed software leads to large-scale income, a person is brought to criminal
429
XXXII. INTERNET GOVERNANCE
responsibility under part 2 of Article 201 of the Criminal Code of the Republic of Belarus. Criminal liability extends to repeated offenses and may entail a term of imprisonment of up to five years1.
In the USA, the duty to monitor pirates was assigned to providers. Having discovered the fact of illegal downloading of content, the provider begins to send warning letters to the violator, after six such letters the user can be disconnected from the Internet2.
There are several ways for copyright holders to protect their brand from piracy. Thereareseveralsolutionsthatallowreal-timetrackingoftheplacementofintellectual property objects on the Internet and automatically send pre-trial claims to violators, which significantly saves the time of copyright holders. Such systems are often implemented based on artificial intelligence and work with images, videos, music, and other typesofcontent.Automateddigitalcontentprotectionmonitorssearchengines,social networks, torrent trackers, marketplaces, and other popular resources.
Notealsothatitwillbemucheasiertoprotectyourrightsandclaimcompensation if your brand has a registered trademark.
Governments may want to establish network sovereignty to protect copyrights within their borders. Thus, the US Laws «Stop Online Piracy Act» (SOPA) and «Protect Intellectual Property Act» (PIPA) would give the US Department of Justice the right to requirethatprovidersbanaccesstotheoffendingsite,thatpaymentsystemsstoppayments and search engines exclude sites from search results3.
The laws provide for real prison terms of up to 5 years for publishing a video on theInternetthatisprotectedbycopyright.Iftheywereaccepted,theallegedinfringing site would be threatened with complete exclusion from the Internet.
Interestingly,SOPA/PIPAtookamuchtougherapproachtocopyrightinfringement than the DMCA (Digital Millennium Copyright Act, «Copyright Law in the Digital Age») adopted in 1998. If the DMCA imposed responsibility for illegally posted content solely on the user who published it, then, according to the authors of SOPA and PIPA, when such content was discovered, all parties involved would be punished: both the user who posted it and the platform that he used.
1 URL: https://nris.ru/blog/borba-s-kompyuternym-i-internet-piratstvom-v-Rossii-i-v-mire/ (дата обращения: 27.08.2022).
2 Зиновьева Е. С. Международное управление Интернетом: конфликт и сотрудничество. М. : МГИМО, 2011.
3 SOPA bill shelved after global protests from Google, Wikipedia, and others. The Washington Post (20 января 2012).
430
IX СТУДЕНЧЕСКИЙ ЮРИДИЧЕСКИЙ ФОРУМ
ThepurposeofSOPA-PIPAwastopreventwhatwasconsideredtobeatheft.Con- tent providers want their content to be used for its intended purpose because of the ownership rights associated with that content. One example of such protection is e- commerce. However, the adoption of these laws was postponed indefinitely, as protests against the adoption of these laws began due to fears of violations of freedom of speech.
In his book «Data and Goliath» (2015), American security expert Bruce Schneier saysthatthemovementforcyber-confidenceincountriessuchasRussia,China,France and Saudi Arabia received a huge boost thanks to the revelations of 2013 about largescale international surveillance by the NSA, which these countries pointed to as justification for their activities and evidence of the hypocrisy of the United States in matters of Internet freedom1.
In recent years, cyber-sovereignty has been the basis of Chinese Internet policy, and the international promotion of cyber-sovereignty is an integral part of China's foreignpolicy,althoughitremainsunclearinChinesediscourse.TheGreatFirewallisaset of legislative measures and technologies used by the People's Republic ofChina toregulate the Internet within the country. Its role in Internet censorship in China is to block access to certain foreign websites and slow down cross-border Internet traffic. The effect includes restricting access to foreign sources of information, blocking foreign Internet tools (for example, Google Search, Facebook, Twitter, Wikipedia, and others) and mobile applications, as well as requiring foreign companies to adapt to internal rules2.
TheChinesegovernmentandtherulingCommunistPartyassertcybersovereignty and control over all of China's digital resources, including servers, user data, technical infrastructure, and technology firms operating in China, both domestically and abroad. China's 2017 Cybersecurity Law requires that firms offering «critical information infrastructure» in mainland China store their dataon Chinese government servers,allowing the state to access resources such as Apple's iCloud data in China. The Data Security Law of 2021 also authorizes the Chinese government to conduct national security checks against firms operating in China that collect user data.
In France, the Andromède project was launched in 2009 with the aim of spending 285 million euros on a «cloud souverain» or sovereign cloud. The government spent
1 URL: https://ciberativismoeguerra.files.wordpress.com/2017/09/bruce-schneier-data- and-goliath_-2015.pdf.
2 Курбалийя Й.УправлениеИнтернетом.М. :Координационныйцентрнационального домена сети Интернет, 2010.
431
XXXII. INTERNET GOVERNANCE
75 million euros on each of its two national champions, Cloudwatt and Numergy, but these two services sold only 8 million euros combined. On January 1, 2020, all services were discontinued, and customers were informed that their data had been deleted.
The Sovereign Internet Law is a set of 2019 amendments to existing Russian legislation that provide for Internet surveillance and grant the Russian government the authority to separate Russia from the rest of the Internet, including the creation of a national branch of the Domain Name System.
Thus, each state strives to protect authors from violation of their rights, but it is impossible to eliminate the risk of Internet piracy for several reasons. First, this is the risk of violating citizens' rights to freedom of speech, since most laws aimed at monitoringcopyrightcomplianceontheInternetalsohavetoolsinstocktomonitoranyuser publications and impose subsequent sanctions. It turns out that control over the Internet at this stage of technology development is possible in twoguises — either full controlby thestatewithninetypercent compliancewith thelaw,followingtheexample of China, or a free Internet with little interference from the state, but with great self-reg- ulation, in which there will always be gaps for copyright infringement.
Пушкарёва П. А. Университет имени О.Е. Кутафина (МГЮА)
Cтудент
Cookie —safe or not?
Abstract.Thearticle presents some information about rules and legal regulations ofcookie filesusing.Themainquestionoftheresearchistodefinewhethercookieissafeforpeople in terms of their personal data and confidentiality. The article refers to various scientific research, legal doctrine, and judicial practice.
Keywords: Internet, cookie, information, safety, personal data, websites, regulation.
Nowadays, Internet is becoming more and more important for people allover the world. Every day we visit different websites for various purposes, it is an easy and fast way to get necessary information, but rarely we think about security aspect. Usually, we do not pay attention to privacy notifications and click «OK» if something is asked just to get connected faster — these are the cookies. But is it so safe and easy as most of us think and how is it regulated in law? We find it necessary to consider this issue and discover how cookie files may affect our personal data and what is the government's point of view.
432
IX СТУДЕНЧЕСКИЙ ЮРИДИЧЕСКИЙ ФОРУМ
We think that at first it is vital to define terms and concepts connected with the topicofthearticle.A cookieisasmalltextfilethatawebsitesavesonauser'scomputer or mobile device when visiting a website1. Cookie files is an instrument that the websites use to record our actions and preferences during the session (for instance, name, entrance data, address), so we do not have to re-enter the information whenever we connect next time. In other words, cookie is a technology thathelps internetrecourses «recognize» a user browser. As we can see, cookie is closely related to personal data. Personal data is «any information that relates to an identified or identifiable natural person».So,cookiecollectssomeprivateinformationtomakeourinternetusagemore comfortable and faster. This technology is widespread on websites with access restrictions, especially online shops.
So how does this technology work? Cookie is an integral part of HTTP protocol. HTTP is the basis of data exchange on the Internet, and it is used to make connections between websites. Algorithm of cookie work is rather simple andcomposed of 3 parts. Firstly,anHTTPrequestisimplementedinthebrowsertoaccessawebpage.Then,the content of the website is sent to the browser with instructions to save cookies. Finally, cookies are confirmed by a browser.
The attitude of legislators to cookies varies from country to country.
In Russian Federation cookies are qualified as personal data and are regulated by FederalLawNo. 152 FZ«OnPersonalData»2.Butthereisacontradiction:thislawdoes notcontaincertaincharacteristicsthatmayallowuserstorelatecookiefilestopersonal data. In addition, Roskomnadzor gave a brief explanation of this controversy in 2021 when referred to cookie as «personal data» at one of the online forums. The Deputy Head of the agency Milos Wagner explained that cookies contain personal details of the internet user, and their processing must comply with the requirements of Law No. 152 FZ. However, it is only the position of an agency that is not fixed in official documents.
1 What are Cookies? // Kaspersky. URL: https://www.kaspersky.com/resource-center/defi- nitions/cookies (дата обращения: 05.10.2022).
2 Федеральный закон от 27.07.2006 № 152 ФЗ «О персональных данных».
433
XXXII. INTERNET GOVERNANCE
LegalregulationofcookieisstricterandmoreadvancedintheEU1.ThereisaGeneral Regulation for the protection of personal data (General Data Protection Regulation, GOV)2. It is stated that an individual can be linked to online identifiers, which include cookies. The main difference from Russia is that users have a choice whether to accept cookie or not, and every site owner must give an instruction and brief description of risks. The user has access to the consent and decline buttons and makes their ownchoice.Thesystemofsanctionsforbreachofconfidentialityisstrict —thewebsite violating the law is fined the amount of £500,000.
Moreover, The European Court of Justice ruled on October 1 that website operators must ask a user's consent to use cookies and the user must give it consciously and willingly3. The decision was made in connection with a case in Germany: Planet49 online lottery required personal information about the participants to use it in an advertising campaign without users' permission.
Despite the legal regulation of cookies in most countries, there are still some risks of their use. The most common crime with cookies is theft. The statistics shows that most crimes occur when shopping in online stores, which is explained by the weak system of protection and data protection of most online stores. This is fraught with leakage of personal data (full name, phone number, address, and even bank card data), so we can conclude that cookies are not completely secure.
Thus, analyzing the principles of cookie technology, studying the opinions of legislatorsofvariousstates,wecansaythattheissueofthesecurityofpersonaldatawhen using cookies is regulated more strictly every year, making this technology not only convenient, but also practically safe. However, in any case, when visiting a website all possible risks should be carefully considered.
1 Закон Евросоюза о cookies // Habr. URL: https://habr.com/ru/post/143235/ (дата обращения: 05.10.2022).
2 Intersoft consulting // General Data Protection Regulation (GDPR). URL: https://gdprinfo.eu (дата обращения: 05.10.2022).
3 Европейский Суд постановил, что на сохранение файлов cookie необходимо актив-
ное согласие пользователя // ixbt. URL: https://www.ixbt.com/news/2019/10/02/evropejskij- sud-postanovil-chto-na-sohranenie-fajlov-cookie-neobhodimo-aktivnoe-soglasie- polzovatelja.html (дата обращения: 05.10.2022).
434
IX СТУДЕНЧЕСКИЙ ЮРИДИЧЕСКИЙ ФОРУМ
Седова С. И. Университет имени О.Е. Кутафина (МГЮА)
Cтудент
The problem of personal data leakage
Abstract. The article is devoted to the problem of personal data leakage, the specifics of processing personal information taking into account Russian legislation, provides specific statistical data of leaks and further ways to overcome the problem.
Keywords:personaldata,processingofpersonaldata,globalinformationsystem,legalregulation.
Everyday terabytes of information get into cyberspace includingpersonal data often without our permission. As a result, phones and e-mail inboxes are attacked by sales calls, annoying advertisement and third-class mails. Moreover, intruders can use obtained data in a more hostile waysuch asimpersonatinganother person, espionage, taking credits or laundering money. According to InfoWatch expert and analytical center,inthefirsthalfof2022thenumberofinformationleaksalmostdoubledworldwide and one and a half times in Russia (compared to the first half of 2021). About 3 billion records of personal data leaked worldwide, while in Russia it was 187 million records, which is more than the population of the country. Almost weekly in the first half of the year, great amount of information from Russian companies and government agencies was leaked, including: Russian Railways, the airline Pobeda, the telecommunications companies Rostelecomand VimpelCom, the information portal Ykt.ru, the services Mir Tesen, Fotostrana.ru and Text.ru, the entertainment resource Pikabu, the delivery servicesYandex.Eda,DeliveryCluband2 Berega,theSkolkovoSchoolofManagement,the educational portal GeekBrains1. Thus, the problem of leaks of personal and payment data remains relevant. With the development of the informationsociety, it is crucial to continueimprovingthelegalregulationofsocialrelationsarisinginthefieldofInternet use.
To start with, it is required to define fundamental terms. In accordance with the Federal Law No. 152 FZ of 27.07.2006 «On personal data», personal data is any information related directly or indirectly to a specific or identifiable individual (subject of personal data)2. This is the first and last name of a person, passport details, date of
1 Report on data leaks for the first half of 2022 // InfoWatch. URL: https://www.in- fowatch.ru/analytics/analitika/otchyot-ob-utechkakh-dannykh-za-1-polugodie-2022-goda.
2 The Federal Law No. 152 FZ of 27.07.2006 «On personal data».
435
XXXII. INTERNET GOVERNANCE
birth, phone number, address, e-mail address, photo and video materials, health status,placeofwork,fingerprintsandotherinformationthatallowstoidentifyaparticular person. In fact, all websites contain personal identifiable information, where there are forms of feedback, the ability to place advertisements or register in a private office, questionnairestofillin,subscriptionformailing or orderinggoodsorservices.Thesubject who received this information and who will subsequently carry out various kinds of actions with it, is called an operator. Operator is a state body, municipal body, legal entity or individual, independently or cooperatively with other subjects organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions performed with personal data. Further, it should be noted that the processing of personal data is anyactionorasetofoperationsperformedwithorwithouttheuseofautomationwith personal data, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (access), anonymization, blocking, deletion, destruction of personal data1. In this way, despite the fact that the list is closed, the range of actions that the operator can conduct with personal identifiable information is wide, which demonstrates the need for person's additional attention.However,themainruleisthatinordertoprocesspersonaldatatheoperator must obtain consent from the person unless otherwise provided by law. Absence of a response is not considered to be a consent in any way2. In our opinion, by enshrining these provisions, the legislator primarily protects everyone's right to personal and other types of secrets and the right to privacy.
As for the leakage of personal data, there is no legal definition in Russian law. However, it may be disclosed as the unlawful provision, dissemination or receipt of personally identifiable information caused by accidental or intentional actions, i.e., people who process personal data do not have the right to do so due to not having received the consent of the data owner when the law provides for it. The leakage of personal data can be caused by objective and subjective circumstances. The first includes,forinstance,technicalbreakdowns,andalsonegligenceofemployees,theirdesire to gainbenefitsand hacker attacks. Wesuppose that todeal with technical disruptions operators need to systematically improve the security systems, conduct preventivemaintenanceontheserverswherethedatabasesarestored.Nevertheless,insiders remain the main providers of information. According to the statistics of InfoWatch for
1 The Federal Law No. 152 FZ of 27.07.2006 «On personal data».
2 The Federal Law No. 152 FZ of 27.07.2006 «On personal data».
436
IX СТУДЕНЧЕСКИЙ ЮРИДИЧЕСКИЙ ФОРУМ
2021, more than 82 % of all leaks and 76 % of leaks due to the fault of an insider are intentional1. The solution to this problem might be to restrict employees'access to databases when it is not reasonable to obtain information. Improving digital literacy also will help in the fight against careless workers. In order to avoid cyber-attacks byhacker operators should use highly effective means of countering malicious attacks, such as DLP (Data Leak Prevention) systems that monitor traffic and information flow within the organization, IDS (Intrusion Detection System) that can detect unauthorized encroachment. In addition, a person should take care of the security of their personal identifiable information by carefully reviewing the privacy policy and the purpose of data processing, following the security rules for creating passwords. There is also an opportunity to check whether public authorities or legal entities are included in the registerofoperatorsprocessingdatatoconfirmtheirreputation.Currently,theregistry contains information about 716,036 operators2.
A universal way to prevent data leaks is to apply legal liability measures. Criminal, administrative,anddisciplinaryliabilityisestablishedforviolationsoftherequirements of Law No. 152 FZ. Most often, offenders are required to pay administrative fines. Nowadays under the law of the Russian Federation, violations in the field of personal data by individuals are punishable with the maximum penalty of up to one hundred thousand rubles, those committed by officials are subject to a penalty of up to 800 thousandrubles,forindividualentrepreneursitisupto300 thousandrubles,while for legal entities a penalty constitutes up to 18 million3. However, in practice, the size of such fines is rarely achieved. For example, in the beginning of 2022, presumably morethan100 thousand«Yandex.Eda»userdatabecamepubliclyavailable.Thejustice of the peace of Zamoskvorechye judicial district fined the service 60 thousand rubles4. It turns out that the creation of mechanisms for the real protection and control over the processing of personally identifiable information, high-quality software systems, the maintenance of highly qualified staff are more expensive than paying a fine, so it is
1 There were more deliberate leaks in 2021 // InfoWatch. URL: https://www.in- fowatch.ru/analytics/analitika/v-2021-stalo-bolshe-umyshlennykh-utechek.
2 Register of operators who process personal data // Federal Service for Supervision in the Field of Communications, Information Technology and Mass Communications // URL: https://pd.rkn.gov.ru/operators-registry/operators-list/.
3 «CodeoftheRussianFederationonAdministrativeOffences»dated30.12.2001№ 195 FZ (ed. dated 24.09.2022).
4 The draft law on turnover fines determined the size of the leak // The Ministry of Digital Development, Communications and Mass Media of the Russian Federation. URL: https://digital.gov.ru/ru/events/41887/?utm_referrer=https%3a%2f%2fyandex.ru%2f&utm_referrer=https%3a%2f%2fdigital.gov.ru%2fru%2fevents%2f41887%2f.
437
XXXII. INTERNET GOVERNANCE
necessary to adjust sanctions, further tightening of responsibility. Now a draft law on revolving fines for data leaks is under development. Fines willbe applied in two stages. For the first leak, the penalty will be fixed. Its size will depend on the amount of data leaked by the company. In case of repeated leakage, the firm may be fined 1 % of the annual turnover1.
Thus,theproblemofpersonaldataleakageisasidephenomenonofdigitalization. Despitethefactthatthelegalregulationofnetworkrelationshasbeeninitiated,certain aspects of data protection require further improvement.
Тарова А. М. Университет имени О.Е. Кутафина (МГЮА)
Cтудент
Can blocking of Russian media sources be interpreted
as a violation of digital sovereignty?
Abstract.ThearticlepresentsastudyoftheissueofblockingRussianmediaontheInternet. Theauthorraisesaquestionwhethersuchaphenomenoncanbeconsideredasaviolation of the digital sovereignty of the country.
Keywords: digital sovereignty, cyberspace, cybersecurity, freedom of speech, digital law.
In the modern world, the media plays a very important role, performing an information function. Each country on the world stage has its own independent media sources, which, at the same time, all network users have access to. But in the current political situation, Russian mass media are being blocked by foreign states, as well as by international media platforms.
With the development of technologies and digital law, it has become common to talkaboutdigitalsovereignty,whichallstatesofthemodernworldpossess.DigitalSovereignty or Cyber Sovereignty is the degree of control an individual, organization or government has over the data they generate and work with at local or online platforms2.
1 The Ministry of Digital Development, Communications and Mass Media of the Russian Federation is preparing a new version of the draft law on turnover penalties for personal data leakage // The Ministry of Digital Development, Communicationsand MassMediaof the Russian Federation. URL: https://digital.gov.ru/ru/events/41722/?utm_referrer=https%3a%2f%2fyandex.ru%2f.
2 URL: https://digitalsovereignty.org/en/.
438