Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

International Law
Reference:

Principles of Legal Provision of Information Security in the System of Principles of International Law

Duben' Andrei Kirillovich

Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice

119019, Russia, Moscow region, Moscow, Znamenka str., 10

k.duben@mail.ru
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2023.2.40089

EDN:

KREABN

Received:

27-03-2023


Published:

03-04-2023


Abstract: In the theory of law and branch legal sciences, sufficient attention has been paid to the issue related to legal principles, however, there are some problems that require doctrinal understanding. One of such issues is the place and role of the principles of legal provision of information security in the system of principles of international law. The author notes that legal principles determine the essence of the branch of law under consideration and, by virtue of their legal consolidation in the norms of a particular branch of law, have a generally binding meaning. This article discusses the principles of building an information security system. The complexity of building such a system lies in the need to consider protective measures in a complex, which should cover the legal, organizational and technical components. The article, based on the analysis of international normative legal acts and scientific and legal sources, identifies the main vectors of development of international and information law, considers external and internal threats in the information sphere, reveals the content of the basic principles of information security. The author concludes that in the context of global digital transformation and the need to build an information society, the problems concerning the definition of the fundamental principles of legal provision of information security are of particular importance. In this regard, the issue of scientific understanding of the system of these principles, their development and correlation with each other, as well as the impact on information legal relations becomes quite relevant.


Keywords:

principles of law, international law, information law, the system of principles, theory of law, new challenges, digitalization, transformation of law, legal support, information society

This article is automatically translated.

In the context of global digital transformation and the need to build an information society, the problems concerning the definition of the fundamental principles of legal provision of information security are of particular importance. In this regard, the issue of scientific understanding of the system of these principles, their development and correlation with each other, as well as the impact on information legal relations becomes quite relevant. At the same time, the conditionality of such an understanding is connected not only with the scientific interest of scientists in the field of the science of international and information law, but also with more practical goals concerning the improvement of legal regulation and the formation of law enforcement practice.

In the theory of law, the definition of legal principles has various formulations, most of which contain the key features of this concept. Thus, in the work of M.N. Marchenko, the principles represent "the main ideas, starting points or leading principles of the process of formation, development and functioning of law" [1, p. 249]. According to the position of L.A. Morozova, the principles of law are "fundamental ideas enshrined in official sources of law or recognized in legal practice and reflecting the patterns of development of public relations" [2, p. 193]. Thus, the principles of law are of fundamental importance for the regulation of public relations and at the same time can find regulatory and legal consolidation both at the state and international level.

The importance of legal principles in terms of their role in the formation of law enforcement practice and regulatory material is particularly high, including in the field of information security. Legal principles serve as a guideline for the legislator, since the norms formulated by him should not contradict the principles of law and at the same time should represent their detailed expression. These aspects also take place in relation to the field of information security.

First of all, it is worth touching upon the generally recognized principles of international law. The source of these principles is the UN Charter, the Declaration on Principles of International Law concerning Friendly Relations and Cooperation between States in Accordance with the UN Charter and the UN Millennium Declaration. The first two of the above-mentioned acts mention the principle that States resolve their international disputes by peaceful means in such a way as not to endanger international peace, security and justice. The information space of the absolute majority of modern countries is defined as a new theater of military operations. In this regard, it is worth concluding that the concept of international peace and security, mentioned within the framework of the content of this principle, also applies to the sphere of international information security. Consequently, the concepts of "international security" and "international information security" relate to each other as general and particular. At the same time, in the field of international information security, this principle is the most relevant, since the advantages of using information weapons make the conduct of information wars more preferable for countries.

The principle of non-use of force and threat of force for the sphere of information security is of high importance. Currently, this principle can be interpreted broadly and presuppose not only encroachment on the territorial integrity of another State and the possibility of conducting hostilities on its territory, but also acts of information aggression and the use of information weapons, including propaganda of war, the prohibition of which is enshrined in Article 20 of the International Covenant on Civil and Political Rights [3].

The obligation of States to cooperate with each other in the field of information security is manifested in the development of coordinated measures to counter information threats that encroach on the security of the global information space and affect the national interests of several States. Currently, this principle seems even more relevant due to the increasing level of integration interaction and interdependence between countries due to the cross-border nature of the information space.

The principle of sovereign equality of States presupposes the possibility of all States to participate equally in solving problems of international information security and to be participants in the global information space, regardless of differences of a political, social, economic or other nature. This principle plays a significant role in increasing the level of interstate interaction on the problems of protecting the information space from the negative impact of sources of information threats.

The principle of conscientious fulfillment of obligations is implemented through the proper fulfillment by States of obligations arising from international treaties in the field of information security or in accordance with generally recognized principles and norms of international law. The concept of "good faith" in this case presupposes voluntary execution, eliminating the need to use international legal levers of pressure.

Describing the sources of international information law, many authors mention the principle of respect for human rights and fundamental freedoms. This principle, in relation to the field of information security, is specified in the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights [4] and the Universal Declaration of Human Rights [5]. In particular, these acts consolidate the norms on the secrecy of correspondence and the prohibition of illegal encroachment on honor and reputation.

The UN Millennium Declaration emphasizes commitment to the goals and principles of the UN, as well as increasing their relevance "as countries and peoples become more interconnected and interdependent." The latter statement fully corresponds to the development of the information environment and information technologies in the context of globalization, therefore, it also applies to ensuring information security.

The generally recognized principles of international law in the field of information security have also found expression in UN resolutions on cybersecurity and scientific and technological progress [6]. Most of these principles are consistent with the strategic planning documents of foreign countries and emphasize the importance of openness and transparency of the state's activities in the information space, as well as the need to form a global culture of information security.

The Okinawan Charter of the Global Information Society also enshrined a number of principles, some of which are directly related to the field of ensuring international information security [7]. So, among other principles, it is fixed: "further development and effective functioning of electronic identification, electronic signature, cryptography and other means of ensuring the security and reliability of transactions; development of an effective and meaningful mechanism for protecting consumer privacy, as well as protecting privacy when processing personal data, while ensuring the free flow of information." Thus, this international act focuses primarily on the information security of the individual, as well as on the development of information and technical means of ensuring security.

The formation of the principles of legal provision of information security was also influenced by the Declaration of Principles adopted in Geneva in 2003 [8]. The document points out the importance of observing the principle of legality, which implies strict compliance with national laws and regulations, as well as relevant international agreements. One of the most important principles directly related to the field of international information security is the principle of confidence-building and security in the use of ICT. It follows from the analysis of the Declaration that this principle consists of the following elements: 1) strengthening the foundation for trust, including information security and network security, authentication, protection of privacy and consumer rights; 2) formation, development and implementation of a global culture of cybersecurity; 3) prevention of the use of information resources and technologies for criminal and terrorist purposes.

The Tunisian Program for the Information Society, adopted in 2005, emphasizes the importance of ensuring the stability, security and continuity of the Internet, strengthening trust and security in the use of ICT, enhancing international cooperation to strengthen security while ensuring greater protection of personal information, privacy and data [9]. In general, the provisions of these documents differ little from the ideas set out in UN resolutions.

As you can see, the general principles designed to ensure international information security can already be considered formed at the moment. However, it cannot be said that the basic principles of legal support for international information security, enshrined at the international level, are a structured system. An attempt to structure and give a systematic look to the basic principles of ensuring information security was carried out by the Russian Federation, which proposed in 1999 within the framework of the UN "Principles concerning International Information Security" [10]. However, the proposed document with five basic principles was never adopted as a resolution. Over time, due to the rapid development of information technologies and the formation of a global information society, there will inevitably be a need to formulate new principles, revise previously fixed ones or interpret them differently.

The principles of ensuring information security can be formulated not only at the global level, but also at the regional level. The principles enshrined as a result of Russia's integration cooperation with other countries have a certain significance.

Over time, due to changes in the political and economic situation in the world caused by globalization, integration cooperation between states is only increasing, including on issues of international information security. These problems were the subject of consideration at the XIII Internet Governance Forum held at UNESCO headquarters, where the French President made a Paris Appeal for Trust and Security in Cyberspace [11]. However, Russia was not among the more than 50 countries that signed this document. It seems that this is primarily due to the fact that the specified document is declarative in nature, and therefore the binding nature of its execution is not legally supported.

At the same time, in terms of rapid response to the problems of international information security of the Russian Federation, it is also no exception in this case, in connection with which the Foundations of the State Policy of the Russian Federation in the field of International Information Security were adopted. The active role of the Russian Federation in the field of ensuring international information security can be traced based on its activities in the UN. So, in December 2018, two draft resolutions proposed by Russia were adopted at once: The resolution "Achievements in the field of informatization and telecommunications in the context of international security" [12] and the Resolution "Countering the use of information and communication technologies for criminal purposes" [13].

It follows from the analysis of international acts that a large number of legal acts in the field of information security have been concluded with the participation of the Russian Federation. The purpose of integration interaction in this case is the harmonization of the laws of various states in the field of international information security, which will avoid such an urgent problem as the lack of certainty of the conceptual apparatus used in various legal acts, without which it is impossible to fully cooperate between countries. Stable integration relations between various States allow them to take joint coordinated measures to combat information threats and challenges affecting regional and global interests, the effective prevention of which requires the consolidation of international State resources.

It is worth noting that official documents adopted within the framework of one integration organization sometimes have a positive impact on the regulatory framework of another organization. Thus, the Model Law of the IPA CIS "On International Information Exchange" [14] and the Concept of Cooperation of the CIS member states in the field of information security [15] had different definitions of the concept of "information security", which was unacceptable from the point of view of the need to ensure a single conceptual apparatus and terminological certainty. In this regard, the concept of information security in the Information Security Strategy of the CIS member states, adopted in 2019, began to be defined in accordance with a more appropriate definition enshrined in the Agreement between the Governments of the SCO Member States on Cooperation in the field of international information security, that is, as the state of security of the individual, society and the state and their interests are protected from threats, destructive and other negative impacts in the information space.

Thus, the fundamental principles in the field of ensuring international information security require consolidation at the global level, since the supranational level of legal support on a regional scale, involving the participation of several (or several dozen) states, cannot fully satisfy the need of the world community to solve problems of international information security. In conditions when the information space actually blurs the boundaries between States, not limited to the framework of one State, region or continent, issues of international information security, including the basic principles of its provision, should be a universal and clearly defined system, compliance with the rules of which will be mandatory for the entire international community.

References
1. Theory of state and law: textbook for universities / edited by M.N. Marchenko. M.: Zertsalo, 2004. – 800 p.
2. Morozova L.A. Theory of state and law: textbook. 4th ed., reprint. and additional M.: Eksmo, 2010. – 510 p.
3. The International Covenant on Civil and Political Rights (Adopted on 12/16/1966 by Resolution 2200 (XXI) at the 1496th plenary session of the UN General Assembly) // Bulletin of the Supreme Court of the Russian Federation, No. 12, 1994.
4. International Covenant on Economic, Social and Cultural Rights (Adopted on 16.12.1966 by Resolution 2200 (XXI) at the 1496th plenary session of the UN General Assembly) // Bulletin of the Supreme Court of the Russian Federation, No. 12, 1994.
5. Universal Declaration of Human Rights (adopted by the UN General Assembly on 10.12.1948) // Rossiyskaya Gazeta, 10.12.1998.
6. UN General Assembly resolution A/RES/64/211 of December 21, 2009 "Creating a global cybersecurity culture and assessing national efforts to protect critical information infrastructures" // Official website of the United Nations. URL: https://undocs.org/pdf?symbol=ru/A/RES/64/211 (accessed: 27.12.2022).
7. Okinawan Charter of the Global Information Society (Adopted on fr. Okinawa 22.07.2000) // Diplomatic Bulletin. 2000. No. 8.pp. 51-56.
8. Geneva Declaration of Principles "Building an Information Society-a global challenge in the New Millennium", adopted on 12.12.2003 // Official website of the United Nations. URL: https://www.un.org/ru/events/pastevents/pdf/dec_wsis.pdf (accessed: 27.12.2022).
9. Tunisian Program for the Information Society, adopted on 11/15/2005 // Official website of the United Nations. URL: https://www.un.org/ru/events/pastevents/pdf/agenda_wsis.pdf (accessed: 27.12.2022).
10. Report of the UN Secretary-General A/55/150 "Achievements in the field of information and telecommunications in the context of international security" dated 10.07.2000 // Official website of the United Nations. URL: https://undocs.org/ru/A/55/140 (accessed: 16.12.2022).
11. Paris Appeal for Trust and Security in Cyberspace. URL: https://www.diplomatie.gouv.fr/IMG/pdf/appel_de_paris_en_russe_cle8a41ae.pdf (accessed: 16.12.2022).
12. Resolution no. A/RES/73/27 of the UN General Assembly "Achievements in the field of information and telecommunications in the context of international security", adopted on 05.12.2018 at the 45th plenary meeting of the 73rd session of the UN General Assembly // Official website of the United Nations. URL: https://documents.un.org/prod/ods.nsf (date of application: 16.12.2022).
13. Resolution no. A/RES/73/187 of the UN General Assembly "Countering the use of information and communication technologies for criminal purposes", adopted on 17.12.2018 at the 56th plenary meeting of the 73rd session of the UN General Assembly // Official website of the United Nations. URL: https://documents.un.org/prod/ods.nsf (accessed: 16.12.2022).
14. Model Law on International Information Exchange of the CIS (adopted in St. Petersburg on 26.03.2002 by Resolution 19-7 at the 19th plenary session of the Interparliamentary Assembly of the CIS Member States) // Newsletter. Interparliamentary Assembly of the Member States of the Commonwealth of Independent States. 2002. No. 29. pp. 134-143.
15. Decision of the Council of CIS Heads of State "On the Concept of cooperation of the member States of the Commonwealth of Independent States in the field of information security and on a comprehensive plan of measures to implement the Concept of cooperation of the member States of the Commonwealth of Independent States in the field of information security for the period from 2008 to 2010" (the document was not published) // SPS "Consultant plus"

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Principles of legal provision of information security in the system of principles of international law". The subject of the study. The article proposed for review is devoted to the principles of "... legal provision of information security in the system of principles of international law". The author has chosen a special subject of research: the proposed issues are investigated from the point of view of information, international and international information law, while the author notes that "In the context of global digital transformation and the need to build an information society, problems related to the definition of the fundamental principles of legal provision of information security are of particular importance." The NPA of Russia and the CIS, the UN Charter, the Declaration on Principles of International Law concerning Friendly Relations and Cooperation between States, international covenants and declarations relevant to the purpose of the study are being studied. A large volume of Russian and foreign scientific literature on the stated problems (including articles in NB journals) is practically not studied and generalized, and there is no analysis and discussion with these opposing authors, respectively. At the same time, the author notes: "... the principles of law are of fundamental importance for the regulation of public relations and at the same time can find normative legal consolidation both at the state and international levels." Research methodology. The purpose of the study is determined by the title and content of the work: "The importance of legal principles in terms of their role in shaping law enforcement practice and regulatory material is particularly high, including in the field of information security", "The information space is defined by the absolute majority of modern countries as a new theater of military operations. In this regard, it is worth concluding that the concept of international peace and security, mentioned within the framework of the content of this principle, also applies to the field of international information security." They can be designated as consideration and resolution of certain problematic aspects related to the above-mentioned issues. Based on the set goals and objectives, the author has chosen a certain methodological basis for the study. The author uses a certain set of private scientific, special legal methods of cognition. But at the same time, the author does not use, in particular, methods of analysis and synthesis that would allow generalizing approaches to the proposed topic and would influence the author's conclusions. Special legal methods played a certain role. In particular, the author used formal legal and comparative legal methods, which made it possible to analyze and interpret the norms of acts of Russian legislation and international acts, to compare various documents. In particular, the following conclusions are drawn: "... official documents adopted within the framework of one integration organization sometimes have a positive impact on the regulatory framework of another organization," etc. Thus, the methodology chosen by the author is not fully adequate to the purpose of the article, it allows us to study only some aspects of the topic. The relevance of the stated issues is beyond doubt. This topic is important in the world and in Russia, from a legal point of view, the work proposed by the author can be considered relevant, namely, he notes "... the issue of scientific understanding of the system of these principles, their development and correlation with each other, as well as the impact on information legal relations becomes quite relevant." And in fact, an analysis of the opponents' work should follow here, but it does not follow and the author does not demonstrate the ability to master the opponents' material in any way. Thus, scientific research in the proposed field is only to be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. It is expressed in the specific scientific conclusions of the author. Among them, for example, is this: "... issues of international information security, including the basic principles of its provision, should be a universal and clearly defined system, compliance with the rules of which will be mandatory for the entire international community." As can be seen, this "theoretical" conclusion can be used in further research. Thus, the materials of the article as presented may be of interest only partially to the scientific community. Style, structure, content. The subject of the article corresponds to the specialization of the journal "International Law", as it is devoted to the principles of "... legal provision of information security in the system of principles of international law". The article lacks an analysis of the opponents' scientific works, therefore the author does not note that a question close to this topic has already been raised, and the author does not use their materials, does not discuss with opponents. The content of the article corresponds to the title, since the author considered the stated problems and achieved the goal of his research. The quality of the presentation of the study and its results should be recognized as incomplete. The subject, objectives, methodology, research results, and scientific novelty directly follow from the text of the article. The design of the work does not fully meet the requirements for this kind of work. Significant violations of these requirements: the lack of work by opponents and, accordingly, an analysis of the current situation, especially in the light of its and sanctions against Russia. The bibliography contains only the NPA and two textbooks from 2004 and 2010, to which the author refers. This does not allow the author to correctly identify the problems and put them up for discussion. The quality of the literature presented and used should be negatively assessed. The presence of modern scientific literature would show the validity of the author's conclusions and would influence his conclusions. The works of the above authors correspond to the research topic, but do not have a sign of sufficiency, do not contribute to the disclosure of any aspects of the topic. Appeal to opponents. The author has not conducted a serious analysis of the current state of the problem under study. The author does not describe the opponents' different points of view on the problem, argues for his position, which is more correct in his opinion, based only on international acts and NPAs, but not on the work of opponents, offers solutions to individual problems. Conclusions, the interest of the readership. The conclusions are logical, general "... the fundamental principles in the field of ensuring international information security require consolidation at the global level, since the supranational level of legal support on a regional scale, involving the participation of several (or several dozen) states, cannot fully satisfy the need of the world community to solve problems of international information security," etc. The article in this form may be of interest to the readership in terms of the presence in it of the author's systematic positions in relation to the issues stated in the article only after revision. Based on the above, summing up all the positive and negative sides of the article, "I recommend sending it for revision."