Given the strategic importance of information in today’s world, the threat of the spread of personal data is a serious issue. There is no universally accepted method for dealing with this problem. It is in matters of confidentiality and data protection that the similarities and differences in the approaches of Russia and the United States are most clearly manifested, and recent events in both countries serve as proof of this.
Charges were brought against Facebook recently of failing to guarantee the integrity of confidential information on its site and allowing the personal data of its users to fall into the hands of unscrupulous political structures. The threat to national security stems from the fact that Facebook allowed foreign entities to gain access to sensitive information about users in the United States and finance the distribution of political advertisements.
A feature of the Russian policy on information security is the fact that the concept encompasses both the guarantee of the security of the infrastructure itself and the compliance of the content of that information with the standards set by the state. The standoff between Telegram (a Russian internet messenger service) and the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) continues, and its outcome is difficult to predict. The course of events demonstrates the extremely limited capacity of the state to manage information resources, despite its broad legislative powers.
The current system of state regulation of information resources in Russia is a kind of digital equivalent of the “Iron Curtain” of the Cold War era, which does not take the specifics of information resources into account. In an era of globalization, such an approach has a negative effect on the country’s competitiveness.
The Role of Information in the Modern World
The issue of data protection has become a priority of domestic political regulation and international relations. However, the situation is complicated by the fact that the production and consumption of information is far more individualized than that of industrial goods and other resources.
The rise of the internet, which began in the 1990s, allowed people to expand their political and economic development opportunities like never before. This led to a certain weakening of political power, as the technical capabilities at the disposal of the government authorities are insufficient in terms of the ability to control the individual production and consumption of information resources. At the same time, countries where the rule of law is an integral part of the political and legal tradition strive to guarantee equal opportunities in the use of information technologies, whereas countries with authoritarian traditions of state governance work to strengthen control over the infosphere.
These factors present new challenges for governments. Thus, it has always been a function of the state to ensure security. But the issue of data protection is far more complicated. First, information resources include both infrastructure and content; in fact, one without the other is impossible. Second, information security implies a guarantee that its individual properties – objectivity, accessibility, integrity, confidentiality, efficiency, etc. – will be preserved during the process of information exchange or cooperation. Accordingly, this requires a fundamentally different approach than that used with regard to traditional resources.
The American Approach to Guaranteeing the Inviolability of Confidential Information
The United States made regulating the infosphere priority earlier than other countries. Since the early 1990s, the policy of the United States in this area has been one of extremes. The main priority of the country’s information policy has been to ensure the security of confidential information. If the state plays a weak role in ensuring information security, opportunities for unscrupulous competition and large-scale violations of the law will be created. This is precisely what happened in the 1990s, when the state did not have the resources to respond to the new challenges presented by the information explosion.
Contemporary American research talks about the phenomenon of individual empowerment – the strengthening of the capabilities of the individual. In the system of public administration, the increased influence of the individual means the weakening of state power. U.S. politics is predicated on the notion that everyone is guaranteed equal rights and opportunities, and this can be expanded to include equal opportunities to the production and consumption of information.
A certain change in policy occurred at the beginning of the 21st century in connection with the United States reorienting its National Security Strategy towards countering war on terror. Various legislative measures were adopted during this period that significantly strengthened the powers of the state bodies in terms of granting the government access to confidential information and the giving it the ability to control information (the USA PATRIOT ACT of 2001, for example). It was at this time that the U.S. intelligence services were given the technical capabilities and powers to access various categories of confidential information and personal data, which drew criticism from human rights organizations and the international community. The information policy of the Obama administration was more balanced and moderate. The adoption of the USA Freedom Act, which got rid of the most stringent provisions of the PATRIOT ACT, was a compromise of sorts.
Seeing as the state is in no position to assume responsibility for guaranteeing the integrity of sensitive data, the private sector and commercial information security products must step in to play a vital role.
The Russian Policy of Information Security
The dawn of the Information Age has been accompanied by social transformations across the globe. Russian society has also been affected by the need to adapt to the realities of the Information Age, and, given the numerous historical and political features this development, it has proven to be an extremely difficult process.
The Russian economy continues to be heavily dependent on the production and export of energy resources. At the same time, the existing system is not in a position to ensure that it will develop the production of knowledge and intellectual products in an effective manner, since this requires fundamentally different approaches. Conservative political institutions dominate in Russia and, as a consequence, the state authorities enjoy broad powers that extend to the infosphere. A feature of the Russian policy on information security is the fact that the concept encompasses both the guarantee of the security of the infrastructure itself and the compliance of the content of that information with the standards set by the state.
Legislative measures adopted in recent years have vested the state organs with the function of determining the “perniciousness” of information, as well as with the power to restrict the spread of this information, including on the internet. The law prohibits the use of technologies to bypass blocked information and requires that personal data be stored inside the territory of the Russian Federation so that it remains in the jurisdiction of the Russian law enforcement agencies.
The issue of the intelligence services having access to confidential information is also regulated by the so-called “Yarovaya package” of laws . The provisions of the laws, which were heavily criticized by the public, oblige telecoms operators to keep confidential cellular data of Russian citizens for six months and pass it on to the Russian intelligence services, without any kind of formal judicial procedure.
These provisions, the part pertaining to the dissemination of information in particular, are reminiscent of the most stringent redactions of the USA PATRIOT ACT. At the same time, the “Yarovaya package” was adopted in entirely different circumstances, and after the experience of the United States had already demonstrated that increasing state control over confidential and private information was ineffective. Many doctrinal papers contain elements that pit the interests of the state and the people against each other. The 2016 version of the Doctrine of Information Security of the Russian Federation retains the triad of the interests of the individual, society and the State that was adopted in the 2000 version of the document. However, the provisions relating to the interests of the individual have disappeared; the provisions relating to the interests of the State are all that remain.
Information technology has provided us with the opportunity for personal growth and increased opportunities, but the Russian leadership sees this as a threat to sovereignty and national security. The response of the government to expanded opportunities is to strengthen state control and restrict information activity. At the same time, the methods used to regulate this do not take the specific features of information resources, or of the Information Age, into account. Information security implies a guarantee that its individual properties – objectivity, accessibility, integrity, confidentiality, efficiency, etc. – are preserved, and this requires fundamentally different approaches to the issue of political regulation.
Confidentiality of Information and Russia–U.S. Relations
Interestingly, the issue of protecting confidential information is primarily an internal legal matter, yet it is one that unexpectedly became an irritant in Russia–U.S. relations.
In 2016, the United States accused Russia of interfering in its presidential elections. Specifically, three areas of interference were cited: the Russian intelligence agencies gaining access to Democratic National Committee networks and publishing compromising materials about Hillary Clinton on the Wikileaks website; the Russian state media incorrectly presenting information about Hillary Clinton during the election campaign and then disseminating this propaganda among U.S. voters; and Russian persons and business entities using American internet technologies to run political videos. The United States, like Russia, has laws that prohibit foreign funding of election campaigns.
The videos were streamed on Facebook, the most popular social networking site in the world. The platform provides great opportunities for carrying out “targeted advertising,” that is, it can tailor advertising content by interest. In order to make sure that the advertisements are seen by as many interested eyes as possible, it is necessary to analyse a colossal amount of data and thus determine which users are likely to pay attention to the information being presented. This data often includes confidential information, the dissemination of which constitutes an abuse of privacy. It turns out that the manner in which this information was collected was in violation of the law, and the company contracted to perform the analysis of the collected material was Cambridge Analytica. The level of public outrage prompted the Senate Committee on Trade, Science and Transport to invite Facebook CEO Mark Zuckerberg to a series of special hearings. The main complaint of the U.S. lawmakers was that the social network had failed to guarantee the inviolability of confidential information on its and allowed personal data of its users to fall into the hands of unscrupulous political structures. Zuckerberg accepted full responsibility and convinced the Senate that he would take the necessary measures to protect the confidential information of Facebook users.
The investigation led by Robert Mueller continues, and it is entirely possible that the U.S. intelligence services could discover new evidence of “interference.” Judging from how events are unfolding, the threat to national security stems from the fact that Facebook allowed foreign entities to gain access to sensitive information about users in the United States and finance the distribution of political advertisements. Despite the public scrutiny of Russia’s interference in the presidential elections, the claims presented in the Senate were not connected to the content of the information that was disseminated or to the effect that it had on public opinion in the United States.
Interestingly, around the same time that this was happening in the United States, a similar story was unfolding in Russia in connection with the Russian social network and messenger service Telegram. A distinguishing feature of Telegram is that is uses a unique algorithm that is practically impervious to decryption by the intelligence services and thus prevents them from accessing secret communications. This is clearly an advantage of the program, although it does mean that the company is in violation of existing Russian legislation. Telegram representatives were asked to provide the authorities with the encryption keys to the program. They refused to do so, prompting the Court of Moscow to rule in favour of Roskomnadzor on April 13, 2018 to block the social networking app throughout the Russian Federation. The Roskomnadzor decision has sparked outrage among Telegram users and soon led to the appearance on the internet of information and instructions on how to install programs capable of bypassing the block.
But it turned out that users did not have to take any additional steps, as Telegram specialists promptly developed a workaround that ensured the smooth continued operation of the app across Russia. Roskomnadzor has since blocked access to over 18 million websites, including popular search engines and online stores, ostensibly because these sites use Telegram in some manner. The standoff between Telegram and Roskomnadzor continues, and its outcome is difficult to predict. The blocking of Telegram is a clear manifestation of the Russian authorities’ policy on the protection of information. What is more, the course of events demonstrates the extremely limited capacity of the state to manage information resources, despite its broad legislative powers. The specific features of information resources require new approaches in terms of political regulation.
The current system of state regulation of information resources in Russia is a kind of digital equivalent of the “Iron Curtain” of the Cold War era, which does not take the specifics of information resources into account. In an era of globalization, such an approach has a negative effect on the country’s competitiveness. What is more, the incompatibility of the two different approaches to information regulation leads to more serious contradictions and plays a big role in the deterioration of bilateral relations.
1. The “Yarovaya package,” named after State Duma Deputy Irina Yarovaya, who presented the draft legislation to parliament for consideration, is actually a pair of bills: Federal Law No. 374-FZ “On Introducing Amendments to the Federal Law ‘On Countering Terrorism’ and Other Legislative Acts of the Russian Federation Regarding the Establishment of Additional Measures to Counter Terrorism and Ensure Public Safety” dated July 6, 2016 and Federal Law 375-FZ “On Introducing Amendments to the Criminal Code of the Russian Federation and the Criminal Procedural Code of the Russian Federation Regarding the Establishment of Additional Measures to Counter Terrorism and Ensure Public Safety.” Both bills were signed into law by the President of the Russian Federation on July 7, 2016.