Рус Eng Cn Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

International Law
Reference:

Information security: international legal aspects of its provision

Gorbunov Igor' Andreevich

Postgraduate student, Department of Administrative and Financial Law, Peoples' Friendship University of Russia

117198, Russia, Moscow, Miklukho-Maklaya str., 6

igoragor97@mail.ru
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2024.1.70440

EDN:

FQXKYN

Received:

09-04-2024


Published:

16-04-2024


Abstract: The relevance of the topic under consideration is due to the globalization of the information space, which arises in connection with the intensive development of information technologies, which implies the need to develop new approaches to ensuring information security. Based on the principles of sovereign equality and international cooperation, States interact with each other in the common interest (including in the legal field), develop basic principles and norms on which the legal foundation for the legal provision of international information security is based. The author states that the importance of implementing coordinated measures by participants in international legal interaction in this area is due to the fact that if information security is an integral part of national security, then international information security is an immanent element of international security, without which it is impossible to build a system of secure interstate cooperation in modern realities.  The author applied the method of theoretical analysis in the process of research, the conclusions are based on a formally logical method. The main conclusion of the author of the study is the following position: the goals of maintaining the state of security of the global information space may be unattainable without proper cooperation (in particular, organizational and legal in nature) in solving problems related to ensuring international information security at several levels of interaction: bilateral, regional, global. The high level of interdependence of countries and the need to ensure the principle of indivisibility of security form the global need to find compromises and common approaches in ensuring international information security. The definition of a single conceptual framework that does not allow ambiguity, contradictions and terminological uncertainty, as well as the basic principles that are the legal foundation of the legal regulation of international information security, should be implemented by developing a single international treaty. This conclusion is due to the ineffectiveness of the norms of "soft law" and international morality based on the principles of voluntary fulfillment of obligations implemented in the process of interstate interaction.


Keywords:

threats to information security, digitalization, international legal interaction, national security, information space, global information space, international agreements, geopolitics, international documents, interstate declarations

This article is automatically translated. You can find original text of the article here.

The cross-border nature of threats to information security creates an undeniable need to consolidate the forces of various countries to counter such threats, which is also associated with the process of digitalization [1]. Each State, protecting primarily its national interests, seeks to assert dominance in the information space. However, at the same time, the information policy of countries should be aimed not only at ensuring their own information sovereignty, but also at implementing this policy in such a way that the national interests of other participants in international legal interaction are not violated. In such conditions, the goals of maintaining the security of the global information space may be unattainable without proper cooperation (in particular, organizational and legal) in solving problems related to ensuring international information security at several levels of interaction: bilateral, regional, global.

The international legal aspects of ensuring information security in the context of current global problems and international conflicts are of scientific interest to both political scientists and legal scholars. The problems arising in this area are interdisciplinary in nature and include "a block of theoretical and methodological legal issues of the application of norms, rules and principles of responsible behavior of states designed to promote an open, safe, stable, accessible and peaceful information and communication environment" [2].

The problems of international legal regulation of information security are aggravated not only by the desire of each of the parties to international legal relations to assert their exclusive dominance in the information space and, above all, to ensure the protection of their information sovereignty, but also by the fact that at the moment there is no single document at the international legal level comprehensively regulating issues of international information security, in particular including defining the responsibility of States for conducting a destabilizing information policy.

The initiative of the Russian Federation, which presented an updated version of the concept of the UN Convention on International Information Security in 2021, is interesting. This document was never adopted due to the opposition of the United States and a number of European countries. Such behavior of Western countries is dictated by the presence of contradictions and the difficulty in reaching an agreement between the interests of major geopolitical actors, each of which seeks to occupy the most dominant position in the global information space.

In general, it is worth noting that the position of the Russian Federation on the development of international principles and mechanisms for ensuring information security is quite active. Back in 1998, on the proposal of the Russian Federation, the UN General Assembly adopted Resolution A/RES/53/70 "Achievements in the field of information and telecommunications in the context of international security", which formulated threats to international information security implemented in three target planes – military-political, criminal and terrorist (triad of threats). In 1999, a new resolution was adopted, which stated the possibility of using information and communication technologies in the military and civilian spheres [3].

Currently, the main purpose of Russia's information and legal activities at the United Nations is to promote the idea of the need to adopt a universal legally binding document regulating information security issues on a global scale. So, on May 15, 2023, Russia, together with Belarus, the DPRK, Nicaragua and Syria, introduced the concept of the UN Convention on ensuring international information security. The conceptual foundations of this document presuppose the implementation of the principles of sovereign equality of States and non-interference in their internal affairs.

According to the author, the need for the adoption of a single international treaty in the field of international information security is still relevant, and therefore Russia's active role in the implementation of this idea should be supported using international legal mechanisms and participation in integration associations.

The fundamental legal principles on which the system of legal provision of information security is based should be enshrined in a single international treaty, which, firstly, will be the final stage in achieving consensual approaches between major subjects of international legal relations, and secondly, will promote uniformity in procedures and mechanisms for ensuring international information security. In this regard, it is impossible not to agree with the following statement by A.K. Dubenya: "the fundamental principles in the field of ensuring international information security require consolidation at the global level, since the supranational level of legal support on a regional scale, involving the participation of several (or several dozen) states, cannot fully satisfy the need of the world community to solve problems international information security" [4].

It is worth noting that the regulation of relations in the field of international information security is carried out by international norms of a general nature, which establish the basic principles of interstate interaction.

The Charter of the United Nations establishes a number of fundamental goals and principles that are relevant, among other things, to the field of information security (Articles 1, 2). According to N.A. Molchanov and E.K. Matevosova, the provisions of the UN Charter "do not answer many questions of ensuring international information security, which, admittedly, have arisen to humanity striving for universal peace much later than the adoption of this Charter" [5].

Nevertheless, it is worth recognizing that a number of norms of this document have an extensive subject of international legal regulation. Thus, the principles of sovereign equality, the settlement of international disputes by peaceful means, the non-use of force or threat of force, as well as other principles of international law implemented in order to maintain international peace and security, equally apply to conflicts between countries in the information sphere.

An important source of international legal regulation of information security is the Okinawa Charter of the Global Information Society, which sets out the official views of the G8 member States (including Russia) on the prospects for the development of the information society in the 21st century. The document mentions problems related to ensuring international information security, for example, it is noted that "the efforts of the international community aimed at developing a global information society should be accompanied by coordinated actions to create a safe and crime-free cyberspace" (paragraph 8). The Okinawa Charter also pays special attention to the following issues:

1) protection of intellectual property rights in information technology;

2) protection of privacy in the processing of personal data;

3) development and effective functioning of means to ensure the safety and reliability of operations;

4) attracting specialists to protect important information infrastructures.

The Tunisian Program for the Information Society of November 15, 2005 establishes the following set of actions aimed at implementing the principles previously approved:

1) protection of the safe, continuous and stable operation of the Internet network, as well as ensuring security when using ICT;

2) intensification of international cooperation and implementation of actions at the domestic level in order to strengthen the global culture of cybersecurity;

3) Protection of children and youth from molestation and exploitation through the use of ICT.

Some individual aspects of international information security are regulated by international acts affecting the field of cybercrime and human information rights and freedoms. In this case, it should be understood that the provisions of some fundamental international treaties of the Council of Europe, including the Convention for the Protection of Human Rights and Fundamental Freedoms, do not apply to the Russian Federation due to its withdrawal from the Council of Europe. Without entering into a discussion about the political validity of this action, the author considers it necessary to note that many of these acts, including the said Convention, contained important provisions on human information rights and personal information security. At the same time, these norms can also be found in other international treaties executed by the Russian Federation.

As V.A. Sadovnichy rightly noted, "the adoption of norms of safe activity in cyberspace is an imperative of our time" [6]. However, given that each country has its own national interests and their unwillingness to give up sovereignty in favor of international legal agreements and compromise reached in order to solve global problems of an interstate scale, the question of how the sphere of international information security should be regulated is becoming more urgent. Most of the currently adopted documents in this area are of a recommendatory nature, which, on the one hand, is a logical result of the desire of States for sole domination in the information space and unwillingness to assume the burden of obligations, but, on the other hand, shows the ineffectiveness of the norms of "soft law" in comparison with legally binding norms.

This conclusion is another clear evidence of the need to maintain the position of Russia and its allies in adopting a single international act, on the basis of which the obligations of states in the field of international information security will be determined, since the recommendatory norms in international law, not supported by a real mechanism of coercion, are left to the "integrity" of states, often uninterested in the implementation these standards.

It is obvious that the so-called international morality, which is understood as "a system of norms, assessments, prescriptions, patterns of behavior that perform the functions of moral regulation in the system of international relations, in shaping the value of a culture of peace, in the formation of a democratic and nonviolent world order" [7], is not an effective way of "calling" for lawful behavior. This explains the fact that the Russian Federation did not become a signatory to the Paris Call for Trust and Security in Cyberspace, which was delivered by the President of France at the XIII Internet Governance Forum on November 12, 2018, despite the widespread support of this document by other countries, international and other organizations.

At the same time, the content of the said document should pay special attention to the unequal ratio of the information sovereignty of States. A state with a low level of digital and technological sovereignty, but formally an independent and equal subject of international law, does not have real sovereignty, since independence in domestic and foreign policy spheres, in conditions of countries' involvement in the global information space and the imbalance of their digital potential, is dependent on the ability to counter information challenges and threats. In this regard, it should be noted that the effectiveness of standard-setting activities in the field of ensuring international information security depends both on the form of consolidation of international legal norms (in advisory acts or legally binding ones) and on the content of these norms, taking into account the unequal status of States as subjects of the international political system.

Closer cooperation in the framework of information security is carried out at the regional level. The Russian Federation is an active participant in many regional integration associations created for the joint achievement of economic, political and other goals by Russia and its allies. Such organizations include the CSTO, SCO, CIS, BRICS, and EAEU, within the framework of which agreements have been concluded regulating the procedure for cooperation in the field of international information security.

The most developed cooperation in the framework of the issues under consideration is carried out by the CIS member states. Due to the close and historical integration and partnership relations between the members of this organization, a large number of CIS legal acts in the field of information security have been adopted at the moment. At the same time, these acts are both legally binding and advisory in nature.

Taking into account the existing geopolitical situation and the intense confrontation (including the use of information weapons) between Russia and Western countries, establishing and building partnerships with the participating countries of these integration associations is one of the priorities of the state's foreign policy. The reason for the need for such cooperation is the policy of European countries and the United States aimed at the international isolation of Russia and sanctions pressure on it, which contributes to the growth of the global crisis and the building of political and legal mechanisms based on the ideological proximity of the countries and the commonality of their political goals.

In this regard, it is advisable to agree with the following words of the Chairman of the Constitutional Court of the Russian Federation V.D. Zorkin: "it must be well understood that we have not only many serious enemies, but also many friends or allies who are keenly interested in our support" [8].

The Russian Federation is developing a mechanism for bilateral cooperation in the field of information security, which is very mobile and effective in comparison with global and regional cooperation formats. At the moment, Russia has concluded a large number of intergovernmental agreements related to cooperation in the field of international information security. Such interstate cooperation is carried out mainly with friendly countries that do not share the idea of a unipolar world and interact with Russia on the basis of mutually beneficial alliance and partnership.

It is impossible not to note the special level of allied cooperation between Russia and Belarus. A significant result of the allied efforts of Russia and Belarus was the adoption of the Information Security Concept of the Union State dated February 22, 2023, approved by the resolution of the Supreme State Council of the Union State. Such a step is a consequence of the increasing economic and political pressure from Western countries, which requires a special level of coordination of political and legal mechanisms between Russia and Belarus in order to counter information attacks from unfriendly countries.

Thus, the high level of interdependence of countries and the need to ensure the principle of indivisibility of security form the global need to find compromises and common approaches in ensuring international information security. The definition of a single conceptual framework that does not allow ambiguity, contradictions and terminological uncertainty, as well as the basic principles that are the legal foundation of the legal regulation of international information security, should be implemented by developing a single international treaty. Such a conclusion is due to the ineffectiveness of the norms of "soft law" and international morality based on the principles of voluntary fulfillment of obligations implemented in the process of interstate interaction.

References
1. Polyakova, T.A. (Ed.). (2020). Models of legal regulation of information security in the context of major challenges in the global information society. Saratov.
2. Polyakova, T.A., & Shinkaretskaya, G.G. (2020). Problems of formation of the international information security system in the context of the transformation of law and new challenges and threats. Law and the state: theory and practice, 10, 138.
3. Krutskikh, A.V., & Zinovieva, E.S. (2021). International information security: approaches of Russia. Moscow: MGIMO Ministry of Foreign Affairs of Russia.
4. Duben, A.K. (2023). Principles of legal provision of information security in the system of principles of international law. International law, 2, 6.
5. Molchanov, N.A., & Matevosova, E.K. (2020). Conceptual-political and formal-legal analysis of the Paris Appeal for Trust and security in cyberspace and Russian initiatives in the field of international law. Current problems of Russian law, 1, 136.
6. Speech by V.A. Sadovnichy at the V International Forum "Partnership of the state, business and civil society in ensuring information security and countering terrorism". (2013). Institute of Information Security Problems of Lomonosov Moscow State University. Retrieved from http://www.iisi.msu.ru/articles/article28
7. Kapto, A.S. (2013). Modern civilization: challenges and alternatives. Moscow: Moscow University Press.
8. Zorkin, V.D. (2022). The Law of Russia: alternatives and risks in a global crisis. Rossiyskaya gazeta. Retrieved from https://rg.ru/2022/06/29/pravo-rossii-alternativy-i-riski-v-usloviiah-globalnogo-krizisa.html

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Information security: international legal aspects of its provision". The subject of the study. The article proposed for review is devoted to topical issues of international legal aspects of information security. The author analyzes various approaches to how activities in the field of information security should be directed from the point of view of the international legal level. The subject of the study was, first of all, the provisions of international legal acts and the opinions of scientists. Research methodology. The purpose of the study is not stated directly in the article. At the same time, it can be clearly understood from the title and content of the work. The purpose can be designated as the consideration and resolution of certain problematic aspects of the issue of international legal aspects of information security. Based on the set goals and objectives, the author has chosen the methodological basis of the study. In particular, the author uses a set of general scientific methods of cognition: analysis, synthesis, analogy, deduction, induction, and others. In particular, the methods of analysis and synthesis made it possible to summarize and share the conclusions of various scientific approaches to the proposed topic, as well as draw specific conclusions from the materials of practice. The most important role was played by special legal methods. In particular, the author actively applied the formal legal method, which made it possible to analyze and interpret the norms of current legislation (primarily the provisions of international legal acts). For example, the following conclusion of the author: "Currently, the main purpose of Russia's information and legal activities at the UN is to promote the idea of the need to adopt a universal legally binding document regulating information security issues on a global scale. So, on May 15, 2023, Russia, together with Belarus, the DPRK, Nicaragua and Syria, introduced the concept of the UN Convention on ensuring international information security. The conceptual foundations of this document presuppose the implementation of the principles of sovereign equality of States and non-interference in their internal affairs. According to the author, the need to adopt a single international treaty in the field of international information security is still relevant, and therefore Russia's active role in the implementation of this idea should be supported using international legal mechanisms and participation in integration associations." Thus, the methodology chosen by the author is fully adequate to the purpose of the study, allows you to study all aspects of the topic in its entirety. Relevance. The relevance of the stated issues is beyond doubt. There are both theoretical and practical aspects of the significance of the proposed topic. From the point of view of theory, the topic of international legal aspects of information security is complex and ambiguous and requires clarification and discussion. It is difficult to argue with the author that "The cross-border nature of threats to information security creates an undeniable need to consolidate the forces of various countries to counter such threats, which is also associated with the process of digitalization [1]. Each State, protecting primarily its national interests, seeks to assert dominance in the information space. However, at the same time, the information policy of countries should be aimed not only at ensuring their own information sovereignty, but also at implementing this policy in such a way that the national interests of other participants in international legal interaction are not violated. In such circumstances, the goals of maintaining the security of the global information space may be unattainable without proper cooperation (in particular, organizational and legal) in solving problems related to ensuring international information security at several levels of interaction: bilateral, regional, global." Thus, scientific research in the proposed field should only be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. First, it is expressed in the author's specific conclusions. Among them, for example, is the following conclusion: "the high level of interdependence of countries and the need to ensure the principle of indivisibility of security form the global need to find compromises and common approaches in ensuring international information security. The definition of a single conceptual framework that does not allow ambiguity, contradictions and terminological uncertainty, as well as the basic principles that are the legal foundation of legal regulation of international information security, should be implemented by developing a single international treaty. Such a conclusion is due to the ineffectiveness of the norms of "soft law" and international morality based on the principles of voluntary fulfillment of obligations implemented in the process of interstate interaction." These and other theoretical conclusions can be used in further scientific research. Secondly, the author offers ideas on the correct understanding of the provisions of international legal acts, which may be useful to specialists in the field under consideration. Thus, the materials of the article may be of particular interest to the scientific community in terms of contributing to the development of science. Style, structure, content. The subject of the article corresponds to the specialization of the journal "International Law", as it is devoted to legal problems related to information security at the international legal level. The content of the article fully corresponds to the title, as the author has considered the stated problems, and has generally achieved the purpose of the study. The quality of the presentation of the study and its results should be recognized as fully positive. The subject, objectives, methodology and main results of the study follow directly from the text of the article. The design of the work generally meets the requirements for this kind of work. No significant violations of these requirements were found. Bibliography. The quality of the literature used should be highly appreciated. The author actively uses the literature presented by authors from Russia (Polyakova T.A., Shinkaretskaya G.G., Krutskikh A.V., Zinovieva E.S., Molchanov N.A., Matevosova E.K. and others). Many of the cited scientists are recognized scientists in the field of legal aspects of information security. Thus, the works of the above authors correspond to the research topic, have a sign of sufficiency, and contribute to the disclosure of various aspects of the topic. Appeal to opponents. The author conducted a serious analysis of the current state of the problem under study. All quotes from scientists are accompanied by author's comments. That is, the author shows different points of view on the problem and tries to argue for a more correct one in his opinion. Conclusions, the interest of the readership. The conclusions are fully logical, as they are obtained using a generally accepted methodology. The article may be of interest to the readership in terms of the systematic positions of the author in relation to the development of international legal regulation of relations to ensure information security. Based on the above, summing up all the positive and negative sides of the article, "I recommend publishing"