Научная статья на тему 'Problems of development of legislation on identification of the subjects of information space in digital Economy'

Problems of development of legislation on identification of the subjects of information space in digital Economy Текст научной статьи по специальности «Право»

CC BY
785
72
i Надоели баннеры? Вы всегда можете отключить рекламу.
Ключевые слова
идентификация / Интернет / электронная экономика / информационные технологии / информационное право / ЕАИС / биометрическая система / удаленная идентификация / identification / Internet / digital economy / information technologies / information law / UIAS / biometric system / remote identification

Аннотация научной статьи по праву, автор научной работы — Наумов Виктор Борисович

There are lot of changes occurring in the regulation of identification of the subjects of information space, which have not yet led to the creation of the unified and consistent system of subject-specific norms that define a unified terminology and principles of regulation, and establish system of methods and types of identification. It takes place at the same time that the threat related to “ensuring human rights in the digital world, including when identifying the subject” was put in first place in the Digital Economy of the Russian Federation Program approved in the summer of 2017. In order to improve this emergently negative situation, it is necessary to specify which features of legal relationships in identifying the subjects of information space are of primary importance at this stage of new technological development. Any legal solutions have a high technological dependence on the nature and functioning of digital technologies. At a time when the Internet started to develop there existed a dogma of openness, bets everywhere were placed on open standards and protocols. The question of whether it was necessary to develop regulation of identification, that appeared as a separate set of legal norms only six years ago, had not been even posed. The state’s course regarding anonymity and identification in the information field in Russia and in the world apart changed at the beginning of this decade. In Russia there appeared a trend: states and society began seriously thinking the way mechanisms protecting privacy can be abused, general state control enforced. Legislation that introduced a requirement for mandatory identification and, in a number of cases, prohibited anonymous interaction began to appear. Despite growing court practice, which is interesting for analysis, the role of the state in this area is very significant. For Russia this can be demonstrated on the example of Federal Law of 31 December, 2017 No. 482-FZ “On Amendments to Certain Legislative Acts of the Russian Federation”, which considerably expanded the subject-specific powers of the executive authorities, and also added a new Article 14.1 “Application of information technologies for the purpose of identifying Russian Federation citizens” to the Law on Information. The amendments implement a new state idea in the area of identification: the creation of a unified biometric system.

i Надоели баннеры? Вы всегда можете отключить рекламу.
iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

ПРОБЛЕМЫ РАЗВИТИЯ ЗАКОНОДАТЕЛЬСТВА ОБ ИДЕНТИФИКАЦИИ СУБЪЕКТОВ ИНФОРМАЦИОННЫХ ОТНОШЕНИЙ В УСЛОВИЯХ ЦИФРОВОЙ ЭКОНОМИКИ

Множество изменений, происходящих в регулировании идентификации субъектов информационных отношений, еще не привели к созданию сбалансированной системы норм, которой присущи единые терминология и принципы регулирования, методы и типы идентификации. В то же самое время в программе «Цифровая экономика Российской Федерации», одобренной Правительством РФ 28 июля 2017 г., была поставлена задача обеспечения прав человека в мире цифровых технологий. В связи с этим необходимо определить, какие особенности юридических отношений в сфере идентификации субъектов информационных отношений являются ключевыми на этой стадии развития новых технологий. У любых юридических решений есть высокая технологическая зависимость от природы и функционирования цифровых технологий. Когда Интернет начал развиваться, возникла догма открытости, опирающаяся на открытые стандарты и протоколы. Вопрос о необходимости разработки специального регулирования об идентификации долгое время не поднимался. Однако в начале этого десятилетия политика государств в отношении идентификации в информационном пространстве стала меняться. В России государство и общество серьезно задумались о возможности злоупотребления механизмами, обеспечивающими защиту частной жизни, ужесточился общий контроль в данной сфере, начало появляться законодательство, предусматривающее обязательную идентификацию и в ряде случаев запрет анонимного взаимодействия. Усиление влияния государства на развитие отношений в данной сфере можно продемонстрировать на примере Федерального закона от 31 декабря 2017 г. № 382-ФЗ «О внесении изменений в отдельные законодательные акты Российской Федерации», который значительно расширил полномочия органов исполнительной власти и дополнил Федеральный закон «Об информации, информационных технологиях и о защите информации» 2006 г. новой ст. 14.1 «Приложение информационных технологий в целях идентификации граждан Российской Федерации». Поправки отражали новый государственный подход в области идентификации, предполагающий создание объединенной биометрической системы.

Текст научной работы на тему «Problems of development of legislation on identification of the subjects of information space in digital Economy»

ПРАВО И СОВРЕМЕННЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ

VICTOR B. NAUMOV

Institute of State and Law, Russian Academy of Sciences

10, Znamenka str., Moscow 119019, Russian Federation

E-mail: nau@russianlaw.net

ORCID: 0000-0003-3453-6703

PROBLEMS OF DEVELOPMENT OF LEGISLATION

ON IDENTIFICATION OF THE SUBJECTS OF INFORMATION SPACE IN DIGITAL ECONOMY

Abstract. There are lot of changes occurring in the regulation of identification of the subjects of information space, which have not yet led to the creation of the unified and consistent system of subject-specific norms that define a unified terminology and principles of regulation, and establish system of methods and types of identification.

It takes place at the same time that the threat related to "ensuring human rights in the digital world, including when identifying the subject" was put in first place in the Digital Economy of the Russian Federation Program approved in the summer of 2017.

In order to improve this emergently negative situation, it is necessary to specify which features of legal relationships in identifying the subjects of information space are of primary importance at this stage of new technological development.

Any legal solutions have a high technological dependence on the nature and functioning of digital technologies. At a time when the Internet started to develop there existed a dogma of openness, bets everywhere were placed on open standards and protocols. The question of whether it was necessary to develop regulation of identification, that appeared as a separate set of legal norms only six years ago, had not been even posed.

The state's course regarding anonymity and identification in the information field in Russia and in the world apart changed at the beginning of this decade. In Russia there appeared a trend: states and society began seriously thinking the way mechanisms protecting privacy can be abused, general state control enforced. Legislation that introduced a requirement for mandatory identification and, in a number of cases, prohibited anonymous interaction began to appear.

Despite growing court practice, which is interesting for analysis, the role of the state in this area is very significant. For Russia this can be demonstrated on the example of Federal Law of 31 December, 2017 No. 482-FZ "On Amendments to Certain Legislative Acts of the Russian Federation", which considerably expanded the subject-specific powers of the executive authorities, and also added a new Article 14.1 "Application of information technologies for the purpose of identifying Russian Federation citizens" to the Law on Informa-

tion. The amendments implement a new state idea in the area of identification: the creation of a unified biometric system.

Keywords: identification, Internet, digital economy, information technologies, information law, UIAS, biometric system, remote identification

ВИКТОР БОРИСОВИЧ НАУМОВ

Институт государства и права Российской академии наук 119019, Российская Федерация, Москва, ул. Знаменка, д. 10 E-mail: nau@russianlaw.net SPIN-код: 5729-5413 ORCID: 0000-0003-3453-6703

ПРОБЛЕМЫ РАЗВИТИЯ ЗАКОНОДАТЕЛЬСТВА ОБ ИДЕНТИФИКАЦИИ СУБЪЕКТОВ ИНФОРМАЦИОННЫХ ОТНОШЕНИЙ В УСЛОВИЯХ ЦИФРОВОЙ ЭКОНОМИКИ

Аннотация. Множество изменений, происходящих в регулировании идентификации субъектов информационных отношений, еще не привели к созданию сбалансированной системы норм, которой присущи единые терминология и принципы регулирования, методы и типы идентификации. В то же самое время в программе «Цифровая экономика Российской Федерации», одобренной Правительством РФ 28 июля 2017 г., была поставлена задача обеспечения прав человека в мире цифровых технологий. В связи с этим необходимо определить, какие особенности юридических отношений в сфере идентификации субъектов информационных отношений являются ключевыми на этой стадии развития новых технологий.

У любых юридических решений есть высокая технологическая зависимость от природы и функционирования цифровых технологий. Когда Интернет начал развиваться, возникла догма открытости, опирающаяся на открытые стандарты и протоколы. Вопрос о необходимости разработки специального регулирования об идентификации долгое время не поднимался.

Однако в начале этого десятилетия политика государств в отношении идентификации в информационном пространстве стала меняться. В России государство и общество серьезно задумались о возможности злоупотребления механизмами, обеспечивающими защиту частной жизни, ужесточился общий контроль в данной сфере, начало появляться законодательство, предусматривающее обязательную идентификацию и в ряде случаев запрет анонимного взаимодействия.

Усиление влияния государства на развитие отношений в данной сфере можно продемонстрировать на примере Федерального закона от 31 декабря 2017 г. № 382-ФЭ «О внесении изменений в отдельные законодательные акты Российской Федерации», который значительно расширил полномочия органов исполнительной власти и дополнил Федеральный закон «Об информации, информационных технологиях и о защите информации» 2006 г. новой ст. 14.1 «Приложение информационных

технологий в целях идентификации граждан Российской Федерации». Поправки отражали новый государственный подход в области идентификации, предполагающий создание объединенной биометрической системы.

Ключевые слова: идентификация, Интернет, электронная экономика, информационные технологии, информационное право, ЕАИС, биометрическая система, удаленная идентификация

1. Introduction. New Era of Regulation

New information technologies are developing exponentially, the digital economy is developing in Russia and around the world, and, in general, global socioeconomic processes related to the so-called fourth Industrial Revolution are becoming more active. In these conditions, law, which has an objective time lag in its development, is facing critical challenges which, if not met, could render the existing system of regulation unfit not later than in the next decade given society's and the state's new information structure and new legal relations in information field.

One may conclude that the time has come for all of law and legal science to provide answers, together, without competition between the branches, to those challenges and threats that have arisen and continue to actively arise; to propose legal models and institutions taking into account the opportunities and benefits of using technologies without forgetting the high risks associated with technologies and the responsibility for adopting decisions.

In recent decades a lot has occurred in the world of new technologies and the Internet. This radically affects the system of law and legislation but has not yet been reflected in in-depth and systematic legal research in legal science There are, however, few representative examples of analysis of particular problems, and such shift is evident. For instance, in view of modern technological threats, even in the USA some of the fundamental basics of privacy are re-considered, and approaches emerge in favor of considering privacy as rather public good, and not private, for the purposes of development of law2.

1 Though it cannot be denied at the same time that in recent years in Russian Federation a lot of publications on the various problems of legal regulation for developing technologies took place, yet not so many of them dedicated to the matters of obvious self-sufficiency of such technologies which starts to prevail over human component itself. For more on that aspect see Demyanets M.V. Pravovoe regulirovanie identifikatsii v usloviyakh razvi-tiya informatsionno-kommunikatsionnykh tekhnologii [Legal Regulation of Identification in the Conditions of Development of Information and Communication Technologies] // Obrazovanie i pravo [Education and Law]. 2018. № 1. P. 104-114.

2 See Fairfield J.A.T., Engel C. Privacy as a Public Good // Duke Law Journal. 2015. Vol. 65. No. 3. P. 385-457.

The world is already living in a new social reality shaped by the achievements of information technologies and their convenience for humans. Humans have accustomed themselves very quickly to these technologies without at all imagining the nature, technical complexities and repercussions of using them. Essentially new socioeconomic bodies have appeared on the planet: social networks acting as unique "network states". They are without land but have a population of hundreds of millions of users and their own rules for using them. The enormous popularity of virtual gaming environments has engendered even more socially and psychologically complex spaces of virtual worlds that have already formed all their own laws of behavior and their own (valuable!) virtual property. In those worlds users interact not only with one another and the owner of the game (world), but also with virtual characters (bots) whose actions are determined by artificial intelligence software algorithms and in a number of cases are nondeterministic in nature, unrelated to the will of the relevant computer program's developer3.

The huge and uncontrollable — that presents danger — popularity of cryptocurrencies in the past couple of years coupled with their non-established legal status but with the convenience of anonymity, the development of crowdfunding ideas as mass open or anonymous fundraising or their surrogates (which are prohibited in most countries of the world), and, in general, new steps to develop encryption technologies by using them in blockchain technologies are already now changing the shape of the global financial sector and are opening up new technical capabilities for conducting civil-law and administrative relations, primarily in government services. Both in Russia and the world people are only now starting to systematically attempt to understand the processes that are occurring. Contemporary interindustry analysis and the involvement of legal science are needed.

Large-scale information processes and the distribution of Internet of Things technologies have created organizational and technical capabilities for collecting a massive amount of data both when people use technologies, and thanks to devices of the Internet of Things system which specially control

3 The most obvious example of it so far was the case when the stock market rose sharply in the price of Apple's shares. It turned out that everything is simple: a certain exchange authority wrote on its page on Twitter that Apple shares were seriously under-estimated, after which this record was many times reposted — and that is why the result. It is still unknown whether the authority was a real or so-called social bot, supported by a huge army of other bots. PotapovaA.V. Sotsio-boty kak sovremennaya ugroza: problema vyyav-leniya i raspoznavaniya [Social Bots as a Modern Threat: The Problem of Detection and Recognition // Vestnik magistratury [Magistrate's Bulletin]. 2014. № 12-1. Р. 108-110.

various economic, technical and social processes (Big Data). The legal status of Big Data, which may become one of the cornerstones of business and government administration, its correlation with types of secrets and nondisclosure requirements in the most varied types of legal relationships have not yet been defined. These gaps will adversely impact modern processes of state development.

And finally, who could have imagined that Isaac Asimov's Three Laws of Robotics on the algorithms for robots' actions (1941)4 studied in the field of artificial intelligence and experiments on connecting human tissues with sensors and manipulators could become not just the beautiful basis for classic science fiction, but brilliant foresight? Robots have at least three essential characteristics: interactivity, autonomy and adaptability. Their actions may be unpredictable, both due to the programmers and builders of these artificial agents and due to their owners. The robot's conduct, although attributable to the program set by the programmer or the manufacturer, could not entirely been planned in its specific details because of the increase of experience made by the robot on its own. What if damage is not derived from a defect of the robot, but from its own behavior?5

Here, in the field of cyberphysical systems, where the problems of regulating robotics, future smart robots and artificial intelligence confront

4 See Petrenko M.N. Iskusstvennyi intellekt: o problemakh pravovogo statusa [Artificial Intelligence: Some Problems of Legal Status] // Alleya nauki [Alley of Science]. 2018. № 1. P. 491-494. URL: http://alley-science.ru/domains_data/files/Collection_ of_j ournals/Pervyy%20tom%20Yanvar(%20isp).pdf (Accessed: 14.06.2018). See also UzhovF.V. Iskusstvennyi intellect kak sub'ekt prava[Legal Personality of Artificial Intelligence] // Probely v rossiiskom zakonodatel'stve [Gaps in Russian Legislation]. 2017. № 3. P. 357-360.

5 See e.g. Boscarato C. Who is Responsible for a Robot's Actions? An Initial Examination of Italian Law within a European Perspective // Technologies on the Stand: Legal and Ethical Questions in Neuroscience and Robotics / Ed. by B. van den Berg, L. Klaming. Nijmegen, 2011. P. 396. On the matter of determining the legal status of robots through the categories of the classical theory of persons see Gadzhiev G.A. Yavlyaetsya li robot-agent litsom? (Poisk pravovykh form dlya regulirovaniya tsifrovoi ekonomiki) [Whether the Robot-Agent is a Person? (Search of Legal Forms for the Regulation of Digital Economy)] // Zhurnal rossiiskogo prava [Journal of Russian Law]. 2018. № 1. P. 15-30. To imagine how serious can be the problem of bot's self-sufficiency remember that since 2007 there started to appear really frightening facts when the weapon-bots seeked and destroyed their targets by "their own will" (in other words — without any operator's sanction) — see NesterovA.V. Vozmozhny li pravootnosheniya i yuridicheskie vzaimodeistviya mezhdu lyud'mi i robotami? [Are Legal Relations and Legal Interaction Possible Between People and Robots?] // Yuridicheskii mir [Juridical World]. 2017. № 8. P. 57-60.

humanity with questions of how its entire future will be organized in the coming cybernetic reality, it is precisely law and global legal science that must, following interdisciplinary discussions with other areas of knowledge and science, examine the legal relationships that are planned and being structured and make proposals as to what system of regulation and models of regulation for them correspond to a stable and effective development of the global community and economy.

In this context, one of the most important directions in the development of Russian law is the future legal regulation of the electronic body of robotics or even ambient artificial intelligence6.

The list of challenges facing law and legal science in the world is ever growing. The fact that it is time for the proposed systematic study is also determined by the sad but true fact that at the last stage of technological development and regulation Russian legal science can't fully meet the challenges that arose at the end of the last century and early in this century.

In Russia, regulation of the Internet as a subject at the current stage is technically happening by adopting a large number of amendments, primarily to information laws, and other branches. There is already a general problem of insufficient legal drafting of the legal acts that are adopted and, unfortunately, it is getting worse. At the same time, there is a clear situation of competition among the fields of law and their "struggle" for position of governance in the Internet.

Information law has long identified the problem of the liability of information providers (intermediaries); however, the term "information intermediary" as such first appeared in 2013 not in one of legal regulatory acts of information law, but in part four of the Russian Federation Civil Code (Article 1253.1).

Russian legal science has not resolved this issue of competition, although objectively there is co-regulation of legal relationships and, at a minimum, what is required is a systematization of terms and the setting up of a common

6 See Yastrebov O.A. Diskussiya o predposylkakh dlya prisvoeniya robotam pravovo-go statusa "elektronnykh lits" [Discussion on the Prerequisites for Assigning Robots Legal Status of "Electronic Persons"] // Voprosy pravovedeniya [Issues of Jurisprudence]. 2017. № 1. Р. 189-203. For more detailed theoretical and legal scientific research for the AI concept, on its features, legal nature, the sphere of its application and limits of the units (artificial systems and devices) application, as well as abstract conceptual approaches of AI see Morkhat P.M. Iskusstvennyi intellekt i prava cheloveka: teoretiko-pravovoe issledovanie [Artificial Intelligence and Human Rights: Theoretical-Legal Research] // Pravo i obrazo-vanie [Law and Education]. 2018. № 3. Р. 35-44.

terminology. At most, in our opinion this field may need codification of laws under the aegis of information law.

It is important to keep in mind that the classic fields of law and legislation evolved in the last century. The objectives and tasks that were set separately for them are getting out-of-date and may not be consistent with the interests of society and the state in the new technological reality, which means there is a need to coordinate goal setting and to harmonize regulation not of separate fields but of the entire legal system.

Russian law, its division and the content of branches and institutions, just as the legal systems of other countries of the world, is currently at the crossroad in the "digital world" that is being built: how to develop in conditions of new technology, when "megatrends" (according to K. Schwab7) or "end-to-end digital technologies" (in the terms of the "Digital Economy of the Russian Federation" Program8 ) not only dictate the need for new legal norms of regulation, but also require the formation of new institutions, including interdisciplinary institutions, in which it will be possible to regulate the digital environment of trust and identification of subjects in that environment, artificial intelligence, robotics, big data, the Internet of things and many other new technologies and phenomena. One should also keep in mind active developing all kinds of virtual units mentioned above. Many of them do not have either close to legal, or social definitions even, being although the part of probable unpredictable chaotic future in terms of far so popular technological singularity theory9.

Despite the widespread use of the Internet in Russia, the use of information and communication technologies in the field of e-commerce and public services, it is impossible to state that there is currently the substantive legislation that allow to clarify how subjects of relations involved in the distribution or the provision of information on the Internet, or, in general, in whole IT sphere, shall be fully and legally identified10.

7 Schwab K. Chetvertaya promyshlennaya revolyutsiya [The Fourth Industrial Revolution].Translated fom English. Moscow, 2016. P. 17-23.

8 The Digital Economy of the Russian Federation Program was approved by Order of the Russian Federation Government of 28 July 2017 No. 1632-r.

9 See e.g. Popov M.V., Koblova Yu.A., Murygina N.V. Instituty virtual'nogo prostran-stva: mekhanizm, zakonomernosti formirovaniya i novye ugrozy[Institutions of Virtual Space: Mechanism, Patterns of Development and New Threats] // Vestnik Saratovsko-go gosudarstvennogo sotsial'no-ekonomicheskogo universiteta [Vestnik of Saratov State Socio-Economic University]. 2017. № 3. P. 82-86.

10 See Borodin A.A., Lariontseva E.A. Elektronnaya autentifikatsiya [Electronic Authentication] // Nauchnaya mysl' [Science Review]. 2015. № 6. P. 91-97.

2. First Regulatory Steps

There are a number of development directions for the Russian law featuring their own approaches to the identification of subjects11.

The first direction is expectedly connected with the long-existing legal personal data institute, which represents the established control system. It is no coincidence that during an insignificant number of legal precedents on the identification issue, courts very often make a decision about the fact of dissemination of any information by a specific person on the basis of circumstantial information or testimony, because not everyone is registered in mail and Internet services, or social networks under own name and enter own personal data. Thus, in general, such actions of these persons cannot be considered illegal or unprincipled, as privacy is an important legal institute and a set of guarantees to ensure human rights and interests.

The improvement of the electronic signature legislation that has recently undergone a substantial revision12 shall be specified as the second development direction. Similar to personal data, the electronic signature plays an identical role — it is used to identify a person under certain circumstances.

The next direction of the control development is directly related to the Internet, and is reflected in the content and recent amendments to the Federal Law "On Information, Information Technologies and Information Protection".

11 Identification and authentication can be considered the basis software and hardware security. In this sense identification and authentication is so to speak "the first line of defense", the "pass-through" information space for any organization or community (see Gukasyan A.A. Identifikatsiya autentifikatsiya [Identification Authentication] // Alleya nauki [Alley of Science]. 2018. № 1. P. 457-460. URL: http://alley-science.ru/ domains_data/files/Collection_ofJournals/Pervyy%20tom%20Yanvar(%20isp).pdf (Accessed: 14.06.2018).The situation itself can be much worse in terms of legal regulation outside the Russian Federation borders, if take into consideration so-called Global Code that will be domain of millennias of Generation Y, which would constitute 34% of global population in 2020. They call themselves (identify as) Global Tribe (AKA Gypsy or Satellite Tribe). Their most telling feature is using a lot of travelling apps, which in their turn can be the elements of ambient intelligence (see Abeyratne R. The Internet of Everything // Abeyratne R. Megatrends and Air Transport. Legal, Ethical and Economic Issues. Cham, 2017. P. 213-244). The same megatrend in Russia might not be so considerable but yet challenging. Obviously, there is that one globalist tendency but still it seems the rule of law must dominate in some flexible way to let not get the whole situation out of control.

12 Amendments have taken place in connection with the adoption and the entry into force of Federal Law of 30 December 2015 No. 445-FZ "On Amendments to Electronic Signature Federal Law" that amended 12 out of 20 articles of the law.

The law currently provides the following tools to identify subjects on the Internet: self-identification under Art. 10, voluntary and compulsory registrations of bloggers and organizers of the information dissemination in registers of prohibited information. Since August 1, 2014 Federal Law of 5 May 2014 No. 97-FZ "On Amendments to Federal Law 'Information, Information Technologies and Information Protection' and Certain Legislative Acts of the Russian Federation Concerning the Adjustment of the Information Exchange Using Information and Telecommunication Networks" came into force, supplementing the laws with provisions that establish the legal status of the information dissemination organizer on the Internet, as well as the legal status of the blogger and registration obligations of specified subjects. Despite the imperative nature of the regulations, the self-identification under Art. 10 is not mandatory, but voluntary in the up-to-date social environment, as there is no responsibility for the violation of article regulations. A similar principle on the provision of personal data was provided for bloggers13 as well (Cl. 5 Art. 10-2 Federal Law "On Information, Information Technologies and Information Protection").

The organizer of the information dissemination is the key subject, for whom obligations are established to ensure the identification of the information and subjects (as to the storage and the provision of information) backed up by the obligation to notify of the beginning of own activities. To identify the blogger, in addition, there are obligations for hosting providers or other persons, who host sites or site pages on the Internet. A failure to comply with the obligations to provide information to identify individuals by relevant subjects incurs administrative liability14.

3. Court Practice

The development of the identification legislation is not limited by the specified directions. The popularity of electronic payments stipulates the development of the national payment system legislation and the counteraction against money laundering and terrorism financing, which already offers solu-

13 Such "testing" of regulatory ideas as the appearance of a new subject- the blogger in the Law on Information in 2014, and its disappearance from the law three years later is unacceptable, because any quality legislative amendments should have a broad horizon of effect. Approaching it otherwise decreases the level of respect for the law and complicates the application of the law, creating changing rules of the game for society, business and the state.

14 Art. 13.31 and 19.7.10 of RF Administrative Offense Code.

tions for conventional and so-called "simplified" identification in the sphere of financial services15.

In the field of finance in relation to legal identification issues of subjects of legal relations on the Internet and in the sphere of the electronic document flow, conflicts and litigation arise to recover damages caused by unauthorized debits to bank accounts, using bank information technologies and Internet banking solutions.

During arbitration case No. A56-13894/2013 Arbitration Court of St. Petersburg and Leningrad Region found that an agreement on the use of an electronic payment system was signed between a plaintiff and a bank (the future defendant). When using the relevant software and getting payment reports in October 2011, the plaintiff detected a transfer uninitiated by him; the bank was immediately notified thereof, but refused to return the money.

At court, the plaintiff claimed that "the lack of the necessary information the defendant failed to timely bring to the notice of the plaintiff incurred the unauthorized current account debiting by unidentified persons."16 The court took into account the circumstances, surrounding the use of the relevant system at the plaintiff's, when all the employees of the plaintiff could access it, and it could be used remotely, on the basis of which the court concluded that the unauthorized payment was caused by the bank's customer. Thus, the bank identified the electronic order and the signatory to the extent that did not allow to consider relevant actions as illegal.

In another case, the circumstances for the defendant bank that had introduced the electronic remittance order system for its customers initially evolved in a different way — the first two authorities satisfied the claims for the recovery of losses incurred in connection with the illegal debiting of the plaintiff's account, but the cassation canceled the judicial acts of lower courts and dismissed the case. The plaintiff stated that "showing a reasonable degree of care, the bank was able to determine that the said order had not been issued by the Company"11, but after analyzing an agreement on the electronic document flow and the requirements for the use of the personal digital signature established by the parties, the court of cassation decided that the bank did not

15 Naumov V.B., BraginetsA.Yu. Informatsionno-pravovye problemy udalennoi iden-tifikatsii sub"ektov v sfere finansovykh uslug[Information and Legal Problems of Remote Identification of Subjects in the Field of Financial Services] // Informatsionnoe pravo[In-formational Law]. 2016. № 1. Р. 13-19.

16 The arbitration award of the city of St. Petersburg and Leningrad Region of 16 April 2014 in case No. А56-13894/2013.

17 The resolution of the Arbitration Court of the North-West Region of 22 December 2015 in case No. А26-3 86/2015.

have grounds not to execute the disputed remittance order, and it could not be held accountable for its execution.

Apart from bank-client systems and the identification of actions of persons in the systems, revealing disputes with regard to the analysis arise in connection with the recovery of the debt in respect of rendered communications services, when the fact in proof depends on who is the recipient of relevant services. Thus, during case No. A56-3 5035/2009 the court of appeal pointed out that the communications service provider had not submitted the evidence necessary and sufficient to uniquely identify the user: "... it does not seem possible to identify the recipient of services due to the lack of documents, proving the allocation of a unique IP-address, a username and a password by HayklmpEx Co. Ltd., corresponding the IP-address specified in the equipmentstatisticsprovided by the Company"18.

In Russia in 2010, upon the initiative of the Supreme Arbitration Court of the Russian Federation, amendments were approved to procedural law19 that identification of subjects during their electronic interaction does not require full identification of individuals, and it is sufficient to formalize in the law the concept of the official website of the arbitration court and opportunities for information submission via the information system of arbitration courts "My Arbitrator"20.

Quite a few court precedents on electronic communications have formed in the state commercial (arbitration) courts in recent years. Below are some typical examples of court findings directly or indirectly relating to issues of identification.

In one of the cases the court found that a claim over the performance of a state contract could be sent from any e-mail address. What is important is that the message reference facts that may be known to the sender and recipient.

"The receipt or sending of a message using an e-mail address known as the e-mail of the entity itself or the office e-mail of the entity's competent employee evidences that those actions have been taken by the entity itself, until it has proven otherwise.

The respondent's argument that the claim was sent not from an e-mail address belonging to the claimant cannot be admitted by the appellate court, as the respondent should have known that the claim had been received pre-

18 The resolution of the Federal Arbitration Court of the North-Western District of 16 November 2010 in case No. A56-35035/2009.

19 Federal Law of 27 July 2010 No. 228-FZ "On Amendments to Arbitration Procedure Code of the Russian Federation".

20 Internet address: URL: https://my.arbitr.ru (accessed: 28.06.2018).

cisely from the claimant and not from another person when it received a message regarding remedying defects referencing the contract and the name of the customer"21.

In another case the court found that it was apparent from the evidence presented to the courts that a business relationship had arisen by exchange of e-mails between the bankruptcy liquidators S.A. Bondarenko and S.Yu. Kopytin (for example, on February 17, 2017 bankruptcy liquidator S.A. Bondarenko sent bankruptcy liquidator S. Yu. Kopytin a file with an electronic document titled "financial analysis").

It was apparent from the case file that on June 5, 2017 bankruptcy liquidator S. Yu. Kopytin sent bankruptcy liquidator S.A. Bondarenko an e-mail with an electronic document file titled "Application No. 20-05 of 20 May 2017 on including additional Questions.pdf.".

Therefore, it should be acknowledged that a business custom arose between bankruptcy liquidators S.A. Bondarenko and S. Yu. Kopytin of communicating by exchanging electronic messages to e-mail addresses allowing them to identify each addressee, including by the content of the messages22.

The Intellectual Property Court has also summarized issues related to communications. Thus, a party to a case can refer to e-mail correspondence that person had with others.

The parties to the correspondence not having an agreement on exchanging electronic documents and the fact that there is no digital e-signature on the documents sent and received does not prevent the documents and materials from being used as evidence. The receipt or sending of a message using an e-mail address known as the e-mail of the entity itself or the office e-mail of the entity's competent employee evidences that those actions have been taken by the entity itself, until it has proven otherwise.

E-mail correspondence should be evaluated together with other evidence, including circumstantial evidence, in its interrelation and on the whole.

However, difficulty in identifying the sender and addressee may not allow such correspondence to be considered relevant to the dispute being examined, as it is not possible to correlate such information with the parties in dispute and the relations between them. However, if both "corresponding" parties confirm the fact that it exists, such evidence may be deemed relevant if there are no other obstacles.

21 The judgments of the 15 th Arbitration Appeal Court of 29 September 2017 and of the Arbitration Court of the North Caucasus Circuit of 12 January 2018 in case No. А32-28069/2016, upheld by a Russian Federation Supreme Court judge.

22 Judgment of the Arbitration Court of the Urals Circuit of 13 February 2018 in case No. А60-23408/2015.

Briefing note approved by Decision of the Presidium of the Intellectual Property Court of 14 September 2017 No. SP-23/24.

There is also an interesting treatment of the use of information system status in Paragraph 3 of Judgment of the Plenum of the Russian Federation Supreme Arbitration Court of 23 March 2012 No. 14: the written form of the bank guarantee is considered complied with if it is issued in the form of an electronic SWIFT message.

Unfortunately, now the number of court cases is very limited and it does not allow to understand the practical trends for a business and citizens.

4. Unified Identification and Authentication System

The Russian government, aware of the importance of the agenda of subjects identification in the information space 23 in 2013 made the first systematic steps in the sphere of interaction between the state and the citizens: The Federal Law of 7 June 2013 No.112-FZ "On Amendments to Federal Law 'Information, Information Technologies and Information Protection' and Federal Law 'Access to Information concerning Activities of State Authorities and Local Government Bodies'" was adopted. It specified the status and laid the foundation for identification of subjects of information relations in the sphere of state services provision.

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.

Currently the Unified Identification and Authentication System (hereinafter referred to as the UIAS) has been established — the federal state information system24, procedure of using which is set by the Government of the Russian Federation, and which provides for cases specified by the law of the Russian

23 The Russian Federation is not alone in its efforts, and other CIS member states started using its experience. See, for example, the Resolution of the Cabinet of Ministers of the Republic of Uzbekistan of 17 December 2015 No. 365 "On Measures to Establish Central Data Bases of Individuals and Entities and to Introduce Unified Information System for Identification of 'Electronic Government' System Users". URL: https://www.uz-daily.uz/articles-id-27327.htm (accessed: 28.06.2018).

24 The upgraded UIAS version is put in operation by the Decree of the Ministry of Communications and Mass Media of the Russian Federation of 30 June 2014 No. 179 according to the "Plan of Actions ("Road Map") for Implementation of Concept for Development of Mechanisms for Provision of State and Municipal Services in Electronic Form", approved by the Decree of the Government of the Russian Federation of 9 June 2014 No. 991-p. In the last quarter of 2015 they integrated information systems of multifunctional centers, which have been long used in Russia, with the unified identification and authentication system. Previously support was implemented to integration of official websites and portals of federal executive authorities, executive authorities of the constituent entities of the Russian Federation and local government bodies used in process of provision of priority services with the unified identification and authentication system.

Federation, authorized access to information contained in information systems (Cl. 19, Art. 2 of the Federal Law "Information, Information Technologies and Information Protection").

According to Cl. 4.1, Art. 14 of the Federal Law "Information, Information Technologies and Information Protection", the Government of the Russian Federation defines the procedure for use of the unified identification and authentication system and establishes cases, when access via Internet to information contained in state information systems is provided exclusively to users of information, who have been authorized in the unified identification and authentication system.

However, even before adopting the above changes, the Resolution of the Government of the Russian Federation of 28 November 2011 No. 977 approved the "Requirements to Federal State Information System 'Unified Identification and Authentication System in Infrastructure Providing for Information and Technological Interaction of Information Systems Used to Provide State and Municipal Services in Electronic Form'"25 (hereinafter referred to as "Requirements to UIAS"), where technological and legal foundation was laid for identification exactly in the sphere of state management, in general, and state and municipal services, in particular26.

In accordance with Cl. 6 of the "Requirements to UIAS", it shall include some registers: of individuals, entities; registers of officials in authorities and organizations; as well as of authorities and organizations in the government of the Russian Federation; register of information systems; register of authorities and organizations entitled to create (substitute) and issue a key of a simple electronic signature for the purposes of providing state and municipal services.

An important architectural feature of UIAS introduction was cancellation of the strategy that existed in the last decade for use of exclusively electronic-digital signature (later on — reinforced qualified electronic signature). Putting a stake on a simple electronic signature (Cl. 3 of the "Requirements to UIAS") as more convenient to use and accordingly more popular, warrants attention and appreciation.

The "Requirements to UIAS" record definitions of concepts, which are important for the institute of legal identification, which are not yet unfortunately defined at the level of federal laws:

25 Later amendments were made repeatedly to the regulatory act.

26 In the same Resolution, a recommendation was given to state authorities to perform identification, authentication, authorization and registration of individuals and entities for the purposes of providing state and municipal services since April 15, 2012 with the help of UIAS.

"identification of users of information exchange — comparison of an identifier input by a member of information exchange into any of information systems ... to the identifier of this member contained in the appropriate base state information resource defined by the Government of the Russian Federation";

"authentication of information exchange members — checking that the input identifier belongs to the member of information exchange, as well as confirming identifier authenticity";

"authorization of information exchange members — confirmation of rights of the member of information exchange for access to infrastructure providing for information and technological interaction of information systems used to provide state and municipal services in electronic form" (Cl. 5).

Currently these definitions, together with terms from other industries, first of all, finance and from the standards sphere27 represent a limited term base, which badly needs efficient development. Since otherwise, without development and adoption of the balanced consistent and hierarchical system of definitions, the Russian law will be developed by introduction of new definitions, aiming at specific circumstances and conflicting with existing ones.

Besides, even today one may see discrepancies between the developed law on identification and existing law on personal data. The first one practically does not contain references to personal data categories and uses its own terms (for example, "identifiers"28), and the second does not provide a

27 In particular, GOST R50739-95.Computers technique. Information protection against unauthorized access to information. General technical requirements (adopted and brought into force by the Resolution of the RF Federal Agency on Technical Regulating and Metrology of 9 February 1995 No. 49), GOST R ISO/TO 13569-2 007. Financial services. Information security guidelines (approved by the Decree of the Federal Agency on Technical Regulating and Metrology of 27 December 2007 No. 514-ct), GOST R ISO/ IEC TO 19791-2008. National Standard of the Russian Federation. Information technology. Security techniques. Security assessment of operational systems (approved and brought into force by the Decree of the Federal Agency on Technical Regulating and Metrology of 18 December 2008 No. 525-ct), GOST R ISO/IEC27033-1-2011. National Standard of the Russian Federation. Information technology. Security techniques. Network security. Part 1. Overview and concepts" (approved and brought into force by the Decree of the Federal Agency on Technical Regulating and Metrology of 1 December 2011 No. 683-ct).

28 See the "Regulations on Federal State Information System 'Unified Identification and Authentication System in Infrastructure Providing for Information and Technological Interaction of Information Systems Used to Provide State and Municipal Services in Electronic Form'", approved by the Decree of the Ministry of Communications and Mass Media of the Russian Federation of 13 April 2012 No. 107 (as amended by the Decrees of the Ministry of Communications and Mass Media of the Russian Federation of 31 August 2012 No. 218, of 23 July 2015 No. 278).

clear instruction, at which moment of the identification process various types of data and information become protected personal data. Furthermore, the concept of personal data itself is rather broad which may raise a question of formal certainty of the relevant norms and, in theory, may call for a narrow interpretation of the concept of personal data29.

There is another important circumstance, which demonstrates understanding of the nature of quickly developing information technologies by UIAS developers. Thus, according to Cl. 6(1) of the Requirements to UIAS, the system shall provide for the opportunity "to use various methods of user identification" with provision of access to information with account of user powers and objectives of access to this information.

It should also be noted that in 2013 the "Requirements to UIAS" separately identified the procedure of identification for the purposes of using the Internet Resource "Russian Public Initiative"30. The latter shall only be accessed by citizens of the Russian Federation, who went through the registration procedure in UIAS, execution of which was accompanied by presentation of the main identification document and entry of information about such method of identity confirmation into the appropriate register of this system31.

It seems legitimate that such wide organizational, technological and standard-setting innovations in recent years were misunderstood or criticized32. Thus, four years ago the first legal precedent arose in respect of UIAS in the Supreme Court of the Russian Federation, when claimants affirmed that "the Government of the Russian Federation has illegally introduced the state register of the population and obligatory identification of all citizens by ID numbers"7'7'.

29 See Arkhipov V.V., Naumov V.B. Informatsionno-pravovye aspekty formirovaniya zakonodatel'stva o robototekhnike [Informational and Legal Aspects of Drawing up Robotics Legislation] // Informatsionnoe pravo [Informational Law]. 2017. № 1. Р. 19-27.

30 Internet address: https://www.roi.ru/.

31 Cl. 7(1) of the Decree of the Government of the Russian Federation of 28 October 2013 No. 968.

32 What is important, when making a decision about the use of UIAS, it is the convenience of registration for public. Statistics data indicates that most users prefer personal confirmation for registration and use system, which entails additional loss of resources. See TaninaA.V. Analiz razvitiya dostupa k edinoi sisteme identifikatsii i autentifikatsii [Analysing the Development of Access to Unified System of Identification and Authentication] // Innovatsionnaya ekonomika: perspektivy razvitiya i sovershenstvovaniya [Innovation Economy: Development Prospects and Improvement]. 2015. No. 2. Р. 249-252.

33 Ruling of the Supreme Court of the Russian Federation of 20 September 2012. No. APL12-503 // Consultant Plus (accessed: 16.05.2018).

The court found no breaches of the existing law there, including personal data law, and came to the conclusion that: "requirements specify the purpose of the identification and authorization system, as well as objectives of its use, and despite affirmations of the claimants, do not provide for assignment of identification numbers to citizens, do not breach the rights of the citizens for identification of themselves in any relations by surname, name, patronymic, date, place of birth and residence, relation to citizenship34", and that the persons reserve the right at their discretion to receive state and municipal services in other forms specified by law.

5. Biometric Identification

The first systematic step toward establishing a uniform system of regulation in identification over the past years has been the amendments to the Federal Law "On Information, Information Technologies and Protection of Information." In terms of their importance they can be compared to the changes that occurred with the creation of regulation on using the Unified System of Identification and Authentication (USIA) five years ago35.

The Federal Law of 31 December 2017 No. 482-FZ "On Amendments to Certain Legislative Acts of the Russian Federation" of December 31, 2017 laid the foundations for possible remote identification of citizens using bio-metric personal data.

Since June 30, 2018 the new version of the Federal Law "On Information, Information Technologies and Protection of Information" has regulated the general provisions allowing information technologies to be used for remote identification of Russian Federation citizens using their biometric personal data. Already in early 2018 it began to ensure interactive remote authentication and identification of individuals who are clients of lending institutions in order to conclude agreements with lending institutions36.

34 Ruling of the Supreme Court of the Russian Federation of 20 September 2012. No. APL12-503 // Consultant Plus (accessed: 16.05.2018).

35 See Chair F.S. Law and Order: the Twin Impact of Mobile and Biometrics // Biometric Technology Today. 2016. Iss. 9. P. 5-7. The key is that biometrics and mobile technologies are together undergoing radical change and becoming central to our work and everyday life. To understand what is happening in this sector and the implications, the equally rapid — and very much inter-dependent — developments in biometrics systems, and how these are being used by law enforcement officers across Europe.

36 Some authors specifically note that there are no legal barriers in Russia to the implementation of biometric identification in the banking sector, but at the same time, there are no laws that protect the personal data of citizens. To do this, it will be necessary to amend the legislation regarding the collection and storage of biometric data for

The essential novelty in the legislation was the "unified information system of personal data supporting the processing, including collection and storage of biometric personal data, their verification and transmission of information to the degree to which they match the provided biometric personal data of a Russian Federation citizen," which is defined in the law as the unified biometric system (Article 14.1 of the Federal Law "On Information, Information Technologies and Protection of Information").

A citizen's data wind up in it after the citizen has been personally identified (in his or her presence) and with his or her consent, after which the data are processed for identification purposes. It is the competent employees of government authorities37 or organizations that place the data in the system and they are signed with an enhanced encrypted and certified digital signature. It is also possible to update the data.

The operator of the unified biometric system will be one of the key players in this area. In June 2018 the Russian Federation Government tasked Rostelecom PJSC, an operator holding a substantial position in the public communications network on the territories of at least two thirds of Russian Federation constituent entities, with performing operator functions.

Article 14.1(18) of the Law makes it possible in the cases contemplated by federal laws to identify a Russian Federation citizen without the citizen being personally present by providing government authorities and organizations with information from the UIAS and information about the degree to which the biometric personal data of the person provided match his/her biometric personal data contained in the unified biometric system.

Encryption tools must be used in the second case, when the Internet is used; however, the individual is given the right to decide whether to refuse to use these tools or not. A refusal should be informed: the person should be warned of the risks related to such refusal.

commercial purposes. See Shacker I.E. Ispol'zovanie biometricheskoi autentifikatsii i pers-pektivy ee primeneniya v bankovskoi sisteme Rossii [The Biometric Authentication and the Prospects for its Use in the Russian Banking System] // Ekonomika. Nalogi.Pravo [Economics, Taxes & Law]. 2016. Vol. 9 . № 5. Р. 83-89.

37 See Karimian N., Wortman P. A., Tehranipoor F. Evolving Authentication Design Considerations for the Internet of Biometric Things (IoBT) // Proceedings of the Eleventh IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis — C0DES2016. N.Y., 2016. P. 1-10. The main thought of it is that the incorporation of biometrics to IoT design brings about concerns of cost and implementing a "user-friendly" design. For example, using of electrocardiogram (ECG) signals to implement distributed biometrics authentication within an IoT system model. ECG biometrics are highly reliable, more secure, and easier to implement than other biometrics.

The only exceptions to this situation (Article 14.1(20)) are cases when an individuals use a mobile telephone, smart phone or tablet computer to provide their biometric personal data. In that case, remote identification should be denied if encryption tools are not installed on them.

Consistent with the amendments being considered in the system of federal laws, a package of statutory regulations disclosing detailed requirements and rules in biometric identification was adopted at the end of June 2018. So, according to Russian Federation Government Resolution No. 772 of June 30, 2018, the following biometric personal data of an individual who is a citizen of the Russian Federation will be recorded in the unified biometric system:

"data of an image of the person's face obtained with the help of photo and video devices;

the person's voice data obtained with the help of sound recording devices38".

Most actions involving a citizen's data will be performed in exchange for a RUB200 fee for each action39.

The changes that have occurred in the legislation will undoubtedly have a considerable effect on all processes related to the development of a digital state and digital economy in the Russian Federation.

6. Conclusion. Identification and Digital Economy

A year ago the "Digital Economy of the Russian Federation" Program was adopted. In the Program, issues of identification are specified as part of the complex problem of protecting human rights in the digital world. In addition to identification, the Program emphasizes the issue of the security of users' digital data, and, together with them, the issue of ensuring individuals' trust in the digital environment.

The Program's "Roadmap" devotes several milestones to identification. These milestones are primarily related to creating legal conditions for creating

38 Specific technical requirements to the parameters of images and voice data will be set in Russian Communications Ministry Order of 25 June 2018 No. 321 "On Approving the Procedure for Processing, Including Collection and Storage, of the Parameters of Biometric Personal Data for the Purposes of Identification, the Procedure for Placing and Updating Biometric Personal Data in the Unified Biometric System, and Requirements to Information Technologies and Hardware Intended for Processing Biometric Personal Data for Identification Purposes" of June 25, 2018.

39 Order of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation of 25 June 2018 No. 322.

a common digital trust environment (item 1.7.1 of the Roadmap). The Program proposes granting equal status to the various means of identification and authentication of individuals and legal entities.

Secondly, it has been proposed to monitor the development of promoting identification technologies, including biometric identification technologies, identification based on the Unified System of Identification and Authentication and other identification technologies (item 5.4.13).

Thirdly, item 5.8.8 prescribes new legislative requirements for identifying users of information exchange subjects and identifying a user of Internet of Things40.

At the end of 2017 the Action Plan for "Statutory Regulation" of the Digital Economy of the Russian Federation Program was adopted based on the Roadmap (the Action Plan was approved by the Governmental Commission on the Use of Information Technologies to Improve Quality of Life and Business Conditions of the Digital Economy of the Russian Federation Program on December 18, 2017).

According to the Plan, in the next two years it will be necessary to amend and expand existing legislation on identification in a meaningful way. Among the principal objectives it has been proposed to develop a draft federal law "aimed at unifying identification requirements, expanding capabilities and means of identification" (action 01.01.001.001 of the Plan), draft laws on amending existing laws relating to introducing a mechanism for remote biometric identification (action 01.01.001.003) and draft regulations on improving the rules for accessing governmental information systems for organizations required to do identification (action 01.01.001.003).

By summarizing and systematizing the objectives and plans that are not fully interrelated, in the next few years there are plans to create an extensive institution of laws possessing its own terminology, a system of common conditions and principles of identification, and requirements when identifying subjects in various subject-specific legal relationships (e.g., in telemedi-cine or banking).

One of the Plan's key ideas is to expand the scope of entities that may be granted a separate right to do simplified identification (in particular, telecommunication service providers) and to whom other entities have delegated the right to identify individuals.

40 For patterns of how it might be generally achieved in the context of IoT see Liu J., Xiao Y., Chen C.L.P. Authentication and Access Control in the Internet of Things // 32nd International Conference on Distributed Computing Systems Workshops. Macau, 2012. P. 588-592.

This last item will make it possible to promote the creation of a special market for identification services and, what is essential, will eliminate a number of obstacles to doing identification, making it easier for entities to participate with their consent in various legal relationships in which the law sets requirements for identification and authentication. This will be achieved both by developing the recently launched biometric identification, and by taking other administrative and technical measures whose status will be defined in various regulations.

In general, so far in the existing version of the Plan the main hopes are connected with developing all kinds of means of remote identification.

Amendments to the Federal Law "On Prevention of Money Laundering and Financing of Terrorism" which, in the opinion of the plan's developers will help to harmonize the requirements of security and market demand are mentioned separately among the actions.

Summarizing the list of direct requirements by the Action Plan, and ideas of systematic development the probable draft law on identification must determine the following:

(a) Definitions of terms and subjects and unified legislative requirements to performing identification (the areas and methods of identification have been identified, the possibility of remote identification has been provided in those areas where such identification is currently unavailable);

(b) Principles of identification;

(c) Definitions and classification of types and methods of identification and terms of identification and authentication by each of the methods;

(d) Areas of legal relationships where identification is required and areas of legal relationships where identification must be performed free of charge;

(e) Using of UIAS and biometric systems, ensuring the security of individuals' data during identification and authentication;

(f) Mechanisms and requirements for protecting people's rights during identification; jurisdiction of identification disputes.

(g) Rights of banks, telecommunication operators, other entities to perform simplified identification of clients and the state control of their activities;

(h) How a law that enters into force will apply to relationships that arose earlier.

As long as the plans mentioned in the Program have not been carried out and the entire proposed range of legislative tasks and issues has not been resolved it will be possible to move progressively, amending the Federal Law "On Information, Information Technologies and Protection of Information".

First of all, it is important to define the terms identification (using the current definition in statutory acts) and identifier. The latter can be defined as

any unique information (code, key) uniquely linking a person, thing or process with the record about it in a document or information system.

Then it seems important to classify identifiers as identifiers of subjects and objects, and also to determine that identifiers may be public, contained in public systems and governmental information systems, and private.

In this classification, an individual's public identifiers may include his or her last name, first name, patronymic, taxpayer identification number, personal insurance policy number, subscriber number of an individual who has concluded a telecommunication services contract, other codes and keys. A legal entity's public identifiers will include, inter alia, its taxpayer identification number, primary state registration number or foreign entity code and other information.

Then it will be necessary in the law to set forth requirements and conditions for mandatory identification following from the law, and also a contract, and voluntary identification. It may be advisable for the first set of amendments to mention situations where identification can be done free of charge or using the services of third parties (agents). It will also be necessary to determine the scope of obligations of those participating in identification in order to ensure data is secure and the rights and interests of those being identified, especially individuals, are observed.

REFERENCES

Abeyratne, R. (2017). The Internet of Everything. In: Abeyratne, R. Megatrends and Air Transport. Legal, Ethical and Economic Issues. Cham: Springer, pp. 213-244. DOI: 10.1007/978-3-319-61124-2_7

Arkhipov, V.V. and Naumov, V.B. (2017). Informatsionno-pravovye aspekty formiro-vaniya zakonodatel'stva o robototekhnike [Informational and Legal Aspects of Drawing up Robotics Legislation]. Informatsionnoepravo[Informational Law], (1), pp. 19-27. (in Russ.).

Borodin, A.A. and Lariontseva, E.A. (2015). Elektronnaya autentifikatsiya [Electronic Authentication]. Nauchnaya mysl' [Science Review], (6), pp. 91-97. (in Russ.).

Boscarato, C. (2011). Who is Responsible for a Robot's Actions? An Initial Examination of Italian Law within a European Perspective. In: B. van den Berg and L. Klaming, eds. Technologies on the Stand: Legal and Ethical Questions in Neuroscience and Robotics. Nijmegen: Wolf Legal Publishers, pp. 383-402.

Chair, F.S. (2016).Law and Order: The Twin Impact of Mobile and Biometrics. Bio-metric Technology Today, (9), pp. 5-7. DOI: 10.1016/S0969-4765(16)30138-2

Demyanets, M.V. (2018). Pravovoe regulirovanie identifikatsii v usloviyakh razvitiya informatsionnokommunikatsionnykh tekhnologii [Legal Regulation of Identification in the Conditions of Development of Information and Communication Technologies]. Obra-zovanie ipravo [Education and Law], (1), pp. 104-114. (in Russ.).

Fairfield, J.A.T. and Engel, C. (2015). Privacy as a Public Good. Duke Law Journal, 65(3), pp. 385-457.

Gadzhiev, G.A. (2018). Yavlyaetsya li robot-agent litsom? (Poisk pravovykh form dlya regulirovaniya tsifrovoi ekonomiki) [Whether the Robot-Agent is a Person? (Search of Legal Forms for the Regulation of Digital Economy)]. Zhurnalrossiiskogoprava [Journal of Russian Law], (1), pp. 15-30. (in Russ.). DOI: 10.12737/art_2018_1_2

Gukasyan, A.A. (2018). Identifikatsiya autentifikatsiya [Identification Authentication]. Alleya nauki [Alley of Science], [online] (1), pp. 457-460. Available at: http:// alley-science.ru/domains_data/files/Collection_ofJournals/Pervyy%20tom%20Yan-var(%20isp).pdf [Accessed 14 June 2018]. (in Russ.).

Karimian, N., Wortman, P.A. and Tehranipoor, F. (2016). Evolving Authentication Design Considerations for the Internet of Biometric Things (IoBT). In: Proceedings of the Eleventh IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis — CODES2016. New York: ACM Press, pp. 1-10. DOI: 10.1145/2968456.2973748

Liu, J., Xiao, Y. and Chen, C.L.P. (2012). Authentication and Access Control in the Internet of Things. In: 32nd International Conference on Distributed Computing Systems Workshops. Macau: IEEE, pp. 588-592. DOI: 10.1109/ICDCSW.2012.23

Morkhat, P.M. (2018). Iskusstvennyi intellekt i prava cheloveka: teoretiko-pravovoe issledovanie [Artificial Intelligence and Human Rights: Theoretical-Legal Research]. Pravo i obrazovanie [Law and Education], (3), pp. 35-44. (in Russ.).

Naumov, V.B. and Braginets, A. Yu. (2016). Informatsionno-pravovye problemy udalennoi identifikatsii sub"ektov v sfere finansovykh uslug [Information and Legal Problems of Remote Identification of Subjects in the Field of Financial Services]. Informatsion-noepravo [Informational Law], (1), pp. 13-19. (in Russ.).

Nesterov, A.V. (2017). Vozmozhny li pravootnosheniya i yuridicheskie vzaimodeistviya mezhdu lyud'mi i robotami? [Are Legal Relations and Legal Interaction Possible Between People and Robots?]. Yuridicheskii mir [Juridical World], (8), pp. 57-60. (in Russ.).

Petrenko, M.N. (2018). Iskusstvennyi intellekt: o problemakh pravovogo statusa [Artificial Intelligence: Some Problems of Legal Status]. Alleya nauki [Alley of Science], [online] (1), pp. 491- 494. Available at: http://alley-science.ru/domains_data/files/ Collection_ofJournals/Pervyy%20tom%20Yanvar(%20isp).pdf [Accessed 14 June 2018]. (in Russ.).

Popov, M.V., Koblova, Yu.A. and Murygina, N.V. (2017). Instituty virtual'nogo pros-transtva: mekhanizm, zakonomernosti formirovaniya i novye ugrozy [Institutions of Virtual Space: Mechanism, Patterns of Development and New Threats]. Vestnik Saratovs-kogo gosudarstvennogo sotsial'no-ekonomicheskogo universiteta [Vestnik of Saratov State Socio-Economic University], (3), pp. 82-86. (in Russ.).

Potapova, A.V. (2014). Sotsio-boty kak sovremennaya ugroza: problema vyyavleniya i raspoznavaniya [Social Bots as a Modern Threat: the Problem of Detection and Recognition. Vestnikmagistratury [Magistrate's Bulletin], (12-1), pp. 108-110. (in Russ.).

Schwab, K. (2016). The Fourth Industrial Revolution. Geneva: World Economic Forum. [Russ. ed.: Schwab, K. (2016). Chetvertayapromyshlennaya revolyutsiya. Translated fom English. Moscow: Eksmo].

Shacker, I.E. (2016). Ispol'zovanie biometricheskoi autentifikatsii i perspektivy ee primeneniya v bankovskoi sisteme Rossii [The Biometric Authentication and the Prospects for its Use in the Russian Banking System]. Ekonomika. Nalogi. Pravo [Economics, Taxes & Law], 9(5), pp. 83-89. (in Russ.).

Tanina, A.V. (2015). Analiz razvitiya dostupa k edinoi sisteme identifikatsii i autentifikatsii [Analysing the Development of Access to Unified System of Identification and Authentication]. Innovatsionnaya ekonomika:perspektivy razvitiya i sovershenstvovani-ya [Innovation Economy: Development Prospects and Improvement], (2), pp. 249-252. (in Russ.).

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.

Uzhov, F.V. (2017). Iskusstvennyi intellect kak sub"ekt prava [Legal Personality of Artificial Intelligence]. Probely v rossiiskom zakonodatel'stve [Gaps in Russian Legislation], (3), pp. 357-360. (in Russ.).

Yastrebov, O.A. (2017) Diskussiya o predposylkakh dlya prisvoeniya robotam pravovogo statusa "elektronnykh lits" [Discussion on the Prerequisites for Assigning Robots Legal Status of "Electronic Persons"]. Voprosypravovedeniya [Issues of Jurisprudence], (1), pp. 189-203. (in Russ.).

БИБЛИОГРАФИЧЕСКИЙ СПИСОК

Архипов В.В., Наумов В.Б. Информационно-правовые аспекты формирования законодательства о робототехнике // Информационное право. 2017. № 1. С. 19-27. Бородин А.А., Ларионцева Е.А. Электронная аутентификация // Научная мысль.

2015. № 6. С. 91-97.

Гаджиев Г.А. Является ли робот-агент лицом? (Поиск правовых форм для регулирования цифровой экономики) // Журнал российского права. 2018. № 1. С. 15-30. DOI: 10.12737/art_2018_1_2

ГукасянА.А. Идентификация аутентификация // Аллея науки. 2018. № 1. С. 457-460. URL: http://alley-science.ru/domains_data/files/Collection_ofJournals/ Pervyy%20tom%20Yanvar(%20isp).pdf (дата обращения: 14.06.2018).

Демьянец М.В. Правовое регулирование идентификации в условиях развития информационно-коммуникационных технологий // Образование и право. 2018. № 1. С. 104-114.

Морхат П.М. Искусственный интеллект и права человека: теоретико-правовое исследование // Право и образование. 2018. № 3. С. 35-44.

Наумов В.Б., Брагинец А.Ю. Информационно-правовые проблемы удаленной идентификации субъектов в сфере финансовых услуг // Информационное право.

2016. № 1. С. 13-19.

Нестеров А.В. Возможны ли правоотношения и юридические взаимодействия между людьми и роботами? // Юридический мир. 2017. № 8. С. 57-60.

Петренко М.Н. Искусственный интеллект: о проблемах правового статуса // Аллея науки. 2018. № 1. С. 491-494. URL: http://alley-science.ru/domains_data/ files/Collection_ofJournals/Pervyy%20tom%20Yanvar(%20isp).pdf (дата обращения: 14.06.2018).

Попов М.В., Коблова Ю.А., Мурыгина Н.В. Институты виртуального пространства: механизм, закономерности формирования и новые угрозы // Вестник Саратовского государственного социально-экономического университета. 2017. № 3. С. 82-86.

Потапова А.В. Социоботы как современная угроза: проблема выявления и распознавания // Вестник магистратуры. 2014. № 12-1. С. 108-110.

Танина А.В. Анализ развития доступа к единой системе идентификации и аутентификации // Инновационная экономика: перспективы развития и совершенствования. 2015. № 2. С. 249-252.

Ужов Ф.В. Искусственный интеллект как субъект права // Пробелы в российском законодательстве. 2017. № 3. С. 357-360.

Шакер И.Е. Использование биометрической аутентификации и перспективы ее применения в банковской системе России // Экономика. Налоги. Право. 2016. Т. 9. № 5. С. 83-89.

Шваб К. Четвертая промышленная революция. М.: Эксмо, 2016.

Ястребов О.А. Дискуссия о предпосылках для присвоения роботам правового статуса «электронных лиц» // Вопросы правоведения. 2017. № 1. С. 189-202.

Abeyratne R. The Internet of Everything // Abeyratne R. Megatrends and Air Transport. Legal, Ethical and Economic Issues. Cham: Springer, 2017. P. 213-244. DOI: 10.1007/978-3-319-61124-2_7

Boscarato C. Who is Responsible for a Robot's Actions? An Initial Examination of Italian Law within a European Perspective // Technologies on the Stand: Legal and Ethical Questions in Neuroscience and Robotics / Ed. by B. van den Berg, L. Klaming. Ni-jmegen: Wolf Legal Publishers, 2011. P. 383-402.

Chair F.S. Law and Order: The Twin Impact of Mobile and Biometrics // Biometric Technology Today. 2016. Iss. 9. P. 5-7. DOI: 10.1016/S0969-4765(16)30138-2

Fairfield J.A.T., Engel C. Privacy as a Public Good // Duke Law Journal. 2015. Vol. 65. No. 3. P. 385-457.

Karimian N., Wortman P. A., Tehranipoor F. Evolving Authentication Design Considerations for the Internet of Biometric Things (IoBT) // Proceedings of the Eleventh IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis — C0DES2016. New York: ACM Press, 2016. P. 1-10. DOI: 10.1145/2968456.2973748

Liu J., Xiao Y., Chen C.L.P. Authentication and Access Control in the Internet of Things // 32nd International Conference on Distributed Computing Systems Workshops. Macau: IEEE, 2012. Р. 588-592. DOI: 10.1109/ICDCSW.2012.23

AUTHOR'S INFO:

Victor B. Naumov — Candidate of Legal Sciences, Senior Research Fellow of the Information Law and International Information Security Department, Institute of State and Law, Russian Academy of Sciences, Partner of the International Law Firm Dentons.

СВЕДЕНИЯ ОБ АВТОРЕ:

Наумов Виктор Борисович — кандидат юридических наук, старший научный сотрудник сектора информационного права и международной информационной безопасности Института государства и права РАН, партнер международной юридической фирмы Dentons.

CITATION:

Naumov, V.B. (2018). Problems of Development of Legislation on Identification of the Subjects of Information Space in Digital Economy. Trudy Institute gosudarstva i prava RAN — Proceedings of the Institute of State and Law of the RAS, 13(4), pp. 125-150.

ДЛЯ ЦИТИРОВАНИЯ:

Наумов В.Б. Проблемы развития законодательства об идентификации субъектов информационных отношений в условиях цифровой экономики // Труды Института государства и права РАН / Proceedings of the Institute of State and Law of the RAS. 2018. Т. 13. № 4. С. 125-150.

i Надоели баннеры? Вы всегда можете отключить рекламу.