Information security: international legal aspects of its provision

Gorbunov Igor' Andreevich Postgraduate student, Department of Administrative and Financial Law, Peoples' Friendship University of Russia 117198, Russia, Moscow, Miklukho-Maklaya str., 6 igoragor97@mail.ru Other publications by this author

The cross-border nature of threats to information security creates an undeniable need to consolidate the forces of various countries to counter such threats, which is also associated with the process of digitalization ^[1]. Each State, protecting primarily its national interests, seeks to assert dominance in the information space. However, at the same time, the information policy of countries should be aimed not only at ensuring their own information sovereignty, but also at implementing this policy in such a way that the national interests of other participants in international legal interaction are not violated. In such conditions, the goals of maintaining the security of the global information space may be unattainable without proper cooperation (in particular, organizational and legal) in solving problems related to ensuring international information security at several levels of interaction: bilateral, regional, global.

The international legal aspects of ensuring information security in the context of current global problems and international conflicts are of scientific interest to both political scientists and legal scholars. The problems arising in this area are interdisciplinary in nature and include "a block of theoretical and methodological legal issues of the application of norms, rules and principles of responsible behavior of states designed to promote an open, safe, stable, accessible and peaceful information and communication environment" ^[2].

The problems of international legal regulation of information security are aggravated not only by the desire of each of the parties to international legal relations to assert their exclusive dominance in the information space and, above all, to ensure the protection of their information sovereignty, but also by the fact that at the moment there is no single document at the international legal level comprehensively regulating issues of international information security, in particular including defining the responsibility of States for conducting a destabilizing information policy.

The initiative of the Russian Federation, which presented an updated version of the concept of the UN Convention on International Information Security in 2021, is interesting. This document was never adopted due to the opposition of the United States and a number of European countries. Such behavior of Western countries is dictated by the presence of contradictions and the difficulty in reaching an agreement between the interests of major geopolitical actors, each of which seeks to occupy the most dominant position in the global information space.

In general, it is worth noting that the position of the Russian Federation on the development of international principles and mechanisms for ensuring information security is quite active. Back in 1998, on the proposal of the Russian Federation, the UN General Assembly adopted Resolution A/RES/53/70 "Achievements in the field of information and telecommunications in the context of international security", which formulated threats to international information security implemented in three target planes – military-political, criminal and terrorist (triad of threats). In 1999, a new resolution was adopted, which stated the possibility of using information and communication technologies in the military and civilian spheres ^[3].

Currently, the main purpose of Russia's information and legal activities at the United Nations is to promote the idea of the need to adopt a universal legally binding document regulating information security issues on a global scale. So, on May 15, 2023, Russia, together with Belarus, the DPRK, Nicaragua and Syria, introduced the concept of the UN Convention on ensuring international information security. The conceptual foundations of this document presuppose the implementation of the principles of sovereign equality of States and non-interference in their internal affairs.

According to the author, the need for the adoption of a single international treaty in the field of international information security is still relevant, and therefore Russia's active role in the implementation of this idea should be supported using international legal mechanisms and participation in integration associations.

The fundamental legal principles on which the system of legal provision of information security is based should be enshrined in a single international treaty, which, firstly, will be the final stage in achieving consensual approaches between major subjects of international legal relations, and secondly, will promote uniformity in procedures and mechanisms for ensuring international information security. In this regard, it is impossible not to agree with the following statement by A.K. Dubenya: "the fundamental principles in the field of ensuring international information security require consolidation at the global level, since the supranational level of legal support on a regional scale, involving the participation of several (or several dozen) states, cannot fully satisfy the need of the world community to solve problems international information security" ^[4].

It is worth noting that the regulation of relations in the field of international information security is carried out by international norms of a general nature, which establish the basic principles of interstate interaction.

The Charter of the United Nations establishes a number of fundamental goals and principles that are relevant, among other things, to the field of information security (Articles 1, 2). According to N.A. Molchanov and E.K. Matevosova, the provisions of the UN Charter "do not answer many questions of ensuring international information security, which, admittedly, have arisen to humanity striving for universal peace much later than the adoption of this Charter" ^[5].

Nevertheless, it is worth recognizing that a number of norms of this document have an extensive subject of international legal regulation. Thus, the principles of sovereign equality, the settlement of international disputes by peaceful means, the non-use of force or threat of force, as well as other principles of international law implemented in order to maintain international peace and security, equally apply to conflicts between countries in the information sphere.

An important source of international legal regulation of information security is the Okinawa Charter of the Global Information Society, which sets out the official views of the G8 member States (including Russia) on the prospects for the development of the information society in the 21st century. The document mentions problems related to ensuring international information security, for example, it is noted that "the efforts of the international community aimed at developing a global information society should be accompanied by coordinated actions to create a safe and crime-free cyberspace" (paragraph 8). The Okinawa Charter also pays special attention to the following issues:

1) protection of intellectual property rights in information technology;

2) protection of privacy in the processing of personal data;

3) development and effective functioning of means to ensure the safety and reliability of operations;

4) attracting specialists to protect important information infrastructures.

The Tunisian Program for the Information Society of November 15, 2005 establishes the following set of actions aimed at implementing the principles previously approved:

1) protection of the safe, continuous and stable operation of the Internet network, as well as ensuring security when using ICT;

2) intensification of international cooperation and implementation of actions at the domestic level in order to strengthen the global culture of cybersecurity;

3) Protection of children and youth from molestation and exploitation through the use of ICT.

Some individual aspects of international information security are regulated by international acts affecting the field of cybercrime and human information rights and freedoms. In this case, it should be understood that the provisions of some fundamental international treaties of the Council of Europe, including the Convention for the Protection of Human Rights and Fundamental Freedoms, do not apply to the Russian Federation due to its withdrawal from the Council of Europe. Without entering into a discussion about the political validity of this action, the author considers it necessary to note that many of these acts, including the said Convention, contained important provisions on human information rights and personal information security. At the same time, these norms can also be found in other international treaties executed by the Russian Federation.

As V.A. Sadovnichy rightly noted, "the adoption of norms of safe activity in cyberspace is an imperative of our time" ^[6]. However, given that each country has its own national interests and their unwillingness to give up sovereignty in favor of international legal agreements and compromise reached in order to solve global problems of an interstate scale, the question of how the sphere of international information security should be regulated is becoming more urgent. Most of the currently adopted documents in this area are of a recommendatory nature, which, on the one hand, is a logical result of the desire of States for sole domination in the information space and unwillingness to assume the burden of obligations, but, on the other hand, shows the ineffectiveness of the norms of "soft law" in comparison with legally binding norms.

This conclusion is another clear evidence of the need to maintain the position of Russia and its allies in adopting a single international act, on the basis of which the obligations of states in the field of international information security will be determined, since the recommendatory norms in international law, not supported by a real mechanism of coercion, are left to the "integrity" of states, often uninterested in the implementation these standards.

It is obvious that the so-called international morality, which is understood as "a system of norms, assessments, prescriptions, patterns of behavior that perform the functions of moral regulation in the system of international relations, in shaping the value of a culture of peace, in the formation of a democratic and nonviolent world order" ^[7], is not an effective way of "calling" for lawful behavior. This explains the fact that the Russian Federation did not become a signatory to the Paris Call for Trust and Security in Cyberspace, which was delivered by the President of France at the XIII Internet Governance Forum on November 12, 2018, despite the widespread support of this document by other countries, international and other organizations.

At the same time, the content of the said document should pay special attention to the unequal ratio of the information sovereignty of States. A state with a low level of digital and technological sovereignty, but formally an independent and equal subject of international law, does not have real sovereignty, since independence in domestic and foreign policy spheres, in conditions of countries' involvement in the global information space and the imbalance of their digital potential, is dependent on the ability to counter information challenges and threats. In this regard, it should be noted that the effectiveness of standard-setting activities in the field of ensuring international information security depends both on the form of consolidation of international legal norms (in advisory acts or legally binding ones) and on the content of these norms, taking into account the unequal status of States as subjects of the international political system.

Closer cooperation in the framework of information security is carried out at the regional level. The Russian Federation is an active participant in many regional integration associations created for the joint achievement of economic, political and other goals by Russia and its allies. Such organizations include the CSTO, SCO, CIS, BRICS, and EAEU, within the framework of which agreements have been concluded regulating the procedure for cooperation in the field of international information security.

The most developed cooperation in the framework of the issues under consideration is carried out by the CIS member states. Due to the close and historical integration and partnership relations between the members of this organization, a large number of CIS legal acts in the field of information security have been adopted at the moment. At the same time, these acts are both legally binding and advisory in nature.

Taking into account the existing geopolitical situation and the intense confrontation (including the use of information weapons) between Russia and Western countries, establishing and building partnerships with the participating countries of these integration associations is one of the priorities of the state's foreign policy. The reason for the need for such cooperation is the policy of European countries and the United States aimed at the international isolation of Russia and sanctions pressure on it, which contributes to the growth of the global crisis and the building of political and legal mechanisms based on the ideological proximity of the countries and the commonality of their political goals.

In this regard, it is advisable to agree with the following words of the Chairman of the Constitutional Court of the Russian Federation V.D. Zorkin: "it must be well understood that we have not only many serious enemies, but also many friends or allies who are keenly interested in our support" ^[8].

The Russian Federation is developing a mechanism for bilateral cooperation in the field of information security, which is very mobile and effective in comparison with global and regional cooperation formats. At the moment, Russia has concluded a large number of intergovernmental agreements related to cooperation in the field of international information security. Such interstate cooperation is carried out mainly with friendly countries that do not share the idea of a unipolar world and interact with Russia on the basis of mutually beneficial alliance and partnership.

It is impossible not to note the special level of allied cooperation between Russia and Belarus. A significant result of the allied efforts of Russia and Belarus was the adoption of the Information Security Concept of the Union State dated February 22, 2023, approved by the resolution of the Supreme State Council of the Union State. Such a step is a consequence of the increasing economic and political pressure from Western countries, which requires a special level of coordination of political and legal mechanisms between Russia and Belarus in order to counter information attacks from unfriendly countries.

Thus, the high level of interdependence of countries and the need to ensure the principle of indivisibility of security form the global need to find compromises and common approaches in ensuring international information security. The definition of a single conceptual framework that does not allow ambiguity, contradictions and terminological uncertainty, as well as the basic principles that are the legal foundation of the legal regulation of international information security, should be implemented by developing a single international treaty. Such a conclusion is due to the ineffectiveness of the norms of "soft law" and international morality based on the principles of voluntary fulfillment of obligations implemented in the process of interstate interaction.