^macro[html_start;Legal Problems of Information Security;Legal Problems of Information Security; Legal, Problems, Information, Security] ^macro[pagehead;img/library.gif] ^macro[leftcol] ^macro[centercol;

Vasili Polivanyuk,

Legal Problems of Information Security

Vasiliy Polivanjuk For today, a problem of the information security (IS) is one of the most critical not only in Ukraine, but also in developed countries. The experience of using the information systems and their resources in the various spheres of life shows that there rise diverse and rather real threats of information loss resulting in material and other damages. Practically, there is no 100% assurance of IS.

Interest to IS problems is defined by an ascending role of information in the various spheres of social life (e.g., economic, political spheres).

The problem of IS is one of actual issues, that rises to face the world community. The International conferences on security and trust in the cyberspace issues which have taken place in 2000 in Paris and Berlin were the significant events in the sphere of IS and fighting computer crimes. At these conferences the following important issues were considered: e-commerce and critical infrastructure security, increase of trust in the cyberspace by means of estimation of threats of crimes and their prevention^; improvement of detection and identification of the criminals by using information technologies (IT)^; improvement of partner relationship between state authorities and individuals, with a view of trust and security maintenance in the cyberspace. Also the group of eight countries adopted Okinawa Charter on Global Information Society on July 22, 2000, in which leading countries once again have emphasized the importance of all necessary measures aimed at creating safe and free from criminality, global cyberspace. There was also marked out a necessity of search for efficient political solutions of such actual problems, as unauthorized access and computer viruses.

According to the specified document, information and communication technology is one of the most influential and powerful forces which designate prospects of 21 century. Its revolutionary influence concerns the way of life, education, work. As the accelerator of the economic growth, the given technology possesses a great potential of various social transformations.

As a result, a legislative definition of "information security" concept has occurred in some European countries. So, Russian Law has a concrete definition of the given concept, namely: "information security of the Russian Federation is understood as a condition of security of the national interests in the information sphere, determined by the balanced interests of the person, the society and the state" [1].

However, the concept of "information security" is not defined by Ukraine’s Law.

So what is "information security"? We shall consider the contents of concept "security" as such.

During all history of world civilization, the security has been one of the main purposes of human activity, activities of social groups, society, states and world community. A care about the security is immanent in each particle of social structure, both for the concrete individual and the extremely wide human association.

The term "security" means the absence of danger^; safety, reliability [2] or situation when danger does not threaten anyone or anything [3]. The security issues are considered also at a legislative level, namely: Objects of Higher Danger Law, Nuclear Energy Use and Radiation Safety Law, Traffic Act, Fire Safety Law.

So, it is possible to draw a conclusion, that security is the safety of the person, the society and the state from internal and external threats.

The information is the basic object of an information society. Today its role is very important. The term "information" comes from a latin word "informatio", that means the explanation, the message. The information consists of messages. The message is the form of information representation.

According to Article 1 of the Information Law of Ukraine, it is necessary to understand “information” as documented or publicly announced data on the events which occur in the society, the state or the surrounding natural environment [4].

The important feature of information is the possibility of its practically unlimited duplicating, dissemination and transformation in any form [5].

Thus, IS is the safety of the person, the society, the state in the information sphere from internal and external threats. Let's note that information sphere is a field of activity related to creation, distribution, processing and using of the information [6].

The sources of internal threats are: adverse criminal conditions accompanying with trends of state and criminal structures merging^; obtaining of access to secret information by criminal structures^; increase in influence of the organized crime on social life^; decrease in security degree for legitimate interests of the people, the society and the state^; insufficient financing of IS maintenance actions^; insufficient economic power of the state^; critical condition of domestic industry.

The external are: activity of foreign intelligence and information structures directed against interests of the state^; aggravation of the international competition for IT and its resources possession.

Sources of the information danger are divided into natural (of natural origin) and artificial (created by human).

The vulnerabilities of the information security are caused by:

1) the absence of the united policy in the field of IS maintenance^;
2) the imperfection of the legal base regulating relations in the field of IS, and also insufficient enforcement practice^;
3) the insufficient control over the information market development on the part of state authorities and society^;
4) the low level of the informatization in the state authorities and commercial institutions^;
5) the low level of security interests for natural persons and legal entities in the information sphere^;
6) the merging of state and commercial institutions with criminal structures in the field of credit and financial sphere^;
7) the obtaining access to secret information by the criminal structures^;
8) the increase in influence of the organized crime on a society^;
9) the smuggled import and illegal sales of computers and radio communication means, unregulated profit.

Threats for the information means and systems can be:

- illegal collecting and use of the information^;
- development and distribution of software that breaks normal functioning of the information systems, including IS systems^;
- information leakage in the technical channels (visual, acoustic, electric, radio, material [8])^;
- implementation of the electronic devices for information interception in the means of processing, storage and transmission via communication channels, and also in the offices of public authorities, enterprises, institutions and organizations, irrespectively of a pattern of ownership^;
- destruction, damage or theft of computers and other data carriers^;
- information interception in the data networks and lines of communication^;
- unauthorized access to the information which occurs in the data banks and databases (can be purposeful and casual)^;
- infringement of the legal restrictions on the information distribution.

The central moment of IT application in Ukraine is the presence of the adequate information legislation. It is necessary to understand a complex of laws and normative acts which regulate legal relationship in the field of collecting, processing, saving and using the information [9]. However, current law (e.g., Information Law of Ukraine, State Secret Law, and News Agencies Act) does not cover all problems and does not form a complete system. Therefore, the realization of efficient measures of IS legal maintenance is vital. In fact the information society can be created only in the jural state.

One of IS components is the protection of information in the computer systems and networks. At a legislative level of Ukraine, protection of information in the computer systems and networks has not been yet considered. And, only owing to adoption of the new Criminal Code of Ukraine in 2001, computer security is put under protection of the criminal law (section 25 «Crimes related to computers, systems and computer networks»). However legislative definition of the given issues does not provide these crimes prevention. According to A. Matveeva «…legal criminal principles are only the necessary legislative basis (under conditions of a jural state), but not a single requirement. The major importance lies in their correct and proper application. As a major principle of the criminal liability it is necessary to recognize its inevitability. Thus it is necessary to estimate the perfection of the existing criminal law before considering its organizational and technical complexity.

As a result, the further improvement of legal basis is becoming obviously necessary. Thus, the unity of the various branches of law and the maximum reduction of their imbalance [10] are critically necessary.

The IS lies not only in taking legal measures, it also includes a wide range of organizational, technical and other actions:

- establishing and improvement of the IS system^;
- development, use and improvement of the IS means and their efficiency monitoring^;
- development of the protected telecommunication systems^;
- increasing reliability of special software^;
- certification of the IS means^;
- licensing of activities in the field of State secret security^;
- standardization of ways and means of information protection.

Therefore, fulfillment of the complex of actions is possible in the presence of the advanced legislative basis and financing.

[1] B. Andreev, P. Pak, V. Khorst, The Information Security Doctrine of The Russian Federation, Investigation of Crimes in The Sphere of Computer Information, Moscow: "Jurlitinform", 2001. - p.89.
[2] V. Dahl, Russian Dictionary, vol.1, Moscow: 1978, p.67.
[3] S. Ozhegov, Russian Dictionary, Moscow: 1986, p.38.
[4] Information Law of Ukraine, from 02.10.1992, Verhovna Rada Bulletin, 1992, #48, Article 650.
[5] Civil law, Textbook, edited by A. Sergeeva, J. Tolstoy, Moscow: Prospect, 1997, pp.214-215.
[6] P. Orlov, Information and Informatization: Legal Maintenance, Scientific practical manual, Kharkiv: Ministry of Internal Affairs High School, 2000, p.9.
[7] Russian Criminological Encyclopedia, edited by A. Dolgovoy, Moscow: NORMA, Infra-M, 2000, p.67.
[8] Information Security Methods and Means: Methodical Instructions, Kyiv: Kmuga, 1997, p.17.
[9] M. Kiselyov, About Unite Information System of Legal Authorities of Ukraine, Law of Ukraine, 1997, ¹3, p.53.
[10] A. Matveeva, Information Security and Problems of Criminal Legislation Improvement, Criminal Law in 21st Century: Materials of the International Scientific Conference in Moscow State University, Moscow: Lexest, 2002, pp.181-186.

^macro[showdigestcomments;^uri[];Legal Problems of Information Security]

] ^macro[html_end]