Russia Plans To tighten Data Protection Owing To Intelligence Leaks
Aimed at preventing leaks of personal information from state agencies, Russia has drawn up a bill, a move that follows publication of details of Russians allegedly involved in covert intelligence operations abroad.
Based on reports from Reuters and Interfax, the bill, produced by Russia’s communications ministry, bars unauthorized people from creating and publishing databases of personal data drawn from official sources, and fines anyone violating that rule.
It also requires that state agencies setting up systems for handling personal data consult with the Federal Security Service, Russia’s main domestic intelligence agency.
The communications ministry did not respond to a request for comment from Reuters.
The bill, published late on Thursday, says it is in response to a 2017 instruction from President Vladimir Putin and makes no mention of the spate of leaks.
However, Russian authorities have been embarrassed by leaks about two men Britain alleges were Russian intelligence agents who used a nerve agent to poison former spy Sergei Skripal and his daughter. Russia denies involvement.
The two men told Russian television they were innocent tourists who went to the English city of Salisbury, where Skripal was living, to view its cathedral.
But the Bellingcat investigative journalism website, drawing on leaked passport information, identified the two as officers with Russia’s GRU military intelligence agency.
In a separate case, a Russian accused in a U.S. indictment of conducting cyber-attacks around the world was traced, via leaked official databases, to an address in Moscow that Washington says is a base for Russian military intelligence.
The legislation, comprising two draft laws and a draft government resolution, has been published for a 30-day period of public consultation, after which it will be submitted to parliament and the government for approval.
Russia has an active black market in illegal databases compiled using confidential information stolen from state-run registries. The data includes passport details, addresses, car registrations, flight manifests, and even tax returns.
Many of the databases are openly available on the Internet. The Russian authorities have struggled to stamp out the practice. Now releasing personal data in this way is already illegal under existing legislation.
Julia Sowells700 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.