the Service want to test system of citizen control for security.
the Federal security service (FSB) supported the issues of security deployed in the regions of monitoring systems for citizens in a period of self-isolation. The service is reminded of the need to coordinate with it such developments and eager to check them for threats, from interdepartmental correspondence. Such systems should be subject to the law “On the security of critical information infrastructure (KII)”, which distributes them to the requirements of the FSB and FSTEC, according to lawyers.
SB supports the proposals about the need to “have security” systems monitor the behaviour of citizens during pandemic coronavirus, described in the conclusion of the Moscow branch of Association of lawyers of Russia (AYUR MO), follows from the letter of the head of the scientific and technical service, the FSB Edward Chernomortsev in the Ministry of communications. When designing such systems it is necessary to agree technical specifications and the model of threats of information security of the FSB, stated in the letter.
All information systems for monitoring citizens must comply with the requirements of the FSB and the Federal service for technical and export control (FSTEC) to protect against unauthorized access, alteration, or destruction of information, as the value and sensitivity of citizens to collect data is extremely high, pointed out earlier MO RAL in the appeal to the government, the mayor of Moscow, the communications Ministry and the FSB. Due to the high social importance of these information systems can fall under the regulation of the Federal law “On safety CUES” with all its requirements for security, which have been approved by the FSB, pointed out MO RAL, expressing doubts as to their compliance with the specified requirements.
In the Department of information technology (DIT) of Moscow failed to promptly respond to the request.
the object CUES are monitoring systems that belong to state agencies, institutions or persons that carry out activities in the areas specified in the law “On safety CUES”, reminds FSTEC in its response, the Ministry of communications to request the position regarding the letter MO AYUR (there is a “b”). It is, in particular, on information systems in healthcare and transport, recalls the Director Legal at Deloitte CIS Catherine Portman. The implementation and operation of systems of monitoring of citizens during the pandemic associated with the maintenance of public health may exclude them from requirements to CUES, she said, agreeing that the rapid adoption of systems in pandemic could lead to a mismatch in terms of compliance with security and data protection.
Roskomnadzor after considering the firm.eniya MO RAL sent a request to DIT to provide information about the conditions of handling and use obtained through the application of “Social monitoring” of personal data of users to draw conclusions about the compliance of the application with the requirements of the law “On personal data”, to the letter of the Ministry.
the Ministry it does not see the need for additional measures to maintain the security of information systems and data processing, the reply of the Ministry of defense of AYUR.
Some regions such as Tatarstan, have already announced that they began to remove collected information to monitoring systems data about citizens, said associate Professor, faculty of law, HSE Alexander Savelyev. In Moscow has its own situation — here a formal experimental regime for the development of artificial intelligence, he recalls, but “hopefully” that, in spite of this, Roskomnadzor will monitor compliance with the law.