Reflections on the "Spring Package" and ways to control uncontrolled

Passions have sort of subsided, and the inevitability has become obvious - probably it will not work out. Let us then think about what kind of human rights measures there is an opportunity to demand.

I will try to draw an analogy. In Russia, gambling is prohibited for most of it. Result: the business has not gone away, and the security services are holding monopolists, arranging masks shows to all competitors for 2-3 days after opening. One could screw up Putin’s “cunning plan” on the hidden replenishment of the defense and intelligence budget, but it is highly doubtful.

For comparison, in the countries that survived the puritanical period, the complexities of quasi-taboo are tightly regulated. As a result, taxes are paid, the spread of sexually transmitted diseases is restrained, the state monitors the percentage of casino profitability, the casino is obliged to restrict access to gamers, etc.

If something is inevitable, then the question of public control of this inevitable should be raised.

Concerns have arisen

1. Violation of the secrets of personal correspondence and conversations.
2. Violation of trade secrets for the purpose of unfair competition.
3. Load on operators and tariff increases.

How to solve these issues in one fell swoop

I invite the respected community to think and bring to mind the following suggestions for the further collection of signatures for consideration at the federal level:

• The state is obliged to provide a single ready-made hardware and software solution for all operators free of charge.
  
  • The actions of the norms of the “Spring package” should be postponed until this requirement is met and at least 3 equipment manufacturers appear.
  • Directly the purchase of equipment still falls on the shoulders of operators.
  • All auxiliary means fall under this requirement.
• The program part should be unified and developed and maintained at the expense of the state with the possibility of citizen participation.
• Both software and hardware must be 100% open to public scrutiny. Those. Neither x86 nor Elbrus can get into this list.
• Each software update must be digitally signed by the following authorities:
  
  • FSB,
  • An autonomous NPO is a public platform where every citizen can make a valid claim for blocking,
  • The ombudsman under the President of the Russian Federation - only after the signature from the NPO,
  • Court of III instance and above - signed last.
  • The law should protect private key holders from the need to provide it upon request.
• The hardware must have a clear GOST and certification procedure that is accessible to everyone with a legal ceiling for payment (up to 1 million rubles).
  
  • GOST must be approved by all those persons.
• All data must be stored in encrypted form without the possibility of obtaining them even with an unauthorized autopsy.
• Any access to stored data must be fully recorded.
  
  • There should be full details of access to specific data.
  • There should be several different types of access with public key infrastructure:
    
    • For security officials and prosecutors - only reading data and auditing access, removing the mode of secrecy,
    • For judges of the II instance and above - only reading of the access audit and the ability to enter the mode of time secrecy of access,
    • For technical staff - only the ability to install signed updates, network settings and removable equipment,
    • To sign the software: only the signature of the finished binary artifacts.
• Every citizen and organization should receive a report on the use of this data once a month, even if such cases are not recorded (proof of lack of access).
  
  • For cases of long-term surveillance, to allow the interception of the wiretap by the court of II instance and above. Directly the judge himself must execute such a decision without delegation to a third party.
    
    • Privacy policy should be updated every three months.
    • The secrecy regime should be immediately removed at the conclusion of the investigation.
  • When removing privacy, a full report on access must be provided during the period of secrecy.
• Criminalize unauthorized or unjustified access to data:
  
  • Full immunity withdrawal in the case if available,
  • From 3 to 5 years conditionally without the right to hold the relevant position, plus a fine,
  • If minors suffered from 3 to 5 years with a real sentence,
  • If the violation of a trade secret has economic consequences, from 3 to 5 years with a real term of punishment, damages and confiscation of property.
• Criminalize the theft, seizure or use of someone else's digital signature keys, as well as add bookmarks for unauthorized access or exploit vulnerabilities:
  
  • Equate to the article treason.