Ruslan Rakhmetov, Security Vision
3.1 Introductory principles of legislation and legal research
The authors of the book point out that legislative approaches and standards are unknown to many technical specialists. Therefore, the introductory part provides a brief description of the applicable legal principles. We will add that in this chapter the authors examine legislation applicable mostly to foreign jurisdictions. However, Russian readers will probably be interested in familiarizing themselves with them, for example, in preparation for the introduction of domestic export-oriented solutions and services to foreign markets.
3.1.1. The nature of legislation and legal analysis
By analogy with the exact sciences, legislation must obey strict logical rules and must predict the consequences of various events. However, jurisprudence does not study the fundamental laws of nature, but is associated with social and political values and human behavior. Legislation is formed by the legislative power, provided by the executive power and controlled by the judicial power, and is constantly changing following the development of civilization, societies and technologies. Legal systems are divided into:
1) Case law (English: Common Law ), Anglo-American legal family: used in English-speaking countries, the dominant source of law is judicial precedent;
2) Non-precedent (continental) law (English Civil Law ), Romano-Germanic legal family: used in most European countries, the dominant source of law is the normative act;
3) Religious law (Fihk and Sharia in the Muslim world, canon and church law in Christianity, Halakha in Judaism, Hindu, Buddhist, Shinto law, etc.): based on religious dogmas and decisions of the clergy, the norms apply only to representatives of a specific religious group;
4) Socialist law: applied in socialist countries (PRC, DPRK, Vietnam, Cuba);
5) Mixed (hybrid) legal systems: consist of various combinations of other types of law.
An important aspect of the application of legislative norms is understanding their applicability and priority. Thus, in the Russian Federation the hierarchy of laws is as follows:
1) Constitution of the Russian Federation;
2) Federal Constitutional Laws (FCL);
3) Federal Codified Laws (Codes). For example, the Code of Administrative Offences of the Russian Federation, the Civil Code of the Russian Federation, the Labor Code of the Russian Federation, etc.;
4) Federal Laws. For example, 149-FZ, 152-FZ, 187-FZ, etc.;
5) Subordinate legislation: Decrees of the President of the Russian Federation, Resolutions of the Government of the Russian Federation, regulatory acts of federal executive authorities, regulatory legal acts of the constituent entities of the Russian Federation.
In the European Union, there are norms of primary law (EU treaties, which have the highest legal force) and secondary law (specific regulations, directives, recommendations issued by EU departments and institutions to regulate specific issues). The hierarchy of normative acts in the EU is as follows:
1) Directives - are implemented in each EU member state in compliance with the provisions of national legislation;
2) Regulations are requirements that are mandatory for immediate implementation by all EU members.
An important element of interstate interaction are international treaties. Thus, in some countries, the provisions of an agreement concluded between states come into force immediately, while in some countries, national legislation is first amended, and then an international treaty is signed. In accordance with the provisions of Article 5 of the Federal Law "On International Treaties of the Russian Federation", if an international treaty of the Russian Federation establishes rules other than those provided by law, then the rules of the international treaty are applied, while decisions of interstate bodies adopted on the basis of the provisions of international treaties of the Russian Federation in their interpretation, contradicting the Constitution of the Russian Federation, are not subject to execution in the Russian Federation.
3.1.2. Application of legislation in cyberspace and to information technologies
With the development of information technology, the opinions of lawyers regarding the regulation of cyberspace were divided: some believed that the Internet was a fundamentally new phenomenon to which previous norms were not applicable, while others, on the contrary, considered cyberspace as a virtual reality created by mankind, the actions of subjects in which are similar to their behavior in the real world and should be assessed in a similar way. Over time, the opinion of the second group began to prevail, and now people's actions in cyberspace are assessed in accordance with legal norms applicable to the physical world. With the development of artificial intelligence technologies, a similar dilemma arose, which was also resolved in a similar way: an AI system cannot be considered an independent entity and the developer must bear full responsibility for the consequences of its work.
3.1.3. Differences between criminal and civil law
3.1.3.1. Criminal law
Criminal law is required to combat unlawful conduct and is intended to:
1) Deterrence - keeping members of society from unlawful behavior;
2) Incapacitation - limiting the ability of criminals to cause further harm to society ;
3) Retribution - collecting payment from a criminal for the crime committed;
4) Restitution (retribution, restitution ) - compensation by the criminal for the damage caused to the victim;
5) Rehabilitation (correction, rehabilitation ) - the formation of law-abiding behavior in a criminal in the long term.
The terms "crime", "guilty", "not guilty", as well as "investigation", "suspect", "accused", "interrogation" are used in criminal proceedings and law enforcement work, therefore they should not be used when considering civil cases and conducting internal corporate checks on the facts of various incidents of physical and information security. Punishments in various countries may include imprisonment, fines, seizure and confiscation of property and instruments of crime, fines and compensation for damage to victims. In accordance with Article 44 of the Criminal Code of the Russian Federation, the types of punishment are a fine, deprivation of the right to hold a position, deprivation of rank and state awards, mandatory, corrective or forced labor, arrest, restriction or deprivation of liberty.
Most jurisdictions have a presumption of innocence (a person is presumed innocent until proven guilty), but some countries also have a presumption of guilt (a person is presumed guilty until proven guilty). In addition, most countries have a general principle of "ignorance of the law is no excuse" and lack of criminal intent or awareness of the consequences is not an excuse. Most countries also have a default rule that laws are not retroactive (there is no liability for an act that was not recognized as an offense at the time it was committed). However, some laws have exceptions to this rule, and some offenses are considered continuing. For example, when information was published on the Internet before it was recognized as prohibited and was still available at that time.
3.1.3.2. Civil law
Civil law regulates property and non-property relations between organizations and individuals. The means of legal protection are monetary compensation for damage, a requirement to terminate legal relations between the parties, a requirement to stop the illegal activity of the responsible party, a requirement for the responsible party to take certain positive/compensatory actions (for example, to transfer property rights to real estate). The principles of civil law are developed and applied, among other things, to compensate for the negative externalities of a careless attitude to the cybersecurity of information products and services in the modern economy, which should lead to a more conscious attitude of responsible persons.
3.1.3.3. One offense - two types of punishment and two trials
A single malicious act or a series of related acts may give rise to liability under both criminal and civil law. For example, if Alice hacked Bob's computer and caused his entire home network to fail, the act would be subject to both types of liability: the government would prosecute Alice under criminal law for unauthorized access to Bob's personal device, and Bob could file a civil lawsuit seeking compensation for the damage caused to him. In this case, Alice would be tried in two courts and would have two different procedures for proving her guilt, and the goals of the prosecution would be to protect the interests of the entire society from Alice's misconduct and to compensate Bob for the damage caused to him.
3.1.4. Nature of evidence and evidentiary base
The concept of proof in law is different from the meaning given to it by mathematics or logic. In law, to “prove” something means to use admissible evidence to show the truth of the disputed events to a certain degree of certainty. Admissible evidence may take different forms depending on different legal systems: direct testimony, business documents and correspondence, CCTV footage, intercepted telephone conversations, server logs, etc. In general, the legal analysis of a dispute consists of two elements: the court (investigator, judge, jury, regulator) must first consider competing versions of events and form a factual part (conclusions), which is then analyzed in accordance with the applicable law. The person filing the claim bears the burden of proof with respect to the elements determining his right to claim. And then the defendant bears the burden of proof of the affirmative defense. It consists of the defendant providing a set of facts that differ from the accuser's assertions. Therefore, if accepted, they can contribute to the reduction or complete exclusion of the defendant's liability.
The applicable standard of proof, i.e. the degree of certainty that the court must achieve in order to reach a decision, depends on the issue at hand. A non-exhaustive list of the various standards of proof used in various legal contexts around the world is provided below:
1) Beyond a reasonable doubt: irrefutable evidence in which no other reasonable explanation exists for understanding the evidence;
2) Clear and convincing evidence: sufficiently high confidence in the evidence ;
3) Preponderance of evidence, balance of probabilities: confidence in the evidence is greater than 50%;
4) Probable cause: evidence that the subject of the investigation has committed a crime is not yet conclusive. This standard of proof is used to justify obtaining a search warrant (an investigator's order to search or seize documents and information carriers) or an arrest warrant;
5) Reasonable suspicion: justification for police to check documents, justification for monitoring internet communications.
3.1.5. A more holistic approach to legal risk analysis
Legal risk analysis should not only be based on the application of legal norms on the basis of established rules; a number of other factors should be taken into account. For example, if Alice has the opportunity to initiate a lawsuit against Bob, then the cost estimate of Bob's legal risk if Alice initiates and wins the lawsuit will depend on:
1) Alice's ability to prove Bob's liability using admissible evidence, adjusted for Bob's ability to refute such evidence;
2) Bob's ability to prove an affirmative defense using admissible evidence that can reduce or eliminate Bob's liability, adjusted for Alice's ability to refute such evidence;
3) The total cost of Bob's expenses (costs) if Alice wins the case;
4) A number of additional factors, such as Alice's willingness and ability to litigate with Bob, Bob's willingness and ability to defend himself, Alice's ability to enforce enforcement actions against Bob and his assets, and the legal costs associated with the costs (expenses) of litigating the case and its legal support.
.png)
