MOSCOW, March 25 The State Duma Committee on State Construction recommended that the Duma adopt in the first reading a bill aimed at legalizing the activities of “white” hackers in Russia.
The authors of the bill — representatives of the Digital Russia party project Anton Nemkin, Gennady Panin, Igor Markov and the State Duma Committee on Information Policy Vyacheslav Petrov and Anton Tkachev — propose to make a number of amendments to Article 1280 of Part Four of the Civil Code of the Russian Federation.
As the authors of the project explained, today, in order to test the security of systems of Russian companies, “white hat” hackers need to obtain a large number of permissions from the copyright holder of each program that is part of the information system. Performing testing without such permissions may result in copyright infringement. In this case, “white hat” hackers may be required to pay compensation in the amount of 10 thousand rubles to 5 million rubles, or twice the cost of the right to use the corresponding program.
Based on this, the bill provides for the possibility of studying, researching or testing the functioning of programs by a person who legally owns a copy of a computer program or a copy of a database, in order to identify its vulnerabilities in order to correct obvious errors, noted authors of the initiative.
According to the bill, “white hat” hackers must inform the copyright holder about identified vulnerabilities within five working days from the date of their discovery, except in cases where it was not possible to establish his location, place of residence or address for correspondence.
The adoption of the bill will allow vulnerability analysis in any form, without permission from the copyright holders of the relevant program, including copyright holders of infrastructure and borrowed components, the documents note.
First Deputy Chairman of the Committee on Regional Policy and Local Self-Government, coordinator of the Digital Russia party project in the Moscow region, Gennady Panin also noted that if, according to current legislation, it is possible to test a program only to ensure general performance and adaptation to their application needs, then the amendments help to focus on ensuring information security.
The project provides the right to make edits without permission from the copyright holder of the relevant program, including copyright holders of infrastructure and borrowed components and without remuneration to him. That is, having legally owned the program, the user will not only be able to customize the product, but also investigate from the security side — test how vulnerable it is, and make the required changes.