2024-03-25 16:21:30
The Committee on State Organization and Legislation of the Russian State Duma (the lower house of the Russian Parliament) has recommended to the legislative body to adopt at first reading a bill that will legalize the activities of so-called “white” hackers on the territory of the Russian Federation, reported TASS. The agency specifies that the document was submitted to the State Duma in December last year by a group of deputies headed by Anton Nemkin, a member of the information policy committee of this chamber.
“White” hackers, also called “white hat” hackers, are cyber security experts who use their skills to find vulnerabilities in organizational networks (servers) and computer systems in order to protect them from breach and information extraction.
According to the proposal, amendments are foreseen in an article of the Civil Code of the Russian Federation, which regulates the rights of users of computer programs and databases. The amendment states that a user with rights to a copy of the relevant computer program may, without the permission of the author of the program and without additional payment, study, research and test its operation in order to discover possible defects, the elimination of which would make its use safe . The draft law provides that the person in question can commission third parties to carry out the mentioned activities.
At the same time, it is clarified that the study, research or testing of the program can only be carried out in relation to copies of computer programs or databases installed in the technical means in the name of the user. In addition, it is noted that information about defects identified by the user cannot be transferred to third parties, except for the copyright holder of the relevant program.
The draft law also specifies that when defects are identified, the removal of which will make the use of the relevant computer program safe, they must be reported to the copyright holder of the program within five working days.
According to the regulations currently in force, a user who legally owns a copy of a computer program may, without the author’s permission and without payment, only perform actions necessary for the operation of that program, as well as make a copy of the program, but only on the condition that this copy is intended only for backup (database accumulation).
As noted by the lawmakers who introduced the amendments to test the security of Russian companies’ systems these days, “white hat” hackers must obtain a number of permissions from the copyright holder of any program that is part of the information system being tested.
“Security testing without such permissions may lead to copyright infringement, and accordingly, copyright holders are entitled to claim damages in the amount of ten thousand rubles to five million rubles, or twice the price of the right to use the relevant program”, says the explanatory note to the bill, quoted by TASS.
In its new form, the article in question of the Civil Code would allow “vulnerability analysis with a preventive purpose in any form without the permission of the copyright holders of the relevant program”, the authors of the initiative, cited by BTA, state.