The State Duma Committee on State Construction has recommended the adoption of a bill in the first reading to legalize the activities of “white” hackers in Russia, as reported by RIA Novosti. The authors of this legislative initiative are representatives of the Digital Russia party project, including deputies Anton Nemkin, Gennady Panin, Igor Markov, Vyacheslav Petrov, and Anton Tkachev from the Duma Committee on Information Policy. The proposed amendments aim to modify Article 1280 of the Civil Code of the Russian Federation.
Currently, “white” hackers conducting system safety checks for Russian companies need permission from each program’s owners within the information system. Without such permits, testing may result in copyright violations, leading to financial penalties ranging from 10 thousand to 5 million rubles or double the program’s usage rights cost.
The bill seeks to allow individuals legally possessing a computer program or database copy to study, examine, or test the software to identify vulnerabilities and rectify evident errors, according to the initiative’s authors. Additionally, “white” hackers must report all vulnerabilities discovered within five working days to the copyright holders unless it is impossible to contact them.
If approved, this initiative will enable vulnerability analysis in any form without the copyright holders’ permission for the relevant program, including infrastructure and borrowed component copyright holders, as outlined in the documents.
Gennady Panin, the first deputy chairman of regional policy and local government, and party coordinator for the “Digital Russia” project in the Moscow region, highlighted that current legislation permits program testing solely for general performance and user adaptability, with these amendments prioritizing information security.
The project empowers users to alter the relevant program without the copyright holder’s consent, including infrastructure and borrowed component copyright holders, without any compensation. Consequently, rightful program owners can not only customize the product but also assess its security vulnerabilities, make necessary modifications, and enhance its safety.