Posted 12 июня 2020,, 22:57

Published 12 июня 2020,, 22:57

Modified 24 декабря 2022,, 22:37

Updated 24 декабря 2022,, 22:37

Dmitry Zhuravlev - on digitalization: “Any register will be stolen, any database will leak out...”

Dmitry Zhuravlev - on digitalization: “Any register will be stolen, any database will leak out...”

12 июня 2020, 22:57
To provide a citizen with majority of public state services, there is no need to know who he is - it's necessary just to know his properties or empowerments. Alas, the global trend is obvious: civilization is moving “not into anonymity”, but into “complete biometrics” and “binding human rights to its carcass tightly”.

These are the words of Dmitry Zhuravlev, a former adviser to the Minister of Communications of the Russian Federation, the general director of the company FH Labs, which for the past 15 years has been creating and merging databases of individuals, both on the Russian and world markets. Among Zhuravlev’s clients are Rosgosstrakh, VTB, Sberbank, Rostelecom, Samsung, Microsoft, etc.

As a top expert on this topic, the businessman commented on the YouTube channel “The Magic of the Reality” about the creation of a unified register of information about citizens in our country, and also described the new “transparent” society that is now being formed before our eyes.

It 's time to understand and accept: we no longer have the option of keeping house books written in feathers on parchment. We will never return there.

One must be realistic, the world is changing. Transaction costs are reduced, speeds are increased ... We ourselves, as citizens, want everything to happen very quickly as soon as we want something.

And at the same time we want, ideally, there was no information about us that could attract intruders.

Well, for example, as an option, so that this certain unified register is stored only in the depths of the FSB, and would not be accessible to anyone, only by court order. And that judicial powers were limited to access to one record in the same case. That is, that it was such a completely protected thing.

... But it becomes clear that for any convenience you have to pay, sooner or later. And you are not asked when exactly to pay and what exactly, it is sometimes unknown in advance.

And if some reckoning is still “OK” for us, then, it turns out, we are not ready for anything else. We did not subscribe to this.

In my opinion, it would be right for citizens to have an electronic signature, depersonalized, for example, directly on the SIM card. So that only by a court decision, somewhere in the bowels of the FSB, it would be possible to open and see that this key belongs to this individual.

And this EDS - an electronic digital signature - would not be attached to you, you can create at least 20 such signatures yourself.

In this case, the state acts as the master of the digital signature - it issues you the authority to drive a car, for example. But they are not assigned to a citizen, namely, EDS. And if you got sick, had an accident and ran away, then they will watch what your name is.

And so - why should the traffic cop know your name? He just needs to know that you can drive a vehicle.

I am for everyone to be anonymous for each other, even when contacting government officials for public services.

That is, with such a system, the official would not know what the person’s name is, and the person himself would not know what the official’s name is. Well, thank God! I would like to live in such a world.

But only the citizens themselves can lobby this idea, since there are no other people interested in this, there is no business in this.

Only about two dozen attempts to create a unified population register in Russia are known to me. These attempts were made every year, starting with the Electronic Russia program, which was developed almost 20 years ago.

Some of these projects, in fact, in one form or another have even been implemented, they simply remained such an endemic species.

For example, it is clear that the register of citizens is in the GAS “Vybory” system. Who would doubt that somehow we need to vote.

By the way, at the time when I was working in the Ministry of Communications, between our colleagues, for a single register of citizens there were names: “Tsar-base of all Russia” and “EBANAS” - (these are the capital letters in Russian) - the United Population Base. It is clear that this was intended for conversations in the smoking room and did not appear in any official documents.

So, in our country such attempts were constantly made, some of them ended with something - basically, turning into a departmental database, and some did not succeed.

In particular, on the basis of the Pension Fund there is a base for accounting SNISLS, it is also, in a sense, the population register. The Federal Tax Service keeps track of TIN. There is ESIA - A unified system of identification and authentication, which is used for logins and passwords on the portal of public services. Etc.

Some of these bases are integrated, some carry out cross-checks: who you have and who you have.

In business, this happens all the time. Big business conducts this in accordance with Federal Law 152 on personal data. Second-tier business is not very consistent. Well, all the rest are in the black zone, as a rule.

According to Grimes law, the rate of data leakage is proportional to the time and square of the number of people allowed. The more people allowed - the "quadratically" faster this will happen. This formula implies that it will happen for sure, sooner or later.

Especially if the data is not of zero value to the market. That is: they steal any registry. Any base is leaking. This is 100%.

With a budget of several thousand rubles, today you can find out about the status of all bank accounts of any person, if he has accounts with top banks . It costs straight cheaply and is done in real time.

For this you need an amount of up to 10,000 rubles. These "services" are very easily searched on the Internet. I once thought it was some kind of “darknet,” but nothing of the kind. Payment is transferred almost from card to card, after which you receive a screenshot.

You can, of course, lay down layers of protection at the level of information systems, write down regulations, so that all this is difficult to do, so that the operator or an ordinary IT specialist couldn’t do it.

But the irony of fate is that there are business objectives. The more layers of protection, the more difficult it is for a business to work with this data.

Therefore, if access is easy to obtain, then some analyst is always working with a centralized database. If you need to do this through some squats, be sure that for the third time he will hesitate to get these accesses and even just for work purposes will save a copy to his desktop so as not to waste time once again.

And someday he will get this copy from his working computer, because it is clear that he is much less secure than any server.

You can remember a simple password, the password is more complicated - to write it down on a piece of paper, and if there are 32 characters at all, then usually they start a file, some kind of “passwords. txt ”, then to save and paste from there.

And then, the safest from a technical point of view, becomes the most unsafe socially.

Therefore, in terms of these levels of protection that can be put on information systems, there is a reasonable limit, and everything that exceeds this should be taken as a risk of leakage.

Because to do everything right, it turns out that this goal is unattainable.

What to do? Do not store everything in one place!

I consider the law on a single register of population information from three perspectives - a businessman, a former official and a citizen.

Actually, this law takes 40 pages, but in short, it’s about that. He empowers the Federal Tax Service to compile a single register of the population and obliges other state bodies to provide them with information. This is the first part.

The second part, the next stage: the law gives all government agencies the obligation to use this integrated information - as the main one. In general, that's all. This is the very essence of the law.

The information there is indicated by the most basic, but there are quite a lot of them.

Name, date of birth and death, gender and its changes, information on marital status.

This is all the information from the registry offices and the migration service, from the Ministry of Defense about military registration, from the PFRF and the Social Insurance Fund. From the Federal Tax Service - only connecting information, but not the transaction data itself. And also - data from ESIA.

So, right away, directly, there is no information about the collection of biometric data. At least no one is authorized to provide this information, no one has been obliged to tell about it.

ESIA, however, somehow there, deep down, could be connected with biometrics, there was such a project there, but frankly, I did not follow his fate.

The latest version of the law, which, in fact, was adopted, states that a decision of the government of the Russian Federation is required to expand the list of information.

And there, on so many issues on which I would like some kind of clarity, it is said that this will depend on the decision of the government.

What is absolutely certain is that I personally would like to remove data on minors by definition, this is unequivocal.

In defense of this law I can only say that it is better to have this law than not to have it. At least, this is at least some kind of regulation, without it it would be a gray zone in which everyone would do what they wanted.

And the federal executive bodies will not spend their time trying to make their own things.

But all this is not a plus. Because there are no pluses without minuses.

But this has moved to at least some conditionally public zone. And it became, if not controlled, partially observable.

As for the fears of the Orthodox part of the Russian population about this register. In my opinion, if a fair part of the country believes in something, then you will have to take this into account. If you want to or not, you have to check the laws for compliance with the standards of at least Christianity, Islam, Buddhism ...

As a technical specialist, I would do exactly the opposite: so that no number would be stored for more than a year.

So that you generate a new number for almost every call. So that just no one would have the understanding that it is you - the same person. And only somewhere, in the depths, there would be this correspondence of ID-ishniks.

In reality, to provide most public services, you don’t need to know who you are. You need to know only your credentials or properties.

For example, that this "some one" - and he has three children, and that he has not yet received benefits. And what is his name, where does he live - you do not need to have all this data.

But here we must also take into account the global trend, which, to my great regret, does not go into anonymity, but into complete biometrics and the binding of human rights to his carcass tightly.

I am strongly opposed to biometrics and tying rights to a physical carcass. I would like to be an exclusively informational object, so to speak, a “pure soul”.

Out of about 8 thousand state services, maybe there are only a few dozen that we provide to a particular physical body. Cross the border, serve in the army, sit in prison...

The requirements of 115 Federal Laws - about this is the counteraction to money laundering, in my opinion, are excessive. I would prefer that my bank does not know my name, where I live.

Sorry guys, until I get your loans, I want to be anonymous.

And then in secret to the whole world, it turns out. Because any operator can steal this data.

One may ask in this connection: what do you hide? Never mind!

Yes, just, damn it, I just do not go naked through the streets. This is just pleasant privacy.

And in the same way, I do not want to publish my correspondence anywhere. And what are you writing there? Never mind. It's just that it's my own business.

We are, of course, in this sense, dinosaurs. For the next generation, this topic does not care as much as it excites us ...

In general, I would like to note that today the rules of digital hygiene for everyone should be as follows: you should treat the phone and the computer as a passage yard.

Even if you yourself did not install anything - there are trojans, there are viruses. Most likely, you personally gave the rights to the history of all calls and movements to some piano tutorial, and you simply did not pay attention to it. And he is already a nth amount of time quietly knocking at you where you need to".