Data leakage can be put on rails
Your data is our wealth
A person generally doesn’t have much personal data, even taking into account biometrics. But the channels through which they can spread and, in a negative scenario, flow away are a dime a dozen. In the context of digitalization of not only the economy, but also the social sphere, the issue of protecting citizens’ personal data is especially acute.
It is no coincidence that even President Putin had to speak out about this not so long ago, who emphasized that “we are all talking, and not only talking, but taking energetic steps to digitalize our economy, social sphere and life in general. In this regard, of course, the issue of personal data protection is especially relevant.”
Thus, at a meeting with the head of Roskomnadzor Andrei Lipov, the head of state asked his interlocutor to begin his report with this topic. At the end of 2023, Russian President Vladimir Putin signed a law significantly increasing fines to protect the personal data of citizens collected by organizations.
The document concerns the collection of biometrics and other personal information from citizens. Thus, violations when working with biometric data will entail the imposition of an administrative fine on officials in the amount of 100 thousand to 300 thousand rubles, on legal entities - from 500 thousand to 1 million rubles.
Penalties for processing them without the written consent of citizens have also been tightened (Article 13.11 of the Administrative Code). Fines will be levied: for citizens - from 10 thousand to 15 thousand rubles, for officials - from 100 thousand to 300 thousand rubles, for legal entities - from 300 thousand to 700 thousand rubles. If the violation is committed repeatedly: for citizens - 30 thousand rubles, for officials - 500 thousand rubles, for companies - up to 1,5 million rubles.
"Iron" bonus
But, apparently, these amounts do not scare everyone. For example, the staff of the Federal Passenger Company (JSC FPC), currently a subsidiary of Russian Railways OJSC, engaged in long-distance passenger transportation, recently received information about another innovation in the well-promoted Russian Railways Bonus loyalty program ( hereinafter referred to as the program).
JSC FPC began preparing open competitive procedures for selecting a platform that provides verification services for documents, selfies and certificates provided by participants in this program. The editors have at their disposal a form letter to potential executors of this order. This is what is required from the verification platform:
1. Scanning and document recognition with translation into text format.
2. Using a document authentication service (SNILS, Russian passport, etc.).
3. Scanning for digital interference in the submitted document.
4. Verification of selfie pictures for a match between the photo in the document and the face in the photo itself.
5. Recognition of student cards and certificates of study.
The platform on which it is planned to verify and recognize personal data and perform face matching can be provided in the form of a cloud service to which the data is sent. Note, perhaps, by the citizens themselves. And on this platform, these operations can be performed by people who work outside the generally closed circuit of Russian Railways.
That is, instead of Russian Railways employees, this work will be done by people on the platform. It turns out that, let’s say, anyone from the outside is allowed to access the unique database. If only he had access to the platform, although so far there is not even a clear technical specification for this.
It’s interesting that in practice, such crowdsourcing platforms already exist and work well – examples include recognition services with verifiers in the cloud from Beorg and Dbrain. Apparently, a large customer is simply looking for the cheapest way to carry out such verification.
Let’s make a reservation right away: it’s probably still too early to talk about malicious intent or sabotage. But at least the issue of negligence can already be raised. The fact is that participants in this platform will be almost all categories of citizens: families, pensioners, public sector employees and students. What is the demand for all of them? We are talking about millions of citizens.
In addition to civilians, the Russian Railways bonus program list will include SVO participants and members of their families. Their data is of particular value in the current situation, as it can be used for fraud, threats and even terrorist activities by TsIPSO and other interested services of unfriendly countries.
Need I explain that any data transfer carries the risk of information leakage? First Deputy Chairman of the Duma Defense Committee Alexey Zhuravlev is convinced:
“So, at one time, the Ukrainian authorities were happy to report that they managed to obtain up to 100 terabytes of information, so now it will be much easier to identify those who in new regions advocate unity with Russia. The protection of this information, of course, needs to be given more time and attention, and penalties for violations in this area must be toughened, which, in fact, is what we are doing.”
Tell me who are you?
It is unlikely that anyone today will be able to confidently say what really stands behind the desire of the Russian Railways subsidiary to develop a bonus program - self-interest, negligence or sabotage?
For the sake of completeness of information, all that remains is to provide official data about the company, which is ready today to offer the general public such a digital freedom, and not the notorious concentration camp.
So, in 2006, as part of the implementation of the Structural Reform Program in Railway Transport, approved by Decree of the Government of the Russian Federation of May 18, 2001 No. 384, a specialized branch of JSC Russian Railways was created for the organization and management of long-distance passenger rail transportation - the Federal Passenger directorate.
In December 2009, on the basis of the property of the Federal Passenger Directorate, a branch of JSC Russian Railways, an open joint-stock company, Federal Passenger Company, was established. A specialized property complex was added to the authorized capital of JSC FPC, and personnel providing long-distance passenger rail transportation were also transferred.
On April 1, 2010, JSC FPC began independent activities as a carrier. The company is a subject of a natural monopoly: by order of the Federal Tariff Service of Russia dated May 27, 2010 No. 190-JSC FPC was included in the register of subjects of natural monopolies in transport in the provision of railway transportation services.
Finally, direct quotes from the company data:
“The activities of JSC FPC in the market of transport services for the carriage of passengers are subject to state regulation in accordance with Federal Law dated August 17, 1995 No. 147-FZ (as amended on December 30, 2012) “On Natural Monopolies.”
On November 20, 2014, MIFNS of Russia No. 46 for Moscow issued documents on state registration of changing the name of the open joint-stock company “Federal Passenger Company” (JSC FPK) to the joint-stock company “Federal Passenger Company” (JSC FPK).”
Information