Computer Crime Research Center

Information technologies and organized crime

Date: November 05, 2003
Source: Computer Crime Research Center
By: Valeriy Cherkasov

Page 1 2 3 4 5 6 Next
... sphere is characterized by wide copyright and related software right infringements (especially in Russia). Professional hackers are drawn to break information systems of banks and corporations. Facts of commerce and “virus” espionage can be often encountered. There are many attempts to penetrate into databases of State bodies including automated voting systems. Confidential information is stolen (for example from NASA databases) (9). Many other crimes are committed by using information technologies. It can be concluded that the block of problems connected with IT is the most fundamental at the investigation of organized delinquency and corruption.

Taking into account the danger of crimes in the sphere of IT, world practice always improves laws, toughens punishments for such offences, and approves corresponding international agreements.

In 2001, Crime Committee that was created within the framework of Europe Council accepted a final version of the International agreement on fighting against cyber-crimes. The representatives of US Ministry of Law took part in the work of Committee as advisers (10).

ZD-Net informs that the agreement is submitted to Europe Council’s consideration. On June 29, its final text will be published on the special Council’s site. If the document is approved by this instance, high State bodies of countries represented in the Council will receive it. It is expected that in addition to 43 Europe countries the agreement will be signed up by the USA and states, which belong to the Europe Council as spectators: Mexico, Canada, Japan and Vatican.

Before accepting the final version, the Committee has considered 27 variants. All they anticipated that countries signed up the document would introduce locally some minimum of laws against such cyber-crimes as unauthorized access to computer networks, data interception, Internet fraud, child’s pornography and computer piracy.

Intermediate variants were exposed to the criticism because they had paid little attention to the protection of users’ confidentiality. It was also noted that most variants of the agreement provoked the state interference with citizens’ personal affairs.

The USA toughens the punishment for cyber-crimes. Reuters informed that the Law Committee of US Representative Chamber had approved the legislation on toughening punishments for computer crimes. At the same time, the law widens providers’ rights to having their users shadowed.

According to the current legislation, the court chooses the punishment for hackers, virus-writers and other computer hooligans depending on economic damage caused by their actions. As a result, most convicted persons get off with little fines and only a few have imprisonment, which is also small. For example, the author of Melissa virus, which caused $1.2 billion damage, was sentenced to 20-month imprisonment and $5000 penalty.

According to the new draft, other factors will be also taken into consideration. So, a hacker who broke the computer with important State information will be threatened with a more serious punishment than that that enjoys penetrating into his neighbors’ home computers.

As to providers, now they will be able to inform law enforcement agencies not only about incidents threatening persons’ life and health but also suspicious cases with less importance. At the same time, the new law abolishes regulations permitting to bring an action against violation of users’ privacy in such cases. Moreover, if the president signs this law, providers will be obliged to keep all electronic notes, in particular, e-correspondence of their clients at least for 90 days. Otherwise, they will be threatened with a serious fine. It is worth noting that an item assuring the compensation of costs on shadowing system introduction was excluded from the legislation (11).

However, it is not the end. America goes further. US Congress approved the draft on life imprisonment for breaking computer systems (12).

The Representative Chamber of US Congress has approved with overwhelming majority the draft on increasing computer security, which was earlier suggested by the President administration. Three hundred eighty-five congressional representatives voted for approving this draft whereas only three members – against. The bill was prepared in US President Administration before September acts of terrorism; the mournful events in New York and Washington speeded up the work on it and resulted in almost unanimous approval of the law in the Representative Chamber.

The draft provides for life imprisonment for breaking computer systems. It also widens the police officers’ rights to the interception of data. According to the bill, a tapping of telephone conversations and intercepting of electronic messages can be carried out without the court’s approval. When accepted in the Representative Chamber, the draft will be submitted to US Senate’s consideration. Most probably, this stage will have no difficulties.

The analogous process of threatening punishments takes place in Argentina (13), China (where the death penalty is provided for those crimes) (14), Malaysia (life imprisonment) (15), and Australia (up to ten years imprisonment) and in other countries. Great Britain’s “Law of terrorism – 2000” has a definition of “terrorism” first embracing the cyber-space (16). How do our matters stand? Is the problem of punishing for those crimes resolved by Russia’s Criminal Code? (17)

The reservation should be made (this question is not new) that Russian laws successfully regulate information relations. The new branch of law – information law – appeared and is effectively developed. Up to now, more than ten special federal laws were accepted and are currently acting. These laws include those of information, informatization and protection of information, participation in the international information exchange, State secrecy, obligatory copying of documents, complex of normative acts on archives and archive reserves, mass media and so on.

In our opinion, the serious problem remains to be criminalization of actions connected with computer technologies. The introduction of Chapter 28 into Russian Federation’s Criminal Code – Crimes in the sphere of computer information – does not solve the problem. It only seems to be resolved. This chapter is excessively imperfect (this matter will get more detailed examination below), but what is important that it deals with crimes committed in respect of computers and computer information but not offences committed by using them.

It should be noted that just such an approach was formed from the very outset of Russian lawmakers’ activities in this sphere. Since 1991 the criminal and legal regulation in the sphere of computer information has started in our country. In December 1991, the draft of the Russian Federation law “Responsibility for delinquencies at work with information” (18) was submitted to consideration. It supposed introducing the whole set of new corpus delict connected with computer information. The standpoint stated in the draft was approved. Part 5 of the Russian Federation (RF) Supreme Soviet Decree “Legal protection of programs for computing technique and databases” runs: “Till October 1, 1992 RF Government should submit to RF Supreme Soviet’s consideration in the established order drafts of RF laws of introducing changes and amendments into RF Civil Code, RF Criminal Code and other corresponding legislative acts”(19). This step proved the necessity of criminal and legal regulation of legal relations connected with information.

Works carried out in this direction brought to that in 1994 the draft of introducing supplements into RF Criminal Code, which provided for the following corpus delict:

- Illegal possession of programs for computers, files with databases;

- Falsification and destruction of information in the automated system;

- Illegal penetration into automated information system (AIS) by illegally obtaining password-key data, violation of access or by-pass of information protecting mechanism in order to copy, change or destroy it in an unauthorized manner;

- Insertion or spreading of “computer viruses”;

- Violation of rules providing security of AIS (20).

The same point of view was held by authors of other projects – author collective of the State and Legal Administration at the RF President and author collective of the State Chamber of Deputies (members of Law and Legal Reform Committee and Board of Security). The responsiveness of all author collectives resulted in that the RF Criminal Code draft published in the Russian newspaper in February 1996 had Chapter 26 “Computer crimes” that first in the history of the Russian law suggested establishing criminal liability for five kinds of delinquent actions:

- Unauthorized penetration into automated computer system (Article 271);

- Illegal possession of programs for computers, files or databases (272);

- Unauthorized modification, damage and destruction of databases or programs for computers (273);

- Insertion or distribution of virus programs for computing technique (274);

- Violation of rules providing security of the information system (275) (21).

That is, from the very outset it was a matter of delinquencies having information systems and information itself as their object.

After discussion the final...
Page 1 2 3 4 5 6 Next


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo