Criminal and Legal Aspects of Fighting Computer Crime
Date: March 04, 2004Source: Computer Crime Research Center
By:
As used here, destruction of information is its loss, when information in sphere of computers, systems and networks ceases to exist for individuals and legal entities that have full or limited property right to it. Termination of access to information should be considered as blocking of information. Such actions can be performed, for example, with the help of electromagnetic, laser and other effect on data carriers in which info is materialized or with the help of which it is transferred; by forming of signals of means and blocks of programs effecting information, its carriers and means of technical protection that causes violation of integrity of information, its distortion or destruction.
Distortion of information is a modification of its contents, violation of its integrity, including partial destruction. Establishing of a mode of access to information is regulated by the Article 28 of the Information Law of Ukraine. It defines the order of reception, use, distribution and retention of information. Depending on a mode of access, information is divided into open information and information with restricted access (confidential and secret). According to the Article 30 of the mentioned law, confidential information is data which is in ownership, use or order of separate individuals or legal entities and is distributed, at their will, according to the terms provided for by them.
Citizens and legal entities that own information of professional, business, industrial, commercial and other character, having obtained it due to own means, or such which is a subject of their professional, business, industrial, commercial and other interest and does not break secret provided for by law, have the right to define independently a mode of access to it, including its belonging to the confidential category, and establish a system (ways) of its protection.
There are some exceptions: information of commercial and bank character, and also information, legal regime of which is determined by the Verhovna Rada of Ukraine and by presentation of the Cabinet of Ministers of Ukraine (on questions of statistics, ecology, bank operations, taxes, etc.), and information, concealment of which is life and health threats to people.
Secret information is information containing data, making state and others secret defined by the law, disclosure of which cause damage to the person, society and the state.
We offer to understand the damage caused by criminal acts (direct and indirect losses) which size is equal or exceeds 100 minimal free incomes of citizen as heavy consequences.
The components of this crime are characterized by presence of the general subject. Commitment of such actions by the person which professional duties include preservation or processing of such information should be admitted as the attribute that burdens the responsibility.
Material components structure of the crime is chosen for developing of the first part of this norm. The structure establishes the necessity of criminal consequences approach, like distortion or destruction of computer information or carriers of such information.
The Article directly defines mental attitude of the person to own actions, therefore the guilt form of such person is intention only.
Unfortunately, the Article 361 of the Criminal Code does not adjust a situation when interference with operation of automated computers, systems or networks is performed owing to careless actions.
Thus, the significant amount of possible infringements and even actions which are really performed with intent, as it is hard to prove the intent of the computer criminal during investigation of circumstances of intervention (e.g. a person that usually uses e-mail in the Internet, probably not deliberately but also owing to carelessness, may distribute computer viruses).
Theft, assignment, extortion of computer information or its abstraction by swindle or official position abusing (referring to the Article 362) concerns only "computer" crimes. They make the majority among files of offences in sphere of computers, systems and networks.
The definition of “computer information”, introduced by the legislation, is very important. In our opinion, it is necessary to understand it as an aggregate of all identified and owned date, used in computers, systems and networks. The identified information is information fixed in the machine carrier with essential properties allowing to identify it.
The Article 363 of the Criminal Code of Ukraine establishes the responsibility for violation of operation rules of automated computers, systems and networks performed by the person responsible for their operation if it has entailed theft, distortion or destruction of computer information, means of its protection, illegal copying and essential infringement of operation of such computers, systems and networks.
This Article protects interests of the owner of automated computer systems, concerning their correct operation.
The given norm of the Criminal Code, naturally, does not contain concrete technical requirements. It refers to departmental instructions and the rules establishing the operating procedure and which should be set specially by the authorized person and be brought to users. Application of the specified Article to the Internet is impossible; its effect applies only to local networks of organizations.
An investigatory relation should be established between the fact of violation of operation rules of automated computers and the fact of caused essential harm. It should be completely proved, that consequences come exactly from violations of operation rules.
Determining of essential harm provided for by the Article 361 is an evaluating process. The harm is determined by court in each concrete case, in view of all circumstances, however it is obvious, that essential harm should be less significant, rather than essential consequences.
A criminal realizes that he is breaking operation rules; he foresees an opportunity and inevitability of illegal influence on information and causing essential harm or meaningly wishes causing such harm. Such action is punished by deprivation of the right to occupy certain positions or by engaging in certain work for the term up to five years or correctional work for the term up to two years.
Part 1 of the Article 363 of the Criminal Code is complicated for interpretation of the contents. Grammatical, logical and system structural analysis of all the Article allows to say that illegal copying of computer information and essential infringement of operation of automated computers, systems and networks are not forms of crime provided for by this Article, and make up only a set of possible consequences which can arise as a result of its commitment. Part 2 of the Article 363 has a blanket reference to described in the Part 1 illegal action.
One more feature of crime is provided for by the Article 363 of the Criminal Code. Only a special subject accounts for its commitment, it is the person responsible for operation of automated computers, systems and networks.
In summary it is necessary to note, that Articles 361, 362 and 363, providing for the criminal liability for crimes in sphere of computers, systems and networks in the Criminal Code of Ukraine still is not enough for efficient counteraction to these socially dangerous infringements. It is necessary to continue scientific research into problems of criminalization and decriminalization of illegal acts in sphere of use of computers, systems and networks, for creation and perfection of theoretical base of corresponding norms of the Criminal Code of Ukraine in view of the international experience of lawmaking in this field.
[1] D. Azarov, Actual Problems of Criminal Legal Counteraction to Computer Crimes.
[2] The Criminal Code of Ukraine (adopted by 7th session of the Verhovna Rada on April 5, 2001).
[3] V. Golubev, Computer Crime Investigation, Monograph, Zaporizhzhya: University of Humanities “ZIDMU”, 2003, p.52.
Add comment
Email to a Friend
