Information technologies and organized crime
The research of criminal situation and study of its peculiarities and tendencies in 21 century is impossible without scientific and technical phenomenon as a general use of information technologies (IT).
There are three aspects of the given problem: information technologies used by law enforcement bodies in fighting against crimes^; scientific and technical progress applied by criminals, criminal groups and communities^; lawful control over processes connected with criminal use of computer technologies.
Let us consider them more narrowly.
1. IT is a means of fighting against crimes
The “traditional” way of using IT in law enforcement agencies and special services is a producing of various electronic card-files, databases, automated data banks, information and search systems of regional, national and international level (Interpol and other international police organizations, in particular). This approach has been literally realized since the first days of computer emergence and gives a definite positive effect, but does not exhaust resources of up-to-day information technologies.
The fact is that new information technologies allow dynamically tracing the activity of delinquent communities at the fundamentally new level. In our opinion, considerably interesting is the US special service experience in developing and using “Oasis” (CIA) and “Magic Lantern” (FBI) systems, which permit not only controlling criminal communities? exchange of information but also “breaking” computers of suspected persons, incorporating “Trojans” (program viruses that allow following information in the given computer), and so on.
Thus, Office of Advanced Information Technology (AIT), which belongs to CIA Science and Technology Administration, uses “Oasis” to convert television and radio broadcastings to the text. This program allows recognizing speech and voices of different men and women. There are such remarks as “Man 1”, “Woman 1”, and «Man 2” and so on in the final text. If the computer has once identified a voice, further it will know and mark it in a proper way. In addition, “Oasis” searches “dangerous” words (for example “terrorism”, “bomb”) and their synonyms in the text. “Oasis” technology processes only the English speech but Arabic and Chinese will be soon supported.
“Fluent” technology searches information in documents written in several foreign languages, the knowledge of these languages being not obligatory. A user can enter for example the expression “nuclear weapons” into the search field and tick off languages, which are required to explore. The system will find documents with requested words and translate them into English.
Now “Fluent” system can translate from Chinese, Korean, Portuguese, Russian and Ukrainian. If the document is considered “useful” for further revision, a person makes a more exact translation.
FBI officers can read codified information from computers by means of “Magic Lantern”. So far, FBI had only “Carnivore” program, which appeared to be powerless against those criminals who were quick-witted to encipher their files.
“Magic Lantern” software installs computer program, which registers all keystrokes thereby establishing information entered into the computer even when codified.
“Magic Lantern” program sends viruses to the suspected person through e-mail. When impossible, it can be carried out on behalf of his relative or good friend. “Magic Lantern” uses also known holes in the spread software to be introduced into the computer.
It is not quite clear how “Magic Lantern” will send collected information back to FBI – through Internet or FBI officer will come and take it from the computer personally. In any case, the current “Key Logger System” requires an officer’s personal visit.
FBI declares that a using of “Magic Lantern” will conform to all constitutional norms and will not violate the right to private life and commerce secrets. This statement raises some doubts but it is another problem.
Scotland Yard suggested an interesting approach to using Information Technologies against crimes. It will send e-mail to London inhabitants with a detailed description of criminals operating in their district. Thus, the police want to protect London residents from pickpockets, burglars and hijackers. Now this system passes a test in one of London districts where 40 thousand people live. If it justifies hopes, such messages will be sent to the inhabitants of other London districts.
Scotland Yard counts on that this project, which costs just two thousand pounds, will drastically change the criminal situation in the city. In police officers’ opinion, townspeople will receive information on criminals through e-mail more quickly than newspapers or street posters.
As to computer networks and databases of law enforcement agencies themselves, it should be noted that it is necessary not to forget improving the security of proper information (4) because criminal communities possess modern hardware and sometimes recruit highly skilled hackers.
2. Information technology is a crime instrument
The first problem consists in that up-to-date technologies stimulated not only a free trade and economic activity but also delinquent one. Modernization and integration of various means of communication and telecommunication made it easy to establish contacts between criminal groups and communities from many countries and continents. Modern banking business, which widely uses different means of computing technique and new information technologies, favors closing international delinquent transactions. The revolution in the field of electronics gave criminal groups an access to the new technical means, which allow them to misappropriate huge funds, avoid taxation and launder great revenues obtained in a delinquent way.
The second problem is “a computer criminality” itself, the youngest and the most dynamically developing sphere of criminal activity.
According to the Computer Security Institute, in 2002 about 90% US companies were exposed to computer attacks and approximately 80% of them suffered damages because of hackers’ activity.
In 2002, more than 80 thousand cases of illegal penetration into computer networks (hackers’ attacks, attempts of stealing information and etc.) were fixed in the world. Their number was abruptly increased in comparison with 2001 when about 58 thousand such violations were registered (hardly more than 20 thousand in 2000). Deliberate criminals more often aim at US networks. In 2002, nearly 27 thousand computer attacks were fixed. British computer networks were exposed to less than 5 thousand attacks, German ones – about 4.6 thousand.
Members of organized delinquent communities – «mafia hackers», commit roughly 10% computer attacks. FBI experts think that the most active are “gangsters” from the former USSR and East Europe countries (15).
The single aim of these hackers is to win profits. Therefore, their targets are banks, financial and trade companies. Terrorists also use services of mafia hackers. For example, the terrorist organization “Republican Army of Ireland” (RAI) formed special groups from hackers-sympathizers, who stole money for RAI and collected information for future acts of terrorism.
There are some suspicions that special services and terrorist organizations sometimes use hackers to find weak places in computer systems of other countries. For example, in 2001, Chinese hackers fiercely attacked scores of American sites including those of US Defense Ministry.
There are many analytical materials of such a kind. For example, according to American Society for Industrial Security and Price Waterhouse Coopers Company, just in 1999 (6), corporations belonging to Fortune Top-1000 lost $45 billion because of information thefts. Increasingly vulnerable becomes the system of cashless settlements. Accounts of more than 5 million Visa and MasterCard holders in the USA have been broken recently owing to the hackers’ attack on the center processing payments of trade organizations (7).
Some analysts think that cyber-terrorists threaten the USA’s economy as a whole (8). Ronald L.Dick, a new director of US National Infrastructure Protecting Center (NIPC), stated that on-line terrorism and other kinds of cyber-crimes could negatively influence the USA’s economy if federal agencies and corporations will work more closely in this direction.
Mr. Dick said that many parts of the country with “critical infrastructure” including power stations, offices of federal organizations and vital centers of computer systems can be exposed to attacks on the part of anybody – from the representatives of nations-outcasts to offended company officials. In his speech to colleagues who are former FBI and US Defense Ministry officers, Mr. Dick said that just now about 1400 cases of crimes in computer networks were investigated and their number constantly increased, on average up to 50 computer viruses with different destructive forces emerging every week.
It is clear that “criminal resources” of Information Technologies are not exhausted with what has been mentioned. This sphere is characterized by wide copyright and related software right infringements (especially in Russia). Professional hackers are drawn to break information systems of banks and corporations. Facts of commerce and “virus” espionage can be often encountered. There are many attempts to penetrate into databases of State bodies including automated voting systems. Confidential information is stolen (for example from NASA databases) (9). Many other crimes are committed by using information technologies. It can be concluded that the block of problems connected with IT is the most fundamental at the investigation of organized delinquency and corruption.
IT and law
Taking into account the danger of crimes in the sphere of IT, world practice always improves laws, toughens punishments for such offences, and approves corresponding international agreements.
In 2001, Crime Committee that was created within the framework of Europe Council accepted a final version of the International agreement on fighting against cyber-crimes. The representatives of US Ministry of Law took part in the work of Committee as advisers (10).
ZD-Net informs that the agreement is submitted to Europe Council’s consideration. On June 29, its final text will be published on the special Council’s site. If the document is approved by this instance, high State bodies of countries represented in the Council will receive it. It is expected that in addition to 43 Europe countries the agreement will be signed up by the USA and states, which belong to the Europe Council as spectators: Mexico, Canada, Japan and Vatican.
Before accepting the final version, the Committee has considered 27 variants. All they anticipated that countries signed up the document would introduce locally some minimum of laws against such cyber-crimes as unauthorized access to computer networks, data interception, Internet fraud, child’s pornography and computer piracy.
Intermediate variants were exposed to the criticism because they had paid little attention to the protection of users’ confidentiality. It was also noted that most variants of the agreement provoked the state interference with citizens’ personal affairs.
The USA toughens the punishment for cyber-crimes. Reuters informed that the Law Committee of US Representative Chamber had approved the legislation on toughening punishments for computer crimes. At the same time, the law widens providers’ rights to having their users shadowed.
According to the current legislation, the court chooses the punishment for hackers, virus-writers and other computer hooligans depending on economic damage caused by their actions. As a result, most convicted persons get off with little fines and only a few have imprisonment, which is also small. For example, the author of Melissa virus, which caused $1.2 billion damage, was sentenced to 20-month imprisonment and $5000 penalty.
According to the new draft, other factors will be also taken into consideration. So, a hacker who broke the computer with important State information will be threatened with a more serious punishment than that that enjoys penetrating into his neighbors’ home computers.
As to providers, now they will be able to inform law enforcement agencies not only about incidents threatening persons’ life and health but also suspicious cases with less importance. At the same time, the new law abolishes regulations permitting to bring an action against violation of users’ privacy in such cases. Moreover, if the president signs this law, providers will be obliged to keep all electronic notes, in particular, e-correspondence of their clients at least for 90 days. Otherwise, they will be threatened with a serious fine. It is worth noting that an item assuring the compensation of costs on shadowing system introduction was excluded from the legislation (11).
However, it is not the end. America goes further. US Congress approved the draft on life imprisonment for breaking computer systems (12).
The Representative Chamber of US Congress has approved with overwhelming majority the draft on increasing computer security, which was earlier suggested by the President administration. Three hundred eighty-five congressional representatives voted for approving this draft whereas only three members – against. The bill was prepared in US President Administration before September acts of terrorism^; the mournful events in New York and Washington speeded up the work on it and resulted in almost unanimous approval of the law in the Representative Chamber.
The draft provides for life imprisonment for breaking computer systems. It also widens the police officers’ rights to the interception of data. According to the bill, a tapping of telephone conversations and intercepting of electronic messages can be carried out without the court’s approval. When accepted in the Representative Chamber, the draft will be submitted to US Senate’s consideration. Most probably, this stage will have no difficulties.
The analogous process of threatening punishments takes place in Argentina (13), China (where the death penalty is provided for those crimes) (14), Malaysia (life imprisonment) (15), and Australia (up to ten years imprisonment) and in other countries. Great Britain’s “Law of terrorism – 2000” has a definition of “terrorism” first embracing the cyber-space (16). How do our matters stand? Is the problem of punishing for those crimes resolved by Russia’s Criminal Code? (17)
The reservation should be made (this question is not new) that Russian laws successfully regulate information relations. The new branch of law – information law – appeared and is effectively developed. Up to now, more than ten special federal laws were accepted and are currently acting. These laws include those of information, informatization and protection of information, participation in the international information exchange, State secrecy, obligatory copying of documents, complex of normative acts on archives and archive reserves, mass media and so on.
In our opinion, the serious problem remains to be criminalization of actions connected with computer technologies. The introduction of Chapter 28 into Russian Federation’s Criminal Code – Crimes in the sphere of computer information – does not solve the problem. It only seems to be resolved. This chapter is excessively imperfect (this matter will get more detailed examination below), but what is important that it deals with crimes committed in respect of computers and computer information but not offences committed by using them.
It should be noted that just such an approach was formed from the very outset of Russian lawmakers’ activities in this sphere. Since 1991 the criminal and legal regulation in the sphere of computer information has started in our country. In December 1991, the draft of the Russian Federation law “Responsibility for delinquencies at work with information” (18) was submitted to consideration. It supposed introducing the whole set of new corpus delict connected with computer information. The standpoint stated in the draft was approved. Part 5 of the Russian Federation (RF) Supreme Soviet Decree “Legal protection of programs for computing technique and databases” runs: “Till October 1, 1992 RF Government should submit to RF Supreme Soviet’s consideration in the established order drafts of RF laws of introducing changes and amendments into RF Civil Code, RF Criminal Code and other corresponding legislative acts”(19). This step proved the necessity of criminal and legal regulation of legal relations connected with information.
Works carried out in this direction brought to that in 1994 the draft of introducing supplements into RF Criminal Code, which provided for the following corpus delict:
- Illegal possession of programs for computers, files with databases^;
- Falsification and destruction of information in the automated system^;
- Illegal penetration into automated information system (AIS) by illegally obtaining password-key data, violation of access or by-pass of information protecting mechanism in order to copy, change or destroy it in an unauthorized manner^;
- Insertion or spreading of “computer viruses”^;
- Violation of rules providing security of AIS (20).
The same point of view was held by authors of other projects – author collective of the State and Legal Administration at the RF President and author collective of the State Chamber of Deputies (members of Law and Legal Reform Committee and Board of Security). The responsiveness of all author collectives resulted in that the RF Criminal Code draft published in the Russian newspaper in February 1996 had Chapter 26 “Computer crimes” that first in the history of the Russian law suggested establishing criminal liability for five kinds of delinquent actions:
- Unauthorized penetration into automated computer system (Article 271)^;
- Illegal possession of programs for computers, files or databases (272)^;
- Unauthorized modification, damage and destruction of databases or programs for computers (273)^;
- Insertion or distribution of virus programs for computing technique (274)^;
- Violation of rules providing security of the information system (275) (21).
That is, from the very outset it was a matter of delinquencies having information systems and information itself as their object.
After discussion the final version of the new RF Criminal Code draft had only three articles combined into Chapter 28 “Crimes in the sphere of computer information”: Article 272”Unauthorized access to computer information”^; Article 273 “Production, use and spreading of virus programs for computing technique”^; Article 274 “Violation of maintaining computers, computer systems or their networks”.
Because of their specific nature and high social danger computer crimes practically from the moment of their emergence were analyzed by criminologists, criminalogists and computer experts from various standpoints. However, there are no common views on such crimes up to now.
Conditionally experts’ opinions can be divided into three groups:
1. Computer crimes are an independent kind of delinquent activities that represents self-dependent corpus delict.
2. Computer crimes are not an independent kind of criminal activities^; they should be viewed as a qualificatory characteristic of usual, “traditional crimes”, computers being an object of crimes, crime instrument, means of plotting crimes or environment of crime commitment.
3. Computer crimes are any encroachments upon people’s connections and relations by means of computing technique.
The reservation should be made that the third approach is excessively broad and we cannot support it.
The first one is quite evident, understandable to all and just because of that widely used in the world practice. The most striking example of new legislative acts of such a kind is the British “Law of terrorism” from 2000. According to it, actions that “break seriously the operation of any electronic system or disturb gravely its work” are considered as acts of terrorism (22). US law of antiterrorism known as “Act 2001” and accepted by Congress in six weeks after terrorist attacks on New York and Washington appears to be the same. Here Congress introduced fresh concepts that broaden the interpretation of “terrorism”. There appeared a new legislative concept of “cyber-terrorism”, which possesses “different qualified forms of hacking and causing damage to protected computer networks of citizens, juridical persons and government departments, as well as that to computer systems, which are used by State offices to organize national defense or provide national security” (Article 84) (23).
How perspective is such an approach? In our opinion, it is extremely limited. If the indicated logic is followed, it is necessary to enter new corpus delict: cyber-fraud, cyber-calumny, cyber-espionage, cyber-forgery, cyber-carelessness, cyber-sabotage ant so on up to the infinity, more exactly, until the Criminal Code is exhausted.
We consider the second direction more expedient to correct Criminal Code without its critical review.
First, terms and concepts in Criminal Code articles are to be interpreted in concordance with up-to-date comprehension (from the standpoint of information technologies).
Secondly, qualificatory crime characteristics are to be widened in some cases by inserting into them a definition: “with the use of modern computer technologies” (when their usage evidently increases the danger of the concrete crime).
Recurring to above-mentioned examples of foreign legal activities, we suppose that it is not necessary to introduce into RF Criminal Code the same articles of “cyber-terrorism” (well-known case with Ingalisk power station, for instance). It suffices to add an item: “with the use of modern computer technologies” to CC Article 205 Part 2.
Without pretending to the analysis completeness, we want to consider briefly some articles from RF Criminal Code by using a supposed approach^; we will analyze those articles with sufficiently evident modifications and requiring no deep legal study.
Taking into consideration that the text of Criminal Code articles does not reveal concrete concepts and their interpretations, we will take Commentary to RF Criminal Code as an object of the supposed analysis. In spite of that Commentary – according to the most common standpoint – is not a source of law^; its content allows judging sufficiently firm and coordinated interpretations of main concepts and terms used in the articles of Criminal Code. (The consideration of different points of view stated in books and monographs is quite difficult because of opinions largely scattered).
The volume of work does not allow examining all existing comments to Criminal Code and the authors decided on Commentary edited by Y. Scouratov, which seems to be “typical” enough.
To begin with, it should be reminded that some main informatization concepts, which we are going to use, have been already introduced into the law field. Among them are:
1) Information (reports on persons, objects, facts, events, phenomena and processes independently of the form of producing them) – “Law of information, informatization and protection of information” (24)^;
2) Owner of information (keeper of information resources, information systems, technologies and means of maintaining them – a subject, who fully realizes authorities of possessing, using and disposing of the mentioned objects)^;
3) Owner of information, carrier of information – the same^;
4) Electronic document - “Law of electronic digital legend”^;
5) Information systems (the same).
The individual consideration should be given to the document concept, which takes the most common definition in the “Law of obligatory document copy”: “Document is a material object with information fixed as a text, sound recording or image, which is intended for transferring in space and time, storing and commonly using”. The «Law of informatization, “…defines this concept concretely: “documented information (document) is information fixed on the material carrier and having details, which allow identifying it”.
With the “Law of electronic digital legend” carried into effect, the electronic document becomes identical to the traditional one and can be used in all the cases requiring its standardized identification. It should be noted that the sequential interpretation of this term with reference to all documents mentioned by Criminal Code in itself requires a diverse reading of many articles allowing the different understanding of their content.
Further we will use the mentioned conceptual apparatus, one more remark being made. While examining the question of treating definitions and terms with reference to information law, its specific character should be taken into consideration. We cannot but agree with I.Bachilo as to that “particular for this branch of law is the priority of those or other sources depending on the specific character of information relation object, persons connected with the concrete law-relation and content of the latter”. At the same, time this author as well following traditions of jurisprudence puts standards in the last place among sources of information law. In our opinion, taking into account peculiarities of this field of law where technical (technological) component is the most important, standards have to play a special role in forming its conceptual apparatus. It should be reminded that the standard is a document developed on the base of consensus and approved by the authoritative body, containing universally and frequently used rules, general principles or characteristics as to different kinds of activity and its results, and which aims at achieving an optimal degree of regulation in the definite field. There is no need to prove that experts in different fields can more easily find mutual understanding at the use of terms approved by State standards. For example, if the text of any normative act, document, scientific article contains such a term as “carrier of information”, it is always to mean: “a physical person or material object including physical fields where information is represented as symbols, signals, technical solutions and processes”, if otherwise specified.
Let us start analyzing Criminal Code and above-mentioned Commentary with Chapter 28 of RF Criminal Code, which deals with crimes committed by using computer technologies.
Even on the face of it, evident contradictions in terms and meanings in Article 272 of Criminal Code arrest our attention. The exhaustive list of crimes resulted from unauthorized access does not include the most simple, extended and dangerous one – reading of information. In those cases, when it is a matter of governmental, commercial, banking, professional secrets, such an action can be a finished crime. In spite of the fact that the article is called “Illegal access to computer information”, it does not contain any sanctions for illegal access as such. According to it, criminal proceedings are instituted only when this access resulted in “destroying, blocking, modifying or copying information, disturbing the operation of computers, computer systems or their networks”. Hence, reading of information protected by law is not a crime. Meanwhile, it is quite evident that in many cases a criminal suffices to know any information: parameters of a new weapon or amount of money on the partner or competitor’s account.
Extremely unsuccessful is the use of “electronic computer” in the text. This term is applied as a full synonym of “computer”, it being not the same in the modern understanding (computer can be realized, in principle, by means of non-electronic technologies such as optic and fiber, laser, biotechnologies and others). It is quite difficult to understand the difference between electronic computer systems and their networks. Some qualificatory characteristics are not comprehensive. Therefore, in Part two a crime committed by “a person abusing his official position and having an access to electronic computers, electronic computer systems or their networks” can be referred to them. Any Internet user comes automatically under this definition!
Commentary to Article 272 of Criminal Code aggravates emerging problems rather than solves them. Modern computer technologies have essentially removed borders between machine carriers of information and “non-machine”. Information can be easily entered into the computer from either a sheet of paper or floppy. Different technical input devices are used for that purpose: scanner and drive.
According to Item 6 of studied Commentary to Article 272 of Criminal Code (by the way, the interpretation of the given concept and some others is the same in the comments of different authors), the destruction of information “by means of outer thermal, magnetic or mechanic influences on the machine carrier is not an objective side of this crime. It is not quite clear why the deletion of floppy data in the computer can be considered an objective side of the crime whereas magnetic influence upon the floppy – not. The result is absolutely the same, information being deleted by means of magnetic waves.
The treatment of “copying” is not clear as well. Commentary describes it as laying from the machine carrier on the adequate one. For example, Article 272 supposes not to consider photographing from the display screen to be the same. How then should photographing of the screen with digital camera be regarded? It allows obtaining a machine carrier itself.
The classification of electronic computer in Item 16 of Commentary as “compact and etc” is strange or at least outdated. Modern computer classes are characterized by memory capacity, speed of response and so on rather than size. In some works, computers are divided into domestic and professional. Such a definition seems to be quite logical but, in our opinion, strongly attached to the concrete stage of computing technique development: computers, which were super-professional five years ago, cannot be considered as domestic ones now.
In fact, the concept itself of computer is now very ambiguous. For example, how can the device with Sagem WA3050 terminal, which combines functions of pocket computer and GSM cell phone, recognizes hand-written texts, has a set of software (Word, Excel, Outlook, Internet Explorer), IK-port, USB-port, loudspeaker, digital Dictaphone and MP3 Player, be called? By the way, this “monster” weighs about 150g (26).
The content of Articles 273-274 of Criminal Code, especially Part 2 of Article 273: “the same actions entailed grave consequences through carelessness” arouses some questions. There appears a reasonable question: How can grave consequences caused with intention be qualified?
After briefly discussing problems emerged at the analysis of CC Article 28, let us gradually consider other articles of Criminal Code, which should be supplemented and commented.
First, it is CC Article 17 “Crimes against person’s freedom, honor and dignity”. Is it not evident that aspersions “cast” in Internet are more dangerous than those published in the most popular mass media and, accordingly, must be punished more severely? The same can be referred to Article 130 “Outrage”. Consequently, the following wording: “as well as spreading in Internet and other global networks” can be added to Part 2 of CC Articles 129-130.
CC Article 13 “Crimes against person’s constitutional rights and freedoms” and CC Article 137”Violation of private life immunity” certainly require introducing qualificatory characteristic: “with use of computer technologies”. When taking into consideration that information on persons is stored now in many automated databases (law enforcement agencies, hospitals, house managements, banking establishments and so on), it is evident that the use of computer data can cause more damage than crimes “committed by a person abusing his official position”. In particular, as the foreign experience shows, computer technologies in firms and companies are turned into the instrument of shadowing their officials that is the rudest violation of person’s rights.
CC Article 140 “Denial of information” should apply to information stored in automated databases and banks.
CC Article 144 “Interference with voting rights and work of election committee” deserves special consideration. Taking into account the availability and operation of State automated system (SAS) “Elections” (27), its Part 2 should contain Item “g”: “committed by interfering with the operation of “Elections” automated system and entering inauthentic data or falsifying results”. RF CC Article 272 regulates modification of system programs. Everything mentioned above can apply to CC Article 142 “Falsification of voting documents”.
CC Article 146 “Infringement of copyrights and related rights” should cover works kept in digital (computer) forms and have corresponding comments. The same can be referred to CC Article 147 “Violation of voting and charter rights” (28).
CC Chapter 20 “Crimes against family and under-age persons” and CC Article 155 “Divulgence of adoption secrets” should contain qualificatory characteristic “by means of computer technologies” on the analogy of calumny, outrage and etc.
CC Chapter 21 “Crimes against property” requires special consideration. In this case, two approaches are possible. First, this chapter should be added with a new article providing for responsibility for theft where the use of computer technologies represents a way of committing a crime. It has a definite logic. The analysis of this chapter shows that a way of committing a crime can give occasion to resolving this problem in such a manner. For example: the main objects of theft, fraud, misappropriation and plunder are property relations^; the difference between these crimes consists in the way of committing them.
Secondly, in our opinion, some crimes in this chapter should be qualified as computer crimes. So, taking into account that “Law of information…” defines a keeper of information and the encroachment upon property relations is an objective side of theft, illegal copying of information can be viewed as a variety of thefts and qualified this crime in accordance with CC Articles 158 and 272.
In particular, such qualification can be useful in those cases when information comes under the law protected category and actions of the guilty person can be qualified according to CC Article 272, but belongs to juridical or physical persons and some financial and other resources were spent to make and store it. The theft of such information (plunder or illegal copying) causes a real material damage to its owner or keeper.
CC Article 159 “Fraud” should be widened by adding to its disposition “including with the use of computer technologies” (for example, reprogramming of playing machines, swindle in on-line trade and so on that coincides with CC Article 272 “Information modification”). CC Article 160 “Misappropriation and embezzlement” can be treated in the same manner.
Crimes provided by CC Article 163 “Blackmail” by means of computer technologies (ex. with menace of destroying, damaging or blocking information – CC Article 272, or divulging that taken from automated data banks – CC Article 272 “Copying”) could be committed in such away. Here is a typical example: Saint-Petersburg hacker (nickname Maxus) stole from the largest foreign on-line bank several hundred thousand numbers of credit cards. He got into contact with the suffered company leadership and offered to exchange them for one million US dollars. The bank refused to do it and then numbers of credit cards were made public on some on-line sites and theoretically, everyone could draw money from them (29).
Part 3 of CC Article 165 “Material damage caused by deceiving or betraying of confidence” also requires to be added with: “committed by using computer technologies”.
The intentional (CC Article 167) or careless (CC Article 168) destruction or damage of property in those cases when computer information was a crime object could be qualified according to CC Article 272.
CC Chapter 22 “Crimes in the sphere of economic activities” and, in particular, Articles 171 “Illegal business”, 172 “Illegal banking activity”, 173 “False business”, 174/174-1 “Legalization of illegally obtained funds” is a special interest to us. It is generally known that such crimes are committed now by falsifying computer information. Two conclusions result from this.
First, these crimes committed by using computer technologies (forgeries in bookkeeping and accounting systems, double entry bookkeeping and so on) should be qualified according to Article 272 “Information modification”.
Secondly, “the use of computer technologies” can be qualificatory characteristic to be entered into the law because crime danger increases, control and audit become complicated and so on.
It should be noted that such crime can be committed now completely in the “virtual space”. Dmitrie Chepchougov, a chief of “P” Bureau, told us about a unique crime – a criminal world innovative in its own way. Some teenagers from 16 to 20 years set up their Internet-shop, which sold a wind. Their leader was a skilled swindler: he knew nothing about high technologies but could genially think up criminal schemes. This group was divided into three parts: one sold rating reviews of Russian forest, the other was engaged in breaking credit cards throughout the world and the third group was specialized in making money available. The revelation of this crime was unusual: it required constant twenty-four-hour contacts with the representatives of law enforcement agencies from the USA, Canada, England and France (30).
In our opinion, “the use of computer technologies” can be an aggravated circumstance when committing a crime provided by CC Article 182 “Obviously false advertisement” – when placing it in the network and, moreover, when illegally obtaining and divulging information of commercial, taxation or banking secrets (CC Article 183).
To our mind, CC Articles 186 “Manufacture and marketing of forged money or securities” and 187 “Manufacture or marketing of forged credit or paying cards and other payment documents” do not require to be changed because the method of manufacturing them is not a qualificatory characteristic. It should be noted that juridical practice indicates more increasing role of computer technologies in the mentioned crimes.
Now let us consider CC Chapter 24 “Crimes against social security”. CC Article 207 “Obviously false information on act of terrorism” should have a supplement on the use of information technologies (computer networks) for these purposes. As to CC Article 213 “Hooliganism”, it suffices to realize that there can be computer hooliganism as well rather than introduce any changes into contents of this document. Hackers’ manifestations (unquotable inscriptions and pictures on private and government sites) should be qualified just in this way. In this case, no damage is inflicted either to networks or information. “Evident disrespect for society” or “malicious violation of social morals” is on hand. Advices, recommendations and drawings located on some web sites are difficult to apply directly to CC Article 223 “Illegal manufacture of weapon” but they require lawful assessment.
The same can be referred to CC Chapter 25 Article 228 “Illegal manufacture, purchase, storage, transportation, consignment or marketing of drugs or psychotropic materials”. It is necessary to introduce definite sanctions against spreading them both in Internet and on some information carriers, for example, formulae for their manufacture and use, contact phones and electronic addresses.
It should be noted that Russian criminal legislation in the sphere of crimes against health has not provided for responsibility for such actions connected with the use of computer technologies. Meanwhile, foreign lawmakers provide for such situations now. Thus, US Juridical Committee of Congress Representative Chamber adopted Cyber Security Enhancement Act. According to amendments introduced into Act in February 2002, hackers who committed premeditated murder or caused grave damage to health by using electronic means are threatened with life imprisonment. US Administration considers it insufficient. John Malcolm, one of deputies US attorney general, requires hackers to be sentenced to life imprisonment not only for intentionally inflicting damage to people’s health and prosperity. “Thoughtless” actions such as, for example, “accidental” disturbance of 911 service or hospital operations must be punishable as well. “Even when a hacker did not wish to do harm to patients, his careless conduct can constitute an evident menace to their health and life. Therefore, this law must inflict penalty not only to hackers who break computer networks realizing that their actions will result in people’s death or injuries, but also those who dare to break without thinking about possible circumstances” – said Malcolm (31).
The real facts of just only American juridical practice say about truth and timeliness of this approach. In 1999 in the USA, a murder was committed by penetrating into information network of local hospital and changing life maintaining mode (32).
Undoubtedly, qualificatory characteristic of CC Article 242 “Illegal spreading of pornographic materials and things” should contain “including with the use of computer technologies”.
CC Chapter 29 “Crimes against basis of constitutional structure and State security”
Let us examine “information” approach by citing CC Article 284 “Loss of documents containing State secret” as an example. For some reason the commentator of this article insists, “in context of this article written documents apply to those documents”. Why then are electronic documents with the corresponding stamp not referred to such ones? How else can the careless loss of floppy with a document containing information of State secret be qualified? In our opinion, it should be estimated as the loss of “written” documents. It is clear that in this case some concepts firmly set in the ordinary and juridical conscience should be reviewed. For example, under modern conditions Item 5 “document is considered lost when lacking in the place of constant storage or at the concrete executor who it was given to” “does not work”. Nevertheless, it is a specific character of the electronic document: it can be available and lost at the same time.
It would be advisable to incorporate a qualificatory characteristic “committed by using computer technologies” into CC Articles 292 “Official forgery” (Chapter 30 “Crimes against State power”) and 298 “Aspersion in respect of judge, juror assessor and public prosecutor” (Chapter 31 “Crimes against justice”).
CC Article 303 “Falsification of evidences” requires a special consideration, when different electronic documents (information stored on the computer carriers) are used as such proofs. It is explained by that unlike particularly “material” objects, information on the machine carrier can be falsified in more clever ways. Digital technologies allow falsifying not only written documents but also sound and images. It is clear that we should not be in earnest about Item 12 running: “any carriers of written information can be viewed as evidences in criminal cases”. It should be reminded that USSR Supreme Court admitted various machine documents as evidences nearly twenty-five years ago (33).
Repeatedly mentioned above qualificatory characteristic can be also introduced into CC Articles 327 “Forgery, manufacture and marketing of forged documents” (Chapter 32 “Crimes against administration order”) and 354 “Public appeals to unleashing aggressive war” (Chapter 34 “Crimes against peace and mankind security”) where computer technologies can be used as well.
In conclusion, it should be emphasized once more that there are specific computer crimes, which are not reflected in Criminal Code at all. In particular, the Conception of Russian legislation in the sphere of protecting information (34) points that not only person’s rights to information access and immunity of private life but also protection of person and society from “harmful” information should be taken into account.
One of the most important and less studied directions, which protect and develop vital interests of the society and individually every person, is that connected with methods and ways of protection from information-psychological influence. For this reason, the specialty “Methods and system of protecting information and information security” was introduced into the nomenclature of scientific specialties. The field of scientific research carried out within the framework of this specialty is “to study methods and ways of information-psychological influence on individual persons and human associations with technical means that allow developing means and methods of revelation and manipulating influence and resistance to it” (35). Methods of this influence are well known and the problem of revealing and proving them is quite solvable (36), but Russian criminal law has not provided for any lawful sanctions for the given extremely dangerous crime.
When summing up, the following conclusions can be made:
1) Criminal and legal regulation in the sphere of crimes connected with computer technologies does not fully correspond to the real situation^;
2) Many present crimes or possible in future cannot be qualified according to current Criminal Code^;
3) The optimal way of removing marked gaps is to introduce amendments qualifying individual crimes into some articles of current Criminal Code and interpret properly (with reference to computer technologies) some terms and concepts used in the “traditional” meaning^;
4) In some cases, when current Criminal Code has no principally new corpus delict peculiar only to computer technologies, new norms should be developed and introduced to provide for criminal liability for such crimes.
^macro[showdigestcomments;^uri;Information technologies and organized crime]