Criminal and Legal Aspects of Fighting Computer Crime
Nowadays, intensive use of computer technologies in various spheres of human activity has significantly changed an idea of a place and a role of information in present-day society. National information resources have appeared as a new economic category. They became one of the most important factors of postindustrial world development. Society is getting features of an information society. This happens owing to development of computer technologies processing information.
Unfortunately, new kinds of crime as "computer crime", "cyber terrorism" and "information war" appeared.
Special anxiety is related to crimes in sphere of computers. Number of computers in developed countries is constantly growing. Trend of increase in such crimes is extending also to Ukraine. We have a number of cases illustrating computer technologies use for criminal purposes. Serious problems of information security constantly arise as homeland is integrating in the Internet.
A united policy is realized at the state level on purpose of national interests security maintenance from threats in information sphere^; a balance of need for free information exchange and admissible restrictions for its distribution are established^; the legislation of Ukraine in field of IS is being improved^; activity of state authorities on safety in the information environment is being coordinated^; state information resources are being protected at defense enterprises^; native telecommunication and information means are being developed^; information structure of IT development is being improved^; means of search, collecting, storage, processing and the analysis of information are being unified on purpose of entering global information infrastructure.
The urgency of research in this issue is caused also by a problem of increase in efficiency of fighting computer criminality on the part of law enforcement. Creating of the corresponding legal base in law enforcement agencies is of high priority.
In process of studying the legislative experience in foreign countries, some separate scientists drafted recommendations and offers on criminal legal regulation of this field in native legislation.
According to D. Azarov  “regulations in the new Criminal Code of Ukraine concerning responsibility for crimes in sphere of computers and computer systems demand a careful analysis. We consider that it is necessary to take into account experience of other European countries in this sphere. Issues of criminalization and, probably, decriminalization of certain actions in sphere of computers, systems and networks demand a further studying. The international experience shows a presence of certain actions that belong to a category of computer crimes, and crimes of some other character, rather than those which attributes are determined in the Criminal Code of Ukraine”.
Especially, European Council experts in criminal law suggest to criminalize such socially dangerous acts in sphere of computer information:
1) computer fraud^;
2) computer forgery^;
3) damage of computer information or software^;
4) computer sabotage^;
5) unauthorized access^;
6) unauthorized interception.
The analysis of law that regulates public information relations in Ukraine, allows to assert that our government takes measures of stimulating the infrastructure development on the basis of the newest technologies, along with necessary measures of containment and counteraction to negative events in sphere of computer technologies.
Among top-priority steps of state policy in sphere of counteraction to computer criminality is an appearance of new Section 16 in the Criminal Code of Ukraine - “Crimes in Sphere of Computers, Systems and Networks”. Having recognized information as a subject of theft, assignment, extortion and other criminal acts, criminal law has confirmed status of information as an object of the property right that is coordinated with substantive regulations of information legislation. Till recently, criminal legal doctrine unreasonably unfiled information from the list of possible subjects of theft or other property crimes.
In this connection, appearance of the mentioned section in the Code is natural and objective necessity of legal means in process of solving problems related to fundamental modification of technology, world outlook of people, international relationship under conditions of a wide scope computerization of information sphere.
As is well-known, the Section 16 includes three Articles: 361 “Illegal interference with operation of computers, systems and networks”, that is an illegal interference with operation of automated computers, systems or networks resulted in distortion or erasing of computer information or destroying its carriers, and also to spreading of computer viruses by using software and hardware designed for illegal penetration into these machines, systems or networks and capable of distortion or erasing computer information or destroying its carriers”^; the Article 362 “Theft, misappropriation, extortion of computer information or its capture by swindling or abusing official position” and the Article 363 “Violation of automated electronic computer operating rules”: violation of operating rules of automated computers, systems or networks on the part of a person responsible for their operation, if it has entailed theft, distortion or erasing of computer information, security means, or illegal copying of computer information, or essential infringement of such facilities, systems or networks operation.
The components of crimes defined in the mentioned section are correlated with existing needs of public legal actuality. Also, they are aimed at protection maintenance of the corresponding rights, liberties and legitimate interests of individuals and legal entities. Unfortunately, these legal norms have some weaknesses at the same time. It is necessary to dwell on the analysis of some problems of crimes from the Section 16 of the Criminal Code .
Illegal interference with operation of computers, systems and networks (referring to the Article 361 of the Criminal Code of Ukraine). The Article 361 defines responsibility for illegal interference with operation of automated computers, systems or networks that has led to distortion or destruction of computer information, or carriers, and also to distribution of computer virus by application of software and other means with intent of illegal penetration into these machines, systems or networks and capable to entail distortion or destruction of computer information or carriers of such information.
The Article 361 protects the proprietor’s right to inviolability of information in automated computers, systems or networks. The owner of automated system is any person that legally uses services of information processing as the proprietor of such system (computer, systems or networks) or as the person that has the right to use such system.
Criminal act, responsibility for which is provided for by the Article 361, should consist of illegal intervention in work of automated computers, systems or networks. It always has a character of fulfilment of certain actions, and it can be a penetration into computer system by use of special technical means or software, allowing to overcome installed systems of protection from illegal application of obtained passwords or masking under a kind of a legal user with purpose of penetration into computer system .
So, Part 1 of the Article 361 defines “illegal interference with operation of automated computers, systems and networks that has led to distortion or destruction of computer information or carriers of such information” as penal action. This component of crime is of material character. Consequences are obligatory element of the crime. However, the law contains a limited list of harmful consequences in any other forms, except for specified in the Article 361. The person who has performed the specified actions in forms, not defined in the Article 361, is not subject to criminal liability.
The Criminal Code of Ukraine has established the responsibility for distribution of computer viruses. But an obligatory element of the objective side of this crime lies in the way of its commitment, namely: by application a software and/or other means with intent of illegal penetration into automated machines, systems and networks and capable to cause distortion or destruction of computer information or carriers of such information. If the person distributes a computer virus in a different way or by application of other instruments and means which are not bearing the above-stated attributes in aggregate, such person is not subject to the responsibility according to the Article 361 of the Criminal Code.
Direct object of a crime is the information property right, that is the broken right of the proprietor's ownership, use or control over information. Interpretation of this term in a context of automated systems is placed in the Article 1 of the Automated Systems Information Security Law of Ukraine: “... information in automated systems is a set of all data and programs used in automated systems, irrespectively of means of their physical and logic representation... ”.
Displays of the objective side of crime components are: actions like distortion or destruction of computer information or carriers of such information, and also distribution of computer virus.
As used here, destruction of information is its loss, when information in sphere of computers, systems and networks ceases to exist for individuals and legal entities that have full or limited property right to it. Termination of access to information should be considered as blocking of information. Such actions can be performed, for example, with the help of electromagnetic, laser and other effect on data carriers in which info is materialized or with the help of which it is transferred^; by forming of signals of means and blocks of programs effecting information, its carriers and means of technical protection that causes violation of integrity of information, its distortion or destruction.
Distortion of information is a modification of its contents, violation of its integrity, including partial destruction. Establishing of a mode of access to information is regulated by the Article 28 of the Information Law of Ukraine. It defines the order of reception, use, distribution and retention of information. Depending on a mode of access, information is divided into open information and information with restricted access (confidential and secret). According to the Article 30 of the mentioned law, confidential information is data which is in ownership, use or order of separate individuals or legal entities and is distributed, at their will, according to the terms provided for by them.
Citizens and legal entities that own information of professional, business, industrial, commercial and other character, having obtained it due to own means, or such which is a subject of their professional, business, industrial, commercial and other interest and does not break secret provided for by law, have the right to define independently a mode of access to it, including its belonging to the confidential category, and establish a system (ways) of its protection.
There are some exceptions: information of commercial and bank character, and also information, legal regime of which is determined by the Verhovna Rada of Ukraine and by presentation of the Cabinet of Ministers of Ukraine (on questions of statistics, ecology, bank operations, taxes, etc.), and information, concealment of which is life and health threats to people.
Secret information is information containing data, making state and others secret defined by the law, disclosure of which cause damage to the person, society and the state.
We offer to understand the damage caused by criminal acts (direct and indirect losses) which size is equal or exceeds 100 minimal free incomes of citizen as heavy consequences.
The components of this crime are characterized by presence of the general subject. Commitment of such actions by the person which professional duties include preservation or processing of such information should be admitted as the attribute that burdens the responsibility.
Material components structure of the crime is chosen for developing of the first part of this norm. The structure establishes the necessity of criminal consequences approach, like distortion or destruction of computer information or carriers of such information.
The Article directly defines mental attitude of the person to own actions, therefore the guilt form of such person is intention only.
Unfortunately, the Article 361 of the Criminal Code does not adjust a situation when interference with operation of automated computers, systems or networks is performed owing to careless actions.
Thus, the significant amount of possible infringements and even actions which are really performed with intent, as it is hard to prove the intent of the computer criminal during investigation of circumstances of intervention (e.g. a person that usually uses e-mail in the Internet, probably not deliberately but also owing to carelessness, may distribute computer viruses).
Theft, assignment, extortion of computer information or its abstraction by swindle or official position abusing (referring to the Article 362) concerns only "computer" crimes. They make the majority among files of offences in sphere of computers, systems and networks.
The definition of “computer information”, introduced by the legislation, is very important. In our opinion, it is necessary to understand it as an aggregate of all identified and owned date, used in computers, systems and networks. The identified information is information fixed in the machine carrier with essential properties allowing to identify it.
The Article 363 of the Criminal Code of Ukraine establishes the responsibility for violation of operation rules of automated computers, systems and networks performed by the person responsible for their operation if it has entailed theft, distortion or destruction of computer information, means of its protection, illegal copying and essential infringement of operation of such computers, systems and networks.
This Article protects interests of the owner of automated computer systems, concerning their correct operation.
The given norm of the Criminal Code, naturally, does not contain concrete technical requirements. It refers to departmental instructions and the rules establishing the operating procedure and which should be set specially by the authorized person and be brought to users. Application of the specified Article to the Internet is impossible^; its effect applies only to local networks of organizations.
An investigatory relation should be established between the fact of violation of operation rules of automated computers and the fact of caused essential harm. It should be completely proved, that consequences come exactly from violations of operation rules.
Determining of essential harm provided for by the Article 361 is an evaluating process. The harm is determined by court in each concrete case, in view of all circumstances, however it is obvious, that essential harm should be less significant, rather than essential consequences.
A criminal realizes that he is breaking operation rules^; he foresees an opportunity and inevitability of illegal influence on information and causing essential harm or meaningly wishes causing such harm. Such action is punished by deprivation of the right to occupy certain positions or by engaging in certain work for the term up to five years or correctional work for the term up to two years.
Part 1 of the Article 363 of the Criminal Code is complicated for interpretation of the contents. Grammatical, logical and system structural analysis of all the Article allows to say that illegal copying of computer information and essential infringement of operation of automated computers, systems and networks are not forms of crime provided for by this Article, and make up only a set of possible consequences which can arise as a result of its commitment. Part 2 of the Article 363 has a blanket reference to described in the Part 1 illegal action.
One more feature of crime is provided for by the Article 363 of the Criminal Code. Only a special subject accounts for its commitment, it is the person responsible for operation of automated computers, systems and networks.
In summary it is necessary to note, that Articles 361, 362 and 363, providing for the criminal liability for crimes in sphere of computers, systems and networks in the Criminal Code of Ukraine still is not enough for efficient counteraction to these socially dangerous infringements. It is necessary to continue scientific research into problems of criminalization and decriminalization of illegal acts in sphere of use of computers, systems and networks, for creation and perfection of theoretical base of corresponding norms of the Criminal Code of Ukraine in view of the international experience of lawmaking in this field.
 D. Azarov, Actual Problems of Criminal Legal Counteraction to Computer Crimes.
 The Criminal Code of Ukraine (adopted by 7th session of the Verhovna Rada on April 5, 2001).
 V. Golubev, Computer Crime Investigation, Monograph, Zaporizhzhya: University of Humanities “ZIDMU”, 2003, p.52.
^macro[showdigestcomments;^uri;Criminal and Legal Aspects of Fighting Computer Crime]