Computer Crime Problems Research Center

By Vladimir Golubev

Theoretical and legal questions of crimes qualification
in the field of electronic computers use

From the time when the new Criminal code of Ukraine has come into force on September 1, 2001, the criminal law sphere has experienced some important changes. In particular, the legislation of Ukraine on the criminal liability became more adapted to performance of the tasks, which it is responsible for, in conditions of development of information-oriented society. The evidence of it is the following: creation of system of material - law means of protection of information safety of the person; criminalization of actions which interfere private life; an establishment of the criminal liability for illegal use of special means of private reception of the information; introduction of criminal - law guarantees of safe functioning, payment cards and electronic payment documents turnover; a direct recognition of deliberate encroachments on information safety of the state as a heinous crime; guaranteeing of a criminal - law protection of confidential information and data which is in the property of the state and etc.

With acceptance of the new Code the approach to the information, as a subject of a crime, has cardinally changed. So, having recognized the information as a subject of abduction, appropriation, the claim and other criminal actions, the criminal law has confirmed the status of the information as object of the law of property, which is coordinated with the main regulations of the information legislation of Ukraine. Up to this time the criminal - law doctrine unreasonably excluded the information from the list of possible subjects that can be stolen and other crimes against the property.

In the criminal Code of Ukraine the reaction of the legislator to socially negative phenomena connected with the rapid development of scientific and technical progress is represented. In the Code structure the Section XVI with three articles has appeared. The name of the Section is "Crimes, committed in the sphere of electronic computers (electronic engineering), systems and computer networks". The legal structures of crimes placed in the above mentioned section correlative with existing needs (requirements) of the public - legal validity and the protection of the appropriate rights directed on safety guaranty of the respective rights, freedoms and legitimate interests of citizens and juridical persons. Unfortunately, at the same time, these legal regulations have some drawbacks (defaults). It is necessary to focus on the analysis of separate problems of juridical crime structures of the Section XVI CC (Criminal Code) [1].

Illegal intervention in the electronic - computers work, systems and computer networks (Clause 361 CC). The clause 361 provides the responsibility for illegal intervention in the work of the automated electronic-computers, their systems or computer networks that has resulted in false information, or information or its carriers were deleted together with a computer virus distribution by the program and technical means intended for illegal penetration into these machines, systems or computer networks and able to cause a distortion or destruction of the computer information or carriers of such information.

Clause. 361 protects the right of the proprietor on inviolability of the information in the automated electronic-computers, their systems or computer networks. The proprietor of the information automated system may be any person who either legally uses services on information processing as the proprietor of such system (the COMPUTER, their systems or computer networks) or as the person who has got the right to use such system.

Criminal act, the responsibility for which is stipulated in the Clause 361, should develop: from illegal intervention in the work of the automated electronic-computers, their systems or computer networks which is always characterized by realization of the certain actions, and it may be expressed in penetration into computer system by the use of special technical means or specific software which allow to overcome the established systems of protection; from illegal application of the established passwords or masking under a kind of the legal user for penetration into computer system.

So, Chapter 1 of the Clause 361 (CC) allocates as criminally punished action "illegal intervention in the work of the automated electronic-computers, their systems or computer networks" that has resulted in a distortion or destructions of the computer information or carriers of this information. The given crime structure is material as the investigations are an obligatory element of its objective side. Nevertheless the law contains the limited list of harmful consequences, which may look as the reason of illegal intervention in the work of the automated systems. In particular, the fake, blocking of the information, damage of data carriers are not mentioned in this law. Thus, in case of harmful consequences in any other forms, except those directly specified in the Clause 361 CC, the person who has committed the above mentioned actions, is not subject to the criminal liability.

CC of Ukraine has established responsibility for computer virus distribution. Nevertheless the obligatory element of the objective side of such crime is the way of committing this crime, mainly: by program and technical means intended for illegal penetration into automated machines, systems or computer networks and which may cause a distortion or destruction of the computer information or carriers of such information. If the person distributes computer virus in another way or using other instruments and techniques which don't have the above mentioned characteristics in the whole, such person, again, is not subject to the responsibility according to the Clause 361 CC.

The direct object of a crime is the information property right, that is the mentioned right of the proprietor to possession, use or command of the information. Interpretation of this term in a context of use of the automated systems is located in the Clause 1 of the Law of Ukraine "Protection of the information in automated systems_": information in ACC is set of all data and programs which are used in ACC irrespective of means of their physical and logic performance.

The display of the objective side of structure of this crime are actions as a distortion or destruction of the computer information or carriers of such information, and also distribution of a computer virus.
Under this context, destruction of the information is its loss if the information in sphere of use of electronic-computers, systems and computer networks, stops to exist for physical and legal persons who have property right of it in the full or limited volume. Discontinuance of access to the information should be considered as its blocking. Such actions may be expressed, for example, in electromagnetic, laser and other influence on a data carrier in which it is materialized or on which it is transferred; in formation of signals of fields of means and blocks of programs which influence the information, its carriers and means of technical protection will cause infringement of integrity of the information, its distortion or destruction.

The distortion of the information is a change in its contents, infringement of its integrity, including partial destruction. As to the mode of access to the information its establishment is regulated by clause 28 of the Law of Ukraine "About Information" [2], which determines stipulated in the legal regulations, use, distribution and preservation of the information. Then, the information divides into the open information and the information with the limited access which, according to the legal regime, may be confidential and a secret. According to the Clause 30 of the abovementioned Law, the confidential information are data which are in using or possession of specific physical or legal persons, and are distributed according to their stipulated terms and conditions.

Citizens, legal persons, who own or possess the information of professional, business, industrial, bank, commercial and other the character, received by their own means, or such information which is a subject of their professional, business, industrial, bank, commercial another interest and does not reveal the secret stipulated in the law, have the right to define (determine) a mode of access to it independently, considering that it belongs to a confidential category and establish a system of protection for it.

Exception represents information of commercial and bank character, and also the information, which legal regime is determined by the Verkhovna Rada of Ukraine on presentation of the Cabinet of Ministries of Ukraine (on questions of statistics, ecology, bank operations, taxes etc.), and the information, which concealment threatens human life and health.
Secret information is information, that contains data, which are included in the state, and other secret stipulated by the law; disclosure of such information causes harm to a person, to a society and to a state.
Grave consequences hereinafter are offered as harm caused by criminal actions (straight and indirect losses), which size doesn't exceed 100 minimal not impose by taxes incomes of citizens. The structure of this crime is characterized by the presence of a common subject. Commitment of such actions by the person whose professional duties include preservation or processing of such information, may admit as a qualifying feature which burdens the responsibility.
During the process of development of the first part of the regulation, design of material structure of a crime was selected. It establishes necessity of approach in criminal consequences as a distortion or destruction of the computer information or carriers of such information.
Subject of a crime is general.
The psychological attitude of a person to the actions is directly specified in the Clause, therefore the form of fault (guilt) of such person is only intention. The relation of the person to criminal consequences its actions may be in the form of intention or criminal imprudence.

Unfortunately, the Clause 361 CC does not control the situation if intervention in the work of the automated electronic-computers, their systems or computer networks is carried out as the result of careless actions - a plenty of possible encroachments and even those actions which took place deliberately, and as during investigation of circumstances of intervention of it would be hard to prove a computer criminal's intentions (for example, it is possible to distribute and spread computer viruses via Internet while using e-mail not only deliberately, but even unintentionally and because of imprudence, as the Internet contains millions of computers).

Distribution of a computer virus by using program and technical means (Clause 361 CC) The criminal liability under this clause arises already as a result of the distribution of a computer virus irrespective of the fact if this program was used or not. According to the Clause 361the presence of initial texts of virus programs is already the basis to institute criminal proceedings. It is necessary to take into account, that in some cases the use of similar programs will not be criminally punished. It concerns to activity of the organizations, which carry out development of anti-virus programs and have the appropriate licenses.

Stealing, appropriation, claming of the computer information or getting control over it by fraud or abusing service position (Clause 362 CC) - are considered to computer crimes. They make the majority of the violation in the sphere of electronic-computers, systems and computer networks use.
The new term "computer information", introduced by the legislator is very important. In our opinion, it is necessary to understand that computer information is a set of all data and programs, which are used in electronic-computers, as the computer information systems and computer networks, which are identified and have their proprietor. The information, which is identified, is the information is recorded on the machine carrier with properties, which allow to identify it.

Clause 363 CC of Ukraine establishes the responsibility for infringement of service regulations of the automated electronic-computers, their systems or computer networks by the person who is responsible for their operation if it caused abduction, a distortion or destruction of the computer information, means of its protection or illegal copying of the computer information, the important infringement of work of such machines, their systems or computer networks. Clause protects interests of the proprietor of the automated electronic-computing systems concerning their correct operation.

This regulation CC, does not contain specific technical requirements and sends to departmental instructions those rules that determine the operating procedure and that should be established specially by the authorized person and is for the users. Application of specified clause is impossible for the Internet, as its operation is distributed only to local networks of the organizations.

Between the fact of infringement of service regulations of the automated electronic-computers and the important harm that has occurred, causal relationship may be established and it is entirely proved, that consequences which have resulted, is the result of infringements of service regulations itself.

Definition of the important harm, stipulated by the Clause 361, - estimated process, harm is established by court in each specific case, proceeding from circumstances of the case, however it is obvious, that the important harm should be less significant than hard consequences.

The criminal acknowledges, that breaks operation regulations, providing an opportunity or inevitability of illegal influence on the information and causing the important harm, whether causing such harm deliberately wishes. Such action is punished by deprivation of the right to hold certain positions or to be engaged in the certain activity for the five year term, or corrective works for the two year term.

From the point of view of interpretation of the contents it is a disposition, Ch. 1 Clause 363, CC. The grammatical, logic and systematic and structural analysis of the clause allows to draw a conclusion which states that illegal copying of the computer information and the important infringement of work of the automated machines, systems and computer networks are not forms of the crime stipulated by the given clause, and make only variants of consequences which may come as a result of its fulfillment. A formulation of a disposition Ch. 2 Clause 363 CC leads to such conclusion, which, carrying out the link on described illegal action (Ch. 1 Clause 363 CC), names it in a singular which testifies about non-alternative of criminal behavior, despite of application by the legislator in the text of the regulation of disjunctive conjunctions "or".

Another feature of the crime stipulated by the Clause 363, CC, is that the responsibility for its fulfillment may carry only a special subject - a person who is responsible for operation of the automated electronic-computers, their systems or computer networks.

Summing it up, it is possible to draw conclusions, which because of complexity of computer technologies, ambiguity of qualification of computer crimes, and also difficulty concerning their investigation, it is worthless to expect in the near future increase in the number of the criminal cases mentioned by the clauses 361-363 CC. With the purpose of exclusion in the future investigatory and justice miscarriages and other infringements, lawful practice demands today careful studying and scientific research of "information" clauses of the criminal Code taking into account their novelty, terminological and structural - substantial complexity. However positivite sides of changes which were held recently in a legal field of Ukraine, are obvious.

1. Criminal Code of Ukraine (passed by the 7th session of t6he Verkhovna Rada of Ukraine, April 5, 2001). -K., Official bulletin of Ukraine, 2001. -p.105-106.
2. The Law of Ukraine of October 2, 1992 "About Information".

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center, 2001-2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907

Rambler's Top100 Rambler's Top100