Computer Crime Research Center

staff/gva2.jpg

Criminal legal description of computer-facilitated crimes

Date: April 29, 2005
Source: Computer Crime Research Center
By: Vladimir Golubev

Among top-priority steps of state policy in sphere of counteraction to computer criminality is an appearance of new Criminal Code dated September 1, 2001. Its new Section 16 in the Criminal Code of Ukraine - “Crimes in Sphere of Computers, Systems and Networks”. Having recognized information as a subject of theft, assignment, extortion and other criminal acts, criminal law has confirmed status of information as an object of the property right that is coordinated with substantive regulations of information legislation. Till recently, criminal legal doctrine unreasonably unfiled information from the list of possible subjects of theft or other property crimes.

In this connection, appearance of the mentioned section in the Code is natural and objective necessity of legal means in process of solving problems related to fundamental modification of technology, world outlook of people, international relationship under conditions of a wide scope computerization of information sphere.

As is well-known, the Section 16 includes three Articles: 361 “Illegal interference with operation of computers, systems and networks”, that is an illegal interference with operation of automated computers, systems or networks resulted in distortion or erasing of computer information or destroying its carriers, and also to spreading of computer viruses by using software and hardware designed for illegal penetration into these machines, systems or networks and capable of distortion or erasing computer information or destroying its carriers”; the Article 362 “Theft, misappropriation, extortion of computer information or its capture by swindling or abusing official position” and the Article 363 “Violation of automated electronic computer operating rules”: violation of operating rules of automated computers, systems or networks on the part of a person responsible for their operation, if it has entailed theft, distortion or erasing of computer information, security means, or illegal copying of computer information, or essential infringement of such facilities, systems or networks operation.

The components of crimes defined in the mentioned section are correlated with existing needs of public legal actuality. Also, they are aimed at protection maintenance of the corresponding rights, liberties and legitimate interests of individuals and legal entities. Unfortunately, these legal norms have some weaknesses at the same time. It is necessary to dwell on the analysis of some problems of crimes from the Section 16 of the Criminal Code [2].

Illegal interference with operation of computers, systems and networks (referring to the Article 361 of the Criminal Code of Ukraine). The Article 361 defines responsibility for illegal interference with operation of automated computers, systems or networks that has led to distortion or destruction of computer information, or carriers, and also to distribution of computer virus by application of software and other means with intent of illegal penetration into these machines, systems or networks and capable to entail distortion or destruction of computer information or carriers of such information.

The Article 361 protects the proprietor’s right to inviolability of information in automated computers, systems or networks. The owner of automated system is any person that legally uses services of information processing as the proprietor of such system (computer, systems or networks) or as the person that has the right to use such system.

Criminal act, responsibility for which is provided for by the Article 361, should consist of illegal intervention in work of automated computers, systems or networks. It always has a character of fulfilment of certain actions, and it can be a penetration into computer system by use of special technical means or software, allowing to overcome installed systems of protection from illegal application of obtained passwords or masking under a kind of a legal user with purpose of penetration into computer system [3].

So, Part 1 of the Article 361 defines “illegal interference with operation of automated computers, systems and networks that has led to distortion or destruction of computer information or carriers of such information” as penal action. This component of crime is of material character. Consequences are obligatory element of the crime. However, the law contains a limited list of harmful consequences in any other forms, except for specified in the Article 361. The person who has performed the specified actions in forms, not defined in the Article 361, is not subject to criminal liability.

The Criminal Code of Ukraine has established the responsibility for distribution of computer viruses. But an obligatory element of the objective side of this crime lies in the way of its commitment, namely: by application a software and/or other means with intent of illegal penetration into automated machines, systems and networks and capable to cause distortion or destruction of computer information or carriers of such information. If the person distributes a computer virus in a different way or by application of other instruments and means which are not bearing the above-stated attributes in aggregate, such person is not subject to the responsibility according to the Article 361 of the Criminal Code.

Direct object of a crime is the information property right, that is the broken right of the proprietor's ownership, use or control over information. Interpretation of this term in a context of automated systems is placed in the Article 1 of the Automated Systems Information Security Law of Ukraine: “... information in automated systems is a set of all data and programs used in automated systems, irrespectively of means of their physical and logic representation... ”.

Displays of the objective side of crime components are: actions like distortion or destruction of computer information or carriers of such information, and also distribution of computer virus.

As used here, destruction of information is its loss, when information in sphere of computers, systems and networks ceases to exist for individuals and legal entities that have full or limited property right to it. Termination of access to information should be considered as blocking of information. Such actions can be performed, for example, with the help of electromagnetic, laser and other effect on data carriers in which info is materialized or with the help of which it is transferred; by forming of signals of means and blocks of programs effecting information, its carriers and means of technical protection that causes violation of integrity of information, its distortion or destruction.

Distortion of information is a modification of its contents, violation of its integrity, including partial destruction. Establishing of a mode of access to information is regulated by the Article 28 of the Information Law of Ukraine. It defines the order of reception, use, distribution and retention of information. Depending on a mode of access, information is divided into open information and information with restricted access (confidential and secret). According to the Article 30 of the mentioned law, confidential information is data which is in ownership, use or order of separate individuals or legal entities and is distributed, at their will, according to the terms provided for by them.

Citizens and legal entities that own information of professional, business, industrial, commercial and other character, having obtained it due to own means, or such which is a subject of their professional, business, industrial, commercial and other interest and does not break secret provided for by law, have the right to define independently a mode of access to it, including its belonging to the confidential category, and establish a system (ways) of its protection.

There are some exceptions: information of commercial and bank character, and also information, legal regime of which is determined by the Verhovna Rada of Ukraine and by presentation of the Cabinet of Ministers of Ukraine (on questions of statistics, ecology, bank operations, taxes, etc.), and information, concealment of which is life and health threats to people.

Secret information is information containing data, making state and others secret defined by the law, disclosure of which cause damage to the person, society and the state.

We offer to understand the damage caused by criminal acts (direct and indirect losses) which size is equal or exceeds 100 minimal free incomes of citizen as heavy consequences.

The components of this crime are characterized by presence of the general subject. Commitment of such actions by the person which professional duties include preservation or processing of such information should be admitted as the attribute that burdens the responsibility.

Material components structure of the crime is chosen for developing of the first part of this norm. The structure establishes the necessity of criminal consequences approach, like distortion or destruction of computer information or carriers of such information.

The Article directly defines mental attitude of the person to own actions, therefore the guilt form of such person is intention only.

Unfortunately, the Article 361 of the Criminal Code does not adjust a situation when interference with operation of automated computers, systems or networks is performed owing to careless actions.

Thus, the significant amount of possible infringements and even actions which are really performed with intent, as it is hard to prove the intent of the computer...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo