Liability for computer crime in Russia
Date: April 06, 2004Source: Russian legal pages
By:
A computer crime is an extremely versatile and intricate phenomenon. By objects of such criminal offences could be either hardware (computers and peripheral units) as the material objects, or computer software and databases, for which the hardware is the surrounding. Thereby, a computer can serve either as an object or as a tool of transgression.
All the attempts to suppress the computer crime have been inexpedient until 1st January 1997, when the new Criminal Code of the Russian Federation (RF CC) was enforced. In spite of explicit public threat, such encroachments were not illegal, i.e. they did not fall under criminal jurisdiction.
The situation has changed after 24 May 1996, when the State Duma of the Russian Federation adopted the Russian Federation Criminal Code.
The structure of the computer crimes (i.e. the list of elements featuring a socially harmful action as a certain crime) is stated in Chapter 28 of the Criminal Code, which is headed 'Crimes in a computer information sphere'. This Chapter comprises three articles: 'Unauthorized access to a computer information' (Article 272), 'Creation, use and spread of detrimental computer programs' (Article 273) and 'Infringement of operating rules of a computer, a computer system, or a computer network' (Article 274).
Let us give thorough consideration to all the three articles of the RF Criminal Code, concentrating, thus, on the basic elements of the computer crime, i.e. infringements of legally protected rights and interests in information computer systems, which fall within jurisdiction of criminal legislation.
Unauthorized access to computer information (Article 272 of the Criminal Code)
Article 272 of the Criminal Code stipulates liability for an illegal access to a computer information (information recorded to a machinery carrier, a computer or a computer network), if demolition, block, modification, copying of information or operating irregularities of computation systems have been caused.
This Article implies a protection of author's right of immunity of information in a system. Any owner of a computation system (a computer or a computer network) or that one purchased the right to use a computer may be the owner of the information computation system, while legally using services of processing of information.
Crimes should be punished according to Article 272 of the Criminal Code if imply an illegal access to protected computer information, e.g. break and enter to the computer system by special technique or software enabling to overcome all alarm systems, unauthorized using of valid passwords, or masking under the name of an authorized user, theft of information carriers, provided that security measures have been taken, and the action aforesaid caused demolition or block of information.
The access to a protected computer information shall be recognized wrongful if an offender is not authorized for receipt of and operation with this information or a computer system.
A causal connection between an unauthorized access and occurrence of consequences stipulated by Article 272 is of importance, so that mere temporal coincidence of irregularities in the computer system, which could result from the defects or just errors in the computer programs and wrongful access, does not entail criminal liability.
An unauthorized access to a computer information is deliberate one. Committing this crime, a person consciously breaks and enters the computer system foreseeing probable or unavoidable consequences stipulated by law, but either desires and consciously admits or does not care of those.
There may be any motifs and purposes to this crime, including a mercenary one, as well as an intention to obtain any information, to make harm or to test own professional abilities. We have to stress an accuracy of actions of the law maker, who eliminated a motive and a purpose from the list of necessary elements of the aforementioned crime, so that Article 272 of the Criminal Code could apply to various computer offences.
The Article comprises two parts, first of which stipulates as severe punishment to the lawbreaker as two years long deprivation of liberty. One of the representative examples of application of this article is the criminal case tried by Moscow court in 1991. The case dealt with a larceny of 125.5,000 USD from Foreign Economic Bank of the USSR and with preparation to larceny of more than 500,000 USD. Another case evidences the attempt to grand larceny (total 68 billion Rbl) committed in September 1993 from the Head Cash Office of the Central Bank of Russia in Moscow. The next case took place in 1990. Thus, a computer program for transfer of komsomol members' dues at one of domestic enterprises was so developed, that deductions have been made not only from the salary of komsomol members, but also from the salary of all the staff members under 28 years old. Total of sixty seventy people suffered that time. Today this crime would be qualified in terms of Part 1 of Article 272 of the Criminal Code.
The second part of Article 272 enhances criminal liability up to five years long deprivation of liberty for the crime committed by a group of people, by the one misusing his official position, or by those having free access to information computation system.
According to criminal legislation, the persons achieved 16 years old could be by subjects of the computer crime. However, the second part of Article 272 stipulates an additional inherent feature of a subject of crime, assisting in commitment of this offence, i.e. an official position, as well as free access to a computer, a system of computers or a computer network.
Article 272 does not cover the event when wrongful access resulted from casual handling. If this is the case, a significant layer of possible offences and even deliberate actions is truncated, because the intent of the lawbreaker would be unlikely proved by investigations. For instance, in the Internet, where millions of computers are networking, one could easily and involuntarily break and enter to the protected area of information, while switching from one computer to another to implement any specific operation.
Creation, use and distribution of detrimental computer programs (Article 273 of the Criminal Code).
The Article stipulates criminal liability for creation or modification of computer programs known to bring to unauthorized destruction, block and modification or copying of information, operating irregularities in information systems, as well as for using of such programs or machinery carriers with such programs.
The Article protects the rights of owner of the computer system for immunity of information contained in the system.
Under detrimental programs in the context of Article 273 of RF Criminal Code the programs shall be understood which have been purposely developed to damage normal operation of the computer programs. Under the normal operations, those enlisted in the program's specifications shall be understood, which these programs have been designed for. The most widely spread detrimental programs are computer viruses and logic bombs.
To make somebody criminally liable under Article 273, no any negative consequences should necessary been caused to the owner of information. The fact sui generis of creation of the programs or modification of existing programs known to cause negative consequences enlisted in the Article is rather sufficient.
Publication, reproduction, distribution and other manner to put programs in use are understood by using the program. The program could be recorded to PC memory, to material carrier, distributed via networks or sent to other persons.
Criminal liability under this Article shall arise immediately upon creation of a program, irrespectively whether this program was in use or not. In terms of Article 273, availability of original texts of virus programs is already a ground for institution of criminal proceeding. One should take into account, that in some instances using of such programs is not subject to criminal liability. It concerns to activity of licensed companies developing antiviral programs
This Article consists of two parts distinguishable from each other by the lawbreaker's relevance to the committed actions. The crime stipulated by Part 1, Article 273 could be committed only deliberately. Moreover, the lawbreaker ought to be sure, that creation, use or distribution of detrimental programs has to bring to violation of immunity of information. Thereto, the purposes and motifs do not effect on qualification of attempts in the context of this Article, so the noblest inspirations (e.g. the efforts towards environmental safety) do not release from liability for the crime per se. The heaviest punishment for an offender in this event will be deprivation of liberty up to three years long.
The second part of Article 273 admits the great harm caused by reckless disregard as an additional qualifying feature. While committing the crime stipulated by the second part of this Article, an offender is aware that he creates a harmful program, uses or distributes such a program or its carriers. Meanwhile, he either foresees the great harm to be, but groundlessly hopes to prevent it, or does not foresee it, though ought to if was sufficiently careful and long-sighted. This legal norm is to be expected, since only high skilled programmers are capable of development of detrimental programs. Their professional skill enables to foresee a diversity of the potential consequences of using of such programs, e.g. human death, harm to people...
Add comment Email to a Friend