The history of the development and amendment of national legislation on combating cybercrime in various countries of the world is associated with the history of computer crime and, with a detailed analysis, reveals some patterns. The improvement of information technologies and their penetration into a growing number of spheres of human life led to the emergence of new forms of criminal attacks, and this, in turn, to criminalize new acts, introduce amendments to existing criminal law and adopt new standards.
If you carefully monitor the emergenсe of criminal law on the protection of computer information, computer systems, as well as liability for crimes committed using computers; you can identify the relationship between the history of computer crime and changes in national criminal laws. There are four main trends in the adoption of these changes. These four trends illustrate the history of the development of computer crime and reflect the four areas of criminal law and criminal procedure regulation in the fight against cyberсrime.
This problem has been studied both by specialists of the Republic of Kazakhstan and foreign, whose works are devoted to cybercrime or criminal law. Among such authors we can note: Aydarbayev S.Zh. (Aydarbayev, 2012), Yerdzhanov T.K. (Yerdzhanov, 2014), Shakirov K.N. (Shakirov, 2012), Tatarinov D.V. (Tatarinov, 2014), Karpov V. S. (Karpov, 2012), Dashyan M. (Dashyan, 2012), Parker, Donn В. (Parker, Donn, 2018), Medvedev S.S. (Medvedev, 2008), Aldrich, Richard W. (Aldrich, Richard, 2018), Chernysheva V.O. (Chernysheva, 2010), Shinder, Debra L. (Shinder, Debra, 2013).
The right to privacy is a complex of social relations that characterize a person and a citizen as a subject with complete freedom in the implementation of all aspects of his personal life if this does not contradict the interests of society and the state [2, p. 87].
The four trends of legislation in the field of cybercrime.
- Legislation on the protection of privacy. The first trend in criminal law reform is related to the protection of secrecy. As the chapter of this study on the history of cybercrime said in the 60s, when computer networks were mainly used in military and scientific institutions, the main threat was the loss of classified information and unauthorized access to it. The first reforms were the result of the emergence of new opportunities for the collection, storage, transmission of data related to the use of information technology. Legislation on the protection of computer data appeared in the following countries: Sweden, USA, Germany, Austria, Denmark, France and Norway, Luxembourg, Iceland and Israel, Australia and Canada, Great Britain, Finland, Ireland, Japan and the Netherlands, Portugal, Belgium, Spain and Switzerland, Spain, Italy and Greece. In Brazil, the Netherlands, Portugal and Spain, amendments to the Constitution on data proteсtion have even been adopted .
- Legislation on economic crimes and the protection of computer networks from hacks. The second trend of amendments to the criminal law is associated with the growth in the 70s of economic crime in the field of computer technology - hacking of bank computer networks, industrial espionage, in the 80s the number of hacking computer networks, not only banking, increased. This led to reforms that began in the 1980s. The reason for the reform was that the criminal law that existed at that time protected physical, material, visible objects from traditional encroachments. However, new forms of economic cybercrime have not only a new, intangible subject of encroachment (funds stored on deposit in electronic form), but also new objects (computer programs, computer systems), as well as the emergence of new ways of committing economic crimes. Criminal legislation has been amended in Italy, Australia, Great Britain, USA, Canada and Denmark, Germany, Austria, Japan and Norway, France, Greece, Finland the Netherlands, Luxembourg, Switzerland, Spain, and Malaysia.
- Protection of intellectual property. The third trend in criminal reform is related to the protection of intellectual property in the field of computer technology. The Philippines, the USA, Hungary, Australia, India and Mexico, Chile, Germany, France, Japan, and the United Kingdom adopted rules on protecting the rights of authors of computer programs against criminal attacks.
- Protection against illegal and harmful information. Nevertheless, the criminal law is being amended regarding liability for the dissemination of child pornography, slander, and incitement of ethnic hatred in information networks. The United Kingdom amendments to the criminal law were adopted and the United States and Germany can be cited as an example of legislative reform .
The expediency of this method is also evidenced by the fact that Russian scientists for example Karpov’s note: foreign legislation, unlike the domestic one, took the path of differentiating cyber crimes depending on what kind of relationship the criminal encroaches on, which corresponds to the criminological division into groups of cybercrime [1, p. 27].
In our opinion, a specific object of crime in the field of computer information is the totality of public relations that ensure the security of computer information, namely its confidentiality, integrity, the legal procedure for its use, as well as the safe functioning of computer systems.
Contemporary types of crimes, for example, committed with the help of global communication networks, have not yet been adequately reflected in the international legal acts of the CIS, although the speed with which these crimes are spread requires the speedy joint response of the states participating in the community [3, p. 200].
The legislation on data privacy protection in global teleсommunication systems, for example, in Germany, liability for violating the confidentiality of information stored on electronic and other media, transmitted in a manner not directly perceptible is provided for in a separate article 202a of the Criminal Code, which explicitly states that its provisions apply only to this type of data. This article is included in section 15 violation of inviolabilities and privacy - and establishes the liability of a person who ‘illegally receives information that is not intended for him and is specially protected from illegal access to them, or transfers it to another person. In this case, information within the meaning of article 1 is only those that are stored or transmitted electronically, magnetic or otherwise not directly perceived’.
The product of many years of efforts by the Council of Europe was the Council of Europe Convention on Cybercrime, adopted on 23 November 2001 in Budapest. This is one of the most important documents regulating legal relations in the global computer network. Its adoption is a kind of milestone in the history of the fight against cybercrime. Dashyan calls ‘the Convention a point of reference, from which real measures on the legal impact on relations on the Web begins’ [4, p. 85].
The Finnish Penal Code contains three articles aimed at protecting the confidentiality of electronic data: articles 1 - 3 of chapter 38 of the Criminal Code. At least one of them - article 3 expressly establishes liability for violating the confidentiality of computer data, including e-mail, data transmitted by computer networks, the other two are general rules applied in practice when violating the confidentiality of information contained in computers and computer networks.
The rules criminalizing illegal access have significant differences. So, for example, in Denmark, England, Greece, most US states any illegal access is criminalized. In other countries - Germany, the Netherlands, and Norway, criminal liability rules are applied only for illegal access to data protected by security measures or under special protection from illegal access, including the protection of the law. Thus, article 138a of the Dutch Penal Code establishes that a person who deliberately and illegally obtains access to an automated data storage system, a data processing system or part of such systems is found guilty if he overcomes the protection system or uses such technical means as false signals, false passwords and false identity.
One of the reasons for the inconsistency of judicial practice and its incomplete compliance with the requirements of the time and the interests of commercial turnover is a different approach to the nature of domain names in the activities of international structures.
Similar rules are also in the legislation of some European countries. Part four of Article 615 of the Italian Criminal Code establishes legal responsibility for the production, sale, transfer of codes, passwords, different means of access to a computer or telecommunication systems, committed with the aim of making income for themselves or for third parties, or with the purpose of causing damage, as well as providing information or instructions for the above goals.
Different approaches are also observed in determining the responsibility for authorized access, which, if abused, can become an unauthorized access or other criminal act. In some states, only unauthorized access by an unauthorized person is criminalized. Other access standards apply not only to cases of unauthorized access, but also to cases of abuse of the right of access, as, for example, article 500 (b) of the Belgian Criminal Code. The first part of this article provides liability for illegal access, and the second for the so-called ‘insider’ illegal access to the system access to a computer system committed by an authorized person who abused his right of access for personal gain or with the intent to cause harm.
Any effective treaty addressing cyber crime must also address the mutual assistance that will be provided in searches and seizures. Computer data takes many forms, which includes the contents of saved data, e-mail, chat room discussions, and more [9, p. 93].
There are states in which liability for the theft of information constituting a commercial secret is provided for in the illegal access rules. For instance, article 7 of the Portuguese Penal Code establishes the qualified composition of illegal access to computer data: access to obtain information constituting industrial or commercial secret protected by law. The same provisions are contained in the Danish Penal Code, article 263 of which, as a qualifying attribute of illegal access and indicates the intention to familiarize oneself with information on trade secrets.
In Spain and Sweden, the rules on computer fraud supplement the norms on ordinary fraud. Thus, article 245.2 The Criminal Code of Spain says that ‘fraud is also the manipulation of computer or similar devices committed for the mercenary purpose of moving property or the right to property without proper authority to the detriment of the owner’. The Swedish Criminal Code also refers to the rules on fraud: how should a person be held accountable for fraud who, using false or incomplete information, modifying programs, or by any other means, illegally interferes with automatic data proсessing, other automatic proсesses, benefits for yourself, while causing damage to the property of the owner.
In the criminal legislation of Kazakhstan, liability for crimes in the field of computer information is regulated by Chapter 7 of the Criminal Code of the Republic of Kazakhstan, which includes nine articles. The existing criminal law on liability for computer information crimes essentially creates only the appearance of a solution to the problem of cyberсrime. But the most important thing is that it speaks only of computer crimes, i.e. criminal infringements in the field of information and communication.
Generally speaking about the legislation on liability for penetration into computers and systems, computer sabotage, violation of data confidentiality, computer fraud, it can be stated that the criminal law of most developed countries to one extent or another cover almost all of these acts. However, in some countries there are no special rules on criminal liability for unlawful access to data, computer sabotage, industrial and commercial computer espionage, and other crimes. The adoption of these norms is desirable not only because international recommendations require this, but additionally such crimes bring significant economic losses - both for individual companies and for the state’s economy.
In addition, as can be viewed from the above analysis of the norms on crimes in the field of high teсhnologies, the legislation of certain states presenting for liability for certain cybercrimes has significant differences. Meanwhile, it is essential that the rules on liability for illegal access, which begins with many, for instance, economic cybercrimes, contain the identical provisions, invalidating any unauthorized access regardless of the severity of the consequences. Otherwise, taking into account the cross-border nature of the phenomenon of cybercrime, there remains a slight, but small, gap in the regulation that allows people who have committed unlawful acts to evade responsibility.
- Karpov V. S. Criminal liability for crimes in the field of computer information. Abstract. dis. ... cand. legal Sciences: 12.00.08 / V.S. Karpov - Krasnoyarsk, 2012 .- 27 p.
- Tatarinov D.V. Legal foundations of the fight against offenses in global communication networks: monograph. - Almaty: Kazakh University, 2014 .- 87 p.
- Aidarbaev S.Zh. New types of offenses and international legal acts of the CIS: a collection of materials of the international scientific-theoretical conference (November 30, 2012). Almaty: Kazakh University, 2012. -200 p.
- Dashyan M. Review of the Council of Europe Convention on Cybercrime. / M. Dashyan // Modern Law. - 2012. - No. 11. - P. 85.
- The Criminal Code of the Republic of Kazakhstan dated July 3, 2014 No. 226-V (as amended and supplemented as of October 28, 2019)
- The Belgium Criminal Code. [Electronic resource]. URL: https://www.legislationline.org/documents/section/criminal-codes/country/41/Belgium/show (accessed date: 10.02.2020).
- The Criminal Code of Germany. [Electronic resource]. URL: https://www.legislationline.org/documents/section/criminal-codes/country/28/Germany/show (accessed date: 15.02.2020).
- Shinder, Debra L. Scene of the Cybercrime. Computer Forensics Handbook / Debra L. Shinder. Rockland: Syngress, 201– 752 p.
- Aldrich, Richard W. Cyberterrorism and Computer Crimes: Issues Surrounding the Establishment of an International Legal Regime / Richard W. Aldrich. - Colorado: USAF Institute for National Security Studies, 2013. - 93 p.
- National report 201 Safe Society without Fear of Crime / Ministry of Justice. Republic of Korea. Korean Institute of Criminology. - Korean Institute of Criminology, 2015. - 27 p.