And "Chinese news published" on the amendments to the criminal law amendment significance information security

  • Created:
  • / Author: Aaron Lewis

    

     I'm on the amendments to the criminal law revised basic viewpoint about information security

 

    In February 28, 2009, the seventh meeting of the Standing Committee of the Eleventh National People's Congress passed the "PRC Criminal Law Amendment (seven)". Change the amendment increased the protection of information security, protection of citizens personal information content, the illegal disclosure of personal information of citizens will be investigated for criminal responsibility.

   "Being determines consciousness" tell us the concept, legal system with respect to the development of society and the network society has always lagged behind, is lagging behind, like antivirus software is always only to have popular virus. Now, the amendment to further strengthen the information security, expand the scope of application of criminal law, increase the punishment for network crime, indicate a problem, that is the problem of information security has been the objective existence, even in some areas, severe situation of information security, information security, regardless of country, collective and individual, must be serious serious treatment and prevention. 

 

    The specific situation of the revision is: (the following text was ghost black is probably the Trojan.)        

    The original regulations:

    Article 253rd postal personnel to open or conceal, destroy mail, telegraph, is less than two years imprisonment or criminal detention.

    The crime of stealing property, in accordance with the provisions of article 264th convicted and given a heavier punishment.

    Criminal law amendment seven:

    Seven, in article 253rd of the criminal law. After adding a, as one of 253rd: "state organs or financial, telecommunications, transportation, education, medical and other units of staff, in violation of state regulations, the unit to provide personal information service in the process of performing their duties or sold, or illegally provides to others, plot serious, is less than three years imprisonment or criminal detention, or be fined.

    "Stolen or otherwise unlawful access to the information, if the circumstances are serious, shall be punished in accordance with the provisions of the preceding paragraph.

    "Where a unit commits the crime in the preceding two paragraphs, it shall be fined, and the person in charge directly responsible and other persons directly responsible shall be punished in accordance with the, the provisions of paragraph."

 

    The original regulations:

    Article 285th violation of the provisions of the state, invades the computer information system in national affairs, national defense construction, sophisticated science and technology, is less than three years imprisonment or criminal detention.

    Criminal law amendment seven:

    Nine, in article 285th of the criminal law in the two paragraph as the second paragraph, the third paragraph: "in violation of state regulations, computer information system outside invasion of the provisions of the preceding paragraph or the use of other techniques, access to storage, processing or transmission of the computer information system data, or the implementation of illegal control of the computer information system, if the circumstances are serious, is less than three years imprisonment or criminal detention, or be fined; if the circumstances are especially serious, department for more than three years of less than seven years imprisonment, fined.    

  "To provide specialized for invasion, illegal control of computer information systems program, tools, or knowingly committing crimes invasion, illegal control of computer information systems and provider, as its tool, if the circumstances are serious, shall be punished in accordance with the provisions of the preceding paragraph." 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

    From theThe amendments to the criminal lawArticleSevenLook, the past, we generally onlyPostal personnelInformation security will pose a threat to others, it is clearly in the "old society", and now the digital era, the situation has changed completely,"State organs or financial, telecommunications, transportation, education, medical and other units of staff"All covered, in fact the links more master citizen information will include.

    Many young parents in the hospital gave birth to the child back home, will make a lot of children born souvenir sales calls received, by their interference. These years, we often have such experience, leave in the hospital, school, bank, telecommunication and other departments and agenciesThe individual information such as ID number, phone number, home address, etc.Relevant information, very fast by a number of other business institutions or individuals to obtain some be rather baffling, such as marketing, telephone or mail come one after another, and even someThe citizen's personal and property safety, and posed a serious threat to personal privacy. The criminal law amendment to increase this provision, is conducive to the protection of the citizen individual information securityThese post, outside of the departments and agencies to divulge citizen information behavior, will be held accountable, according to the law.

From theThe amendments to the criminal lawNinth see, only toInvades the computer information system in national affairs, national defense construction, sophisticated science and technologyThe provisions of the amendment, the acquisition of computer information and means to do the expansion, basically all of theThe computer information systemAnd allTechnical means of storage, processing or transmission in the computer information system data, or the implementation of illegal control of the computer information system, and provideInvasion, illegal control of computer information systems program, tool, all belong to the crime.

As we know, the worm is automatic computer vulnerabilities, the speed of transmission, 5 minutes can spread all over the world, and hackers are manually attack, speed and range is not great; Trojan is unknown code, it is reported (I did not check), 2008 Chinese Trojan 600000 computer, other remote control nearly half of the end in Taiwan, there are more than 5400 web site was hacked, Chinese zombie network infringement by around 30% in the proportion of 36%, control a botnet end in USA......If the information system of the computer intrusion, stealing, control actions are collectively referred to as the hacker behavior, theThe criminal lawAmendmentIncreaseTheRelated termsThenMeans that in the future, punish network "hacker" the law.

Information security protection especially the provisions on civil protection of personal information relating to the constitution, the criminal, civil and commercial law, administrative law, such as the protection of secret and civil communication freedom and communication, relates to the criminal law, the postal law, telecommunications regulations, but about the citizen right of privacy protection, mainly related to civil and commercial law, administrative law, procedural law, but, at present, our country lacks a special information security law law such. This is a pressing matter of the moment.

At present, the country has planned national informatization strategy and action to build a national information security system. The challenge, confidence, hope.

 

 

"Criminal law" amendment to the new crime prescribed punishment

Http://www.jinghua.cn  2009-03-11 Source: JINGWAH times Reporter: Yang Haipeng
 

Yu Zhigang

Pu Hongguo

Ge Ke

    Nanjing Gulou District procuratorate recently with "illegal invasion of computer information system" pilfer date trojan case of public prosecution, criminal suspects accused by making, communication "Miss" pilfer date trojan special purloin network game password, after the sale to obtain illegal interests. According to the suspects confessed, he produced a Trojan 3 months earned 30000000 yuan!

    The case is the first to be accused of "illegal invasion of computer information system" case. In February 28th, "criminal law amendment (seven)" published after the approval of the. The amendment added a series of the provisions, including provisions relating to computer network information system.

    285th the provisions of "criminal law", in violation of state regulations, invades the computer information system in national affairs, national defense construction, sophisticated science and technology, is less than three years imprisonment or criminal detention. After the change in this increase after the two paragraph: "in violation of state regulations, computer information system outside invasion of the provisions of the preceding paragraph or the use of other techniques, access to storage, processing or transmission of the computer information system data, or on the computer information system in the implementation of non control, if the circumstances are serious, is less than three years imprisonment or criminal detention, or be fined; if the circumstances are especially serious, department for more than three years of less than seven years imprisonment, fined. Provide specialized for invasion, illegal control of computer information systems program, tools, or knowingly committing crimes invasion, illegal control of computer information systems and provider, as its tool, if the circumstances are serious, shall be punished in accordance with the provisions of the preceding paragraph." ("criminal law amendment (seven)" Ninth)

    These provisions will produce what kind of impact on the Internet industry? "Chinese news published" invited experts in the law of interpretation.

    Professor, doctoral tutor of China University of Political Science and Law, Beijing Shunyi District people's Procuratorate Deputy procurator general Yu Zhigang

    Progress of computer crime correction and regret

    In the fight against computer network crimes, the law of the greater efforts. It should be said has great progress, but also left many regrets.

    Can be called progress include: first, to crack down on the illegal acquisition of computer information system in storage, processing or transmission data behavior. The crime of destroying computer information system provides 286th of the original "criminal law", is against the destruction of computer information systems function behavior, although also provides computer information systems for the storage, transmission and processing of data to delete, modify, increase the illegal behavior of the punishment, but punishment, focuses on the crime of destroying computer information system function by deleting, modifying, adding to, and not in the protection of memory data itself. Therefore, if the offender simply illegal access to data without destroying the data behavior, the behavior in criminal law vacuum, shall be investigated for criminal responsibility. For example, for not understanding others steal virtual game equipment behavior in judicial practice, some identified as theft, some identified as the crime of destroying computer information system, and some that do not constitute a crime. While the new 285th section second, may provide a full picture of this judicial confusion.

    Second, severely crack down on illegal control behavior of the implementation of the computer information system. At present, the illegal control of computer and others to commit a crime, especially It is quite common for control of a number of "chicken" a botnet leased, sold to others to implement illegal behavior, and such behavior is be imperative. This is significant progress on a legislative worthy.

    Third, severely crack down on illegal and criminal behavior of online help. It should be noted that, due to the invasion of computer information system and illegal access to data, illegal control others computer requirements have a high level of technology, the current illegal mostly through the purchase of pilfer date trojan, invasive procedures, and other special programs and tools to other people. At present, production, and sale of such program has become one of the main reasons leading to other information network crime increased occupation of. The new article 285th paragraph third combat the crime such as computer crime provides tools for committing crimes, is a kind of crime "behavior" and "helping behavior".

    Can say, "criminal law amendment (seven)" extended the protection object of network crime, the criminal law protection to the upper reaches of the extension of time, further close French Open, strengthen criminal deterrence. Especially the illegal hacking tools, software behavior as the crime, the network once be still unpunished hacker, hacker school website, can be said to be bad luck.

    Unfortunately, I think mainly for "trespassing" field modification. The "criminal law" article 285th the illegal invasion object field defined as national affairs, national defense, science and technology "three fields", mostly involving the interests of the state, did not cover the major areas of public interest. And the connotation of "state affairs" is difficult to define, cannot operate in the actual case, resulting in a large number of illegal intrusion cases can not be convicted and punished, severely weakened efforts to crack down on such crimes. At the same time, only the trespass on field defined, but not the importance of the important field in the computer information system to distinguish. It should be noted that not all, invasion of computer information systems in the important fields of all constitutes the crime.

    However, "criminal law amendment (seven)" didn't change, but added a provision ", in violation of state regulations, computer information system into the provisions of the preceding paragraph...... If the circumstances are serious, is less than three years imprisonment or criminal detention, or be fined; if the circumstances are especially serious, department for more than three years of less than seven years imprisonment, fined." Such regulations exist unbalanced logic: illegal intrusion relates to the vital national interests of the "national affairs, national defense, science and technology" of the three major areas, only three years in prison, and "other illegal intrusion into computer information system outside the three areas", the legal punishment heavier, clearly inappropriate.

    Senior news analyst, network public opinion research analyst Pu Hongguo

    "Hacker" Punishment Law

    With respect to the development of legal system of social reality and the network society has always lagged behind, is lagging behind, like antivirus software is always only to have popular virus. Now, "criminal law amendment (seven)" to further strengthen the information security, expand the scope of application of criminal law, increase the punishment for network crime, indicate a problem, that is the problem of information security has been the objective existence, even in the field of information security situation is still grim. Information security, regardless of country, collective and individual, must be treated seriously and prevention.

    From the "criminal law amendment (seven)" Ninth, the past only invades the computer information system in national affairs, national defense construction, sophisticated science and technology make the regulation, the revised approaches to obtaining computer information and means to do the expansion, all access to storage, processing or transmission of computer information system through the computer information system and all the technical means of data basically, or the implementation of illegal control of computer information system, and provide the invasion, illegal control of computer information systems program, tools, all belong to the crime.

    Worms are automated attacks on computer system vulnerabilities, the speed of transmission, 5 minutes can spread all over the world, and hackers are manually attack speed and range is not big...... If the information system of the computer intrusion, stealing, control actions are collectively referred to as the hacker behavior, relevant provisions of the criminal law amendment to increase "in" means, in the future to punish network "hacker" law.

    Senior vice president, Jinshan software business unit general manager Ge Ke

    Will have a deterrent effect on the computer virus industry chain

    "Criminal law amendment (seven)" Ninth mainly for hacking computer system or manufacturing computer intrusion system software to restrict, making and spreading Trojans will be punished by law. This will have a significant impact on the rampant computer virus industry chain.

    Prior to this, because there is no clear legal provisions, virus industry chain practitioners can rapidly illegal profit, also basically no what legal risk, so that many developers to disclose the sale of Trojan horse, practitioners can advertise through normal commercial channels, such as a variety of so-called network safety training, is actually the invasion and theft of technology training class. Black industry chain can be published to undertake DDoS business on normal commercial website, take the station business (advertising invade website). In the absence of a clear legal provisions, antivirus software can only be kept constantly on the run in the technology, and can not solve the security problem of Internet users from the virus and the dissemination of the source.

    However, the specific process of law enforcement is also likely to face some difficulties, because the electronic evidence is easily destroyed, evidence for the existence of time is relatively short, link network data transmission is complex, which can solve the case specific obstacles.

    Extended reading

    Electronic evidence fixing some technical obstacles

    Determination of investigation and evidence collection of network crime case involving electronic evidence. At present there is no provision for the legal status of electronic evidence law, but the "opinions" and so on several problems about the investigation work of procuratorial organs to carry out the criminal law judicial interpretation has the position of electronic evidence as audio-visual materials.

    Yu Zhigang thinks, forensic cases difficult is an objective fact, the legal status of electronic evidence is not clear, however, that is not to say that denies the status of evidence of electronic evidence. As long as it is to all facts that prove the true circumstances of the case, can satisfy the evidence of objectivity, authenticity and legitimacy, and consistent with the evidence collection procedures and rules, electronic evidence in court as evidence is no problem. Data information, electronic trail and natural through the keyboard left IP address, the memory data and other evidence, the probative force may not have distinction and written documentary evidence, the key lies in the fixed program evidence to be legitimate.

    At present there is no special evidence against cyber crime, collecting standard and electronic evidence rules of effectiveness, does not mean that the traditional evidence rules do not apply to the network space, does not mean that the traditional evidence rule can't be applied to all criminal cases involving network. The legal barriers for network crime investigation in the investigation and collection of evidence does not exist, but the technical barriers is objective reality. The network is a virtual space constructed by technology, evidence of annihilation, so the evidence fixed technology means higher need, this is not a small challenge to the investigation organ for.

    □ intern newspaperYang Haipeng

 

 

    In March 15, 2009, CCTV 315 party opens in Beijing. Sina finance a full report of the party. 315 party exposure information technology network identity theft case, the following for the show:

Explanation: this open selling personal information web site called the mass of information technology network, across the owner information, each big bank user data, and even stock information and so on, this site Goods are available in all varieties., but the price is very low. We just spent 100 yuan to buy a 1000 a variety of information, above a detailed record of the name, mobile phone number, identity card numbers and so on, have everything that one expects to find. If you think the above information is not comprehensive enough, this trojan program next will make you shudder with fear, for this kind of Trojan horse, the computer without the knowledge of your circumstances in the online free vegetable.

Police: he can see all of the above information, he can use.

Commentary: the reporter found that as long as the input "fryer 3389" in Baidu search website, you can find an amazing information. In order to verify the authenticity of the information he sold, he sent the journalist to a file, after receiving less than 5 seconds, the computer mouse move up on the screen, and click open each folder in the computer automatically shut down, until the.

Police: through his software, what he want to use, what time.

Commentary: this could be someone else complete control of the computer information, the price is very low, price of only 5 per cent. Some people even in the illegal trading of ID card, the claim, he sold a variety of Id original, and take an oath devoutly that these are real ID card. When a reporter tentatively puts forward to want to buy some ID, he immediately to the two documents sent the journalist, the documents on the people from all over the country, the reporter then picked up some information, query by the household registration system of the Public Security Bureau, found that the information is true. And this online shop on the surface is selling all kinds of mobile phone, in fact, the owner told us, he is selling all over the country's identity card and the original matching bank card. In order to verify the claims, the reporter made further investigation, the owner readily agreed to sell a journalist ID and bank card, the price 300 yuan. Any purchase of a mobile phone application we first in his shop, he immediately put the mobile phone the price adjustment for 300 yuan, such transaction records show the reporter the purchase price is 300 yuan of mobile phone. This transaction is completed. The second day, we really got an ID card and the bank over the card, the reporter found that it can freely operate at the teller machine. The owner told us that the bank card can be used for money laundering. We are surprised to find, this is a black line, its business was good, just six months, just published online transactions has more than 330 cases. More terrible is, the online trade of such identity documents to engage in illegal activities of some people see a way of earning money. From the beginning of the end of 2007, a short four months time, more than 50 information a person Fujian Longyan will buy from the Internet, bank trust, from the bank for a variety of malicious overdraft credit card, cash consumption 140000. He is free to trade online using the ID card information, be an easy job to from the bank for a credit card, so that banks can not find him found. Let reporters surprise, the conduit company also can be seen everywhere, in the trade of personal information online has become an illegal industrial chain.

Xia Dan: just now we have seen, not just send rubbish short message, there are all kinds of identity card business, let us work together to look at, so far our hotline complaint report, we received a total of 4578 hotline, which has 253 phone is about personal information security problems. So it is in other complaint report problems, commodity type is mainly concentrated in the mobile phone and daily necessities, the service is mainly concentrated in the telecommunications and property services. We really hope in this, the vast number of consumers reflect these problems can legally be timely resolved, at the same time, we also hope that, we continue to actively to call our hotline 01012135.

Chen Weihong: from the show live beginning to now, our telephone hotline at the scene has been ringing constantly, at the same time, we note that the discussion on the Internet, is also very warm. If you know at the moment is not particularly, once our personal information being sold what will produce what kind of consequences, then this clip will let you see more clearly.

Commentary: in 2007 January Fujian Quanzhou Cai suddenly found himself a deposit take wings to itself. In 2007 May, Wuxi City, Jiangsu Province, Ms. Wen credit card is divided into four time consumed 2000 yuan. Then, Jiangxi province surnamed Miss Tao also report to the police. What is the man to steal the money of these people?

Fan Zhong: found this case all of the victim's cards are opened online banking.

Voiceover: but to take these money from the bank on the net, the thief to know the detailed information of depositor. Soon a net is called "ant" people into the police in Wuxi city Jiangsu province sight.

Police: he can through this way to sell cards.

Explanation: if small accounts of the money was stolen by ants, the large amount of money and went to where? The police found a detail in the ant and an Internet chat.

Police: we found an account is Fujian Quanzhou there were 210000.

Explanation: This was found to enable the police to shine at the moment, they are likely to be the major criminal suspects, the police immediately arrested them implemented. This is the ant's computer, the police quickly from the computer found up to more than ten thousand users of the online banking information, and user ID number, mobile phone number and so on, almost Nothing needed is lacking.

Police: here he succeeded in stealing more than 500 account, this more than ten thousand netizens to his command of the account is stolen can whenever and wherever possible, but he has not had time to commit the crime has been caught.

Explanation: explain according to ant, his grasp of the information is from the "top Fox" buy it. In relation to the countless families and property safety of personal information, and so on the net with so low price are free to sell. Then the "top Fox" is what kind of person? How could he get the user's information? According to the ants to provide clues, police seizes top fox in Beijing.

Jiang Wenwei: he was one of the ten virus makers in 2005 rising row of.

Explanation: This is the top of the fox, a hacker master, he wrote Trojan program 2006, began to steal personal information. Top Fox also to download free way of allowing people to download and spread, top fox secretly to himself the left hand, hackers to steal all the information will automatically reply to him.

Police: every storage 3G in him the information on computer, the equivalent of 1500000000 Chinese characters, such a large amount of information.

Explanation: Top Fox and consolidation of the information classification to steal back the information such as the password, the sale, and the bank user information online is 400 yuan per G price package sold.

Police: we victims often imperceptibly suddenly find that your account has been stolen.

Chen Weihong: it is to let a person have a lingering fear, because we do not know which one day we could become the broiler of these criminals. In February 28, 2009, the Criminal Law Amendment 7, with specific measures. For example, we may leave personal messages in some state organs, or when we accept the financial, insurance, education, medical and so on these services had such personal information, if these units in our information that is a crime, and hackers invaded our computer to steal this information, which is a crime, but also to bear the criminal responsibility. Please continue to pay attention to our authority issued.