ST 272 of the Criminal Code of the Russian Federation.
1. Unlawful access to computer information protected by law, if this act entailed the destruction, blocking, modification or copying of computer information, is punishable by a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months, or by correctional labor for a term of up to one year, or restriction of liberty for a term of up to two years, or forced labor for a term of up to two years, or imprisonment for the same term.
2. The same act, which caused large damage or was committed out of selfish interest, is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of one to two years, or by correctional labor for a term from one year to two years, or restriction of liberty for a term of up to four years, or forced labor for a term of up to four years, or imprisonment for the same term.
3. Acts provided for in parts one or two of this article, committed by a group of persons by prior conspiracy or by an organized group or by a person using their official position, are punishable by a fine in the amount of up to five hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period up to three years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years, or restriction of freedom for a term of up to four years, or forced labor for a term of up to five years, or imprisonment for the same term.
4. Acts provided for in parts one, two or three of this article, if they entailed grave consequences or created a threat of their occurrence, are punishable by imprisonment for a term of up to seven years.
Notes.
1. Computer information means information (messages, data) presented in the form of electrical signals, regardless of the means of their storage, processing and transmission.
2. In the articles of this chapter, major damage is recognized as damage the amount of which exceeds one million rubles.
Commentary to Art. 272 of the Criminal Code
1. The subject of the crime is computer information protected by law (note 1 to the article). Such information, as a rule, represents information about persons, objects, facts, events, phenomena and processes on external media, in computer memory or a computer network. Information is protected by law insofar as the person does not have access rights to this information; the nature of the information, its protection by legislation on copyright and related rights, legislation on state secrets, etc. does not matter.
2. The objective side of the crime is characterized by unlawful access to legally protected computer information. Access to information involves obtaining a real opportunity to familiarize yourself with, change, move or delete information in the absence of properly obtained rights to perform all or a number of these actions. In most cases, the receipt of the corresponding rights is evidenced by the consent of the owner of the information, expressed either directly in the form of opening access to otherwise inaccessible information (providing a login, password, etc.), or implied in relation to specifically unprotected information. In this case, access rights may be limited to the ability to review, review and copy information; in this case, other actions with information should be considered illegal access.
3. Gaining access to information is not enough to recognize a crime as completed. It is necessary that the consequence of actions committed during unauthorized access is the destruction, blocking, modification or copying of information. For the content of these actions, see the commentary to Art. 159.6 CC; blocking should be understood as restricting access to information to other persons without deleting it; “modification” means any change in information; Copying should be understood as creating a copy of information on external media or another computer.
4. Actions regarding information with limited access (information constituting state secrets, commercial, tax or banking secrets, etc.) should be qualified according to the totality of Art. 272 of the Criminal Code and the corresponding other elements of the crime.
Liability for unauthorized access
Certain preventive measures are prescribed under various parts of this article. In this section we will find out which ones and for which part of Art. 272 of the Criminal Code of the Russian Federation they are determined.
If the offense was classified under Part 1, then the following penalties may be imposed:
- a fine of 200,000 rubles or 1.5 years’ salary;
- corrective labor for a year;
- restriction of a person’s movements for 2 years;
- forced labor for the same period;
- imprisonment for the same period of time.
Under Part 2, penalties may be as follows:
- a fine in the amount of 100,000 to 300,000 rubles or wages for 1-2 years;
- correctional labor for 1-2 years;
- restriction of movement for 4 years;
- forced labor for the same period;
- imprisonment in a colony for the same period.
If the court has determined that the crime is committed under Part 3 of Art. 272 of the Criminal Code of the Russian Federation, then more serious sanctions may be used:
- a fine of up to 500,000 rubles or wages for 3 years with the introduction of a ban on holding certain positions or certain types of activities for a period of up to 3 years;
- restriction of a citizen’s movements for 4 years;
- forced labor for 5 years;
- imprisonment for the same period of time.
Part 4 provides for only one type of punishment - imprisonment for a period of up to 7 years.
Additional Responsibility
Depending on the circumstances of the incident, other articles of the Criminal Code of the Russian Federation may be applied. For example, if a criminal used viruses or other malicious programs to harm other users, then Art. 273 of the Criminal Code of the Russian Federation.
In cases where a criminal has gained access to the personal data of citizens or their correspondence, Art. 137 and 138 of the Criminal Code of the Russian Federation.
When assigning a preventive measure, all circumstances of the case are taken into account.
Also, when publishing any information, the criminal could cause hostility or hatred among users. In this case, Art. 282 of the Criminal Code of the Russian Federation. If he tried to slander another citizen, then Art. 128.1 of the Criminal Code of the Russian Federation.
Examples from judicial practice
The student hacked the email of another citizen, after which he began to extort money from him, threatening to disseminate his personal data. He was found by law enforcement officers, and his actions were qualified under two articles: 272 and 138 of the Criminal Code of the Russian Federation. He was sentenced to 7 years in prison.
An employee of a company providing communication services downloaded a list of calls from another citizen for personal purposes. Since she had no criminal record, reconciliation of the parties was used.
An employee of one organization destroyed, on his own initiative, certain information that discredited his name. His actions were determined under Part 3 of Art. 272 of the Criminal Code of the Russian Federation.
Second commentary to Art. 272 of the Criminal Code of the Russian Federation
1. The object of the crime provided for in the commented article is public relations related to ensuring information security in the field of computer information, as part of public security.
2. The subject of the crime is not a material object (for example, a technical device), but an intangible benefit - computer information, the legal definition of which is given in Note 1 to this article. An indication of the legally protected nature of computer information does not allow us to outline any specific boundaries of the information that is the subject of this crime, since information can be the object of public, civil and other legal relations, it can be freely used by any person and transferred by one person to another person (Article 5 of the Federal Law of July 27, 2006 No. 149-FZ
“On information, information technologies and information protection”). Such information can be in a material medium: a computer, smartphone, flash drive, and can also be contained directly on the Internet in cloud file storages, etc.
3. The objective side is characterized by actions: “illegal access”, i.e. this is illegal or not authorized by the owner of the information or its other legal owner, penetration into its source using a computer or other electronic device and the use of the opportunity to familiarize itself with its content.
4. The following alternative consequences are indicated as consequences of illegal access: destruction - irretrievable loss of information, regardless of the possibility of technical recovery; blocking - restricting the ability to review and otherwise interact with such information; modification - making changes to such information, which leads to a change in its functional content; copying - creating a copy of such information in another information system, technical means, on a tangible medium that is not under the control of the owner of the information.
5. The subjective side is expressed in the deliberate form of guilt.
6. Subject - a person who has reached the age of 16.
7. Qualified types (Part 2) are characterized by committing a crime out of selfish interest (see comments to Article 285) or causing major damage (i.e. in an amount exceeding 1 million rubles - note 2).
8. Particularly qualified types - commission of a crime by a group of persons by prior conspiracy or by an organized group (see parts 2 and 3 of Article 35 of the Criminal Code) or using an official position (see comments to paragraph “c” of Part 2 of Article 127.1 of the Criminal Code ).
9. The most dangerous type of this crime is associated with causing or creating a threat of causing grave consequences. This concept is evaluative and covers the consequences of physical, property, organizational or other harm.
If this happened here, what would be the responsibility?
Florida resident Christopher Chaney was found guilty in Los Angeles Federal Court of illegally wiretapping and hacking into the personal computers of more than 50 Hollywood celebrities, as a result of which intimate photographs of actress Scarlett Johansson and singer Christina Aguilera were leaked onto the Internet, the BBC reports.
Chaney, who will be sentenced on July 23, faces 60 years in prison and a $2.2 million fine, and the burglar's victims are owed between $15,000 and $400,000 in damages.
The hacker, charged with nine counts, was arrested last October as a result of the FBI's Operation Hackerazzi. Chaney was initially charged with 26 counts of various offenses, which could have sent him up to 121 years in prison. However, Cheney made a deal with the investigation, so the maximum possible sentence for the burglar was reduced by almost half.
The offender admitted that he hacked into the email accounts of his victims using the “Forgot Password” function and answering security questions. He found the information he needed for this in the public domain on the Internet. For example, intimate photos of Aguilera were leaked onto the Internet from her personal stylist’s computer.
Previously, speaking about what prompted him to hack into celebrity accounts, Cheney said that he was gripped by an “obsession” and could not cope with this addiction on his own. He obtained private information and photographs of celebrities, and then offered them to various thematic sites without demanding any remuneration.
A comment
The Constitution of the Russian Federation proclaims the right of everyone to privacy, personal and family secrets, privacy of correspondence, telephone conversations, postal, telegraph and other messages. The collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed (Article 23, paragraph 1 of Article 24 of the Constitution of the Russian Federation).
In accordance with Art. 9 of the Federal Law of July 27, 2006 N 149-FZ “On information, information technologies and information protection”, the procedure for access to personal data of citizens is established by federal law and it is prohibited to require a citizen to provide information about his private life, as well as to receive such information against his will.
Thus, the Constitution of the Russian Federation and federal legislation classify information about private life as information protected by law; access to it without the consent of the person to whom it relates is not allowed. In other words, information about a person’s private life, including personal data, is considered confidential.
Violation of privacy (Article 137 of the Criminal Code of the Russian Federation).
This crime consists of the illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or the dissemination of this information in a public speech, publicly displayed work or the media.
The object of this crime is public relations that ensure privacy.
As already noted, the concepts of “privacy” and “personal data” are not identical. However, very often personal data acts as an integral part of information about private life, is a personal or family secret, etc. Therefore, the illegal collection or dissemination of information about a person’s private life can directly violate his rights in the field of circulation and protection of personal data.
The nature of the offender’s actions (collection, distribution) in combination with motivation (personal interest) in most cases predetermine the form of the offender’s guilt as direct intent.
Violation of the confidentiality of correspondence, telephone conversations, postal, telegraph or other messages (Article 138 of the Criminal Code of the Russian Federation).
The object of these crimes is public relations related to the protection of the secrecy of correspondence, telephone and other conversations and messages. The crime is committed in the form of familiarizing a person with correspondence and messages containing confidential information (personal data), without the consent of the subject of personal data, as well as without legal grounds.
Article 138 of the Criminal Code of the Russian Federation ensures everyone’s constitutional right to privacy of correspondence, telephone conversations, postal, telegraph and other messages (Article 23 of the Constitution of the Russian Federation). Let us note that the conduct of operational investigative activities that limit the constitutional rights of citizens to the secrecy of correspondence, telephone conversations, postal, telegraph and other messages transmitted over electrical and postal networks is allowed on the basis of a court decision if information is available: about the characteristics of the being prepared, an unlawful act committed or committed, for which a preliminary investigation is mandatory; about persons preparing or committing an unlawful act for which a preliminary investigation is mandatory; about events or actions that create a threat to the state, economic or environmental security of the Russian Federation.
Unlawful access to computer information (Article 272 of the Criminal Code of the Russian Federation).
This crime consists of unlawful access to legally protected computer information, i.e. information on computer media, in an electronic computer (computer), a computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network. The object of this offense is public relations in the field of protecting access to computer information, as well as in ensuring the normal operation of computers and their networks. The criminal act consists of unlawful access to computer information, as a result of which this information becomes known to the guilty person and can be used by him.
The computer information that has become the subject of a criminal attack may also include the personal data of a person or group of persons, and in this case this type of crime will pose a special public danger.
Thus, there is a mechanism in Russian legislation for bringing criminal liability for this act. In total, each episode may result in a punishment ranging from a fine to imprisonment.
In addition, the application of civil liability is provided.
Article 24 of the Law “On Personal Data” provides that civil liability measures are also applied to persons who violate the requirements of this Law.
The main feature of civil liability is its property nature, which is expressed in compensation to the perpetrators for damages caused. Even in cases where the offense affects personal non-property rights and (or) causes moral harm to the injured person - the subject of the violated civil law, the application of civil liability measures will mean awarding the injured person appropriate monetary compensation.
The second sign of civil liability is the equality of subjects, i.e. liability under civil law is the responsibility of one participant in civil legal relations to another, the responsibility of the offender to the victim. This predetermines the active role of the subject of personal data. He himself has the right to defend his rights and hold the culprit accountable by filing claims for damages and (or) filing a claim in court.
The third sign of civil liability is the correspondence of the amount of liability to the amount of damage or loss caused.
According to Art. 150 of the Civil Code of the Russian Federation, intangible benefits, which the Civil Code includes life and health, personal dignity, personal integrity, honor and good name, business reputation, privacy, personal and family secrets, other personal non-property rights and other intangible benefits belonging to a citizen from birth or by force of law, are protected in accordance with the Civil Code of the Russian Federation and other laws in the cases and manner provided for by them, as well as in those cases and to the extent to which the use of methods of protecting civil rights follows from the essence of the violated intangible right and the nature of the consequences of this violation .
Thus, if, in the event of a guilty unlawful act, property or moral damage is caused to the subject of personal data, he has the right to civil protection of his rights.
The main ways to protect non-property rights and intangible benefits are: compensation for damage, compensation for moral damage and imposing the obligation to refute information discrediting the honor, dignity and business reputation of citizens.
How to assess the harm caused to an individual by the illegal collection and use of an individual’s personal data, violation of his right to access personal data, or unauthorized disclosure of confidential information about his private life? In this case, the assessment criterion will be the moral (ethical) experiences of a person caused by illegal interference in his private life, the person’s inability to control the distribution and use of personal information, as well as the psychological trauma inflicted on a person by the disclosure of personal or intimate data about him. Translated into the language of legal terms, a person’s moral experiences as a result of the violation of one or another of his rights constitute moral harm.
The Plenum of the Supreme Court of the Russian Federation in Resolution No. 10 of December 20, 1994 “Some issues of application of legislation on compensation for moral harm” gives the following explanation of the concept of “moral harm”: this is moral or physical suffering caused by actions (inaction) encroaching on the property of a citizen. birth or by virtue of the law, intangible benefits, such as life, health, personal dignity, business reputation, privacy, personal and family secrets, etc., or violating the personal non-property rights of a citizen: the right to use one’s name, the right of authorship and etc. Moral harm, as the Plenum further explains, may “consist in moral feelings in connection with... the disclosure of family, medical secrets...”. A more concise definition of the concept of “moral damage” is contained in Art. 151 Civil Code of the Russian Federation. According to it, moral harm is moral or physical suffering.
Hello Guest!
Enrollment is open for a unique advanced training course in management accounting three practicing teachers share their experience .
On the course you will find inspiration and new meanings in everyday work.
Sign up>>>
Term of punishment
In accordance with Art. 66, part 3, Criminal Code of the Russian Federation, the term assigned for an attempted crime should not exceed 3/4 of the maximum or most severe type of coercive measure under the relevant article in the special part of the code for the completed crime. The maximum penalty for a simple type of illegal intrusion into a database is imprisonment for up to 2 years. For an attempted crime, no more than 1.5 years can be imposed, unless the act was committed by prior conspiracy with several persons, an organized group or an official who exceeded his official powers. In case of attempted qualified unlawful access, no more than 3.9 years of imprisonment is imposed.
Important point
The role of computer information in the system of legal relations that arise in the information sphere is still a highly controversial subject. The debate on this issue has not yet ended with the formulation of a legislative and scientific definition that would become generally accepted. Analyzing Article 272 of the Criminal Code of the Russian Federation, it should be noted that it is valid only if the information is protected by law, is contained on computer media, in a computer, and acts as an intangible value.
Specifics of the criteria
Among the objective signs of the crime being analyzed, its danger to society is considered the main one. It always manifests itself in the active behavior of the guilty subject, since to commit the crime specified in Art. 272 of the Criminal Code of the Russian Federation, it is impossible through inaction. Thus, due to the fact that the person’s guilt lies in intrusion into a database protected by law, one of the necessary circumstances for bringing him to criminal liability is the establishment of the very fact of carrying out illegal actions. Illegal access is considered a mandatory feature that characterizes this violation from its objective side. The procedure according to which it is possible to obtain certain information is established either by the owner or by an authorized government agency (for example, regarding military secrets).
