Interpretation concerning Applicable Law in handling Criminal Cases of Endangering Computer Information System Security

Posted on Updated on

(FS No. (2011)19)

Supreme People’s Court of the People’s Republic of China

Supreme People’s Procuratorate of the People’s Republic of China

Proclamation

The “Supreme People’s Court and Supreme People’s Procuratorate Interpretation concerning Applicable Law in handling Criminal Cases of Endangering Computer Information System Security” was passed at the 1524th Meeting of the Supreme People’s Court Judicial Committee on 20 June 2011, and at the 63rd meeting of the 11th Procuratorial Committee of the Supreme People’s Procuratorate, is hereby promulgated, and takes effect on 1 September 2011

1 August 2011

In order to punish criminal activities endangering computer information system security according to the law, and on the basis of the “Criminal Law of the People’s Republic of China” and the “National People’s Congress  Standing Committee Decision concerning Safeguarding Internet Security”, the following interpretation of some questions of applicable law in handling this sort of criminal cases is made:

Article 1: Where computer information system data are illegally obtained or computer information systems are illegally controlled, where one of the following circumstance is present, it shall be determined as “grave circumstances” as provided in Article 285 Paragraph 2 of the Criminal Law:

(1) where 10 or more groups of identity authentication data for payment and accounting, securities trading, futures trading and other network finance services are obtained;

(2) where 500 groups of identity authentication data other than those in Clause (1) are obtained;

(3) where 20 or more computer information systems are illegally controlled;

(4) where unlawful income is 5.000 Yuan or more or economic harm of 10.000 Yuan or more is created;

(5) other situations with grave circumstances.

Where one of the following circumstances is present in carrying out the acts provided in the previous Paragraph, it shall be determined to constitute “especially grave circumstances” as provided in Article 285, Paragraph 2 of the Criminal Law:

(1) where the quantities or amounts reach five times or more the standards provided in Clauses (1) until (4) of the previous Paragraph;

(2) where other especially grave circumstances are present.

Where it is clearly known that other persons illegally control computer information systems, and utilize the control power over the said computer information systems, it shall be convicted and punished according to the provisions of the previous two Paragraphs.

Article 2: Processes and tools with one of the following circumstances, shall be determined as “processes and tools especially used to invade and illegally control computer information systems” as provided in Article 285, Paragraph 3 of the Criminal Law:

(1) those having the function of avoiding or penetrating computer information system security protection measures, and obtaining computer information system data without authorization or by exceeding authorization;

(2) those having the function of avoiding or penetrating computer information system security, and controlling computer information systems without authorization or by exceeding authorization;

(3) other processes and tools especially designed for use in invading or illegally controlling computer information systems or illegally obtaining computer information system data.

Article 3: Where processes or tools to invade or illegally control computer information systems are provided, and one of the following circumstances is present, it shall be determined to constitute “grave circumstances” as provided by Article 285, Paragraph 3 of the Criminal Law:

(1) where specialized processes or tools that can be used to illegally obtain payment, account, securities trading, futures trading and other network financial service identification authentication information are provided to five people or more;

(2) where processes and tools especially used to invade or illegally control computer information systems outside of those listed in Clause (1) are provided to twenty or more persons;

(3) providing processes or tools to five or more persons where it is clearly known that other persons carry out unlawful and criminal acts of illegally obtaining payment, accounting, securities trading, futures trading and other network financial service identification authentication information;

(4) providing processes or tools to twenty or more persons where it is clearly known that other persons carry out unlawful or criminal acts of invading or illegally controlling computer information systems outside of those listed in Clause (3);

(5) where the unlawful income is 5.000 Yuen or more or an economic harm of 10.000 Yuan or more is created;

(6) other grave circumstances.

Where one of the following circumstances is present in carrying out the acts provided in the previous Paragraph, it shall be determined as “especially grave circumstances” in the provision of processes or tools to invade or illegally control

computer information systems:

(1) where values or amounts are five times or more those listed in Clauses (1) to (5) of the previous Paragraph;

(2) where other especially grave circumstances are present.

Article 4: Where computer information system functions, data or applied processes are destroyed, and one of the following circumstances is present, it shall be determined as “grave consequences” as provided in Article 286 Paragraph 2 of the Criminal Law:

(1) where it is brought about that ten or more computer information systems’ main software or hardware cannot operate regularly;

(2) where data stored on, processed or transmitted by 20 computer information systems or more is deleted, altered or increased;

(3) where the unlawful income is 5.000 Yuan or more or the economic harm is 10.000 Yuan or more;

(4) where it is brought about that 100 or more computer information systems providing domain name analysis, identification authentication, cost calculation and other basic services or computer information systems providing services to 10.000 users or more cannot operate regularly for an accumulated time of one hour or more;

(5) where other grave consequences are brought about.

Where one of the following circumstances is present in carrying out the acts provided in the previous Paragraph, it shall be determined as “especially grave consequences” in destroying computer information systems:

(1) where values and amounts reach five times or more the standards provided in Clauses (1) to (3) of the previous Paragraph;

(2) where it is brought about that 500 or more computer information systems providing domain name analysis, identity authentication, cost calculation and other basic services or computer information systems providing services to 50.000 users or more cannot operate regularly for an accumulated time of one hour or more;

(3) where functions, data or applied processes of computer information systems providing public service in State organs or in financial, telecommunications, traffic, education, medical, energy and other areas are destroyed, resulting in a grave influence on production or life or creating evil social influence;

(4) where other especially grave consequences are brought about.

Article 5: Where processes with one of the following circumstances are present, it shall be determined as “computer viruses and other destructive processes” as provided in Article 286 Paragraph 3 of the Criminal Law:

(1) where it is able to reproduce or disseminate itself partially, completely or in mutated form through networks, storage media, files or other media, and destroys the functioning, data or applied processes of computer information systems;

(2) where it is able to automatically trigger under conditions determined in advance, and destroys the functioning, data or applied processes of computer information systems;

(3) other processes especially designed for use in destroying the functioning, data or applied processes of computer information systems.

Article 6: Where computer viruses and other destructive software are wilfully produced or disseminated, influencing the regular operation of computer information systems, and one of the following circumstances is present, it shall be determined as “grave consequences” according to the provisions of Article 286, Paragraph 3 of the Criminal Law:

(1) producing, providing or disseminating processes as provided in Clause (1) of Article 5, resulting in the dissemination of that process through networks, storage media or documents;

(2) bringing about that twenty or more computer information systems are infected with processes as provided in Clauses (2) and (3) of Article 5;

(3) Providing computer viruses and other destructive processes to ten or more people;

(4) where unlawful income is 5.000 Yuan or higher or economic harm of 10.000 Yuan or more is created;

(5) where other grave consequences are brought about.

Where one of the following circumstances is present in carrying out the acts provided in the previous Paragraph, it shall be determined as “especially grave consequences” of destroying computer information systems:

(1) producing, providing or disseminating processes as provided in Clause (1) of Article 5, resulting in the dissemination of the said process through networks, storage media, files and other media, resulting in grave influence on production or life or creating evil social influence;

(2) where values or amounts reach five times or more the standards provided in Clauses (2) to (4) of the previous Paragraph;

(3) where other especially grave consequences are created.

Article 7: Those clearly knowing that data has been illegally obtained through computer information system data crime or computer information system control powers have been illegally obtained through computer information system crime, and transferring, purchasing, selling under agency, or covering up or concealing them in any other manner, where the unlawful income is 5.000 Yuan or more, shall be determined as the crime of covering up or concealing criminal income according to the provisions of Article 312, Paragraph I of the Criminal Law.

Where the acts provided in the previous act are carried out, and the unlawful income is 50.000 Yuan or more, it shall be determined as “grave circumstances” as provided in Article 312, Paragraph I of the Criminal Law.

Where work units carry out the acts provided in Paragraph I, the conviction standards are implemented according to the provisions of Paragraph I and Paragraph II.

Article 8: Where crimes endangering computer information system security are carried out under the name of work units or in the form of work units, and they reach the criminal conviction standards provided in this Interpretation, the criminal liability of the directly responsible controlling personnel and other directly responsible personnel shall be investigated according to the provisions of Article 285 and Article 286 of the Criminal Law.

Article 9: Those clearly knowing that other persons carry out acts as provided in Article 285 and Article 286 of the Criminal Law, where one of the following circumstances is present, shall be determined as being accomplices in crime, and are punished according to the provisions of Article 285 and Article 28 of the Criminal Law:

(1) where they provide processes and tools used in destroying the functions, data or applied processes of computer information systems, and the unlawful income is higher than 5.000 Yuan or it is provided to ten people or more;

(2) Where they provide Internet access, server management, network storage space, communication transmission channels, expense accounting, trading services, advertising services, technological training, technological support and other assistance, and the unlawful income is 5.000 Yuan or more.

(3) where they provide funds of 5.000 Yuan or more through commissioning marketing software, inserting advertising and other methods.

Where the acts provided in the previous Paragraph are carried out, and values or amounts reach five times or more the standards provided in the previous Paragraph, it shall be determined as “especially grave circumstances” or “especially grave consequences” as provided in Article 285 and Article 286 of the Criminal Law.

Article 10: Where it is difficult to determine whether a case falls under the provisions on “computer information systems of State affairs, national defence construction, high-end science and technology areas”, “processes and tools specially used to invade or illegally control computer information systems”, “computer viruses and other destructive processes”, the matter shall be entrusted to the provincial-level or higher department responsible for computer information system security protection management for investigation. Judicial organs base themselves on the investigation conclusion, and determine matters in integration with the concrete situation of the case.

Article 11: “Computer information system” and computer system” as named in this Interpretation, refer to systems having automatic data processing functions, and include computers, network facilities, telecommunications facilities, automatized control facilities, etc.

“Identity authentication information” as named in this Interpretation, refers to data that can be used to determine the operating powers of users in computer information systems, and include account numbers, passwords, passcodes, digital certificates, etc.

“Economic harm” as named in this Interpretation, refers to economic harm directly brought on to users by criminal activities harming computer information systems, as well as the necessary expenses that users pay to restore data and functioning.

 

最高人民法院、最高人民检察院关于办理危害计算机信息系统安全刑事案件应用法律若干问题的解释

(法释〔2011〕19号)

 

 

中华人民共和国最高人民法院

中华人民共和国最高人民检察院

公告

《最高人民法院、最高人民检察院关于办理危害计算机信息系统安全刑事案件应用法律若干问题的解释》已于2011年6月20日由最高人民法院审判委员会第1524次会议、2011年7月11日由最高人民检察院第十一届检察委员会第63次会议通过,现予公布,自2011年9月1日起施行。

二○一一年八月一日

为依法惩治危害计算机信息系统安全的犯罪活动,根据《中华人民共和国刑法》、《全国人民代表大会常务委员会关于维护互联网安全的决定》的规定,现就办理这类刑事案件应用法律的若干问题解释如下:

第一条 非法获取计算机信息系统数据或者非法控制计算机信息系统,具有下列情形之一的,应当认定为刑法第二百八十五条第二款规定的“情节严重”:

(一)获取支付结算、证券交易、期货交易等网络金融服务的身份认证信息十组以上的;

(二)获取第(一)项以外的身份认证信息五百组以上的;

(三)非法控制计算机信息系统二十台以上的;

(四)违法所得五千元以上或者造成经济损失一万元以上的;

(五)其他情节严重的情形。

实施前款规定行为,具有下列情形之一的,应当认定为刑法第二百八十五条第二款规定的“情节特别严重”:

(一)数量或者数额达到前款第(一)项至第(四)项规定标准五倍以上的;

(二)其他情节特别严重的情形。

明知是他人非法控制的计算机信息系统,而对该计算机信息系统的控制权加以利用的,依照前两款的规定定罪处罚。

第二条 具有下列情形之一的程序、工具,应当认定为刑法第二百八十五条第三款规定的“专门用于侵入、非法控制计算机信息系统的程序、工具”:

(一)具有避开或者突破计算机信息系统安全保护措施,未经授权或者超越授权获取计算机信息系统数据的功能的;

(二)具有避开或者突破计算机信息系统安全保护措施,未经授权或者超越授权对计算机信息系统实施控制的功能的;

(三)其他专门设计用于侵入、非法控制计算机信息系统、非法获取计算机信息系统数据的程序、工具。

第三条 提供侵入、非法控制计算机信息系统的程序、工具,具有下列情形之一的,应当认定为刑法第二百八十五条第三款规定的“情节严重”:

(一)提供能够用于非法获取支付结算、证券交易、期货交易等网络金融服务身份认证信息的专门性程序、工具五人次以上的;

(二)提供第(一)项以外的专门用于侵入、非法控制计算机信息系统的程序、工具二十人次以上的;

(三)明知他人实施非法获取支付结算、证券交易、期货交易等网络金融服务身份认证信息的违法犯罪行为而为其提供程序、工具五人次以上的;

(四)明知他人实施第(三)项以外的侵入、非法控制计算机信息系统的违法犯罪行为而为其提供程序、工具二十人次以上的;

(五)违法所得五千元以上或者造成经济损失一万元以上的;

(六)其他情节严重的情形。

实施前款规定行为,具有下列情形之一的,应当认定为提供侵入、非法控制计算机信息系统的程序、工具“情节特别严重”:

(一)数量或者数额达到前款第(一)项至第(五)项规定标准五倍以上的;

(二)其他情节特别严重的情形。

第四条 破坏计算机信息系统功能、数据或者应用程序,具有下列情形之一的,应当认定为刑法第二百八十六条第一款和第二款规定的“后果严重”:

(一)造成十台以上计算机信息系统的主要软件或者硬件不能正常运行的;

(二)对二十台以上计算机信息系统中存储、处理或者传输的数据进行删除、修改、增加操作的;

(三)违法所得五千元以上或者造成经济损失一万元以上的;

(四)造成为一百台以上计算机信息系统提供域名解析、身份认证、计费等基础服务或者为一万以上用户提供服务的计算机信息系统不能正常运行累计一小时以上的;

(五)造成其他严重后果的。

实施前款规定行为,具有下列情形之一的,应当认定为破坏计算机信息系统“后果特别严重”:

(一)数量或者数额达到前款第(一)项至第(三)项规定标准五倍以上的;

(二)造成为五百台以上计算机信息系统提供域名解析、身份认证、计费等基础服务或者为五万以上用户提供服务的计算机信息系统不能正常运行累计一小时以上的;

(三)破坏国家机关或者金融、电信、交通、教育、医疗、能源等领域提供公共服务的计算机信息系统的功能、数据或者应用程序,致使生产、生活受到严重影响或者造成恶劣社会影响的;

(四)造成其他特别严重后果的。

第五条 具有下列情形之一的程序,应当认定为刑法第二百八十六条第三款规定的“计算机病毒等破坏性程序”:

(一)能够通过网络、存储介质、文件等媒介,将自身的部分、全部或者变种进行复制、传播,并破坏计算机系统功能、数据或者应用程序的;

(二)能够在预先设定条件下自动触发,并破坏计算机系统功能、数据或者应用程序的;

(三)其他专门设计用于破坏计算机系统功能、数据或者应用程序的程序。

第六条 故意制作、传播计算机病毒等破坏性程序,影响计算机系统正常运行,具有下列情形之一的,应当认定为刑法第二百八十六条第三款规定的“后果严重”:

(一)制作、提供、传输第五条第(一)项规定的程序,导致该程序通过网络、存储介质、文件等媒介传播的;

(二)造成二十台以上计算机系统被植入第五条第(二)、(三)项规定的程序的;

(三)提供计算机病毒等破坏性程序十人次以上的;

(四)违法所得五千元以上或者造成经济损失一万元以上的;

(五)造成其他严重后果的。

实施前款规定行为,具有下列情形之一的,应当认定为破坏计算机信息系统“后果特别严重”:

(一)制作、提供、传输第五条第(一)项规定的程序,导致该程序通过网络、存储介质、文件等媒介传播,致使生产、生活受到严重影响或者造成恶劣社会影响的;

(二)数量或者数额达到前款第(二)项至第(四)项规定标准五倍以上的;

(三)造成其他特别严重后果的。

第七条 明知是非法获取计算机信息系统数据犯罪所获取的数据、非法控制计算机信息系统犯罪所获取的计算机信息系统控制权,而予以转移、收购、代为销售或者以其他方法掩饰、隐瞒,违法所得五千元以上的,应当依照刑法第三百一十二条第一款的规定,以掩饰、隐瞒犯罪所得罪定罪处罚。

实施前款规定行为,违法所得五万元以上的,应当认定为刑法第三百一十二条第一款规定的“情节严重”。

单位实施第一款规定行为的,定罪量刑标准依照第一款、第二款的规定执行。

第八条 以单位名义或者单位形式实施危害计算机信息系统安全犯罪,达到本解释规定的定罪量刑标准的,应当依照刑法第二百八十五条、第二百八十六条的规定追究直接负责的主管人员和其他直接责任人员的刑事责任。

第九条 明知他人实施刑法第二百八十五条、第二百八十六条规定的行为,具有下列情形之一的,应当认定为共同犯罪,依照刑法第二百八十五条、第二百八十六条的规定处罚:

(一)为其提供用于破坏计算机信息系统功能、数据或者应用程序的程序、工具,违法所得五千元以上或者提供十人次以上的;

(二)为其提供互联网接入、服务器托管、网络存储空间、通讯传输通道、费用结算、交易服务、广告服务、技术培训、技术支持等帮助,违法所得五千元以上的;

(三)通过委托推广软件、投放广告等方式向其提供资金五千元以上的。

实施前款规定行为,数量或者数额达到前款规定标准五倍以上的,应当认定为刑法第二百八十五条、第二百八十六条规定的“情节特别严重”或者“后果特别严重”。

第十条 对于是否属于刑法第二百八十五条、第二百八十六条规定的“国家事务、国防建设、尖端科学技术领域的计算机信息系统”、“专门用于侵入、非法控制计算机信息系统的程序、工具”、“计算机病毒等破坏性程序”难以确定的,应当委托省级以上负责计算机信息系统安全保护管理工作的部门检验。司法机关根据检验结论,并结合案件具体情况认定。

第十一条 本解释所称“计算机信息系统”和“计算机系统”,是指具备自动处理数据功能的系统,包括计算机、网络设备、通信设备、自动化控制设备等。

本解释所称“身份认证信息”,是指用于确认用户在计算机信息系统上操作权限的数据,包括账号、口令、密码、数字证书等。

本解释所称“经济损失”,包括危害计算机信息系统犯罪行为给用户直接造成的经济损失,以及用户为恢复数据、功能而支出的必要费用。

One thought on “Interpretation concerning Applicable Law in handling Criminal Cases of Endangering Computer Information System Security

    Latest Updates | China Copyright and Media said:
    May 18, 2013 at 10:06 am

    […] Interpretation concerning Applicable Law in handling Criminal Cases of Endangering Computer Informat… (2011) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s