Internet Rule of Law | Problems in the application of the crime of destroying computer information systems and how to solve them

Text | Beijing Haidian District People's Court, Zhang Peng, Yin Lihui

The iterative development of the Internet has led to the prosperity of related industries, and computer crime and cybercrime have also changed. The Criminal Law of the People's Republic of China (hereinafter referred to as the "Criminal Law") not only assumes the function of combating traditional computer crimes, but also plays an important role in regulating new types of cyber crimes such as cyber black and gray industries. New forms and technologies have blurred the "true face" of related crimes, and the accurate application of the crime of destroying computer information systems and related crimes is facing challenges. In order to clear the fog of fact determination and realize the accurate determination of the crime of sabotage of computer information systems in judicial practice, it is necessary to determine the boundary of the crime of sabotage of computer information systems from the dual perspectives of computer technology and the legal interests of the Criminal Law, so as to improve the adjudication rules and accurately apply the crimes of the Criminal Law.

Evaluation puzzles

Articles 285 and 286 of the Criminal Law provide for a series of crimes against computer information systems, including the crimes of illegal intrusion into computer information systems, illegal control of computer information systems, destruction of computer information systems, illegal acquisition of computer information system data, and the crime of providing programs and tools for intruding into or illegally controlling computer information systems. After the continuous improvement of successive amendments to the Criminal Law, the Criminal Law has formed a systematic and gradient system of crimes. The rapid development of computer and network technology has led to the lag of relevant technical keywords in legal norms. This is a challenge for the accurate characterization and evaluation of criminal acts. This is manifested in the fact that it is easy to generalize in determining the crime of destroying computer information systems, it is difficult to define the connotation of "data" as the target of the crime, and the understanding and application of the constitutive elements of the crime are not uniform. There are three main reasons for this:

First, criminal behavior is concealed and complex, and its essential characteristics are difficult to explore. The diversification of computer and cybercrime methods has put forward higher requirements for the technical understanding and analysis of criminal behaviors. If the judiciary does not deeply explore the technical core characteristics of the behavior, and simply uses the typology of the behavior as an experience to apply the law, it is very easy to be confused by the appearance of cybercrime.

Second, the characteristics of crimes are gradually networked and industrialized, making it more difficult to identify crimes. The change of computer technology has led to the transformation of traditional computer crime from cybercrime to cyberspace crime. Cyber black and gray industry crimes by means of "running scores", "sniffing", "crawlers" and "traffic hijacking" are emerging in an endless stream. The destruction of computer information systems may be only one link in the entire industrial chain. As a result, the judiciary has to adjust the interpretation theory when determining the crime to adapt to and realize the function of cybercrime governance.

Third, criminal legislation has the characteristics of stability, and the adjustment of crimes will make it more difficult to apply. Although the timely adjustment of criminal norms can meet the needs of crime prevention and governance for a period of time, the stability of the law determines that it is impossible to respond to the changes in criminal methods by frequently adjusting criminal law norms. In the author's opinion, if there is no interpretation and distinction, only the rigid application of the provisions of the second paragraph of Article 286 of the Criminal Law will lead to the risk of the crime of illegal control of computer systems being "fictitious".

Perspective on criminal technology

At present, computer cybercrime mainly relies on the carrier of "communication networks". The network is one of the core functions of the computer system, and the communication in the computer network system must rely on the network communication protocol. According to different protocols and functions, the computer network system can be divided into multi-level structures such as application layer, transportation layer, and network layer. From a technical point of view, the author examines the "destructive" differences in different computer crimes, and then summarizes the general conclusions that define criminal behaviors.

Taking the "traffic hijacking case" involved in the Guiding Cases of the Supreme People's Court and the Supreme People's Procuratorate as an example, such acts mainly occur in the process of data exchange and ultimately act on the application layer of the computer network system. Different "hijacking" behaviors have different degrees of damage to the application layer, so "traffic hijacking" mainly involves two crimes: "sabotage of computer information systems" and "illegal control of computer information systems". If it substantially affects the realization of the communication protocol function, it constitutes the crime of destroying computer information systems. Otherwise, it shall be considered that the act is only control, intrusion or other acts, constituting the crime of illegal control of computer information systems. The specific analysis is as follows:

First, in Guiding Case No. 102 of the Supreme People's Court, the actor modified the DNS settings of an Internet user's router so that when a user logged in to a navigation website such as "abc.com", he was redirected to the "efg.com" navigation website (pseudonym) set by the user. The function of the DNS protocol is to resolve IP addresses from domain names. The above-mentioned criminal act is a modification of the DNS protocol itself in the application layer of a computer network system. As a result, this behavior impairs the ability of hostname translation IP addresses on the Internet, causing all users who log in to the "abc.com" to be redirected to the "efg.com" they have set. This act is a sabotage of the function of a computer network and constitutes the crime of sabotage of a computer information system.

Second, in Guiding Case No. 33 of the Supreme People's Procuratorate, the perpetrator modified the IP address and connected to a gambling website established by renting an overseas virtual server. This criminal act changed the specific mapping of communication protocols in the application layer of the "communication network", so that all users who visited the subdomain of the website eventually jumped to the gambling website, causing the original website to not function properly. This kind of behavior was eventually found to be the destruction of the network function of the computer information system, constituting the crime of destroying the computer information system.

Third, in Guiding Case No. 145 of the Supreme People's Court, the actor used a Trojan horse program to obtain the background authority of the target server, added the keyword "gambling" and set up a static web page with an automatic jump function, thereby increasing the hit rate of gambling advertisements, which was ultimately evaluated as an illegal control act. Although the act occurred at the application layer, the perpetrator only uploaded a new web link code, and did not tamper with the relevant protocols in the application layer, nor did he change the interaction rules of the communication network process. Therefore, the result is that the target server only jumps to the relevant web page after clicking, and the actual web page resolution relationship and pointing content are not changed, and other network users who click on the web page can still open the original web page. In this case, the court of first instance found that his act was an "act of sabotage", and the court of second instance reversed the judgment, saying that this act was "a modification or addition of certain data of a computer information system on the basis of illegal control, and did not have a substantial impact on the function of the computer network". So far, the evaluation results of the court of second instance have fully confirmed the author's previous technical analysis results.

Technical Definition

What constitutes an "act of sabotage" against a computer information system requires the achievement of criteria that affect the progress of the communication protocol. This standard includes two meanings: first, the object of destruction is the function of the computer network system, such as the application layer of the computer network system, and second, the "sabotage act" must cause the destroyed function to lose its original effectiveness, such as the communication protocol process cannot be carried out normally. In addition to computer networks, computer information systems include hardware systems and software systems. Hardware systems include network equipment, servers, and storage devices. Software systems include operating systems, database management systems, etc. The destruction of the above-mentioned system functions can be considered as "sabotage". In practice, "sabotage" is mainly manifested in the following three aspects:

First, probe interference behavior. By installing servers and switches, the perpetrator blocked, diverted, and shielded the data transmitted by the network operator's terminal broadband violation monitoring system, interfering with the computer of the supervision system, causing it to be unable to obtain all the transmitted data, and the supervision and early warning functions were partially invalid. The act interferes with the function of the system and achieves the consequence of not being able to operate normally, which falls within the scope of "sabotage" and certainly constitutes the crime of destroying computer information systems.

Second, malicious "mining" behavior. The defendant embezzled the company's server resources for "mining" by adding applications. Although the criminal act has increased the number of applications, the act does not cause damage to the server and its functions, and it is still an act of "illegal control" and does not constitute the crime of destroying computer information systems.

Third, in the controversial "Locked Smartphone Case", the defendant remotely locked the victim's smartphone device, making it a "zombie machine" that could not be turned on. The criminal act is the interference and destruction of the operating system, resulting in the victim being unable to use the functions of the system, constituting the crime of destroying the computer information system.

Deconstruct the legal benefits

Although technical principles provide a perspective for evaluating the facts of a crime, legal norms are not a simple superposition of technical logic. On the basis of judging the characteristics of criminal acts, the judiciary needs to further examine the harmfulness of society or legal interests, so as to complete the legal evaluation of criminal acts. At present, the consensus in the theoretical circles is that the harmfulness of the legal interests of the crime of destroying computer information systems lies in the fact that the act infringes on the security of computer information systems. The author believes that in order to distinguish and explain the crimes, it is necessary to refine the specific legal benefits of the crime of destroying computer information systems from the perspective of crime comparison.

The "three elements of information security" provide a framework for deconstructing specific legal interests. According to the Cybersecurity Law of the People's Republic of China and other legal provisions, confidentiality, integrity, and availability are the three main goals of information security. The definition of computer information system security, the object of computer crime, in the Criminal Law also revolves around these three dimensions.

Specifically, first, although both the act of illegal intrusion into the computer system and the act of illegal control are violations of confidentiality, the act of intrusion is only to carry out reading operations, and the act of illegal control is to further modify or change operations. Thus, the intrusion violates the right of consent of the owner of the computer system.

Second, compared with "sabotage", the modification or addition of the crime of illegally controlling a computer information system does not require that it reach the level of destroying the computer information system, and that the act will not affect the normal operation of the computer system or the integrity of the data it protects, let alone affect the normal operation of the system. It emphasizes the restriction of unauthorized or unauthorized control of computer information systems, that is, the regulation of an act of "misappropriation" of control.

In one case, the perpetrator installed a Trojan horse program on the user's computer, waited for the user's QQ to be "infected", and then the person who needed to publish advertisements sent advertisements to the "infected" users through QQ groups and other channels to make profits. This act is intended to control the QQ of others, not to destroy the QQ program itself, and this act is found to constitute the crime of illegal control of computer information systems, but does not constitute the crime of destroying computer information systems. Therefore, the ultimate purpose of the act of "illegal control" is to illegally invade, manipulate, peep, arbitrarily modify the computer information system, etc., and has not yet caused the computer information system to be incomplete or unusable. It infringes on the manager's control over the computer information system.

Data legal benefits

Undoubtedly, the crime of sabotage of computer information systems is aimed at protecting the functional integrity and operational security of computer information systems. The description of the offence of sabotage of computer information systems in the Penal Code refers to "data". At present, the main point of controversy in the theoretical community is whether it protects the legal interests of data. The "Doctrine of Compound Legal Interests" holds that the legal interests of independent data should be included in the scope of protection of this crime, while the "Doctrine of Single Legal Interests" holds that the protection of data essentially needs to act on the functions of computer information systems, and does not recognize the independent protection of data in this crime. Disputes over the content of legal interests have led to different conviction outcomes in judicial application, and it has also made it difficult to clarify the boundaries between various crimes. The author agrees that the crime of destroying computer information systems protects complex legal interests, and the specific analysis is as follows:

First, the complete protection of legal interests in data must rely on legislative provisions. The development of information networks has made data security an important issue in network governance, and the protection of data in the Criminal Law is mainly reflected in the provisions on the crime of illegally obtaining data from computer information systems and the crime of destroying computer information systems. Some scholars believe that the crime of "data crime" should be set up separately to meet the practical needs of data governance. In the author's opinion, under the current legal system, the best choice to achieve data protection through the accurate application of existing legal provisions is to balance "fairness and efficiency".

Article 285 of the Criminal Law, "Crime of Illegally Obtaining Data from Computer Information Systems", only stipulates the act of "acquisition". It is difficult to regulate acts other than "acquisition". The protection of data security for this crime is limited to the confidentiality of data. As for the protection of data integrity and availability, at present, judicial practice needs to rely on the second paragraph of Article 286 of the Criminal Law to regulate. Therefore, in judicial practice, it is necessary to combine the crime of destroying computer information systems with the crime of illegally obtaining data from computer information systems, so as to fully protect the important legal interest of data security.

Second, the legal interests of data are not limited to data related to the functions of computer information systems. From the perspective of legislative norms, the provisions of paragraphs 1 and 2 of article 286 of the Criminal Law clearly distinguish between "computer information system functions" and "data and applications". This article not only protects data that affects the functions of computer information systems (Article 286, Paragraph 1), but also includes data and applications other than system functions in the scope of protection against computer crimes (Article 286, Paragraph 2). In judicial practice, there is a view that this crime should only protect data related to the functional operation of computer information systems, and if the destroyed data does not affect the operation of computer information systems, it should not constitute the crime of destroying computer information systems. In the author's opinion, this view does not distinguish between the concepts of "system" and "system function", and is not in line with the purpose of the legislation. If, according to this statement, the crime only protects data related to the functions of computer information systems, then paragraph 2 of article 286 would be null and void.

Third, there are differences between the boundaries of data legal interests and other crimes in this crime. The "crime of illegally obtaining computer information system data" as provided for in the second paragraph of Article 285 of the Criminal Law and the description of the crime in the second paragraph of Article 286 of the Criminal Law both involve endangering the security of data. In fact, the criminal act of "illegal acquisition" is not the same as the criminal act of "destroying" data in a computer information system. Therefore, it is not necessary to demand that the data protection scope of the two offences is exactly the same. If the connotation of computer information system data is expanded to include all data in computer information systems, it will inevitably become the source of cracking down on all computer-related crimes involving computer data with the crime of destroying computer information systems in judicial practice, so that it will become a catch-all clause for data-related crimes. In the author's opinion, the judiciary should prudently adjudicate and establish the threshold and boundary of data protection for computer crimes. Of course, prudent judgment does not mean that the scope of data under Article 286 of the Criminal Law is excessively narrowed.

The view was expressed that the scope of data should be clearly defined. In the author's opinion, if it is mechanically prescribed which "important" or "core" data falls within the scope of the crime and what data does not fall within the scope of the crime, it will inevitably be difficult to delineate. It is recommended that a comprehensive determination be made based on the nature of the data infringement and the harmful results.

To sum up, crimes related to endangering computer information systems have a certain degree of "destructiveness". Because of the different degrees of destruction, there are differences in the results of the crime and the charges against them. The author believes that using technical principles to deconstruct criminal acts is a powerful solution to practical problems, and on the basis of technical analysis, it is possible to comprehensively consider the mode of conduct, the object of the crime, the harmful results, and the causal relationship, so as to accurately apply the crime.

Cover and table of contents of this issue

China Trial, Issue 5, 2024

China Trial News Semi-Monthly No. 339

Editor/Xu Chang

Internet Rule of Law | Problems in the application of the crime of destroying computer information systems and how to solve them

Read on

SuperMap Software: A global leader in geographic information systems, with broad investment prospects, SuperMap Software is the world's leading geographic information system (GIS) provider, and its business model is through the provision of GIS

Walk into Anker and explore the secret of the success of the industry benchmark! Youjiang Boss students study AnkerAnker Anker as the world's leading consumer electronics brand, its success

What are the recommended map tripartite platforms for GIS (Geographic Information System)? As a perennial designer of GIS systems, I often encounter the use of tripartite maps, and developers need to adjust

Guiding Case No. 103: Xu Qiang's sabotage of a computer information system

WebGL and webGIS are stupidly indistinguishable, the two are very different, this article will tell you. WebGL is a web graphics library based on the OpenGLES 2.0 standard

#0 Fans can also get creative benefits##Soft Exam##Information System Project Manager##Micro Headline Incentive Plan#Soft Exam High Item Memory Summary-Information System Project Manager: Chapter 1

On any aircraft carrier, it is necessary to bring a large number of female soldiers? What role do they play on the aircraft carrier? As the main assault ship of the naval aviation, the aircraft carrier bears the air and sea supremacy at sea

GIS Geographic Information System: The Secret Weapon of Intelligent Monitoring and Operation and Maintenance

Intelligent factory construction - the project of 3D information system of underground pipe network was successfully accepted

Technical Interpretation EU NIS2 – Network and Information Systems Directive (2022/2555) I

The city's "three-year action information system for tackling the root cause of safe production" was officially launched

Intelligent transportation administrative law enforcement integrated management information system (431 pages of word plan and 64 pages of PPT matching

The 2024 Conference on Frontier Technology and Application of Information System Electromagnetic Cross was held in Science City

Self-taught programming illegally obtains computer information system data, sentenced!

@安义人, the information system for flexible employees to participate in supplementary work-related injury insurance was officially launched!

China's supercomputer broke through again, foreign media: sure enough, only Chinese technology can break China's record

Is Apple finally going to join the computer on the iPad?

A very comprehensive set of computer network system construction plan, including the construction process

Hello everyone, I'm a panda! Not the kind of cute black and white animal, but the soul of the headline world, always bringing you fresh and interesting commentary on current affairs!

Look, the computer is practicing the "doppelganger technique"

【CCF Recommendation】Summary of the deadline information of computer academic conferences in May and June

The China Computer Federation Intelligent Manufacturing Industry Service Group Demand Seminar was held

Why did Mamba subvert Transformer's dominance in computer vision?

Quantum computer: the key track of quantum technology with high barriers, and the core leader is always strong

Extropic Revolutionizes Computing: Noise-Powered Thermodynamic Computers Reinvent the Future of AI Computing!

China's superconducting quantum computer broke through key equipment, and the technical blockade was used to break through

That's it! "Core" - Have you ever seen the core of a quantum computer?

Computer industry fund holdings

Use the empty board single board computer to build a smart home system

The U.S. government's retired supercomputer is being auctioned off with a starting price of just $2,500

The U.S. government's retired supercomputers are being auctioned, with prices starting at just $2,500