Both the development of knowledge and access to information have, from the very beginning, been in a continuous state of evolution. It is a fundamental requirement for human evolution and development to access the knowledge gathered by others as widely as possible, so promoting the advance of human knowledge.
In the context of this development, technical recording and data processing are no more than steps in human evolution, and, as with any other evolutionary leap, new issues and problems arise for the legislator as well as for the judicature. Just as the appearance of electricity in cases of theft made it necessary to reconsider the definition of object in criminal law,[1] so the use of computers and, in general, informatics makes it necessary to reconsider the terminology of criminal law and to develop new, more up-to-date interpretations.
The appearance of computers and the Internet created a need for international cooperation in respect of the definition of terms used and in the (criminal) assessment of specific acts. It is no exaggeration to say that there are no criminal offences where internationally harmonised criminal regulation could have been as important as it is for cybercrime. This new medium - with the aid of the worldwide web - transcends national frontiers and allows "hacking" (access and intrusion into) databases located in another country, or even on the other side of the planet. Obviously, as every new tool or facility appears, there also appear individuals who are not satisfied with the lawful use of the new technology and cannot resist misusing it. Nonetheless, in the absence of internationally harmonised regulations, there will always remain a 'paradise for criminals' where perpetrators can exercise their criminal activities quite freely, knowing that there can be no legal reprisals. Naturally, such harmonised regulation can only be created through the joint adoption of measures by national governments with a common recognition of the importance, the necessity, of prosecuting such offences, a process which may take decades. Countries such as Hungary, which have come face-to-face with the problems of IT-related crime and cyber-crime at a later stage, need to examine the examples of the more developed countries in respect of relevant legislation and to apply those solutions which can be adopted in their domestic system.
Clearly, it must also be borne in mind that that the criminal law - being the 'ultima ratio' - may be - and can only be - applied to those infringements which cannot be protected by other legal measures.
This present paper attempts to introduce what is currently the criminal regulation of computer crime in Hungary in the light of international agreement.
The first chapter of the work clarifies the terms applied, giving various national and international definitions for the various categories, such as: computer crime, computer-related crime, computer abuse, whilst also discussing the possibility of criminalising such offences. It is obvious that we must be able to use clear, well-defined terminology for both national and international prosecution of the delicts for us to be able, subsequently, to judge their merit. Even in the '80's these particular delicts were missing from Hungarian regulation, and so it was vital to clarify the terms relating to computer/Internet criminality to be able to categorise them by analogy amongst existing crimes.
The second chapter examines in detail the valid regulation of Hungarian criminal offences, and their relevant subject matter, linking them to those international documents (previously introduced) from which the legislator had drawn the ratio of the various delicts with special reference to the Council of Europe's Convention on Cybercrime.[2] The final chapter gives a brief introduction to the crimes not specified by the Cybercrime Convention and summarises Hungarian regulation.
In general, the paper aims to introduce the current Hungarian criminal regulation of
- 14/15 -
Cybercrime from an international standpoint, so giving a Central-European example of the criminalisation of such delicts so far missing from the international legal literature.
To be able to understand the culpability involved in computer crime and in informatics-related crime in Hungary, we must, first or all, clarify the concepts. The first issue is that of the terminology of such crimes and the specific characteristics of such offences. The first Hungarian publications wrote of computational crimes and computer-related crimes, but from the early '90's the concepts of crimes on informatics[3] and crimes against informatics[4] appear,
The computer - according to the definition given by Zsolt Balogh[5] - is an item of equipment for information processing. Computer abuse, as given in the OECD Report, is 'considered as any illegal, unethical or unauthorised behaviour relating to the automatic processing and the transmission of data'.[6] However, this early definition, due to the use of the term 'unethical', applies to elements which do not fall within the concept of criminal law. The concept provided later by the Council of Europe in its Convention on Cybercrime[7] defines a computer system as 'any device or group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data'. The explanation given by the Convention spells out that the definition of computer system also includes communication systems and any system which allows the automatic processing and the transmission of data connected physically, electronically or by radio signal.
The concept of Tibor Nagy on crime against informatics[8] includes offences against hardware, software and against electronic information - infringements which are included in the Council of Europe's above definition.
What emerges from these definitions is that the terminology of computer crime and of crime on informatics was not absolutely identical in meaning as given by their authors, but that, by the Council of Europe's definition and its adoption into the Hungarian Criminal Code (specifically into Section 300/F. the definition of a computer system), the two concepts became more or less identical in meaning. In consequence, their parallel use can be accepted. The international literature, however, seems to prefer computer crimes (or, newly, cybercrimes) for defining such offences.
The last observation in this chapter relates to the general definition of concepts. Following the theory of József Villányi[9] 'the object of criminal law is [...] the punishment of the violation of developed and generally accepted norms'. It would, therefore, be quite useful - from a continental standpoint - if these general concepts (e.g., that of the computer system) would be translated into legislative Acts regulating this particular field generally, rather than in the Criminal Code. However even the concepts of the Criminal Code in relation to objects, chattels as well as to documents must be reconsidered if we are to apply them to computer crime[10]. To support the investigation, other measures such as informing the public of the threats posed by such offences and training a special national force are also necessary[11] and current issues.
Although the first specific sections on computer crime appeared in the Hungarian Criminal Code in 1994, nevertheless, the true basis of the revision of the articles of the criminal law was the Council of Europe's Cybercrime Convention - which is known - after the venue for ratification - as the 'Budapest Agreement'.[12]
In 1997 the Council of Europe established a committee of professionals on cybercrime (CP-CY) under the auspices of the European Committee on Crime Problems (CDPC), a committee which was authorised to prepare an International Convention on Cybercrime. The draft was adopted at the plenary session of 11-15 December 2000 by the CP-CY and the final text was presented for ratification in Budapest on the 23 November 2001.
The first chapter of the Convention gives definitions for 'computer system' 'computer data' for 'traffic data' and for the expression 'service provider'. According to the Convention, a computer system 'means any device or a group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data'. This definition also covers communication systems and all systems related to the transfer and processing of data. In the Hungarian Criminal Code the Interpretative provision (Section 300/F) gives the following definition according to the Convention: 'For the purposes of Sections 300/C and 300/E, 'computer system' means a device or a collection of devices intended for the automatic processing handling, storage and transmission of data.'
By this definition the Hungarian legislator solved the decade-long terminological debate - according to the requirements of the Convention - by equating the terms 'informatics system' and 'computer system'
The term computer data did not need a new definition since it was already clearly defined by a Government Resolution in 1998 (No. 75) by the term 'communication'.[13]
Likewise the term traffic data does not need a specific definition since the interpretation of this expression does not constitute a problem and its content in the proceedings is clear for the experts dealing with this issue.[14]
A definition of provider is, however, necessary, since the national terminology does not use this specific expression. (The Hungarian terms in use are: electronic telecommunications service and provider[15] and the organisations administering certain telecommunications services of the previously cited Government Resolution[16]); similarly, the definitions given previously (information service[17] and content provider and the other terms appearing) do not conform to Convention terminology.
The Convention defines the following crimes:
• Illegal access (Article 2)
• Illegal interception (Article 3)
• Data interference (Article 4)
• System interference (Article 5)
• Misuse of devices (Article 6)
• Computer-related forgery (Article 7)
• Computer-related fraud (Article 8)
• Offences related to child pornography (Article 9)
• Offences related to infringements of copyright and related rights (Article 10)
Of the above list - at the time when the Convention was framed - the Hungarian criminal law penalised only a few as criminal conduct. A widespread overhaul of the Criminal Code was, therefore, necessary to include the new crimes as well to revise the articles already existing.
According to the wording of the Convention, intentional access to the whole or part of the computer system without right is prohibited. The parties may require that the offence be committed by infringing security measures, with the intent to obtain computer data or with other dishonest intent, or in relation to a computer system which is connected to another computer system.
The Act criminalises what was defined in Section 300/C paragraph (1) introduced by the 2001 amendment[18] of the Criminal Code:
- 15/16 -
(1) Any person who gains unauthorized entry to a computer system or network by compromising or defrauding the integrity of the computer protection system or device, or overrides or infringes his user privileges, is guilty of misdemeanour punishable by imprisonment not to exceed one year, work in community service or a fine.
The Hungarian provision regulates liability in respect of entry by the condition of 'infringing security measures' as an option given by the Convention. The advanced terminology of the domestic legislator should be emphasised in this respect when, over and above the unlawful access defined by the Convention, it also penalises the overriding or infringement of user privileges and so protects the legal interest in the integrity of the computer system as an absolute, negative content right - similar to the legal protection of property. However, the Convention's last sentence, in which unlawful entry is effected with the intention to commence an attack against other computer systems or users, was not defined in a separate paragraph, and so the above action is penalised irrespective of the intention.
According to the Convention, a crime is committed by the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. The parties may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system. This conduct was criminalised by the wording of the Criminal Code: 'captures correspondence forwarded by means of communication equipment or computer network to another person and records the contents of such by technical means' as in the article on the illicit possession of private information (Section 178/A Para (1) d). This regulation came into force from 2002, but, nonetheless, it is an open question whether this Hungarian regulation, by its use of the phrase 'records the contents of such by technical means' narrows the Convention's intended meaning excessively.
According to the definition given by the Council of Europe, the offence is the damaging, deletion, deterioration, alteration or suppression of computer data without right. Alternatively, this may have been interpreted as 'content-forgery'. In the domestic regulation, it was, once again, the 2001 modification of the Criminal Code which introduced the following re-phrasing of Section 300/C paragraph (2) a):
(2) Any person who
a) without permission alters, deletes or suppresses data stored, processed managed or transmitted in a computer system or denies access to the legitimate users,
In this article the term 'alteration' includes any modification of data, whilst 'deleting' is partial or complete removal of data which may be realised by the delete function or by overwriting [...] based on the definition of Zoltán Nagy.[19] The 'deletion', therefore, includes the Convention's terms deletion, deterioration, and damaging. "Suppression" does not necessarily mean the deletion of data, nor its alteration. This occurs, nevertheless, if the legitimate user loses control over the data, whether temporarily or terminally, partially or totally. This is easily done by hiding the data within the system, by moving the data or by modifying user access levels. This is a process which results in previously authorised users being prevented from processing the data, and so it is a special form of modification - not of the data itself, but of its "environment". Some opinions have emerged which would exclude this from Hungarian regulation.[20]
According to Article 5 of the Convention, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data constitutes criminal behaviour. This crime was prosecutable as a form of computer fraud (Section 300/C) prior to 2001 - which resulted in a new definition of this Section:
(2) Any person who
b) without permission inputs, transmits, alters, deletes any data, or by any other means unlawfully hinders the functioning of the computer system is guilty of misdemeanour punishable by imprisonment not to exceed two years, work in community service or a fine.
As can be seen, new forms of action have appeared such as input, transmission and any other means. Input means entering data into the system, whilst transmission covers the sending and receiving of data. The expression "other means" offers the possibility of prosecuting new types of action which were unknown to the legislator at the time of phrasing the article but which are similar in their effect in hindering the data processing system. It is interesting that the national regulation does not require 'serious hindering' of the computer system but is satisfied merely by 'hindering'. The Hungarian Criminal Code, therefore, prosecutes any offence which results in the hindering of the functioning of a computer system, and it is now, therefore, a matter for the judicature how this article is applied.
According to the Convention, the following unlawful, conscious acts should be prosecutable:
a. the production, sale, procurement for use, import, distribution or otherwise making available of:
1) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 - 5;
2) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with the intent that it be used for the purpose of committing any of the offences established in Articles 2 - 5; and
b. the possession of an item referred to in paragraphs (a)(1) or (2) above, with intent that it be used for the purpose of committing any of the offences established in Articles 2-5. A party may require by law that a number of such items be possessed before criminal liability attaches.
Paragraph 2 of Article 6 excludes various acts where the intention to commit any of the crimes listed in Article 2-5 is lacking, e.g. for the authorised testing or protection of a computer system. Paragraph 3 allows the parties not to apply paragraph 1 of the Article, provided that this reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 (a) (2). This allows misuse to be omitted from criminal prosecution, with the exception of the unlawful making available of passwords and access codes (as in paragraph 1 (a) (2)).
The above defines and makes liable for prosecution: accession, distribution and possession of programs and system-access
- 16/17 -
codes necessary to commit the previously listed crimes. The Hungarian legislator regulates this under: defrauding the integrity of a computer protection system, or device (Section 300/E):
(1) Any person who, for the purpose of committing the criminal activities defined in Section 300/C,
a) produces, b) obtains,
c) distributes or trades, or otherwise makes available
a computer program, password, access code, or other data with which to gain access to a computer system is guilty of misdemeanour punishable by imprisonment not to exceed two years, work in community service or a fine.
(2) Any person who, for the commission of the criminal activities defined in Section 300/C, conveys his economic, technical and/or organizational expertise to another person for the creation of computer software, passwords, entry codes, or other data with which to gain access to a computer system or network shall be punished according to Subsection (1).
(3) In the case of Paragraph a) of Subsection (1), any person who discloses to the authorities his involvement in the creation of any of the following: computer software, password, entry code, or other data with which to gain access to a computer system or entire computer network before the authorities learned of such activities through their own efforts, and if the person presents such matter so produced to the authorities and assists in the efforts to identify the other persons involved, then that person shall be exonerated from punishment.
The Hungarian Criminal Code defines in paragraph (1) the acts listed in paragraph a) of the Convention (producing, obtaining, distributing, trading or otherwise making available) and makes them prosecutable in respect of the devices listed in paragraphs (1) and (2) of the Convention (computer program, password, access code, or other data allowing access to a computer system). Paragraph (2) of the Hungarian regulation makes it separately punishable to convey the economic, technical and/or organisational expertise for the creation of devices listed in paragraph (1) for the commission of a crime (under 300/C). Therefore the person is individually liable, under paragraph (2), who gives information about its own system and, therefore, assists the commission of a crime under Section 300/C.
Paragraph (3) regulates as an extinctive cause the disclosure of the perpetrator's activity with his request to present the product(s) to the authorities and his assisting the authorities' efforts in the identification of other persons involved. This is an implicit declaration of the legislative in which it expresses its intention to prosecute offences against computer systems and data in the future with maximum effort whilst also punishing any preparatory actions which assist.
The Convention defines computer-related forgery as intentional and unlawful behaviour which by the input, alteration, deletion, or suppression of computer data, results in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. The parties may require an intent to defraud, or similar dishonest intent, before criminal liability attaches. This category is, in several aspects, similar to that explained in Article 4 of the Convention (Data interference) - prosecutable in Hungarian law under criminal conduct against computer data (Section 300/C para. (2) a). The difference may be understood by the fact that, whilst Data interference was defined as 'content-forgery', Article 7 protects the integrity of the origin and the interest as determined by the person creating them and is, therefore, rather a 'forgery of origin'. It important to emphasise that the present Article prosecutes the alteration of secondary, external data which makes identification (origin) of data possible. There is no specific Section for this criminal offence in the Hungarian Criminal Code, although there are certain articles which have some relevance.
Private document forgery (Section 276) in the Hungarian Criminal Code may not be used since here the relevant action is the forgery itself, and, up to that point, there exists only an attempt, which, by itself, is not punishable. The abuse of a document (Section 277) would be a solution in the case of the destruction of or damage to the document, but the Convention also makes the input of data prosecutable. This article would, therefore, still be lacking some action even if it were otherwise regarded as adequate by computer data being accepted as documents. However, this is somewhat doubtful since this data - similar to licence plates on cars or production numbers on industrial goods - is secondary information, involving author and origin, and cannot, therefore, be regarded as a private document.
This action could, at first sight, be treated as the counterfeiting of individual identification marks (Section 277/A). This is a crime, although the definition of an individual identification mark[21] in the Convention's Article 7 does not constitute appropriate protection against such action.
In the Hungarian Criminal Code we find the falsification of data related to copyright, but we would need this amended to all computer data. Moreover, even such action does not criminalise the input of data.
Finally, criminal conduct against computer systems and computer data (Section 300/C) may be applied, something which was already discussed in detailing Article 4 of the Convention. The present criminal regulation makes any unlawful alteration, deletion and suppression of data prosecutable, but it does not expressly prosecute the input of such data. Nevertheless, if we reconsider the term 'alteration' - which was also given a broad definition - even the mere input of (the transmitted) data constitutes an alteration of the database, and so Section 300/C para (2) a) is the appropriate criminal article in respect of Article 7.
Computer-related fraud is defined by the Convention as intentional and unauthorised conduct causing the loss of property to another by:
a) any input, alteration, deletion or suppression of computer data,
b) any interference with the functioning of a computer system,
with the fraudulent or dishonest intent of procuring, without right, economic benefit for oneself or for another.
This has already been included in the above section on "Computer Fraud" (Section 300/C) and, after 2002, the new paragraph (3) dealt with the issue as follows:
(3) Any person who, for financial gain or advantage,
a) alters, damages or deletes data stored, processed or transmitted in a computer system or network or denies access to the legitimate users,
b) adds, transmits, alters, damages, deletes data or uses any other means to disrupt use of the computer system or network
- 17/18 -
is guilty of felony punishable by imprisonment not to exceed three years.
According to the Convention's phrasing, the criminal offences are:
a) producing child pornography for the purpose of its distribution through a computer system;
b) offering or making available child pornography through a computer system;
c) distributing or transmitting child pornography through a computer system;
d) procuring child pornography through a computer system for oneself or for another;
e) possessing child pornography in a computer system or on a computer-data storage medium.
2. For the purpose of paragraph 1 above "child pornography" shall include pornographic material that visually depicts:
a) a minor engaged in sexually explicit conduct;
b) a person appearing to be a minor engaged in sexually explicit conduct;
c) realistic images representing a minor engaged in sexually explicit conduct.
3. For the purpose of paragraph 2 above, the term "minor" shall include all persons below 18 years of age. A party may, however, require a lower age-limit, which shall be not less than 16 years.
The article on the composition of illegal pornographic material (Section 195/A) was amended in 1999 by including the expression 'making available' in paragraph (3). In this way the Hungarian Criminal Code made such action on the Internet a prosecutable offence. The last amendment - in 2001 - altered the title of the relevant section to the abuse of illegal pornographic material.
(1) Any person procuring and/or having possession of pornographic images or records of a minor made by video, film or photographic equipment or by any other means is guilty of a felony punishable by imprisonment not to exceed three years.
(2) Any person who offers and/or conveys pornographic image or record of a minor made by video, film or photographic equipment or by any other means is guilty of a felony punishable by imprisonment not to exceed five years.
(3) Any person who produces pornographic image or record of a minor by video, film or photographic equipment or by any other means, and/or distributes or makes such pornographic images available to the public is guilty of a felony punishable by imprisonment between two to eight years.
(4) A person having a minor participating in a pornographic show shall be punished as set forth in Subsection (3).
(5) The person providing financial means and thus assisting in the commission of the crime defined in Subsections (3)-(4) shall be punished by imprisonment between two to eight years.
(6) For the purposes of Subsections (1)-(4),a pornographic record or a pornographic show is the act or display of sexuality in a gravely indecent manner of exposure specifically for arousing sexual demeanour.
The Convention defined three new offences compared to the Hungarian Section on pornographic material valid before the 2001 modification of the Criminal Code:
• Offering child pornography,
• Procuring a child for oneself or for another and
• The possession of child pornography
To interpret the relevant article, the legislators used the similar forms of conduct listed in the section on the misuse of narcotic drugs (Section 282) by analogy - as proposed by József Villányi.[22] In this way the act of Offering' in the Convention corresponds with the expressions of 'offering' stated in Section 282/A on the misuse of narcotic drugs and in Section 195/A para. (2), which is an unsuccessful invitation to someone to receive child pornography. "Procuring" under the Convention was found by analogy as similar to the 'procuring' described in Section 282 (regardless of whether for a person's own purposes or for someone else). This includes all forms of active and passive behaviour which result in a person who has previously not been in possession of child pornography to become a possessor. Finally, the offence of "possession" under the Convention was made identical to 'possession' in Section 282 and was incorporated into Section 195/A para (1) accordingly- including acts involving disposal and usage.
The expression 'visually depicts' in paragraph 2 of the Convention has to be highlighted since it includes several pornographic products not covered by the Hungarian section 195/A. If we accept Tibor Peszleg's[23] definition that paedophilia is sexual behavioural dysfunction, it is easy to imagine that those suffering from such dysfunction will become sexually excited by visual depictions not listed by the Hungarian regulation. By definition, it is also necessary for the depiction to display sexuality in a gravely indecent manner. However, the Hungarian Criminal Code by its wording excludes paintings, hand-drawings and comics from prosecution. Japanese Manga (hand-drawn image, printed comics) and Anime (animation, animation film) might otherwise fill this category. It would, therefore, be useful to broaden the Hungarian terminology - in line with that of the Convention -from photographic image and recording to visual depiction.
The Convention defines the infringement of copyright and related rights as defined under the law of that party pursuant to the obligations undertaken under the Paris Act of 24 July 1971, the Bern Convention for the Protection of Literary and Artistic Works, the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Copyright Treaty, with the exception of any moral rights conferred by such Conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.
Further protection is granted based on the Protection of Performers, Producers of Phonograms and Broadcasting Organisations concluded in Rome (Rome Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Performances and Phonograms Treaty, with the exception of any moral rights conferred by such Conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system. Paragraph 3 allows the parties not to apply criminal liability in respect of the above articles, provided that other effective remedies are available and that such reservation does not derogate from the party's international obligations set forth in the international instruments referred to in paragraphs 1 and 2 of this article.
In respect of copyright and related rights, the Hungarian Criminal Code contains an article on infringement of copyright and certain rights related to copyright (Section 329/A), one on Defrauding the integrity of technological measures for the protection of copyright and certain rights related to copyright (Section 329/B), a further one on
- 18/19 -
the falsification of data related to copyright management (Section 329/C) and a section on violation of industrial design rights (Section 329/D) - previously detailed in the copyright protection title of the previous Chapter. These national articles prosecute those acts described in the Convention, and so there was no need for further modification of the Criminal Code.
Nevertheless, the problem is rather - especially with regard to computer programs - one of estimating any damage caused, According to Section 137, damage means the loss of value of one's property; the damage to one's property and the loss of financial gain. The holder of copyright is, in the case of computer programs, usually a legal person who features as importer or distributor of the product. Until the products arrive at the consumer's premises, prices will be increased at three or even four stages, and so the retail price could even be several times the original price It is, therefore, very important that, in estimating damage, it is not the retail price (or even the VAT-inclusive price) which is the basis, but the average distributor price. It is also necessary to exclude VAT since the victim of the crime is the holder of the copyright and it is the loss of this which should be taken into account and not the loss incurred by the state or tax authority, since this subsequent loss is irrelevant from the perspective of copyright-related criminal conduct. Since, according to various authors, the above articles are a product of specific lobby interests[24] these sections burden the judicature with extraordinary responsibility.
The drafting committee also wished to define their position on the electronic distribution of material of an ethnically or sexually discriminatory nature, but the time-limit for drafting did not allow for the inclusion of the relevant article. It may, however, appear in an Amending Protocol in the future.
In Hungarian law the article on incitement against a community (Section 269) is currently applicable, since it does not include a list of forms of behaviour but only requires 'incitement' to be present in any way or by any form of conduct.
It was not intended to include provisions relating to bank cards and on non-cash payment instruments; nor is the Council of Europe con-
List of Abbreviations:
Budapest Agreement 2001 Council of Europe No. 185. "Convention on Cybercrime"
OECD 1986: OECD Report, ICCP No. 10, Computer-related Crime: Analysis of Legal Policy. 1986
CoE Recommendation 1989: Council of Europe Recommendation No. R (89) 9 on computer-related crime
Annex
| Actual circumstances | OECD 1986 | CoE Recommendation 1989 | Budapest Agreement 2001 | Hungarian Criminal Code | |
| General part (definition of concepts): | |||||
| - Computer abuse | - | - computer system - computer data - service provider - traffic data | - 300/F. § computer system - 333. § interpretative provision (defini- tion of the object) | ||
| Specific part (Actual circumstances): | |||||
| Computer manipula- tion | - Computer fraud | - APPENDIX I: l.a. Computer- related fraud | - Art. 8. Computer-related fraud | - 300/C. § (3) | |
| - Computer forgery | - APPENDIX I: i.b. Computer forgery | - Art. 7. Computer-related forgery | - 274. § Forgery of Official Documents, 276. § Forgery of Private Documents, 277. § Abuse of Document, (277/A. § Counterfeiting of Individual Identifica- tion Marks) | ||
| Acts related to computer data or programs | - Hinder the functioning of a computer and/or telecommunica- tions system | - APPENDIX I: I.c. Damage to computer data or program | - Art. 2. Illegal access | - 300/C. § (1) | |
| - Art. 4. Data interference | - 300/C: § (2) a) | ||||
| - APPENDIX I: l.d. Computer sabotage | - Art. 5. System interfer- ence | - 300/C: § (2) b) | |||
| Acts of espionage | - Unauthorised interception | - APPENDIX I: I.e. Unauthor- ised access | - Art. 3. Illegal interception | - 178/A. § Infringement of Privacy | |
| - APPENDIX I: l.f. Unauthor- ised interception | |||||
| Illegal copying of pe- cuniary goods related to computers | - Unauthorised reproduction/mar- keting of a com- puter program | - APPENDIX I: l.g. Unau- thorised reproduction of a protected computer program | - Art. 10. Offences related to infringements of copy- right and related rights | - 329/A. § Infringement of Copyright and related rights; 329/ES. § Misrep- resentation of Technical Measures; 329/C. § Falsifying Data Related to Copyright Management; 329/D. § Violation of Industrial Design Rights | |
| - APPENDIX I: l.h. Unau- thorised reproduction of topography | |||||
| - Art. 6. Misuse of devices | - 300/E. § Defrauding the Integrity of a Computer Protection System or Device | ||||
| Acts related to com- puter data (there are no such offences in the OECD report and in the CoE Recom- jnendation) | - Art. 9. Offences related to child pornography | - 195/A. § Abuse with Illegal Porno- graphic Material | |||
- 19/20 -
| OECD 1986 | CoE Recommendation 1989 | Budapest Agreement 2001 | |
| Participating countries | - | Austria, Denmark, France, Germany, Greece, Italy, Luxembourg, The Neth- erlands, Norway, Portugal, Spain, Sweden, Switzerland (+ observers: Canada, Finland, USA, Japan, EEC, OECD, UN) | Ratifying countries: Albania. Armenia, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Denmark, Estonia, Finland, France, Hungary, Iceland, Latvia, Lithuania, The Netherlands, Norway, Romania, Slovenia, FYRM, Ukraine, and the United States Signed: bv 33 countries Of the 45 member states of the CoE, 8 did not even sign (the most important of the non-signing countries being Russia) |
sidering their inclusion in the future. This was concluded by the Council of Europe by wishing to define the criminal offences against computer systems and computer data in the Convention generally. In accordance with the concept of Éva Siegler[25], by examining the commentary on the interpretative provision of Section 300/F[26] we can accept that non-cash payment instruments may be interpreted as 'devices [...] for the automatic storage of data' - although bank cards are not considered in their own right as a conventional computer but either carry or store data. Therefore, to differentiate among crimes against non-cash payment instruments from the Computer crimes in Section 300/C constitutes an interpretative question. However, to exclude crimes against non-cash payment instruments from computer crime causes further problems in relation to the penalty, since similar criminal offences are subject to different levels of punishment. This has as a result highlighted the legal protection of economic crime - amongst others, crimes against non-cash payment instruments - which justifies the special provisions in this regard. This legislative measure should, nevertheless, be reconsidered.
The Hungarian legislative procedure - after the passage of ten years - finally understood the level of protection required. However, considering these differences, there are still some articles which do not conform to the Convention in their entirety. In most cases the Hungarian articles are more strict, but (for example, in respect of computer-related forgery) that section of the Criminal Code is defective according to the definition of the Council of Europe.
A separate problem in the future may lie in the specific regulation of non-cash payment instruments, something which should be reconsidered by the national legislative. A further crucial issue could be the classification of computer crime under a separate chapter in the Hungarian Criminal Code - something suggested by Zoltán Nagy regarding the specific legal object of these offences (namely, the integrity of data processing systems).[27] One final remark should be added to the latest development in the international harmonisation of criminal offences against computer systems In particular, the Framework Decision of the European Union[28], effective since the 16[th] March 2007, should be mentioned. The Framework Decision basically repeats the articles of the Cybercrime Convention, but by means of its enforcement via the third pillar of the European Union, it affords a higher level of protection to the subjects at issue. This Framework Decision grants the appropriate level of protection amongst the members of the European Union in respect of the subjects protected by the Cybercrime Convention, including even those EU countries which have still not ratified the Convention, To date, these (14 in number) still outnumber those which have ratified the Convention and comprise: Belgium, the Czech Republic, Germany, Greece, Ireland, Italy, Luxembourg, Malta, Poland, Portugal, Slovakia, Spain, Sweden and the United Kingdom[29]).
For a brief overview of the various standpoints and of Hungarian regulation, the chart below summarises the list of criminal offences discussed, providing the relevant national article on each internationally defined criminal offence. ■
NOTES
[1] See the new definition introduced by Section 78 of the 1998. (No. 87) Act into the Hungarian Criminal Code Sec. 333: 'the term "object" shall also refer to electricity and other forms of energy to be used in the economy, as well as to documents embodying pecuniary rights and non-certificated securities which in themselves ensure disposal over the pecuniary value or rights attested therein, or, in respect of non-certificated securities, to the beneficiary of the securities account"
[2] Convention on Cybercrime CETS No. 185-Council of Europe, Budapest, 2001. XI. 23.
[3] Nagy, Zoltán: Az informatika és a büntetőjog. In: Magyar Jog 1991/1.
[4] Nagy, Tibor: A számítástechnika hatása a büntetőjogra. In: Ügyészségi Értesítő 1992/2-3. p. 62
[5] Balogh, Zsolt György: Jogi informatika. Dialóg Campus Kiadó, Budapest-Pécs, 1998 p. 27
[6] OECD Computer-related Criminality: Analysis of Legal Policy, Paris, 1986
[7] Convention on Cybercrime CETS No. 185 - Council of Europe, Budapest, 2001. XI. 23.
[8] Nagy, Tibor op. cit. p. 62
[9] Villányi, József: Az Európa Tanács informatikai bűnözéssel kapcsolatos egyezményéről. In: Magyar Jog 2001/8. p. 466
[10] Siegler, Eszter: A számítógéppel kapcsolatos és a számítógépes bűncselekmények. In: Magyar Jog 1997/12. p. 742
[11] Pusztai, László: A számítógépes bűncselekmények nyomozása. In: Belügyi Szemle 1988/3, and Nagy, Zoltán: Az informatika és a büntetőjog
[12] Convention on Cybercrime - European Treaty Series, No. 185
[13] Government Resolution No. 75/1998 (24 April) on the cooperation of telecommunication organisations and secret information services, paragraph. 2. § e) communication: any sign, signal, or any other data or information except for the traffic data regardless of its form (message, writing, audio, talking, fax, data, telegraph, picture, etc.) from a terminal (or access-point) transmitted by a telecommunication network.
[14] Villányi, József op. cit. p. 465
[15] 2003 Act (No. 100) on Electronic Telecommunication, paragraph ,188. § 13-14.
[16] Government Resolution No. 75/1998, (24 April), paragraph. 2. § g)
[17] 2001 Act (No. 40) on Newscast, paragraph 110. § 29.
[18] 2001 Act (No. 121)
[19] Nagy, Zoltán: Az elektronikus adatfeldolgozó- és adatátviteli rendszerek elleni támadás büntetőjogi értékeléséről. In: Magyar Jog 1996/10. p. 599
[20] Villányi, József op. cit. p. 467
[21] Interpretation of the Criminal Code para. 25/A. § Individual identification mark is the individual marking of the producer or the responsible authority on a good (or on its component) the possession or lawful use of which is subject to official permission.
[22] Villányi, József op. cit. p. 469
[23] Peszleg, Tibor: Internet és bűnözés. In: Belügyi Szemle 2000/12. p. 34
[24] Nagy, Zoltán: Bűncselekmények az Interneten. In: Cég és Jog 2002/7-8. p. 44
[25] Siegler, Eszter op. cit. p. 740
[26] Section 300/F: For the purposes of Sections 300/C and 300/E, 'computer system' means a device or a collection of devices intended for the automatic processing, handling, storage and transmission of data.
[27] Zoltán Nagy defines the system of informatics-related crime as follows: (1) unlawful electronic interference with the course of data processing, (2) negative influencing of data processing, and (3) the unlawful obstruction of data processing, whilst he also indicates the crimes against hardware and the theft of computer time (although, in his opinion, this may be sufficiently prosecuted by labour law sanctions). In his work he also addresses the question of whether computer crime should be inserted into the Hungarian Criminal Code according to the existing classification, that is, through their legal objects (as a new method of commission or even as a separate section), or whether the circumstances require a specific chapter for computer crime only. - Nagy, Zoltán: Az informatika és a bűntetőjog p. 23
- 20/21 -
[28] Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems - Officia/ Journal L 069, 16/03/2005 P. 0067 - 0071
[29] For further information on the ratifying countries see: http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=l&DF=11/15/2007&CL=ENG
Lábjegyzetek:
[1] The author is university assistant at Faculty of Law and Political Sciences, Pázmány Péter Catholic University.
Visszaugrás
