20 1 1 August/year 1 day
French interpretation [20 1 1]No. 19
Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases Endangering the Security of Computer Information Systems
(Adopted at the1524th meeting of the Judicial Committee of the Supreme People's Court on June 20, 2006 and at the 63rd meeting of the 11th Procuratorial Committee of the Supreme People's Procuratorate on July 20, 2006)
In order to punish criminal activities that endanger the security of computer information systems according to law, according to the provisions of the Criminal Law of People's Republic of China (PRC) and the Decision of NPC Standing Committee on Maintaining Internet Security, some issues concerning the application of law in handling such criminal cases are explained as follows:
Article 1 Whoever illegally obtains data from a computer information system or illegally controls a computer information system under any of the following circumstances shall be deemed as "serious" as stipulated in the second paragraph of Article 285 of the Criminal Law:
(1) Obtaining more than ten groups of identity authentication information of online financial services such as payment and settlement, securities trading and futures trading;
(two) to obtain more than 500 groups of identity authentication information other than item (a);
(3) illegally controlling more than 20 computer information systems;
(four) the illegal income of more than five thousand yuan or caused economic losses of more than ten thousand yuan;
(five) other serious circumstances.
The implementation of the acts specified in the preceding paragraph, under any of the following circumstances, shall be deemed as "the circumstances are particularly serious" as stipulated in the second paragraph of Article 285 of the Criminal Law:
(1) The quantity or amount reaches more than five times the standards specified in Items (1) to (4) of the preceding paragraph;
(2) Other particularly serious circumstances.
Whoever knowingly uses a computer information system illegally controlled by others shall be convicted and punished in accordance with the provisions of the preceding two paragraphs.
Article 2 Programs and tools under any of the following circumstances shall be recognized as "programs and tools specially used for invading and illegally controlling computer information systems" as stipulated in the third paragraph of Article 285 of the Criminal Law:
(1) Having the function of evading or breaking through the security protection measures of computer information system and obtaining data of computer information system without authorization or beyond authorization;
(2) Having the function of evading or breaking through the security protection measures of computer information systems and controlling computer information systems without authorization or beyond authorization;
(3) Other programs and tools specially used for invading, illegally controlling computer information systems and illegally obtaining data of computer information systems.
Article 3 The provision of programs and tools that invade or illegally control computer information systems shall be deemed as "serious" as stipulated in the third paragraph of Article 285 of the Criminal Law in any of the following circumstances:
(1) Providing special procedures and tools that can be used to illegally obtain identity authentication information of online financial services such as payment and settlement, securities trading and futures trading for more than five times;
(2) providing programs and tools other than those mentioned in Item (1) and invading or illegally controlling the computer information system for more than 20 times;
(3) Providing programs and tools to others for more than five times, knowing that others have committed illegal and criminal acts of illegally obtaining identity authentication information of online financial services such as payment and settlement, securities trading and futures trading;
(4) knowingly providing programs and tools to others for more than 20 times, knowing that others have committed illegal and criminal acts of invading and illegally controlling computer information systems other than those mentioned in Item (3);
(five) the illegal income of more than five thousand yuan or caused economic losses of more than ten thousand yuan;
(six) other serious circumstances.
Anyone who commits one of the following acts specified in the preceding paragraph shall be deemed as providing programs or tools to invade or illegally control computer information systems, and the circumstances are "especially serious":
(1) The quantity or amount reaches more than five times the standards specified in Items (1) to (5) of the preceding paragraph;
(2) Other particularly serious circumstances.
Article 4 Whoever sabotages the functions, data or applications of a computer information system under any of the following circumstances shall be deemed as "serious consequences" as stipulated in the first and second paragraphs of Article 286 of the Criminal Law:
(1) Causing the main software or hardware of more than ten computer information systems to fail to operate normally;
(2) Deleting, modifying or adding operations to data stored, processed or transmitted in more than 20 computer information systems;
(three) the illegal income of more than five thousand yuan or caused economic losses of more than ten thousand yuan;
(4) The computer information system that provides basic services such as domain name resolution, identity authentication and billing for more than 100 computer information systems or provides services for more than 1 10,000 users cannot operate normally 1 hour or more;
(5) Causing other serious consequences.
The implementation of the acts specified in the preceding paragraph, in any of the following circumstances, shall be deemed as "particularly serious consequences" for the destruction of computer information systems:
(1) The quantity or amount reaches more than five times the standards specified in Items (1) to (3) of the preceding paragraph;
(2) The computer information system that provides basic services such as domain name resolution, identity authentication and billing for more than 500 computer information systems or provides services for more than 50,000 users cannot operate normally 1 hour or more;
(3) Destroying the functions, data or application programs of state organs or computer information systems that provide public services in the fields of finance, telecommunications, transportation, education, medical care and energy, which seriously affects production and life or causes adverse social impact;
(4) Causing other particularly serious consequences.
Article 5 A program under any of the following circumstances shall be recognized as a "destructive program such as computer virus" as stipulated in the third paragraph of Article 286 of the Criminal Law:
(1) Being able to copy and spread part, whole or variant of itself through the network, storage media, files and other media, and destroying the functions, data or application programs of the computer system;
(2) It can be triggered automatically under preset conditions, destroying the functions, data or application programs of the computer system;
(3) Other programs specially used to destroy the functions, data or applications of computer systems.
Article 6 Deliberately making and spreading destructive programs such as computer viruses, which affect the normal operation of computer systems, shall be deemed as "serious consequences" as stipulated in the third paragraph of Article 286 of the Criminal Law under any of the following circumstances:
(1) Making, providing or disseminating the program specified in Item (1) of Article 5, which causes the program to be disseminated through the media such as network, storage media and files;
(2) Causing more than 20 computer systems to be implanted with the programs specified in Items (2) and (3) of Article 5;
(3) Providing destructive programs such as computer viruses for more than ten times;
(four) the illegal income of more than five thousand yuan or caused economic losses of more than ten thousand yuan;
(5) Causing other serious consequences.
The implementation of the acts specified in the preceding paragraph, in any of the following circumstances, shall be deemed as "particularly serious consequences" for the destruction of computer information systems:
(a) the production, provision and dissemination of the program specified in Item (1) of Article 5, which leads to the dissemination of the program through the Internet, storage media, files and other media, seriously affecting production and life or causing adverse social impact;
(2) The quantity or amount reaches more than five times the standard specified in Items (2) to (4) of the preceding paragraph;
(3) Causing other particularly serious consequences.
Article 7 Whoever knowingly transfers, purchases, sells or conceals the data obtained by the crime of illegally obtaining computer information system data or the control right of computer information system obtained by the crime of illegally controlling computer information system, shall be convicted and punished in accordance with the provisions of the first paragraph of Article 312 of the Criminal Law.
Whoever commits the acts listed in the preceding paragraph and illegally gains more than 50,000 yuan shall be deemed as "serious circumstances" as stipulated in the first paragraph of Article 312 of the Criminal Law.
Where a unit commits the acts specified in the first paragraph, the standards for conviction and sentencing shall be implemented in accordance with the provisions in the first and second paragraphs.
Article 8 Where a crime endangering the security of computer information systems is committed in the name of a unit or in the form of a unit, and the conviction and sentencing standards stipulated in this Interpretation are met, the directly responsible person in charge and other directly responsible personnel shall be investigated for criminal responsibility in accordance with the provisions of Articles 285 and 286 of the Criminal Law.
Article 9 Whoever knowingly commits one of the following acts as stipulated in Articles 285 and 286 of the Criminal Law shall be treated as an accomplice and punished in accordance with the provisions of Articles 285 and 286 of the Criminal Law:
(1) Providing programs and tools that damage the functions, data or applications of computer information systems, and the illegal income is more than 5,000 yuan or provided for more than 10 times;
(two) to provide Internet access, server hosting, network storage space, communication transmission channels, fee settlement, trading services, advertising services, technical training, technical support and other help, the illegal income of more than 5000 yuan;
(three) to entrust software promotion, advertising and other ways to provide funds of more than 5000 yuan.
Whoever commits the acts listed in the preceding paragraph, the quantity or amount of which reaches more than five times the standard specified in the preceding paragraph, shall be deemed as "especially serious circumstances" or "especially serious consequences" as stipulated in Articles 285 and 286 of the Criminal Law.
Article 10 If it is difficult to determine whether it belongs to "computer information systems in the fields of state affairs, national defense construction and cutting-edge science and technology", "programs and tools specially used to invade and illegally control computer information systems" or "destructive programs such as computer viruses" as stipulated in Articles 285 and 286 of the Criminal Law, the department responsible for the security protection and management of computer information systems at or above the provincial level shall be entrusted to conduct inspection. According to the inspection conclusion, combined with the specific circumstances of the case, determined by the judicial organs.
Article 11 Computer information systems and computer systems mentioned in this Interpretation refer to systems with the function of automatically processing data, including computers, network equipment, communication equipment and automatic control equipment.
The identity authentication information mentioned in this interpretation refers to the data used to confirm the user's operating authority on the computer information system, including account number, password, password, digital certificate, etc.
The economic losses mentioned in this interpretation include the economic losses directly caused to users by criminal acts endangering computer information systems, and the necessary expenses paid by users for restoring data and functions.