|
From: Henry_Waldock@mtsg.ubc.ca Message-Id: <1516894@mtsg.ubc.ca> I am a Canadian law student with a BSc in Computer Science. I'm doing a paper on computer viruses and the Criminal Law. When the Canadian Parliament considered computer mis-use, viruses were not a problem, but the legislation they produced isn't bad. (I will attach a copy at the end of this message.) They created a kind of "trespass to information" which they called "unauthorized access to a computer system", and a kind of "vandalism to information", which they called "unauthorized alteration or destruction of computerized data". My major criticism is that they didn't explicitly criminalize the unauthorized consumption of computer resources. While the language they chose may not suit your purposes exactly, the three concepts of 1) unauthorized access to services (and data), 2) unauthorized consumption of services, and 3) unauthorized alteration/destruction of data should cover most forms of computer abuse. If you define the purposes for which a user is _authorized_ to use his or her own account/equipment, you can limit even private commercial usage. See also the California Penal Code s.502, and the Pennsylvania 18 PA Cons. Stat. Amm s. 3933. (Note that these are the old section numbers. The Canadian Criminal Code was re-numbered on Jan 1, 1989.) The Canadian Criminal Code 301.2?(1) Every one who fraudulently and without color of right (a) obtains, directly or indirectly, any computer service, (b) by means of an electormagnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, or (c) causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 387 in relation to data or a computer system is guilty of an indictable offence and is liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction. (2) In this section, "computer program" means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function; "computer service" includes data processing and the storage or retrieval of data; "computer system" means a device that, or a group of interconnected or related devices one or more of which, (a) contains computer programs or other data, and (b) pursuant to computer programs, (i) performs logic and control, and (ii) may perform any other function; "data" means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer system; "electromagnetic, acoustic, mechanical or other device" means any device or apparatus that is used or is capable of being used to intercept any function of a computer system, but does not include a hearing aid used to correct subnormal hearing of the user to not better than normal hearing; "function" includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer system; "intercept" includes listen to or record a function of a computer system, or acquire the substance, meaning or purport thereof. 387. ... (1.1) Every one commits mischief who wilfully (a) destroys or alters data; (b) renders data meaningless, useless or ineffective; (c) obstructs, interrupts or interferes with the lawful use of data; or (d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto. (8) In this section, "data" has the same meaning as in section 301.2.