CBL’s Introduction
The following are the two key VPN & computer crimes laws translated by CBL into American English using the User Centered Translation approach. They cover what IT breaches and unlawful telecom services constitute crimes. Some key highlights include:
- Data theft, program distribution, or system control felony grading thresholds.
- Sentencing guidelines are based on total illegal proceeds and lost profit to telecommunications providers.
- Joint criminal offenses are imposed on hosting, access, or payment providers and facilitators, with personal criminal liability for service providers’ management.
Contents
Damage to Telecommunications Market Integrity Adjudicative Guidelines
Computer Crimes Adjudicative Guidelines
- Illegal Access and Control (§§ 1-4)
- Destructive Programs (§§ 5-6)
- Liability (§§ 7-9)
- Evidentiary Determinations (§§ 10-11)
Damage to Telecommunications Market Integrity – Adjudicative Guidelines
Supreme Court
Adjudicative Guidelines [2000] No. 12
(Adopted by the Supreme Court Judicial Committee during 1113th Session on April 28, 2000, effective May 24, 2000, issued by Supreme Court on May 12, 2000).
The following Adjudicative Guidelines are issued under the China Criminal Law Act to provide for criminal penalties for damaging telecommunications market integrity:
Section 1 A person commits an unlawful business offense under Section 225(d) of the China Criminal Law Act, if the person, in violation of Chinese law, carries on for-profit activities through unlawful international or Hong Kong, Macao, and Taiwan telecommunications services, and if such conduct damages market integrity and constitutes a material violation.
Section 2 An offense in Section 1 of these Guidelines constitutes felony unlawful business if:
(a) Operating an outbound call service and its amount exceeds 1,000,000 yuan;
(b) Resulting in losses of telecommunications charges that exceeds 1,000,000 yuan when operating an inbound call service.
The following offenses constitute major felony unlawful business if:
(a) Operating an outbound call service and its amount exceeds 5,000,000 yuan;
(b) Resulting in losses of telecommunications charges that exceeds 5,000,000 yuan when operating inbound call service.
Section 3 An offense under § 1 of these Guidelines that involves an operating amount or lost telecommunications charges near the thresholds for a felony or major felony unlawful business offense shall constitute a felony or a major felony separately, if the offender:
(a) Was subject to administrative penalties twice or more within two years for providing unauthorized international or Hong Kong, Macao, and Taiwan telecommunications services;
(b) Causes other serious harm due to providing unlawful international or Hong Kong, Macao, and Taiwan telecommunications services.
Section 4 An entity is liable for financial penalty for an offense under § 1 of these Guidelines, and its managers and other directly responsible persons shall be prosecuted under §§ 2-3 of these Guidelines.
Section 5 A person commits an offense of unlawful business and harm to market integrity under the China Criminal Law Act § 288, if the person unlawfully sets up or uses radio stations and occupies frequency bands, and provides unauthorized international or Hong Kong, Macao, and Taiwan telecommunications services, subject to penalty at the grade of the offense.
Section 6 An employee of a state-owned telecommunications enterprise commits an offense under the Criminal Law Act § 168 if the person causes the enterprise to file for bankruptcy or incur major financial losses or causes significant damage to the national interest due to gross negligence or abuse of authority.
Section 7 A person commits a theft offense under the China Criminal Law Act § 264 if the person causes significant losses of telecommunications charges by illegally recharging calling cards.
Section 8 A person commits a theft offense under the China Criminal Law Act § 264 if the person steals another person’s online account or passwords to access networks and causes significant losses of telecommunications charges for others.
Section 9 A person commits a fraud offense under the China Criminal Law Act § 266 if the person causes significant losses of telecommunications charges by using forged or fraudulent identity documents to access the network and use cell phones.
Section 10 The “outbound call service” of these Guidelines shall be calculated based on the total duration (in minutes) used by the actor of unlawfully provided international or Hong Kong, Macao, and Taiwan telecommunications services, multiplied by the usage charge per minute of services used by the actor.
The “losses of telecommunications charges” of these Guidelines shall be calculated based on the total duration (in minutes) used by the actor of unlawfully provided international or Hong Kong, Macao, and Taiwan telecommunications services, multiplied by the international charging rates per minute that China should have received for lawful telecommunications services.
Criminal Information Technology System Security Offense Adjudicative Guidelines
Supreme Court & Supreme Procuratorate
Adjudicative Guidelines [2011] No. 19
(Adopted by the Supreme Court Judicial Committee during the 1524th Session on June 20, 2011, and the Supreme Procuratorate during the 63th Session of the 11th Procuratorial Committee on July 11, 2011, shall take effect from September 1, 2011, are hereby issued by the Supreme Court and Supreme Procuratorate on August 1, 2011)
The purpose of these adjudicatory guidelines is to provide for information technology system security crime offense penalties under the China Criminal Law Act and Safeguarding Network Security Decision (National People’s Congress Standing Committee):
Section 1 Illegally obtaining IT system data and or illegally controlling an IT system is a felony under the China Criminal Law Act § 285(b) if:
(a) Obtaining over ten identity authentication data records for financial network services, including payments, securities trading, and futures trading services;
(b) Obtaining over five hundred identity authentication data records, other than those described in § 1(a);
(c) Illegally taking control of over twenty IT systems;
(d) The illegal proceeds exceed 5,000 yuan or financial losses exceed 10,000 yuan; or
(e) Other grossly aggravating factors.
Actions described in the preceding paragraph shall constitute a major felony under the China Criminal Law Act § 285(b) if:
(a) The volume or amount involved exceeds five times the thresholds as provided in § 1(a) to 1(d);
(b) There are any extraordinary aggravating factors.
The conviction and punishment specified in the preceding two subsections shall be applied when one knowingly utilizes the control of an information technology system that is illegally controlled by others.
Section 2 “Programs or tools expressly designed to intrude into or control information technology systems” under the China Criminal Law Act § 285(c) includes programs and tools that:
(a) Can be used to bypass or breach IT security measures and obtain data from those systems without authorization or exceeding authorized access;
(b) Can be used to bypass or breach IT security measures and control an IT system without authorization or exceeding authorized access; and
(c) Other programs or tools designed for unlawfully controlling an IT system and obtaining information technology system data.
Section 3 Providing programs and tools that can be used to intrude into or control an information technology system are a felony under the China Criminal Law Act § 285(c), when:
(a) Providing programs and tools to others more than five times, where such programs and tools are designed to unlawfully obtain identity authentication information for financial network services, including payments, securities trading, and futures trading services;
(b) Providing programs or tools designed to intrude into and unlawfully control information technology systems to others more than twenty times, except the programs or tools under § 3(a);
(c) Providing programs or tools to others more than five times knowing it is used to unlawfully obtain identity authentication information for financial network services, including payments, securities trading, and futures trading;
(d) Providing a program or tool to others knowing it is used to unlawfully control information technology systems except for the crimes under § 3(c) for more than twenty times;
(e) Causing illegal proceeds to exceed 5,000 yuan or financial losses to exceed 10,000 yuan; or
(f) There are any extraordinary aggravating factors.
Actions in preceding paragraph are a major felony provision of programs or tools designed to intrude into and unlawfully control information technology systems if:
(a) The volume or amount involved exceeds five times of the thresholds specified in the § 3(a) to 3(e); or
(b) There are any extraordinary aggravating factors.
Section 4 Subverting the functionality, data, and applications of information technology systems shall constitute a major harm under the China Criminal Law Act § 286(a)-(b) if:
(a) The core software or hardware malfunction in over ten information technology systems;
(b) Data stored, resolved, or shared in more than twenty information technology systems are deleted, altered, or added;
(c) The illegal proceeds exceed 5,000 yuan or financial losses exceed 10,000 yuan;
(d) Information technology systems malfunction for a duration exceeding 1 hour, where such systems provide basic services like DNS resolution, identity authentication, billing services to more than 100 systems, or provide services to more than 10,000 users; or
(e) Causing other major harm.
Actions in the preceding paragraph are extraordinary harm when subverting information technology systems if:
(a) The volume or amount involved exceeds five times the thresholds as provided in § 4(a) to 4(c);
(b) Causing the malfunction of information technology systems for a duration exceeding 1 hour, where such systems provide basic services including DNS resolution, identity authentication, and billing services to more than 500 systems, or provide services to more than 50,000 users;
(c) Subverting the functionality, data or applications of an information technology system that provides public services for national agencies or fields including finance, telecommunications, transportation, education, health care and energy, and causing disruption to commerce, public inconvenience, or imminent danger to the public health or safety; or
(d) Causing other aggravated consequences.
Section 5 “Destructive programs such as a computer virus” under the China Criminal Law Act §286(c) are those that:
(a) Reproduce or spread itself, in part, in whole or in variants through media, including a network, storage media, or documents, and damage the functionality, data or applications of a computer system;
(b) Automatically damage the functionality, data, and applications of a computer system using a preset configuration; or
(c) Are other programs expressly designed for destroying the functionality, data, and applications of a computer system.
Section 6 Intentionally creating and spreading damaging programs such as a computer virus, causing the malfunction of a computer system is a major harm under the China Criminal Law Act §286(c) if:
(a) Creating, providing, and sharing a program described in § 5(a), which causes spread through media including without limitation, networks, storage media, documents;
(b) Causes more than 20 computer systems to be infected with the programs described in § 5(b) and 5(c);
(c) Providing destructive programs such as a computer virus to others more than 10 times;
(d) The illegal proceeds exceed 5,000 yuan or financial losses exceed 10,000 yuan; or
(e) Causing other major harm.
Actions in the preceding paragraph are extraordinary harm when subverting information technology systems if:
(a) Creating, providing, and sharing the programs as provided in § 5(a), spreading them through media including without limitation the network, storage media, documents, causing disruption to commerce, public inconvenience, or creating imminent danger to the public health or safety;
(b) The volume or amount involved exceeds five times the thresholds as provided in the (b) to (d) of the preceding paragraph; or
(c) Causing other extraordinary harm.
Section 7 A person commits an offense of unlawful disguise or concealment of illegal income origin under China Criminal Law Act §312(a), if the person uses means including without limitation unlawful transfer or acquisition to disguise or conceal illegal proceeds from sale of data or control of an information technology system in an amount exceeding 5,000 yuan and knows that the data or control of an information technology system was unlawfully obtained.
Actions described in the preceding paragraph shall constitute a felony under the China Criminal Law Act §312(a), if the illegal proceeds exceed 50,000 yuan.
Sentencing guidelines in the first and second paragraphs shall be applied when an entity commits an offense in the first paragraph.
Section 8 A manager and other directly responsible person shall be subject to criminal prosecution under the China Criminal Law Act §§285 and 286 if the individual commits an information technology system security offense in the name of an entity or through an entity that meets the sentencing thresholds in these Guidelines.
Section 9 Knowledge of other persons commission of an offense under China Criminal Law Act §§285 and 286 shall be charged as a joint crime under the Criminal Law Act §§285 and 286, when:
(a) Providing programs or tools to others more than ten times or the illegal proceeds exceed 5,000 yuan, where such programs or tools can be used to damage functionality and data of an information technology system or an application;
(b) Providing assistance including without limitation network access, server hosting, network storage space, communication transmission channels, payments, transactions, advertising, technical training, technical support, where the illegal proceeds exceed 5,000 yuan; or
(c) Providing funds exceeding 5,000 yuan through commissioning promotion of software or placing advertisements.
Actions described in the preceding paragraph shall constitute a major felony or extraordinary harm under the China Criminal Law Act §§285 and 286 if the volume or amount involved exceeds five times the thresholds as provided in the preceding paragraph.
Section 10 The provincial information system security agency and its parent agency shall conduct evaluations in cases where it is difficult to determine whether an information technology system pertains to government, defense construction, advanced technology, whether programs and tools can be used to intrude into or unlawfully control information technology systems, or whether programs such as computer viruses can be used to cause damage under the China Criminal Law Act §§285 and 286. The justice agency shall then determine based on the evaluations combined with the specific cases.
Section 11 “Information technology system” and “computer system” in these Guidelines mean any systems capable of processing data automatically, including computers, network devices, communications devices, or automated control devices.
“Authentication credentials” in these Guidelines mean data used to confirm the user’s authorization to operate the information technology system, including account numbers, passcodes, passwords, and digital certificates.
“Financial loss” in these Guidelines means the direct financial loss incurred by a user and the costs incurred by the user to restore data and functionality as a result of an information technology systems offense.
******************
These guidelines were was translated to American English from the following government publications:
“最高人民法院关于审理扰乱电信市场管理秩序案件具体应用法律若干问题的解释”
“关于办理危害计算机信息系统安全刑事案件应用法律若干问题的解释”