Assoc. Prof., Dr. Nguyen Van Huong
Hanoi Law University
In order to have legal grounds to prevent and properly punish increasingly sophisticated crimes related to information technology and telecommunications (ITT) networks, which could cause very serious consequences to socio-economic activities, national defense and security, ITT-related criminal acts need to be prescribed in the Penal Code as well as specialized laws. In the 2015 Penal Code (revised in 2017) (the Code), these acts are grouped into nine crimes in Section 2 of Chapter XXI.
Typical ITT-related criminal acts
Over recent years, emerging ITT-related criminal acts include:
Hacking into databases, stealing personal information or credit card information, destroying, modifying or stealing data;
- Blocking transmission lines, compromising (attacked) computers or computer networks, causing their failure;
- Spreading computer viruses and spywares to destroy data, steal data and personal information and crack credit cards;
- Committing e-commerce frauds through online advertising and sale; virtual trading floors (foreign-currency and gold trading floors, fund raising, etc.) to appropriate others’ property;
- Using bank account and card information or counterfeiting bank cards to withdraw money, pay for services or appropriate others’ property; and,
- Causing harmful interference to obstruct the normal operation of radio systems and electronic devices, etc.
To prevent and combat IT-related criminal acts, the 1999 Penal Code prescribed three crimes in this field. As criminal acts in this field have evolved into highly sophisticated and dangerous crimes, the 2009 revised Penal Code added two IT-related crimes, raising the total number to five.
The Code increases criminal acts in this field to nine crimes. Compared to the two previous Penal Codes, we can see the following differences:
First, the Code adds two IT-related crimes not yet mentioned in the two previous codes (in Articles 285 and 291) in response to the emergence of criminal acts related to computer software and bank customer information confidentiality. Besides, it defines for the first time two crimes which are highly dangerous to telecommunications networks.
Second, the Code describes more specifically the acts constituting the crime of obstructing or disrupting the operation of computer networks, telecommunications networks and electronic devices, including intentionally deleting, damaging or altering a software or electronic data; illegally obstructing data transmission of a computer network or telecommunications network or an electronic device; or another obstructing or disordering act (Article 287.1) as compared to the 1999 and 2009 Penal Codes, thus facilitating the prevention of and fight against this crime.
Third, in addition to the above new and revised crimes, the Code changes or adds circumstances for determining penalties for different ITT network-related crimes.
It replaces the criminalizing or aggravating circumstances of “causing serious consequences”, “causing very serious consequences” and “causing particularly serious consequences” defined in the 1999 and 2009 Penal Codes with more specific ones of “causing property damage”, “causing adverse impacts on security, social order and safety or foreign relations of Vietnam”, “crippling, interrupting or stalling the operation of a computer network or telecommunications network or an electronic device”, “stalling the operation of an agency or organization”, etc.
It raises the fine level and lowers the imprisonment penalty for the crime of obstructing or disrupting the operation of computer networks, telecommunications networks and electronic devices: “… subject to a fine of between VND 30 million and 200 million or imprisonment of between six months and three years;” as compared to the 1999 Penal Code.
It lowers the highest penalty (life imprisonment) to imprisonment of 20 years for the crime of using computer networks, telecommunications networks or electronic devices to appropriate property.
It increases the lowest imprisonment term to seven years (from five years in the 1999 Penal Code) for the crimes of spreading software programs harming the operation of computer networks, telecommunications networks and electronic devices; and obstructing or disrupting the operation of computer networks, telecommunications networks and electronic devices.
It introduces a fine (of between VND 300 million to one billion) as a principal penalty on offenders illegally accessing computer networks, telecommunications networks and electronic devices of other persons.
It also raises the fine level to between VND 20 million and 100 million (from between VND 5 million and 50 million in the 1999 Penal Code).
Notwithstanding the aforesaid predominant changes, it is necessary to update the Code to criminally handle corporate offenders in newly emerging ITT network-related businesses, differentiate more properly ITT network-related crimes, and properly use more ITT and computer science terms.
First, as increasingly dangerous ITT-related acts have been committed by commercial legal persons and more and more individuals have committed such acts not for personal purposes but under instruction or permission and in the interest of commercial legal persons, especially in e-commerce, multi-level marketing and video game services, criminal charges should be imposed also on corporate employers. In the upcoming revision, the Code should hold commercial legal persons liable for such crimes as producing, purchasing or selling, exchanging or donating devices, equipment and software used for unlawful purposes.
Second, the use of a computer or telecommunications network or an electronic device to appropriate property is in essence a property-appropriating act. Therefore, the crime of using computer networks, telecommunications networks or electronic devices to appropriate property should be moved to Chapter XVI on offenses of ownership infringement. This move would help enhance awareness about the crime and decide on appropriate penalties on offenders based on the danger of their acts.
Besides, competent agencies should issue specific guidelines on the handling of this crime in order to unify the interpretation and application of the Code, especially to avoid punishing the act of using counterfeit credit cards to withdraw money or pay for goods or services as the crime of making, stockpiling, transporting or circulating counterfeit negotiable instruments or other counterfeit valuable papers.
Third, the description of acts constituting the IT-related crimes in the Code is too qualitative and there are not enough grounds to distinguish these crimes from similar administrative violations. For example, the acts constituting the crime of using computer networks, telecommunications networks or electronic devices to appropriate property are defined in the Code for the purpose “to appropriate property” without a specific value of appropriated property. Similar acts are described in Article 74 of Government Decree 174 dated November 13, 2013, on sanctioning of administrative violations in post, telecommunications, information technology and radio frequencies, which are subject to administrative sanctioning. This might cause different ways of punishment and thus requires detailed guidance or even abolition of Article 74 of Decree 174.
Fourth, the use of terms to prescribe the IT-related crimes in the Code should be consistent. For example, one of the aggravating circumstances of the crimes of humiliating other persons and slander is “using a computer network, a telecommunications network or an electronic device to commit the offense”, while that of the crimes of gambling and disseminating debauched cultural products is “using the Internet, a computer network or telecommunications network or an electronic device to commit the offense.” Since computer networks and the Internet are different things, this provision should be rewritten to use the term computer network(s) instead of the Internet, local-area networks or other internal networks.
Fifth, in order to prevent the misuse of radio frequencies which are exclusively reserved for emergency, safety, search, rescue, salvage, national defense or security due to lack of information, and to have grounds to strictly handle those intentionally committing this act, the Ministry of Information and Communications should provide more specific guidance on radio frequencies for exclusive use, particularly national defense and security, besides Circular 19 dated December 2, 2013, on radio frequencies for emergency, safety, search and rescue at sea and in civil aviation.-