(by Dario Scrivano, lawyer and Aidr partner) The digital revolution, which took place with the spread of the internet and computer systems in general, is there for all to see and is a fact now acquired in common knowledge.
The infinite opportunities, provided by the network and by the use of computers, have unfortunately also been seized by criminals, who exploit them to the detriment of users and therefore of the community.
The legislator could not remain inert, therefore he intervened by sanctioning some conducts.
The first and fundamental legislative intervention is constituted by Law 547/93, whose heading is: Amendments and additions to the rules of the criminal code and the code of criminal procedure on the subject of cybercrime.
Therefore the need to regulate new cases and integrate, updating the previous regulatory provisions, felt urgent already in 1993.
Examining the new crime figures, introduced by the aforementioned Law, Computer Fraud stands out, which is indicated, not coincidentally, in Article 640 ter of the Criminal Code, as a logical / systematic continuation of Article 640 of the Criminal Code, which governs the crime of fraud.
In fact, computer fraud is closely linked to scam, since in both articles the achievement of an unfair profit is punished.
In computer fraud the alteration, in any way, of the functioning of a computer system in order to obtain an unfair profit is sanctioned, in the fraud the achievement of an unfair profit through the use of artifices or deceptions is punished.
One of the most common computer frauds is the practice of phishing, a case of phishing school is to send, to the person victim of the fraud, an email containing a link, which seems to refer to the website of his credit institution, but which in reality it's just a clone of the bank's home page, so entering the login credentials will give it to the fraudster.
In the third coma of the same article, the crime of improper use or digital identity theft was introduced with Law 93/2013, which is strictly connected to the practice of phishing, since it is precisely by stealing personal data with deceptive emails that manages to steal the digital identity, especially the financial one, of the victim.
In the United States, digital health identity theft has recently taken place, millions of insurance policy numbers and related identities have been used to obtain free medical services.
There are dozens of cases relating to identity theft, the most innovative concern the combination of personal data belonging to different subjects in order to create a new identity, so as to have access to online credit and insurance services, in this sense very widespread in United States, is the identity theft of minors with the American system of social security numbers, which allows you to have a totally “clean” past from the point of view of access to credit or a criminal record.
Article 615 ter of the Criminal Code, on the other hand, falls within the fourth section of the second book of the criminal code, which deals with crimes against the inviolability of the home.
In fact, Article 615 ter of the Criminal Code punishes unauthorized access to a protected IT or telematic system, the analogy with the violation of a home, even if digital, is evident, in fact an IT system is similar to a digital home, since the inside we carry out our daily activities and store our non-analog goods, moreover, as a house, it is protected by alarm systems, grates, armored doors and the like to avoid intrusions and theft, in the same way we are led to protect our digital home / computer system with antivirus, antispyware and more.
This regulatory provision also sanctions those who, despite being authorized to access the system, violate the conditions and limits of access determined by the owner of the system.
One of the purposes that induce someone to make an unauthorized access to a protected IT or telematic system, is made explicit by Art 615 quater of the Italian Criminal Code, which punishes the illegal possession and dissemination of access codes to protected IT and telematic systems.
One of the conducts, which integrates this crime, is that of those who receive credit or debit card codes from a third party, to insert them on cloned cards and withdraw cash or make payments.
Often the criminal design is divided into two phases, the first is to illegally access the computer system to steal the credit card codes and in the second to resell them, then disseminate them, in order to create cloned payment cards.
Another possible purpose, which induces someone to illegally enter a computer or telematic system, is to sabotage it, this conduct is punished by Article 615 quinquies, which provides for the imposition of a penalty for the dissemination of equipment, devices or computer programs. aimed at damaging or interrupting a computer or telematic system.
The news of these weeks can be useful to understand the ratio legis of this article, a few weeks ago the Axios system, which deals with digital school registers, was hacked and a "ransom" in bitcoin was requested to restore its correct functioning .
A similar case has occupied the news overseas, in fact last week the US company "Colonial pipeline", which manages oil pipelines, succumbed to blackmail, paying five million dollars in bitcoin, to restore its IT systems following a hacker attack that had rendered them unusable.
Obviously these behaviors involve a computer crime, but also many "analog" crimes including extortion.
We have already had the opportunity to examine the close correlation between the formulation of the “classic” crime figures and computer crimes and also the next cases that we will analyze are no exception.
In fact, in the second book, in the fifth section, of the penal code, we find crimes against the inviolability of secrets, a set of rules whose protected legal good is represented by correspondence, telephone and telegraphic conversations, essential means of communication that are protected by a sanctioning system that guarantees its confidentiality and punishes its falsification.
Law 547/93, intended to extend these guarantees and sanctions also to the means of communication of the digital age, therefore, Art 617 quater of the Criminal Code pursues cases of interception, impediment or illegal interruption of computer or telematic communication art 617 quinquies of the Criminal Code sanctions the installation of equipment designed to intercept, prevent or interrupt computer and telematic communications, the consequences of these conducts very often lead us to the regulatory provision contained in the following article 617 sexies of the Criminal Code which punishes the falsification, alteration or suppression the content of computer or telematic communications.
It is evident that in order to falsify or alter a communication it is first necessary to intercept it, furthermore the legislator wanted to guarantee, with the combined provisions of the aforementioned articles, both the transmission and the content of this new type of communications, now essential in our daily life and work and relationship.
The digital revolution, which we are experiencing as lucky protagonists, could not be ignored by the European institutions, which have addressed the issue of cybercrime on several occasions and with various measures.
Among these, worthy of note is certainly the Council of Europe convention stipulated in Budapest on November 23, 2001, the execution of which, introduced in our legal system, Article 635 bis of the penal code, which provides for penalties for the damage of '' information, data and computer programs and Article 635 ter of the Criminal Code, which sanctions, with an autonomous figure of crime, the cases in which there is damage to information, data and programs used by the State or by another public body or in any case of public utility.
Of the same tenor and with the same strong European character are Article 635 quater which punishes damage to computer or telematic systems and 635 quinquies if the computer or telematic systems are of public utility.
Having placed these new crimes in the section of the penal code that deals with crimes against property through violence to things and people, is the recognition that the legislator wanted to attribute to the immense value that these intangible assets have acquired over time.
This absolutely illustrative overview of computer crimes provides the starting point for two concluding reflections.
The first, that the national and transnational institutions, have prepared a series of legislative instruments that have introduced important protections for citizens, but the digital revolution advances and with it the opportunities for growth, progress, but this inevitably opens up spaces for new criminal activities. , therefore it is essential that the law never marks the passage.
The second is a paternalistic consideration, rather than a juridical one, citizens must also have an attitude of great prudence, since the digital world offers splendid opportunities but hides pitfalls and dangers as much, if not more, than the analogue one and none norm will never be able to guarantee such an extensive protection as to be beyond the wisdom and foresight of the individual.