Anda di halaman 1dari 27

Cybercrime Legislation in the

Asia-Pacific Region

Australian Institute of Criminology


Technical and Background Paper Series
No. 1

Gregor Urbas
Australian Institute of Criminology

Australian Institute of Criminology 2001

Note
This is a revised version of a background paper prepared for the First Asia
Cybercrime Summit held at the Centre for Criminology at the University of Hong
Kong during 2526 April 2001 (see http://www.hku.hk/crime/). The research was
based on legislation and secondary materials available to the Australian Institute of
Criminology at the time of writing, which may not include recent amendments in
some jurisdictions.

Contents

1 Introduction ............................................................................................................ 5
2 The Importance of Adequate Legislation to Address Cybercrime ............................. 6
3 Comparative Analysis of Legislative Cybercrime Provisions in
the Asia-Pacific Region ........................................................................................... 11
4 Significant Developments in Cybercrime Enforcement in the
Asia-Pacific Region ................................................................................................. 23
5 Conclusion............................................................................................................. 25
References ................................................................................................................... 26

Cybercrime Legislation in the Asia-Pacific Region

Abbreviations

AIC

Australian Institute of Criminology

Art.

article

Cap.

Capital

CDPC

European Committee on Crime Problems

HITEC

Hi-tech crime Technical Expert Center (Japan)

IIPA

International Intellectual Property Alliance

IPR

intellectual property rights

section

TCP/IP

Transmission Control Protocol/Internet Protocol

UNAFEI

Asia and Far East Institute of the United Nations

UNESCO

United Nations Educational, Scientific and Cultural Organisation

USTR

United States Trade Representative

WIPO

World Intellectual Property Organisation

WTO

World Trade Organisation

Australian Institute of Criminology

1 Introduction

Cybercrime is becoming increasingly recognised as a problem requiring the attention


of governments, law enforcement agencies and the justice systems of countries in the
Asia-Pacific region. Jurisdictions that already have highly developed computing and
digital communications infrastructures have, over the last decade or so, been forced to
confront the expansion of criminality into the cyberworld, and to evaluate the adequacy
of existing legal systems to deal with this phenomenon. Other countries developing
their information technology systems from a less advanced base are similarly forced to
evaluate the adequacy of their legal systems in order to ensure the transnational
investment and cooperation required for such development.
Substantive criminal law, supplemented by commercial and intellectual property
protection law, may in part already prohibit a range of misconduct directed towards or
involving computers or associated information technology. However, the experience of
many jurisdictions is that gaps and inadequacies in traditional offence provisions
necessitate the consideration of more specific laws targeting cybercrime.
The following investigation compares the main existing legislative offence provisions
applicable to cybercrime in China (including Hong Kong), Taiwan, Japan, Korea, the
Philippines, Thailand, Malaysia, Singapore, India, Australia, New Zealand, Vietnam,
Cambodia and Laos. The aim is to identify those jurisdictions with more comprehensive
laws, and to suggest how they might provide a model for other jurisdictions. The
approach taken includes consideration of the differing legal, social and political contexts
of these laws, and emphasises aspects of effective policing and enforcement that go
beyond criminal or penal sanctions.
It should be emphasised that criminal or penal sanctions can only be one element of the
overall response to cybercrime in each country, and such sanctions are not necessarily
the most efficient or desirable form of response. Other ways of preventing or
minimising the harm of cybercrime include technological measures, regulatory controls
and civil proceedings. In the last resort, however, most jurisdictions have recognised the
need for some form of punitive measures, particularly where the level of criminality or
harm caused or threatened is especially serious.

Cybercrime Legislation in the Asia-Pacific Region

2 The Importance of Adequate


Legislation to Address Cybercrime

Grabosky and Smith (1998) identify the following categories of crime emerging in the
digital age: illegal telecommunications interception; electronic vandalism or terrorism;
theft of communications services; telecommunications and associated intellectual
property piracy; electronic distribution of pornography; electronic fraud; electronic
funds transfer crime; and money laundering. While many of these categories of crime
can be prosecuted under a combination of existing criminal, commercial and intellectual
property laws, it is clear that additional legislation is often required in order to deal with
certain kinds of computer-related illegalities. These crimes are becoming increasingly
referred to as cybercrimes.

What is Cybercrime?
While there is no universally accepted general definition of cybercrime, much less
national legislation explicitly employing the term,1 it can be seen that cybercrime
comprises two overlapping domains. The first is illegal activities directed at or
perpetrated through the use of computers. This can include theft of computers, wilful
damage to computers or computer systems, unlawful access to or interference with the
operation of computers, transmitting offensive or illegal content using computers, and
committing fraud or other offences through the use of computers (Sieber 1998; United
States Department of Justice 2000; Grabosky, Smith & Dempsey 2001).
A related area is the protection of information. This has been a concern of legal systems
from well before the introduction of modern technologies of mass communication, but
is clearly brought into focus by the development of global computer-based information
networks such as the World Wide Web and the Internet (Tan 2000).2 Principal legal
measures related to the protection of information from unlawful use, distribution or
exploitation include intellectual property laws, privacy laws, laws relating to secrecy and
national security, and laws relating to unfair commercial advantage.

New laws introduced in Malaysia in 1997 covering computer crimes, copyright, telemedicine and digital signatures were
promoted by the Malaysian Governments Multimedia Super Corridor as a package of cyberlaws (http://www.mdc.com.my/
msc.comm/html/cyberights01.html). In India, Chapter X of the Information Technology Act 2000 establishes the Cyber
Regulations Appellate Tribunal: Ministry of Law, Justice and Company Affairs (Legislative Department), accessible through
Ministry of Information Technology web site at http://www.mit.gov.in/itbillmain.htm. The Australian Parliament is currently
considering the Cybercrime Bill 2000 (introduced 27 June 2001); see http://www.aph.gov.au/legis.htm.

The terms Internet and World Wide Web are often used synonymously in public discussion, but there is a technical
difference: the TCP/IP protocol that forms the Internet is amenable to various uses, only one of which is the Web. Other uses
are email, video and audio streaming, real-time chat services and so on (see Tan 2000, note 26).

Australian Institute of Criminology

A more systematic international understanding of the legal aspects of cybercrime is


emerging through sources such as:

the Council of Europes Draft Convention on Cybercrime (Council of Europe


2001);

the United Nations symposium on The Challenge of Borderless Cybercrime


held in conjunction with the Palermo signing conference of the Convention
Against Transnational Organised Crime (see Grabosky 2000; Tan 2000);

the United States Presidents Working Group on Unlawful Conduct on the


Internet (United States Department of Justice 2000);

cross-national comparative studies such as Cyber Crime and Punishment?


Archaic Laws Threaten Global Information (McConnell International 2000).

The most significant international development is the Council of Europes Convention


on Cybercrime (final draft released on 25 May 2001). The text, which has taken almost
four years and many redrafts to reach its present form, was approved by the
Parliamentary Assembly (24 April 2001) with recommendations to include provisions
on human rights and a protocol to ban hate speech, and adopted by the European
Committee on Crime Problems at its 50th plenary session (1822 June 2001). The final
draft will be submitted to the Committee of Ministers for adoption during its 109th
Session, on 8 November 2001.
The Convention will be the first international treaty to address criminal law and
procedural aspects of various types of criminal behaviour directed against computer
systems, networks, or data and other types of similar misuse. Signatories to the
Convention include the 43 member states of the Council of Europe plus the United
States, Canada and Japan.
The legal analysis that follows adopts the Council of Europes classification of computer
offences, and also reviews offence provisions under national intellectual property laws.

Adequacy of Legislation
Countries can be initially categorised according to whether they have:
(i)

basic criminal and commercial laws;

(ii)

a developed system of intellectual property laws; and

(iii) legislation directed specifically at computers and electronic commerce.


Each of the countries considered below may be observed to fall within one or more of
these categories, with most satisfying the second category and having made some
progress towards the third. Whether the existing legal system in any country can
adequately address cybercrime depends on the precise scope and interaction of its

Oxford v Moss (1978) 68 Cr App R 183; Stewart (1988) 41 CCC (3d) 481; Rank Film Distributors Ltd v Video Information
Centre [1981] 2 All ER 76; compare Attorney-General of Hong Kong v Daniel Chan Nai-Keung [1987] 1 WLR 1339.

Cybercrime Legislation in the Asia-Pacific Region

criminal, commercial, intellectual property and computer-related laws. As a general rule,


however, the development of each of the later categories has been necessitated in part by
the perceived inadequacy of legal remedies provided by other categories. The reliance on
specific intellectual property laws to protect valuable information, for example, is partly
attributable (in jurisdictions based on the English legal system) to the common law
doctrine that information is not property capable of being stolen.3 Thus, information
piracy is not amenable to prosecution under the criminal law relating to theft or
dishonest acquisition (Grabosky & Smith 1998, Chapter 5). In many countries there are
also difficulties in prosecuting under criminal law acts which may be performed outside
the jurisdiction but which result in harm within the jurisdiction, such as the posting of
offensive or obscene content on the Internet.4
Clearly, there are also significant differences in the legal, social and political contexts
within which these laws have been formulated and are enforced. Before reviewing the
legislative provisions, it is useful to explore these contexts in greater detail.

Historical Context
Though geographically proximate, the countries of the Asia-Pacific region have
enormously different historical backgrounds, which inevitably influence their respective
legal systems. Most retain some elements of indigenous laws and customs, overlaid by
laws imposed during periods of colonisation (including English, French and Spanish
legal systems), and some have also modelled their laws in accordance with broader
political philosophies such as communism (Heath 1998).

Social Context
Observance of legal norms cannot be divorced from social context. In all countries, laws
will be more readily obeyed (with less need for punitive enforcement) if they accord
with established social standards. Moreover, social norms can help to define the
boundaries of legality. In contract law, for example, terms may be implied according to
established business practice. The degree of candour expected in commercial
negotiations may also vary, so that what is business-like in one place may be seen as
fraudulent or misleading in another.

Political Context
Law enforcement and political context are interrelated. Laws passed by many
parliaments inevitably reflect political programs or involve a compromise between
various political interests, and political considerations are often involved in the way in
which these laws are enforced. Moreover, it has been pointed out that a sharp
distinction between law and policy does not exist in China. Stated government policy
can have exactly the same effect as formally enacted legislation (Clarke 1999, p. 33).
This is very different from the common law tradition according to which acts of
government may be challenged if beyond legislative power or ultra vires.

Australian Institute of Criminology

Another difference arises in the balance between public and private enforcement of legal
rights. Private enforcement of intellectual property rights in China is difficult within
existing legal structures (Clarke 1999). In Australia, by contrast, private civil litigation is
the usual way of resolving intellectual property disputes, while police and public
prosecution involvement is infrequent (Urbas 2000).

Levels of Criminality
There is also considerable divergence in the levels of activity in the region that might be
described as cybercrime. Korea, Japan, the Philippines and Taiwan have reported high
levels of computer hacking and damage from computer viruses (Infowar 2001). In
Vietnam, with only 0.1 per 100 of the population subscribing to Internet services, this is
so far less of a problem (Vietnam Post 2001).
Similar divergence in relation to estimated copyright piracy levels and associated trade
losses are observable in most recent available figures compiled by the International
Intellectual Property Alliance (IIPA) in association with United States Trade
Representative (USTR) classifications of intellectual property protection measures in
various countries (Table 1).
Table 1: Estimated copyright piracy levels (and estimated trade losses in
US$millions), 19982000
Motion pictures
1999
2000
1998

Records and m
usic
music
1998 1999 2000

Busin
ess applications
Business
1999
2000
1998

Enter
Enterttainment software
1999
2000
1998

90%
90%
90%
(120.0) (120.0) (120.0)
Taiwan
10%
20%
30%
(15.0) (20.0) (30.0)
Korea
20%
20%
20%
(20.0) (20.0) (20.0)
Philippin
es 65%
Philippines
65%
70%
(18.0) (18.0) (25.0)
Thailand
50%
55%
60%
(19.0) (21.0) (24.0)
Malaysia
80%
85%
80%
(40.0) (42.0) (41.0)
Singapore
25%
25%
NA
(8.0)
(8.0)
India
80%
80%
60%
(66.0) (66.0) (47.0)
Indon
esia
Indonesia
NA
90%
90%
(25.0) (25.0)
Vietn
am
ietnam
100% 100% 100%
(5.0)
(5.0)
(7.0)

56% 90% 85%


(80.0) (70.0) (70.0)
20% 25% 40%
(55.0) (60.0) (60.5)
15% 20% 23%
(10.0) (10.0) (7.0)
20% 20% 33%
(3.0) (2.0) (1.3)
35% 40% 45%
(9.1) (6.0) (16.0)
70% 40% 60%
(13.0) (5.0) (16.0)
19% 20%
NA
(16.0) (2.0)
30% 40% 40%
(6.0) (8.0) (6.0)
NA 20% 87%
(3.0) (19.6)
99% 100% 100%
(6.0) (NA) (NA)

95%
91%
93%
(808.4)
(NA) (658.7)
59%
54%
53%
(112.1) (97.6) (127.3)
64%
NA
52%
(115.7) (118.9) (102.3)
77%
NA
66%
(25.4) (26.7) (28.2)
82%
81%
78%
(39.4) (66.5) (47.0)
73%
71%
66%
(63.8) (76.8) (96.0)
52%
51%
NA
(47.4) (50.3)
65%
61%
63%
(158.0) (160.3) (195.2)
NA
85%
87%
(33.2) (32.9)
97%
98%
98%
(8.3) (10.5) (13.5)

95%
95%
99%
(1,420.1) (1,382.5)
(NA)
65%
68%
90%
(103.2) (115.7) (319.3)
65%
63%
90%
(122.1) (119.5) (157.0)
90%
89%
98%
(24.7)
(23.8) (41.0)
92%
95%
98%
(93.5) (116.3) (130.5)
99%
99%
98%
(135.2) (164.0)
(NA)
73%
65%
NA
(65.2)
(52.3)
84%
86%
80%
(36.8)
(42.8)
(NA)
NA
92%
99%
(80.4)
(NA)
98%
96%
NA
(22.5)
(20.1)

Chin
a
China

Source: International Intellectual Property Alliance (compiled from figures released 1 May 2000 and 16 February 2001). See also specific country reports: http://
www.iipa.com/html/reports_by_country.html, and the Software and Information Industry Associations Report on Global Software Piracy 2000, which estimates 1999
revenue losses from software piracy in the Asia-Pacific at approximately US$2.8 billion (http://www.spa.org/piracy).

Cybercrime Legislation in the Asia-Pacific Region

Levels of criminality in cyberspace can be variously measured according to prevalence of


offences, numbers of offenders, or according to other measures such as damage or
disruption caused. The differences can be significant, as illustrated by the phenomenon
of computer viruses (discussed further below).

Legislative Reform
A recent report on cybercrime laws in 52 countries assesses the following Asia-Pacific
countries as having updated their laws in relation to the prosecution of cybercrime:
Australia, China, Japan, Malaysia and the Philippines. New Zealand and Vietnam are
assessed as being in the process of developing such laws (McConnell International
2000). The basis used for comparison was a list of:
10 different types of cybercrime in four categories: data-related crimes including
interception, modification, and theft; network-related crimes, including interference
and sabotage; crimes of access, including hacking and virus distribution; and associated
computer-related crimes, including aiding and abetting cyber criminals, computer
fraud, and computer forgery.
(McConnell International 2000)
However, the McConnell International report itself notes that such crimes are not
treated uniformly across countries, or even in some instances within countries (such as
Australia, which has both Federal and State laws in relation to computer access), and
that penalty levels vary widely.
The analysis presented in the following chapter, which is based on the somewhat
different Council of Europe classification of computer and computer-related offences,
highlights the range of penalty levels applicable to cybercrime and intellectual property
offences within the Asia-Pacific region. Needless to say, comparison of laws across
jurisdictions must always be treated with caution, due partly to the difficulty of
obtaining legislation in reliable translation, and partly to the inherently idiosyncratic
ways in which legislative provisions are drafted, promulgated, interpreted and enforced
in differing legal systems. In addition, there is great variability in the degree to which
penalties approaching the maximum available in legislation are imposed, and the range
of sentencing options available to courts beyond those stated in the relevant offence
provisions. With these reservations expressed, however, it is hoped that the comparative
analysis presented will contribute to a clearer picture of legislative responses to
cybercrime in the Asia-Pacific region.

10

Australian Institute of Criminology

3 Comparative Analysis of Legislative


Cybercrime Provisions in the AsiaPacific Region

The Council of Europes Draft Convention on Cybercrime identifies the following as


offences which should be incorporated into substantive criminal law in participating
countries (Council of Europe 2001, Chapter II).
Offences against the confidentiality, integrity and availability of computer data and
systems (Title 1)

Illegal access (Art. 2)

Illegal interception (Art. 3)

Data interference (Art. 4)

System interference (Art. 5)

Misuse of devices (Art. 6)

Computer-related offences (Title 2)

Computer-related forgery (Art. 7)

Computer-related fraud (Art. 8)

Content-related offences (Title 3)

Offences related to child pornography (Art. 9)

Offences related to infringements of copyright and related rights (Title 4)

Offences related to infringements of copyright and related rights (Art. 10)

Ancillary liability and sanctions (Title 5)

Attempt and aiding or abetting (Art. 11)

Corporate liability (Art. 12)

Chapter II of the Convention goes on to canvass procedural matters such as collection


and preservation of evidence, production orders, search and seizure, data interception
and jurisdictional issues. Chapter III deals with mechanisms for international
cooperation (Council of Europe 2001).

Cybercrime Legislation in the Asia-Pacific Region

11

Computer and Computer-related Offence Provisions


The following table presents a comparative analysis of computer and computer-related
offence provisions in the 14 jurisdictions under consideration, based on the Council of
Europes classification of offences.
Table 2: Comparative analysis of computer crime offence provisions
Computer and dat
a off
ences
data
offences
Illegal
access

Chin
a
China

Illegal
interception

Dat
a
Data
interf
erence
interference

System
Misuse of
interf
erence de
vices
interference
devices

Computer
-related off
ences
Computer-related
offences
Computer
Computer-- Computer
Computer-- Computer
related
related
child
forger
fraud
orgeryy
pornography

Ancillar
Ancillaryy liability

Copyright Separate attempt, Corporate


and related
aiding etc.
liability
rights
off
ences
offences

Regulations on Protecting the Safety of Computer Information (Order No. 147 of the State Council of the Peoples Republic of China, 18 February 1994)
Computer Information Network and Internet Security, Protection and Management Regulations (State Council approval 11 December 1997, promulgated
30 December 1997)

1994 Regulations
Warnings may be given, fines imposed and illegal income confiscated in cases of deliberate input of
computer virus or selling special safety protection products without permission.
1997 Regulations
Prohibition of use of Internet to:

harm national security, disclose state secrets, conduct illegal activity etc. (Art. 4), punishable by
relevant State regulations (Art. 19);

transmit information inciting illegality or overthrow of the Government etc. (Art. 5), punishable
by warnings, confiscation of illegal income, and fines of not more than 5,000 RMB for individuals
or 15,000 RMB for Internet service providing units (Art. 20).
Prohibition of activities harming the security of computer information networks including:

unapproved use of computer networks or resources, change of network functions, adding/


deleting/altering stored data etc.;

creation or transmission of computer viruses,punishable as for Art. 5.


Hong K
ong
Kong

Crimes
Telecommun- Crimes Ordinance
Cap. 200
Ordinance ications
Ordinance
extending definition of criminal

Cap. 200
s161
(5 yrs
max.)

Taiwan

Japan

12

Cap. 106
s27A (fine
of $20,000)

See

Computer
Software
Protection
Regulations

Crimes
Theft
Control of
See
Crimes
Ordinance Ordinance Obscene and Copyright Ordinance
Cap. 210 Indecent
Ordinance Cap. 200
s19 (10 yrs Articles Ord. Cap. 39
s56 (accessories)
39,
Cap.390
max. for
Prevention s159A (conspiracy)
s21 (3 yrs
false
of Copyright s159G (attempts)
accounting max. and
Piracy
by falsifying fine of
Ordinance

Cap. 200
s85 (life
damage to property to include
misuse of a computer i.e. unauthorised imprisonfunction, altering, erasing or adding any ment for
program or data
falsification
Theft Ordinance
of bank
Cap. 210
computer
extending burglary
records)
Cap.200: ss59,60,63
(10 yrs max. or life imprisonment if
property intentionally destroyed so as to
endanger life)
Cap.210: s11
(14 yrs max. for burglary defined to
include unlawful interference with
computer)

computer
records

$1million)

Cap. 544

Computer Processing Personal Information Protection Law (proclaimed August 1995)


Illegal output, distortion, change or deletion
(3 yrs max. and/or fine to NT$50,000)
Note: injured persons can apply for damages up to NT$20 million.

Information leak for


profit (2 yrs and/or
NT$40,000)

Unauthorised Computer Access Law (No.128 of 1999)


Ar
t.3,8 Un
authorised computer access
Art.3,8
Unauthorised
(1 year max. or fine to 500,000)
t.4,9 F
acilit
ating un
authorised access
Ar
Art.4,9
Facilit
acilitating
unauthorised
(Fine to 300,000)

s161
s161(5 yrs s246
max. or
(5 yrs
fine to
max.)
50,000)

Private institutions liable to


fine of NT$100,000 for breach

Computer Crime Act (under the Japanese Penal Code)


See

Copyright
Amendment
Act 1985

Korea

Information Communication Act (No. 5986 of 1999) [and Computer Program Protection Act (No.3920 of 1986)]
Ar
t.28 Impairing dat
a etc.
Art.28
data
(5 yrs max. or fine to 50 million won)
Ar
t.29 Impairing protectiv
e measures
Art.29
protective
(3 yrs max. or fine to 30 million won)
Ar
t.30 Un
authorised disclosure
Art.30
Unauthorised
(1 yr max. or fine to 10 million won)
Ar
t.30 Breach of other regulations
Art.30
(Fine to 5 million won)

Philippin
es
Philippines

Electronic Commerce Act 2000 (in force from 15 June 2000)


s33 (a) Hacking or cracking (mandatory imprisonment from 6 months to 3 years and minimum fine of P100,000 with a
maximum commensurate to the damage incurred)
s33 (b) Piracy (as for s33(a))
s33 (c) Violations of Consumer Act or Repu
blic Act No.7394 (penalties as provided in those Acts)
Republic
s33 (d) Other violations of pro
visions of Electronic Commerce Act 1999 (6 yrs max. or maximum fine of P1,000,000)
provisions

Australian Institute of Criminology

s250
making attempts
etc. punishable

Table 2 (cont)
Computer and dat
a off
ences
data
offences
Illegal
access

Thailand

Illegal
interception

Dat
a
Data
interf
erence
interference

Computer
-related off
ences
Computer-related
offences

System
Misuse of
interf
erence de
vices
interference
devices

Computer
Computer-- Computer
Computer-- Computer
related
related
child
forger
fraud
orgeryy
pornography

Ancillar
Ancillaryy liability

Copyright Separate attempt, Corporate


and related
aiding etc.
liability
rights
off
ences
offences

Parliament considering package of six IT-related laws including:

Data Protection Law


Computer Crime/Computer-related Crime Law

Computer Crimes Act 1997 [and Digital Signatures Act 1997]

Malaysia

ss3,4
Un
authorised access
Unauthorised
(5 yrs max. and/or fine
to RM 50,000; 10 yrs
max. and/or fine to
RM 150,000 if with
intention to commit
offence)

s5
Un
authorised modif
ication
Unauthorised
modification
(7 yrs max. and/or fine to
RM 100,000; 10 yrs max.
and/or fine to RM 150,000
if with intention of
causing injury)

s6
authorised disclosure of
Unauthorised
Un
access code
(3 yrs max. and/or fine to
RM 25,000)

See Comm-

unications
and
Multimedia
Act 1998

See

Copyright
Act 1997

Computer Misuse Act [Cap.50A]


s3 Un
authorised access to computer m
aterial (2 yrs max. and/or fine to $5,000 for first offence; 3 yrs max.
Unauthorised
material
and/or fine to $10,000 for second or later offence; 7 yrs max. and/or fine to $50,000 if damage caused)
s4 Access with intent to commit off
ence or facilit
ate commission (10 yrs max. and/or fine to $50,000)
offence
facilitate
s5 Un
authorised modif
ication of computer m
aterial (3 yrs max. and/or fine to $10,000; 5 yrs max. and/or
Unauthorised
modification
material
fine to $20,000 for second or later offence; 7 yrs max. and/or fine to $50,000 if damage caused)
s6 Un
authorised use or interception of computer service (3 yrs max. and/or fine to $10,000; 5 yrs max. and/or
Unauthorised
fine to $20,000 for second or later offence; 7 yrs max. and/or fine to $50,000 if damage caused)
s7 Un
authorised obstruction of use of computer (3 yrs max. and/or fine to $10,000; 5 yrs max. and/or fine to
Unauthorised
$20,000 for second or later offence; 7 yrs max. and/or fine to $50,000 if damage caused)
s8 Un
authorised disclosure of access code
Unauthorised
code(3 yrs max. and/or fine to $10,000; 5 yrs max. and/or fine to
$20,000 for second or later offence)
s9 Enhanced punishment ffor
or off
ences involving protected computers (defence, law enforcement etc.)
offences
(20 yrs max. and/or fine to $100,000)

Singapore

s7
Abetments and
attempts
punishable as
per offence

s10
Abetments and
attempts
punishable as
offences

Information Technology Act 2000 (No.21 of 2000) also incorporating computer-related amendments to the Indian Penal Code (No.45 of 1860)
s43 Un
authorised access, dam
age etc. (Damages not exceeding one crore rupees)
Unauthorised
damage
See s63B
s63B,
s65 Tampering with computer source documents (3yrs max. and/or fine to two lakh = 200,000 rupees)
Copyright
s66 Hacking with computer system (3yrs max. and/or fine to two lakh rupees)
Act 1957
s67 Pu
blishing obscen
e inf
orm
ation in electronic fform
orm (5 yrs max. and fine to one lakh rupees; 10 yrs max.
Publishing
obscene
inform
ormation
and fine to two lakh rupees for second or subsequent conviction)
s70 Un
authorised access to protected computer system (10 yrs max. and unspecified fine)
Unauthorised

India

Indon
esia
Indonesia

NA

Australia*

Crimes Act 1914 (Cwlth)


(No.12 of 1914 as amended)
a in Commonw
ealth computer
s76B Unla
wful access to dat
Unlawful
data
Commonwealth
(6 months or 2 yrs max. if with intent to defraud or in relation to restricted information)
ealth computer
s76C Dam
aging dat
a in Commonw
Damaging
data
Commonwealth
(10 yrs max.)

Ne
w Zealand
New

State and
Territory
Criminal
Legislation

See

Copyright
Act 1968

Crimes Act 1914

ss5-7A deal with


attempts, aiding
and abetting etc.

(Cwlth)

s85
ences by
Offences
Off
companies
Responsible
officer of
company
may be
held liable

s4B deals
with
penalties
for
corporations

Amendments to the Crimes Act relating to unauthorised access and damage to computers (including hacking) are currently before the New Zealand
Parliament: Crimes Amendment Bill (No.6).

Vietn
am
ietnam

No specific computer crime laws, but legislative amendments being considered.

Cambodia

No specific computer crime laws.

Laos

No specific computer crime laws, but directives posted during 2000 prohibit Internet publication of material considered to be violent, criminal, unstable,
pornographic etc., with unspecified penalties including warnings, fines, expulsion, education or prosecution.

* Commonwealth only: Australian States and Territories have their own computer crime and other criminal legislation.
Sources:

Internet sites containing translations of national computer-related legislation:


Australia:
http://www.austlii.edu.au
India:
http://www.mit.gov.in/itbillmain.htm
http://scaleplus.law.gov.au
Japan:
http://npa.go.jp
Cambodia: http://www.bigpond.com.kh/Council
Malaysia:
http://www.ktkm.gov.my/organisation/acts/crimeact/3.html
_of_Jurists/Judicial/jud005g.htm
New Zealand: http://rangi.knowledge-basket.co.nz
China:
http://www.chinaonline.com
Philippines: http://www.icon.com.ph/dti/ecom.htm
Hong Kong: http://www.justice.gov.hk/blis.nsf
Singapore: http://www.lawnet.com.sg

Cybercrime Legislation in the Asia-Pacific Region

13

Computer Offences

The legislative approach of very few countries in the Asia-Pacific region fits neatly
within the Council of Europes classifications. However, in some cases it is possible to
identify separate offences (and penalties) in relation to illegal access, interception,
interference, misuse and so on. Hong Kong, Malaysia and Singapore arguably have the
most fine-grained discrimination of computer offences, while jurisdictions such as
China, Taiwan and the Philippines tend towards more general offence descriptions (for
example, the Philippines hacking or cracking offence).
Computer-related Offences

Only some of the Asia-Pacific jurisdictions incorporate specific fraud and forgery
offences into their main computer crime legislation. An example is section 246-2 of
Japans Computer Crime Act, which relates to intentionally obtaining a profit by
introducing false information or wrong instructions into any computer system used in
the course of business transactions.5 However, fraud and forgery can be prosecuted
under the commercial and criminal laws of most jurisdictions whether committed using
a computer or by more traditional paper-based means. Much the same is true for child
pornography and similar offensive-content measures. While few jurisdictions have such
provisions in their main computer crime legislation (India is an exception), such
publication may be punishable under existing obscenity or content-classification laws.
Finally, offences relating to copyright are to be found in intellectual property laws rather
than computer crime legislation in most countries (an exception being the Philippines
piracy offence).
Ancillary Liability

In only a minority of Asia-Pacific countries are there explicit provisions in computer


crime laws relating to attempt, aiding and abetting, conspiracy and corporate liability.
However, such ancillary liability may arise instead from applicable criminal, commercial
or corporations law. Interestingly, Australian Commonwealth legislation makes
maximum fines that can be imposed on a corporation five times the criminal fines
applicable to individuals.

14

An unauthorised translation of the Act is available at http://www.isc.meiji.ac.jp/~sumwel_h/Codes/comp-crim.htm.

Australian Institute of Criminology

Special Enforcement Units

Recognising the highly specialised knowledge and skills required for investigation and
evidence gathering in relation to cybercrime, some countries have moved towards setting
up specialised computer crime units within their law enforcement agencies. Examples
include:

the HITEC (HI-tech crime Technical Expert Center) established to act as a cyber
police force by the National Police Agency of Japan (http://www.npa.go.jp/
hightech/jyu_prog/pro_eng.htm); and

the Korean National Police Agencys Cyber Terrorism Response Center and
recently announced General Investigation Center of Computer Crimes under the
Prosecutor-Generals Office (Lee 2000).

Organised Crime/Money Laundering

Computer crime and intellectual property piracy may constitute predicate offences
under some jurisdictions legislation directed towards organised crime and money
laundering. This approach is based the United States Racketeer-Influenced and Corrupt
Organizations statute enacted in 1970, which has been a model for some legislative
developments in the Asia-Pacific (for example, the Philippines).
Forfeiture/Restitution

Apart from the imposition of terms of imprisonment and fines, courts are empowered
under some computer crime legislation to order forfeiture of equipment used and/or
assets acquired, or to require restitution to victims. In Taiwan there is a statutory
maximum for damages that can be awarded to injured persons under the Computer
Processing Personal Information Protection Law. In the Philippines, maximum penalties
imposed for hacking or cracking under the Electronic Commerce Act are commensurate
to the damage incurred.
Undercover Surveillance/Search and Seizure

Standard search and seizure powers for the investigation of criminal offences may not
extend to the investigation of computer data or the interception and covert surveillance
of electronic transmissions such as email. Some computer crimes legislation expands the
range of investigatory powers available to law enforcement agencies.
International Agreements

There are currently no international agreements on the scale of United Nations


conventions or treaties in relation to computer crimes. However, the United Nations has
been monitoring developments for over a decade, starting with the 8th Crime Congress
in Havana in 1990, followed by publication in 1994 of a Manual on the Prevention and
Control of Computer-Related Crime, and recently culminating in the Vienna Declaration

Cybercrime Legislation in the Asia-Pacific Region

15

on Crime and Justice.6 At a more regional level, the Asia and Far East Institute of the
United Nations (UNAFEI) recently conducted a workshop consisting of four panel
discussions on:

the criminology of computer-related crime;

problems associated with search and seizure on computer networks;

problems associated with the tracing of communications on computer networks;


and

the relationships between law enforcement agencies and the computer and
Internet industries.7

The most significant other international development in prospect is the Council of


Europes Draft Convention on Cybercrime (Council of Europe 2001). Apart from these
examples of international cooperation, many countries have arrangements in place for
mutual assistance in criminal matters, which allow for cross-border investigation and
extradition of offenders.8

Intellectual Property Rights Offence Provisions


There is considerable overlap between computer crime laws and intellectual property
laws. For example, computer hardware may constitute a patentable invention, a
registered design, or be protected under legislation relating to circuit layouts. Computer
software may likewise be protected under copyright law, and similarly with data and
information transmitted or stored on files. Conversely, it has been observed that:
the explosion of digitisation and the Internet has further enabled IPR [intellectual
property rights] violators to easily copy and illegally distribute trade secrets, trade marks
and logos.
(White House 2000, Chapter II).
Table 3 presents a comparative analysis of intellectual property rights offence provisions
in the jurisdictions under consideration.

16

More information is available from the United Nations web site: http://www.un.org/english.

See the UNAFEI web site: http://www.unafei.or.jp.

See, for example, in Australia: Crimes (Overseas) Act 1964 (Cwlth), Criminal Investigation (Extraterritorial Offences) Act 1987
(Cwlth), Extradition Act 1987 and Mutual Assistance in Criminal Matters Act 1987 (Cwlth) at http://www.austlii.edu.au.

Australian Institute of Criminology

Table 3: Comparative analysis of intellectual property rights offence provisions 9


Patents

Chin
a
China

Tradem
arks
rademarks

Designs

Patent Law

Trademark Law

(in force from


Apr 1985) and
implementing
regulations
(from 1992)

(in force from


1 Mar 1993)

Ar
t.63
Art.63
(Unspecified
criminal liability
for serious
infringement)

Ar
t.38, 40
Art.38,
(Unspecified
criminal liability
for serious
infringement)

Copyright
(including
Utility Models
in some
jurisdictions)
Designs and
utility models
are included
as patentable
inventioncreations under
the Patent Law
See Patent Law

Circuit
(including
moral rights
in some
jurisdictions)

Copyright Law
(in force from
1 June 1991)
and Copyright
Regulations (in
force from July
1994) [includes
computer
software]
Ar
t.46
Art.46
(3-7 yrs for serious
infringements
plus compensation
to owners)

Ancillar
Ancillaryy liability
layouts

pro
visions
provisions

Computer
hardware design
may be
patentable under
the Patent Law
(software is
expressly
excluded:
Art.25(2))
See Patent Law

Supplemental provisions to the Penal Code


Passed Feb 1993
Passed July 1994
Ar
t.1
Art.1
(3 yrs max. and/ or unspecified fines for serious infringement, 7 yrs max. and fine for cases
involving large unlawful gains)
Hong K
ong
Kong

Patents Ordinance Trademarks


Ordinance

Cap. 514

Cap. 43
(to be replaced
by Cap. 559
559)

Registered
Designs
Ordinance
Cap. 522

Copyright
Ordinance

Layout-Design
(Topography) of
Cap. 528
Integrated
Prevention of
Circuits
Copyright Piracy Ordinance
Cap. 445
Ordinance

Cap. 544
(relating to optical
disc piracy)
s141
s86
s85
Cap.528,
(No criminal
ss118-120
(2 yrs max. for
(7 yrs max. and
(2 yrs max. for
penalties for
falsification of
fine of $50,000
falsification of
(8 yrs max. and
infringement)
register etc.; no
for falsification of register etc.; no fine of $500,000)
Cap.544,
criminal penalties register etc.; no
criminal
ss3-4, 21-22
for infringement) criminal penalties penalties
for infringement) for infringement) (2 yrs max. and
fine of $500,000
on first conviction,
or 4 yrs max. and
$1 million
thereafter)

All Hong Kong


Intellectual Property
Ordinances provide
that officers of a
corporate entity
may be individually
liable for
infringements by
the entity.
Note that certain
recent copyright
amendments have
been temporarily
suspended:
Cap. 568

Copyright (Suspension
of Amendments)
Ordinance 2001
(No. 13 of 2001,
commenced 1 April
2001).

Internet sites containing translations of national intellectual property legislation include:


Australia:
http://www.austlii.edu.au
Korea:
http://www.kipo.go.kr
http://www.scaleplus.law.gov.au
Malaysia:
http://www.kpdnhq.gov.my/homepage/
http://www.ipaustralia.gov.au
english/mainIp.html
Cambodia: http://www.bigpond.com.kh/Council_
New Zealand: http://www.iponz.govt.nz/search/cad/dbssiten.main
of_Jurists/Judicial/jud005g.htm
http://rangi.knowledge-basket.co.nz
China:
http://www.chinaonline.com
Philippines: http://www.chanrobles.com
http://www.cpo.cn.net/e-page.htm
Singapore:
http://www.gov.sg/molaw/ipos
Hong Kong: http://www.justice.gov.hk/blis.nsf
Taiwan:
http://www.qis.net/chinalaw/roclaw21.htm
http://info.gov.hk/ipd/eng/index.htm
Thailand:
http://ipthailand.org
Japan:
http://www.jpo-mti.go.jp
http://www.s-I-asia.com
http://www.jpo.go.jp
Vietnam:
http://home.vnn.vn/english/legal_docs

Cybercrime Legislation in the Asia-Pacific Region

17

Table 3 (cont)

Taiwan

Japan

Patents

Tradem
arks
rademarks

Designs

Copyright

Circuit
layouts

Patent Law

Trademark Law

See Patent Law

Copyright Law

(in force
Jan 1994)

(in force
Dec 1993,
amended 1 Jan
1998)

Integrated
Circuit LayoutDesign
Protection Law

Infringement
invention patents:
(fine to
NT$600,000);
utility model
patents:
(2 yrs max. and/
or fine to
NT$150,000)

Ar
t.62
Art.62
Infringement
(3 yrs max. and/
or fine to
NT$200,000)

Patent Law of

Trademark Law

1959

of 1957

(includes
computer
software)
See Patent Law
new design
patents:
(1 yr max. and/
or fine to
NT$60,000)

(7 yrs max. and


fine to
NT$450,000)

Design Law [and Copyright Act of


Utility Model
1970
Law] of 1959

in force Feb
1996)
(Constructive
damages to
NT$5 million,
but no criminal
punishment)

Circuit Layout of
Semi-conductor
Integrated
Circuit Act of
1985

ss196-204
(5 yrs max. with
labour or fine to
5 million)

Korea

Patent Law

ss78-85
(5 yrs max. with
labour or fine to
5 million)

Trademark Law

(No.950 of 1961) (No.71 of 1949)


revised 1 July
revised 1 July
2001
2001

Ar
t.113, 119
Art.113,
(3 yrs max. with
labour or fine to
3 million)
[Circumvention
devices:
Ar
t.120bis
-Ar
Art.120bis
(1 yr max. or fine
to 1 million)]

Ar
t.51-56
Art.51-56
(3 yrs max. or
fine to
1 million)

Design Law

Copyright Act

(No.951 of
1961)
amended 1997
[and Utility

(No.3816 of
1986)
[andComputer

Semi-conductor
Integrated
Circuits Lay-Out
Design Act

ss69-77
[ss56-64]
(3 yrs max. with
labour or fine to
3 million)

Model Law

(No.952 of
1961) revised
1 July 2001]
Ar
t.225-232
Ar
t.93-98
Ar
t.82-89
Art.225-232
Art.93-98
Art.82-89
t.18]
(7 yrs max. or fine (7 yrs max. or fine [Ar
[Art.18]
to 100 million
to 100 million
(7 yrs max. or
won; 300 million won; 300 million fine to
won for a
won for a
100 million won;
corporation)
corporation)
300 million
won for a
corporation)
Philippin
es
Philippines

Program
Protection Act

(No.3920 of
1986)]
Ar
t.98-101
Art.98-101
(3 yrs max. or fine
to 3 million won)
Ar
t.46(1)
[Ar
Art.46(1)
(3 yrs max. or fine
to 3 million won)]

Dual liability
provisions under
each of Japans
intellectual property
laws make a legal
entity also liable for
infringements
committed by an
officer, employee,
representative or
servant of the
entity: see e.g. s201

Patent Law

(No.4526 of
1992) revised
1999

Ar
t.45-49
Art.45-49
(3 yrs max. and/
or 50 million
won)

Dual liability
provisions under
Korean intellectual
property laws make
a legal entity also
liable for
infringements
committed by an
officer, employee,
representative or
servant of the
entity:
Ar
t.230 Patent Law
Art.230
Ar
t.97 Trademark
Art.97

Law

Ar
t.87 Design Law
Art.87

Intellectual Property Code of the Philippines


(Republic Act No. 8293)
(includes Part II: Patents, Part III: Trademarks, Service Marks and
Trade Names, Part IV: Copyright including computer programs)
(in force from 1 Jan 1998)

Ancillar
Ancillaryy liability
pro
visions
provisions

[No specific
present law, but
may be
patentable
invention under

Intellectual
Property Code

Intellectual
Property Code]

s217.1 penalties for Part IV


1st off
ence: 1 to 3 yrs and fine from P50,000 to P150,000;
(1st
offence:
2nd off
ence: 3 to 6 yrs and fine from P150,000 to P500,000;
offence:
3rd off
ence: 6 to 9 yrs and fine from P500,000 to P1,500,000
offence:
and in all cases, subsidiary imprisonment in case of insolvency)

18

Australian Institute of Criminology

s217.1 Aiding and


abetting punished as
infringements

Table 3 (cont)
Patents
Thailand

Patent Act
B.E.2522 (1979),
amended
B.E.2535 (1992),
B.E.2542 (1999)
ss81-88
(3 yrs max. or fine
to 400,000 baht)

Malaysia

Tradem
arks
rademarks

Designs

Copyright

ss107-116
ss27-30, 52, 69
(4 yrs max. or fine (Direct infringement: fine from 20,000 baht to 200,000
to 400,000 baht) baht; max. 4 yrs and/or fine from 100,000 baht to
800,000 baht if offence committed for commercial
purpose)
ss31, 70
(Indirect infringement: fine from 10,000 to 100,000
baht; max. 2 yrs and/or fine from 50,000 to 400,000
baht if offence committed for commercial purpose)
s73
(Penalty doubled for any 2nd offence committed within
5 yrs of discharge of 1st offence penalty)

Copyright Act
1987, Copyright
(Amendment)
Acts 1990, 1996,

1997, 2000.
s41
(5 yrs max. and
fine to 10,000
ringgit per
infringing copy;
10 yrs max for
second or later
offence)
Note also Optical Discs Bill 2000 including criminal penalties.

Singapore

India

No criminal
penalties for
infringement

No criminal
penalties for
infringement

Patents Act 1994 Trade Marks Act Registered


1998 (1999 Ed., Designs Act

(in force Feb


1995)

Ancillar
Ancillaryy liability
pro
visions
provisions

Trademarks Act Copyright Act, B.E.2537 (1994)


B.E.2534 (1991), (includes computer software)
amended
[and Protection of Lay-out Designs of Integrated
B.E.2543 (2000) Circuits Act, B.E.2543 (2000)]

Patents Act 1983 Trade Marks Act Industrial


1976
Designs Act
1999
No criminal
penalties for
infringement

Circuit
layouts

s72 Managers and


officers of
corporation may be
jointly liable for
infringements by
corporations

Layout-Designs
of Integrated
Circuits Act
2000

Copyright Act 1987

No criminal
penalties for
infringement

s41(4)
Responsible officer
of company may be
held liable

Copyright Act
Cap.63
1987 (Cap.63
Cap.63,

in force Jan 1999) (No.25 of 2000) 1999 Ed., in force


Dec. 1999)
s136
(5 yrs max. and/or
S$10,000 per
infringing copy to
a max. of
S$100,000)

Patents Act 1970 Trade and


Patents
Merchandise
(Amendment) Act Marks Act 1999
1999

ss76-95
[infringement]
(6 months to 3 yrs
max. and fine from
Rs50,000 to
Rs.2 million)

Designs Act
Copyright Act
1911 (subject to 1957 (as amended
revision under
by Copyright Act
Designs Bill
1994 No.38 of
2000)
1994) [includes
computer
software]
ss63, 63A
[infringement]
(6 months to 3 yrs
max. and fine from
Rs50,000 to
Rs.2 million)
s63B [infringing
computer programs]
(3 yrs max. and
fine to Rs.2 million)

Copyright Act 1957

s69 Off
ences by
Offences
companies
Responsible officer
of company may
be held liable

Cybercrime Legislation in the Asia-Pacific Region

19

Table 3 (cont)
Patents
Indon
esia
Indonesia

Australia*

Designs

Copyright

Circuit
layouts

Patents Law

Trademark Law

Industrial Design Copyright Law

Patents Act
1990

Trademarks Act
1995

Designs Act 1906 Copyright Act


Circuit Layouts
1968 as amended Act 1989
by Copyright
Amendment
(Digital Agenda)
Act 2000 (in

Ancillar
Ancillaryy liability
pro
visions
provisions

Integrated

(No.6 of 1989)
(No.19 of 1992) Law
(No.6 of 1982)
Circuits Law
Note: Amendments to the above intellectual property laws are currently before the Indonesian
Parliament, which is also due to discuss drafts on trade secrets, industrial designs and circuit
layouts. Proposed criminal penalties are as follow.
Ar
t.91-96
Ar
t.74
Ar
t.55
Ar
t.131-133
Ar
t.42
Art.91-96
Art.74
Art.55
Art.131-133
Art.42
(1-7 yrs and fines (2-7 yrs and fines (2-7 yrs and fines (5-7 yrs and fines (2-7 yrs and fines
from Rp10 million from Rp45 million from Rp45 million from Rp150 million from Rp45 million
to Rp300 million) to Rp300 million) to Rp300 million) to Rp300 million) to Rp300 million)

No criminal
penalties for
infringement

Ne
w
New
Zealand

Tradem
arks
rademarks

ss145-149
No criminal
(2 yrs max. and/or penalties for
fines to $55,000) infringement

Patents Act 1953 Trade Marks Act Designs Act


1953
1953
No criminal
penalties for
infringement

No criminal
No criminal
penalties for
penalties for
infringement but infringement
max. fine of
$30,000 or
$100,000 for a
corporation under
ss16, 40 of the

force from
4 Mar 2001)
s132
No criminal
(5 yrs max and/or penalties for
fines to $60,500; infringement
fine increases to
$93,500 for
infringement by
conversion from
analog to digital
copy: s132(6AA)
s132(6AA))

Under s4B(3) of the

Crimes Act 1914

(Cwlth) a
corporation may be
fined up to 5 times
the maximum fine
applicable to an
individual.

Copyright Act
1994

Layout Designs
Act 1994

Copyright Act 1994

ss131, 198
(3 months max.
or fine of $5,000
per infringing
copy to a max.
of $50,000)

No criminal
penalties for
infringement

s133
Officers of body
corporate may be
liable for
infringement by the
corporation.

Fair Trading Act


1986 for forging
Vietn
am
ietnam

Cambodia

Laos

Ordinance on
the Protection
of Industrial
Property Rights

or falsely applying
a trademark

Ordinance on
Trademarks

(197/HDBT, Dec
1982))

Ordinance on
Industrial
Designs

Ordinance on
Copyright
Protection

(85/HDBT, May (OR-COPY, Dec


(PLBHSHCN,
1988)
1994)
July 1990)
Infringements are punishable by indeterminate sanctions: e.g. administrative
fines or penal prosecutions depending on the seriousness of the violation
(Art.43 of Ordinance on Copyright)
t.48 of the Provisions dated September 10, 1992
Misappropriation of intellectual property is prohibited under Ar
Art.48

relating to the Judiciary and Criminal Law and Procedure applicable in Cambodia during the Transitional Period, but
no penalties are prescribed. Draft Patent and Design Act, Marks Protection Act and Copyright and Related Works Act
were drafted in 1996.
Decree 104 issued in 1987 recognises the need to protect intellectual property rights in Laos, but is not in itself
substantial legislation for enforcement.

* Commonwealth only: Australian States and Territories have no intellectual property legislation.
Main source: CCH Asia 1998

20

Australian Institute of Criminology

Offence Classification

The classification of intellectual property laws into those dealing with patents,
trademarks, designs, copyright and (in some jurisdictions) computer circuit layouts is
fairly standard. However, the legislation of some jurisdictions combines a number of
these categories (for example, China, Taiwan, the Philippines), while others have specific
laws for additional categories such as utility models (Japan, Korea). Moreover, not all
intellectual property statutes make infringement an offence (in Australia, for example,
only the Trademarks Act and Copyright Act have such offence provisions).
Computer Software

Unauthorised duplication of computer software (except to make a back-up copy for


personal use) is now explicitly included as infringement under most copyright laws. The
amendments introduced to effect this range from merely including computer software
in the definition of copyrightable material or literary works (for example, Taiwan,
Thailand, Vietnam), to entire new legislation (for example the Computer Program
Protection Act of Korea).
Optical Disc Piracy

Few Asia-Pacific jurisdictions have laws explicitly relating to optical disc piracy. An
exception is Hong Kongs Prevention of Copyright Piracy Ordinance, which prohibits
the manufacture of optical discs without a valid licence, punishable by a fine of
$500,000 and imprisonment for two years on a first conviction, and $1,000,000 or four
years on a subsequent conviction (Cap. 544, section 21).
Circumvention of Technological Protection Measures

Offence provisions in relation to the circumvention of technological protection


measures such as encryption devices, user identification and electronic rights
management information regimes are in early stages of introduction in the Asia-Pacific
region. Amendments in Australias Copyright Act 1968, sections 132(5A)(5J), relating
to circumvention came into force on 4 March 2001. Penalties for manufacture, sale or
commercial promotion of such devices range up to five years imprisonment and fines of
$60,500 (five times this amount for a corporation). Similar provisions have also been
enacted in Hong Kong, Japan, Korea and Malaysia. The Malaysian Copyright
(Amendment) Act 1997 (in force from 1 April 1999) provides for fines up to 250,000
ringgit and/or imprisonment for up to three years for a first offence, or 500,000 ringgit
and/or five years for subsequent offences.
International Agreements

International agreements for the protection of industrial and intellectual property date
back over 100 years. Table 4 indicates membership within the Asia-Pacific region of the
main instruments administered by the World Intellectual Property Organisation
(WIPO), United Nations Educational, Scientific and Cultural Organisation

Cybercrime Legislation in the Asia-Pacific Region

21

22

Australian Institute of Criminology

Applies from
July 1997

Hong Kong

Aug 1996

July 1931

March 1949

Sept 1998

Oct 1998

New Zealand

Vietnam

Cambodia

Laos

April 1928

April 1928

Sept 1997

April 1928

Sources: WIPO web sitehttp://www.wipo.int/treaties/ip/index.html


UNESCO web sitehttp://www.unesco.org
WTO web sitehttp://www.wto.org

* to comply by 2001

Dec 1950

Oct 1925

Australia

Dec 1998

India

Indonesia

Feb 1995

Singapore

Dec 1998

July 1931

Oct 1990

Aug 1951

Jan 1989

Philippines

Malaysia

May 1980

Sept 1965

Korea

July 1899

Applies from
July 1997

Oct1992

Berne Convention
for the Protection
of Literary and
Artistic Works
1886

Thailand

July 1899

Japan

Taiwan

March 1985

China

Paris Convention
for the Protection
of Industrial
Property 1883

Sept 1992

Sept 1984

Oct 1989

Rome Convention
for the Protection
of Producers of
Phonograms etc.
1961

Jan 1995

July 1995

July 1976

June 1984

Aug 1972

Dec 1979

May 1975

Dec 1990

Jan 1989

Dec 1989

July 1980

March 1979

April 1975

June 1980

Convention
Establishing the
World Intellectual
Property
Organisation
1970 (WIPO)

Table 4: Membership of intellectual property treaties and conventions

March 1993

Dec 1992

March 1980

Sept 1997

Dec 1998

Feb 1995

Aug 1984

Oct 1978

Applies from
July 1997

Jan 1994

Patent
Cooperation
Treaty
(Washington,
1970)

Aug 1954

Aug 1953

Feb 1969
[Nov 1977]

Oct 1957
[Jan 1988]

Aug 1955

July 1987

Jan 1956
[July 1977]

July 1992

Universal
Copyright
Convention
(Geneva 1952)
[as revised at
Paris, 1971]

Aug 1976

June 1974

Feb 1975

Oct 1987

Oct 1978

Applies from
July 1997

April 1993

Geneva
Phonograms
Convention
1971

Jan 1998

Sept 1997

Oct 1999

Trademark
Law Treaty
(Geneva, 1994)

Jan 1995*

Jan 1995*

Jan 1995*

Jan 1995*

Jan 1995*

Jan 1995*

Jan 1995

Jan 1995*

Jan 1995*

Jan 1995*

Jan 1995*

In progress

Agreement on
Trade-related
Aspects of
Intellectual
Property Rights
1994 (TRIPS)

Ratified

Ratified

WIPO
Copyright
Treaty
1996
(not yet
in force)

4 Significant Developments in
Cybercrime Enforcement in the AsiaPacific Region

During 20002001, several significant developments have occurred within the AsiaPacific region by way of cybercrime activity, prosecution and legislative reform. Some
highlights follow.

The Love Bug


In May 2000, an individual in the Philippines was suspected of having created the
ILOVEYOU computer virus which spread to millions of Internet-connected
computers throughout the world and caused an estimated US$7 billion in damage
(Associated Press 2000). Prosecution did not proceed due in part to the lack of
appropriate laws, prompting the Philippines legislature within a very short time to enact
the Electronic Commerce Act 2000. Under the new law, a penalty of six months to three
years imprisonment applies to hacking, cracking and computer virus offences
(s33(a)), with fines ranging from P100,000 to a maximum commensurate to the
damage incurred. It is of course arguable that creators of viruses such as ILOVEYOU
will rarely be in a position to pay such fines, but the Philippines law represents one
attempt to update existing offences so as to meet the challenges of cybercrime.

China Internet Security Law


On 28 December 2000, the 19th Session of the Standing Committee of the National
Peoples Congress passed a resolution on maintaining the security of computer networks,
making it a criminal offence to transmit the following over the Internet (Zhongguo
Xinwen She 2000):

slander and rumours or harmful information;

state, intelligence or military secrets;

incitement of ethnic hatred or discrimination;

information in support of cults;

advertising of fake or substandard products or services;

material damaging business reputation;

material infringing intellectual property;

false information on securities or futures trading;

pornography; and

insulting or defaming material.

Cybercrime Legislation in the Asia-Pacific Region

23

Australian Legislative Reform


The Australian Federal Government, in conjunction with State and Territory
governments, has undertaken a substantial review of damage and computer offences in
the Model Criminal Code report on Damage and Computer Offences (Model
Criminal Code Officers Committee 2001). One of the aims of this review is to
promote greater uniformity in offence provisions and penalty levels relating to computer
misuse contained in Commonwealth, State and Territory legislation. The Cybercrime
Bill 2001, currently before the Commonwealth Parliament, will, if enacted, replace
existing computer offences in the Crimes Act 1914 (Cwlth) with new offences under the
Criminal Code Act 1995 (Cwlth), including penalties of 10 years imprisonment for
unauthorised modification of data to cause impairment (section 477.2) and
unauthorised impairment of electronic communication (section 477.3). Similar
amendments based on the Model Code have already been enacted in New South Wales
under the Crimes Amendment (Computer Offences) Act 2001, and are also before the
South Australian Parliament (Weir 2001).
In March 2001, amendments to the Copyright Act 1968 (Cwlth) effected by the
Copyright Amendment (Digital Agenda) Act 2000 (Cwlth) came into force. Apart from
creating new offences of circumvention of technological protection devices (discussed
earlier), the reforms are designed to ensure the efficient operation of relevant industries
in the online environment by providing a balance between the interests of the creators
and commercial distributors of online information and the public right of access to such
information (section 3, Objects of Act).

Microsoft Campaign against Internet Piracy and Criminal


Counterfeiting
Over the last two years, the Microsoft Corporation has undertaken a campaign against
software piracy and counterfeiting in numerous countries including many in the AsiaPacific region. In cooperation with law enforcement agencies, the company has
succeeded in taking down over 88,000 Internet sites offering counterfeit software. Raids
have been conducted in China (including Hong Kong and Macau), Malaysia, the
Philippines, Singapore, Taiwan and Thailand leading to numerous arrests and seizures of
counterfeit software, CDs, optical discs and production equipment (Microsoft
Corporation 2001).

24

Australian Institute of Criminology

5 Conclusion

Cybercrime legislation in the Asia-Pacific region is still in the very early stages of
development and exhibits wide variation in terms of legislative approach, overlap with
general criminal, commercial and intellectual property law, and differentiation between
offences and penalty levels. This variation is not surprising given the vastly different
historical, social and political contexts within which these laws have evolved, and the
differing levels of technological development within the region.
However, it is an inescapable fact that cybercrime knows no national borders and, as a
result, defences against the threats increasingly posed to computer and information
infrastructures can only be as strong as the weaker links in the chain. It is therefore
important for each jurisdiction to continually assess the adequacy of its cybercrime laws
and, where deficiencies can be identified, to reform those laws appropriately. While
there is no single model to be emulated in this process, guidance can be gained from
legislation in force in jurisdictions with longer experience of the threat and prosecution
of cybercrime, and also from concerted international efforts such as the Council of
Europes Draft Convention on Cybercrime. By offering a preliminary comparative analysis
of computer offence provisions against the Council of Europe classification and of
related intellectual property laws, it is hoped that this paper will contribute to greater
cohesion and effectiveness of legislative responses to cybercrime in the Asia-Pacific
region.

Cybercrime Legislation in the Asia-Pacific Region

25

References

Associated Press 2000, Philippine President signs law to punish computer crimes, New York
Times,15 June 2000, Technology section.
CCH Asia 1998, Doing Business in Asia, looseleaf service, CCH Asia PTE Limited, Hong Kong.
Clarke, D. 1999, Private enforcement of intellectual property rights in China, in Intellectual Property
Rights in China: Evolving Business and Legal Frameworks, vol. 10, no. 2, National Bureau of
Research Analysis, Seattle.
Council of Europe 2001, Draft Convention on Cybercrime (Final Draft and Explanatory Note), European
Committee on Crime Problems and Committee of Experts on Crime in Cyber-Space, Strasbourg,
29 June 2001; see http://conventions.coe.int/treaty/EN/projets/projets.htm (visited 20 August
2001).
Grabosky, P.N. 2000, The Mushrooming of Cybercrime, Symposium on Rule of Law in the Global
Village, Panel on the Challenge of Borderless Crime, 1214 December 2000, Palermo; see http://
www.odccp.org/palermo/convmain.html.
Grabosky, P.N. & Smith, R.G. 1998, Crime in the Digital Age: Controlling Telecommunications and
Cyberspace Illegalities, Transaction Publishers/Federation Press, New Brunswick, New Jersey.
Grabosky, P.N., Smith, R.G. & Dempsey, G. 2001, Electronic Theft: Unlawful Acquisition in Cyberspace,
Cambridge University Press, Cambridge.
Heath, C. 1998, Intellectual Property Rights in Asia: Projects, Programmes and Developments, Max Planck
Institute for Foreign and International Patent, Copyright and Competition Law; see http://
www.intellecprop.mpg.de/Online-Publikationen/Heath-Ipeaover.htm (visited 20 August 2001).
Infowar 2001, Viruses web page; see http://www.info-sec.com/viruses/viruses_1.shtml (visited 20
August 2001).
International Intellectual Property Alliance 2001, anti-piracy web site; see http://www.IIPA.com (visited
20 August 2001).
Lee Joo-hee 2000, Law enforcement officers step up efforts to tame cybercrime, The Korea Herald, 17
November 2000.
McConnell International 2000, Cyber Crimeand Punishment? Archaic Laws Threaten Global Information,
online report; see http://www.mcconnellinternational.com/services/CyberCrime.pdf (visited
20 August 2001).
Microsoft Corporation 2001, Microsoft intensifies worldwide campaign against Internet piracy and
criminal counterfeiting, media release, 2 April 2001; see http://www.microsoft.com/presspass/
press/2001/apr01/04-02InternetCrimePR.asp (visited 20 August 2001).
Model Criminal Code Officers Committee 2001, Model Criminal Code, Chapter 4: Damage and
Computer Offences and Amendment to Chapter 2: Jurisdiction, Model Criminal Code Officers
Committee of the Standing Committee of Attorneys-General Australia; see http://www.law.gov.au/
publications/Model_Criminal_Code/index.htm (visited 20 August 2001).
Sieber, U. 1998, Legal Aspects of Computer-Related Crime in the Information Society, Comcrime Study
prepared for the European Commission, Version 1.0, January.
Software and Information Industry Association 2001, Report on Global Software Piracy 2000; see http://
www.spa.org/piracy (visited 20 August 2001).

26

Australian Institute of Criminology

Tan, K.H. 2000, Prosecuting foreign-based computer crime: International law and technology collide,
Symposium on Rule of Law in the Global Village, Panel on the Challenge of Borderless Crime,
1214 December 2000, Palermo; see http://www.odccp.org/palermo/convmain.html.
United States Department of Justice 2000, The Electronic Frontier: Unlawful Conduct Involving the Use of
the Internet, Report of the Presidents Working Group on Unlawful Conduct on the Internet,
March 2000; see http://www.usdoj.gov/criminal/cybercrime/unlawful.htm (visited 20 August
2001).
Urbas, G. 2000, Public enforcement of intellectual property rights, Trends and Issues in Crime and
Criminal Justice, no. 177, Australian Institute of Criminology, Canberra.
Vietnam Post 2001, Vietnam Internet after 3 years of development, Vietnam Post, 5 January; see http://
home.vnn.vn/vnpost/bao_2001/so1/english/index_content.html (visited 10 January 2001).
Weir, S. 2001, Cybercrime high on penalty hit-list, The Adelaide Advertiser, 3 July.
White House. 2000, International Crime Threat Assessment, Report of a United States Government
interagency working group in support of and pursuant to the Presidents International Crime
Control Strategy; see http://www.fas.org/irp/threat/pub45270index.html (visited 20 August 2001).
Zhongguo Xinwen She 2000, China passes Internet security law, China Online, 29 December 2000; see
http://www.chinaonline.com/issues/internet_policy/NewsArchive/Secure/2000/December/
C00122805.asp (visited 20 August 2001).

Cybercrime Legislation in the Asia-Pacific Region

27