COMPUTER CRIME IN INFORMATION SECURITY AND ITS LEGAL REGULATIONS
Computer crime in information security and the need for data protection of information systems, as well as the international and national legal framework, their current status are investigated in this article.
Computer crime (cyber crime) is a criminal offense that can cause material or moral damage to the interests of a person, society and the state by using the highest possibilities and methods of today's information technologies.
The Convention on Computer crime distinguishes four types of offence [1]:
- crimes against the confidentiality, integrity and usability of computer systems and data;
- computer-related crimes;
- crimes related to the constituent part;
- property rights crimes.
Several methods and tools have been developed in the world today in order to study and prevent these processes. Over the past period, the number of crimes involving computer technology and other electronic equipment, and criminal cases related to thefts in the form of cash have increased significantly. In the commission of computer crimes, methods of detection and evaluation are used, based on the use of high-level technologies, that is, by using advanced methods and tools.
For instance, organizations and enterprises that use automated computer systems for processing accounting documents, making payments and other operations are becoming victims of criminals. Banks and their financial resources are often the targets of criminals. In the world experience, as of today, the number of countries that include computer and electronic crimes in their legal base comprise 179 (93%), special attention is being paid to the protection of technical means of receiving, transmitting and collecting information from unauthorized use by the legislative authorities of the countries.
Digital forensics can be divided into three types (Figure 1):
- computer forensics;
- mobile forensics;
- network forensics.
Computer forensics requires the use of special techniques for data recovery, computer crime related electronic data analysis and authentication. It combines computer research, information technology and other technical issues with legal documents. Computer crime in information systems can be justified by using the first type of digital forensics to identify, analyze and investigate attacks.
The increase in crimes in the field of computer technologies, their high level of social danger required the development of measures to protect against these crimes (first of all, by protecting computer technologies themselves). Research scientists say that 60% of such protection means correspond to legal means, 20% to cryptographic and 20% to software-hardware and other physical and organizational means. [2]
Figure 1. Digital forensics and its classification
The adoption of the Laws of the Republic of Uzbekistan on May 6, 1994 "On the Legal Protection of Computer Programs and Databases" and on December 11, 2003 "On Informatization" forms the basis of legislation on fighting crimes in the field of information technologies. [2, 3]. These regulatory documents define many legal and technical terms that are of principle importance for the correct classification of crimes and the prosecution of guilty people.
Table 1. Comparative analysis of regulatory frameworks in the field of computer crime
Country |
Regulatory documents |
Japan |
Addendum to the Criminal Code of Japan dated 26.06.2001: "Committing crimes by computer, including electronic means" (Article 189). |
Russian Federation |
Chapter 28 of the Criminal Code of the Russian Federation. According to the crimes in the field of computer information "Article 272. Illegal access to computer data, Article 273. Creation, use and distribution of malicious computer programs, Article 274. Violation of the rules of operation of storage means, processing or transmission of computer information and information-telecommunication networks". |
The Republic of Uzbekistan |
Chapter XX1 of the Criminal Code of the Republic of Uzbekistan. Crimes in the field of information technology. |
Combating computer crime not only by technical means, but also by the application of regulatory documents prevents the destruction of information systems. The issue of what constitutes the object of crimes in the field of information technology is still controversial. In particular, legal literature has different opinions about the object and subject of this type of crime. For example, V.V. Krylov believes that the object of these crimes is ECM information. Scientist L. In Chichko's research work, the object is the exposure information and V.B. Vehov's research emphasized machine information understanding [1]. According to supporters of the view that information can be an object of crime, information, including computer information, is a convenience created for society, and therefore it is a fact that harm is caused when it is illegally destroyed or modified.
Today, computer crime is more likely to increase than traditional crime, because the financial circulation of all countries in electronic form, including our Republic, has great growth dynamics. During the pandemic, the need for online electronic payments leads to the increase in computer crime in information systems. Therefore, conducting research in the field of computer forensics is an urgent issue. With the Decree of the President of the Republic of Uzbekistan No. PF-6079 of October 5, 2020 on the approval of the "Digital Uzbekistan-2030" strategy and measures for its effective implementation clearly shows how important the issue of information and cyber security is during the process of digitization and digital transformation in our country.
Above, the areas of application of digital forensics in the fight against computer crime in information security and the relevance of forensics in the detection of computer crimes, as well as solutions for ensuring the security of information systems based on the full implementation of foreign and national legal norms, are analyzed.
In the provision of information security, law is important as a means of social regulation supported by state coercion. In this field, the state acts as an active subject of law formation and the organizer of law enforcement activities.
In this regard, at the current stage of state formation, the legal regulation of relations in the field of combating threats in the information space is actively developing and being strengthened by law. The adoption of Laws of “On freedom of information principles and guarantees”, “On guarantees and freedom of information”, “On information”, “On cyber security”, also Decree of the President of the Republic of Uzbekistan “On measures to implement the state system of protection of information systems and resources of the Republic of Uzbekistan” No. PD-6007 of June 15, 2020, Decree of the President of the Republic of Uzbekistan “On additional measures to protect national information resources” No. PD-1572 of July 8, 2011, “On measures to further improve the system of cyber security in the Republic of Uzbekistan” No. PD-4751 of June 15, 2020, and Decree of Cabinet of Ministers of the Republic of Uzbekistan “On the approval of the regulation on the organization of the storage of confidential information in the information facilities of the Republic of Uzbekistan and the procedure for ensuring its security” No. 295 of October 16, 2015 is an important step in protecting the country’s interests in the information field from threats is creating the basis for the formation of important theoretical ideas of legal provision of information security.
At present, the use of a number of technologies for the introduction and further development of various innovative technological solutions in the provision of information and cyber security in the country is becoming an urgent issue day by day:
- Artificial Intelligence;
- Blockchain/Distributed Ledger;
- High Performance Computing;
- Automatic Control Systems;
- Internet of Things (IoT).