Who will be guilty?
Tuesday, April 15th, 2008There is a short article availabe at www.wired.com website where you may read about some thoughts of Harry Sintonen regarding security of couple of websites. As from the media point of view the most spectacular cross-site scripting attack concerned CIA’s website. But I found on Harry’s list other addresses that are worthy a short notice here, for instance, the official website of the European Parliament. You may ask why? Because there is another article available at www.gazeta.pl website (in Polish language) where Waldy Dzikowski (the chief of Platforma Obywatelska’s parliamentary club) tells about how he opts about electronic elections to the European Parliament which will be held in another thirteen months. I have to admit that I am not sure who is supporting Mr Dzikowski because there is always someone who has the interest to supply the Republic of Poland with e-voting infrastructure or as Witold Drożdż from the Ministry of Interior and Administration said “technical and organization” infrastructure. When I think about such problems as faced by the CIA or European Parliament websites then I instantly wonder if someone can assure me about security and what is even more important about the lack of frauds in the process of electronic voting? Of course, we have proper crminal provisions against crimes aimed at voting process in the Polish Penal Code of 6 June, 1997. Dziennik Ustaw No 88, pos. 553, with later changes.
Chapter XXXI. Crimes against elections and referendum
Art. 248.
Article 248. Whoever, in connection with elections to the Sejm, Senate, election of the President of the Republic of Poland, elections to European Parliament, local elections or referendum:
(…)
3) damages, hides or forge reports or other election or referendum documents,
(…)
4) interferes or allow to interfere with the collecting or counting votes
(…)
5) gives another person unused voting card before an end of voting or gets an unused voting card from another person in order to use it in voting,
- shall be subject to the penalty of deprivation of liberty for up to 3 years.
(…)
Art. 250a. § 1. Whoever, being entitled to vote, gets financial or personal benefits or requests such benefit for voting in a given way, shall be subject to the penalty of deprivation of liberty for a term of between 3 months up to 5 years.
§ 2. The same penalty should apply to a person which gives financial or personal benefits to a person entitled to voting in order to induceaby such person to vote in a given way or for voting in a given way.Art. 251. Whoever, in violation of regulations on secrecy of votiong, against the will of a voter, acquaints with the content of a vote, shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
As you can see there are some possibilities. There are also “anti-compromise” regulations (sic!)
Chapter XXXIII. Crimes against protection of information
(…)
Article 267.
§ 1. Whoever, without being authorised to do so, acquires information not destined for him, by opening a sealed letter, or connecting to a wire that transmits information or by breaching electronic, magnetic or other special protection for that information shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
§ 2. The same punishment shall be imposed on anyone, who, in order to acquire information to which he is not authorised to access, installs or uses tapping, visual detection or other special equipment.
§ 3. The same punishment shall be imposed on anyone, who imparts to another person the information obtained in the manner specified in § 1 or 2 discloses to another person.
§ 4. The prosecution of the offence specified in § 1 – 3 shall occur on a motion of the injured person.
(…)Art. 268a. § 1. Whoever, without being authorised to do so, destroys, damages, removes, changes lub makes an access to data difficult or in a significant way disrupts or prevents from the automatic process, gathering or transmission of such data, shall be subject to the penalty of deprivation of liberty for up to 3 years.
(…)Art. 269.§ 1. Whoevery, damages, removes or changes information data of particular importance for country’s defences, safety of transportation, function of governmen administration, other state’s organ or state’s institution or local government albo zakłóca disrupts or prevents from the automatic process, gathering or transmission of such data, shall be subject to the penalty of deprivation of liberty for a term of between 6 months up to 8 years
§ 2. The same penaly should apply to a person who commits offences mentioned in § 1, by destroying or replacing the information carrier or by destroying or damaging a device serving for automatic processing, gathering or transfering of information data.Art. 269a. Whoever, without being authorised to do so, by transmission, destroy, removing, damaging or changing information data, in significant manner disrupts the work of a computer system or a teleinformatic network, shall be subject to the penalty of deprivation of liberty for a term of between 3 months up to 5 years
Art. 269b. § 1. Whoever, produces, acquires, sells off or makes available to other persons devices or computer software adapted to perform a crime mentioned in art. 165 § 1 pt 4, art. 267 § 2, art. 268a § 1 or § 2 in connection with § 1, art. 269 § 2 or art. 269a, and computer passwords, access codes or other data that allow for the access to information stored in a computer system or teleinformatic network, shall be subject to the penalty of deprivation of liberty for up to 3 years.
This list is really long right? I asked my Polish readers if they know any cases regarding such crimes. I guess we have a really small percentage. The question is if it’s a really small percentage of crime detection or such crimes itself?