Polish IP & IT law » legal regulations on computers networks

Archive for: legal regulations on computers networks

Comparative law – literally, word for word

January 15th, 2009, Tomasz Rychlicki

Recent changes in the Polish Criminal Code regarding “computer crimes” that were introduced by the the Act to amend the Act – the Criminal Code and certain other acts of 24 October 2008, Journal of Laws (Dziennik Ustaw) No. 214, item 1344, which entered into force on 18 December 2008.

Chapter XXXIII. Offences against the protection of information

Article 265. § 1. Whoever discloses or, in violation of the law, uses information which constitutes a state secret

shall be subject to the penalty of deprivation of liberty for a term of between 3 months and 5 years.

§ 2. If the information specified in § 1 has been disclosed to a person acting in the name of or for a foreign entity, the perpetrator

shall be subject to the penalty of deprivation of liberty for a term of between 6 months and 8 years.

§ 3. Whoever unintentionally discloses the information specified in § 1, with which he has become acquainted in the performance of his official function or authorisation delegated to him

shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to one year.

Article 266. § 1. Whoever, in violation of the law or obligation he has undertaken, discloses or uses information with which he has become acquainted with in connection with the function or work performed, or public, community, economic or scientific activity pursued

shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

§ 2. A public official who discloses to an unauthorised person information which is an official secret or information with which he has become acquainted in the performance of his official duties and whose disclosure can endanger a legally protected interest

shall be subject to the penalty of deprivation of liberty for up to 3 years.

§ 3. The prosecution of the offence specified in § 1 shall occur on a motion of the injured person.

Article 267. § 1. Whoever, without being authorised to do so, acquires information not destined for him, by opening a sealed letter, or connecting to a wire that transmits information or by breaching electronic or bypass, electronic, magnetic, information or other special protection for that information

shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

§ 2. The same punishment shall be imposed on anyone, who without being authorised to do so acquires access to whole or part of an information system.

§ 3. The same punishment shall be imposed on anyone, who, in order to acquire information to which he is not authorised to access, installs or uses tapping, visual detection or other special equipment.

§ 4. The same punishment shall be imposed on anyone, who imparts to another person the information obtained in the manner specified in § 1-3 discloses to another person.

§ 5. The prosecution of the offence specified in § 1–4 shall occur on a motion of the injured person.

Article 268. § 1. Whoever, not being himself authorised to do so, destroys, damages, deletes or alters a record of essential information or otherwise prevents or makes it significantly difficult for an authorised person to obtain knowledge of that information,

shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

§ 2. If the act specified in § 1 concerns the record on an electronic information carrier, the perpetrator shall be subject to the penalty of deprivation of liberty for up to 3 years.

§ 3. Whoever, by committing an act specified in § 1 or 2, causes a significant loss of property

shall be subject to the penalty of deprivation of liberty for a term of between 3 months and 5 years.

§ 4. The prosecution of the offence specified in § 1-3 shall occur on a motion of the injured person.

Art. 268a. § 1. Whoever, without being authorised to do so, destroys, damages, removes, changes lub makes an access to data difficult or in a significant way disrupts or prevents from the automatic process, gathering or transmission of such data,

shall be subject to the penalty of deprivation of liberty for up to 3 years.

§ 3. Whoever, by committing an act specified in § 1, causes a significant loss of property

shall be subject to the penalty of deprivation of liberty for a term of between 3 months and 5 years.

§ 3. The prosecution of the offence specified in § 1 or 2 shall occur on a motion of the injured person.

Article 269. § 1. Whoever destroys, deletes or changes a record on an electronic information carrier, having a particular significance for national defence, transport safety, operation of the government or other state authority or localgovernment, or interferes with or prevents automatic collection and transmission of such information

shall be subject to the penalty of deprivation of liberty for a term of between 6 months and 8 years.

§ 2. The same penaly should apply to a person who commits offences mentioned in § 1, by destroying or replacing the information carrier or by destroying or damaging a device serving for automatic processing, gathering or transfering of information data.

Art. 269a. Whoever, without being authorised to do so, by transmission, destroy, removing, damaging or changing information data, in significant manner disrupts the work of a computer system or a teleinformatic network,

shall be subject to the penalty of deprivation of liberty for a term of between 3 months up to 5 years

Art. 269b. § 1. Whoever, produces, acquires, sells off or makes available to other persons devices or computer software adapted to perform a crime mentioned in art. 165 § 1 pt 4, art. 267 § 2, art. 268a § 1 or § 2 in connection with § 1, art. 269 § 2 or art. 269a, and computer passwords, access codes or other data that allow for the access to information stored in a computer system or teleinformatic network,

shall be subject to the penalty of deprivation of liberty for up to 3 years.

§ 2 In case of a conviction for an offense referred to in § 1, the court rules the forfeiture of items, and may decide their forfeiture if they were not the property of the perpetrator.

Here is also one ODT, 14KB, file with both versions. Please send your comments regarding the translation.

“Piracy” in Poland

December 22nd, 2008, Tomasz Rychlicki

By the term “piracy” I do not mean “an offense against humanity” as defined in U.S. v. Furlong, 18 U.S. 184, 5 L. Ed. 64 (1820) or that “the crime of piracy comprehends an act upon the high seas” (61 Am Jur 2d Piracy § 8). Although, I am being aware of the Oxford English Dictionary definitions such as “1603 T. Dekker Wonderfull Yeare sig. A4, Banish these Word-pirates (you sacred mistresses of learning) into the gulfe of Barbarisme” or “1668 J. Hancock Brooks’ String of Pearls (Notice at end), Some dishonest Booksellers, called Land-Pirats, who make it their practise to steal Impressions of other mens Copies” or “1703 D. Defoe True-born Englishman in True Collect. I. Expan. Pref. sig. B3v, Its being Printed again and again by Pyrates” or even “1706 D. Defoe Jure Divino Pref. p. xxvii, Gentlemen-Booksellers that threatned to Pyrate it, as they call it, viz. reprint it, and sell it for half a Crown”.

Anyway, according to the article which is available at onet.pl website, in Polish, the District Court in Koszalin has sentenced Łukasz D. – a former student of the Koszalin University of Technology (Politechnika Koszalińska) for a half year of imprisonment for computer “piracy”. The judgment was suspended for two years. The court found Łukasz D. guilty of the theft of 49 programs (of a total value of 180 709,66 PLN). Łukasz D. could even face 10 years in prison, but the court took into account his attitude during the investigation, and mitigated the sentence. The mitigation was also requested by the prosecutor in his final speech.

The case of 19 students from Koszalin who were involved in copyright infringement in P2P networks was widely publicized in Poland because the Police, Customs officers and private investigators from the Polish Society of the Phonographic Industry did not inform the vice chancellor of the Koszalin University of Technology (for my US English readers – the president) about their action which took place in university’s dorms. Academia authorities have deemed such operation as violation of the autonomy of universities and challenged the search action (which was performed without a proper search warrant, just on the basis of an official legitimacy of the Police) before the Public Prosecutor’s office. The Police search action was also officially condemned by the Conference of Rectors of Academic Schools in Poland and students organized pickets at the center of Koszalin. However, the Public Prosecutor’s office considered the complaint as unfounded and approved the dorms’ search.

Tell what you have to if you are provider

October 20th, 2008, Tomasz Rychlicki

Judgment of the Court of Justice of European Communities of 16 October 2008 in case C-298/07, deutsche internet versicherung.

1. Article 5(1)(c) of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘Directive on electronic commerce’) must be interpreted as meaning that a service provider is required to supply to recipients of the service, before the conclusion of a contract with them, in addition to its electronic mail address, other information which allows the service provider to be contacted rapidly and communicated with in a direct and effective manner. That information does not necessarily have to be a telephone number. That information may be in the form of an electronic enquiry template through which the recipients of the service can contact the service provider via the internet, to whom the service provider replies by electronic mail except in situations where a recipient of the service, who, after contacting the service provider electronically, finds himself without access to the electronic network, requests the latter to provide access to another, non-electronic, means of communication.

Computer crimes, case VI K 849/07

October 6th, 2008, Tomasz Rychlicki

Polish criminal law provides regulations, which in theory would serve to criminalize conducts related to “cracking” actions.

Chapter XXXIII. Crimes against protection of information
(…)
Article 267.
§ 1. Whoever, without being authorised to do so, acquires information not destined for him, by opening a sealed letter, or connecting to a wire that transmits information or by breaching electronic, magnetic or other special protection for that information shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
§ 2. The same punishment shall be imposed on anyone, who, in order to acquire information to which he is not authorised to access, installs or uses tapping, visual detection or other special equipment.
§ 3. The same punishment shall be imposed on anyone, who imparts to another person the information obtained in the manner specified in § 1 or 2 discloses to another person.
§ 4. The prosecution of the offence specified in § 1 – 3 shall occur on a motion of the injured person.

Provisions of article 267 were used against Mateusz M. He was charged with use of methods known as SQL injection, in conjunction with Article 267 § 1. However, the District Court in Głogów VI Wydział Grodzki in a judgment of 11 August 2008, act signature VI K 849/07, found Mateusz M. not guilty.

The court held that the actions of the accused fail to comply with the statutory elements (…) Overcoming (breaching) security occurs when the offender destroys, removes the security, or when the impact on the security temporarily removes the protective function. (…) The person who gained access to sensitive information, but did not break any security measures will not bear the criminal responsibility.

I have to add that there are pending amendments to the Polish Criminal Code provisions regarding aforementioned regulations. Piotr Waglowski provides more details about this case. As regards legal issues on cracking I already wrote posts entitled “Who will be guilty?” and “Legal hacking“.

Think before requesting removal

August 21st, 2008, Tomasz Rychlicki

Joe Gratz wrote a post about a very interesting judgment in the case Lenz v. Universal Music Corp., No. 07-3783 (N.D. Cal. August 20, 2008), PDF file.

The purpose of Section 512(f) is to prevent the abuse of takedown notices. If copyright owners are immune from liability by virtue of ownership alone, then to a large extent Section 512(f) is superfluous. As Lenz points out, the unnecessary removal of non-infringing material causes significant injury to the public where time-sensitive or controversial subjects are involved and the counter-notification remedy does not sufficiently address these harms. A good faith consideration of whether a particular use is fair use is consistent with the purpose of the statute. Requiring owners to consider fair use will help “ensure[] that the efficiency of the Internet will continue to improve and that the variety and quality of services on the Internet will expand” without compromising “the movies, music, software and literary works that are the fruit of American creative genius.” Sen. Rep. No. 105-190 at 2 (1998).

I still wonder why such regulation were not included in analogical provisions of Polish or European Union law.

See this movie on YouTube:

Congrats to Irish people for their referendum

July 3rd, 2008, Tomasz Rychlicki

When I see such legislative initiatives as reported by the European Digital Rights at edri.org website, I start to doubt about European integration. If the process of adopting directives looks like that (you do remember how was the Directive of the European Parliament and of the Council on the patentability of computer-implemented inventions adopted and all this controversy with ignoring the voice of one country during the Council meeting right?). I see a lot of advantages of the Community Trade Mark system but lobbying in the European Union makes me annoyed at the bureaucrats and European bureaucracy, and you should read this post in such manner. ;)

Update on July 8, 2008.
Philippe Aigrain has written a very detailed post regarding lobby process within the EU in the field of IP law. It is available at paigrain.debatpublic.net website.

Categories: EU law | copyright law | digital economy | legal regulations on computers networks | telecommunication law.

May 6th, 2008, Tomasz Rychlicki

I started an academic platform called lawinit.com together with dr Wojciech Wiewiórowski and thanks to great help of Marcin Sochacki and Marcin Czerwiński. We think about English version too so if you are interested in such academic cooperation then you are warmly welcomed. Meanwhile, among other things there are great translations of German courts judgments provided by Justyna Kurek.

Poland: e-filing for trade marks applications

April 28th, 2008, Tomasz Rychlicki

There are recent changes in the procedure of filing trade mark applications before the Polish Patent Office. According to the Regulation of the Prime Minister dated 15 May 2008 on filing and processing of patent applications, applications for medicinal products and plant protection products, utility model applications, industrial designs applications, trade mark applications, geographical indications applications, topography of integrated circuits applications and keeping correspondence in electronic form, published in Journal of Laws (Dziennik Ustaw) of 23 May 2008, No 89 item 540, all applications should be filed in e-forms that are available through the PPO website and are prepared in software and in compatibility with formats used by the Polish Patent Office. The use of other computer programs to prepare filing applications requires the approval of the PPO. This Regulation will enter into force on 7 June 2008.

The PPO had also published (DOC file) an English version of table of fees established in the Regulation of the Council of Ministries dated 26 February 2008 amending the regulation on fees relating to the protection of inventions, utility models, industrial designs, trademarks, geographical indications and topographies of integrated circuits.

Single fees (fees are in Polish złoty – to check rates use google.com services or exchange rates provided by the National Bank of Poland):

For trademark application up to three classes of goods according to applicable classification of goods and services – 550,00*
for each class in excess of three – 120,00
for declaration of priority – for each priority claimed – 100,00
For electronic filing of trademark application up to three classes of goods according to applicable classification of goods and services – 500,00*
for each class in excess of three – 120,00
for declaration of priority – for each priority claimed – 100,00
For request for conversion of international registration into national application – 550,00
For request for conversion of Community trademark application into national application – 550,00
For transmittal of Community trademark application – 120,00
For division of application – for each additional application – 550,00
For request for postponement of the payment of a fee – 60,00
For request for restoration of a time limit or the excuse of non-observance of a time limit because of exceptional circumstances occurred – 80,00
For request for re-examination of the matter:
in connection with an order issued** – 50,00
in connection with a decision taken – 100,00
For publication of the mention of grant of right of protection – 90,00
For issuance of a duplicate of certificate of protection: – 100,00
For excerpt from the register: with current legal status with modified or removed information added – 60,00
100,00
For preparation of priority document – 60,00
For request for making a change in the register – for each change made – 70,00
For request for replacement of national registration with international registration – 50,00
For request for transformation of trademark into collective trademark, collective guarantee trademark or trademark protected with one collective right of protection – 500,00
For request for filing a request by the Patent Office of the Republic of Poland for entry in the international register of a change concerning international trademark registration – 200,00
For notice of opposition 1000,00
For request for taking a decision in litigation proceedings – 1000,00
For request for lodging a complaint to Administration Court – 1000,00
For request for international registration – 600,00
For request for registration renewal – 200,00
Additional fee for late submission of request for registration renewal – 300,00
For request for sending communications to addresses additionally indicated (Article 241(2)) – for each additional address – 200,00

* In case of collective trademark, collective guarantee trademark or trademark filed for collective right of protection – the amount of the fee is subject of increase of 100%
** this does not apply to requests for the exemption from the payment of a fee

I have previously informed P.T. readers about higher fees for trade marks’ applications in Poland in a post entitled “Poland: higher fees for trade marks“.

Who will be guilty?

April 15th, 2008, Tomasz Rychlicki

There is a short article availabe at wired.com website where you may read about some thoughts of Harry Sintonen regarding security of couple of websites. As from the media point of view the most spectacular cross-site scripting attack concerned CIA’s website. But I found on Harry’s list other addresses that are worthy a short notice here, for instance, the official website of the European Parliament. You may ask why? Because there is another article available at gazeta.pl website (in Polish language) where Waldy Dzikowski (the chief of Platforma Obywatelska’s parliamentary club) tells about how he opts about electronic elections to the European Parliament which will be held in another thirteen months. I have to admit that I am not sure who is supporting Mr Dzikowski because there is always someone who has the interest to supply the Republic of Poland with e-voting infrastructure or as Witold Drożdż from the Ministry of Interior and Administration said “technical and organization” infrastructure. When I think about such problems as faced by the CIA or European Parliament websites then I instantly wonder if someone can assure me about security and what is even more important about the lack of frauds in the process of electronic voting? Of course, we have proper crminal provisions against crimes aimed at voting process in the Criminal Code – CRC – (in Polish: Kodeks Karsny) of 6 June, 1997, Journal of Laws (Dziennik Ustaw) No. 88, item 553, with later amendments.

Chapter XXXI. Crimes against elections and referendum
Art. 248.
Article 248. Whoever, in connection with elections to the Sejm, Senate, election of the President of the Republic of Poland, elections to European Parliament, local elections or referendum:
(…)
3) damages, hides or forge reports or other election or referendum documents,
(…)
4) interferes or allow to interfere with the collecting or counting votes
(…)
5) gives another person unused voting card before an end of voting or gets an unused voting card from another person in order to use it in voting,
- shall be subject to the penalty of deprivation of liberty for up to 3 years.
(…)
Art. 250a. § 1. Whoever, being entitled to vote, gets financial or personal benefits or requests such benefit for voting in a given way, shall be subject to the penalty of deprivation of liberty for a term of between 3 months up to 5 years.
§ 2. The same penalty should apply to a person which gives financial or personal benefits to a person entitled to voting in order to induceaby such person to vote in a given way or for voting in a given way.

Art. 251. Whoever, in violation of regulations on secrecy of votiong, against the will of a voter, acquaints with the content of a vote, shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

As you can see there are some possibilities. There are also “anti-compromise” regulations (sic!).

Chapter XXXIII. Crimes against protection of information
(…)
Article 267.
§ 1. Whoever, without being authorised to do so, acquires information not destined for him, by opening a sealed letter, or connecting to a wire that transmits information or by breaching electronic, magnetic or other special protection for that information shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
§ 2. The same punishment shall be imposed on anyone, who, in order to acquire information to which he is not authorised to access, installs or uses tapping, visual detection or other special equipment.
§ 3. The same punishment shall be imposed on anyone, who imparts to another person the information obtained in the manner specified in § 1 or 2 discloses to another person.
§ 4. The prosecution of the offence specified in § 1 – 3 shall occur on a motion of the injured person.
(…)

Art. 268a. § 1. Whoever, without being authorised to do so, destroys, damages, removes, changes lub makes an access to data difficult or in a significant way disrupts or prevents from the automatic process, gathering or transmission of such data, shall be subject to the penalty of deprivation of liberty for up to 3 years.
(…)

Art. 269.§ 1. Whoevery, damages, removes or changes information data of particular importance for country’s defences, safety of transportation, function of governmen administration, other state’s organ or state’s institution or local government albo zakłóca disrupts or prevents from the automatic process, gathering or transmission of such data, shall be subject to the penalty of deprivation of liberty for a term of between 6 months up to 8 years
§ 2. The same penaly should apply to a person who commits offences mentioned in § 1, by destroying or replacing the information carrier or by destroying or damaging a device serving for automatic processing, gathering or transfering of information data.

Art. 269a. Whoever, without being authorised to do so, by transmission, destroy, removing, damaging or changing information data, in significant manner disrupts the work of a computer system or a teleinformatic network, shall be subject to the penalty of deprivation of liberty for a term of between 3 months up to 5 years

Art. 269b. § 1. Whoever, produces, acquires, sells off or makes available to other persons devices or computer software adapted to perform a crime mentioned in art. 165 § 1 pt 4, art. 267 § 2, art. 268a § 1 or § 2 in connection with § 1, art. 269 § 2 or art. 269a, and computer passwords, access codes or other data that allow for the access to information stored in a computer system or teleinformatic network, shall be subject to the penalty of deprivation of liberty for up to 3 years.

This list is really long, right? I asked my Polish readers if they are familiar with any cases regarding such crimes. I guess we have a really small percentage. The question is, if it’s a really small percentage of crime detection or just such crimes itself?

Access to public information, case V Ca 454/07

July 30th, 2007, Tomasz Rychlicki

Sergiusz Pawłowicz who was also the leading programmer of Janosik project, went the same administrative proceedings as ISOC Poland. See “Access to public information, case OSK 600/04“. At the final stage the Supreme Administrative Court rejected Sergiusz’s complaint on the decision of the Voivodeship Administrative Court case file II SAB/Wr 72/02, recognizing that the proper course shall be a civil action.

Sergiusz filed a complaint requesting the civil court to order ZUS to disclose specification of KSI MAIL protocol being public information. The Regional Court in Warszawa in its judgment of 8 December 2006 case file XVI C942/04 ruled that publication of the protocol that is used by Płatnik software will not affect in any way the integrity of safety of data sent by this software. Therefore all arguments raised by ZUS with regard to data security were unfounded. The Court also held that ZUS did not prove that the protocol of KSI MAIL is protected by copyrights that belongs to Prokom Software S.A. or whether Prokom received any patent covering this protocol.

As for the argument that ZUS’s obligations regarding confidentiality of information about technologies used in Płatnik and its source code, which resulted from the agreement between ZUS and Prokom, the court held that according to the obligation to disclose public information included in article 13 of the Act on the Informatization of Activities Undertaken by Entities Fulfilling Public Tasks (in Polish: ustawa o informatyzacji działalności podmiotów realizujących zadania publiczne), the provision of the agreement as a ius dispositivum, may not impose negative consequences on Sergiusz.

The court also held that the use of the requested public information and legal interest that Sergiusz and its legal representative derrived from the social interest was beyond the scope of the whole dispute. Simply, there is no need to prove legal interest when requesting the access to public information.

ZUS filed an appeal complaint. The Appellate Court in Warsaw in its judgment of 23 April 2007 case file V Ca 454/07 rejected it. The Court held that the court of first instance provided deep and proper analysis of binding legal norms and its judgment was correctly applied.

Copyright law, case VI ACa 1012/05

April 22nd, 2007, Tomasz Rychlicki

The Appellate Court in Warsaw in its judgment of 14 March 2006, case file VI ACa 1012/05, published in the Jurisprudence of Appellate Courts (in Polish: Orzecznictwo Sądów Apelacyjnych) of 2007, No 12, item 36, p. 56, held that when it comes the legal protection of the author’s work it does not matter how the infringer came into the possession of the work, or how the work arrived to him, in particular, it does not matter that the work, which is the subject of the infringement came to the infringer as unsolicited correspondence sent electronically, the so-called spam. The protection is not only afforded to the well known creator, whose works are published in big numbers, but to anyone whose rights to a protected work have been infringed in any possible way, copyright law makes no distinctions in the field of protection depending on the value of the work and the recognition enjoyed by the author.

See also my posts entitled “Polish regulations on copyright” and “Polish case law on copyright“.