By You Yunting & Luo Yanjie

According to the report (note: the link is in Chinese), yihaodian.com, the first established online market in China with Wal-Mart (NYSE: WMT) has most shareholders of it, is enrolled in the scandal of account releasing. The information of more than 0.9 million users of it is just sold for RMB 500 on the internet, and so far more than one user have been withdrawn or removed the money in their account. Judging from the news, the account thief did not withdraw or use the money deposited in the account and chose to sell such information instead. Then in such situations, shall the thief take the liability by criminal law? For this issue, You Yunting, the founder of our website, has been interviewed by local TV station, and the following is its main content:

In the modern society seeing a vast progress of the internet, the data thieving of the website is an annoying problem to the website runner and the government, and so far the most powerful combating measure is the criminal lawsuit. By the existing laws in China, to chase the criminal liability of the thieves is not difficult, and we would like to analyze the specific crimes in the criminal law as follows:

I.          The crime of illegal invasion into the computer information system could not be constituted

Although the misconduct is most suitable for the crime from its name, for the account thieving is based on the invasion into the computer system. But by Article 285 of the Criminal Law, the crime could only be established when “invasion into the computer information system applied in the national issues, national defense or top science field”, and so the normal e-commerce platform shall not be include in it. Therefore, no crime of it shall be established for the misconduct.

II. The crime of destroy computer information system could not be constituted

Not like the crime of illegal invasion into the computer information system, the target of the crime shall not be limited to the “state owned ones” with the normal e-commerce platform could be included in. However, the establishment of the crime demands the destroying conducted by the thief, namely the measures to paralyze the operation of the computer system. But the crime could not be applied when the thieving is conducted with taking advantage of the bug in the system rather than to destroy it, for there’s no paralysis after all.

III．Not easy to be judged as crime of trade secret violation

According to Article 219 of the criminal law, “Whoever engages in the activities which encroaches upon commercial secrets and brings significant losses to persons having the rights to the commercial secrets acquire a rightful owner’s commercial secrets via theft, lure by promise of gain, threat, or other improper means is to be judged the crime of trade secret violation”.

In the current practices, the invasion by the hacker will be deemed as such crime, however on the other hand, to our experience, the case mentioned on the beginning of the post is hard to be handled under the rule. By Article 7 of the interpretations on IPR violation made by the Supreme People’s Court and the Supreme Procuratorate, the fund amount involved in the misconduct shall be more than RMB 500, 000,(about $ 78, 616.4) then the case could be investigated as a criminal case. But in the cases like the one discussed in this post, the amount of the losses of the infringer or the gains of the thief will far less than RMB 500, 000 or is difficult to be calculated, and as to the losses coming from the trade secret releasing to the public domain, it could not be assessed for the poor evidence to the causality.

IV. The crime of theft could be judged when the money using resulted by the stolen information selling

We would first to clarify that any using of the money deposited in the account after purchase the information of it could be the crime of theft once the standard of such crime could be reached. For it’s actually kind of stealing to the private or public property.

For the thief in the case when selling the account information, the misconduct is actually made when knowing the intension of the purchaser. Therefore, the thief is providing the convenience to other’s stealing when selling the information, and for this reason it could constitute the indirect intent for “knowing the damages from ones conduct but do nothing to let it happen”. So, the thief could be accomplice of the money stealing and shall thereby take the criminal liability.

V. The crime of illegal acquisition of the data in the computer information system could be judged when not selling the stolen information after stealing it

The crime is a newly added one in the VII amendment to the criminal law, and refers to any serious conduct of acquiring the date stored, processed or transmitted by the computer information system with the invasion into the computer information system used in the field in addition to the national matters, national defense or top science field or with other methods.

Despite the regulation that the crime could only be established when the conduct is serious, by the law interpretation on cases of damages to the security of the computer system made by the Supreme People’s Court and the Supreme Procuratorate, the seriousness could decided when more than 500 sets of information are acquired. For the accounts on the e-commerce platform are of tens of thousands, the crime could be judged to the thief when stealing the data in the e-commerce information stock.

To be conclude, the stealing of the account information by the thief could constitute the crime of illegal acquisition of the data in the computer information system; the crime of theft could be judged when user’s money deposited in the account is used for much when selling the stealing account information; the crime of trade secret violation could be established when there’s the evidence submit by the e-commerce runner that the losses suffered is more than RMB 500, 000. Despite the crime is different, the thief shall take the criminal liability and the e-commerce runner shall report to the police department at the first time detecting the account stealing to avoid further losses.

Other recommended posts on our website:

1. The Actual Term of Trademark Registration in China
2. How to Apply for the Trademark Record in China Custom
3. How to improve the success rate of trademark registration in China?
4. Matters for Attention in Trademark Refusal Review in China
5. Introduction of China’s Legal System of Trademark Renewal
6. Introduction on the Regulations concerning the Capital Contribution in IPR or Domain Name in China
7. The Copyright Registration in China Could Be FREE?
8. China Copyright Protection Term Longer than EU’s?
9. Matters for Attention in the Patent Preliminary Injunction Application in China(I)

Lawyer Contacts

You Yunting

86-21-52134918

youyunting@debund.com, yytbest@gmail.com

For further information, please contact the lawyer as listed below or through the methods in our CONTACTS.

Bridge IP Law Commentary’s posts, including the comments and opinions contained herein, shall not be construed as the legal advice on any issues related. The contents are for general information purposes only. Anyone willing to quote or refer the posts to any other publications or for any other purposes, no matter there’s benefits gained or not, shall first get the written consent from Bridge IP Law Commentary and used under the discretion of us. As to the application of the reprint permission for any of our posts, please email us to the above addresses. The publication of this post or transmission of it through mail, internet or other methods does not constitute  an attorney-client relationship. The views set forth here are of due diligence, neutrality and impartiality, representing our own opinions only and are our original works.

Short Link: