What laws did Ma, a graduate of the National People's Congress, commit?, Imitate Zuckerberg Network | Data | Zuckerberg
On July 3rd, the official Weibo account of the Haidian District Public Security Bureau of the Beijing Municipal Public Security Bureau announced that the Haidian police immediately launched an investigation into the situation of "some student information of Renmin University of China being illegally obtained" upon receiving a report. After investigation, the suspect Ma is suspected of illegally obtaining personal information of some students at the school and other illegal criminal activities. At present, Ma has been criminally detained by the Haidian Public Security Bureau in accordance with the law, and the case is under further investigation.
According to media reports, Ma stole student information from Renmin University mainly to "score" the appearance of students on his website. Many people remember that Facebook founder Zuckerberg had a similar operation during his college years. What laws have been violated by this behavior?
How many crimes can Ma's actions involve?
According to relevant media reports, during his master's degree at Renmin University of China, Ma used professional skills to steal personal information of all students, including photos, names, student numbers, hometowns, birthdays, etc., and built a website to rate the appearance of students at the school. A screenshot from the internet shows that the student has even posted a dynamic on their personal social media account to show off this matter. This update was released in October 2020, but the relevant content on its social media account has now been cleared.
Some netizens have suggested that during his university years, Zuckerberg also stole student information from his alma mater Harvard for image evaluation, but only received disciplinary action from the school. But analysis suggests that Zuckerberg's behavior occurred more than 20 years ago in the United States, when the value and volume of information data could not be compared to today, and the severity of the consequences of information loss could not be compared.
Zhao Hongyu, a senior engineer engaged in network security research and application and the chief engineer of Zhongke Ruiyan Technology Co., Ltd., stated in an interview with China News Service Guoshi Zhitong that using software viruses such as "worms" to invade the network system of Renmin University not only leads to the serious consequence of a large amount of personal information leakage, but also has the possibility of losing control of this Trojan virus. If it causes system paralysis, collapse, and even the leakage of confidential high-tech data and achievements, its harm is unimaginable.
The Criminal Code of our country has a clear definition of such illegal acts. According to current public information, there are three suspected illegal behaviors by Ma in this incident:
1. the use of suspected "worms" and other Trojan tools to steal personal information within the University of the people's system;
2. posting illegally obtained information on the Internet;
3., the personal photos involved in the information are "evaluated".
Xiao Yi, a criminal expert, professor of the Law Department of Capital Normal University, and part-time lawyer of Beijing Guanheng Law Firm, said in an interview with China News Agency Guoshi Express:
The act of illegally obtaining personal information of citizens and making it public online meets the requirements of "illegally obtaining personal information of citizens" and "providing personal information of citizens to others in violation of relevant national regulations", and is in line with the characteristics of the crime of infringing on personal information of citizens;
Invading computer information systems or using other technological means to obtain data stored, processed, or transmitted in the computer information system may result in the crime of illegal intrusion into computer information systems or illegal acquisition of computer information system data.
In general, there is a possibility of multiple offenses being committed due to the same behavior. According to the principle of imaginative competition, a felony is generally chosen, that is, a criminal act that meets the requirements of multiple offenses is determined according to the name of the most serious crime among the constituted offenses.
Xiao Yi also stated that those who intentionally create and spread destructive programs such as computer viruses, which affect the normal operation of computer systems, and have serious consequences - for example, in the process of committing a crime, if the use of viruses or other tools or intentional damage to systems, data, etc. causes serious consequences such as system "paralysis" or important data being tampered with or lost, there is a risk of constituting a more serious crime of damaging computer information systems, that is, imprisonment of not more than five years or criminal detention; Those with particularly serious consequences shall be sentenced to fixed-term imprisonment of not less than five years. This behavior is different from the act of infringing on the personal information of citizens, and generally involves multiple crimes and punishments.
As for whether Ma's evaluation of someone's "appearance" constitutes the crime of insult, Xiao Yi believes that if the complete disclosure of photos and information that can effectively identify the other person is made, and the so-called "evaluation" of someone's appearance is carried out with "defamation", "satire", and "insult" characteristics, resulting in damage to the victim's reputation and other aspects. If the circumstances are serious, in addition to constituting the first two charges mentioned above, there is also a risk of constituting the crime of insult. This is another behavior besides illegally obtaining and providing information, which is likely to result in multiple crimes and punishments.
How to prevent data information from being stolen?
According to relevant reports, Ma's illegal access to information within the Renmin University network system was completed around 2020 or even earlier, and was only recently exposed on the internet and gained attention.
Zhao Hongyu stated that the promulgation and implementation of three fundamental laws in the field of network data security, namely the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, marks a new stage in the development of digital applications and data. As the core of the national basic scientific research field, universities should establish a security guarantee system centered on personal information protection and data.
Zhao Hongyu said that network data processors should fulfill their data security protection obligations on the basis of the network security level protection system, carry out data classification and classification protection work, establish important data protection directories, create a network data security monitoring and early warning system, build accurate network data security management and risk prevention measures, and prevent the misuse of personal information and university data.
One is to accelerate the construction of the data security management capability system, build a "measurement and balance" for data security protection, improve the division of responsibilities of network data security management organizations and various business departments through the establishment of regulations, gradually form a set of data security system such as management methods, normative requirements, and implementation guidelines, strengthen communication and cooperation among various organizations, and improve the comprehensive management level of data security.
The second is to clarify the network data processing activities of important information systems, understand the "data security background", form a data asset protection directory, establish a data asset security protection list, and consolidate the work foundation.
Thirdly, with data assets as the core, we will explore the formation of a network data security risk monitoring and early warning system, and develop the ability to collect, store, use, process, transmit, provide, and disclose important information systems throughout the data lifecycle. This will enable us to monitor the security risks of abnormal operations, unauthorized access, abnormal account usage, abnormal interface calls, as well as the transmission of sensitive personal information and cross-border data flow, in order to prevent and resolve major network data security risks and contain major network data security incidents.
Without cybersecurity, there would be no national security. Zhao Hongyu believes that maintaining cybersecurity not only requires relevant responsible units to further carry out network security protection work such as monitoring, protection, and scientific disposal under the premise of fulfilling their responsibilities in accordance with the law. For the selection and cultivation of high-end network technology talents, it is also necessary to pay attention to both moral integrity and talent.