The article was written by Dr. iur. Dr. rer. pol. Fabian Teichmann in collaboration with Léonard Gerber and published in the professional journal "Jusletter" in 2021. The digital transformation is permeating our society and opening a path to a sustainable economy. This is also called the fourth industrial revolution and has an impact on the daily lives of citizens. Communication takes place via emails or WhatsApp messages, meetings with friends take place on Facebook or via Zoom, photos and videos are published on Instagram, trade is conducted via online platforms and payments are made via online banking. However, since the development of information technology, many fraudulent behaviors have occurred, some of which fall within the scope of computer criminal law. The difficulty of criminal classification of these behaviors lies in the simultaneous commission of multiple crimes in the form of ideal bankruptcy. This concerns crimes committed over the Internet, such as ransomware, identity theft, hacking, malware distribution, DDoS attacks, cyber fraud, crimes related to cybersex, unfair competition in cyberspace, and phishing. The Council of Europe adopted the Budapest Convention on Cybercrime, which was concluded on November 23, 2001, and is the first international convention to combat cybercrime. Interestingly, the 65 States Parties in 2021 include non-Council of Europe member states that have ratified the Convention, such as the United States, Japan, Australia, or Canada. The Convention and its States Parties thus recognize the need to address cybercrime globally, which may go beyond the limited jurisdiction of a single jurisdiction. The main objective of the Convention is to commit the States Parties to a common criminal policy in order to protect society from crime in cyberspace by adopting legislation and strengthening international cooperation. Swiss criminal law already covered most of the crimes related to cybercrime. Cybercrime can be divided into two categories. The first category includes crimes against Internet infrastructures such as computers, connectivity, programs or generally the IT support of the victims. Examples include hacking, DDoS attacks, sharing malware (viruses, Trojans, etc.). The second category includes crimes committed over the Internet, such as racial discrimination, copyright infringement, unfair competition, or phishing. Crimes related to the Internet also have a transnational dimension, as they are not limited to a single jurisdiction. Swiss criminal law sanctions such abusive conduct only selectively. Phishing can involve multiple offenses under Swiss criminal law in the form of an ideal bankruptcy. Phishing is a fraudulent technique of obtaining personal information, usually in connection with banking transactions, in order to commit property crimes and identity theft. Article 143bis of the Swiss Criminal Code (SCC) is the legal norm of Swiss criminal law that punishes hacking, i.e., unauthorized access to a computer system. First, this norm protects computer systems that belong to others and are specifically protected from unauthorized interference. Computer systems include computers, cell phones, digital cameras, and any data preparation equipment. It does not apply to tampering with data media such as USB sticks, CDs, DVDs or floppy disks, unless they are connected to a protected computer system. The data itself is not protected by Art. 143bis Swiss Criminal Code, but by Art. 143 Swiss Criminal Code, which makes the theft of data punishable. In order to determine whether a computer system is specifically protected, the intention of the person authorized to access it must be examined in order to prevent third parties from accessing their data or restricting access. This criterion is met if, for example, IT protection measures such as antivirus software, access code or password, encryption, or biometric key are used, but not if there are only physical barriers to protect the computer system, such as a locked room or sealed cabinet. Second, the standard protects against unauthorized access using a data transmission device. The crime is fulfilled as soon as the perpetrator overcomes the first access barrier, such as the code, password or biometric key of the protected computer system.
About the author: Fabian Teichmann is a lawyer in Switzerland, a notary in St. Gallen, a European lawyer in Liechtenstein, and a management consultant at the international level. He is also a lecturer at various universities in Switzerland and abroad.
For more on this topic, see Teichmann, F. & Gerber, L. (2021). Cybercriminalité en Suisse: Le phishing. Jusletter. May 27, 2021. https://doi.org/10.38023/9312a9a4-1c0e-4225-b305-c06305b59df4.