It is illegal to enter someone else's account password without permission, hack the password to access their computer or related devices, or delete or modify data in someone else's computer without cause. Be very careful!
In this era of rapid development of internet information, communication between people is no longer limited to face-to-face conversations, but increasingly takes place through social media websites and platforms. As a result, almost everyone today has their own social media account and often posts comments or shares experiences on these platforms. This has also led to income from views, as people gain followers and subscriptions, making social media influencers a popular career. However, with this trend, cases of account theft have become more frequent. So, how should people handle such disputes when they arise? What legal responsibility does one have for casually logging into someone else's social media account or altering their password or content?
• Unauthorized access to a computer can lead to serious legal consequences.
The so-called "crime of unauthorized access to a computer or related equipment" is defined in the Article 358 of the Criminal Code, which states that anyone who "inputs another person's account password without authorization, cracks protective measures on a computer, or exploits system vulnerabilities to access another person's computer or related equipment" can be punished with imprisonment for up to three years, detention, or a fine of up to NT$300,000, or both. In addition to the "subjective" intent to unlawfully access someone else's computer or related equipment, this crime also requires an objective act of intrusion. For example:
1. Inputting someone else's account password
The person must be "unauthorized" to log in. Therefore, if the person has legitimate access to the account, such as when an employee agrees to the company setting up an email account for company use in the employee's name, the company personnel are authorized to log into and use that email account. In this case, they are not considered to be "unauthorized" and thus would not be committing the crime of "unauthorized access to a computer or related equipment."
Therefore, even if authorization or consent has been granted, if the person exceeds the scope of authorization or uses improper methods to input false data or unauthorized commands into a computer or related equipment to alter records regarding the acquisition or loss of property rights, it will still constitute the crime. In this regard, court rulings clearly state that the standard for determining "someone else's computer or related equipment" under Articles 358 and 359 of the Criminal Code is whether the person has "usage rights" to the computer or related equipment, not the "ownership" of the computer or equipment. As for the "improper methods" defined in Article 339-3, Paragraph 1 of the Criminal Code, it refers to improper or illegal means. However, the term "improper methods" is not limited to those explicitly defined by law; it includes methods generally regarded as improper according to societal norms and common life experience.
Furthermore, the term "false data" refers to information that is false or inaccurate, and it also includes incomplete data. As for "improper commands," it refers to "illegitimate commands." The term "creating records of the acquisition or loss of property rights" refers to the act of generating records that cause the increase, disappearance, or transfer of property.
With the rapid advancement of computer technology, using the internet to input "false data" or "improper commands" through "illegitimate means" in order to create records of the acquisition or loss of property should certainly be regulated.
Furthermore, using "improper methods" to obtain someone else's property through computers or related equipment is a highly sophisticated criminal act. It is difficult to prevent, causes significant harm, and has far-reaching consequences, making it essential to strictly regulate and punish such behavior.
2. Cracking the protective measures of a computer
If a person uses computer techniques to crack someone else's password or bypass their account passwords, computer security measures, or antivirus software, it also constitutes the crime of "unauthorized access to a computer or related equipment."
3. Exploiting system vulnerabilities to access a computer or computer equipment.
The scope of protection for this crime includes not only "computers" but also "computer equipment" such as hard drives, floppy disks, and optical discs. According to court rulings, for websites that require registration and login (e.g., Facebook), the account holder is the corresponding member who possesses the rights to use the account. Therefore, within the scope of operations permitted by the website, it is considered an extension of the member's computer and thus "related computer equipment." Therefore, unauthorized access to a website that requires a registered member account to log in may constitute a violation of Article 359 of the Criminal Code, which prohibits the "unauthorized acquisition, deletion, or alteration of electronic records from another person's computer or related equipment." If the act causes damage to the public or others, the person may face imprisonment for up to five years, detention, or a fine of up to NT$600,000, or both.
Furthermore, Article 10, Section 6 of the Criminal Code stipulates that "electromagnetic records" refer to records made by electronic, magnetic, optical, or similar methods, which are intended for processing by a computer. As for the term "without cause" in Article 359 of the Criminal Code, it refers to the lack of a "legitimate authority" or "justifiable reason." The term "acquire" refers to using computers or other technologies to transfer another person's electromagnetic records to one's own possession, while "alter" refers to changing the original content of another person's electromagnetic records.
Considering that the legal interest protected by Article 359 of the Criminal Code is to maintain the order of electronic property, it is not limited to actual economic harm caused to the public or others. As long as important information in a computer is acquired, lost, or altered, it is sufficient to determine that the computer user has suffered significant damage, thus constituting the offense.
Therefore, whether it is unauthorized input of someone else's account password, cracking the computer's protective measures, exploiting system vulnerabilities to access someone else's computer or related equipment, or unlawfully deleting or altering someone else's computer data after logging into their computer, all of these actions are illegal.
• Even if authorization was given, it does not mean one can act without restraint.
Just because one was once authorized, does it mean they can act as they wish?
Since the court ruled that an employee no longer had the right to use or manage the company's email or server after leaving the company, if the former employee logs into the company's email or server without the company's consent, adds an administrator, or modifies the logs, this behavior meets the criteria for "without cause." Furthermore, because their actions caused security vulnerabilities in the server and related equipment, resulting in damage to the company, it constitutes the crime of "unauthorized access to another's computer or related equipment" under Article 358 of the Criminal Code. If the emplovee then deletes or alters computer records, this also constitutes the crime of "unauthorized alteration of electronic records" under Article 359 of the Criminal Code.
For example, in a court ruling, a person named X used A's Facebook account and password to log into A's webpage, posted nude photos of A, and then changed the password, preventing A from logging in. These actions constituted the crimes of "unauthorized access to another's computer" under the Article 358 and "unauthorized alteration of another's electronic records" under the Article 359 of the Criminal Code.
Additionally, the Article 360 of the Criminal Code stipulates: "Anyone who unlawfully interferes with another's computer or related equipment using computer programs or other electromagnetic means, resulting in harm to the public or others, shall be sentenced to up to three years in prison, detention, or a fine of up to NT$300,000, or both." Therefore, if an individual uses a program or other electromagnetic means to interfere with another's computer equipment, causing damage to others or the public, it constitutes the crime of "interfering with a computer or related equipment.”
As for the term "computer interference," according to court rulings, it refers to actions that "do not cause permanent damage but only temporarily disrupt the function of a computer or network. Once the source of interference is eliminated, the computer system or network can resume normal operation."
It is important to note that the Article 363 of the Criminal Code clearly states: "The offenses under Articles 358 to 360 require a complaint to initiate prosecution." The complaint-based prosecution means that the prosecution can only proceed if the person with the right to file a complaint pursues legal action, thus allowing the subsequent legal process and accountability.
In short, for certain criminal acts, if the victim or other persons with the right to file a complaint choose to pursue the crime, the prosecutor cannot initiate a prosecution, and the court cannot judge the case. This is what is referred to as the complaint-based prosecution offense.
As for offenses that are not complaint-based prosecution, it means that regardless of whether a legitimate complaint has been filed, the prosecutor has the authority to file charges. Additionally, for complaint-based prosecution cases that have been filed with a legitimate complaint, once the prosecutor initiates an investigation, it does not mean that the prosecutor must necessarily prosecute the defendant just because the victim has filed a complaint.
Due to the varying nature and severity of personal computer violations, if the victim has no intention of filing a complaint, or agrees to and cooperates with the investigation, it may be difficult to achieve effective investigation results. Adopting a "complaint-based prosecution" system aims to help resolve disputes and reduce litigation sources, while allowing the country's limited investigative and judicial resources to be focused on more serious crimes and preventive measures.
In conclusion, computers and social media platforms have become important communication tools in daily life, and the public's dependence on them continues to grow. When critical information in computers or websites is accessed, deleted, or altered, it can harm the computer user, making the protection necessary.
In addition, given the rapid development of communication software and social platforms, the public should have awareness and take actions regarding information security. At the very least, they should remember to change passwords regularly, avoid clicking on unknown links, and refrain from logging into their accounts on insecure networks, in order to ensure the safety of their accounts and passwords and to prevent malicious individuals from exploiting vulnerabilities.
請參閱《美魔女律師教你生活不犯錯》 86-92頁