入侵電腦行為之研究

Abstract

資訊科技在過去十年快速發展，現今人們的生活已變得相當依賴電腦網路。當利用電腦和電腦網路產生與儲存重要資料的機會日漸增加，我們勢必要以更嚴謹的態度來關注資訊安全。入侵電腦，或是說未經授權而存取電腦系統，正是資訊安全威脅中的一種類型。每一台連往網際空間的電腦都有著被入侵的可能，而許多以電腦系統為攻擊標的之電腦網路犯罪通常都涉及入侵電腦的行為。我國業已將入侵電腦之行為納入刑法的規範中，然而由於法律剛制訂公布不久，因此，多數的學者專家都只專注在分析新法的相關規範。本文是第一篇檢視入侵電腦案件中有關實體法規範、犯罪偵查、管轄權與國際合作等相關問題的論文。本文的目的是說明入侵電腦案件中所會面臨的相關問題，指出其重要性並提供一個可以解決的方向。期望本文可以幫助一個全方位防制入侵電腦之機制的產生。 本文以略述資訊安全的定義與需求作為開端，並藉由分析入侵行為說明其如何對資訊安全構成威脅，之後分由三部分進行。本文之第一部份先扼要分析網路犯罪公約第二條之規定，檢視其規範精神並探討其相關問題。本文接著以先前的討論為基礎，分析我國刑法相關條文之訂定雖不失為防制入侵電腦行為的好的開端，但仍存有待解決的議題。本文之第二部分提供一個網際空間中進行犯罪偵查的概觀，說明入侵電腦所造成之科技面的獨特性以及法律面的挑戰，並介紹公約針對電腦網路犯罪所作的偵查程序面之努力。而當電腦網路犯罪之偵查需要跨國蒐集證據時，許許多多的法律面與程序面問題會因而產生，本文在第三部分選擇刑事管轄權與國際合作兩議題進行進一步的探討。 最後，本文以一個防制入侵電腦的機制必須含括國家層面與國際層面作為結論，並提出本文的相關建議。

Information technology has developed rapidly throughout the past decade. People have become heavily dependant upon computer network. With the increased use of computers and computer networks for developing and storing important data, serious attention must be paid to information security. Computer intrusion, or gaining unauthorized access to a computer system, is one category of information security threats. Each computer connecting to cyberspace is susceptible to intrusion and many of computer crimes which target a computer system involve gaining unauthorized access to the target system. Taiwan has enacted criminal laws prohibiting computer intrusion. Since the law is newly-passed, many commentators and scholars only focus on the understanding of the wording of the law. This article is the first thesis to examine the issues and questions covering the aspects of substantive criminal law, criminal investigation, jurisdiction and international cooperation in computer intrusion cases. The goals of this article are to identify the issues of the computer intrusion case, to show its importance, and to offer an approach that can help lead to the solution. My hope is that this article will help to produce a comprehensive mechanism to fight against computer intrusion. This article begins by outlining background of information security and analyzing computer intrusion to show why it is a threat to information security, then proceeds in three parts. Part I of this article briefly analyzes Article 2 of the Convention on Cybercrime, examines the Convention’s mens rea requirements and discusses its problem. Based on the prior discussion, this article argues that, in theory, the newly enacted Taiwan criminal laws may mark a good starting point for combating computer intrusion, but in reality, there still have been a few unsolved issues. Part II of this article provides an overview of crime investigation in cyberspace, the unique technical and legal challenge posed by computer intrusion, and the Convention designed to meet global threat of cybercrime. A variety of legal and procedural issues can arise when the process of investigating cybercrime requires gathering evidence across national borders. This article chooses two issues, criminal jurisdiction and international cooperation, to discuss in Part III. Finally, this article concludes that the mechanism to combat computer intrusion must be designed on both notional level and international level, and offers practical suggestions for consideration.