- Página Inical
- Denunciando
- Divulgando
- Noticiando
- Doando
- Traduzindo
- Programando
- Pesquisando
- Conscientizando
- Reivindicando
| Texto do Projeto (última versão) | Texto da Convenção contra o Cibercrime (Budapeste/01) | Comentários | |
|---|---|---|---|
| Adding of new offenses under Brazilian Criminal Substantive Law: Non-authorized access to a computer network, communication device or computer-related system Article 154-A. Accessing any computer network, communication device or computer-related system, without the owner's authotization, whenever it is required. Sanction: prison [reclusion], from 2 to 4 years, and fine. 1st paragraph: Such penality also applies to those who permit, enable or provide means to a non-authorized person of practicing remote computer network communication device or computer-related system accessing; 2nd paragraph: Suing is only possible by means of "representating" [1], unless crimes is commited against the Brazilian Federal State Union, Brazilian States, municipalities, companies that work for the Brazilian State or Brazilian State companies; [2] 3rd paragraph: penalty is increased by 1/6 if the person uses fake name or ID of somebody else; 4th paragraph: There is no crime when the person access for digital defense, unless there is purpose deviation. [1] in accordance with Brazilian Federal Substantive Law, public attorney service start a law suit with [2] in accordance with Brazilian Federal Substantive Law, for some crimes, Public Attorney Service can only start a law suit after receiving a crime report from a concerning party |
Article 2 - Illegal access Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system. |
The language modification of the draft's prior version, from "improper access" to "non-authorized access", as well as "improperly" to "without the owner's authorization, whenever it is required", improved significatively the provision as noticed that the prior one was inexact and unprecise. By other side, it should be noticed that is absolutely fearess and unaceptable the open possibility to "technical agents or capable profesionals" practicing crime as a "digital defense" behavior. The head of the Federal Constitution's 5th para. secures the right of equality of all citizens under the law, which would be violated whenever the might of practicing some ofence (non-authorized telemathic data interception, in accordance with article 10 of Federal Law nº 9.296/96 and the Arbitrary Exercise of Oneself's Own Reasons concept as shown on article 345 of Brazilian Penal Code) in prejudice of others was given to those with technical training. That's absolutely unconstitutional and gives raise to establishment of private ilegal data interceptation without previous court authorization, and creates dangerous circumstances, thus those agents (to be also private organizations' employees) could become able to crack into third-person systems by coming up with any security allegation. This could create a true "Technocracy" in Brazil. In compairison, it would be the same as granting the private security agents the permission to violate residences in order to verify if the resident has practiced any offensive condut against their Employer's interests. The law enforcement prerogatives should be binded and therefore controled by Public Authorities. Click here to know more about possible practic results on the approval of this Bill's proposition. Read more about "hacktivism" by clicking here. In conclusion, it is sugested to eliminate 4th para. and modify the head provision and other paragraphs in order to adequate them to the Budapest Convention and require that the infraction shall be commited with security mesures violation, intending to gather informatic data or any other ilegal intention especified and provided on draft's text. |
|
| Adding of new offenses under Brazilian Criminal Substantive Law: Gathering, maintenance, transporting or non-autorized providing of electronic, digital or similar information Article 154-B: Gathering data or information available in computer network, communication devide of computer-related system, without the owner's authorization, whenever it is required. Sanction: prison (detention), from 2 to 4 years, and fine. 1st paragraph: Such penality also applies to those who carry, transport or provide data or information gathered by the same circustances described at the article 154-B, or use it after the end of the fixed or authorized term; 2nd paragraph: Provinding data or information gathered with owner's authorization to third-person by means of computer networks increases the penality by 1/3 over itself.; 3rd paragraph: Suing is only possible by means of "representating" [1], unless crimes is commited against the Brazilian Federal State Union, Brazilian States, municipalities, companies that work for the Brazilian State or Brazilian State companies. [2] [1] in accordance with Brazilian Federal Substantive Law, public attorney service start a law suit with [2] in accordance with Brazilian Federal Substantive Law, for some crimes, Public Attorney Service can only start a law suit after receiving a crime report from a concerning party |
Article 3 - Illegal interception Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system. |
The prior article comments apply to this one. The provision has become more exact when replacing the expression "improperly" as shown on the Draf's prior version. However, the same wrong permission to technicians and digital security agents on practicing crime without liability, justified by self-interest or their Employer's. As disposed above, the self-defense right must be the same for all, as well as the applicable sanction for practicing the infraction. It is to the State, and only the State, to utilize its law enforcement authority. It must be noted that the Convention on Cybercrime, on its first lines as well as in all its provisions, stresses the general concept that all legal dispositions stablished by State members must respect human rights and fundamental freedoms of citizens, including the right of privacy and intimacy, mentionning several international conventions that garantee those rights. This provision would also address, by means of literal concepts, several negotial models sustained by Finantial and Economic Market. Click here to read an interesting article on addware/spyware and here to read about Windows WGA and privacy violation. Additionally, ordinary practices from world web users, as acquisition, by means of eletronic device (download), of texts, songs and videos converted to digital formats, become punishable with unmesured strictability. If the information is redistribuid after being obtained, as it normally happens on Peer-to-Peer network and bittorrent protocols, used by popular sharing programs as Emule, Kazaa, Donkey, Azureus, as others, the penality is increased on 1/3. Carrying those information by using eletronic device (CD, DVD, any data-storage device, as external Hard drive or pendrive, any music player device - mp3 player, or yet any portable computer HD) results at the same strictability. This arbitrarity decisions frightens society as much as those United States Customs practices, in which agents open and review suitcases in order to find and arrest for indetermined time any data transportation device (laptops, CDs, DVDs, mobil phones or music players) with non-authorized content. Read more about this on this link. The conceiving as crime, with strong sanction, on carrying non-authorized information, or its obtainning at the same circumstances give the Brazilian Police agents the right of reviewing eletronic device in search of those informations, without previous court authorization. |
|
| Adding of new definitions under Brazilian Criminal and Civil Substantive Law: Communication device, computer-related system, computer network or digital defense Article 154-C: For liability purposes, it is considered: I - Communication device: computer, mobile phone, data processor, data storage device, data capturing device, receivers and conversors of radio signal or digital television or any other means of processing, storing, capturing or sending data using optic, magnetic or any other electronic, digital or similar technology; II - Computer-related system: computer network suplies, wired or wireless, telephonic network, tv network, database, softwares or any other system able to process, capture, store or send data electronicly, digitally or by some other means; III - Computer network: physical and logical instruments by which it is possible to change data and information, and to share ressources between units, represented by the complex whole of computers, communication device or computer-related system, under the same rules, parameters, codes, formats and other information gathered in protocols, at a local, regional, national or universal topologic level; IV - Digital Defense: handling of malicious code by technical agent or qualified professional, for own profit or of its proposer, and without risk for third-person, by a documented and technical way, preserving the chain of safekeeping, in course of related procedures, for vulnerability test, reply the attack, frustrate the invasion or fraud, protection of the system, defensive interception, attempt of identification of the aggressor, computational forensic and general practice of information security; V - Malicious Code: the bunch of instructions and tables of information, software or any other system able of executing sequence of operations which result in an dammage action or undue obtention of information against third-person, in a furtive or hidden way, appearing to be a normal course action; VI - Computerized Data: any representation of facts, information or concepts in a way susceptible of being processed in a computer network or communication device or computerized system, including any software able to make a computer-related system executing a function; VII - Traffic Data: all the computer-related data concerning communication performed by means of computer network, communication device or computerized system, created by them as an element of a communication chain, indicating communication origin, destination, way, time, date, size, duration or kind of subjacent service. |
Article 1 - Definitions For the purposes of this Convention: a) "Computer System" means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data; b) "Computer Data" means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function; c) "service provider" means: (i) any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and (ii) any other entity that processes or stores computer data on behalf of such communication service or users of such service. d) "traffic data" means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication's origin, destination, route, time, date, size, duration, or type of underlying service. |
The definitions addressed on project remain confusing as not atempting to create concepts, but relations that are not defined, and adopting hollow terms as "or similar", or even "or any other technology". This kind of language is unusuable as criminal provision, whose scope must be restrained and restrictably interpreted, in accordance with Criminal Law fundamental principles, that rule the Criminal Law as the one that requires precise description of criminal ofence in order to avoid its unmesured wide application. The provisions' fair concern in avoiding that new technologies make the Legislation become obsolete was addressed by more effective means on the Convention on Cybercrime, as not including techonologies' names and oppening the provision's scope as much as possible. The provided Convention's definition, smartly opens the scope of "computer network" for "Computer System". The same should occur at this draft, once the computer network is, in fact, a computer-related network. Clarifying this concept, the Convention establishes that "'computer system' means any device or a group of interconnected or related devices". It should be noted that the definitions of "computer data" and "traffic data" are no more than the own Convention ones, although they were spoiled by the confusion raised on the definitions of "communication device", "computer-related system" and "computer network". On this case, the Convention's simplicity turns more effective and precise. Is should be noted also that, regarding the hereinafter exposed, the definition of "digital defense" must be eliminated, thus it atempts to creat a special citizen category - the computer agents and technicians - enabling them to practice infraction under the allegation of their security or their Employer's. Must be finally taken into account that it would be more logical to the definitions to antecipate the articles in which those are mentioned. Thus, article 154-C should become article 154-A. |
|
| Adding of new offenses under Brazilian Criminal Substantive Law: Malicious Code Diffusion Damage for electronic, digital or similar malicious code diffusion Article 163-A. To create, insert or spread malicious code through a communication device, computer network or computerized system. Sanction: prison (reclusion), from 1 to 3 years, and fine. Qualified damage for electronic, digital or similar malicious code diffusion 1st paragraph: If the crime is commited in order to destroy, make useless, deteriorate, change or make the operation difficult, or operation non-authorized by the owner, of communication device, computer network or computerized system: Sanction: prison (reclusion), from 2 to 4 years, and fine. Diffusion of electronic, digital or similar malicious code followed by damage Par 2º -2nd paragraph: If the crime results in destruction, deterioration, change or make the operation useless or difficult, or the operation non-authorized by the owner, of a communication device, computer network or computer-related system, and the circustances show that the person did not want the result and did not assume the risk or product it: Sanction: Prison (reclusion), from 3 to 5 years, and fine. 3rd paragraph: The sanction is increased by 1/6 if the agent uses fake name or fake ID of third-person to commit the crime. 4th paragraph: There is no crime when the action is for digital defence, unless there is purpose deviation. Malicious code diffusion Article 171-A. To spread, by any way, software, instructions or computer-related system in order to induce to error or, by any undue way, induce someone to provide, spontaneously or by any other way, data or information which make easier or allow the undue or unauthorized access the a computer network, communication device or computer-related system, gaining illicit advantage, in somebody's else prejudice. Sanction - prison (reclusion), from 1 to 3 years. 1st paragraph: The sanction is increased by 1/6 if the agent uses fake name or fake id of third-person to commit the crime. 2st paragraph: There is no crime when the action is for digital defence, unless there is purpose deviation or excess. |
Article 6 - Misuse of devices 1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right: a) the production, sale, procurement for use, import, distribution or otherwise making available of: (i) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5; (ii) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and b) the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches. 2. This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system. 3. Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article. Article 8 - Computer-related fraud Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the causing of a loss of property to another person by: a) any input, alteration, deletion or suppression of computer data; b) any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person. |
As long as the text has already been adjusted on other articles, we beleive that the expression "improper access", used on article 171-A, is a mistake which must be retified. Moreover, it seems that article 171-A contains the head of article 163-A. Article 163-A, paragraph 2, cannot subsist, since it considers as a crime the non-intentional act of spreading malicious code, independtly . Actually, if it does persist, a person can commit the crime even if he/she doesn't know that his/her computer is infected by a virus. It's important to notice that not only on this article, but on the all the others indicated by the Convention on Cybercrime, there is an express recommendation to consider as a crime only the intentional and illegally actions. Thus, it is necessary to identify the intention of the agent. It's not possible to justify the insertion of the "non-intenational" modality in reason of "due prudence", because no prudence will be enough to users to prevent themselves from attacks known as "zero day exploits". An occasional non-intentional crime goes against the recommendation of Convention on Cybercrime and could create a sui-generis situation, in which users could become victim and criminal at the sime time. In accordance with 2006 reports on Cybercrime, either FBI's or from a computer security leader Company's , this type of attack has grown up widely in 2006, becoming a new branch of organized crime and exposing 9 of 10 users, binded to a restrictive negotial model concerning their options. Click here to read an analysis on the theme. Analising the question also under comparative law, it's possible to verify that Law has been treating differently users and monopolist providers concerning liability for digital crimes. If you want to read more about it, click here (in portuguese). |
|
| Adding of new definitions under Brazilian Criminal Substantive Law: Article 183-A. For criminal effects, data, information or information unit in electronic, stored data base, communication device, computer network, computer-related system, password or any other instrument which allow the acess to them are considered as things. |
Não há equivalente na Convenção de Budapeste | Data cannot be considered as thing, because since it refers to personal and individual information it is also linked to personality, and, therefore, protected by article 5 (lines X e XII) of Brazilian Federal Constitution. Brazilian civil law treats differently "personality rights"; and "law of things". Thus, comparing data to things must exclude personal information and data. Furthermore, as data is a "simbolic good" and thing is a "presumably material good", put one on the level of the other will cause some interpretation problems, such as some concepts related to property in brazilian law, as well as some procedure provisions, such as rules of proof admissibility. |
|
| Adding of new obligations under Brazilian Criminal and Civil Substantive Law: Article 21. The responsible for providing the access to a computer network is obliged to: I - keep in a controled and safe environment, conexion data performed by his equipment, able to identify the user and the origin electronic address, the date, the starting and ending time and GMT reference of the conexion, for 3 years, to provide the proving elements essential to identify who was connected to the computer network; II - make available to the authority, by express judicial authorization, data and information mentioned previously (I), throughout technical auctioning to which they are submitted; III - provide, by express judicial authorization, throughout the investigation, the performed conexion data and user identification data; IV - securing for instance, after court order, in curse of investigation, established-conection data, user-identification data as well as communications performed on that investigation, applying for criminal and civil liability in order to maintain absolut confidenciality and security; V - reporting, confidentially, to the law enforcement authority, known notice which contains criminal-behavior evidences through computer network under their responsibility; VI - informing the users that the use of that network is held under Brazilian Law and that any communication performed on its system will be conceived as the user's exclusive responsibility; VII - alerting their users by means of periodic campaigns concerning the criminal use of computer network, communication device and computer-related system; VIII - publishing, to their users, in distinguished place, good security manners at using computer network, communication device and computer-related system; 1st Paragraph: Connexion data performed through computer network, able to identify the user, its surveillance security conditions, auctioning to which they will be submitted, the competent authority responsible for the auctioning and text to be informed to users of their computer network will be found in the concerning regulation. [ to be fixed by the Federal Government, without Congress submission and approval ] 2nd Paragraph: Data and procedure under the line I of this article should be under the provisions of the lines II, III and IV within 180 days, from the adoption of this law. 3st Paragraph: The responsible mentioned on the head of this article that does not respect the rule on para. 2, independently of refounding on loses and damages to the impaired one, will be susceptible to be fined from R$ 2.000,00 (two thousand reais) [ aprox. US$ 1,000 ] to R$ 100.000,00 (one hundred thousand reais) [ aprox. US$ 50,000 ] on each verification or request, duplicated in case of reincidency, provided under administrative procedure by unattended law authority, taking in account the nature, the seriousness and the damage resulting from the infraction. 4th paragraph: Financial resources obtained from fines established on this article shall be addressed to the Public Security National Funds, in accordance with Law 10.201 (14th February 2001). |
Article 16 - Expedited preservation of stored computer data. 1. Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification. Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the personn's possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed. 3. Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law. 4. The powers and procedures referred to in this article shall be subject to Articles 14 and 15. Article 17 - Expedited preservation and partial disclosure of traffic data 1. Each Party shall adopt, in respect of traffic data that is to be preserved under Article 16, such legislative and other measures as may be necessary to: a) ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and b) ensure the expeditious disclosure to the Partyy's competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted. 2. The powers and procedures referred to in this article shall be subject to Articles 14 and 15. Article 18 - Production order 1. Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order: a) a person in its territory to submit specified computer data in that personn's possession or control, which is stored in a computer system or a computer-data storage medium; and b) a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider's possession or control. 2. The powers and procedures referred to in this article shall be subject to Articles 14 and 15. 3. For the purpose of this article, the term "subscriber informationn" means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established: a) the type of communication service used, the technical provisions taken thereto and the period of service; b) the subscriber's identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement; c) any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement. |
Convention on CyberCrimes and ISP obligations Convention of Cybercrime was placed as parameter for Senator Azeredo's bill, to harmonise brazilian legislation with european one, giving to Brazil the vanguard position at this concern. However, persuant to ISP obligations, the bill establishes obligations which do not exist in the Convention, causing a disequilibrium in relation to the rest of the text. Users Identification At line I, ISP undertakes the obligation to preserve conexion data "able to identify user and origin's electronic address", as well as some other data. However, it's possible to verify that this obligation does not exist in the Convention. Actually, article 17 of Convention on Cybercrime stipulates that ISP should preserve a "sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted". Thus, it does not concern user's data but data which make it possible to track the communication. Article 18 stipulates that, by court order, service provider should furnish data related to users of their services. Afterwards, it defines "data related to users" as any information related to users which are not either traffic data or user's content, and that can define (a) kind of communication service and technical mesures used, as well as service time; and (b) ID and home or postal address, telephonic data or any other way to access the user, data refering the issue of invoices and payments "available as a base to the contract or service deal"; or (c) any other information concerning location of communication equipment, avaible as a base to the contract or service deal..” Therefore, we can see that the ISP is not obliged to assure that the data is able to identify the user. Actually, their obligation is very different: to provide traffic data able to track commuication data used (article 17) and provice available data, contained in the contract, to make it possible to identify and locate the user or communication device. The obligation is to provide avaible data, helping the investigation, and not assuring veracity of data, what would imply in the necessity of making the cadaster in the presence of the user or the use of digital certificate, as it was stipulated in the previous bill. It is remarkable that if each computer network had to assure the veracity of user data, internet browsing would become impossible, since each time the user would have to prove his identidy each time he access a site or use a service. There is no precedent in the would. And there won't be, as internet main caracteristic is adaptability – and unforeseeability – of data course. Technical Audit Both brazilian law and Convention on Cybercrime stipulate that the supply of information depends on court order. Suggesting the creation of an institution charged of auditing private data (as well as traffic, informatic and user's data) violates Brazilian Federal Constitution, which guarantees privacy and intimacy for everybody. Creating the "Orwell's institution"; and the definition of "digital defense"; seem to be the confirmation that the bill gives to people who know information techology more power than to the other citizens. (Click here to read a text in portuguese about "Orwell's digital defense"). It's also remarkable that article 18, which defines the obligation of providing user's data, stipulates that article 14 and 15 (fundamental rights, like privacy and intimacy) shall be also respected. Traffic data storage term The Convention stipulates a term of 90 days, as a maximum (and non minimum) to data storage. ISPs afirm that storage for 3 years of any conexion data, including e-mail and spam, would imply high costs, and this would endanger the industry. Alternately, ISP consider acceptable a term of 6 months and 3 years for the storage of especific data, under authority requirement. Safernet Brasil, on the other hand, defends general storage of data by ISP for a minimum term of 2 years and maximum of 3 years, according to international practice in Europe and USA and to investigation and execution of letter rogatory in Brazil. Reporting crimes and evidences This line is inspired in the 2nd clause (line g) of a deal made by São Paulo's Public Attorney and main ISPs. It stipulates that the ISPs shall report to the public attorney, as soon as they know, that child pornography content or hate discriminating content is stored by their users. The deal does specify which law and articles are violated by these conducts. The bill, however, does not specify which law is violated, as the deal with the Public Attorney did (chid pornography and hate crimes). Therefore, it extended the aim of the provision to cover any evidence of crime. This article may be understood as creating an obligation to ISPs concerning all the crimes stipulated by brazilian law (more than 600). This can be also used by associations, companies and copyrights owners to require data and information about users who share audio and video content (like MP3), as an action related to "fear marketing" in course in Brazil and in the world. Fine Imposing on providers fine for inobservance of the provision in article 21 shall occur ponderating the elements above, especially denial of providing data, not assuring of its veracity, as well as the storage data. |
|
| This is non-official version of text. Red marks are Safernet notes. |
| Número | Artigo da Convenção de Budapeste | Justificativa da ressalva, reserva e/ou declaração | |
|---|---|---|---|
| (1) | Artigo 2 - Acesso Ilegítimo | Exige a intenção de obter dados informáticos. | |
| (2) | Artigo 6 - Uso Abusivo de Dispositivos | Exige determinado número de elementos para que seja configurada a responsabilidade criminal | |
| (3) | Artigo 7 - Falsidade Informática | Exige intenção de fraude para que seja configurada a responsabilidade criminal | |
| (4) | Artigo 27 - Procedimentos Relativos aos Pedidos de Auxílio Mútuo na Ausência de Acordos Internacionais Aplicáveis | Os requerimentos deverão ser encaminhados para a "autoridade centrall" para assistência mútua | |
| (5) | Artigo 4 - Interferência em Dados | Exige que a conduta resulte em dano grave | |
| (6) | Artigo 6 - Uso Abusivo de Dispositivos | Exclui do rol de artigos apontados neste dispositivo os artigos 4 e 5 | |
| (7) | Artigo 9 - Infrações Relacionadas com Pornografia Infantil | Se reserva ao direito de aplicar o disposto no parágrafo 2, item (b) e (c), em consonância com os conceitos estabelecidos na Constituição dos Estados Unidos. (Deve ser observado que o artigo 42 só possibilita reserva em relação ao parágrafo 4 do artigo 9) | |
| (8) | Artigo 10 - | Impõe outra medida que não a responsabilidade criminal aos parágrafos 1 e 2 do artigo 10. (Deve ser observado que o artigo 42 só possibilita reserva em relação ao parágrafo 3 do artigo 10) | |
| (9) | Artigo 22 - Competência | Se reserva ao direito de não aplicar, em parte, o disposto no parágrafo 1, item (b) e (c), limitando o número de infrações a serem assumidas. (Deve ser observado que o artigo 42 só possibilita reserva em relação ao parágrafo 2 do artigo 22) | |
| (10) | Artigo 41 - | Assume as obrigações do Capítulo II respeitados os Princípios Fundamentais do Federalismo | |
| (11) | Artigo 24 - Extradição | Não designa responsável por extradição, assim como prevê tal artigo. (Esta opção não está expressa em nenhum artigo da Convenção) | |
| (12) | Artigo 27 - Procedimentos Relativos aos Pedidos de Auxílio Mútuo na Ausência de Acordos Internacionais Aplicáveis | É designada como "autoridade centrall" para assistência mútua o "Office of International Affairs, United States Department of Justice, Criminal Division, Washington, D.C., 205300". | |
| (13) | Artigo 35 - Rede 24/7 | É designada como ponto de contato, nos termos deste artigo, a "Computer Crime and Intellectual Property Section, United States Department of Justice, Criminal Division, Washington, D.C., 205300". | |