Octopus Cybercrime Community

Ukraine adopted a specific Cybercrime Law that is incorporated in the Criminal Code of Ukraine (mainly Section XVI Art. 361-363) and Criminal Procedure Code. The mentioned incorporation was done after the Ratification of the Budapest Convention in 2006.

In terms of substantive law provisions corresponding to Budapest Convention provisions are:

Articles 2-6 of the BCC (c-i-a offences) are implemented, however definitions of acts are split between several Articles and some elements are missing;

There are only general definitions of forgery and fraud – no computer data elements (Art. 7-8 BCC);

There is a general implementation of child pornography offences but several definitions are lacking (Art. 9 BCC);

General provisions are used for IPR offences (Art. 10 BCC);

There are concepts of attempt, aiding and abetting implemented (Art. 11 BCC);

No corporate liability provisions are foreseen (Art. 12 BCC)

Substantive measures are implemented through the following provisions in Ukranian legislation:

• Illegal access- partly Art. 359 and partly Art. 361 of the Criminal Code of Ukraine
• Illegal interception- partly Art. 31 of the Constitution of Ukraine and Art. 163, Art. 359, Art. 362(2) of the Criminal Code of Ukraine
• Data interference- Art. 362(1) of the Criminal Code of Ukraine
• System interference- partly Art. 361(1) and partly Art. 363-1 of the Criminal Code of Ukraine
• Misuse of device- partly Art. 361-1 of the Criminal Code of Ukraine
• Computer-related forgery- Art. 362(1) of the Criminal Code of Ukraine
• Computer-related fraud- Art.190, esp. par.3 of the Criminal Code of Ukraine
• Offences related to child pornography- Art. 52 of the Constitution of Ukraine and partly Art. 301 the Criminal Code of Ukraine
• Attempt and aiding or abetting- Art. 13 (2) and Art. 15, Art.26-27 and Art. 29, also Art. 68 (2) of the Criminal Code of Ukraine
• Corporate liability- partly Art.96 of the Criminal Code of Ukraine

The Code of Criminal Procedure of Ukraine does not contain a definition of electronic evidence. According to Article 84(1) of the CPC, evidence is defined broadly, and covers any factual knowledge, obtained in accordance with the Code, by which presence or absence of facts and circumstances which are important for the criminal proceedings can be proved. Sources of such knowledge (evidence) can be testimonies, objects, documents and expert findings. According to Article 99(1) of the same Code, ‘document’ is “material object, which was created specifically for conservation of information, such object containing fixed by means of written signs, sound, image etc. the knowledge that can be used as evidence of the fact or circumstance which is established during criminal proceedings”. It is further stipulated in paragraph 2 that documents might be “materials of photography, sound recording, video recording and other data media (including electronic)”.

While several articles of the Code of Criminal Procedure of Ukraine refer to the collection of subscriber information and identification of the subscriber (Articles 162, 248, 263, 268), the notion of subscriber information is not defined in the procedural legislation. The only definition related to this notion can be found in the Law on Telecommunications, where the term ‘subscriber’ is explained.

A definition of traffic data is not found in the legislation of Ukraine, while content data is addressed in corresponding investigative power under the Criminal Procedure Code.

In terms of expedited preservation of stored computer data, Ukraine did not implement Article 16 Budapest Convention by introducing specific preservation order in its procedural legislation. Chapter 15 of the Criminal Procedure Code foresees some possibility of preserving computer data by using the concept of “provisional access to objects and documents”. According to Article 159(1) of the Code of Criminal Procedure, purpose of ‘provisional access to objects and documents’ is for a party in proceedings to (1) get opportunity to examine objects and documents, (2) make copies thereof and, (3) seize them.

The expedited preservation and partial disclosure of traffic data under Article 17 Budapest Convention is not implemented, as there are no specific provisions that define traffic data, authorize its expedient preservation and disclose the path of communications by the service providers, neither in the procedural nor in telecommunications legislation of Ukraine.

Ukraine did not implement Article 18 Budapest Convention by introducing specific production order provisions. Chapter 15 of the Code of Criminal Procedure, entitled “Provisional access to objects and documents”, can be deemed as a relevant alternative. However, the options provided by the said Chapter of the CPC provide only very limited possibilities to order production of data.

Search and seizure of stored computer data under Article 19 Budapest Convention can partially be achieved on the basis of Chapter 16 of the Code of Criminal Procedure (‘provisional seizure of property’), Articles 234 – 236 of the CPC (search) and 167 (‘provisional seizure of property’).

Special provisions in the context of search and seizure provided by Article 19 (search of a connected system; making and retaining a copy of those computer data; maintaining the integrity of the relevant stored computer data; rendering inaccessible or removing those computer data in the accessed computer system) are not implemented. At the same time, provisions related to seizing or similarly securing computer data (p. 3(a)) and assistance of specialists in technical matters (p. 4) are covered by general regulations on seizure and involvement of specialists and experts in the criminal proceedings.

Ukraine implements Articles 20 and 21 Budapest Convention related to real-time collection of traffic data and interception of content data by similar set of provisions.

Article 40(4) of the Law on Telecommunications obliges telecommunication operators to, at their own expense, “install and ensure functioning of the technical means necessary for the performance by search and investigation bodies and Ukrainian telecommunication networks security monitoring agencies, as well as to promote, within the scope of their competences, search and investigation activities, monitoring performance and prevention from the disclosure of the employed organizational and tactical techniques”. It is also stipulated that operators must ensure protection of said technical means from unauthorized access.

In terms of procedural implementation, Articles 258 – 266 of the Code of Criminal Procedure provide legal basis for several covert investigative (detective) actions which interfere with the private communications of the individual. In the context of Articles 20 and 21 Budapest Convention, primarily relevant action is ‘collecting information from transport telecommunication networks’ (CPC Article 263).

In terms of horizontally applicable conditions and safeguards (Article 15 Budapest Convention), although most of the elements limiting and controlling the application of more intrusive measures, such as search and seizure, real-time collection of traffic data and content interception, are present - such as existence of criminal investigation, judicial order, duration and other conditions.

The safeguards are guaranteed by the Constitution of Ukraine, esp. Art.30-31.

The used safeguards are also covered by Art. 159-166, Art. 246-257 and Art.263-266 of the CPC of Ukraine.

• Law of Ukraine "On State Service of Special Communication and Information Protection of Ukraine"
• Law of Ukraine "On protection of information in telecommunication systems"
• Law of Ukraine "On the National System of Confidential Communication"
• Law of Ukraine "On Information"
• Law of Ukraine "On Telecommunications"
• Law of Ukraine "On the Information Society Development in Ukraine in 2007-2015"
• Law of Ukraine "On the disciplinary regulations of the State Service for Special Communications and Information Protection of Ukraine"
• Law of Ukraine "On State Secrets"
• Law of Ukraine "On electronic documents and electronic document"
• Law of Ukraine "On electronic digital signature" from 22.05.2003 № 852-IV
• Law of Ukraine "On electronic documents and electronic document" from 22.05.2003 № 851-IV
• Law of Ukraine "On the information" from 02.10.1992 № 2657-XII
• Law of Ukraine "On Personal Data Protection" from 01.06.2010 № 2297-VI
• Law of Ukraine "On Access to Public Information" from 13.01.2011 № 2939-VI
• Law of Ukraine "On protection of information in telecommunication systems" from 05.07.1994 № 80/94-BP

International cooperation in its extradition part is partly based on the Art. 10 of the Criminal Code of Ukraine and the signed bilateral agreements.

Possible cooperation with the European Union countries can be based on the Association Agreement between Ukraine, on the one hand, and the European Union, the European Atomic Energy Community and their Member States, on the other hand, the agreement was ratified by a statement by the Law number 1678-VII on the 16.09.2014.

Legal Framework is based on:

Bilaetral agreements, especially with countries such as: Armenia, Azerbaijan, Belarus, France, Finland, Georgia, Great Britain, Israel, Kazakhstan, Kirgizstan, Latvia, Lithuania, Moldova, Norway, Poland, Syria, Tajikistan, Turkmenistan, United States of America, Uzbekistan, Vietnam, others.

Association Agreement between Ukraine, on the one hand, and the European Union, the European Atomic Energy Community and their Member States, on the other hand, the agreement was ratified by a statement by the Law number 1678-VII on the 16.09.2014.

24/7 points of contact and police cooperation

The Cyber-Police Department of the National Police of Ukraine, as part of the Ministry of Internal Affairs, performs the functions of the 24/7 point of contact. Because of the absence of a mechanism for exchanging messages to/from international law-enforcement agencies between the National Police and Security Service of Ukraine, the possibility of establishing a second 24/7 contact point at the Security Service of Ukraine is being currently discussed.

The 24/7 contact point is executing only police-to-police type of requests related to cybercrime and electronic evidence. It can provide assistance in the investigation of criminal offences connected with computer systems and exchange of operative information (that is not the evidence in criminal proceedings). The central authorities of Ukraine may take into consideration a request that came from the requesting party electronically, by facsimile or other means of communication.

The 24/7 National contact point according to the national legislation has no competence in executing MLATs. MLA requests can only be executed through the Prosecutor General’s Office.

As to the execution of preservation requests, only regular procedures are used, as under Ukrainian legislation there is no separate provision for data preservation. Accordingly, no urgency procedures have been reported to exist.

Mutual legal assistance authorities

During the stage of pre-trial investigation, the Prosecutor General’s Office (Department for International Legal Cooperation and European Integration) is the central authority. At the trial stage, the Ministry of Justice (Division on Mutual Legal Assistance in Criminal Matters, International Legal Cooperation Department, Directorate for International Law) is handling MLA requests.

Requests may be sent to a foreign State or received from a foreign State, also through INTERPOL. The NCP INTERPOL cannot implement an MLA request but has to send it to the competent authority (Prosecutor General’s Office or the Ministry of Justice of Ukraine) for action. Diplomatic channels are also used in case of absence of an international treaty.

In the absence of treaties and on the basis of reciprocity, Ministry of Foreign Affairs, Directorate General for Consular Service is the channel through which the request is forwarded and received. If received by the above, the request should be transferred to the central authority according to the stage of proceedings. The request has to include assurances of reciprocity. Only the official written request can be accepted by the Ministry of Foreign Affairs.

For outgoing requests, a court, prosecutor or investigator - in consultation with the prosecutor - can send requests for international legal assistance in criminal proceedings to competent central authorities. Central authorities ensure the transmission of requests to foreign counterparts and manage all communications in this respect

Complying with Article 35 of the Budapest Convention, a 24/7 point of contact was established. The same functionality is also used for the G8 network purposes and also for the Interpol Network.

Ministry of Justice of Ukraine (concerning courts' commission) and the General Prosecutor's Office of Ukraine (concerning commissions of bodies of prejudicial inquiry).

Division for Combating Cybercrime, Ministry of Internal Affairs.

Specific procedures and best practices for International Cooperation