Now, to really understand the subject, we must review the text of articles 172 and 173 of the Argentine Penal Code:Law 26.388 - ARTICLE 9 - The following shall be incorporated as paragraph 16 of article 173 of the Criminal Code:
Paragraph 16. Anyone who defrauds another through any computer manipulation technique that alters the normal functioning of a computer system or the transmission of data.
So, phishing is in principle in Argentina, paragraph 16 of art. 173, therefore IT IS, a special type of the common scam of 172. So we must resort to the classic criminal doctrine of the crime of fraud, in order to know when the type will be configured.Argentine Penal Code - Chapter IV.
Scams and other frauds
Article 172.- Anyone who defrauds another with an assumed name, simulated quality, false titles, lied influence, abuse of trust or pretending to be property, credit, commission, company or denial or using any other ruse or deception shall be punished with imprisonment from one month to six years.
Article 173.- Without prejudice to the general provision of the preceding article, special cases of fraud shall be considered and shall suffer the penalty established therein:
Subsection 1º the one who defrauds another in the substance, quality or quantity of the things that he delivers by virtue of a contract or a compulsory title ...
I then turn to the impeccable explanation of one of the most important authors of Criminal Law, such as Edgardo Donna (1), who in an article of his (pages 41 and 42) states (the bold belongs to me):
Another important issue is to clarify that in the scam the legal good is not, as one might think, the "good faith in the traffic" or the "loyalty in the operations" but the patrimony. The ruse and deception provided for in the type as forms of commission are simply the means by which the taxable person's property damage occurs, so that the breach of good faith is the modus operandi that will determine the legal damage to property, but not the object of the protection, either directly or indirectly.
So that for the crime of fraud (and therefore phishing) to be configured, there must first be the ruse or deception and then a patrimonial damage resulting from said deception.- Publicidad -If good faith were the legal good protected, the consummation of the crime should occur with the mere realization of the deception, without the need to cause any patrimonial damage, a solution that is unacceptable from the legal point of view.
From this we can already deduce then, that many of the behaviors considered "criminal" today, in reality, are not. I refer to those people who are dedicated to setting up twin sites and sending spam to get unsuspecting users to deliver their data (personal, credit card, email accounts, PayPal, etc.) product of deception.
They are not a crime for the above, a typical element of basic conduct is missing, which is the patrimonial damage.
So in Argentina it is NOT punishable as an autonomous crime to simply obtain data (by phishing or any other method) for the purpose of defrauding. This means that a large part of the chain of computer criminals is left in such a large legal vacuum, that no one is persecuted for it (in reality there is no legal vacuum, because in criminal law, what is not expressly foreseen is NOT a crime).
Those of us who are daily in the computer world, know of the existence of forums crowded with notices of sales of databases obtained through this type of activities, which (unfortunately) in Argentina we can not yet call as a crime.
On the other side of the bridge are then those subjects in charge of carrying out the economic damages with the data obtained fraudulently, but in reality, it is not they who have made the deception to obtain that data. From my point of view, here the question already changes, because the subject would still be committing a crime to carry out patrimonial transactions with false data.
Now, it is worth reviewing again the article included by Law 26,388:
We see that the type is met when there is fraud by "any computer technique that alters the normal functioning of a computer system or the transmission of data". The good thing is that the legislator adopted a broad legislative technique so that any technique included. What we must be aware of is that this paragraph actually requires modification of normal operation. This means that the crime will only exist if the cracker gets into the official website of Bank X, and modifies so that each one who logs in, sends their data to a private account and then produces the patrimonial damage.- Publicidad -Paragraph 16. Anyone who defrauds another through any computer manipulation technique that alters the normal functioning of a computer system or the transmission of data.
As we know, this almost never happens, but the modality is to create new sites, in similar urls, appealing to the innocence of the user. However, and provided that there is a patrimonial damage, this will be a crime but not because it is configured in paragraph 16, but because it is a typical case of common fraud of art. 172. That is, there is a ruse or deception (configured in the realization of a third party site so that the deceived person provides his data thinking that he is doing it on the official site), and if then there is patrimonial damage, the essential requirements are given, ergo, there is crime.
That is, in reality this activity always had a criminal sanction because it is nothing more than the "uncle's tale" in digital format, but in the end, it is an ordinary fraud.
Finally, I would like to leave a line of thought in order to achieve that evolution of Argentine legislation that I referred to at the beginning. The inclusion of paragraph 16 of Article 173 has been useful for those cases of alterations of all types of systems (which can be websites, ATMs, or any other), thanks to the breadth of its wording. However, one of the activities that most moves the world of computer crime has been left unprotected, which is the illegal capture of data (of all kinds, which even lead to digital identity theft) for later sale or use.
Therefore, I emphasize the advancement or improvement of criminal legislation to achieve the punishment (which does not necessarily have to be deprivation of liberty, but could be a fine) of the illegitimate capture of data for the purpose of fraud.
(1) DONNA, Edgardo and FUENTE, Esteban Javier. "General aspects of the criminal type of scam".
Marcelo Temperini Director of elderechoinformatico.com
