In Portugal, and in much of the legal systems of Europe, “legal persons” are likely to be criminally responsibilities for cybercrimes, for example, “false information,” “damage on other programs or computer data,” “computer-software sabotage,” “illegitimate access,” “unlawful interception,” and “illegitimate reproduction of protected program.” However, there are exceptions to the “question of criminal liability” of “legal persons.” Some “legal persons” cannot be blamed for cybercrime. The legislature did not leave! These “legal persons” are the following (“public entities”): legal persons under public law, which include the public business entities; entities utilities, regardless of ownership; or other legal persons exercising public powers. In other words, and again as an example, a Portuguese public university or a private concessionaire of a public service in Portugal cannot commit any one of the highlighted cybercrimes. Fair? Unfair. All laws should provide that all legal persons (rectius organizations) can commit cybercrimes.
Top1. Introduction
Criminal liability is the highest penalty that the modern democratic, free and true “rule of law,” gives to individuals and their organizations and/or “corporations, legal persons and similar entities.” Whether from the point of view of criminal law or from criminology perspective, or even in a trend of criminal policy, there is already a consensus, quite broad (Dias & Andrade, 1984; Dias, 2007). Quite broad consensus—in doctrine, jurisprudence, and legislation—on the necessity, appropriateness, and proportionality to consecrate the criminal liability of organizations—“corporations, legal persons and similar entities” (Bandeira, 2011a, 2011b; Guinter, 2009; Keulen & Gritter, 2010). Only a few voices in a few countries, like some doctrine in Germany, are still defending the old principle of “societas delinquere non potest” (Bandeira, 2004). But, even here, they have other type of sanctions. The criminal law—which is constitutional law—should always be a “law of minimum intervention.” A ultima ratio law. The criminal law, among other things, has to take into account the general and special positive preventions, but also the retribution and Justice. Some part of the criminal law must also look for a restorative Justice.
However, in the context of the Portuguese legal system, is scheduled to criminal liability of organizations (“corporations, legal persons and similar entities”) on different places of legislation, and in particular in the designated “law of cybercrime.”1 And this responsibility can in particular be for the following crimes: “False information”2; the “Damage on other programs or computer data”3; the “Computer-software sabotage”4, the “Illegitimate access”5, the “Unlawful interception” and “Illegitimate reproduction of the protected program”6. It turns out that, with regard to the “criminal responsibility” of organizations, “corporations, legal persons and similar entities,” the “Law of Cybercrime” makes a reference to the portuguese Penal Code.7
We need to see also some of the possible legal consequences in relation to issues that are related to system administration information within organizations. And this, or that, is right in the middle of “corporations, legal persons and similar entities,” “organizations.” You need to check to what extent cannot exist here and there, an interception among the following three groups of questions. 1) “Management Information System” within organizations, id est, the “corporations, legal persons and similar entities”; 2) Responsibility/liability of the criminal organizations, id est, the “corporations, legal persons and similar entities” in the context of so-called “Cybercrime Law”; 3) Crimes of “False information”; “Damage on other programs or computer data”; “Computer-software sabotage”; “Illegitimate access”; “Unlawful interception”; and “Illegitimate reproduction of protected program.”
It is also crucial, of course, to realize how it works—from the strict point of view of legal technique and criminal—the nexus of imputation of criminal liability to “organizations,” i.e., the “corporations, legal persons and similar entities.” We refer to the respective criminal liability for crimes of “False information,” “Damage on other programs or computer data,” “Computer-software sabotage,” “illegitimate access,” “Unlawful interception,” and “illegitimate reproduction of protected program.”
At the end, we have the conclusions and constructive suggestions, but not before finally realizing what type of “organizations”—“corporations, legal persons, and similar entities,” through a poor administration of the information system, can commit crimes that are in the “Cybercrime Law.”
After all, we are talking about fundamental rights and duties.