Bill to Decriminalize Investigations in Information Security

Section 153 of the Argentine Criminal Code establishes sanctions for those who knowingly access a computer system or data with restricted access, by any means, without proper authorization or beyond their level of authorization. At the same time, it lists as an aggravating circumstance any access that is detrimental to a computer system or to the data of a public body or a provider of public or financial services.

The proposed bill to decriminalize Information Security investigations (available here in Spanish), was drafted within the framework of the Ekoparty International Security Conference in its Avoiding-Jail activity, and sets out to reform Section 153 bis of the Argentine Criminal Code by incorporating a third paragraph that provides for an exemption from criminal liability to those who have acted with the unequivocal purpose of protecting a public interest and those who, acting in good faith and within the framework of a security investigation, report the identified vulnerability to the owner of the computer system.

According to the bill’s preamble, the purpose of the reform is to establish a protection framework for those who, as security investigators, discover a flaw and report it.

That communication or report can be accredited by sending an electronic communication to the different contact channels displayed by the owner of the system or computer data, as well as other forms that could reveal the intention to report the issue to whomever is responsible for the system.

The document is enabled for public and anonymous comments.