In a recent ruling a person has been convicted by the Italian Supreme Court of the offence of unauthorized access to a computer system although in possession of the appropriate authentication credentials, but when violating the limits or conditions of the enablement.
We would remind you that, according to art. no 615ter of the Italian Criminal Code: “any person who unlawfully breaks into a computer system or a computer protected by security measures or who remains inside it against the express or implied will of those who have the right to exclude him, shall be sentenced to up to three years’ imprisonment”.
As reported in several newspapers, the ruling – for which we are awaiting the grounds – concerns the case of an Italian Public Official (a Carabinieri Officer) who accessed his work computer system for purposes unrelated to his job using the authentication credentials in his possession, which had been assigned specifically for work reasons.
Therefore, this instance of access to the computer system seems to have been made without violating the security system, however, according to the Court, access is to be deemed unlawful because it violates the limitations on use and conditions of the authentication credentials.
In other words, according to this interpretation, a crime could be committed any time access is made to a computer system with proper credentials for purposes which vary from those for which the credentials were assigned. From this point of view we should underline that the Supreme Court’s interpretation of the law regarding the offence of unauthorized access to a computer system is extremely rigorous and strongly motivated by the need to avoid conduct which does not adequately observe a general principle of intention.