Oskar Gross, the manager of recently opened Cyber Crime Unit of Central Criminal Police writes in an opinion piece that Estonian legislation is at times more primitive than the actual cybercrime. Therefore, there may be a weird situation where hacking an account that is protected with a simple password such as “1234” is not an offense.
In the last commented edition of the Penal Code, the lawmaker rather boldly attempted to define the legal handling of computer systems’ passwords and security issues related to recovering password, and the end result is problematic in several aspects.
Penal Code has an important section §217 “Illegal obtaining of access to computer systems” which aims to penalize unauthorized access to computer systems. The commented edition of Penal Code clarifies that unauthorized access is not in case of amazingly simple passwords, such as “admin”, “123456” and “qwerty”, because such passwords can be guessed by an attacker or found from “the top worst passwords” on the Internet.
In short, this section comment says: “If you have a weak password, the access to your data is allowed.”