Lately, I’ve seen some people regularly sharing malware on Facebook. As long as the user clicks on it, it will automatically install on the user's device. This poses a risk to user privacy. So is it against the law to spread malware on Facebook? What are the regulations on prevention, detection, stoppage and handling of malware?
Looking forward to hearing from FDVN Law Firm. Thank you.
Thank you for concerning FDVN’s legal services. Base on your consulting requirements, after studying the legal documents, FDVN Law Firm offers the following advice:
 Is it against the law to spread malware on Facebook?
According to Article 7 of Law on Network Information Security 2015, the prohibited acts are as follows:
“Article 7. Prohibited acts
1. Blocking the transmission of information in cyberspace, or illegally intervening, accessing, harming, deleting, altering, copying or falsifying information in cyberspace.
2. Illegally affecting or obstructing the normal operation of information systems or the users’ accessibility to information systems.
3. Illegally attacking, or nullifying cyber information security protection measures of, information systems; attacking, seizing the right to control, or sabotaging, information systems.
4. Spreading spams or malware or establishing fake and deceitful information systems.
5. Illegally collecting, utilizing, spreading or trading in personal information of others; abusing weaknesses of information systems to collect or exploit personal information.
6. Hacking cryptographic secrets and lawfully enciphered information of agencies, organizations or individuals; disclosing information on civil cryptographic products or information on clients that lawfully use civil cryptographic products; using or trading in civil cryptographic products of unclear origin.”
Thus, the act of spreading malware on Facebook violates Law on Network information security. Accordingly. Persons who violate this regulation, depending on the nature and seriousness of the violation, shall be administratively sanctioned or brought into criminal accounts in accordance with the laws.
 Sanctioning violations
a) Sanctioning administrative violations:
Pursuant to Point b, Clause 6, Article 94 of Decree No. 15/2020/ND-CP on penalties for administrative violations against regulations on postal services, telecommunications, radio frequencies, information technology and electronic transactions:
“6. A fine ranging from VND 60,000,000 to VND 80,000,000 shall be imposed for the commission of one of the following violations:
a) Failing to provide adequate methods for refusal to receive promotional emails or messages;
b) Sending or spreading spam emails, spam messages and/or malware;
c) Creating a series of missed calls to entice users to make calls or send messages to numbers providing content services for personal gains or providing promotional information;
d) Operating or using service numbers or subscriber numbers for wrong purposes;
dd) Opening the function to dial, send/receive messages of toll-free service numbers/premium-rate service numbers.”
b) Criminal accounts
Pursuant to Article 286 of Criminal Code 2015, providing for acts of spreading programs harmful to computer networks, telecommunications networks, and electronic means:
“Article 286. Spreading software programs harmful for computer networks, telecommunications networks or electronic devices
1. Any person who deliberately spreads a software program that is harmful for a computer network, telecommunications network or an electronic device in any of the following circumstances shall be liable to a fine of from VND 50,000,000 to VND 200,000,000 or face a penalty of up to 03 years' community sentence or 06 - 36 months' imprisonment:
a) The illegal profit earned is from VND 50,000,000 to under VND 200,000,000;
b) The property damage caused by the offence is assessed at from VND 50,000,000 to under VND 300,000,000;
c) The harmful program is infected by 50 - 199 electronic devices or by an information system with 50 - 199 users;
d) The offender has incurred an administrative penalty or has an unspent conviction for the same offence.
2. This offence committed in any of the following circumstances carries a fine of from VND 200,000,000 to VND 500,000,000 or a penalty of 03 - 07 years' imprisonment:
a) The offence is committed by an organized group;
b) The illegal profit earned is from VND 200,000,000 to under VND 500,000,000;
c) The property damage caused by the offence is assessed at from VND 300,000,000 to under VND 1,000,000,000;
d) The harmful program is infected by 200 - 499 electronic devices or by an information system with 200 - 499 users;
dd) Dangerous recidivism.
3. This offence committed in any of the following circumstances carries a penalty of 07 - 12 years' imprisonment:
a) The offence is committed against a system of data which is classified information or an information system serving national defense and security;
b) The offence is committed against national information infrastructure; national grid control information system; banking or finance information system; traffic control information system;
c) The illegal profit earned is ≥ VND 500,000,000;
d) The property damage caused by the offence is assessed at ≥ VND 1,000,000,000;
dd) The harmful program is infected by ≥ 500 electronic devices or by an information system with ≥ 500 users.
4. The offender might also be liable to a fine of from VND 30,000,000 to VND 200,000,000 or prohibited from holding certain positions or doing certain jobs for 01 - 05 years.”
Thus, the person who conducts the act of spreading malicious software violates the laws. Depending on the nature and severity of the violation, he or she may be administratively sanctioned or criminally prosecuted under the mentioned regulations.
 What are the regulations on prevention, detection, stoppage and handling of malware?
Pursuant to Article 11 of Law on Network Information Security 2015 stipulating the prevention, detection, stoppage and handling of malicious software as follows:
“Article 11. Prevention, detection, stoppage and handling of malware
1. Agencies, organizations and individuals shall prevent and stop malware as guided or requested by competent state agencies.
2. The managing body of a national important information system shall put into operation technical and professional systems for preventing, detecting, stopping and promptly handling malware.
3. Enterprises providing email services or transmitting and storing information must have malware filtering systems in the course of sending, receiving and storing information via their systems and shall send reports to competent state agencies in accordance with law.
4. Internet service-providing enterprises shall take measures to manage, prevent, detect, and stop the spread of, malware and handle it at the request of competent state agencies.
5. The Ministry of Information and Communications shall assume the prime responsibility for, and coordinate with the Ministry of National Defense, the Ministry of Public Security and related ministries and sectors in, preventing, detecting, stopping and handling malware that affects national defense and security.”
Above is FDVN Law Firm's opinion for your consulting requests based on studying the relevant legal provisions. Hopefully, FDVN's advice would be helpful to you.
Legal advisor: Dinh Thi Thong
FDVN Law Firm
- TEN THINGS: THINGS THAT SHOULD SCARE THE S#%@ OUT OF IN-HOUSE LAWYERS
- 19 types of assets businesses must buy compulsory fire and explosion insurance
- TEN THINGS: HOW TO PREPARE AN ANNUAL LEGAL DEPARTMENT BUDGET
- TEN THINGS: THINGS IN-HOUSE COUNSEL SHOULD BE DOING BEFORE A DATA BREACH OCCURS
- 10.000 TỪ ĐỒNG NGHĨA THƯỜNG GẶP
- 200 Great Bilingual Articles - 200 Bài báo song ngữ hay
- The Theory of Corporate Finance - Jean Tirole
- THE OXFORD HISTORY OF HISTORICAL WRITING
- The Opium War: Drugs, Dreams and the Making of China - Julia Lovell
- The Great Wall - Julia Lovel
- THE WAR IN IRAQ AND INTERNATIONAL LAW
- The relevance of international law: a Hegelian interpretation of a peculiar seventeenth-century preoccupation
- TEN THINGS: GETTING THE MOST OUT OF MEDIATION
- LEGAL NEWSLETTER NO.09 - 9/2020: The contract in the form of data message and practical application
- CAN THE SISTER-IN-LAW WORK AS A CHIEF ACCOUNTANT IN THE COMPANY OF HER BROTHER-IN-LAW?
- COULD PUBLIC EMPLOYEES BE THE DIRECTOR OF THE ENGLISH CENTER?