European Commission: Adoption of Proposal to Combat Cybercrime

IRIS 2002-6:1/7

Tarlach McGonagle

Institute for Information Law (IViR), University of Amsterdam

The European Commission recently adopted a Proposal for a Council Framework Decision on attacks against information systems. The objective of the proposed Framework Decision is the improvement of "co-operation between judicial and other competent authorities, including the police and other specialised law enforcement services of the Member States, through approximating rules on criminal law in the Member States in the area of attacks against information systems" (Article 1).

Among the offences contemplated by the proposed Framework Decision are attacks through illegal access to Information Systems ("hacking"); through illegal interference with Information Systems (viruses and other Institute for Information Law (IViR) University of Amsterdam means of hindering or interrupting the operation of an Information System by tampering with computer data) and instigating, aiding, abetting or attempting either type of attack. Information Systems are defined in Article 2 as: "computers and electronic communication networks, as well as computer data stored, processed, retrieved or transmitted by them for the purposes of their operation, use, protection and maintenance". This definition aspires to technological neutrality; concerns both hard- and software (but not the actual content of the information) and applies to both interconnected and stand-alone computer systems.

While conscious of the need to develop a common approach to the offences in question, the proposed Framework Decision is also wary of the dangers of what may be termed "over-criminalisation", especially as regards minor or trivial offences. The Proposal also dwells on pertinent topics such as penalties, aggravating and particular circumstances, as well as jurisdictional matters.

The drafters of the Proposal have taken due cognisance of relevant developments at the international level. For instance, the Council of Europe's Convention on Cybercrime was formally adopted and opened for signature at the end of last year (see IRIS 2001-10: 3) and the First Additional Protocol to the Convention, dealing with the criminalisation of acts of a racist or xenophobic nature committed through computer systems, is currently being drafted (see IRIS 2002-3: 3). The G8 is also actively examining transnational cooperation relating to high-tech crime.