Brussels, 24/04/2002 (Agence Europe) - On Tuesday the European Commission adopted a proposal for a Council Framework Decision on "Attacks against information systems". This document forms part of the E-Europe initiative aimed at approximating criminal law in Member States to ensure that Europe's law enforcement and judicial authorities can take action against this new form of crime, which is proving extremely costly to different sections of society.
The economic cost of certain attacks against information systems impacts on public organisations, companies and individuals is most significant and threatens to make information systems more costly and less affordable to users. These kind of attacks are often carried out by individuals acting on their own who are not always aware of the seriousness of their action and are also often perpetrated by organised criminals. Organised hacking groups specialised in hacking and defacement of websites are more and more active at world-wide level. Examples include the Brazilian Silver Lords and the Pakistan Gforce, which try to exhort money from their victims by offering them specialised assistance after hacking into their information systems. Security breaches at e-commerce merchant databases where access is gained to customers' information, including credit card numbers. The proposal presented b the Commission last Tuesday hopes to contribute to the response to the threat of a terrorist attack against vital information systems within the European Union. It supplements the Commission's proposals of last September to fight against this phenomenon and intends replacing extradition within the EU with a European Arrest Warrant, as well as approximating laws on terrorism. Taken together, the Commission stresses that these instruments will, "ensure that Member States of the European Union will have effective criminal laws in place to tackle cyber-terrorism".
The proposal on attacks against information systems essentially aims to approximate criminal law in Member States where there are significant gaps and differences which could hamper the fight against organised crime and terrorism, as well as serious attacks by individuals against information systems (offences committed by minors are not targeted). This approximation should allow greater police and legal co-operation. The proposal will not impact on laws on privacy or data base protection in community law but covers all forms of serious attacks against information systems in Member States allowing them to investigate using techniques and methods available under criminal law. It aims to tackle: the disruption of information systems such as "denial of service" (DoS) by flooding in view of paralysing servers or Internet Service Providers with automatically generated messages; the execution of malicious software that modifies or destroys data (viruses); malicious interception of communications compromising the confidentiality and integrity requirements of users "sniffing"); Malicious misrepresentation. Information systems offer new opportunities for misrepresentation and fraud. The taking of someone's identity on the Internet, and using it for malicious purposes. The Commission hopes that incitement; abetting or wilful complicity to commit any of these infractions will be punishable by Member States. The latter will also be expected to ensure that perpetrators are subject to proportionate sentencing and proportionate fines that will send a strong deterrent message. The proposal also suggests minimum prisons sentences of four years for the most serious cases such as if the offences have been committed by criminal organisations; if the offence has caused substantial economic loss or physical harm to a natural person or substantial damage to part of the critical infrastructure of the Member State. Legal persons will be liable for offences committed for their benefit by any person acting individually or as part of the organ of the legal person. In addition to fines, sanctions against legal persons range from exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities to the placing under judicial supervisions. The proposal also includes provisions for facilitating information exchange between Member States.