Strasbourg, 22/05/2007 (Agence Europe) - On Tuesday the Commission presented its new strategy for fighting more effectively against cyber crime, which is likely to be on a constant increase in the Union. By adopting a communication, “Towards a general policy in the fight against cyber crime”, the Commission intends to promote measures for setting up a “genuine European network” in fighting this phenomenon, particularly by improving cooperation between difference law enforcement services and the public and private sectors. It is intending to introduce legislation on specific infringements. During presentation of this communication in Strasbourg, Commissioner Franco Frattini declared, “the European Commission is today taking an important step towards the formulation of a general European policy on the fight against cyber crime”. In the United Kingdom alone, bank fraud using the “phising” technique increased by 8000% over the last two years. This kind of fraud consists of obtaining sensitive information (passwords or credit card details) by impersonating a bona fide electronic communications operator.
Definition of cyber crime. In terms of the communication, “cyber crime” covers, “criminal infringements committed with the aid of electronic communications networks and information systems or against these networks and systems”.
Communication objectives. Given the limited powers of the EU in this field, the policy carried out by the Commission mainly aims to put in place actions for improving cooperation at different levels. First and foremost action must be taken at the level of EU law enforcement. The Commissioner was in favour of setting up a “real European network” to fight cyber crime. In 2007, the Commission will therefore be organising a meeting of experts (police and magistrature) from member states but also from Europol, the European Police College (CEPOL) and the European Judicial Training Network (EJTN), in order to discuss ways to improve strategic and operational cooperation, as well as training to combat cyber crime in Europe. Discussion will also turn to the establishment of an EU permanent point of contact for exchanging information and the creation of an EU training platform on fighting cyber crime. Since information exchange is one of the EU's priorities, Mr Frattini pointed out that the “check the web” project initiated by the German EU Council Presidency would be a central tool using the Europol information portal that has been operational since early May. It aims to facilitate the coordination and sharing of internet surveillance tasks between member states, with special focus on terrorism and child pornography. Another objective set out in the communication is to increase dialogue with industry by highlighting joint projects for the detection and prevention of damage caused by cyber crime. “We have to improve our research capacity on cyber criminality”, said Mr Frattini. This policy will be taken before the European security, research and innovation forum that the Commission intends to set up in the near future. A conference to this end is foreseen for November to bring together parties concerned in both public and private sectors. The forum will therefore witness extended public/private cooperation in areas relating to the fight against illegal content (for example, with regard to sexual violence against children or incitement to racial hatred) on the Internet. While the Commission may consider that the time is not right for general harmonisation of definitions of crimes and national criminal laws on cyber crime, it nonetheless plans to adopt rules in 2008 on computer crime committed in identity theft. In general terms, “identity theft” means the use of personal identification data, for example, a credit card number, to commit other crimes. Identity theft as such is not a criminal act in all member states. The communication raises the need for more statistics: in the EU, there are not enough reliable statistics on cyber crime, particularly for comparing data between member states. It is planned, then, that an expert group discuss this issue with a view to drawing up relevant indicators which will allow the scale of cyber crime to be assessed.
The “Estonian test”. Commissioner Frattini was also concerned about attacks which could be coordinated against states, similar to the one suffered by Estonia, which was, for several days, subject to massive cyber attacks against its main internet sites. He said that Estonia was “a first test case” for the EU. The Greece-based European Network and Information Security Agency (ENISA) is currently carrying out an investigation in Estonia, and should report in two months' time. “I cannot anticipate a suspect at this time,” Mr Frattini said. Estonian political leaders have openly attributed these attacks to Russia. (bc)