Brussels, 23 April 2002
Commission adopts proposal to combat Cybercrime
The European Commission has adopted a proposal for a Council Framework Decision on "Attacks against information systems". It addresses the new most significant forms of criminal activity against information systems, such as hacking, viruses and denial of service attacks. This Framework Decision seeks to approximate criminal law across the EU to ensure that Europe's law enforcement and judicial authorities can take action against this new form of crime. It also aims to encourage and promote information security.
"Member States' laws contain some significant gaps which could hamper the ability of law enforcement and judicial authorities to respond to crimes against information systems. Given the trans-national nature of hacking, virus and denial of service attacks, it is important that the European Union takes action in this area to ensure effective police and judicial co-operation. The need for approximation of criminal offences and penalties in this area was agreed by the European Council in Tampere in October 1999" Antonio Vitorino, European Commissioner for Justice and Home Affairs, commented.
Erkki Liikanen, European Commissioner responsible for Enterprise and the Information Society stressed that "There is a vast amount of network traffic, of which only a very small percentage is problematic and can be disruptive. However small a part of the overall picture, cybercrime is still crime which needs to be dealt with. This proposal also contributes to improving the overall security of our information infrastructures, which is a key element in our efforts towards a knowledge-based economy as recently highlighted by the Barcelona European Council".
The advent of the Information Society has brought new opportunities for citizens and businesses, but also provided a platform for new types of criminal activities. These illegal activities can take different forms and cross many borders. Some recent virus attacks for example have caused extensive economic damage in different parts of the world.
Criminal activity can be prevented and combated by:
The eEurope Action Plan(1), adopted at the Feira European Council in June 2000, stressed the importance of network security and the fight against cybercrime.
The Commission's "Cybercrime Communication"(2) envisaged a proposal to approximate the substantive criminal law in the area of "high-tech crime".
The Communication on "Network and Information Security"(3) further underlines the commitment of the European Commission to promote the development of a secure information infrastructure in Europe.
The Framework Decision that is now being proposed addresses the core of computer-related crime by proposing a harmonisation instrument that would approximate criminal law rules and facilitate judicial cooperation for:
The proposed Framework Decision is technology neutral and takes account of the broader Information Society context. The ultimate objective is to protect users and promote the improvement of the security of information infrastructures, while balancing different societal interests, such as network security, law enforcement powers, the extent of criminalisation, privacy protection, users rights, development of new technologies and economic priorities.
The development of a cybercrime policy therefore also requires user involvement. The current proposal is the result of an extensive and transparent public consultation, within the framework of the EU Forum on Cybercrime, involving all players.
The proposed Framework Decision also takes into account other international activities such as the work of the G8 and the Council of Europe Convention on Cybercrime (4).
(2)Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime (COM 2000/890 final) HYPERLINK "http://ec.europa.eu/archives/ISPO/eif/InternetPoliciesSite/Crime/CrimeCommEN.html" http://ec.europa.eu/archives/ISPO/eif/InternetPoliciesSite/Crime/CrimeCommEN.html