POLICY :: Cybercrime (archived)
This page was archived when this portal was restructured in early 2007. For up to date information, please visit the portal's eBusiness and Internet themes.
Fighting Cybercrime
The Information Society is a new world to explore. And with new worlds come new forms of crime.
Hacking, spreading computer viruses and other malicious code, organising denial of service attacks on websites these are new forms of crime, requiring an update of our legal frameworks to tackle.
Some of these crimes, moreover, may stem from organised crime or even terrorist organisations, and are also often international in nature. Gaps and differences in Member States' laws in this area, however, have to date hampered the fight against these forms of crime.
Tackling these problems under the EUs third pillar (Justice and Home Affairs) is therefore necessary.
Status and Scope
Hence the European Commission's 2002 proposal for a Council framework Decision on attacks against information systems.
The proposal covers illegal access to and interference with information systems, which includes electronic networks, computers and other devices connected to the networks (e.g., mobile phones), as well as the data and programmes that they carry.
The Framework Decision will therefore cover intentional hacking, distribution of viruses, denial of service attacks and website defacement, among other activities. It is also technology neutral, covering both hardware and software but not the content of the information itself, and seeks to strike the right balance by incriminating acts that are harmful to information systems, while excluding minor or trivial behaviour.
How It Works
The Decision creates a common set of legal definitions and criminal offences across the EU for these activities. Member States are required to have available a maximum penalty of between 1 and 3 years of imprisonment for offences involving interference with information systems and computer data, and a maximum penalty of between 2 and 5 years of imprisonment when the offences are committed in the framework of a criminal organisation. The Decision also contains provisions on legal persons and jurisdiction.
Member States are also required to join the so-called "24/7 Network" of operational points of contact for high-tech crime available 24 hours a day, 7 days a week, for the purposes of exchanging information on attacks against information systems.
Cybersquatting, Spam and Other Crime
The Commission has also focused on other illegal Internet-related acts:
- Boosting Internet Security is an eEurope 2005 policy priority, and involves the creation of the European Network and Information Security Agency (ENISA), designed to increase co-operation and information exchange between different stake holders in the Member States and contribute to a higher level of information security on the internal market.
- Privacy and Spam: the directive on
Privacy and Electronic Communications, part of the new
ecommunications regulatory framework:
- protects peoples privacy in the Information Society
- bans spam by ensuring Member States impose an opt-in regime
(read the press release);
- Cybersquatting: when individuals or companies buy up Internet domain names with a view to reselling them at high prices to individuals or organisations with legitimate interests or connections to the name. The Commission is considering developing rules to address cybersquatting in the .eu top level domain.
Updated 11 March, 2004.
DG Information Society