Commission adopts proposal to combat cybercrime
The European Commission adopted a proposal for a Council framework decision on attacks against information systems, designed to approximate Member State criminal law and promote information security across the EU, on 19 April. The framework decision aims to further harmonise criminal laws and facilitate judicial cooperation for hacking (unauthorised access), denial of service attacks (disruptive attacks) and viruses (the introduction of malicious software). Justice and Home Affairs Commissioner Antonio Vitorino said the proposal would help tackle the 'significant gaps' in Member State laws which could hamper response to crimes against information systems. 'Given the transnational nature of hacking, virus and denial of service attacks, it is important that the European Union takes action in this area to ensure effective police and judicial cooperation,' he said. Enterprise and Information Society Commissioner Erkki Liikanen said that while only a small proportion of network traffic is disruptive, 'however small a part of the overall picture, cybercrime is still a crime that needs to be dealt with. This proposal contributes...to improving the overall security of our information structures, which is a key element in our efforts towards a knowledge-based economy'. Mr Liikanen told a press conference on 23 April that the problem of viruses on the Internet, such as the recent 'Kournikova' and 'I love you' attacks, is growing rapidly. He added that as mobile phone technology becomes smarter, the problem is growing beyond the net. But the response must 'strike the right balance' between the security and freedom of the Internet, said the Commissioner. 'European citizens must be able to work on the net without being obstructed, disrupted, or victimised.' Mr Vitorino said that interference with and disruption of information systems are 'growing threats that know no frontiers'. He explained that the Commission's proposal 'aims to ensure a common minimum level of criminal law in all Member States' to tackle the problem, including custodial sentences of no less than one year in serious cases. The proposal also introduces a legal obligation for Member States to provide 24 hour contact points for the exchange of information about cybercrime. The framework decision must be adopted unanimously by the Council of Ministers after consultation with the European Parliament before entering into force.