2000 Cybercrime Communication
January 26, 2001
Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions on Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime – Source of the text: eur-lex.europa.eu
Europe’s transition to an information society is being marked by profound developments in all aspects of human life: in work, education and leisure, in government, industry and trade. The new information and communication technologies are having a revolutionary and fundamental impact on our economies and societies. The success of the information society is important for Europe’s growth, competitiveness and employment opportunities, and has far-reaching economic, social and legal implications.
The Commission launched the eEurope initiative in December 1999 in order to ensure that Europe can reap the benefits of the digital technologies and that the emerging information society is socially inclusive. In June 2000, The Feira European Council adopted a comprehensive eEurope Action Plan and called for its implementation before the end of 2002. The Action Plan highlights the importance of network security and the fight against cybercrime.
Information and communication infrastructures have become a critical part of our economies. Unfortunately, these infrastructures have their own vulnerabilities and offer new opportunities for criminal conduct. These criminal activities may take a large variety of forms and may cross many borders. Although, for a number of reasons, there are no reliable statistics, there is little doubt that these offences constitute a threat to industry investment and assets, and to safety and confidence in the information society. Some recent examples of denial of service and virus attacks have been reported to have caused extensive financial damage.
There is scope for action both in terms of preventing criminal activity by enhancing the security of information infrastructures and by ensuring that the law enforcement authorities have the appropriate means to act, whilst fully respecting the fundamental rights of individuals.
The European Union has already taken a number of steps to fight harmful and illegal content on the Internet, to protect intellectual property and personal data, to promote electronic commerce and the use of electronic signatures and to enhance the security of transactions. In April 1998, the Commission presented to the Council the results of a study on computer-related crime (the so-called ‘COMCRIME’ study). In October 1999, the Tampere Summit of the European Council concluded that high-tech crime should be included in the efforts to agree on common definitions and sanctions. The European Parliament has also called for commonly acceptable definitions of computer-related offences and for effective approximation of legislation, in particular in substantive criminal law. The Council of the European Union has adopted a Common Position on the Council of Europe cybercrime convention negotiations and has adopted a number of initial elements as part of the Union’s strategy against high-tech crime. Some EU Member States have also been at the forefront of relevant G8 activities.
This Communication discusses the need for and possible forms of a comprehensive policy initiative in the context of the broader Information Society and Freedom, Security and Justice objectives for improving the security of information infrastructures and combating cybercrime, in accordance with the commitment of the European Union to respect fundamental human rights.
In the short-term, the Commission believes that there is a clear need for an EU instrument to ensure that Members States have effective sanctions in place to combat child pornography on the Internet. The Commission will introduce later this year a proposal for a Framework Decision which, within the wider context of a package covering issues associated with the sexual exploitation of children and trafficking in human beings, will include provisions for the approximation of laws and sanctions.
In the longer-term, the Commission will bring forward legislative proposals to further approximate substantive criminal law in the area of high-tech crime. In accordance with the conclusions of the European Council in Tampere in October 1999, the Commission will also consider the options for mutual recognition of pre-trial orders associated with cybercrime investigations.
In parallel, the Commission intends to promote the creation of specialised computer-crime police units at the national level, where they do not already exist, support appropriate technical training for law enforcement and encourage European information security actions.
At the technical level and in line with the legal framework, the Commission will promote R&D to understand and reduce vulnerabilities and will stimulate the dissemination of know-how.
The Commission intends also to set up an EU Forum in which law enforcement agencies, Internet Service Providers, telecommunications operators, civil liberties organisations, consumer representatives, data protection authorities and other interested parties will be brought together with the aim of enhancing mutual understanding and co-operation at EU level. The Forum will seek to raise public awareness of the risks posed by criminals on the Internet, to promote best practice for security, to identify effective counter-crime tools and procedures to combat computer-related crime and to encourage further development of early warning and crisis management mechanisms.
TABLE OF CONTENTS
1. OPPORTUNITIES AND THREATS IN THE INFORMATION SOCIETY
1.1. National and international responses
2. SECURITY OF INFORMATION INFRASTRUCTURES
3. COMPUTER-RELATED CRIME
4. SUBSTANTIVE LAW ISSUES
5. PROCEDURAL LAW ISSUES
5.1. Interception of communications
5.2. Retention of traffic data
5.3. Anonymous access and use
5.4. Practical co-operation at international level
5.5. Procedural law powers and jurisdiction
5.6. Evidential validity of computer data
6. NON-LEGISLATIVE MEASURES
6.1. Specialised units at the national level
6.2. Specialised training
6.3. Improved information and common rules for record keeping
6.4. Co-operation between the various actors: the EU Forum
6.5. Direct industry actions
6.6. EU-supported RTD projects
7. CONCLUSIONS AND PROPOSALS
7.1. Legislative proposals
7.2. Non-legislative proposals
7.3. Action in other international fora