Select Committee on European Scrutiny Fortieth Report



Draft Council Framework Decision on attacks against information systems.

Legal base:Articles 29, 30(1)(a), 31 and 34(2)(b) EU
Department:Home Office
Basis of consideration: Minister's letter of 15 October 2002
Previous Committee Report: HC 152-xxxvi (2001-02), paragraph 5 (10 July 2002)
To be discussed in Council: No date fixed
Committee's assessment:Legally and politically important
Committee's decision:Not cleared; further information requested


  7.1  We considered this proposal for a Framework Decision on the criminal law relating to attacks on computer and electronic communications systems on 10 July 2002. We raised a number of technical issues of definition and questioned whether for the purposes of imposing a penalty it was right to include the causing of indirect economic loss as an aggravating circumstance, even where such loss was not reasonably foreseeable. We also asked the Minister for his views on whether the proposal was really necessary, given the adoption by the Council of Europe of a convention on cybercrime.

The Minister's reply

  7.2  In his letter of 15 October 2002, the Parliamentary Under-Secretary of State at the Home Office (Mr Bob Ainsworth) addresses our concerns of detail, as well as those on the penalties for aggravating circumstances and the relationship of the proposal with the Council of Europe cybercrime convention.

  7.3  We noted on 10 July that the proposal applied to conduct which was 'without right' and therefore excluded from criminal liability conduct by an authorised person or conduct which was 'recognised as lawful under domestic law'. We asked the Minister to explain the meaning of this latter term, since it seemed to us that a number of systems of law might be relevant, leading to different interpretations in different Member States. The Minister replies that the Framework Decision does not seek to define the term 'without right' but seeks not to criminalise conduct which is recognised as lawful under domestic law. The Minister points out that the Council of Europe cybercrime convention similarly does not restrict parties in their application of the term 'without right', but recognises legitimate activities in operating information systems, lawful Government conduct, legal defences and exclusions from criminal liability as well as providing a number of specific examples. The Minister considers that we are right to say that the term 'under domestic law' could lead to different interpretations in different countries and that, while it may be possible to resolve all these differences, this is a matter which will need to be addressed in the negotiations.

  7.4  We also noted that there appeared to be an overlap between the offence under Article 4a of seriously hindering or interrupting an information system by deleting data and the offence under Article 4b of deleting data on an information system with the intention of causing damage. The Minister replies that we are right to point out that in practice some acts may fall under both Article 4a and 4b but considers that the Framework Decision 'covers the two specific intended outcomes more comprehensively than the Computer Misuse Act'. The Minister adds that the overlap is intentional and is 'less critical' than failing to criminalise either type of conduct, and that he does not anticipate any practical difficulties in framing UK legislation to reflect this part of the Framework Decision.

  7.5  The Minister shares our concern over the lack of definition of 'serious cases' for the purpose of determining penalties, and states that it is his intention to resolve the question in negotiations.

  7.6  In relation to our remarks on the causing of indirect economic loss as an aggravating circumstance, the Minister states that it is the Government's view that indirect economic loss should affect the maximum penalties in the same way as direct economic loss. However, the Minister adds:

    "As the Committee highlights, there is no requisite intent for the aggravating results which trigger the higher maximum penalty. We will seek to simplify the whole penalty regime in the first draft of the Framework Decision when negotiation begins and will raise the issue of intent then. Of course, in the UK, the courts consider intent in deciding sentences within the maximum penalty."

  7.7  In response to our concern about whether this measure is needed, given the existence of the Council of Europe cybercrime convention, the Minister comments as follows:

    "It is our view that while the Framework Decision draws from the Convention, it will allow us to go further in setting significantly more detailed and more comprehensive offences common to all Member States. The Framework Decision would also provide a common minimum framework of maximum penalties across Member States, and will therefore ensure consistent extradition and European Arrest Warrant implications for these offences, provided we can ensure that the definitions are sufficiently clear."


  7.8  We thank the Minister for his helpful letter. It is evident from this that considerably more work will be needed on this proposal before it is ready for adoption. We shall look forward to an account of how the concerns we have identified have been addressed in a revised version.

  7.9  We shall hold the document under scrutiny, pending deposit of the revised version.

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2002
Prepared 20 November 2002