ATTACKS AGAINST INFORMATION SYSTEMS (8586/02)
Letter from the Chairman to Bob Ainsworth
MP, Parliamentary Under-Secretary of State, Home Office
Sub-Committee E (Law and Institutions) considered
the proposal at its meeting on 3 July. The Committee would welcome
your comments on the following:
The meaning of a number of terms used in the
proposal is unclear, and the Committee is concerned that this
may cause uncertainty regarding the delimitation of the scope
of the offences and the level of penalties imposed. This is particularly
the case regarding the meaning of "serious hindering"
of the functioning of an information system, which is criminalised
under Article 4(a). The Commission notes that its meaning is not
defined, "as hindering could take different forms and its
level could vary depending upon the type of the attack and the
technical capacities of the information system being attacked".
This could lead to considerable differences in the implementation
and interpretation of this provision by Member States. The same
criticism can be made with regard to terms such as "damage",
"economic benefit", "substantial direct or indirect
economic loss", "substantial proceeds", and "critical
infrastructure of the Member State". We would be grateful
if you could clarify what is meant by these terms.
The penalty threshold of one year of imprisonment
for "serious cases" of offences established by the proposal
enables the issuing of a European Arrest Warrant. However, it
is unclear what constitutes a "serious case" in this
context, with Article 6 determining only what is not meant by
this term. The current drafting could result in significant differences
in the implementation of the provision between Member States,
potentially leading to the execution of warrants for offences
that are considered minor by the executing State. The inclusion
of specific criteria of "seriousness" in Article 6 could
help remedy this situation.
Article 12 establishes national contact points
for the exchange of information concerning the Decision offences.
No reference is made however to the nature and powers of these
bodies and the types of information that can be exchanged. The
Article contains a general reference to the establishment of contact
points "in accordance with data protection rules", but
it is unclear whether this refers to national, EU and/or international
standards. Specific data protection safeguards should be included,
perhaps in a separate measure devoted exclusively to data exchange.
You mentioned in your Explanatory Memorandum that a contact point
has already been established in the UK. We would be grateful if
you could provide us with any information on the work of this
body and the standards under which it operates.
The Committee decided to retain the document
4 July 2002
Letter from Bob Ainsworth MP, Parliamentary
Under-Secretary of State, Home Office to the Chairman
Thank you for your letter of 4 July 2002 setting
out the comments of Sub-Committee E regarding this document, which
I seek to address below:
The UK Government, as do the Governments of
a number of other Member States, shares your concern about the
importance of clarity and consistency of definition of the terms
used to ensure that Member States' domestic legislation is harmonised
effectively. We will be seeking to ensure this is done in the
negotiation of the Framework Decision.
I understand that the terms used were drawn
from the Council of Europe Cybercrime Convention and other EC
Directives where possible.
The term "Serious Hindering" is used
in the Cybercrime Convention to refer to "action that interferes
with the proper functioning of the computer system", but
leaves it to Parties "to determine the extent to which the
functioning should be hinderedpartially or totally, temporarily
The term "critical infrastructure"
is not defined. We use it to refer to those parts of the UK's
infrastructure for which continuity is so important to national
life that loss, significant interruption, or degradation of service
would have life threatening, serious economic or other grave social
consequences for the community, or any substantial portion of
the community, or would otherwise be of immediate concern to the
Government. This will need to be addressed in negotiation.
The other terms are commonly used in European
Directives. More advanced drafts of the Framework Decision will
be submitted to the Scrutiny Committees when they become available.
The Sub-Committee rightly highlight the fact
that there is no agreed definition of what constitutes a "serious
case". We will be seeking to simplify the proposed penalties
in negotiation, not least to provide a framework within which
we can ensure consistency. An agreed definition of "seriousness"
in Article 6 is one way this would be achieved.
A 24x7 contact network was put in place between
G8 countries in 1997 to facilitate communication between domestic
High Tech Crime Units and ensure the preservation of digital data,
subject to the domestic laws and authority powers of the requested
state, pending a formal request for the provision of evidence.
The Cybercrime Convention also adopted the network and currently
there are 29 countries in this network. The Framework Decision
simply puts that network on a formal basis for Member States.
No specific standards have been drawn up for the contact network,
as it is intended to operate within existing domestic and international
standards and no need for specific additional standards has yet
been identified. The UK contact is through the 24-hour Interpol
desk in the National Criminal Intelligence Service who refer calls
to the National High Tech Crime Unit of the National Crime Squad.
In summary, I share a number of the Sub-Committee's
concerns in relation to this draft and will be seeking to resolve
these when negotiation begins.
15 October 2002
Letter from the Chairman, Chairman of
the Committee to Bob Ainsworth MP, Parliamentary Under Secretary
of State, Home Office
Thank you for your letter of 15 October on the
above proposal. Sub-Committee E (Law and Institutions) examined
it at its meeting on 28 October. We were pleased to see that you
share our concerns regarding terminology and the application of
the European Arrest Warrant and welcome your commitment towards
ensuring clarity and consistency. It appears from your letter
that the proposal is still at an early stage of negotiation and
that revised drafts will be deposited for scrutiny in the future.
In the meantime, the Committee will continue to retain document
8685/02 under scrutiny.
29 October 2002