Annexes to COM(2007)267 - Towards a general policy on the fight against cyber crime - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2007)267 - Towards a general policy on the fight against cyber crime. |
|---|---|
| document | COM(2007)267  |
| date | May 22, 2007 |
- Devising a European model for the sharing of necessary and relevant information across the private and public sectors, one consideration being to cultivate an atmosphere of mutual confidence and take the interests of all parties into account
- Establishing a network of law enforcement contact points in both private and public sectors
3.3. Legislation
General harmonisation of crime definitions and national penal laws in the field of cyber crime, is not yet appropriate, due to the variety of the types of offences covered by this notion. Since effective cooperation between law enforcement authorities often depends on having at least partly harmonised crime definitions, it remains a long-term objective to continue harmonising Member States' legislation[20]. With regard to certain key crime definitions, an important step has already been taken with the Framework Decision on attacks against information systems. As described above, new threats have subsequently appeared and the Commission is closely following this evolution given the importance of continuously assessing the need for additional legislation. The monitoring of the evolving threats is closely coordinated with the European Programme for Critical Infrastructure Protection.
Targeted legislation against cyber crime should however also be considered now. A particular issue which may require legislation relates to a situation where cyber crime is committed in conjunction with identity theft . Generally, "identity theft" is understood as the use of personal identifying information, e.g. a credit card number, as an instrument to commit other crimes. In most Member States, a criminal would most likely be prosecuted for the fraud, or another potential crime, rather than for the identity theft; the former being considered a more serious crime. Identity theft as such is not criminalised across all Member States. It is often easier to prove the crime of identity theft than that of fraud, so that EU law enforcement cooperation would be better served were identity theft criminalised in all Member States. The Commission will in 2007 commence consultations to assess if legislation is appropriate.
3.4. Development of statistical data
It is generally agreed that the current state of information concerning the prevalence of crime is largely inadequate, and in particular that much improvement is needed to compare data between Member States. An ambitious five-year plan to tackle this problem was set out in the Communication from the Commission on Developing a comprehensive and coherent EU strategy to measure crime and criminal justice: An EU Action Plan 2006 – 2010 [21]. The Expert Group set up under this Action Plan would provide a suitable forum for developing relevant indicators for measuring the extent of cyber crime.
4. THE WAY FORWARD
The Commission will now take the general policy for the fight against cyber crime forward. Due to the limited powers of the Commission in the field of criminal law, this policy can only be a complement to the actions undertaken by Member States and other bodies. The most important actions – each of which will imply the use of one, several or all of the instruments presented in Chapter 3 – will also be supported through the Financial Programme "Prevention of and Fight against Crime":
4.1. The fight against cyber crime in general
- Establish a strengthened operational cooperation between Member States' law enforcement and judicial authorities, an action which will begin with the organisation of a dedicated expert meeting in 2007 and which may include the setting up of a central EU cyber crime contact point
- Increase financial support to initiatives for improved training of law enforcement and judicial authorities vis-à-vis the handling of cyber crime cases and take action to coordinate all multinational training efforts in this field by the setting up of an EU training platform
- Promote a stronger commitment from Member States and all public authorities to take effective measures against cyber crime and to allocate sufficient resources to combat such crimes
- Support research beneficial to the fight against cyber crime
- Organise at least one major conference (in 2007) with law enforcement authorities and private operators, especially to initiate cooperation in the fight against illegal Internet activities in and against electronic networks and to promote a more effective non-personal information exchange, and to follow-up on the conclusions from this 2007 conference with concrete public-private cooperation projects
- Take the initiative for and participate in public-private actions aimed at raising awareness, especially among consumers, of the cost of and dangers posed by cyber crime, while avoiding the undermining of the trust and confidence of consumers and users by focusing only on negative aspects of security
- Actively participate in and promote global international cooperation in the fight against cyber crime
- Initiate, contribute to and support international projects which are in line with the Commission policy in this field, e.g. projects run by the G 8 and consistent with the Country and Regional Strategy Papers (regarding cooperation with third countries)
- Take concrete action to encourage all Member States and relevant third countries to ratify the Council of Europe's Cyber Crime Convention and its additional protocol and consider the possibility for the Community to become a party to the Convention
- Examine, together with the Member States, the phenomenon of co-ordinated and large scale attacks against the information infrastructure of member states in view of preventing and combating these, including co-ordinating responses, and sharing information and best practices
4.2. Fight against traditional crime in electronic networks
- Initiate an in-depth analysis with a view to preparing a proposal for specific EU legislation against identity theft
- Promote the development of technical methods and procedures to fight fraud and illegal trade on the Internet, also through public-private cooperation projects
- Continue and develop work in specific targeted areas, such as in the Fraud Prevention Expert Group on the fight against fraud with non-cash means of payment in electronic networks
4.3. Illegal content
- Continue to develop actions against specific illegal content, especially regarding child sexual abuse material and incitement to terrorism and notably through the follow-up of the implementation of the Framework Decision on sexual exploitation of children
- Invite the Member States to allocate sufficient financial resources to strengthen the work of law enforcement agencies with special attention to identifying the victims of sexual abuse material which is distributed online
- Initiate and support actions against illegal content that may incite minors to violent and other serious illegal behaviour, i.a. certain types of extremely violent on-line video games
- Initiate and promote dialogue between Member States and with third countries on technical methods to fight illegal content as well as on procedures to shut down illegal websites, also with a view to the possible development of formal agreements with neighbouring and other countries on this issue
- Develop EU-level voluntary agreements and conventions between public authorities and private operators, especially Internet service providers, regarding procedures to block and close down illegal Internet sites
4.4. Follow-up
In this Communication, a number of actions aimed at improving cooperation structures in the EU have been outlined as next steps. The Commission will take these actions forward, assess progress on the implementation of the activities, and report to the Council and Parliament.
[1] The majority of this Communication's statements on current trends have been taken from the Study to assess the impact of a communication on cyber crime, ordered by the Commission in 2006 (Contract No JLS/2006/A1/003).
[2] Phishing describes attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person in an electronic communication.
[3] Botnet refers to a collection of compromised machines running programs under a common command.
[4] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ L 178, 17.7.2000, p. 1).
[5] COM(2000) 890, 26.1.2001.
[6] OJ L 69, 16.3.2005, p. 67.
[7] OJ L 149, 2.6.2001, p. 1.
[8] OJ L 13, 20.1.2004, p. 44.
[9] COM(2001) 298.
[10] COM(2006) 251.
[11] COM(2006) 688.
[12] Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency (OJ L 77, 13.3.2004, p. 1).
[13] The European Union has already under the 6th Framework Programme for Research and and Technological development supported a number of relevant, and successful, research projects.
[14] COM(2006) 334, SEC(2006)816, SEC(2006) 817.
[15] See Article 35 in the Council of Europe Convention on cyber crime.
[16] http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
[17] One recent example of cooperation in this field is the cooperation between law enforcement and credit-card companies, through which the latter have assisted the police in tracking down purchasers of online child pornography.
[18] See http://ec.europa.eu/internal_market/payments/fraud/index_en.htm
[19] The Conference could be regarded as the continuation of the EU Forum presented in Section 6.4 in the computer-crime communication.
[20] This longer-term objective has already been mentioned on page 3 of the 2001 Communication.
[21] COM(2006) 437, 7.8.2006.