Tougher penalties mooted for cybercrime

Cyber criminals could soon face tougher EU-wide penalties under a draft directive agreed by MEPs, Council and Commission negotiators last year and endorsed by the EU Parliament Civil Liberties Committee this week.

The new rules also aim to facilitate prevention and to boost police and judicial cooperation in this field. The deadline for replies to urgent requests for help will be eight hours.

Cyber attacks can strike anywhere. A cyber criminal may be in the Netherlands, his command-and-control centre in Germany, the compromised computers in Ukraine, and the attack directed at a bank in the UK.

The directive would:

• require member states to set their maximum terms of imprisonment at not less than two years for the crimes of: illegally accessing or interfering with information systems, illegally interfering with data, illegally intercepting communications or intentionally producing and selling tools used to commit these offences.
• introduce new "aggravating circumstances" in order to counter the growing threat and occurrence of large-scale attacks against information systems more effectively. "Minor" cases are excluded, and it is up to each member state to determine what constitutes a "minor" case.
• require member states to set the maximum term of imprisonment for attacks against "critical infrastructure", such as power plants, transport networks and government networks, at at least five years. The same applies if an attack is committed by a criminal organisation or if it causes serious damage.
• introduce a penalty of at least three years' imprisonment for creating "botnets", i.e. establishing remote control over a significant number of computers by infecting them with malicious software through targeted cyber attacks.
• require member states to respond quickly to urgent requests for help in the event of cyber attacks, so as to render police cooperation more effective.
• make legal persons, such as firms, liable for offences committed for their benefit (e.g. for hiring a hacker to get access to a competitor's database).

The directive is to be voted by the full House in July and formally adopted by the Council shortly thereafter. The new directive on cybercrime builds on rules that have been in force since 2005.

Criminal defence and legal advice in Scotland
For specialist legal advice from our criminal defence solicitors based in Glasgow contact us today.