Fight against cyber crime

The European society is increasingly dependent on electronic networks and information systems. This implies very considerable risks, financial and others, for citizens, businesses and public administrations. Both criminal attacks against the availability, authenticity, integrity and confidentiality of networks and information systems and more traditional crime (inter alia fraud and dissemination of illegal material such as child sexual abuse material), committed with information systems used as criminal tools, are a growing problem in Europe. These types of criminal activities are commonly known as ‘cyber crime’.

“This introductory page of the Section ‘cybercrime’ gives a general presentation in two parts: Part I covers the latest developments which occurred within the recent years. Part II gives a general view of the accomplishments and the acquis at European level of the matter concerned.”

I) Latest developments

The Commission has for a number of years, in close cooperation with Member States and other EU institutions, developed a policy on the fight against cyber crime. The policy complements other Commission activities aiming at the enhancing of network and information security (and thereby contributing to the prevention of cyber crime), and also takes account of the existing substantial legislative framework on electronic communications and data protection in place. The anti-cyber crime policy was recently comprehensively presented in the Commission Communication "Towards a general strategy on the fight against cyber crime", which was adopted on 22 May 2007. Specific operational priorities of the Commission include the fight against child sexual abuse material on the Internet, actions to counter massive attacks against information systems and the actions against identity fraud.

II) General context

The anti-cyber crime activities of the Commission fall into four broad categories:

Firstly, the Commission participates in the legislative process. It follows national legislation in the area closely, with the long-term objective of achieving a certain degree of harmonization of relevant criminal law. When there is a concrete need at EU-level, the Commission will also propose adequate legislation. The arguably most important example of such legislation is the Council Framework Decision 2005/222/JHA on attacks against information systems, which was adopted by the Council of the European Union on 17 January 2005. The Framework Decision will ensure a common minimum level of approximation of criminal law for the most significant forms of criminal activity against information systems, such as illegal access, illegal system and data interference. This includes the so-called “hacking” and “denial-of-service attacks” as well as the spreading of malicious code, spyware and malware and viruses. This approximation is desirable in order to avoid any gaps in Member States’ laws that could hamper the response of law enforcement and judicial authorities at national level to these growing threats.

Secondly, the Commission is actively encouraging the development of cross-border law enforcement cooperation within the EU. Cyber crime is very often international to its character, and so must be the answer. It is also often very important to take rapid action over the borders, as the cyber criminals are moving quickly and internationally. The Commission is therefore actively promoting closer contacts between Member States cyber crime experts through the organisation of conferences and through support to dedicated instruments, such as the putting in place of 24/7 contact points in the Member States. The development of an EU Platform for training of anti-cyber crime experts, which is financially and politically supported by the Commission, can also be referred to the actions to reinforce law enforcement cooperation.

Thirdly, the Commission is actively promoting public-private cooperation to fight cyber crime, in particular cooperation between law enforcement authorities and private companies. In order to formulate an effective anti-cyber crime policy, it is of particular importance that updated information on cyber criminal activities is exchanged between law enforcement and private operators. Often, cyber crime incidents are not reported for different reasons, and better communication is absolutely necessary to make it possible for all parties to work together against serious cases of cyber crime. In 2007, the Commission organised a public-private expert meeting to discuss such how such cooperation can best be promoted in the EU, and in 2008 an ad-hoc group will be formed to assist the Commission in formulating concrete proposals in this sense.

Fourthly, the Commission is playing a coordinating role at international level. It is important to remember that electronic communication channels do not stop, nor at national neither at European borders. Enhanced international co-operation to fight cyber crime is thus necessary. Most of the issues related to cybercrime have been incorporated in the Council of Europe Convention on Cybercrime, the implementation of which by Member States and third countries is supported actively by the Commission. The Convention entered into force on 18 March 2004 and will substantially contribute to the fight against cybercrime at International level. The Commission is also taking part in international working groups such as the G 8 Roma-Lyon High Tech Crime subgroup.