Cybercrime costs Europe €12 billion a year, while 42% of mailboxes that are targeted belong to high-level executives, senior managers and people working in research and development. The EP's civil liberties committee approved on Thursday 6 June a proposal to make penalties for cybercrimes such as identity theft or the illegal access and exploitation of a computer system much tougher. We spoke to Monika Hohlmeier, a German member of the EPP group who wrote the report, about the new directive.
How does your proposal define a cyber attack and why is current legislation not enough to protect Europe?
Today the EU relies to a considerable extent on information systems. These can be networks where public utilities like electricity or transport are managed but also private computers. If such a network is accessed or exploited illegally, we speak about a cyber attack. It is important for everyone to understand that committing large-scale or organised cybercrime are no petty crimes! On the contrary, we have no interest in criminalising unintentional access of information systems or minor attacks. The borderless character of cybercrime demands a European legislation.
Which criminal offences should be targeted by the measure and what are the penalties?
We propose that the access, interference and interception of systems as well as their data should be considered criminal offences when the person accessing has no right to do so and has a criminal intent.
For these offences, the maximum penalty will be at least two years. If the use of a so called botnet (a network of computers that have been infected by malicious software and may be activated to perform a large-scale cyber-attack) is involved, then the maximum penalty is at least three years and if the offence is committed by an organised crime group or directed against a critical infrastructure, at least five years.
The plenary vote is scheduled for July 2013.