Draft EU Law Proposes 2 Year Minimum Sentence for Hackers

vaso -
0 0 2 Comments

The changes could see tougher laws introduced in the UK and across the EU

A draft EU-wide law would see a minimum two-year jail sentence for those convicted of compromising IT systems.

The proposed directive, which was backed by 50 votes at the European Parliament’s Civil Liberties Committee compared to one against, would mean the UK would no longer rely on the Computer Misuse Act that currently has a maximum sentence of two years for a single breach of systems.

© Yuri Arcurs - Fotolia.comIt would also see the minimum sentence pushed up to five years where there are “aggravating circumstances” such as wide-scale attacks using botnets, or those that cause serious damage.

“We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations,” said European Parliament rapporteur Monika Hohlmeier.

“The financial damage caused for companies, private users and the public amounts to several billions each year. No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world.”

Hohlmeier wants the European Parliament and Council to reach an agreement on the proposals by the summer.

Cyber crime centre

Meanwhile, the European Comission is to propose establishing a cyber crime centre to inform EU-wide investigations and support the Europol police agency. It is expected the facility will open in 2013.

Arbor Networks said it was in support of the centre, but had concerns about industry collaboration.

“In Arbor’s Worldwide Infrastructure Report published last month, it was revealed that almost three quarters (74 percent) of respondents do not refer security incidents to law enforcement. This figure, which appears to be caused by factors such a low level of confidence that something will be done, lack of resource within companies and general company policy – is a concerning one,” said Jeremy Nicholls, Arbor’s European channel director for EMEA.

“We believe that the EU’s move towards creating this centre is a step in the right direction, but there needs to be a coordinated effort across the industry to really make this work.”

The UK itself set up three regional  cybercrime hubs last month, which will support the Metropolitan Police e-Crime Unit (PCeU) in tackling malicious hackers.

How much do you know about security? Test yourself with our quiz.

  1. Interesting comment emailed by Andrew Miller, Chief Operating Officer at Corero Network Security ( Could this law make life harder for security people?

    “The proposed legislation passed by the European Parliament is a positive step in the international effort to rein in cyber criminals. Standardising what constitutes a data breach or hack and harmonising the penalties puts cyber attackers on notice. Hackers no longer will be able to count on poor international cooperation to escape accountability.

    However, a point of concern is the provision against the creation and distribution of hacking tools. In an effort to combat cyber attacks, security researchers and ethical hackers are continuously seeking these tools to demonstrate weaknesses within an organisation’s network and as a way to reverse engineer solutions to combat hacks. The spotlight should be on the crimes committed with the hacking tools rather the tools themselves. “

  2. Today the situation is usually that they want to kill the messenger. So white hats are already in the shooting line. And don’t try to even talk about gray and black hats.

    We need a law which protects the security researchers and hobby hackers who don’t mean any harm.

    In the real world we have police (security researchers) and neighbor watch (hackers). So why not in the cyber world?