5 Attacks against Information Systems
(32004)
14436/10
COM(10) 517
+ ADDs 1-2
| Draft Directive on attacks against information systems, repealing Council Framework Decision 2005/222/JHA
Commission staff working documents: Impact assessment and summary of impact assessment
|
Legal base | Article 83(1) TFEU; co-decision; QMV
|
Document originated | 30 September 2010
|
Deposited in Parliament | 5 October 2010
|
Department | Home Office
|
Basis of consideration | Minister's letter of 1 April 2011
|
Previous Committee Report | HC 428-xvi (2010-11), chapter 3 (9 February 2011); HC 428-vi (2010-11), chapter 6 (3 November 2010)
|
To be discussed in Council | 11-12 April 2011
|
Committee's assessment | Legally and politically important
|
Committee's decision | Not cleared; further information requested
|
Background and previous scrutiny
5.1 The draft Directive would repeal a 2005 Framework Decision
which required Member States to criminalise unauthorised access
to, or interference with, information systems and computer data,
while retaining most of its core provisions and introducing some
new elements to strengthen Member States' capacity to prevent
and prosecute large-scale attacks against information systems.
The Commission believes that additional EU measures are needed
to take account of the emergence of new and more sophisticated
tools which have the potential to infect critical governmental
and private sector information infrastructure and cause significant
damage.
5.2 The UK is bound by the 2005 Framework Decision
and the offences and penalties it prescribes are reflected in
the Computer Misuse Act 1990. The draft Directive is subject to
the UK's opt-in. The purpose and content of the draft Directive,
and the Government's views on it, are set out in our Sixth Report
of 3 November 2010. The Parliamentary Under-Secretary of State
for Crime Prevention (James Brokenshire) told us in his Explanatory
Memorandum of 13 October 2010 that significant new legislation
would not be needed to implement the draft Directive in the UK.
However, some changes were likely to be required in the following
areas, although the need for and extent of any change would depend
on the outcome of negotiations:
- criminalising the creation,
possession and distribution of tools or devices for the purpose
of illegal interception of information systems;
- increasing the level of some criminal penalties;
and
- extending the basis for exercising criminal jurisdiction.
5.3 The Minister informed us by a letter dated
31 January 2011 that the Government had decided to opt into the
draft Directive but that he would ensure that concerns we had
raised in our Report of 3 November would be reflected in the UK's
negotiating mandate. Our principal concerns were that:
- the definition of criminal
offences lacked clarity and legal certainty; and
- the draft Directive would extend the basis for
exercising criminal jurisdiction in the UK.
5.4 We considered that the draft Directive, unless
amended in the course of negotiations, would require some change
to existing criminal law in the UK and therefore recommended that
the Government's decision to opt in should be debated in European
Committee B, while retaining the proposal under scrutiny. That
debate has not yet taken place.
The Minister's letter of 1 April 2011
5.5 The Minister informs us of the Presidency's
intention to seek "full agreement" of the draft Directive
at the Justice and Home Affairs Council on 11-12 April, and adds,
"We did not seek this approach, and do not support it."
He continues:
"We do not have the final text that will go
to the JHA Council, and indeed there will be meetings over the
course of the next week to resolve the outstanding issues on the
Articles, meaning we will see several versions before the final
package is known. However, on the basis of the initial text, your
Committee questioned whether the wording in Articles 3, 4 and
5 on 'cases which are not minor' was clear enough, especially
when the Directive is subject to the jurisdiction of the European
Court of Justice. We agree with the point made by your Committee,
and have raised this point during negotiations. While most Member
States do not wish to have the text removed, we now have a recital
which provides that Member States determine what constitutes a
minor case in accordance with national law and practice. We support
such an approach as the decision about whether to prosecute in
a particular case can then still be left to prosecutorial discretion."
5.6 The Minister says that the Presidency has
proposed leaving it to each Member State to determine whether
it wishes to exercise criminal jurisdiction on the basis of the
offender's habitual residence, but adds that the Government continues
to argue against the inclusion of nationality as a mandatory ground
for establishing jurisdiction.
5.7 The Minister also highlights the following
issues:
- a need for greater clarity
on the mens rea (guilty intent) required for the offences
contained in the draft Directive; and
- lack of agreement on the definition of "aggravating
circumstances" and, in particular, whether these should include
"the misuse of identity data" to commit an offence,
as well as the level of penalties that should apply in such circumstances.
5.8 The Minister says that the Presidency and
most Member States would like to amend the proposed definition
of the offence of illegal access to an information system by introducing
a new requirement that a security measure must also have been
breached. He adds:
"Whilst our preference was for the text to be
more ambitious in requiring Member States to have in their law
an offence for illegal access to a computer system without such
a condition, we propose to support this approach."
5.9 The Minister concludes:
"I recognise that the Directive as a whole remains
under scrutiny in your Committee, with a debate planned for May
in the European Standing Committee. However, if the Presidency
pushes for a deal which reflects the UK position as above I would
seek your clearance to participate in an agreement on the Presidency
package. In the meantime we have alerted the Presidency to the
ongoing scrutiny position and will keep you informed of developments."
Conclusion
5.10 We think that the haste with which the
Presidency is pressing for full agreement at the April Justice
and Home Affairs Council perfectly illustrates the dangers inherent
in a legislative procedure which lacks transparency and openness.
Although we are told that a political agreement on this important
proposal is imminent, the Government has yet to see the final
text that will provide the basis for that agreement. It is evident
that some fundamental issues, for example, the degree of criminal
intent required, the definition of aggravating circumstances,
the level of criminal penalties to be applied, and the basis for
exercising criminal jurisdiction, remain unresolved.
5.11 Whilst the Minister tells us that the
Government does not agree with, or support, the Presidency's approach,
he nevertheless asks us to waive the scrutiny reserve if the Government
considers the eventual deal put on the table by the Presidency
to be acceptable. We are not willing to endorse such an approach
and consider that it would be inconsistent with our mandate as
a scrutiny committee to do so. In light of the number of outstanding
issues, and the continuing uncertainty as to how these will be
dealt with by the Presidency, we have no hesitation in concluding
that an agreement at this stage would be premature and ill-considered.
The draft Directive therefore remains under scrutiny and we ask
that the Minister seek to delay political agreement to allow the
necessary time for Member States and national parliaments
to consider what is a significant legislative proposal. Moreover
if, despite the Government's best efforts, the Presidency is unwilling
to delay political agreement, we consider that the UK should be
prepared to pull the "emergency brake" provided for
in Article 85(3) TFEU in order to ensure that there is sufficient
time available to resolve the key outstanding issues.
5.12 We also draw the draft Directive to the
attention of the Public Administration Select Committee in light
of its inquiry into the Government's overall strategy for information
technology.
|