1. Vulnerability of the Information Society
2. Present Legal Situation
3. Necessary Future Solutions
4. Specific Recommendations for the European Union
5. Corpus Iuris Database on Computer Crime Statutes
Disclaimer and Legal Notice
This study is based on a contract between the European Commission (DG XIII) and the University of Würzburg. Its aim is to provide the European Commission with up-to-date information on the legal issues of computer-related crime, especially with respect to substantive criminal law, procedural criminal law as well as the suggestion of alternative solutions. The contract also includes the establishment of a database with the relevant national computer crime statutes of substantive criminal law. The following executive summary focuses on some of the main findings of the study.
The vulnerability of today's information society in view of computer crime is still not sufficiently realised: Businesses, administrations and society depend to a high degree on the efficiency and security of modern information technology. In the business community, for example, most of the monetary transactions are administered by computers in form of deposit money. Electronic commerce depends on safe systems for money transactions in computer networks. A company's entire production frequently depends on the functioning of its data-processing system. Many businesses store their most valuable company secrets electronically. Marine, air, and space control systems, as well as medical supervision rely to a great extent on modern computer systems. Computers and the Internet also play an increasing role in the education and leisure of minors. International computer networks are the nerves of the economy, the public sector and society. The security of these computer and communication systems and their protection against computer crime is therefore of essential importance.
In the course of this development computer crime has developed into a major threat of today's information society. The spreading of computer technology into almost all areas of life as well as the interconnection of computers by international computer networks has made computer crime more diverse, more dangerous, and internationally present. An analysis of relevant "criminogenic" factors shows that modern computer and communication networks have specific characteristics which are highly useful for perpetrators but which imply difficulties for potential victims and for law enforcement (such as complex security questions, multiple hardware and software systems, inexperience of many users, anonymity, encryption and international mobility). Groups active in organised crime, professional business espionage and secret services around the world are already exploiting these new features of computer crime. However, many governments, businesses and private users are not aware of the attacks that happen or could happen to them in the DP-area. Thus, governmental agencies, the industry and private users should be made aware that protection against computer attacks is of great significance. They should be informed about the main threats of computer crime and the responses thereto.
The present study first systematises the necessary basic information on the vulnerability of the information society by computer crime. As a prerequisite for identifying the relevant problems and for finding solutions, the report gives an empirical analysis of the relevant problems. Using actual case-studies, it describes especially infringements of privacy, economic crimes, violations of intellectual property and dissemination of illegal contents. The analysis shows that at present, the focus of computer crime lies in the field of economic crimes, such as computer fraud, hacking, computer espionage and theft of intellectual property. However, the use of modern computer and communication technology in traditional fields of organised crime (such as drug and weapons dealing) is gaining importance. Illegal and harmful contents in computer networks are increasingly worrying the public, too, thus creating a serious threat for the acceptance of the new media.
According to the contract between the European Commission and the University of Würzburg, the main aim of the study is to analyse the legal issues of computer crime. This analysis shows:
On the national level, comprehensive and international answers to the new challenges of computer crime are still missing. In most countries, reactions to computer crime focus too much on national (especially criminal) law, neglecting alternative protective measures. However, even in the legal field, there are considerable deficits. Despite successful efforts of international and supranational organisations, the various national laws show remarkable differences, uncertainties or loopholes especially with respect to the criminal law provision on infringements of privacy, hacking, trade secret protection and illegal contents. Considerable differences and uncertainties also exist with respect to the responsibility of Internet providers, coercive powers of prosecuting agencies (especially with respect to encrypted data and investigations in international computer networks) as well as the range of jurisdiction in criminal matters.
On the international and supranational levels, various organisations have co-ordinated or harmonised activities against computer crime. Besides the European Union (with a number of activities both under the first and the third pillar), these are especially the Council of Europe, the P8, the OECD, Interpol and the United Nations. These international and supranational efforts have increased considerably in recent years: Whereas in the 1970s and 1980s, there was a lack of international activities, today there is a lack of co-ordination among the various organisations, which risk starting redundant programs. Moreover, many of the present international and supranational answers are too vague and concentrate too much on legal issues.
As a prerequisite for finding future strategies to fight computer crime, the report analyses the basic changes of the international risk and information society as the driving forces behind computer crime. Based on this analysis, the study stresses three main requirements for future strategies: Future solutions must be international, comprehensive and especially in the legal area devoted to the specifics of information:
Based on the changes of the international risk and information society and these three requirements, the report suggests a comprehensive set of measures to fight computer crime especially by four main remedies: technology, education, industry and the law. These four remedies are first illustrated in general. They are then specified with respect to concrete recommendations for the European Union.
The European Community has already enacted directives with precise requirements for the harmonisation of the (non-criminal) provisions of data protection law and intellectual property protection. Deficits of clearly defined European solutions exist especially with respect to non-legal measures as well as with respect to economic criminal law, illegal and harmful contents, criminal procedural law, security law as well as the sanctions in the field of data protection law. This could be changed by the following actions:
In the non-legal sector, priority actions of the European Union could especially support
Legal measures under the first pillar can be based on Article 100a of the Treaty on the European Union. They could primarily focus on
Legal measures under the third pillar could concentrate on joint actions (or, under the Amsterdam Treaty, framework decisions), in co-operation with the Council of Europe and the P8 group. However, the EU should constantly look for a closer co-operation within the European Union than is possible within the framework of the other international organisations. The joint actions or framework decisions could be adopted with respect to
In order to avoid redundant work by various international and supranational organisations, the European Commission could start its work by
In order to improve the information on the various national laws, the present study provides a legal database with national computer crime statutes which were collected for this study. The data base can be searched systematically or via full text retrieval. The report recommends extending and updating this database and making it available in the World Wide Web.
This could be the starting point for an initiative to provide more information on the legal answers to computer crime. Such an initiative should not be limited to industrialised nations, but should also include developing countries since computer crime havens in developing countries could be as detrimental as computer crime havens in the Member States of the European Union, the P8 or the OECD.
The views expressed in the present study are the authors and do not necessarily correspond to the views of the European Commission.
Neither the Commission of the European Community nor any person acting on its behalf is responsible for the use which might be made of the following information.
Legal Aspects of Computer-Related Crime in the Information Society
prepared for the European Commission by Prof. Dr. Ulrich Sieber, University of Würzburg
Version 1.0 of 1st January 1998
Download the complete COMCRIME-Study
|zipped WinWord 6.0||369 KByte||zipped RTF||422 KByte|
|zipped PDF||734 KByte||zipped PostScript||616 KByte|