By Kayleigh Lewis - 7th June 2013
The blunt new rules on criminalising cyber attacks endorsed today take a totally flawed approach to internet security
Jan Philipp Albrecht
Cyber crime has become a serious threat in the public and private sectors and requires a single framework for penalties and sentences
The Greens/EFA group has opposed the new cyber crime directive endorsed by parliament's civil liberties, justice and home affairs committee, calling the new rules "blunt".
Speaking after the vote, the group's justice spokesperson Jan Philipp Albrecht said, "The blunt new rules on criminalising cyber attacks endorsed today take a totally flawed approach to internet security.
Albrecht, a German MEP added, "The broad strokes approach to all information system breaches, which would apply criminal penalties for minor or non-malicious attacks, risks undermining internet security."
However, Monika Hohlmeier, parliament's rapporteur on the directive, said that the new directive will ensure "a common standard for sentences for broad attacks on IT systems".
The EPP member continued, "Cyber crime has become a serious threat in the public and private sectors and requires a single framework for penalties and sentences. Also, the collaboration of authorities on the ground is essential as is the prevention of attacks."
"We do not prosecute young hackers who do not cause any damage. People who commit large-scale cyber crime, however, must face a fully-fledged sentence.
"Attacks on critical infrastructure will be subject to at least a five-year sentence. Cross-border organised crime is a serious threat for which we lack the necessary cooperation in the EU", the deputy said.
The new rules requires member states to work with each other and Europol to enhance cross-border collaboration by creating contact points which are able to respond to requests within eight hours.
Although she conceded that, "Manpower is a weak point, however. The American FBI has a few hundred staff to fight cyber crime whereas the respective Europol unit only comprises a meagre 40 people."
But Albrecht attacked the directive, saying, "The legislation confirms the trend towards ever stronger criminal sanctions despite evidence, confirmed by Europol and IT security experts, that these sanctions have had no real effect in reducing malicious cyber attacks.
"Top cyber criminals will be able to hide their tracks, whilst criminal law and sanctions are a wholly ineffective way of dealing with cyber attacks from individuals in non-EU countries or with state-sponsored attacks.
"Significantly, the legislation fails to recognise the important role played by 'white hat hackers' in identifying weaknesses in the internet's immune system, with a view to strengthening security.
This will result in cases against these individuals, who pose no real security threat and play an important role in strengthening the internet, whilst failing to properly deal with real cyber criminals.
"The result will leave hardware and software manufacturers wholly responsible for product defects and security threats, with no incentive to invest in safer systems."
The deputy added, "MEPs had initially supported a number of Green proposals aimed at ensuring this legislation can contribute to internet security, and is not simply an ineffective law to punish unauthorised log-ons to open servers.
"However, most positive elements were frittered away in the legislative negotiations, due to the resistance of EU governments. The result is a heavy-handed and misdirected law that will do little to improve internet security," he concluded.