EU’s new BotNet directive

The European Union Council has recommended the draft for an EU directive regarding attacks on information systems, to be implemented.

According to the Council the basis for the directive is that the current legal framework (2005/222/JHA) from 2005 is not sufficient to deal with the increase in cyber threats, in particular botnets.

The new directive instructs EU member nations to introduce legislation that illegalize the interference or monitoring of networks or data systems, and the creation or possessing tool that by them self is not illegal but can b used for illegal activities. The directive also introduces mandatory minimum punishments,like 2 year jail time for involvement in a Botnet.

The articles in the directives instructs member nations to criminalize and mandate imprisonment for :

  • Illegal access to information system.
  • Illegal interference with information systems.
  • Illegal interference with data.
  • Illegal interception of data traffic.
  • Tools for committing the above actions
  • To instigate, aid, abet or attempt the above.

Below is the quote from Article  7 of the directive

Article 7

Tools used for committing offences

Member States shall take the necessary measure to ensure that the production, sale, procurement for use, import, possession, distribution or otherwise making available of the following is punishable as a criminal offence when committed intentionally and without right for the purpose of committing any of the offences referred to in Articles 3 to 6:

(a) device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences referred to in Articles 3 to 6;

(b) a computer password, access code, or similar data by which the whole or any part of an information system is capable of being accessed.

The news site Computerworld (Danish) claims that it does not have any effect in Denmark due to the caveat mention as bullit item 18 qouted below.

In accordance with Articles 1 and 2 of Protocol on the position of Denmark annexed to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Directive and is therefore not bound by it or subject to its application.

It is my onion that the caveat is a standard in EU documents relating to the judicial matters because of one of four Danish exemptions.  It is also my belief that whoever may holding the majority in the Danish parliament introduces EU directives in the legislation.

Link to the directive (PDF)

This entry was posted in IT Security, Week 22. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s