COUNCIL OF THE EUROPEAN UNION COUNCIL OF THE EUROPEAN UNION
Brussels, 12 October 2000 (30.10)
from : Presidency
to : Article 36 Committee
Subject : Proposal for the extension of Europol’s mandate to the fight against cybercrime
The European Union needs to encourage the flowering of new information and communication technologies, but without thereby creating a security deficit, in order to develop its relations with the world and reinforce the advantages of free movement.
Concerning national rights, the Tampere European Council recommended directing our efforts towards crime which makes use of advanced technologies. More recently, at the informal JHA Council in Marseille on 28 and 29 July 2000, Ministers for the Interior and for Justice reaffirmed the importance of a European Union initiative in this matter.
The initiative needs to move in several directions, as the Ministers stressed. In particular, there should be support for rapid adoption of the Council of Europe Convention on cybercrime currently under negotiation and Europol should be entrusted with new responsibilities. The latter would be exercised in an area in which the transnational aspect of organised crime is especially marked and at a time when, at national level, a number of Member States have set up bodies specialising in the fight against cybercrime.
In this context, the proposal by the French Presidency contained in this note is intended first and foremost to be pragmatic and to provide a basis for an operational response to the problems involved in combating cybercrime. It does not claim to cover the whole subject, which will need to be further discussed in the future.
The proposal is therefore centred on an extension of Europol’s mandate to computer crime, a field which is in fact referred to in Annex 2 to the Europol Convention. It is necessary however to state exactly what this concept covers.
Offences relating to new technology are usually divided into three categories:
attacks on automated data-processing systems (e.g. creating and spreading viruses, breaking in, altering or interfering with the operation of a system, altering or modifying data);
traditional offences committed by means of new technology which carry the same penalties as if they had been committed by more traditional means (e.g. money-laundering, drug trafficking). In such cases, it is not the content carried which is in itself illegal, but the
offence to which it relates;
offences inherent in the content carried by new technology (e.g. child pornography, racism, infringements of intellectual property). In these cases, the illegality lies in the content carried itself.
At present a number of the types of crime in the latter two categories are already within Europol’s mandate (drug and arms trafficking, counterfeiting of the euro, trafficking in human beings, child pornography, illegal immigration networks, etc.), regardless of the medium used by the criminal groups. It is thus unnecessary to extend Europol’s mandate to cover them.
However, the first category of offences connected with new technology attacks on automated data-processing systems is not covered by Europol’s present mandate and requires the mandate’s extension.
The extension of Europol’s mandate as proposed also has the advantages of:
being limited to a type of offence to which no ambiguity is attached regarding its definition or what is actually covered by it;
allowing Europol, as a result of a clearly identified objective, to optimise its efforts and rationalise the use of its resources.
With this in view, and in accordance with the third subparagraph of Article 2(2) of the Europol Convention, the French Presidency proposes to raise the matter with the Europol Management Board when it meets in The Hague on 25 and 26 October 2000 so that it can prepare the Council Decision extending Europol’s mandate to attacks on automated data-processing systems. The Management Board will also need to indicate the implications of the extension for Europols budget and staff.
extending the mandate of Europol to the fight against computer crime and
introducing a definition of computer crime
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Convention based on Article K.3 of the Treaty on European Union, establishing a European Police Office (Europol Convention) 1 , and in particular Article 2(2) thereof and the Annex to the Convention mentioned in the said Article,
Having regard to the Convention based on Article K.3 of the Treaty on European Union establishing a European Police Office (Europol Convention), and in particular Article 43(3) thereof,
At the initiative of the French Republic,
Having regard to the Opinion of the European Parliament,
(1)it is necessary to require Europol to deal with computer crime,
(2) a definition of the category of computer crime needs to be introduced into the Annex to the Europol Convention,
(3) the preparatory work has been performed by the Europol Management Board, in particular regarding the functional, budgetary and staff implications for Europol,
HAS DECIDED AS FOLLOWS:
With effect from the date of entry into force of this decision, Europol’s mandate shall be extended to include the fight against computer crime.
The following definition of computer crime shall be introduced into the Annex to the Europol
Within the meaning of this Convention, “computer crime” shall be taken to mean all forms of attack on automated data-processing systems.
This Decision shall enter into force on the day following that of its adoption.
The Decision shall be published in the Official Journal.
Done at xxxxxxx, xx.xx.2001
For the Council