ENISA Workshop December 2005 Brussels. Dr Lorenzo Valeri & Neil Robinson, RAND Europe

Similar documents
2. The table in the Annex outlines the declarations received by the General Secretariat of the Council and their status to date.

European Union Passport

Identification of the respondent: Fields marked with * are mandatory.

Fertility rate and employment rate: how do they interact to each other?

European patent filings

INVESTING IN AN OPEN AND SECURE EUROPE Two Funds for the period

Reference Title Dates Organiser(s) 00/2007 Train the Trainers Learning Seminar Step February 2007 Portugal 01/2007 Crime, Police and Justice in

Europe divided? Attitudes to immigration ahead of the 2019 European elections. Dr. Lenka Dražanová

Extended Findings. Finland. ecfr.eu/eucoalitionexplorer. Question 1: Most Contacted

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

The Markets for Website Authentication Certificates & Qualified Certificates

8193/11 GL/mkl 1 DG C I

Q&A on the European Citizens' Initiative

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2013: A Further Decline

The evolution of turnout in European elections from 1979 to 2009

INFORMATION LEAFLET - Cross-border placement of children Placement of children abroad by German courts and authorities general advice

THE RECAST EWC DIRECTIVE

The Intrastat System

Proposal for a new repartition key

Factsheet on rights for nationals of European states and those with an enforceable Community right

TISPOL PERSPECTIVES TO THE EUROPEAN ROAD SAFETY HOW TO SAVE LIVES AND REDUCE INJURIES ON EUROPEAN ROADS?

CLASSIFICATION/CATEGORISATION SYSTEMS IN AGENCY MEMBER COUNTRIES

Asylum Trends. Appendix: Eurostat data

EU Main economic achievements. Franco Praussello University of Genoa

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

IPEX STATISTICAL REPORT 2014

3.1. Importance of rural areas

Postings under Statutory Instrument and Bilateral Agreements

Timeline of changes to EEA rights

Consultation on Remedies in Public Procurement

WALTHAMSTOW SCHOOL FOR GIRLS APPLICANTS GUIDE TO THE PREVENTION OF ILLEGAL WORKING

Romania's position in the online database of the European Commission on gender balance in decision-making positions in public administration

Equality between women and men in the EU

Territorial indicators for policy purposes: NUTS regions and beyond

Limited THE EUROPEAN UNION, hereinafter referred to as the "Union" THE KINGDOM OF BELGIUM, THE REPUBLIC OF BULGARIA, THE CZECH REPUBLIC,

Factual summary Online public consultation on "Modernising and Simplifying the Common Agricultural Policy (CAP)"

Migration, Mobility and Integration in the European Labour Market. Lorenzo Corsini

Data Protection in the European Union: the role of National Data Protection Authorities Strengthening the fundamental rights architecture in the EU II

112, the single European emergency number: Frequently Asked Questions

GALLERY 5: TURNING TABLES INTO GRAPHS

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

Supplementary Rules 1

UNDER EMBARGO UNTIL 9 APRIL 2018, 15:00 HOURS PARIS TIME

Brexit. Alan V. Deardorff University of Michigan. For presentation at Adult Learning Institute April 11,

The Belgian industrial relations system in a comparative context. David Foden Brussels, October 25th 2018

EMA Residency 2006/07 Supporting Information

Europe in Figures - Eurostat Yearbook 2008 The diversity of the EU through statistics

Introduction to the European Agency. Cor J.W. Meijer, Director. European Agency for Development in Special Needs Education

Key facts and figures about the AR Community and its members

Prevention of Illegal Working Guidance on the Immigration, Asylum and Nationality Act 2006

EU Settlement Scheme Briefing information. Autumn 2018

COMMISSION OF THE EUROPEAN COMMUNITIES REPORT FROM THE COMMISSION

Asylum Trends. Appendix: Eurostat data

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING DOCUMENT. Annex to the

Conducting a Compliant Right to Work Check Contents

EU Breakdown of number of cases registered and number of articles seized by product type Number of cases registered by Customs %

Asylum Trends. Appendix: Eurostat data

The diversity of Agricultural Advisory Services in Europe

Asylum Trends. Appendix: Eurostat data

I m in the Dublin procedure what does this mean?

SSSC Policy. The Immigration Asylum and Nationality Act Guidelines for Schools

The EU Visa Code will apply from 5 April 2010

Delegations will find attached Commission document C(2008) 2976 final.

EUROPEAN UNION CURRENCY/MONEY

National Human Rights Institutions in the EU Member States Strengthening the fundamental rights architecture in the EU I

Eurostat Yearbook 2006/07 A goldmine of statistical information

For example, some EU countries would cooperate in the areas of:

Intellectual Property Rights Intensive Industries and Economic Performance in the European Union

SUPPLEMENTARY EVIDENCE BAR COUNCIL HOUSE OF LORDS EU INTERNAL MARKET SUB-COMMITTEE INQUIRY BREXIT: FUTURE TRADE BETWEEN THE UK AND EU IN SERVICES

European SWIFT Alliance Membership Benefits. Finn Otto Hansen, ESA Chair and SWIFT board member Søren Haugaard, ESA member

The regional and urban dimension of Europe 2020

CONSUMER PROTECTION IN EU ONLINE GAMBLING REGULATION

Visas and volunteering

Addressing Emerging Terrorist Threats and the Role of UNODC

CHILDREN AND THEIR RIGHTS TO BRITISH CITIZENSHIP

IMO COMPREHENSIVE REVIEW OF THE STCW CONVENTION AND THE STCW CODE. Chapter VIII of the STCW Code. Fitness for duty

EU-CHINA INTERNATIONAL SEMINAR ON TRADEMARK LAW. João Miranda de Sousa Head of IP

COMMISSION OF THE EUROPEAN COMMUNITIES REPORT FROM THE COMMISSION TO THE COUNCIL AND THE EUROPEAN PARLIAMENT

9 th International Workshop Budapest

The role of Brussels in waste legislation throughout the EU

EMPLOYMENT OF PERSONS WHO DO NOT MEET CIVIL SERVICE NATIONALITY REQUIREMENTS

Immigration, Asylum and Nationality Act 2006

Special Eurobarometer 464b. Report

THE FIFTH AMENDMENT OF THE CONSTITUTION LAW OF (English translation) ΓΕΝ (Α) L.94 ISBN NICOSIA

Fee Status Assessment Questionnaire

September 2012 Euro area unemployment rate at 11.6% EU27 at 10.6%

EU, December Without Prejudice

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

The benefits of a pan-european approach: the EU and foreign perspective from the Netherlands point of view

Supporting families with no recourse to public funds

ASYLUM IN THE EU Source: Eurostat 4/6/2013, unless otherwise indicated ASYLUM APPLICATIONS IN THE EU27

Organisation of Provision. Cor J.W. Meijer, Director. European Agency for Development in Special Needs Education

Euro area unemployment rate at 9.9% EU27 at 9.4%

Briefing Note on Foreign Nationals

The EU Adaptation Strategy: The role of EEA as knowledge provider

What does the Tourism Demand Surveys tell about long distance travel? Linda Christensen Otto Anker Nielsen

14328/16 MP/SC/mvk 1 DG D 2B

The impact of international patent systems: Evidence from accession to the European Patent Convention

Transcription:

Update to the Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries for assisting Computer Security Incident Response Teams (CSIRTs) ENISA Workshop December 2005 Brussels Dr Lorenzo Valeri & Neil Robinson, RAND Europe

Outline of presentation The challenges of cyber-crime in Europe The need for the CSIRT Legal Handbook Aims The evolution of the project Findings Part 1: Breadth & depth of law Part 2: Sanctions Conclusions Demo of the CD-ROM & website 2 Nov-05

Why a Legal Handbook for CSIRTs? In the eeurope Action Plan 2005 the enhancement of Europe s CSIRT s is a pivotal step in fostering the development of European secure information infrastructures. Trust is key for progressing the information society A key is to bridge the gap between the technical people at the operational level and the lawyers who must deal with the after-effects The Handbook helps understand these legal issues 3 Nov-05

The challenge of cyber-crime in Europe Incidents are cross border Legal frameworks differ What may be illegal and highly punishable in one country is legal in another Better co-operation is needed Operationally, between the technical experts and the lawyers For policy makers: to design appropriate & relevant policy 4 Nov-05

The need for the Legal Handbook Can a prosecution be launched? E.g. Account Compromise is not illegal in Spain What can we expect to get? Type of sanction administrative or penal? Length of sentence? Who do we talk to? What Law Enforcement agencies exist? What are they responsible for? Are there other reporting mechanisms? Is it worth the effort? Have we already destroyed the evidence? Are there any special considerations we need to be aware of? For example: in regard to forensics? 5 Nov-05

Aim of the project Produce an update of the 2003 Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries Take into account recent developments in legal framework of EU Extend its scope to ten new Member States The Handbook will be available in print and on line. 6 Nov-05

What we found national law + sanctions Varying degrees of response amongst the MS Some misuses are not illegal (especially Target Fingerprinting) Some are punishable by many different pieces of law Universal presence of anti-spam legislation Punishments vary Fines are commonplace Prison sentences vary from 1-15 years for serious offences (e.g. Unauthorised Modification of Information) 7 Nov-05

What we found - 2 Rapidly evolving environment: Council of Europe Convention on Cyber-Crime EU Framework Decision on Attacks against Information Systems More administrative provisions were present than in the previous Handbook Many countries still rely exclusively upon penal sanctions 8 Nov-05

What we found - 3 Reporting capabilities vary across the MS E.g. in BE, NL and UK there are good models Many, however, only have set-ups for reporting illegal content CSIRTs & CERTs CSIRTs / CERTs are understandably quite inward looking & difficult to reach Most CSIRTs / CERTs are still public sector (either university or govt based) Constituencies are small & v. focused 9 Nov-05

What we found - 4 Most Law Enforcement reporting goes via Europol / Interpol contact points Need to keep up to date contact points and effective communication CSIRTs refer to their own Law Enforcement first in cross border incidents Is this effective? Can this be sped up? 10 Nov-05

Detailed legislative analysis The following charts reflect The options available to lawyers for a particular incident (i.e. the breadth of law available for them to use) in each Member State Consistency of the breadth (how much law) and gaps (legality and illegality) in the law across the Member States The maximum penal sanctions available for each incident, in each Member State Care! This does not reflect the decisions of judges (e.g. case law in the UK or Ireland), or different legal systems This does not cover state law in federated Member States (e.g. Germany) 11 Nov-05

Part 1: Comparison of the breadth of cybercrime law 12 Nov-05

Law - overview Many countries have passed legislation which can be applied to a number of incidents (e.g. The Netherlands, Spain, Estonia) In the UK, legal precedent plays a very important role, as does use of other legislation (e.g. fraud) hence there is a smaller legal footprint There is comparatively little law covering Account Compromise (possibly because this is thought to be dealt with internally to an organisation) & Target Fingerprinting Lawyers have the option of many different laws when it comes to Unauthorised Access to Communications Systems Incidents relating to Unauthorised Modification of Information are narrowly defined in law (there are generally only one or two laws) available per Member State 13 Nov-05

Some highlights of the analysis: 14 Nov-05

5 4 3 2 1 0 Number of laws in each Member State applicable to the incident of 'Denial of Service' 15 Nov-05 Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Belgium Austria

Sweden United Kingdom 2 1 0 Number of laws in each Member State applicable to the incident of 'Intrusion Attempt' 16 Nov-05 Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Cyprus Austria Belgium

Sweden United Kingdom 8 7 6 5 4 3 2 1 0 Number of laws in each Member State applicable to the incident of 'Unauthorised Access to Information' 17 Nov-05 Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Belgium Austria

Sweden United Kingdom 8 7 6 5 4 3 2 1 0 Number of laws in each Member State applicable to the incident of 'Unauthorised Modification of Information' 18 Nov-05 Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Belgium Austria

3 2 1 0 Number of laws in each Member State applicable to the incident of 'Spam' 19 Nov-05 Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Belgium Austria

Part 2: Comparison of penal sanctions 20 Nov-05

Penal sanctions - overview The penalties can range from 30 days to 15 years Stiffer penalties are generally reserved for Incidents conducted as part of a conspiracy (2 or more individuals) Repeat offences (where someone has been successfully convicted of the same offence previously) Incidents involving state secrets or sensitive computer systems or networks part of national security infrastructure Incidents that may endanger life or serious damage to property Penal sanctions are combined with administrative sanctions (fines) 21 Nov-05

Penal sanctions - overview Malicious Code, Denial of Service and Unauthorised Modification of Information are generally penalised with a prison term of at least a year Spam & target fingerprinting are not generally highly penalised (usually with administrative or financial sanctions) Some nations have recognised the effects that DoS have on the critical infrastructure by setting a large maximum prison sentence (e.g. NL) 22 Nov-05

Some highlights of the analysis: 23 Nov-05

14.0 12.0 10.0 8.0 6.0 4.0 2.0 0.0 Maximum available penal sanction (yrs) in each Member State for the incident of 'Denial of Service' 24 Nov-05 Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Austria

10.0 9.0 8.0 7.0 6.0 5.0 4.0 3.0 2.0 1.0 0.0 Maximum available penal sanction (yrs) in each Member State for the incident of 'Intrusion Attempt' 25 Nov-05 Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Austria

10.0 9.0 8.0 7.0 6.0 5.0 4.0 3.0 2.0 1.0 0.0 Maximum available penal sanction (yrs) in each Member State for the incident of 'Unauthorised Modification of Information' 26 Nov-05 Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Austria

5.0 4.0 3.0 2.0 1.0 0.0 Maximum available penal sanction (yrs) in each Member State for the incident of 'Spam' 27 Nov-05 Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden United Kingdom Austria

Conclusions The cyber-crime environment in Europe is rapidly evolving Some countries are ahead in passing catch all laws (e.g. Malta, Denmark, Slovakia) which have a consistent level of sanction for many forms of incident Some are still behind (e.g. UK) in providing a appropriate level of penal sanction to act as a deterrent 28 Nov-05

For more information contact Neil Robinson neilr@rand.org or Lorenzo Valeri lvaleri@rand.org 29 Nov-05

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback