Förderverein Informationstechnik und Gesellschaft

Computer Crime Commission planned communication

European Commission Legal Advisory Board

Minutes of the meeting of the Legal Advisory Board held in Brussels on 25 November 1998


9. Computer Crime - Commission planned communication and Council of Europe plans for draft convention

Mr Papapavlou highlighted the plans of the Commission to issue a communication on this matter (included in the Commission's work program early next year). This initiative follows the request of the Council interdisciplinary group that studied the report on computer crime, produced early 1998. He explained that the Commission is in the early stages of the drafting process.

Touching upon the content of the communication, he stated that it will contain the following structure: (1) description of the phenomena (2) state of the art in the world as regards initiatives to fight computer crime (3) options for action (both legislative and non-legislative, such as: awareness and education, improved security, and better communication with providers). Furthermore, Mr Papapavlou stressed that close contact is held with two other international fora dealing with this matter: (1) the G-8 hightech-crime subgroup, and (2) the Council of Europe, where work is being undertaken to establish an international convention.

Thanking Mr Papapavlou, the Chairman passed the floor to Mr Kaspersen,. who is a member of the committee, drafting the international convention referred to by Mr Papapavlou.

Mr Kaspersen gave a detailed presentation on the initiative undertaken within the Council of Europe to create a draft convention on this matter. The purpose of the convention is to further review and elaborate on the existing Council of Europe recommendations issued on this matter: on substantive law (1989) and on procedural law (1995). The draft is planned to be ready by the end of 1999. He underlined that the convention will be open for signature for non-Council of Europe countries as well.

Subsequently, Mr Kaspersen touched upon the content. As regards the substantive law part, the nucleus consists of so called C.I.A. offences (e.g. spamming, spoofing, unauthorised access, data manipulation etc.), followed by two other layers: (1) computer related offences (e.g. forgery and fraud) and content related offences (e.g. IPR offences, data protection offences and illegal content). Furthermore, it deals with positive and negative conflicts of jurisdiction and liability of intermediaries. In respect of the procedural part, the draft looks a number of critical areas: trans-border network searches, under cover operations, so -called `trap and trace' (instruments to trace sources of communication) and interception of communications. Additionally, the draft will hold proposals on 24-hours/7days a week contact points and procedures for gathering and preservation of evidence. Upon request of Mr Michael, Mr Kaspersen explained that it is unclear yet whether the convention will contain any provisions on escrow of encryption algorithms. He referred to the work currently undertaken in respect of amending of the Wassenaar Agreement.