The European Parliament's home affairs committee today voted to endorse a legislative agreement reached with Council on EU rules governing cyber attacks (criminal attacks against information systems). The Greens opposed the agreement due to the failure to properly deal with security concerns or to differentiate between different types of system breaches and hackers. After the vote, Green justice spokesperson Jan Philipp Albrecht stated:
"The blunt new rules on criminalising cyber attacks endorsed today take a totally flawed approach to internet security. The broad strokes approach to all information system breaches, which would apply criminal penalties for minor or non-malicious attacks, risks undermining internet security. The legislation confirms the trend towards ever stronger criminal sanctions despite evidence, confirmed by Europol and IT security experts, that these sanctions have had no real effect in reducing malicious cyber attacks. Top cyber criminals will be able to hide their tracks, whilst criminal law and sanctions are a wholly ineffective way of dealing with cyber attacks from individuals in non-EU countries or with state-sponsored attacks.
"Significantly, the legislation fails to recognise the important role played by 'white hat hackers' in identifying weaknesses in the internet's immune system, with a view to strengthening security. This will result in cases against these individuals, who pose no real security threat and play an important role in strengthening the internet, whilst failing to properly deal with real cyber criminals. The result will leave hardware and software manufacturers wholly responsible for product defects and security threats, with no incentive to invest in safer systems.
"MEPs had initially supported a number of Green proposals aimed at ensuring this legislation can contribute to internet security, and is not simply an ineffective law to punish unauthorised log-ons to open servers. However, most positive elements were frittered away in the legislative negotiations, due to the resistance of EU governments. The result is a heavy-handed and misdirected law that will do little to improve internet security."