Home Office Adopts ‘Flawed’ EU Cyber-Crime Directive

A new European Commision directive on cyber-security is to be adopted by the British government despite being described by Home Office minister James Brokenshire as “not perfect”.

The directive softens the borders between European Union member countries’ law enforcement domains by requiring each of them to establish a central cyber-security operation which can be contacted by other states. Such contacts will have to be responded to within eight hours under the ruling.

Hackers And Toolmakers Criminalised

Within each country, the development and sale of applications designed to aid cyber-crime will be a criminal offence. There will also be a minimum sentence of five years in prison for individuals found to be members of a criminal gang.

The new laws would also guard against a European WikiLeaks scandal by making it an offence to intercept confidential data. How this will be interpreted is not yet clear because it does not explain if the initial hacker would be solely responsible or whether anyone receiving the information would also be liable to prosecution – in the way that receiving stolen goods is considered a crime.

The use of botnets would also cause a few legal headaches. Deliberately joining a DDoS offensive, such as the Anonymous Operation’s army of volunteers, would be illegal but the thousands who are unwittingly part of a botnet could also be considered guilty.

“Online attacks can have a significant real world impact,” Brokenshire said, “so great that the national security strategy placed the threat as one of the top tier of threats to our national security.”

In response to the announcement, shadow Home Office minister Diana Johnson said that while she welcomed the government’s decision to opt in, she felt that the timing was wrong. She explained that she felt that earlier involvement in the draft directive would have enhanced Britain’s interests.

Johnson went on to question whether the current spending cuts would impact on the Home Office’s ability to comply with the directive.

Despite describing the directive as not being perfect, Brokenhurst replied that the opt-in was made on time and that there was no case to claim that the UK’s position had been compromised.