Activities of Jan Philipp ALBRECHT related to 2010/0273(COD)
Plenary speeches (1)
Attacks against information systems (debate)
Shadow reports (1)
REPORT on the proposal for a directive of the European Parliament and of the Council on attacks against information systems and repealing Council Framework Decision 2005/222/JHA PDF (387 KB) DOC (447 KB)
Amendments (21)
Amendment 45 #
Proposal for a directive
Recital 10
Recital 10
(10) This Directive does not intend to impose criminal liability where the offences are committed without criminal intent, such as for authorised testing or protection of information systems, provided that the operator or vendor of the system is fully informed of the vulnerability in a timely manner, or where the withholding of an authorisation for access to a system constitutes an abuse of rights by itself.
Amendment 51 #
Proposal for a directive
Recital 12 a (new)
Recital 12 a (new)
(12a) In order to fight cybercrime effectively, it is also necessary to increase the resilience of information systems by protecting them more effectively against attacks and setting the right incentives for this. In this respect, the establishment of minimum standards and of liability for vendors and operators for the adequate protection of information systems should play a central role. Therefore, the Union and the Member States' fight against cybercrime will have an impact, only if this Directive is accompanied by preventive measures against such offences adopted in accordance with Article 67(3) and Article 84 of the Treaty of the Functioning of the European Union.
Amendment 55 #
Proposal for a directive
Recital 12 b (new)
Recital 12 b (new)
(12b) Member States should consider the protection of their information systems and associated data. Reasonable levels of protection should be provided against reasonably identifiable threats and vulnerabilities. The cost and burden of such protection should be proportionate to the likely damage to those affected.
Amendment 60 #
Proposal for a directive
Recital 12 c (new)
Recital 12 c (new)
(12c) Member States should also take appropriate steps to oblige legal persons within their jurisdictions who operate or provide IT systems to protect from offences referred to in this Directive. Reasonable levels of protection should be provided by legal persons against reasonably identifiable threats and vulnerabilities. Such protection should be proportionate to the likely damage to those affected. Where a legal person has clearly failed to provide a reasonable level of protection, and where the damage caused as a result of such failure is considerable, Member States should ensure that it is possible to impose deterrent sanctions and to prosecute this legal person for negligence.
Amendment 63 #
Proposal for a directive
Recital 12 d (new)
Recital 12 d (new)
(12d) It is also necessary to foster and improve cooperation between service providers, producers, law enforcement bodies and judicial authorities, while fully respecting the rule of law, especially as regards legal certainty and foreseeability, as well as the rights of suspected and accused persons such as the presumption of innocence and judicial redress.
Amendment 76 #
Proposal for a directive
Article 2 – point c
Article 2 – point c
(c) ‘legal person’ means any entity having such status under the applicable law, except for States or other public bodies in the exercise of State authority and for public international organisations;, which does not imply that States or other public bodies should be able to attack information systems without a legal basis and full respect for fundamental rights.
Amendment 78 #
Proposal for a directive
Article 2 – point d
Article 2 – point d
(d) ‘"without right’" means access, or interference not authorised by the owner, other right holder of the system or of part of it, or not unless the withholding of such authorisation constitutes an abuse of rights by itself, or unless such access or interference is permitted under national legislation.;
Amendment 86 #
Proposal for a directive
Article 3
Article 3
Member States shall take the necessary measures to ensure that the intentional access without right -meaning entering to the whole or any part of an information system- is punishable as a criminal offence, at least for cases which are not minor. The conduct referred to in paragraph 1 shall be incriminated only where the offence is committed by infringing a security measure and provided that the operator or vendor of the system is not fully informed of the vulnerability in a timely manner.
Amendment 92 #
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
Member States shall take the necessary measures to ensure that the intentional interception by technical means, of non- public transmissions of computer data to, from or within a information system, including electromagnetic emissions from an information system carrying such computer data, is punishable as a criminal offence when committed without right, at least for cases which are not minor.
Amendment 93 #
Proposal for a directive
Article 7 – introductory part
Article 7 – introductory part
Amendment 96 #
Proposal for a directive
Article 8
Article 8
Amendment 101 #
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 86 are punishable by effective, proportional and dissuasive criminal penalties.
Amendment 104 #
Proposal for a directive
Article 9 – paragraph 2
Article 9 – paragraph 2
2. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 7 are punishable by criminal penalties of a maximum term of imprisonment of at least two yearsbetween one and three years of imprisonment.
Amendment 107 #
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 7 are punishable by criminal penalties of a maximum term of imprisonment of at least between two and five years when committed within the framework of a criminal organization as defined in Framework Decision 2008/841/JHA.
Amendment 110 #
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States shall take the necessary measures to ensure that the offences referred to in Articles 3 to 6 are punishable by criminal penalties of a maximum term of imprisonment of at least between two and five years when committed through the use of a tool designed to launch attacks affecting a significant number of information systems, or attacks causing considerable damage, such as disrupted system services, financial cost or loss of personal data.
Amendment 111 #
Proposal for a directive
Article 10 – paragraph 3
Article 10 – paragraph 3
Amendment 113 #
Proposal for a directive
Article 10 – paragraph 3 a (new)
Article 10 – paragraph 3 a (new)
3a. Member States shall ensure that the penalties referred to Article 9 will not apply to offences referred to in Articles 3 to 7 when the offences are clearly not committed for criminal intent, such as during the testing or the immediate protection of information systems, or if the operator or vendor of the system is fully informed of the vulnerability in a timely manner.
Amendment 114 #
Proposal for a directive
Article 10 – paragraph 3 b (new)
Article 10 – paragraph 3 b (new)
3b. Member States shall consider the protection of their information systems and associated data. Reasonable levels of protection should be provided against reasonably identifiable levels of threats and vulnerabilities, with the protection proportionate to the probable damage to the parties concerned.
Amendment 115 #
Proposal for a directive
Article 10 – paragraph 3 c (new)
Article 10 – paragraph 3 c (new)
3c. Member States shall take appropriate steps to oblige legal persons under their jurisdictions to protect information systems from offences detailed in Articles 3 to 7. Reasonable levels of protection should be provided against reasonably identifiable levels of threats and vulnerabilities, with the protection proportionate to the probable damage to the parties concerned.
Amendment 116 #
Proposal for a directive
Article 10 – paragraph 3 d (new)
Article 10 – paragraph 3 d (new)
3d. Where legal persons are considered to have failed to provide a reasonable level of protection as detailed in paragraph 3b and 3c against offenses detailed in Articles 3 to 7, and where these offenses are considered to have been carried out with clear criminal intent, then these offenses will be considered to have been carried out under alleviating circumstances when applying criminal penalties.
Amendment 117 #
Proposal for a directive
Article 10 – paragraph 3 e (new)
Article 10 – paragraph 3 e (new)
3e. Where legal persons have clearly failed to provide a reasonable level of protection and in cases where the damage caused as a result of this failure is considerable, then Member States shall ensure that is possible to impose deterrent sanctions and to prosecute this legal person for negligence.