tag:blogger.com,1999:blog-21633793.post1717232093663430943..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Outlawing BotnetsSusan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-21633793.post-38930865244138198382010-11-24T06:35:26.735-05:002010-11-24T06:35:26.735-05:00In article 10 of the proposed Directive aggravatin...In article 10 of the proposed Directive aggravating circumstances are created. When botnets are used when commiting crimes like hacking or adding malware to a computer the penalty is at least 5 years according to article 10(2). It is fomulated as following: "when committed through the use of a tool designed to launch attacks affecting a significant number of information systems, or attacks causing considerable damage, such as disrupted system services, financial cost or loss of personal data." <br /><br />So no specific article for the criminalization of botnets is created, the use of botnets is rather an aggravating circumstance when committing other computer crimes. Since the effect of botnets can be so great, I can understand why they want to create higher penalties for this. <br /><br />Of course the problem you address, that it is difficult to formulate the penalization of botnets, still exists. It is too bad that in the Directive it is not clear in what a 'significant number of information systems' exactly are and what is 'considerable damage'. <br />The criminilazation is also unneccasary. When using a botnet many other (computer)crimes could be committed. For example in Dutch legislation, specific crimes with higher penalties exist for sabotaging governmental or essential infrastructure (by hacking, (d)dos-attacks, etc.). This could be done by using a botnet. When enacted, it does however rises some pentalties for crimes in the Netherlands, because it is formulated broader. <br /><br />What's really interesting about the European proposal though is that, when accepted and enacted, the European Commission creates criminal laws for all the Member States and is able to enforce this legislation. Criminal law used to be something the European Union had nothing to do with; Member States decided what to criminlize for which penalties. Since the Treaty of Lisbon the EU can also harmonize laws on criminal law (and not just laws which have to do with economics). With Directives, the European Commission can make sure the laws are properly enacted and if not, they can punish a Member State. <br /><br />I think it is great you wrote about this new proposal and your blog is very interesting!<br /><br />J.J. Oerlemans (PhD Student Leiden University)JJ Oerlemansnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-33257977820946223552010-11-23T18:08:44.280-05:002010-11-23T18:08:44.280-05:00Hello ! As you know a directive is not per se a &q...Hello ! As you know a directive is not per se a "law" but a direction given to EU countries that would then implement it in their legislations.<br /><br />France for instance would - I guess - confirm to the EC that our current legislation covers 90% of the directive already and maybe add one or two pieces of text if needed.<br /><br />Regards,<br /><br />Eric FreyssinetEric FREYSSINEThttp://blog.crimenumerique.fr/noreply@blogger.com