The primary purpose of the Bill is to transpose the European
Directive 2013/40 or the Cybercrime Directive as it is more commonly
known. The Cybercrime Directive is aimed at
harmonising Member States' criminal law in the area of cybercrime by creating
minimum rules for the definition of cybercrime offences and the relevant
sanctions and to improve cooperation between competent authorities.
Ireland, along
with other Member States, did not meet the 4 September 2015 deadline for bring
into force laws to transpose the Directive. The projected timeline for
enactment and commencement of the Bill is uncertain. The upcoming election
certainly will not aid the Bill's progression through the Oireachtas and it is
likely that the Bill will not move forward until the next Dáil is formed.
The Bill creates
five key cybercrime offences namely:
·
accessing information system without lawful authority
(e.g. hacking);
·
interfering with an information system so as to hinder
or interrupt its functioning (e.g. introducing malicious software);
·
interfering with data without lawful authority;
·
intercepting the transmission of data without lawful
authority; and
·
use of a computer programme, password, code or data
for the purpose of the commission of any of the above offences.
The offences carry
sentences of up to 5 years imprisonment on conviction on indictment. A tougher
penalty of up to 10 years imprisonment applies to the offence of interfering
with an information system without lawful authority. Identity theft will be
deemed to be an aggravating factor for the sentencing purposes for the two data
specific offences.
It will also be an
offence to obstruct a Garda acting under the authority of a search warrant (in
relation to the investigation of a suspected offence under this Act), or to
fail to comply with a requirement given by such a Garda. Such an offence will
be punishable by up to 12 months imprisonment or a class a fine (€5,000).
An officer of the
company may be guilty of an offence and prosecuted, if it is proved that an
offence committed by the company was so committed with the officer's consent or
connivance.
The Bill allows
for both territorial and nationality based jurisdiction. The key cybercrime
offences may be tried in the State where the offence was committed, in whole or
in part, by a person:
·
in the State in relation to an information system
outside the State;
·
outside the State in relation to an information system
in the State; or
·
outside the State to an information system outside the
State where the act is an offence in the place it occurred and the person is an
Irish citizen, or is ordinarily resident in the State, or is an Irish company.
The Bill does not appear to deal with the specific
requirements of the Cybercrime Directive in relation to the exchange of
information between Member States within 8 hours, and 24/7 contact points in
connection with urgent requests for help relating to offences.
The Bill was
also intended to pave the way for ratification of the 2001 Budapest Convention
on Cybercrime. The Budapest Convention is the first international treaty to
provide a model for international cooperation in combating cybercrime. Ireland
signed the Convention in 2002, but has yet to ratify it. The Bill as published
does not appear to move Ireland any closer to ratification.
Tackling
cybercrime is a key strand of the National Cyber Security Strategy published
last year. Once enacted and commenced the Bill will provide Gardaí with a more
robust statutory basis for the prosecution of cybercrime. This is particularly
important given the number of high tech IT and internet-based companies that
have major operations here.
No comments:
Post a Comment