Internet hackers will face significantly tougher criminal penalties after a new draft resolution was passed in the European Parliament with an overwhelming majority.
"We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations. The financial damage caused for companies, private users and the public amounts to several billions each year" said parliament rapporteur Monika Hohlmeier.
Those who intercept private data or simply gain access to protected databases will face at least two years in prison. Meanwhile, those who organize mass online attacks or cause financial damage with their actions can be imprisoned for at least five years.
Fifty MEPs voted for the legislation, with only one against, and three abstentions. Its proposed effect is not only to toughen penalties, but to harmonize legislation across the EU, which is particularly important considering the international nature of many cybercrimes.
The European Union’s own commission recently estimated that cyber criminals earn $388 billion dollars a year from their activity – more than all the heroin, marijuana and cocaine traffickers and dealers in the world combined.
Although established online crimes – credit card account theft or fake internet shops – continue to be popular, new ones are becoming more common. There has been a steady rise in internet extortion, when criminals force users to pay money so that their personal data is not destroyed, or their business isn’t compromised by a mass attack. The perpetrators of these will face lengthy prison terms.
The proposed legislation also draws attention to corporate cybercrime, in which companies may use hackers to obtain their competitors’ data, or undermine their business. If a chain of responsibility is established between the hackers and their paymasters, the company in question may be forced to pay significant damages.
"No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world" said Hohlmeier.
While the fight against economic cybercriminals is relatively uncontroversial, the impact of the new legislation on so-called “hacktivists” is likely to provoke more debate.
While ideological internet groups such as Anonymous and Lulzsec are responsible for only a small proportion of the attacks, more than half of all illegally acquired information last year was stolen by them.
These groups themselves often position themselves as defenders of free speech and whistleblowers fighting corrupt authorities and corporations – often targeting government websites with their attacks – the legal system sees them as pests, or worse, terrorists. Recent weeks have a seen a spate of arrests of hacktivists in coordinated police operations across the world.
The authors of the resolution hope that it can be agreed on by all the European institutions and come into power by the summer of this year. The legislation will also go hand-in-hand with a new European Cybercrime Centre, created specifically to combat online threats, which is scheduled to open next year.