The Radical Party
This article appears in eGov monitor Weekly

9 September 2002

What is the Borderline Between Criminality and Civil Disobedience in the Net?

By Marco Cappato MEP, President of the Political Board of Transnational Radical Party

Europe is moving on attacks against information systems. The news could even sound reassuring when we think about cyber-criminals stealing our credit card numbers or destroying our hard disk with a virus. Unfortunately, there is much to be worried about.

The proposal for a Framework Decision put forward by the European Commission (that is being examined now by the European Parliament, but will be finalized by the EU Member States' Governments in Council closed-door meetings) would have two main effects: first, to define what an attack against information system (AAIS) is; second, to have it treated in the whole EU as a crime, punishable with maximum prison sentences of at least two years. The proposal stems from the doubtful consideration that fighting cybercrime is essentially a problem of imposing harsh sentences, when facts are telling us that law enforcement activity is getting better results by the fact of being fast, focused and operationally skilled - more than by the fact of keeping people in jail for years.

The language crafted to define what an AAIS is, raises even more worries. There is no explicit exclusion of minor or trivial behaviour. The simple fact of penetrating without authorisation in a system is considered as a criminal offence. No exemption is foreseen for AAIS that could be justified as legitimate defence or as freedom of expression, such as nonviolent civil disobedience actions.

As draftman for the European Parliament Industry Committee I have asked in my report for these over-repressive measures to be substantially changed. It is not a question of looking for a mindlessly weak position on crime, or even of asking for a general exemption in all the cases that involve the expression of thoughts or civil disobedience behaviour. Nobody asks the European Union to justify any action just on the basis of its political or libertarian justification. Crimes that are crimes in the real world are such even in cyberspace. What is not acceptable is the European Union asking for criminalisation of behaviours that are currently not crimes for Member States and that are not crimes in the real world. We do not want to see a Member State obliged by EU legislation to criminalise harmless demonstrative hackerism or virtual demonstrations, such as those organised by dissidents of totalitarian or dictatorial States (i.e. the Falun Gong in China). The inclusion in the Commission proposal of the extra-territoriality principle could criminalise their Internet demonstrations when stemming from the EU territory. Of course, the borderline between nonviolent action and harmful attacks is often blurred and difficult to define, but rigid and automatic prohibitionism does not help. We risk to impose penalties on those who, operating from within the territory of the European Union, carry out acts of civil disobedience against information systems used by dictatorial regimes.

The "democratic priority" proposed by the Transnational Radical Party involves not only the promotion of e-democracy as the opposition to censorship and to the abuse of power, but also international policy and the definition of cyber-crime. We must not allow our governments to remain neutral in the face of the repression exercised in countries ruled by dictatorships. We must not allow legislation to be "technicised" to such an extent that actions can be deemed to be criminal irrespective of the conditions of those who perform them. The case of those who break into an information system in order to steal, destroy, or even to commit or facilitate violent actions, is very different from that of those who do so to resist violence, to block instruments of oppression, to stop censorship and to bring information where it is not allowed; this distinction is not reflected adequately by the national legislations, and even less so by the international Conventions - such as that against cyber-crime - or by the acts of the European Union.

For these reasons we have put forward amendments to the Commission proposal in order to re-balance the preoccupations of law enforcement/EU Interior Ministries officials with the needed guarantees for civil freedoms and political rights. We will also raise public and Internet users' awareness through a on-line mobilisation (http://servizi.radicalparty.org/tech_revolution) in order to avoid that fundamental freedoms are eroded by the blind obsession for total security.

Marco Cappato Marco Cappato is a Member of the European Parliament and President of the Political Board of Transnational Radical Party. He is a Member of the European Parliament's Committee for Citizens' Freedoms and Rights, Justice and Home Affairs, and rapporteur of the European Parliament on the Directive on privacy in electronic communications.

*