Handbook of Legal Procedures of Computer and Network Misuse in EU Countries
Total Page:16
File Type:pdf, Size:1020Kb
THE ARTS This PDF document was made available from www.rand.org as a public CHILD POLICY service of the RAND Corporation. CIVIL JUSTICE EDUCATION Jump down to document ENERGY AND ENVIRONMENT 6 HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS The RAND Corporation is a nonprofit research NATIONAL SECURITY POPULATION AND AGING organization providing objective analysis and effective PUBLIC SAFETY solutions that address the challenges facing the public SCIENCE AND TECHNOLOGY and private sectors around the world. SUBSTANCE ABUSE TERRORISM AND HOMELAND SECURITY TRANSPORTATION AND INFRASTRUCTURE Support RAND WORKFORCE AND WORKPLACE Browse Books & Publications Make a charitable contribution For More Information Visit RAND at www.rand.org Explore RAND Europe View document details Limited Electronic Distribution Rights This document and trademark(s) contained herein are protected by law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non- commercial use only. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use. This product is part of the RAND Corporation technical report series. Reports may include research findings on a specific topic that is limited in scope; present discus- sions of the methodology employed in research; provide literature reviews, survey instruments, modeling exercises, guidelines for practitioners and research profes- sionals, and supporting documentation; or deliver preliminary findings. All RAND reports undergo rigorous peer review to ensure that they meet high standards for re- search quality and objectivity. Handbook of Legal Procedures of Computer and Network Misuse in EU Countries Lorenzo Valeri, Geert Somers, Neil Robinson, Hans Graux, Jos Dumortier Prepared for the European Commission The research described in this report was prepared for the European Commission. The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. R® is a registered trademark. © Copyright 2006 the European Commission All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the copyright holder. Published 2006 by the RAND Corporation 1776 Main Street, P.O. Box 2138, Santa Monica, CA 90407-2138 1200 South Hayes Street, Arlington, VA 22202-5050 201 North Craig Street, Suite 202, Pittsburgh, PA 15213-1516 Newtonweg 1, 2333 CP Leiden, The Netherlands Westbrook Centre, Milton Road, Cambridge CB4 1YG, United Kingdom Uhlandstraße 14, 10623 Berlin, Germany RAND URL: http://www.rand.org/ RAND Europe URL: http://www.rand.org/randeurope To order RAND documents or to obtain additional information, contact Distribution Services: Telephone: (310) 451-7002; Fax: (310) 451-6915; Email: [email protected] Preface In 2003 the European Commission commissioned RAND Europe to develop a Handbook that provided an easy to use guide matching technical descriptions of incidents to the legal framework of the country in question, and detailed procedures for working with law enforcement to respond to incidents. This handbook was tailored to the user requirements of Europe’s Computer Security Incident Response Team (CSIRT) community. RAND Europe and Lawfort were invited to update this first version of the Handbook, to take into account the recent developments in the legal framework in the EU and more importantly, to extend its scope to cover the situation in the 10 new Member States which joined the European Union on 1st May 2004. The MODINIS work programme supports this activity under the heading of “favouring co-ordination between CSIRTs.” This project is also undertaken as a preparatory activity for the newly formed European Network and Information Security Agency (ENISA). This is the final report of the 2005 EC-CSIRT Legal Handbook of Legal Procedures of Computer and Network Misuse in EU Countries for Assisting Computer Security Incident Response Teams (CSIRTS): hereafter ‘2005 CSIRT Legal Handbook’. In detail, the CSIRT Legal Handbook provides user-friendly access to up to date information on rules and regulations concerning computer misuse and the collection and reporting of computer evidence currently in force in all 25 EU countries, together with guidelines as to when and how law enforcement must be informed of incidents. The project will update the taxonomy, review and analyse standard enquires and reporting needs, survey national legal frameworks and relevant industrial initiatives and provide a user friendly electronic application for modifying and updating the information. Project co-ordination and management, the user survey and design and implementation of the electronic applicaition was conducted by RAND Europe, an independent not-for- profit policy research organisation that serves the public interest by improving policymaking and informing public debate. Lawfort, a leading and independent Belgian law firm (www.lawfort.be) with offices Brussels, Antwerp, Ghent and Liège, conducted and managed the contributions of national legal correspondents across the EU under the leadership of Professor Jos Dumortier. These are detailed in the table below: ii RAND Europe Update to the Handbook of Legal Procedures of Computer and Network Misuse Member State Principal source(s) Austria Dr. Erich Schweighofer and Dr. Doris Liebwald, Wiener Zentrum für Rechtsinformatik, Universität Wien Belgium Prof Jos Dumortier, Geert Somers, Hans Graux, Lawfort Cyprus Olga Georgiades, Lawyer, Lellos P Demetriades Law Office Czech Jan Hobza, Sales Manager Siemens Business Services Ltd, and Kubo Macak, LL.M. Danmark Dr. Henrik Udsen, University of Copenhagen Estonia Tõnu Lausmaa, Re-En Center TAASEN Finland Kirsi Kankare, LL.M., Sourcing Manager Nokia Germany Marian Alexander Arning, LL.M. and Dr. Kai Cornelius, LL.M. Greece Konstantinos Kyrmanidis, Lawyer Hungary Dr. Koppányi Szabolcs, LL.M. Italy Paolo Galdieri, Lawyer Latvia Andris Kikans and Juris Breicis, Datorzinibu Centrs A/S Lithuania Mindaugas Civilka, Lawyer, Law Offices Norcous & Partners Malta Dr. Olga Finkel, Lawyer, Gatt Frendo Tufigno Advocates Poland Hon. Dariusz Sielicki, judge, legal expert for the Polish Ministry of Justice Portugal Pedro Simões Dias, Lawyer, Uría & Menéndez Lisboa Slovakia JUDr. Martin Lupták, Public Prosecutor and External Professor Univerzity Mateja Bela Slovenia Gorazd Božič, ARNES SI-CERT Spain Joaquín de Otaola, Lawyer, Sanchez Pintado, Núñez & Asociados, S.L. Sweden Patrik Håkansson, DCI / IT Crime Squad, National Criminal Police Sweden United Kingdom Peter Sommer, London School of Economics For more information this project please contact Dr Lorenzo Valeri, at the Information Society Programme, ([email protected]) at the following address: Dr Lorenzo Valeri Information Society Programme RAND Europe Westbrook Centre Milton Road Cambridge CB4 1YG UNITED KINGDOM [email protected] T: +44(0)1223 353329 iii Contents Preface.........................................................................................................................ii Executive Summary...................................................................................................10 Country Reports .......................................................................................................12 CHAPTER 1 Introduction to Country Reports...................................................13 1.1 Taxonomy of Information Security Incidents .................................................. 13 1.2 The Criminality of Incidents across the EU..................................................... 15 1.3 Matching incidents to the Framework Decision and Council of Europe Cyber-Crime Convention................................................................................ 18 CHAPTER 2 Country Report - Austria ...............................................................24 2.1 Austrian Legislation on Computer Crimes....................................................... 24 2.2 Law Enforcement Bodies................................................................................. 28 2.2.1 Police (www.polizei.gv.at)................................................................... 28 2.2.2 Austrian Administrative Adjudication................................................. 29 2.2.3 Austrian Criminal Proceedings ........................................................... 29 2.3 Reporting ........................................................................................................ 30 2.3.1 Competent Authorities ....................................................................... 30 2.3.2 Contact Details................................................................................... 30 2.4 Forensics ......................................................................................................... 31 2.5 References ....................................................................................................... 32 CHAPTER 3 Country Report: Belgium ..............................................................34 3.1 Belgian legislation on computer crimes............................................................ 34 3.2 Law enforcement bodies .................................................................................