Better Cybersecurity, Better Democracy? The Public Interest Case for Amending the Convention on Cybercrime n.185 and the Directive 2013/40/EU on Attacks Against Information Systems
The Governance of Criminal Justice in the European Union: Transnationalism, localism, and public participation in an evolving constitutional order. Editors: Pereira, R., Engel, A. and Miettinen, S., . Edward Elgar Publishing 2020
29 Pages Posted: 31 Dec 2020
Date Written: August 2, 2019
Abstract
International organisations have long acknowledged that the cross-border nature of cybercrime, understood as computer-focused crimes, called for consensus on offences and effective cooperation between states in the detection, investigation and prosecution of cybercrime.
Hence a programme of harmonisation of national criminal laws, mainly driven by the Council of Europe, and resulting in the 2001 Convention on cybercrime n. 185, which has de facto become the international treaty on cybercrime.
At European Union (EU) level, the Directive 2013/40/EU on attacks against information systems also emphasises achieving a ‘greater approximation’ of substantive -rather than procedural- criminal laws to respond to the transnational nature of cyberattacks.
This chapter argues that the Council of Europe, the EU and their respective Member States have so far not fully assessed how this programme of harmonisation of substantive criminal laws unwittingly contribute to endangering security and democracy. The conflation of hacking with crime, notably unauthorised access, has led to the criminalisation of a wide range of legitimate security practices and newsgathering practices, with little protection available to the actors implicated – respectively, security researchers, and whistle-blowers and journalists.
Therefore, this chapter proposes to add a public interest defence to the computer-focused offences the Directive and the Convention have defined, to remedy the fragmented governance of cybercrime and its negative impact on human rights.
Keywords: Cybersecurity; Cybercrime; Defense; Convention on Cybercrime; EU Directive 2013/40
Suggested Citation: Suggested Citation