The European Commission wants a penalty of at least one-year imprisonment for hacking into information networks. When a hacker is participating in a criminal organisation or the offence was intended to cause ‘substantial economic loss’ or ‘substantial damage’ to part of the critical infrastructure, the maximum term of imprisonment may not be less than four years.
According to Cappato however, the definitions proposed by the European Commission are too vague. He is afraid that digital forms of civil disobedience also will be criminalized. ‘A clear distinction is needed between, on the one hand, forms of ‘on-line’ political activity, civil disobedience, demonstrations and activities of little or no consequence (some of which might be covered by the term ‘hacking’) and, on the other hand, ‘cracking’, violent action directed not only against property, but also against physical persons,’ the Italian Member of European Parliament writes.
Cappato points at the fact that civil disobedience can be an important and necessary tool of legitimate opposition. ‘It is not acceptable to oblige Member States to impose criminal penalties on activities which deserved to be recognised as contributing to the public good, even if they involve actions which might be covered by the term ‘attacks against information systems’. For example, action to combat censorship and disinformation which involves interference in, or sabotage of, the means used to repress individuals or whole nations,’ Cappato states.
Cappato also points at the principal of technological neutrality. ‘A particular important example is provided by the freedom to demonstrate, in view of the risk that a demonstration held in cyberspace – which, like a demonstration in the real world may also generate a certain amount of ‘acceptable’ inconvenience – could be criminalized solely on the grounds that information systems are involved.’
Cappato further states that the proposal should include explicit references to fundamental rights and freedoms. The EU Member States should also have some space to exempt certain forms of political hacking or hacking without great damage from criminalisation in their national laws.
Privacy groups warned earlier for the consequences of the proposal of the European Commission. They pointed at the fact that the security of information networks is often of such a bad level, that Internet users can easily find themselves unexpectedly and unintentionally at forbidden web pages. The European Commission however wants that hacking into a secured information network will be punishable, irrespective off the intentions. Cappato also warns for this approach taken by the Commission. ‘Care should be taken to ensure that the legislation targets the offence (be this a terrorist attack, theft, violation of privacy, vandalism or some other offence) rather than the means whereby it is committed,’ Cappato states.