EU to establish cybercrime agency

mouse_computer_orange_sxc_mmagallan.jpg

EU ministers have asked the European Commission to assess whether it should set up a centralised agency on tackling cybercrime to prevent online fraud and child pornography.

On Monday (27 April) EU ministers meeting in Luxembourg asked the European Commission to "assess the feasibility" of setting up a single centre on cybercrime to pool member states' efforts and resources to fight Internet crime.

In the past, the biggest opponents of a centralised EU body on cybercrime have been the UK, Germany and France, who feared an EU agency would tread on the toes of operations already underway in their own countries.

Observers say such a body would have some way to go to get the approval of these three major players in the bloc.

The body is intended to encourage information sharing between national law enforcement authorities, especially to co-operate with the International Child Sexual Exploitation Database at Interpol on tackling child pornography, according to a statement from the ministers' meeting.

Details on the shape and location of the agency are scant as some speculate it could be located in The Hague, where Europol, the EU's police agency, currently hosts the 'European cybercrime platform'.

Though the establishment of an agency has mostly garnered support, some argue that it should make sure it does not overlap with work being done by up-and-running agencies, like the European Network and Information Security Agency (ENISA).

In addition, the EU faces internal strife on a month-old proposal to block access to child pornography on the Internet (EURACTIV 30/03/10).

"If the police can confiscate leaflets, books, and videos with child pornography, it should also be able to shut down sites. The Internet is not a safe haven for criminals," argued Cecilia Malmström, the EU commissioner for home affairs.

Germany, which said it would block the proposal, argues that banning child pornography would be more sensible than filtering content.

"I expect a broad debate in the upcoming discussions in which I shall be representing the principle of 'removing [child porn sites] instead of blocking' and lobbying for as broad support as possible in the Council and in the European Parliament," said German Justice Minister Sabine Schnarrenberger.

Erik Windmar, a member of the cabinet for Justice Commissioner Malmström, confirmed that the Commission will propose a new directive for attacks against information systems soon.

The EU executive will present an EU Internal Security Strategy in October 2010, a major component of which will be cyber security, Windmar added.

The European Commission claims that the cost of cybercrime in the EU, at €750 billion annually, vastly exceeds drug trafficking and is equivalent to 1% of global GDP.

On the black market a cybercriminal can buy a full identity profile for €40 and credit card details for €0.04, according to research carried out by Internet security business Symantec.

The European Network and Information Security Agency (ENISA), based in Heraklion, Greece, classifies threats on the Internet according to when experts think they will materialise, in 'current', 'emerging' and 'future' risks. ENISA describes itself as "a Centre of Excellence for the EU member states and EU institutions in network and information security, giving expert advice and recommendations". 

The agency monitors Spam, botnets, phishing, identity theft, route hijacking, instant messaging, peer-to-peer systems, malware on cell phones, hackers in stock markets, software vulnerabilities and lack of protection (e.g. antivirus software) in some devices.

Action on cybercrime has been slow to come as some EU member states have yet to ratify the Convention on Cybercrime adopted in 2001 by the Council of Europe, the Strasbourg-based human rights organisation.

The Convention was designed so EU countries could adopt a common position on practical issues such as blocking IP addresses and revoking domain names.

  • Summer 2010: European Commission to propose new directive on attacks against information systems.
  • October 2010: European Commission to present EU Internal Security Strategy, which includes cybersecurity.

Subscribe to our newsletters

Subscribe