The Criminal Justice (Offences Relating to Information Systems) Bill 2016 was announced by Minister Frances Fitzgerald on 19 January 2016.
The offences being created in the Bill focus on the following:
- unauthorised accessing of information systems;
- interference with information systems or with data on such systems;
- interception of transmission of data to or from information systems;
- use of tools to facilitate the commission of these offences relating to information systems; and
- use of a computer programme, password, code or data for the purpose of the commission of any of the above offences.
The offences listed above carry sentences of up to 10 years imprisonment upon conviction on indictment.
The purpose of the Bill is to give effect to EU Directive 2013/40/EU on attacks against information systems. The aim of the Directive is to harmonise the criminal law of the Member States of the EU in the space of attacks against information systems and to enhance cooperation between competent authorities in relation to such threats.
Although the Directive was supposed to have been implemented in Ireland by 4 September 2015 and as such is well overdue this is a welcome step forward, particularly given the recent high profile cybercrimes which have happened to date already in 2016 including:
- a cyber attack on a number of Government websites on 22 January (HSE, the Central Statistics Office, the Department of Justice, the Courts Service and the Department of Defence);
- the National Lottery website and ticket machines were taken down on 20 January for a number of hours by a cyber attack; and
- the cyber attack on the discussion forum Board.ie which brought the website down for three days.
When introducing the Bill Minister Fitzgerald announed “It is of paramount importance that we seek to safeguard modern information and communication systems and to maintain users’ confidence in the safety and reliability of such systems."
There is no indication at this time when it is expected that the Bill will be enacted.
The directive aimed to harmonise criminal law across the EU in the area of attacks against information systems, and to enhance co-operation between authorities.