The law recently passed by the European Union (EU) on the treatment of cybercrime is not unlike South Africa’s ECT Act.
The new laws approved by EU justice ministers promise a sentence of not less than two years and not more than five years for hackers and those sending viruses, similar to the provisions of the ECT Act.
At the EU council meeting of Justice and Home Affairs, held in Brussels on 27 and 28 February 2003, it was noted that there were significant gaps and differences in laws prevalent in member states that needed to be bridged in order to collectively fight organized crime and cyber terrorism.
A decision was reached that requires member states to establish the criminal offense of illegal access to information systems and provide penalties for attacks against information systems that are effective, proportionate and dissuasive, including custodial sentences in serious cases.
The decision was made to improve cooperation between judicial and other competent authorities, including the police and other specialized law enforcement services of the member states, through approximating rules on criminal law in the member states in the area of attacks against information systems.
In the US, a group of defense lawyers recently published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.
The paper, signed by the National Association of Criminal Defence Lawyers (NACDL), the Electronic Frontier Foundation and the Sentencing Project, criticized sentences for computer crimes because they frequently exceed the seriousness of the crime and rely on damage figures that can easily be inflated.
The only question now regarding the EU law is whether or not hackers and virus spreaders operating within the 15 member states could be extradited to face criminal proceedings in non-member states such as SA.
The ECT Act allows for South Africans living abroad who get involved in cyber crime on local sites to be extradited to face sentencing in SA but is this sufficient in terms of the recent spate of attacks from non-South African residents on local sites?