The highly anticipated and much needed Criminal Justice (Offences Relating to Information Systems) Bill 2016 (the “Bill”) was published by the Minister for Justice and Equality on the 19 January 2016 which is aimed at addressing cyber attacks on information systems.
The Bill will implement the Cybercrime Directive which aims to create consistent legislation throughout the EU in relation to cyber attacks. Considering 2015 saw a huge increase in both the frequency and sophistication of such attacks, this Bill is welcomed as it introduces a number of new cyber offences and will seek to safeguard information systems and dissuade cyber attacks on such information systems.
The Bill introduces a number of new cyber offences, including:
- Unauthorised access to an information system;
- Unauthorised interference with an information system to hinder or interrupt its operation and proper functioning;
- Unauthorised interference with data on an information system;
- Unauthorised interception with the transmission of data to, from or within an information system; and
- Use of a computer programme, password, code or data for the purpose of committing any of the above offences.
Penalties of up to 12 months imprisonment and/or a fine of €5000 can be imposed for summary conviction of the above offences. While those convicted on indictment could face up to 5 years imprisonment and/or a fine. However, the offence of unauthorised interference with an information system to hinder or interrupt its operation and proper functioning is subject to a more severe penalty of up to 10 years imprisonment and/or a fine.
Under the Bill, Gardaí investigating any of the above offences can now get a search warrant from a District Court judge to search and seize computers, equipment, passwords and any other records or things as part of their investigations. Any person who fails to comply with such a search warrant or obstructs or attempts to obstruct the Gardaí acting under the authority of such a search warrant shall be guilty of an offence and can face up to 12 months imprisonment and/or a fine of €5000.
The Bill also introduces personal liability for company officers found to have consented or connived with any person in respect of the company’s commission of any of the new offences, meaning such company officers can be prosecuted as well as the company.