Activities of Jan Philipp ALBRECHT related to 2017/2068(INI)
Plenary speeches (1)
The fight against cybercrime (short presentation)
Shadow reports (1)
REPORT on the fight against cybercrime PDF (471 KB) DOC (90 KB)
Amendments (42)
Amendment 2 #
Motion for a resolution
Citation 3
Citation 3
— having regard to Articles 1, 7, 8, 11, 21, 2416, 17, 21, 24, 47, 49 and 52 of the Charter of Fundamental Rights of the European Union (CFR),
Amendment 16 #
Motion for a resolution
Citation 13 a (new)
Citation 13 a (new)
Amendment 19 #
Motion for a resolution
Citation 20 a (new)
Citation 20 a (new)
- having regard to the Europol and ENISA Joint Statement of 20 May 2016 on lawful criminal investigation that respects 21st Century data protection;
Amendment 41 #
Motion for a resolution
Recital B
Recital B
B. whereas the lines between cybercrime, cyber espionage, cyber warfare, cyber sabotage and cyber terrorism are becoming increasingly blurred; whereas cybercrimes can target individuals, public or private entities and cover a wide range of offences, including privacy breaches, copyright infringement, child pornography, online incitement to hate, the dissemination of fake news with malicious intentsexual abuse, public incitement to violence or hatred, financial crime and fraud, as well as illegal system interference;
Amendment 46 #
Motion for a resolution
Recital C
Recital C
C. whereas the 2016 IOCTA reveals that cybercrime is increasing in intensity, complexity and magnitude, that reported cybercrime exceeds traditional crime in some EU countries, that it extends to other areas of crime, such as human trafficking, that there has been a growing misuse of encryption and anonymisation tools and that ransomware attacks outnumber traditional malware threats such as Trojans;
Amendment 58 #
Motion for a resolution
Recital E
Recital E
E. whereas a considerable number of cybercrimes remain unprosecuted and unpunished, due in part to; whereas there is still significant underreporting, long detection periods allowing cybercriminals to develop multiple entries/exits or backdoors, difficult access to e-evidence, problems in obtaining it and with its admissibility in court, as well as complex procedures and jurisdictional challenges related to the cross-border nature of cybercrimes;
Amendment 64 #
Motion for a resolution
Recital F
Recital F
F. whereas the TELE2 judgment of the CJEU imposes stringent limits on police and judicial access to the data of cybercrime suspects and outlaws blanket and non-targeted data retention;
Amendment 83 #
Motion for a resolution
Recital H
Recital H
H. whereas awareness about the risks posed by cybercrime has increased, but precautionary measures, both on the part of individual users and of business, remain absenby far not adequate yet;
Amendment 87 #
Motion for a resolution
Recital I
Recital I
I. whereas the constantly growing interconnectedness of people, places and things makes Internet of Things (IoT) devices an ideal target for cybercriminals; whereas hacked IoT devices that not only have sensors, but have or can control physical actuators, may represent a concrete threat to the lives of human beings;
Amendment 89 #
Motion for a resolution
Recital I a (new)
Recital I a (new)
Ia. whereas the protection of fundamental rights is a key objective of the Union, and necessary to achieve the trust that enables the European digital single market to flourish, because it creates the confidence that data and services are safe not only from cybercrime, but also from disproportionate public authority interferences with such rights.
Amendment 96 #
Motion for a resolution
Paragraph –1 (new)
Paragraph –1 (new)
-1. Underlines that the fight against cybercrime should be first and foremost about safeguarding and hardening critical infrastructures and other networked devices, and not only about elaborating repressive actions;
Amendment 124 #
Motion for a resolution
Paragraph 4
Paragraph 4
4. Stresses that the constantly changing nature of the cyber-threat landscape presents all stakeholders with serious legal and technological challenges; points, in particular, to the increasing misuse of privacy-enhancing technologies such as onion-routing and the Darknet, as well as to the growing threats posed by hackers sponsored by non- friendly foreign states or extremist political or religious organisations;
Amendment 129 #
Motion for a resolution
Paragraph 4 a (new)
Paragraph 4 a (new)
4a. Underlines that the Darknet and onion-routing also provide a free space for journalists, political campaigners and human rights defenders in certain countries to avoid detection by repressive state authorities;
Amendment 144 #
Motion for a resolution
Paragraph 6
Paragraph 6
6. Acknowledges that technological advances in encryption allow legitimate usercitizens to better protect their data and communications, but points out that malicious users deploy the same techniques to conceal their criminal activities and identities;
Amendment 164 #
Motion for a resolution
Paragraph 8
Paragraph 8
8. Calls on the Commission, in the context of the review of the European cybersecurity strategy, to continue identifying network and information security vulnerabilities of European critical infrastructure and incentivise the development of resilient systems, and assess the situation regarding the fight against cybercrime in the European Union and the Member States, in order to achieve a better understanding of the trends and developments in relation to offences in cyberspace;
Amendment 188 #
Motion for a resolution
Paragraph 12
Paragraph 12
12. Is concerned by the Europol finding that the majority of successful attacks are attributable to a lack of user-awareness, as well as insufficient securitydigital hygiene, a lack of security by design and a lack of user-awareness; underlines that users are the first victims of badly secured hardware and software;
Amendment 215 #
Motion for a resolution
Paragraph 14
Paragraph 14
14. Stresses that businesses should conduct regular vulnerability assessments, fix existing vulnerabilities inidentify vulnerabilities through regular assessments, protect their products or services by fixing vulnerabilities and consistently reporting cyber-attacks;
Amendment 220 #
Motion for a resolution
Paragraph 15 a (new)
Paragraph 15 a (new)
15 a. Points out that recent incidents clearly demonstrate the acute vulnerability of the EU, and in particular the EU institutions, national governments and parliaments, major European companies, European IT infrastructures and networks, to sophisticated attacks using complex software and malware; underlines that boosting EU IT capacity and security also reduces the vulnerability of the EU towards serious cyberattacks originating from large criminal organisations or terrorist groups;
Amendment 223 #
Motion for a resolution
Paragraph 15 b (new)
Paragraph 15 b (new)
15b. Calls on the Commission and the Member States to take the initiative and build up, as a strategic priority measure, a strong and autonomous IT key-resource capability; stresses that in order to regain trust, such a European IT capability should be based, as much as possible, on open standards and open-source software and if possible hardware, making the whole supply chain from processor design to application layer transparent and reviewable; points out that in order to regain competitiveness in the strategic sector of IT services, a ‘digital new deal’ is needed, with joint and large-scale efforts by EU institutions, Member States, research institutions, industry and civil society; calls on the Commission and the Member States to use public procurement as leverage to support such resource capability in the EU by making EU security and privacy standards a key requirement in the public procurement of IT goods and services; urges the Commission, therefore, to review the current public procurement practices with regard to data processing in order to consider restricting tender procedures to certified companies, and possibly to EU companies, where security or other vital interests are involved;
Amendment 224 #
Motion for a resolution
Paragraph 15 c (new)
Paragraph 15 c (new)
15c. Strongly condemns the fact that intelligence services seek to lower IT security standards and to install backdoors in a wide range of IT systems; asks the Commission to present draft legislation to ban the use of backdoors by law enforcement agencies; recommends, consequently, the use of open-source software in all environments where IT security is a concern;
Amendment 225 #
Motion for a resolution
Paragraph 15 d (new)
Paragraph 15 d (new)
15d. Calls on all the Member States, the Commission, the Council and the European Council to give their fullest support, including through funding in the field of research and development, to the development of European innovative and technological capability in IT tools, companies and providers (hardware, software, services and network), including for purposes of cybersecurity and encryption and cryptographic capabilities; calls on all responsible EU institutions and Member States to invest in EU local and independent technologies, and to develop massively and increase detection capabilities;
Amendment 226 #
Motion for a resolution
Paragraph 15 e (new)
Paragraph 15 e (new)
15 e. Takes the view that the large-scale IT systems used in the area of freedom, security and justice, such as the Schengen Information System II, the Visa Information System, Eurodac and possible future systems, should be developed and operated in such a way as to ensure that data are not compromised as a result of requests by authorities from third countries; asks eu-LISA to report back to Parliament on the reliability of the systems in place by the end of 2018;
Amendment 227 #
Motion for a resolution
Paragraph 15 f (new)
Paragraph 15 f (new)
15f. Calls for the EU to take the lead in reshaping the architecture and governance of the internet in order to address the risks related to data flows and storage, striving for more data minimisation and transparency and less centralised mass storage of raw data, as well as for rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy;
Amendment 231 #
Motion for a resolution
Paragraph 16
Paragraph 16
16. Considers enhanced cooperation with service providers to be a key factor in accelerating and streamlining mutual legal assistance and mutual recognition proceduresprocedures; calls on providers of electronic communications services not established in the Union to designate in writing representatives in the Union;
Amendment 235 #
Motion for a resolution
Paragraph 16 a (new)
Paragraph 16 a (new)
16a. Reiterates that with respect to the Internet of Things, producers are the key starting point for tightening up liability regimes which will lead to a better quality of products and a more secure environment in terms of external access and the documented possibility for updates;
Amendment 243 #
Motion for a resolution
Paragraph 17
Paragraph 17
17. Believes that innovation should not be hampered by unnecessary red tape for software developers and hardware producers; eEncourages the private sector to implement voluntary measures aligned with internationally recognised standards aimed at bolstering trust in the security of software and devices, such as the IoT trust label;
Amendment 251 #
Motion for a resolution
Paragraph 18
Paragraph 18
Amendment 262 #
Motion for a resolution
Paragraph 19
Paragraph 19
19. Calls on the Commission to Recognises that the current EU and Member State legal frameworks can create challenges for service providers seeking to comply with law enforcement authority demands, and indeed potentially block such compliance, in particular in scenarios where multiple Member States are involved; calls on the Commission to investigate the legal scope for improving the accountability of service providers to cooperate with law enforcement authorities and for imposing an obligation to respond to foreign EU law-enforcement requests subject to adequate safeguards;
Amendment 283 #
Motion for a resolution
Paragraph 20
Paragraph 20
20. Calls on the Commission and the Member States to impose the samemandatory end- to-end encryption obligations on online service providers as those, which apply to providers ofwell as traditional telecommunications services;
Amendment 285 #
Motion for a resolution
Paragraph 21
Paragraph 21
21. Underlines that illegal online content should be removed immediatelyn an expeditious manner; reiterates that any measure to remove illegal online content based on terms and conditions should only be permitted if national procedural rules provide a possibility for users to assert their rights before a court after learning of such measures; welcomes, in this context, the progress achieved concerning the blocking and removal of illegal content online, but stresses the need for a stronger commitment on the part of platform service providers to respond quickly and effectively; welcomes the Commission’s stated intention to provide guidance on notice-and-takedown procedures and urges the Commission to come forward with a legislative proposal on this matter;
Amendment 305 #
Motion for a resolution
Paragraph 22
Paragraph 22
22. Is concerned that a considerable number of cybercrimes remain unpunished; emphasises the need to allow lawful access to relevant information, even if it has been encrypted, if such access is imperativ enforcement authorities to have lawful access to relevant information in the limited circumstances where such access is necessary and proportionate for reasons of security and justice;
Amendment 314 #
Motion for a resolution
Paragraph 23
Paragraph 23
23. Urges the Member States to exchange best practices regarding the circumvention of encryption and to cooperate, in consultation with the judiciary, in aligning the conditions for the lawful use of investigative tools online;
Amendment 325 #
Motion for a resolution
Paragraph 25
Paragraph 25
Amendment 330 #
Motion for a resolution
Paragraph 26
Paragraph 26
26. Stresses the need to minimise the risks posed to the privacy of internet users by leaks of exploits or tools used by law- enforcement authorities as part of their legitimate investigations; underlines in this regard that exploits and vulnerabilities should be notified to the manufacturer as soon as possible and without exception;
Amendment 336 #
Motion for a resolution
Paragraph 28
Paragraph 28
28. Underlines that the patchwork of separate, territorially defined national jurisdictions causes difficulties in determining the applicable law in transnational interactions and gives rise to legal uncertainty, thereby preventing cooperation across borders, which is necessary to deal efficiently with misuses onlincybercrime;
Amendment 357 #
Motion for a resolution
Paragraph 30
Paragraph 30
30. Underlines the importance of close cooperation between law enforcement authorities and the private sector on the issue of access to e-evidence; urges the Member States concerned to eliminate criminal law provisions prohibiting domestic service providers from responding to foreignother EU Member States' law enforcement requests;
Amendment 365 #
Motion for a resolution
Paragraph 31
Paragraph 31
31. Calls on the Commission to put forward a European legal framework for e- evidence, including harmonised rules to determine the status of a provider as domestic or foreign, and to impose an obligation on service providers to respond to requests from othird countrer EU Member States’ law enforcement authorities, with a view to ensuring legal certainty for stakeholders and removing obstacles to cooperation;
Amendment 367 #
Motion for a resolution
Paragraph 31 a (new)
Paragraph 31 a (new)
31a. Stresses the need for any e- evidence framework to include sufficient safeguards for the rights and freedoms of all concerned; highlights that this should include a requirement that requests for e- evidence are directed in the first instance to the controllers or owners of the data, in order to ensure that their rights – and the rights of those to whom the data relates (for example their entitlement to assert legal privilege, and seek legal redress in the case of disproportionate or otherwise unlawful access) – are respected; also highlights the need to ensure any legal framework protects providers and all other parties from requests that could create conflicts of law or otherwise impinge on the sovereignty of other States;
Amendment 401 #
Motion for a resolution
Paragraph 37 a (new)
Paragraph 37 a (new)
37a. Stresses its serious concerns in relation to the work within the Council of Europe's Cybercrime Convention Committee on the interpretation of Article 32 of the Convention on Cybercrime of 23 November 2001 (Budapest Convention) on transborder access to stored computer data (“cloud evidence”) and opposes any conclusion of an additional protocol or guidance intended to broaden the scope of this provision beyond the current regime established by this Convention, which is already a major exception to the principle of territoriality because it could result in unfettered remote access by law enforcement authorities to servers and computers located in other jurisdictions without recourse to mutual legal assistance (MLA) agreements and other instruments of judicial cooperation put in place to guarantee the fundamental rights of the individual, including data protection and due process, and in particular Council of Europe Convention 108;
Amendment 406 #
Motion for a resolution
Paragraph 37 b (new)
Paragraph 37 b (new)
37b. Urges Member States, in the context of the negotiations of the Council of Europe’s Convention on Cybercrime, to favour the use of mutual legal assistance instruments for the exchange of information with third countries, with due regard to the principle of territoriality and Union legislation on data protection, notably Article 48 of Regulation (EU) 679/2016 (General Data Protection Regulation);
Amendment 415 #
Motion for a resolution
Paragraph 39
Paragraph 39
39. Takes note of the fact that the highest number of law enforcement requests is sent to the United States and Canada; is concerned that the voluntary disclosure rate of big US service providers in response to requests from European criminal justice authorities falls short of 60 %recognises that, as for instance enshrined in Article 48 of Regulation (EU) 679/2016 (the General Data Protection Regulation), mutual legal assistance and other international agreements are the preferred mechanism to enable access to personal data overseas;
Amendment 423 #
Motion for a resolution
Paragraph 40
Paragraph 40
40. Calls on the Commission to put forward concrete measures to address impediments to theprotect the fundamental rights of the suspected or accused person when exchange of information between European law enforcement authorities and third countries, notably takes place, notably safeguards as regards the non-execution of a request by an EU Member State in the quick obtaining, upon a court decision, of relevant evidence, subscriber- related information as well as detailed meta- and content data (if not encrypted) from law-enforcement authorities and/or service providers with a view to improving mutual legal assistance;