Docstoc

DENMARK

Document Sample
DENMARK Powered By Docstoc
					 COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER)
 CYBERTERRORISM – THE                 USE OF THE          INTERNET         FOR        Kapitel 1
 TERRORIST PURPOSES

 DENMARK
December 2007                                                                     www.coe.int/gmt


A. National policy

1.   Is there a national policy regarding the analysis, detection, prosecution and prevention
     of cybercrime in general and the misuse of cyberspace for terrorist purposes in
     particular? If yes, please briefly describe it.

Though not laid down in a national policy, the distribution of responsibility regarding analysis,
detection, prosecution and prevention of the misuse of cyberspace for terrorist purposes in
Denmark is clear. The Danish Security and Intelligence Service carries out the analysis, detection
and prevention of such crimes. Prosecution remains the responsibility of the Danish Prosecution
Service.

Furthermore, close co-operation on data analysis and IP-based investigations has been
established between the Danish Security and Intelligence Service and the National High Tech
Crime Centre of the Danish National Commissioner of Police on this type of case.


В. Legal framework

2.   Does your national legislation criminalize the misuse of cyberspace for terrorist
     purposes, and
     a. are these offences specifically defined with regard to terrorist nature or technical
     means of committing the crime or
     b. is the misuse covered by other, non-specific criminal offences?
     How are these offences defined and which sanctions (criminal, administrative, civil) are
     attached?

The Convention on Cybercrime was ratified by Denmark on 21 July 2005 and entered into force on
1 October 2005. The misuse of cyberspace is punishable in accordance with various provisions of
the Danish Criminal Code. Some offences are explicitly described as computer-related offences,
for instance:
-     Illegal access and illegal interception (Articles 2 and 3 of the Convention) may give rise to
      criminal liability pursuant to section 263 (2) of the Danish Criminal Code. According to the said
      provision, any person who unlawfully obtains access to another person’s information system
      shall be liable to a fine or to imprisonment for a term not exceeding one year and six months.
      According to section 263 (3), the penalty may be increased to imprisonment for a term not
      exceeding six years if the act is committed with the intent to procure or make oneself
      acquainted with information about a firm's trade secrets, in the case of offences of a more
      systematic or organised nature, or in other particularly aggravating circumstances.
-     Misuse of devices (Article 6 of the Convention) may be punishable according to section 263 a
      or 301 a of the Criminal Code. According to section 263 a, any person who, in an unlawful
      manner, commercially sells or widely disseminates a password or other means of access to an
      information system, which is not accessible to the public and to which access is secured by a

                              For further information please see the Country
                              profiles on counter-terrorism capacity at
                              www.coe.int/gmt.
                              Pour plus de renseignements, veuillez consulter
                              les Profils nationaux sur la capacité de lutte
                              contre le terrorisme: www.coe.int/gmt.
                                                   2


     password or other special access restrictions, shall be liable to a fine or to imprisonment for a
     term not exceeding one year and six months. According to section 301 a, any person who
     unlawfully obtains or passes on passwords or other means of access to information systems,
     to which access is reserved for paying users and secured by a password or other special
     access restrictions, shall be liable to a fine or to imprisonment for a term not exceeding one
     year and six months.
-    Computer-related fraud (Article 8 in the Convention) may be punishable according to section
     279 a of the Criminal Code. According to the said provision, any person who for the purpose of
     obtaining for him/herself or for others an unlawful gain, unlawfully changes, adds or erases
     information or programs for the use of electronic data processing, or who in any other manner
     attempts to affect the results of such data processing, shall be guilty of computer fraud. The
     penalty may be imprisonment for a term not exceeding one year and six months, cf. section
     285 (1). If the offence is of a particularly aggravated nature, the penalty may be increased to
     imprisonment for a term not exceeding eight years, cf. section 286 (2). If the offence is of
     minor importance the penalty shall be a fine, cf. section 287 (1).

Other types of misuse of cyberspace are covered by non-specific criminal law provisions, for
instance:
-    Data interference and system interference (Articles 4 and 5 of the Convention) may give rise to
     criminal liability pursuant to section 291 and/or section 293 (2) of the Criminal Code. According
     to Article 291 (1), any person who destroys, damages or removes objects belonging to others
     shall be liable to a fine or to imprisonment for a term not exceeding one year and six months.
     According to section 293 (2), any person who unlawfully prevents any other person completely
     or in part, from using or disposing of objects shall be liable to a fine or imprisonment for a term
     not exceeding one year.
-    Computer-related forgery (Article 7 of the Convention) may be punishable according to section
     171 of the Criminal Code. According to the said provision, any person who, with the intent to
     deceive in any matter involving legal consequences, makes use of a false document shall be
     guilty of forgery of documents. A document is a written or electronic manifestation bearing the
     name or the issuer and appearing to be intended to serve as evidence. The penalty may be a
     fine or imprisonment for a term not exceeding two years. If the offence is of a particularly
     serious nature, or if a large number of offences have been committed, the penalty may be
     increased to imprisonment for a term not exceeding six years.

3.   Do you plan to introduce new legislation to counter terrorist misuse of cyberspace?
     What are the basic concepts of these legislative initiatives?

The Danish Government does not plan to introduce new legislation to counter terrorist misuse of
cyberspace.

4.   What are the existing national practices in the field of detecting, monitoring and closing
     down websites used for illicit, in particular, terrorist purposes and what kind of national
     procedures allow the blocking of access to web sites or pages considered illicit?

A project involving the Danish Security and Intelligence Service, the National Commissioner of
Police and academia has been launched in order to enhance monitoring of websites in relation to
terrorism systematically.

Websites used for illicit terrorist purposes can be closed on the basis of a court order.

5.   What are the existing national practices in the field of interception of, or infiltration to,
     the electronic correspondence (e.g. e-mail, forum, instantaneous message service,
     voice over IP-skype, etc).

The interception of communications by the police is regulated by Part 71 of the Administration of
Justice Act.
                                                  3


The first condition for the interception of communications is that there must be certain grounds for
assuming that messages to or from a suspect are conveyed by the communication in question.

Secondly, it is a condition for interception of communications that the interference is assumed to be
of decisive importance to the investigation.

The third and last condition for interception of communications is a requirement as to the nature of
the crime, particularly that the investigation concerns an offence with a maximum penalty
exceeding six years or contravention of certain enumerated provisions of the Criminal Code, for
example section 263 (2) (Illegal access and illegal interception) and Parts 12 and 13 (Offences
against the independence and safety of the State, offences against the Constitution and the
supreme authorities of the State, terrorism, etc.).

Any interception of communications must take place on the basis of a court order.

6.   Does your national legislation provide criteria for establishing jurisdiction over the
     misuse of cyberspace for terrorist purposes? What are those criteria?

According to part 2 of the Criminal Code, acts committed within the territory of the Danish state
shall be subject to Danish criminal jurisdiction. Acts committed outside the territory of the Danish
state by a Danish national or by a person resident in the Danish state shall be subject to Danish
criminal jurisdiction if the act committed is punishable both under Danish law and the law in force in
the territory where the act is committed.

Where the punishable nature of an act depends on or is influenced by an actual or intended
consequence, the act shall be deemed to have been committed where the consequence has taken
effect or was intended to take effect.

Acts committed outside the territory of the Danish state shall also come within Danish criminal
jurisdiction irrespective of the nationality of the perpetrator, where the act violates the
independence, security, Constitution or public authorities of the Danish state, official duties toward
the state or such interests, the legal protection of which depends on a personal connection with the
Danish state; or where the act is covered by an international convention in pursuance of which
Denmark is under an obligation to start legal proceedings.

7.   Does your national legal system establish additional offences related to attempts at, or
     complicity in, the commission of the misuse of cyberspace for terrorist purposes
     (ancillary offences)?

Acts which aim at the promotion or accomplishment of an offence shall be punished as an attempt
when the offence is not completed, cf. section 21 (1) of the Criminal Code.

The penalty in respect of an offence shall apply to any person who has contributed to the execution
of the wrongful act by instigation, advice or action, cf. section 23 (1) of the Criminal Code.

8.   What kind of national procedures do you have for submitting an application on the
     activities of Internet-providers and/or hosting companies or other entities, to deprive a
     user from a domain name or to cancel his/her/its registration or licence?

DK Hostmaster is the administrator of domain names ending in .dk. The rules for DK Hostmaster’s
assignment, registration and administration of domain names under the .dk domain are set out in
the general conditions for the assignment, registration and administration of domain names under
the .dk top level domain.

According to section 8(3)(5) of these conditions a domain name may be suspended or deleted if it
is actively being used in connection with manifestly illegal acts or omissions. The provision
concerns the content of the website, not the name of it. This provision can be used to suspend, for
example, websites which support terrorism.
                                                4



The domain name can only be suspended for significant safety or social reasons and if these
reasons go against letting a suspension or deletion await a decision from the Complaints Board for
Domain Names, the court of law or other public authorities.

9.   What non-legislative measures do you have in your country to prevent and counter
     terrorist misuse of cyberspace, including self-regulatory measures?

The Danish Security and Intelligence Service has set up a special Centre for Prevention in the
Preventive Security Department. This Centre is responsible for the initiation and implementation of
a number of specific projects aiming at preventing radicalization and terrorism. In this respect,
several of the projects focus on the role of the Internet.


С. International co-operation

10. Please describe your country’s general framework for international co-operation
    regarding the misuse of cyberspace for terrorist purposes.

The Danish Security and Intelligence Service participates in several international working groups
regarding the misuse of cyberspace for terrorist purposes.

11. What are the existing practices and experiences with regard to international co-
    operation, in particular in relation to the procedures described in question 4?

The Danish Security and Intelligence Service has had positive experiences with regard to
international co-operation regarding terrorist activities involving the use of cyberspace. The
international co-operation channels and networks are well established and effective.

D. Institutional framework

12. Please list the institutions that are competent for countering terrorist misuse of
    cyberspace.

The Danish Security and Intelligence Service and the Danish Defence Intelligence Service are
responsible for countering terrorist misuse of cyberspace.

13. In order to counter terrorist misuse of cyberspace are there any partnerships between
    the public and private sectors or legal obligations for operators of electronic
    communication (Internet-service providers. hosting companies, etc.) as well as persons
    providing the public with access to systems which allow on-line communication via
    access to the network (cyber cafe, WiFi hotspot)?

In 2004, the Danish Security and Intelligence Service set up a contact group on Information
security. The contact group has been involved in the work of the Service with respect to general as
well as specific threat and risk assessments within IT in relation to terrorism.

14. Are there any hotlines regulated by the public or private sectors permitting
    denouncement of those web sites which could be of a terrorist character / nature?

There are no hotlines regulated by the public or private sectors permitting denouncement of those
websites which could be of a terrorist character/nature.
                                               5


Е. Statistical information

15. Please provide relevant statistics on offences relating to the misuse of cyberspace for
    terrorist purposes (including possibly: cases recorded, investigated, brought to court,
    convictions, victims etc.).

There are no statistics on offences relating to the misuse of cyberspace for terrorist purposes
available in Denmark.

16. Where possible, please describe briefly the profile of offenders typically involved in the
    misuse of cyberspace for terrorist purposes (professional background, gender, age,
    nationality), and possible typical organisational characteristics, including trans-national
    links and links to other forms of organized crime.

On the basis of the available Danish data, it is not possible to describe the typical profile of
offenders involved in the misuse of cyberspace for terrorist purposes.

				
DOCUMENT INFO