COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES GERMANY September 2007 Kapitel 1 www.coe.int/gmt A. National policy 1. Is there a national policy regarding the analysis, detection, prosecution and prevention of cybercrime in general and the misuse of cyberspace for terrorist purposes in particular? If yes, please briefly describe it. German anti-terror policy is determined by five important goals: (1) Breaking up terrorist networks by intensifying investigative efforts in order to increase the pressure on offenders; (2) Preventing terrorist threats; (3) Expanding international co-operation; (4) Protecting the population, taking preventive measures and reducing overall vulnerability; (5) Abolishing the causes of terrorism. This policy aims to comprehensively prevent and combat terrorist activities, including the misuse of cyberspace for terrorist purposes. In particular, in January 2007 a Joint Internet Monitoring Centre was established in Berlin, which focuses on Islamist terrorism. The BfV (Federal Office for the Protection of the Consitution, lead service), the BKA (Federal Office for Criminal Investigation) and the BND (Federal Intelligence Service), as well as other national security authorities, co-operate within the framework of the centre. This takes into account the fact that the Internet has a dual significance in terms of combating terrorism: on the one hand, monitoring Internet use by terrorists may lead to the gathering and assessment of information. But on the other hand, the use of the Internet by terrorists may cause direct threats as well. Furthermore, taking into account the all-hazard approach in protecting information infrastructure, such as the Internet, there is no distinction made in Germany as a matter of principle between the types of danger in taking action against potential misuse. The focus is on maintaining procedures and processes independently of whether the threat is of a terrorist or other criminal nature. Combating cybercrime with police measures is, as a matter of principle, undertaken by the Länder in Germany. The Federal Criminal Police Office (BKA) supports investigations in the Länder; it has an independent unit of experts who serve as special investigators. The Federal Office for Information Security has preventive competence for Internet security in Germany. In this way, the Computer Emergency Response Team (CERT) warns all user groups (authorities, consumers, companies) specifically of dangers posed by the Internet. For further information please see the Country profiles on counter-terrorism capacity at www.coe.int/gmt. Pour plus de renseignements, veuillez consulter les Profils nationaux sur la capacité de lutte contre le terrorisme: www.coe.int/gmt.
2 B. Legal framework 2. Does your national legislation criminalise the misuse of cyberspace for terrorist purposes, and a. are these offences specifically defined with regard to the terrorist nature or technical means of committing the crime, or b. is the misuse covered by other, non-specific criminal offences? How are these offences defined and which sanctions (criminal, administrative, civil) are attached? German penal law criminalises certain forms of misuse of the Internet for terrorist purposes. The relevant provisions of the law relating to crimes against the state as well as other crimes included in the Criminal Code (StGB) may be applicable. Sections 129a and 129b of the Criminal Code, which deal with the formation of terrorist groups domestically and abroad, are primarily relevant to the area of law relating to crimes against the state. The following criminal offences are primarily relevant in terms of an attack on or the misuse of computer systems: - Section 202a of the Criminal Code (data espionage); - Section 303a of the Criminal Code (alteration of data); - Section 303b of the Criminal Code (computer sabotage); - Section 263a of the Criminal Code (computer fraud); - Section 269 of the Criminal Code (falsification of legally relevant data). This does not require the existence of "terrorist intent"; however pursuant to Section 46 of the Criminal Code such an intent may be considered for the sentence. Additional provisions were created to implement the Council of Europe Convention on Cybercrime of 23 November 2001 (ETS No. 185). Specifically, these provide for the following: - a separate criminal offence of data interception in a new criminal provision, Section 202 b of the Criminal Code; - an amendment to Section 303b of the Criminal Code which extends its paragraph 1 to all data processing that is of substantial significance "to another" and includes as criminal conduct the entry and communication of data; - the extension of criminal liability for preparatory activities to additional cybercrime offences by establishing a new criminal offence in Section 202c of the Criminal Code, which criminalises the preparation of a criminal offence pursuant to Section 202a or 202b of the Criminal Code. Likewise, these provisions do not contain any special elements of qualification or aggravation in the case of terrorist activities. Germany does not consider it necessary to establish further-reaching offences for cybercrime. Finally, other criminal offences may also be applicable to cases of misuse of the Internet. These include, for example, public incitement to crime (Section 111 of the Criminal Code). According to that provision, those who publicly, in a meeting or through the dissemination of writings, including audio and visual media, data storage media, illustrations and other images, incite an unlawful act, are subject to punishment. This may take place via the Internet. Also potentially relevant is the criminal offence of rewarding and publicly approving a crime (Section 140 No. 2 of the Criminal Code). Pursuant thereto, those who publicly, in a meeting or through the dissemination of writings, and in a manner that is capable of disturbing the public peace, approve of certain criminal offences detailed therein, after they have been committed or attempted, are subject to punishment. This may occur via the Internet as well. Furthermore, punishment could be imposed for giving instructions for certain criminal offences (Section 130a of the Criminal Code). Such instructions could be published on the Internet.
3 3. Do you plan to introduce new legislation to counter terrorist misuse of cyberspace? What are the basic concepts of these legislative initiatives? The coalition agreement between the political forces forming the Federal Government provides for an assessment as to whether and to what extent amendments are necessary in the criminal law relating to the fight against terrorism. That assessment has thus far not been concluded. Concerning the above-mentioned criminal offences in Sections 111, 140 No. 2 and 130a of the Criminal Code, no legislative measures are planned. 4. What are the existing national practices in the field of detecting, monitoring and closing down websites used for terrorist purposes? Procedures to find, track and monitor websites are wire and phone tapping, source information, forums, Google etc. Guidelines or methodologies for conducting research do not yet exist, but their development is in process. Furthermore, relevant websites are stored in the archives. Monitoring is carried out both on a regular/systematic basis and through ongoing investigations by intelligence services. Systems to ensure full and appropriate analysis and investigation started in January 2007, when the Joint Internet Monitoring Centre was established in Berlin. Furthermore, all known Internet addresses are saved in a specially developed portal. The websites are supplied with additional information provided by the respective pre-evaluation staff. The results taken from the Internet, translations and assessments are saved in a special system in the portal; from there, they can be retrieved by all staff members as well as by various other security authorities. Various Internet tools, such as website monitoring systems and various search engines, form part of this system as well. Germany's legal system provides mechanisms to close down Internet websites. In the case of criminal offences, it is possible to close down websites on the basis of court orders. In addition, websites that are harmful to young people may be placed on an index of banned sites. Regardless of the legal situation, German providers can be approached on a "good will" basis and asked to close their websites down. One hurdle is that many of the websites that are being monitored are located on servers abroad. In that case it is not possible to take any legal action from within Germany. A decision whether to monitor or disrupt depends on individual evaluations as the cases arises. 5. Does your national legislation provide criteria for establishing jurisdiction over such offences? What are those criteria? The general German law concerning the applicability of criminal law (jurisdiction) applies also to criminal offences in connection with the misuse of the Internet for terrorist purposes. Section 3 of the Criminal Code provides that German criminal law applies to offences committed on German territory. For offences committed outside the country, German criminal law applies in the cases of Sections 5 and 6 of the Criminal Code for the offences listed there, independently of the law of the place of the offence, and pursuant to Section 7 subsection 1 and subsection 2 No. 1 of the Criminal Code, if the offence was committed by or against a German national or the perpetrator was a German at the time of the offence or became a German thereafter. If the perpetrator was a foreigner at the time of an act committed abroad, German criminal law applies if the perpetrator was found to be in Germany and, although extradition would be permissible for such an offence, is not extradited because a request for extradition within a reasonable period of time is not made, is rejected, or the extradition is not practicable ( 7 (2) no 2 of the Criminal Code). In cases involving section 7 of the Criminal Code, it is a prerequisite that the act be threatened with punishment at the place of the act or that the place of commission is not subject to any criminal jurisdiction.
4 Section 9 of the Criminal Code governs the question of where an offence is committed. Pursuant to Section 9 subsection 1 of the Criminal Code, an act is committed at any place where the perpetrator acted or, in case of an omission, should have acted, or at which the result, which is an element of the offence, occurs or should occur according to the understanding of the perpetrator. 6. Does your national legal system establish ancillary offences related to the misuse of cyberspace? Punishability for participation in the misuse of the Internet for terrorist purposes is, in principle, based upon the generally applicable provisions of German criminal law. As such, those who intentionally incite others to intentionally commit a criminal offence may be punished in the same way as the perpetrators (Section 26 of the Criminal Code). Furthermore, those who intentionally provide aid to another with a view to that person intentionally committing an unlawful act may be punished as an accessory (section 27 of the Criminal Code). The Criminal Code also provides that those who attempt to induce or incite another to commit a serious criminal offence (i.e. an unlawful act punishable by at least one year's imprisonment) will be subject to punishment (Section 30 subsection 1 of the Criminal Code). Those who declare willingness, accept an offer from another or agree with another to commit or incite the commission of a serious criminal offence are also subject to punishment (Section 30 subsection 2 of the Criminal Code). Depending on the circumstances of the specific case, these offences may also be committed by using the Internet. 7. What kind of national procedures do you have for submitting an application on the activities of Internet-providers and/or hosting companies, to deprive a user from a domain name or to cancel his/her/its registration or licence? Internet providers and/or hosting companies are not concerned with the registration of domain names. The domain name registration service is separate from the provision of the Internet service. A domain name can only be withdrawn from its user if the domain name is held illegally, which means violating the rights of another person or company. The use of Internet services (access or hosting) is based on service contracts governed by civil law. There are no national procedures to interrupt the contractual relationship between service providers and users. On the other hand, of course, there are procedures to block or prevent the use of illegal websites. This can be ordered by law enforcement authorities to Internet and/or hosting providers. These blocking orders must be followed by service providers even if, as Internet intermediaries, they cannot be held liable for the illegal action itself. 8. What non-legislative measures do your have in your country to prevent and counter terrorist misuse of cyberspace, including self-regulatory measures? There are no specific non-legislative or self-regulating measures to prevent and counter terrorist misuse of cyberspace in Germany. However, there are general measures which include terrorist misuse. Since 1999, there has been a community programme at the European level to counter illegal or dangerous content (especially but not only for the better protection of (children and) minors using the Internet). At the moment this programme is ongoing as Safer-Internet-Plus 2005-2008. It will probably be continued for a further period until 2013. The central activities of this measure are the establishment of national hotlines and awareness-nodes including their co-operation at the European level (INHOPE, INSAFE). Private and national German institutions are participating in these activities with outstanding projects.
5 C. International co-operation 9. Please describe the general framework for international co-operation regarding the misuse of cyberspace for terrorist purposes. At the level of the European Union, Germany has, within the scope of its Council Presidency, successfully initiated the "Check the web" project to intensify co-operation, including the division of tasks among the member states, in monitoring and assessing the use of the Internet by international terrorists. For that purpose, Europol has opened an information portal, which may be used by all member states for exchanges of information. This portal has succeeded in making considerable progress in the co-operation among the member states: It supplies a platform which allows member states to make their information available to one another and thus pool all the knowledge of the European Union. Co-operation among the member states, with a focus on the division of tasks, is being expanded on that basis. Regular expert meetings have been initiated as well. They serve to promote exchanges of experiences with regard to the analysis of relevant Internet appearances and the technical questions of Internet monitoring, as well as for the targeted coordination of concrete co-operation projects. Apart from this the rules of international legal co-operation also apply in such cases. 10. What are the existing practices and experiences with regard to international cooperation, in particular in relation to the procedures described in question 4? The "Check the web" project has met with a great deal of positive response at the European Union level. The member states recognise the need for a division of tasks in monitoring the Internet in a way that conserves resources. The project includes a comprehensive exchange of information among the member states. Operative activities, such as blocking and closing down Internet sites, are discussed at regular expert meetings - in addition to other topics such as the analysis of Internet content. Initiatives taken within the framework of the European Union s Community Programme to combat illegal and harmful content on the Internet should also be mentioned in this connection. These initiatives first began in 1999 under the Internet Action Plan and are currently being continued under the Safer Internet Plus programme. Within this context, member states have set up hotlines that allow users to lodge complaints about illegal or harmful content on the Internet. In Germany, the complaint service jointly operated by Freiwillige Selbstkontrolle Multimedia (Association for the Voluntary Self-Monitoring of Multimedia) and the Eco Internet association, as well as the project jugendschutz.net ("protection of minors"), represent two such hotlines. D. Institutional framework 11. Please list the institutions that are competent for countering terrorist misuse of cyberspace. In Germany, the agencies responsible for monitoring of websites are the BKA, the Bundesnachrichtendienst (BND), the Bundesamt für Verfassungsschutz (BfV), and the Landesämter für Verfassungsschutz (state offices for the protection of the constitution - LfV). 12. Are there any partnerships between the public and private sectors (Internet-service providers, hosting companies, etc.) to counter terrorist misuse of cyberspace? There are no permanent partnerships between the public and the private sector; rather, the private sector is approached on a case-by-case basis (as described under question 4.).
6 E. Statistical information 13. Please provide relevant statistics on offences relating to the misuse of cyberspace for terrorist purposes (including possibly: cases recorded, investigated, brought to court, convictions, victims etc.). Germany does not have such statistics available. 14. Where possible, please describe briefly the profile of offenders typically involved in the misuse of cyberspace for terrorist purposes (professional background, gender, age, nationality), and possible typical organisational characteristics, including trans-national links and links to other forms of organised crime. In the German view, no generalised statements may be made with regard to typical offender profiles in connection with the misuse of the Internet or other data networks for terrorist purposes.