I thank the House for giving of its time to consider this relatively short but significant legislation. As explained on Second Stage, its primary purpose is to give effect to provisions of Directive 2013/40/EU on attacks against information systems. The Bill will also give effect to many of the key provisions of the Council of Europe Convention on Cybercrime, the Budapest convention.
The legislation reflects the EU directive in that it provides for criminal offences in relation to attacks against information systems and their data and establishes effective, proportionate and dissuasive penalties for such offences, the most serious of which could result in a term of imprisonment of up to ten years. The offences provided for relate to information systems and data and do not cover content-related matters. The Bill mainly creates new offences relating to the unauthorised accessing of information systems; unauthorised interference with information systems or data on such systems; unauthorised interception of transmissions of data to or from information systems; and the use of tools such as computer programmes, passwords or devices to facilitate the commission of these offences relating to information systems. The primary offences are set out in sections 2 to 7, inclusive, of the Bill.
The term "information system", as defined in the Bill, is deliberately broad, encompassing all devices involved in the processing and storage of data, not only those considered to be "computer systems" in the traditional sense. This reflects the range of modern communications and data storage technology available such as tablets and smartphones. Information systems also encompass the IT infrastructure or networks that support communication systems and individual devices, as well as data. The term "data" is also circumscribed broadly in the Bill as meaning any representation of facts, information or concepts in a form capable of being processed and includes a programme capable of causing an information system to perform a function.
Information systems are very much part of our daily lives in the modern world. They are increasingly relied upon by governments, businesses and individual citizens alike. This reliance on modern technology can also, unfortunately, mean vulnerability, as new technology creates opportunities for new forms of crimes, or at least an online version of crimes, perpetrated in cyberspace but with a very real impact on the ground. It is vital, therefore, that we seek to protect modern information and communication systems and also maintain users' confidence in the safety and reliability of such systems. This legislation ensures unlawful activity related to information systems will be criminalised and that strong penalties will be in place to both deter and punish offenders.
I will mention at this stage that it may be necessary on Committee Stage in the Upper House to make a technical amendment to section 9 of the Bill which deals with liability offences by corporate bodies. If that is required, the Bill will return briefly to Committee Stage in this House with a view to having the amendment approved.
I thank Deputies for their generous support for the Bill. It is short but nonetheless important legislation. It is notably the first piece of legislation in this jurisdiction specifically dedicated to combating cybercrime and protecting information systems and their data.