Criminal Justice (Offences Relating to Information Systems) Bill 2016: Second Stage

Question proposed: "That the Bill be now read a Second Time."

I am very pleased to introduce the Bill to this House on behalf of my colleague, the Tánaiste and Minister for Justice and Equality, Deputy Frances Fitzgerald, who regrets that she is unable to be present. I am also pleased to be able to report that it received general support on its recent passage through the Lower House.

The Criminal Justice (Offences Relating to Information Systems) Bill 2016 is relatively short but very significant legislation. It is, notably, the first piece of Irish legislation dedicated to dealing with cybercrime, a transnational problem which requires a co-ordinated, international response. The Bill will ensure Ireland will play its part by giving effect to provisions of Directive 2013/40/EU of the European Parliament and the Council of 12 August 2013 on attacks against information systems. It will also give effect to many of the key provisions of the Council of Europe convention on cybercrime - the Budapest Convention - which Ireland signed in 2002. The legislation reflects these international instruments in that it provides for criminal offences in relation to attacks against information systems and establishes effective, proportionate and dissuasive penalties for such offences, the most serious of which could result in a term of imprisonment of up to ten years. The offences provided for relate to information systems and data and do not cover content-related matters. The Bill creates new offences relating to the unauthorised accessing of information systems; unauthorised interference with information systems or data on such systems; unauthorised interception of transmissions of data to or from information systems; and the use of tools such as computer programmes, passwords or devices to facilitate the commission of these offences relating to information systems.

Before outlining the content of the Bill in more detail, I would like to provide some context for the legislation. It is true to say information systems are very much part of our daily lives in the modern world. They are increasingly relied on by governments, businesses and individual citizens alike. The term "information system", as defined in the Bill, is deliberately broad, encompassing all devices involved in the processing and storage of data, not only those considered to be computer systems in the traditional sense. This reflects the range of modern communications and data storage technology currently available such as tablets and smartphones. Information systems also encompass the IT infrastructure or networks that support communication systems and individual devices, as well as data. The term "data" is also broadly circumscribed in the Bill, as meaning any representation of facts, information or concepts in a form capable of being processed and includes a programme capable of causing an information system to perform a function. There is no doubting the very significant benefits which modern information systems bring to our lives. However, reliability on such systems can also, unfortunately, mean vulnerability.

New technology creates opportunities for new crimes. Cybercrime and attacks on information systems have become increasingly problematic and challenging across Europe and the rest of the world. The European Commission brought forward its proposal for a directive in this area against a backdrop of steadily increasing cybercrime. It included previously unknown large-scale and dangerous attacks against the information systems of companies such as banks, the public sector and even the military in EU member states and other countries. New concerns emerged in this area such as the massive spread of malicious software. Such "malware", as it is termed, can, for instance, create what are known as "botnets" - networks of infected computers that can be remotely controlled to stage large-scale, co-ordinated attacks. These networks of compromised computers may be activated, often without the knowledge of the users of the computers, to perform specific actions such as attacks against information systems.

The interconnection of computers and information systems, through cyberspace, facilitates communication between companies and individuals across the world. What has become clear is that, as cyberspace has developed and evolved, so has cybercrime which is a transnational phenomenon. Traditional law is based on physical geography, whereas cybercrimes occur in the virtual world of cyberspace and readily intersect and transcend national boundaries. There is a clear need, therefore, for international co-operation in this area and harmonisation of national laws to counter the very real threats faced. It is vital that we seek to protect citizens, businesses and government structures alike from cyber attacks which represent such a growing challenge in the modern technological environment. That is the central aim of the Bill.

I propose to outline in more detail the content of the Bill which contains 17 sections. Section 1 provides the necessary interpretation provisions for the Bill and includes a definition of "information system". The term "information system", rather than "computer", is used in order to enable the Bill to have the widest possible application taking account of rapidly evolving technology in this area. The section also includes a broad definition of "data". Both definitions are based on those contained in the EU directive.

Further important definitions in section 1 relate to the concepts of lawful authority and right holder. These are particularly significant in relation to how the offences under sections 2 to 6, inclusive, are framed. I will outline these offences presently, having made a couple of preliminary comments in this regard. I first point out that the activities concerned such as access to or interference with information systems or data are not offences if they are performed with lawful authority such as with the permission of the owner or right holder of the system. It is clearly not intended to criminalise the activities of those who have authority to access information systems or possess a computer programme or code for the purpose of maintaining, testing or protecting information systems. There are, for instance, companies which carry out such activities legitimately in the course of their work which could involve testing the security of information systems and protecting them from attack. Such companies are effectively exempt from the provisions of the Bill. A further point of commonality in the manner in which the offences under sections 2 to 6, inclusive, are framed is the notion of intent. When the activities described are carried out with lawful authority and without criminal intent, they could not be considered to be offences.

Section 2 provides that it is an offence to intentionally access an information system by infringing a security measure without lawful authority or reasonable excuse.

Section 3 provides that it is an offence to intentionally interfere with an information system so as to hinder or interrupt its functioning. It also describes the various means of interference such as, for example, inputting data to the system, damaging or deleting data or making data on the system inaccessible.

Section 4 provides that it is an offence to intentionally interfere with data on an information system, for example, by deleting, altering or causing the deterioration of the data.

Section 5 provides that it is an offence to intentionally intercept the non-public transmission of data to or from or within an information system.

Section 6 provides that it is an offence to intentionally produce, sell, import, distribute or otherwise make available a computer programme or any device, computer password, access code or similar data for the purpose of the commission of an offence under sections 2 to 5, inclusive. It will be noted that the direct intention to commit an offence is specifically required in relation to this provision, in addition to the general intent requirement contained in all of the offence provisions. This reflects the requirements of the EU directive and is designed to avoid criminalisation where such tools or devices are produced and put on the market for legitimate purposes such as the testing of the security of information systems.

Section 7 allows a search warrant to be issued to An Garda Síochána by the District Court in the investigation of the suspected commission of offences under the Bill. It also sets out the process involved and provides for related matters. It includes a requirement that a person under investigation shall, on request, provide the Garda with any password or key or code necessary to operate a computer or access the data. This provision, essentially, replaces the search warrant provision in section 13 of the Criminal Damage Act 1991 in so far as it relates to data and applies the provision generally to the investigation of offences relating to information systems. Section 13 of the Bill amends the 1991 Act and includes a transitional provision in respect of search warrants issued under that Act. I will return to section 13 and the Criminal Damage Act shortly.

Section 8 sets out the penalties for the commission of offences under sections 2 to 6, inclusive. It provides that a person who commits an offence under sections 2 and 4 to 6, inclusive, will be liable, on summary conviction, to a fine of up to €5,000 or imprisonment for a term of up to 12 months, or both. On conviction on indictment, these offences are punishable by a fine or a term of up to five years in prison, or both. The same penalties apply on summary conviction for offences committed under section 3 which relates to unlawful interference with an information system but conviction on indictment for this offence carries an even more prohibitive penal sanction of up to ten years. This penalty reflects the gravity of the offence and the potential for damage in which unlawful interference with an information system could result.

Section 8 further provides that fraudulent use of the personal data of another person will be treated as an aggravating factor when the court is determining sentence for an offence under sections 3 or 4. It also provides for penalties for offences in relation to the search warrant provisions in section 7. Such offences include obstructing a Garda member acting under authority of a search warrant, a failure to provide information to facilitate Garda access to a computer or a failure to give the Garda a correct name and address.

Section 9 clarifies that where an offence under the Bill is committed by a body corporate, liability will rest with the person acting on behalf of the body corporate, as well as with the body corporate.

Section 10 establishes legal jurisdiction with regard to the commission of offences under sections 2 to 6, inclusive. It provides that a person may be tried in the State for an offence under sections 2 to 6, inclusive, where it is committed by a person inside the State in relation to an information system outside the State or where an offence is committed outside the State in relation to an information system in the State. Legal jurisdiction also extends to the commission of such an offence in relation to an information system outside the State if the person is an Irish citizen, ordinarily resident in the State or a body corporate or company under the law of the State and the act is an offence under the law of the place where it is committed.

Section 11 relates to evidence of Irish citizenship in the context of legal proceedings for offences under the Bill that are committed outside the State. It clarifies that it is an officer of the Minister for Foreign Affairs and Trade who certifies that a passport has issued and that it is an officer of the Minister of Justice and Equality who certifies that a person has not ceased to be an Irish citizen.

Section 12 deals with the legal concept of double jeopardy and provides that a person who has been tried for an offence outside the State will not be proceeded against for an offence under this legislation in respect of which the person has already been tried.

Section 13 amends the Criminal Damage Act 1991 in so far as it relates to damage to computer data in the context of damage to property. The offences contained in the 1991 Act in relation to computer data are being deleted and will instead be covered and expanded on in this legislation. Section 5 of the 1991 Act which relates to unauthorised access to computer data is, for instance, being deleted as it is being replaced by section 2 of the Bill.

Section 14 amends the Bail Act 1997 to include in the Schedule to that Act the offences provided for under sections 2 to 6, inclusive, of the Bill. The Schedule to the 1997 Act specifies serious offences, in respect of which an application for bail may be refused by the court. The offences under sections 2 to 6, inclusive, of the Bill will, therefore, come within this category.

Section 15 is a technical amendment to Schedule 1 to the Criminal Justice Act 2011 which provides for certain powers and procedures with respect to the prosecution and investigation of white collar crime. Schedule 1 specifies the offences which are relevant for the purposes of the 2011 Act and includes the data related offences which are contained in the Criminal Damage Act 1991 and which will be replaced by the Bill. Section 15, therefore, includes the new offences in the Schedule and also inserts a transitional provision to cover data related offences which were committed under the Criminal Damage Act prior to the commencement of this legislation.

Section 16 provides that expenses incurred by the Minister for Justice and Equality in the administration of this legislation shall, to the extent sanctioned by the Minister for Public Expenditure and Reform, be paid out of moneys provided by the Oireachtas.

Section 17 is a standard provision providing for the Short Title and commencement. There will be an opportunity on Committee Stage to discuss in more detail any aspect of the Bill that Senators wish to explore further. I am sure they will agree that it is vital that we seek to safeguard modern information and communication systems and maintain users' confidence in the safety and reliability of such systems. This is arguably even more important and appropriate in Ireland which has become somewhat of a global cyber-hub in view of the number of high-tech and information technology and Internet based companies that have major operations here. The legislation ensures unlawful activities relating to information systems are criminalised and that strong penalties are in place to both deter and punish offenders. I am pleased, therefore, to commend the Bill to the House.

I have extensive briefing notes and speaking points, but I will try to not to use all of them as I appreciate we are discussing Second Stage and will have an opportunity on Committee Stage to engage further on the Bill.

The good news is that the Fianna Fáil Party will support the Bill which aims to define criminal offences in the area of attacks against information systems and establish effective, proportionate and dissuasive penalties for such offences. As the Minister of State outlined, given the presence here of many information technology companies, including Google, Facebook and eBay - there are too many to mention - it is important that we be at the top of our game in dealing with people who seek to make life difficult and awkward for all of us. We all rely on mobile phones, use mobile banking services and send e-mails and want to ensure these activities are as safe as possible.

It is critical that citizens, business and government be protected from cyber-attacks which increasingly constitute a major challenge in today's technological environment. The presence of so many high-tech and Internet based companies in Ireland makes this even more relevant. However, it is also critical that we resource the Garda to enforce the laws on cybercrime. It is a matter of concern that the number of gardaí working in the area of cybercrime fell in 2016. Late last year figures provided for Fianna Fáil through a parliamentary question showed that only 29 gardaí were tasked with policing cybercrime, despite the number of cyber-attacks doubling. The number of gardaí working to tackle this growing threat declined in the past two years, despite an increasing number of cyber-attacks in Ireland. Cybercrime is a real and growing threat to individuals and businesses. We have seen personal attacks involving blackmail which had tragic consequences, as well as economic crimes that resulted in losses of millions of euro to business through fraud. In just a few clicks lives can be ruined and businesses destroyed. While the creation of a dedicated unit is a welcome step, it will be unable to make substantive progress unless it has sufficient and skilled personnel. The increase in the number of gardaí secured by Fianna Fáil in the confidence and supply agreement must be used in part to help deal with this rising threat.

A recent comprehensive PwC Irish economic crime survey outlined the scale of the threat posed by cybercrime. The report found that nearly half of organisations which had reported economic crime had suffered a cyber-attack in the previous two years. The figure has almost doubled since 2012 and is substantially higher than results globally. Of those affected by cybercrime in Ireland, nearly one in five incurred losses in excess of €92,000 and figures as high as €4.6 million were reported. Also, board members and directors are not paying sufficient attention to cyber-readiness. Fewer than half of board members request information on the cyber-readiness of their organisation in any given year.

The 2015 Garda Inspectorate report highlighted how cybercrime and cyber-security covered a range of offences. Advances in technology are creating new opportunities for criminals. I appreciate that this area is changing rapidly - almost on a daily basis - and that organised criminal networks are expanding into it. Cybercrime affects everyone, including citizens, corporations and governments. During visits by the Garda Inspectorate, many senior gardaí highlighted cybercrime and the threats it posed as requiring the creation of a cybercrime unit and immediate action by An Garda Síochána. Many policing services have developed cybercrime units and some have included cybercrime in an existing organised crime unit. The Garda Inspectorate believes there is an opportunity to create cybercrime investigative capacity within a serious and organised unit. As part of the responsibility of such a unit, a national cybercrime strategy should be developed. In its more than 20 years in existence, the computer crime investigation unit at the Garda Bureau of Fraud Investigation has had many successes in detecting crimes such as computer related fraud and illegal trading over the darknet. It has built up significant experience and expertise, with many of its staff regarded externally as experts in their respective fields. However, a lack of technology has resulted in a widely reported backlog of cases in the unit. Additional resources and a change in processes in the computer crime investigation unit have led to a reduction in the backlog. However, to ensure it has the capacity and capability to deal with current and future workloads, the unit will be restructured and further management and staff added.

Although it is a separate area, the significant growth in cyberbullying in recent years has allowed bullies to target individuals with little or no sanction or regulation. A September 2016 report published by the Law Reform Commission underscores the need to do more to tackle the emergence of online hate campaigns and bullying. Cyberbullying can have devastating consequences and tackling it will require much more awareness. While it has not affected the school, the board of which I chair, I am aware that young people are very vulnerable to this problem which has had tragic consequences for those who have been attacked online. I appreciate that this issue is not directly related to the Bill. It is important, however, that the House acknowledge the need to strike a balance when dealing with digital harassment. Awareness campaigns on digital safety and good practice and better education are all components of this. Equally, strong sanctions which are provided for in the Bill act as an important deterrent. Fianna Fáil previously proposed a major shift in the law to protect people, especially children, from cyberbullying and make it a criminal offence to engage in, assist or encourage cyberbullying. If the legislation had been successfully supported by the Government, the offence of cyberbullying would have been defined in Irish law to help to protect people from online hate campaigns. Online bullying, hate campaigns and harassment are major issues, principally for the younger generation, and we need a strong basis in law to help to tackle the problem. The Government must ensure the full recommendations made in reports on how to deal with cyberbullying are implemented. As the digital and technological revolution continues, we must be prepared to respond to legally protect our civil liberties. In the past, online bullying has only had consequences for the victims. Now is the time to ensure the perpetrators also face legal consequences.

I commend the Minister of State for the Bill, which is great work, and welcome the transposition of EU legislation in this area into Irish law. We must ensure the Garda has sufficient resources to enforce this law appropriately. While I appreciate that much of this relates to systems and the cloud and we are no longer talking about computers at home, we must tackle cyberbullying and cybercrime. This is a good step, but we must make sure the Garda is resourced with sufficient highly qualified and technical personnel. This is not a job for ordinary gardaí graduating from the Garda College in Templemore, as good as they may be.

This is a very specialised and skilled area. There have been murder cases solved through the use of technology, including a very famous one recently. There are amazing skills within the Garda, but we need to make sure that we work together to resource them sufficiently to tackle these bullies and criminals.

I welcome the Minister of State at the Department of Justice and Equality, Deputy Stanton, to the House, and commend both him and the Tánaiste for bringing forward this very important legislation. In this country we regularly pride ourselves on having seven of the top ten IT companies based here, including Google, Facebook and Apple. We are always pronouncing on how we as a nation have been able to attract them because of our talented pool of graduates who have the skill sets required, plus the fact that Ireland is attractive in any regard. Dublin certainly is a hub, and Senator Horkan is correct in that regard. Equally so, we should be leading the way in terms of dealing with the criminal aspects of this. I would be the first to say that the development of technology has been of incredible benefit to many people. For example, what people with disabilities can do with iPads is phenomenal, compared to how it was twenty years ago. Equally there is a downside to everything, and this certainly has a downside. That is why this legislation is timely. I have no doubt that either the Minister of State here or one of his successors will have to update this legislation because it is very fast moving and constantly changing and evolving, no more than standard crime. The criminal is almost always one step ahead, and I have no doubt that it is the same in cyber crime. New devices and methodologies to facilitate crime will spring up.

I recently became aware of a small retailer in the Galway area who experienced a cyber attack, and their small computer system with perhaps 400 or 500 accounts was invaded. Unfortunately, the Garda told the company to pay the ransom. There was some sort of ransom in computer terms, and it cost the people a few thousand euro in order to get their system freed up so that they could continue doing their business. It was outrageous. It is the type of thing one might see in the movies, but one would not think that it actually goes on.

In the last Seanad I called for SIM cards to be registered, because any young fellow can go down to the sweet shop and buy 20 penny sweets and he can go into the mobile phone shop next door and buy 20 SIM cards for €50 or whatever it is. One does not have to be over 18 to buy a SIM card. Furthermore, there is no registration of these SIM cards. If one had to produce a driver's licence or passport to buy a SIM card and that SIM card was registered, at least then if the Garda investigating crime discovers this mobile phone number there would be some traceability there. I asked the library and research unit here to do some research as to what was international best practice in that regard, and it seems that only five or six countries had a registration of SIM cards system in place. It was seen as unworkable because of the amount of SIM cards. There are probably twice the number of SIM cards in this country as there are citizens. That is how fast technology is moving.

I welcome the Bill. It is great that it is getting support from across the House, but I fear that it will be amended many times going forward because of the fluid nature of the Internet and social media and cyber crime. I look forward to Committee Stage, and hopefully we will get it passed through this House as quickly as it was passed through the Lower House.

Sinn Féin will also be supporting the passage of this Bill today. Colleagues have succinctly outlined the vast potential of how this can impact on our lives. I have been a victim of online crime myself, in that someone treated themselves to a flight to Manchester and an overnight stay in a hotel on my credit card. How that happened I have no idea, but nevertheless it happened. Colleagues have touched on much more sinister and tragic outcomes from some of the people who are criminally active online, and we have seen this in the North in recent years, where young people have taken their own lives because they have been pushed to such extremes as a result of the manipulation, harassment, bullying and criminal activity being carried out by these people. While sometimes we can get caught up in the world of technology and we can switch ourselves off to just how vast and complex it is, this does have a very tangible negative impact on people's lives, day in and day out. It is right, proper and positive that governments are responding to that.

I thank the Minister of State for the comprehensive presentation he gave. It is very detailed. As Senator Conway has outlined, this is a very complex situation and one that we will no doubt have to adapt to and be fluid as we move forward. I have no doubt that we will work collaboratively in terms of the next Stages to try and refine this legislation together to deal with some of it.

I have some questions that I feel are important to have on the record. The law on cyber crime in Ireland is somewhat outdated, as the Minister of State has acknowledged, and contained in a range of legislative provisions. It is difficult to navigate across the Criminal Damage Act, the Criminal Justice (Theft and Fraud Offences) Act and the Criminal Justice Act 2011. The provisions of Acts dating from the early 1990s are rarely used because they are not fit for current prosecution needs. Clearly, given the nature of the technological developments over the last 15 years or so, there is a need to update and modernise laws pertaining to the protection of information and communication systems. Along with an update to the language and terminology relevant to offences in cyber crime there are a number of substantive offences introduced in this Bill, including the offence of hindering or interrupting an information system, denial of service offences, as well as the offence of providing the tools to commit denial of service offences. There are provisions for fines of up to €5,000 and 12 month prison sentences.

Sinn Féin broadly welcome the Bill and welcome this aspect of it, but we have some concerns regarding the provisions on search warrants. We wish to hear the Minister of State outline further if there are any protections for whistleblowers who might break the law or be perceived to have broken the law in the public interest.

While the Bill is to be welcomed it has to be said that there is little point in introducing more legislation and giving the Garda extra powers if it does not have the resources to investigate any breaches of this new law. It is not just about the correct training, which is important in terms of capacity building within the Garda , but we also need to resource the Garda to meet the demands that are there as a result of this criminal activity.

I am aware from the review of the computer crime investigation unit under the Garda Sióchána modernisation and renewal programme that a dedicated Garda cyber crime unit has recently been established, but there are no figures currently available for the level of resources actually attached to it. Perhaps the Minister of State can provide those figures, now or later. Saying that the allocation of resources is ongoing is not enough, for all of the reasons that Members have outlined today. I also wonder if the Minister would have an update on the intention to establish regional cyber crime units beyond the current pilot regions, when this will happen and what resources will be attached to them.

During last summer the Garda Commissioner, Nóirín O'Sullivan, said that the Garda would be introducing a new computer based system to track criminal complaints by the end of 2016. Can the Minister of State confirm that this has happened? Considering the number of Garda stations that have no Internet access - some do not even have access to PULSE - it seems unlikely that this could be the case.

These are practical issues that we hope to work on collaboratively with the Minister of State and other colleagues on Committee Stage to make this a better Bill in order to protect people.

We have had many victims of cybercrime at many different levels. What we want to try to do with this legislation, and of course it is also the intention of the Minister of State and the Department, is to ensure fewer and, ultimately, no more victims.

I thank the House for giving its time and consideration to the matter. As I stated at the very start, and it has been acknowledged by colleagues, this is significant legislation. I thank the Senators for their contributions and their general support for the Bill. It is clear there is a shared determination to combat cybercrime. The Bill focuses on protecting information systems and the data they contain from unauthorised access or interference. This is vital to the interests of businesses, Government structures and individual citizens alike, given the central role information systems play in all our lives.

As technology advances and new forms of crime evolve, our legislative frameworks must also develop to counter these threats. Cybercrime activities come in many different forms and broadly involve criminal attacks on information systems and infrastructures themselves or on their associated data. Data are an increasingly valuable commodity in the economic world and personal information in particular carries a premium. Criminal gangs are aware of this and perpetrate large-scale pervasive attacks involving unauthorised access to, collection of and use of data for monetary gain. Some of the more common forms of cybercrime involve identity theft, online Internet scams or fraud, cybercrimes on business, cyber extortion, as was mentioned earlier, industrial espionage and online intellectual property theft. It is these crimes which cause the greatest impact economically in Ireland and around the globe. It has been estimated the cost of cybercrime to the Irish economy is €630 million per annum. Grant Thornton, the consultants who carried out this analysis, discovered the cost of traditional crimes, such as welfare and tax fraud, moving into the online environment is a significant threat to the Irish economy.

The legislation we are introducing seeks to protect information systems and important data from cyber attacks from within and outside the State. The Bill makes it an offence to engage in cybercrime activity and provides strong penalties for those found guilty of offences relating to information systems, including up to ten years imprisonment if the crime is sufficiently serious. Cybercrime is an international worldwide problem. It knows or respects no borders. There is a need, therefore, for international co-operation to counter the menace. Harmonisation of national laws is a very important way of doing this. By strengthening our laws throughout Europe and beyond we present a united front against cybercrime and counter its transnational dimension. The legislation before us will serve to transpose the EU directive on attacks against information systems and ensure Ireland can stand alongside our European partners in combatting criminality in this area and protecting vital infrastructure.

International co-operation is also necessary on a practical operational level through sharing information between police authorities to bring cyber criminals to justice and enforce our laws. A key aim of the EU directive, in addition to criminalising offences relating to information systems, is to improve co-operation with and between competent authorities, including the police and other law enforcement services such as Europol and the European Cybercrime Centre. For the purpose of exchanging information on cyber offences, member states are required to have an operational national point of contact, which is available 24 hours a day, seven days a week. The designated national contact point for Ireland is the Garda computer crime investigation unit, and its contact details have already been provided to the European Commission and can be made available to other member states' competent specialised agencies and bodies.

The Bill will ensure unlawful activities relating to information systems and their data are criminalised and strong penalties are in place to deter and punish offenders. In doing this it seeks to protect modern information and communication systems and maintain users' confidence in the safety and reliability of such systems. This is clearly important for business, the Government sector and individuals.

Senator Horkan mentioned the Law Reform Commission's report on harmful communications and digital safety published in September 2016. While noting the positive benefits to society of the interconnected digital world in which we live, the report also noted the negative aspects of the emerging trend to engage in online communications that cause significant harm to others. While the report identified the existing criminal law already addresses some of the harmful communications described, it also identified significant gaps that require legislation, particularly where new technologies are being used in new ways that could not have been previously anticipated. Colleagues have mentioned the importance of developing and moving on, and it is changing by the hour.

In December 2016 the Government gave its approval for the drafting of a general scheme of a Bill which would provide for new and amended criminal offences along the lines set out in the report. The Bill will address the criminal law aspects of the Law Reform Commission's report. Work is being undertaken to prepare the general scheme of the Bill which, when published, can be fully considered by the Oireachtas Joint Committee on Justice and Equality and the public at large.

As we know, there are proposals to reconfigure the Garda computer crime unit into the Garda cybercrime unit. I am not aware of whether many civilian staff will be involved. It strikes me that those involved will really be on top of their game and really specialist people. It is not the number of people, as has been said, but that we have people who really are specialised in these areas. The Garda has built up considerable expertise in this area. The former head of the unit heads up the European cybercrime unit.

Other questions were asked earlier and I will endeavour to get answers at a later stage, as has been requested.

Question put and agreed to.

When is it proposed to take Committee Stage?

Committee Stage ordered for Tuesday, 18 April 2017.