Jim O'Callaghan (Dublin Bay South, Fianna Fail) | Oireachtas source

Actually, sometimes it was.

I welcome the legislation. When I saw it, I was not aware that this type of offence had not already been criminalised. One would have thought information systems which played such an important part in business and ordinary personal life would be protected from attack, but that does not appear to be the case. I understand the Bill seeks to transpose into Irish law Directive 40 of 2013 of the European Parliament and the Council. We will support its passage on Second Stage and consider whether amendments should be tabled on Committee Stage. I will identify one or two matters and let Deputy Jonathan O'Brien conclude his day's work in the 14th hour.

The offences to be covered are set out in sections 2 to 6, inclusive, which provide for the criminalisation of individuals who access information systems without lawful authority. In the directive which the Bill seeks to transpose it is mentioned that several offences should be criminalised, at least in cases that are not minor.

The Minister of State might also turn his mind to whether in section 2 a definition is needed of "a security measure". If we are to criminalise certain behaviour, we need to ensure people are aware that what they are doing is criminal. Section 2 states: "A person who, without lawful authority or reasonable excuse, intentionally accesses an information system by infringing a security measure shall be guilty of an offence". It is important for people to be aware of what is a security measure.

Section 3 deals with "Interference with information system without lawful authority", while section 4 deals with "Interference with data without lawful authority". Section 5 deals with "Intercepting transmission of data without lawful authority", while section 6 deals with "Use of computer programme, password, code or data for purposes of" committing the offences outlined.

Last evening when we dealt with the Criminal Justice (Suspended Sentences of Imprisonment) Bill 2016, I referred to how on many occasions we drafted and debated criminal justice legislation, identified offences and set out what the penalties were. This legislation is consistent with that approach because when we reach section 8, we see what the penalties are. They appear to be universal in that they are a fine or a term of imprisonment. As we said at the committee meeting this morning, we need to become more sophisticated in our choice of penalties in legislation. It is far too easy for legislators, when considering penalties for offences, to insert the usual penalty of imprisonment and/or a fine.

10 o’clock

We need to think of other potential penalties that can be imposed. If we continue to keep criminalising different types of behaviour, as we are doing here by criminalising certain behaviour in respect of information data systems, we should be broadening our approach to the nature of penalties that can be imposed.

I do not propose to take any more of our time, other than to say that we will be supporting the passage of the Bill on Second Stage. I ask the Minister to consider whether it is necessary for a definition to be given to a security measure.

See this speech in context