Max Planck Institute for Foreign and International Criminal Law

This research project addresses the reform of the substantive law of computer crime in the 41st Act Amending the German Criminal Code for the Purpose of Combating of Computer Crime (41st Straftrechtsänderungsgesetz, StrÄndG). This Act, which became effective in August 2007, addressed the coverage by the criminal law of attacks on data and computer systems: it targeted forms of computer crime that were not – or were only incompletely – covered by existing law. These amendments were intended to bring German criminal law into conformity with requirements established by the Council of Europe and the European Union.

The project examines the 41st StrÄndG as a legislative reaction to the phenomena of complex crime and as an expression of European harmonization of the national criminal law systems in this offense area. The study poses the following interrelated and cumulative questions in order systematically to analyze the criminal law protection of IT security pursuant to the new law on computer crime and to conduct a critical evaluation of the statutory amendment: (1) What methods did the legislature use in the pursuit of its stated intention of finding an answer to the challenges currently posed by computer crime and of implementing the requirements established by European law? (2) What problems in interpretation are posed by the reform in light of the previous law on computer crime and the requirements to be implemented? (3) How successful is the reform from a criminal policy perspective and in terms of the goals set by the legislature, and what is the cause of any ascertained inadequacies?

The focus of this project is on the new criminal offense definitions and structures and their doctrinal and practical implications. The legislature drew on existing provisions located both within and outside the criminal code and repeatedly made reference to them in the travaux préparatoires. The European legal instruments implemented via the reform are of interest not only with regard to the history of the reform, they are also directly relevant for the interpretation of the new German law. Both of these points are thus taken into consideration throughout the study. The analysis of the reform reveals a number of inconsistencies, consequences that are questionable from a legal policy perspective, and shortcomings in implementation.

The results of the study will be published in a monograph. An introductory section presents the background of the 41st StrÄndG. It traces the development of the law of computer crime up to the legal status quo prior to the reform, distinguishes the regulatory material that is the subject of the study – namely, the criminal law protection of information technology security – from other areas of computer criminal law, and provides an overview of the content of the relevant European legal instruments. The second section, which consists of an in-depth analysis of the reform, is divided into three subsections: first, unauthorized access to data and computer systems will be considered; second, the protection of the integrity and accessibility of data and computer systems will be examined; and finally the criminalization of activities in the early stages of both of these areas will be discussed. Each of these three subsections will address the specific computer crime phenomena at issue as well as the content of the relevant European legal instruments, including the latitude provided by these instruments within which countries are free to draft their implementing statutes as they see fit. The third section identifies the practical effects of the innovations introduced by the 41st StrÄndG and takes a position on the resulting questions of interpretation. The discussion includes a detailed analysis of several particularly relevant fact patterns. The final section is made up of a critical evaluation of the practical consequences mentioned above in light of the challenges that arise in practice and the requirements of European law. This section includes proposals for the further development of German computer criminal law.

Significant results of the project have already been published, in abbreviated form, in Gröseling/Höfinger, MMR 2007, 549ff. und MRR 2007, 626ff.