Computer criminals pose the same risks to investigators when compared to traditional suspects.

8The analysis of destructive attacks on computer systems carried out by means of the Internet shows a wide variety of possible techniques : terrorists could circumvent the integrity, confidentiality, and availability of computer systems and data either by hacking computers, deceiving victims, or spreading viruses and worms, thus manipulating systems, or by bringing about mass queries and other large scale attacks on the victim’s computer system (such as distributed denial of service attacks using bot nets). [6] If the attacked IT-systems are connected to other critical systems and infrastructures, both the disruption of services as well as physical harm and loss of life could result. Physical damage could be brought about, for example, by attacking the computers of electrical supply systems, hospitals, food production or pharmaceutical companies, air, railroad or other transport control systems, hydroelectric dams, military control systems, or nuclear power stations. [7] Thus, in order to respond to the question of whether international legal instruments have gaps with respect to the coverage of terrorist attacks on computer systems, a wide variety of abuses involving different attack techniques and different results must be considered.

9The national substantive criminal law provisions and the various international standards in question are characterized by descriptions of acts, results, and intents. Thus, the investigation of the applicability of these provisions to terrorist attacks on computer systems carried out by means of the Internet requires a systematic analysis not only of the acts themselves but especially of the various results (actual and intended) of the attacks. This leads to the following pattern, which is valid for the analysis of all destructive attacks on computer systems carried out by means of the Internet :

• The primary result of all destructive acts against computer systems carried out by means of the Internet must be interference with data, that is, destruction, alteration, suppression, or the rendering unavailable of data. This is simply because in the absence of such interference the perpetrator can neither influence an attacked computer system nor affect the accessibility or availability of the system. [8]
• Secondary results of this kind of interference with data can be seen in two types of damage: Digital (or intangible) damage may result if data are rendered unavailable or manipulated so that services can no longer be delivered or if the computer system of the victim is compromised. Physical (or tangible) damage may result if the attacked computer system is used in the administration of property (such as hydroelectric dams or power plants) or human life (such as medical records).
• In causing these primary and secondary results, the perpetrator intends to bring about a third result, namely, the effectuation of his or her political goals (such as intimidating a population, compelling a government to act in a certain way, or destabilising political structures).

10The development and use of this analytical pattern for Internetbased attacks on computer systems offers the opportunity to understand better the different approaches and the relationship between the existing regulations that target cybercrime and those that target terrorism : Attacks on computer systems carried out by means of the Internet can be addressed by means of special ITbased statutes that focus on the first “result level” mentioned above, that is, the integrity, availability, and confidentiality of data and computer systems (as does the Cybercrime Convention). In cases of additional (proprietary and especially human) harm, attacks can also be addressed by means of offences that focus on the second “result level,” namely, physical damage (as do the UN conventions on typical terrorist acts), possibly in combination with a specific terrorist intent on the third “result level” (as does the EU Framework Decision). In sum, cyberterrorism can be tackled with a “computer-specific” data approach (focusing on the intangible harm to data) and/or with a “terrorist-specific” tangible damage approach (focusing on the physical harm and – possibly – also on a certain political intent).

11These two possible approaches will be analyzed in more detail on the basis of the relevant international conventions, that is, the Convention on Cybercrime of the Council of Europe, the EU Council Framework Decision on attacks against information systems, the EU Council Framework Decision on combating terrorism, and the various UN conventions that obligate states to enact substantive criminal law provisions.

12The Council of Europe’s Convention on Cybercrime, [9] which takes the data approach described above, is the most comprehensive of the existing international instruments that address computer crime. It includes obligations with respect to substantive criminal law, criminal procedure, and international cooperation.

13In the area of substantive criminal law (Chapter II Section 1), Articles 4 and 5 address the “damaging, deletion, deterioration, alteration or suppression of computer data” and the “serious hindering … of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data”:

14Art. 4 : Data interference

151. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right.

162. A Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm.

17Art. 5 : System interference

18Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.

19Thus, Articles 4 and 5 of the Cybercrime Convention cover all types of interference with data and computer systems that – as shown – are a prerequisite for terrorist attacks on computer systems carried out by means of the Internet. Since Article 4 is not limited to the deletion of data but also encompasses the alteration and suppression of data (and is extended to the hindering of a computer system by Article 5), such interference is not limited to IT-based attacks on computer systems but also occurs in the context of the aforementioned attacks on other infrastructures, on physical property, or on the life or well-being of persons. [10] This consequence of the underlying concept of the Cybercrime Convention on the comprehensive protection of the integrity and availability of computer systems is confirmed in the Explanatory Report of the Convention, which explains that Article 5 is formulated in “a neutral way so that all kinds of functions can be protected by it.” [11] As a result, all types of terrorist attacks against computer systems fall under Articles 4 and 5.

20In addition, Articles 2 and 3 of the Cybercrime Convention cover the intrusion techniques of hacking and interception of computer data (e.g., by means of technical manipulations or by misusing intercepted information), which in many cases must be engaged in order to overcome the security measures in place on the victim’s computer system so that the intruder can interfere with and alter data :

21Art. 2 : Illegal access

22Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system [12] without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data [13] or other dishonest intent, or in relation to a computer system that is connected to another computer system.

23Art. 3 : Illegal interception

24Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

25These provisions are extended in scope by rules on attempt and aiding and abetting (Art. 11) and on corporate liability (Art. 12) and are supported by rules requiring effective, proportionate, and dissuasive sanctions, including the deprivation of liberty (Art. 13). In addition, Article 6 on the “misuse of devices” aims at the criminalization of acts preparatory to intrusion, such as the illegal production, sale, procurement for use, or otherwise making available of “a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5” or a “computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed,” with intent that the device or data be used for the purpose of committing any of the offences established in Articles 2 through 5. Article 6 also targets the possession of these items with intent that the item be used for the purpose of committing any of the offences established in the aforementioned articles. [14] Thus, with respect to terrorist attacks via the Internet, Articles 2,3, and 6 give additional protection, allowing perpetrators to be prosecuted at an early stage.

26As a consequence, the implementing requirements of the Cybercrime Convention in the area of substantive criminal law demand a broad criminalization of IT-based terrorist attacks on computers and all other legal interests that depend on the functioning of computer systems. As shown above, physical harm to property or human life and well-being is not a prerequisite for punishment under the Cybercrime Convention, but leads to the applicability of additional “traditional” offences of national criminal law. Thus, the Cybercrime Convention achieves the criminalization of attacks on computer systems by means of a “data approach” that does not require, consider, or evaluate physical damage or the (political) intent of the perpetrator.

27EU Council Framework Decision on Attacks Against Information Systems

28The EU Council Framework Decision on attacks against information systems [15] is based on the Cybercrime Convention of the Council of Europe and, like the Convention, requires Member States to ensure that illegally accessing information systems (Art. 2), illegally interfering with systems (Art. 3), and illegally interfering with data (Art. 4) are punishable as criminal offences. [16] In addition, it includes requirements concerning the criminalization of instigation, aiding and abetting, and attempt. As a consequence, it can also cover the necessary interference with data in IT-based cyberterrorism attacks. [17]

29EU Council Framework Decision on Combating Terrorism

30Cyberterrorism is also addressed in the EU Council Framework Decision on combating terrorism. [18] n contrast to the aforementioned instruments, this Framework Decision follows a “terrorist-specific,” traditional corporeal damage approach (focusing on the physical or human corporeal harm). Unlike the Cybercrime Convention, the focus of the Framework Decision is not on the interference with data or on the IT-based forms of attack, but on the result of the perpetrator’s action and on his or her intent with respect to the political aim of the attack. Article 1 of the Framework Decision reads as follows (emphasis added):
Each Member State shall take the necessary measures to ensure that intentional acts referred to below …, which, given their nature or context, may seriously damage a country or an international organisation where committed with the aim of :

• seriously intimidating a population, or
• unduly compelling a Government or international organisation to perform or abstain from performing any act, or
• seriously destabilising or destroying the fundamental political, constitutional, economic or social structures of a country or an international organisation,

31 shall be deemed to be terrorist offences :

32… (d) causing extensive destruction to a Government or public facility, a transport system, an infrastructure facility, including, an information system, a fixed platform located on the continental shelf, a public place or private property likely to endanger human life or result in major economic loss …

33… (i) threatening to commit any of the acts listed in (a) to (h).

34Articles 2 and 4 contain additional rules on participation (including supplying information, material resources, or funding) and on attempt. Thus, the Framework Decision applies a “corporeal damage approach” that focuses more specifically on terrorist attacks than do the data and system interference provisions of the Cybercrime Convention. In contrast to the Cybercrime Convention, it takes into consideration the extent of the damage to a computer infrastructure, thus covering serious attacks on infrastructures and against a multitude of computers by large scale virus attacks or DDoS attacks and excluding minor attacks against individual computer systems. In addition, it takes into consideration the “terrorist” intent of the perpetrator, that is, whether he or she pursued specific political aims. As a consequence of these aggravating factors, Article 5 of the Framework Decision requires that such offences be punishable by custodial sentences longer than those that can be imposed under national law for offences committed without special intent. Since the means of attack are not specified, the EU Council Framework Decision on combating terrorism covers both traditional violent attacks as well as IT-based attacks. Thus, there are no gaps in criminalization when the provision is applied to attacks via the Internet.

35UN Conventions and Protocols Against Specific Acts of Terrorism

36The UN has elaborated numerous multilateral conventions and protocols relating to states’ instruments for combating violent acts and terrorism. [19] he focus of these instruments is on the enumeration of dangerous acts and results that are typical of terrorism :

• The Convention for the Suppression of Unlawful Seizure of Aircraft, the Convention for the Suppression of Unlawful Acts Against the Safety of Civil Aviation, and the Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation [20] im to criminalize certain acts of seizure of an aircraft, violence against a person on board an aircraft, destruction of aircraft or air navigation facilities, and other similar offences. Attempting to perform such an offence as well as serving as an accomplice to someone who performs or attempts to perform such an offence is also punishable. These provisions could be applied, for example, in cases of computer-based manipulation of flight control systems in airplanes or airports.
• The Convention on the Prevention and Punishment of Crimes Against Internationally Protected Persons [21] obligates the parties to criminalize certain acts against heads of state, heads of government, and other representatives of a State, such as murder, kidnapping, certain violent attacks, the threat and the attempt to commit any such act, as well as participation in such acts. Such an attack could be committed, for example, by manipulating a hospital computer system in order to kill a person protected by the Convention.
• The International Convention Against the Taking of Hostages [22] punishes “any person who seizes or detains and threatens to kill, to injure or to continue to detain another person … in order to compel a third party … to do or abstain from doing any act as an explicit or implicit condition for the release of the hostage.” Attempt and participation are also punishable. The provisions required by this Convention could be applied, for example, in a case in which terrorists communicate demands for ransom via email.
• The Convention on the Physical Protection of Nuclear Material [23] aims to bring about the criminalization of certain acts involving nuclear material. Article 7 covers “an act without lawful authority which constitutes the receipt, possession, use, transfer, alteration, disposal or dispersal of nuclear material and which causes or is likely to cause death or serious injury to any person or substantial damage to property.” It also deals with “an act constituting a demand for nuclear material by threat or use of force or by any other form of intimidation” as well as “a threat … to use nuclear material to cause death or serious injury to any person or substantial property damage.” Attempt and participation are also covered by the Convention. Similarly, the new Convention for the Suppression of Acts of Nuclear Terrorism (not yet in force) [24] aims to prevent the illegal use of radioactive material. A person commits an offence if, for example, he or she unlawfully and intentionally possesses or uses radioactive material with the intent to cause death or seriously bodily injury or to cause substantial damage to property or to the environment. The Convention also includes threat, attempt and participation provisions. Convention offences could be committed, for example, by terrorists manipulating the computer system of a nuclear power plant with the intent to set free nuclear material.
• The Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation [25] stablishes a legal regime applicable to acts threatening the safety of international maritime that is similar to the regimes applicable to acts threatening the safety of international aviation. It makes it an offence for a person unlawfully and intentionally to seize or exercise control over a ship by force, threat, or intimidation, to destroy a ship, or to perform certain acts of violence against a person on board a ship, or to engage in other acts against the safety of ships. The same applies if someone communicates information that he or she knows to be false, thereby endangering the safe navigation of a ship. Such action could be committed, for example, by manipulating an electronic ship control system. Attempting as well as abetting or otherwise serving as an accomplice in the commission of a listed offence are also punishable offences.
• The Protocol for the Suppression of Unlawful Acts Against the Safety of Fixed Platforms Located on the Continental Shelf [26] creates a legal regime for fixed platforms on the continental shelf that is similar to the regimes established to safeguard international aviation. According to Article 2, a person commits an offence if he or she unlawfully and intentionally seizes or exercises control over a fixed platform by force or threat thereof or any other form of intimidation. An offence is also committed by a person who destroys a fixed platform or who threatens, with or without a condition, aimed at compelling a physical or judicial person to do or refrain from doing any act, to commit such offences, if that threat is likely to endanger the safety of the fixed platform. Such destruction of a fixed platform could be achieved by electronic interference with the platform’s security control system. Attempting as well as abetting or otherwise serving as an accomplice in the commission of a listed offence are also punishable offences.
• The International Convention for the Suppression of Terrorist Bombings [27] ddresses the unlawful and intentional use of explosives and other lethal devices. According to Article 2, a person commits an offence “if that person unlawfully and intentionally delivers, places, discharges or detonates an explosive or other lethal device in, into or against a place of public use, a State or government facility, a public transportation system or an infrastructure facility : (a.) with the intent to cause death or serious bodily injury; or (b.) with the intent to cause extensive destruction of such a place, facility or system, where such destruction results in or is likely to result in major economic loss.” According to the definition in Article 1, an “explosive or other lethal device” is “an explosive or incendiary weapon or device that is designed, or has the capability, to cause death, serious bodily injury or substantial material damage” or “a weapon or device that is designed, or has the capability, to cause death, serious bodily injury or substantial material damage through the release, dissemination or impact of toxic chemicals, biological agents or toxins or similar substances or radiation or radioactive material.” Attempt and participation in listed offences are also punishable. Thus, the criminal law provision demanded by the Convention could be applied in a case of cyberterrorism in which a bomb is triggered via the Internet. However, the definition of Article 1 and the aim of the Convention obviously do not allow an extension to “virtual bombs” (such as “mail bombs” or other destructive software tools) that cause only intangible damage.

37The enumeration shows that the criminal provisions of the UN conventions follow the traditional “corporeal damage approach” mentioned above (focusing on physical or human corporeal harm) by protecting certain persons (e.g., senior representatives of States) or infrastructures (e.g., air and sea traffic or maritime platforms) or criminalizing certain dangerous acts (e.g., bombing, uncontrolled transfer of nuclear material, and hostage-taking). Concentrating as they do on specific dangerous acts that are punishable per se, they do not contain a subjective requirement of political (“terrorist”) intent. All of them have additional provisions that regulate attempt and participation.

38With respect to cyberterrorism and the use of the Internet for terrorist purposes, it is important to note that all criminal provisions contained in the conventions and protocols discussed above are worded in general terms. They are applicable regardless of how the acts are committed, that is, whether the acts are committed by traditional means or by means of IT-based attacks. For example, the provisions demanded by the aforementioned UN Conventions are applicable if the Internet is used to take control over an airport or a ship navigation system, if a computer network is used to trigger a bomb or an attack on an aircraft, or if computer manipulations are undertaken in order to misroute the transfer of nuclear material. The non-applicability, mentioned above, of the Convention for the Suppression of Terrorist Bombings to “virtual bombs” is not an exception to this rule, but rather a desired result of the legal framework of the UN conventions on terrorism, which are directed at specific, enumerated acts only. Thus, the UN instruments are generally applicable and do not have gaps in criminalization with respect to IT-based attacks. However, due to the system of the UN conventions on terrorism, these conventions do not cover all terrorist acts in a general way. Thus, the evaluation of existing international conventions raises the question of whether a new convention, one that would specifically address terrorist attacks on computer systems or computer infrastructures, is necessary.

45As mentioned above, the second major use of the Internet for terrorist purposes consists in the dissemination of illegal content. In order to spread their messages of fear and terror, perpetrators use all types of media, systems, and content. As a result, websites, video-sharing platforms, and other media have become important tools of an “open university for jihad.” [33] Thus, the identification of possible gaps in international instruments with respect to illegal content requires the identification of the various acts that correspond to the categories of conduct prohibited by the relevant national and international provisions.

46In most national legal systems and in the international instruments under study, the applicability of these legal provisions no longer depends on the type of carrier used to disseminate the illegal content. In other words, the relevant criminal provisions found in international instruments and in most domestic legal orders do not distinguish between data that are distributed by means of traditional carriers (e.g., paper documents for traditional writings), data that are distributed by corporeal electronic data carriers (e.g., CDs), and data that are distributed by incorporeal transmitters such as the Internet, the radio, or television. [34]

47Instead, domestic legal orders and international instruments differentiate with respect to the various kinds of illegal content and the types of harm they may cause to different legal interests. An analysis of terrorist communication leads to the identification of the following typologies and kinds of content :

• threatening to commit terrorist offences,
• inciting, advertising, glorifying, and justifying terrorism,
• training for terrorism,
• recruiting for terrorism,
• fundraising for and financing of terrorism,
• disseminating racist and xenophobic material and denying, approving, or justifying genocide. [35]

48A legal assessment of most of these phenomena exposes the difficulty in pinpointing the transition between illegality and legality while balancing underlying interests in security and freedom (especially freedom of the press [36] ). This can be seen, for example, in the gradual transition between inciting, advertising, glorifying, justifying, explaining, and merely reporting terrorist offences (as illustrated by the publication of assassination videos set to music). The same applies to the publication of information on special weaponry : information that could be useful to terrorists but might also be found in common chemistry or physics textbooks. Similar difficulties also arise with respect to fundraising for charitable organisations that are connected to terrorist groups. Thus, it is obvious that not all of the above mentioned phenomena are or should be fully covered by the substantive criminal law provisions in international conventions.

49Due to the difficulty of balancing security and human rights in the context of each of the aforementioned types of content, this analysis cannot judge in detail whether the balancing approach undertaken in international conventions with respect to each of these categories should be approved or reconsidered. Instead, the following sections examine whether the issue was recognized and whether it was taken into account in a reasonable way during the development of the various international instruments. Also with respect to the competent international institutions’ possible chances to reconsider and change existing conventions , the aim of this analysis is not to judge the approach to the balancing of interests taken in the many specific solutions found in the various instruments but to identify gaps – or deficiencies – in the treatment of serious issues (both with respect to criminalization and with respect to the protection of human rights).

50Based on these considerations, the following analysis will be undertaken with respect to threats to commit terrorist offences; incitement, recruitment, and training for terrorism; fundraising for and financing of terrorism as well as dissemination of racist and xenophobic material. In addition, the relationship between these types of content and the liability of media representatives and Internet providers will be addressed.

51UN Conventions and Protocols Against Specific Acts of Terrorism

52Some of the UN conventions against specific terrorist acts described above [37] contain provisions against terrorist threats that are also applicable to terrorist threats disseminated on the Internet : The Convention on the Prevention and Punishment of Crimes Against Internationally Protected Persons overs a threat to commit any of the listed acts against senior representatives of a State (Art. 2). The Convention on the Physical Protection of Nuclear Material refers to a threat “to use nuclear material to cause death or serious injury to any person or substantial property damage” or “to commit an offence described in sub-paragraph (b) in order to compel a natural or legal person, international organisation or State to do or to refrain from doing any act” (Art. 7). The Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation xplicitly includes as separate offences certain threats related to the commission of some (but not all) listed offences against the safety of ships (Art. 3). The Protocol for the Suppression of Unlawful Acts Against the Safety of Fixed Platforms Located on the Continental Shelf explicitly includes as separate offences certain threats related to the commission of some (but not all) listed offences against the safety of fixed platforms (Art. 2). The International Convention for the Suppression of Acts of Nuclear Terrorism (not yet in force) also explicitly includes as an independent offence certain threats related to the commission of some (but not all) of its listed offences (Art. 2). [38]

53In contrast, the Convention for the Suppression of nlawful Seizure of Aircraft, the Convention for the Suppression of Unlawful Acts Against the Safety of Civil Aviation, he International Convention Against the Taking of Hostages and the International Convention for the Suppression of Terrorist Bombings do not have such threat provisions. [39] Thus, there is no common systematic approach to this issue in the various conventions.

54EU Council Framework Decision on Combating Terrorism

55In contrast to the UN Conventions, the EU Council Framework Decision on combating terrorism [40] goes further with respect to the criminalization of terrorist threats. Article 1, a comprehensive general provision dealing with terrorist offences based on objective and subjective criteria, contains a list of acts, such as attacks upon a person’s life, attacks upon the physical integrity of a person, kidnapping or hostage taking, causing extensive destruction to certain infrastructures, attacks on aircrafts, ships or other means of public or goods transport, use of weapons, release of dangerous substances, etc. Article 1 requires that these acts be deemed terrorist offences under national law if they seriously damage a country or an international organisation where committed with the aim of :

• seriously intimidating a population, or
• unduly compelling a government or international organisation to perform or abstain from performing any act, or
• seriously destabilising or destroying the fundamental political, constitutional, economic or social structures of a country or an international organisation.

56The advantage of this “uniform” approach can be seen with respect to the present question concerning the criminalization of terrorist threats : Article 1 section 1(i) prohibits in a systematic and transparent way “threatening to commit any of the acts listed.” Thus, all serious terrorist threats within the scope of Article 1 are covered, irrespective of whether they are directed at individual persons, at institutions, or at the public. It also does not matter whether the threat is communicated via traditional media or on the Internet.

57CoE Convention on the Prevention of Terrorism

58The Council of Europe Convention on the Prevention of Terrorism [41] s the most specific instrument addressing the harmonization of substantive criminal law in the area of terrorism and with related questions of victims, jurisdiction, international cooperation, etc. According to Article 1, the term “terrorist offence” means any of the offences within the scope of and as defined in one of the treaties listed in the Convention’s appendix, which lists the major UN conventions against terrorism. In the field of substantive criminal law, the Convention requires each state party to adopt such measures as may be necessary to establish as criminal offences the following acts when committed unlawfully :
Art. 5 : Public provocation to commit a terrorist offence, i.e., “the distribution, or otherwise making available, of a message to the public, with the intent to incite the commission of a terrorist offence, where such conduct, whether or not directly advocating terrorist offences, causes a danger that one or more such offences may be committed.” Art. 6 : Recruitment for terrorism, i.e., the solicitation of another person “to commit or participate in the commission of a terrorist offence, or to join an association or group, for the purpose of contributing to the commission of one or more terrorist offences by the association or the group.” Art. 7 : Training for terrorism, i.e., the provision of “instruction in the making or use of explosives, firearms or other weapons or noxious or hazardous substances, or in other specific methods or techniques, for the purpose of carrying out or contributing to the commission of a terrorist offence, knowing that the skills provided are intended to be used for this purpose.” Art. 9 : Ancillary offences, i.e., the participation in, organising of others to commit, or contribution by a group of persons acting with a common purpose to an offence as set forth in Articles 5 to 7, as well as the attempt to commit an offence as set forth in Articles 6 and 7.

59Due to these ancillary offences, the limitation of Article 5 to public provocation does not lead to a serious gap in criminalization, as the (non-public) provocation of individual persons to commit a terrorist offence can often be covered by the provisions on participation (instigation, in particular). Glorification and justification of terrorism and terrorist acts are at least partly covered by Article 5 by the vague wording “distribution of a message to the public, with the intent to incite the commission of a terrorist offence, where such conduct, whether or not directly advocating terrorist offences, causes a danger that one or more such offences may be committed.” [42] These provisions do not require that the dissemination of the relevant material take place by means of traditional writings or documents (as was the case with some traditional offences against illegal content in national legislation). [43] Thus, they also apply to the incitement of terrorist offences, to the recruitment for terrorism, and to terrorist training on the Internet and in other electronic communication systems.

60UN Security Council Resolution 1624

61UN Security Council Resolution 1624 [44] deals with the prohibition against incitement to terrorism. In number 1(a) of the Resolution, the Security Council “calls upon all States to adopt such measures as may be necessary and appropriate and in accordance with their obligations under international law to … prohibit by law incitement to commit a terrorist act.” This provision covers both traditional and IT-based incitement.

62UN International Convention for the Suppression of the Financing of Terrorism

63The UN International Convention for the Suppression of the Financing of Terrorism [45] bligates parties to criminalize the financing of terrorism. According to the Convention, a person commits an offence if that person “unlawfully and wilfully, provides or collects funds with the intention that they should be used” in order to carry out an act that constitutes an offence within the scope of the annexed UN conventions “or any other act intended to cause death or serious bodily injury to a civilian … when the purpose of such act … is to intimidate a population, or to compel a government or an international organisation to do or abstain from doing any act.” [46] Attempt as well as various forms of participation, contribution and organisation are also dealt with in the Convention. [47]

64UN Security Council Resolution 1373

65UN Security Council Resolution 1373, which was adopted on 28 September 2001, [48] shortly after the 9/11 attacks, contains a similar obligation. In the area of substantive criminal law, the Security Council decided that “all States shall ... criminalize the wilful provision or collection, by any means, directly or indirectly, of funds by their nationals or in their territories with the intention that the funds should be used, or in the knowledge that they are to be used, in order to carry out terrorist acts.” Furthermore, “all States shall ... ensure that any person who participates in the financing, planning, preparation or perpetration of terrorist acts or in supporting terrorist acts is brought to justice and ensure that, in addition to any other measures against them, such terrorist acts are established as serious criminal offences in domestic laws and regulations and that the punishment duly reflects the seriousness of such terrorist acts.” In contrast to UN Security Council Resolution 1624, which only “calls upon” States, [49] Resolution 1373 is intended to be binding (States “shall” criminalize). Like the other UN instruments, the resolution is applicable to acts involving terrorist motives committed online.

66CoE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime

67The CoE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime [50] also contains rules pertaining to the adoption of substantive criminal law provisions. The “laundering offences” defined in Article 6 include the various acts of conversion or transfer of property that is the proceeds of crime, the concealment or disguise of such property’s true nature, the acquisition of such property, and the participation in such acts. However, in contrast to the above UN instruments, the convention does not cover the financing of crimes with legally obtained funds. For that reason, the substantive criminal law provisions of the convention as well as of other UN and EU money laundering instruments are not dealt with in detail here.

68Additional Protocol to the CoE Convention on Cybercrime

69During the process of drafting the Convention on Cybercrime, it was difficult to reach an agreement on the criminalization of acts of a racist and xenophobic nature. [51] Thus, these acts were addressed in a separate additional protocol. [52] According to the Protocol, “each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the following conduct”:

70Art. 3 : Dissemination of racist and xenophobic material through computer systems, i.e., “distributing, or otherwise making available, racist and xenophobic material to the public through a computer system.”

71Art. 4 : Racist and xenophobic motivated threat, i.e., “threatening, through a computer system, with the commission of a serious criminal offence, as defined under its domestic law, (i) persons for the reason that they belong to a group distinguished by race, colour, descent or national or ethnic origin, as well as religion, if used as a pretext for any of these factors; or (ii) a group of persons which is distinguished by any of these characteristics.”

72Art. 5 : Racist and xenophobic motivated insult, i.e., “insulting publicly, through a computer system, (i) persons for the reason that they belong to a group distinguished by race, colour, descent or national or ethnic origin, as well as religion, if used as a pretext for any of these factors; or (ii) a group of persons which is distinguished by any of these characteristics.” In addition, Article 6 addresses the denial, gross minimisation, approval, or justification of genocide or crimes against humanity by “distributing or otherwise making available, through a computer system to the public, material which denies, grossly minimises, approves or justifies specific acts constituting genocide or crimes against humanity.” According to Article 7, the substantive law provisions must be accompanied by rules concerning aiding and abetting.

73With respect to terrorism, the provisions of this Protocol are relevant to threats and insults committed with the intent to incite conflicts and violence between groups distinguished by race, colour, or national or ethnic origin. The provisions are directed at IT-based content and are therefore also applicable to the use of the Internet for terrorist purposes.

74European Union Council Framework Decision on combating racism and xenophobia

75A similar proposal of the European Union for a Council Framework Decision on combating racism and xenophobia has not yet been enacted. [53]

85Computer systems and the Internet are also used to support communication relating to planning of terrorist activities as well as to facilitate other preparatory acts for all types of terrorist cases. The perpetrators may send encrypted email or email containing hidden messages; they may acquire information online (e.g., tips on constructing bombs, on hostage-taking, or on hijacking). They may use the Internet to analyze targets by satellite maps available on the Internet, to gather other types of information such as reports of security weaknesses in airports, to pursue logistical planning, to engage in money laundering (e.g., by means of Internet banking), or to make money by selling pirated software and by other crimes using the Internet. The analysis of seized computer systems has confirmed that such acts already play a considerable role in practice. [73]

86The above-mentioned activities are addressed to a certain degree by the aforementioned conventions. As described, the criminal acts dealt with in these conventions are broadly defined and the definitions do not specifically address the question of (traditional or computer-based) means of commission. Most of the provisions in these conventions include adequate rules on participation as well as rules covering preparatory acts and attempt.

87Besides these rules of the general part of criminal law, there are additional statutes in the specific part of criminal law which already cover preparatory acts at an earlier stage and also extend the attribution of these acts to accessories. On the international level such respective rules on “conspiracy” and “participation in criminal organizations” are addressed in the following additional instruments.

88UN Convention Against Transnational Organized Crime

89The UN Convention Against Transnational Organized Crime [74] aims to criminalize participation in an organized criminal group (Art. 5), laundering of proceeds of crime (Art. 6), corruption (Art. 8) and obstruction of justice (Art. 23). Article 5 reads as follows : Art. 5 : Criminalization of participation in an organized criminal group 1. Each State Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences, when committed intentionally : (a) Either or both of the following as criminal offences distinct from those involving the attempt or completion of the criminal activity : (i) Agreeing with one or more other persons to commit a serious crime for a purpose relating directly or indirectly to the obtaining of a financial or other material benefit and, where required by domestic law, involving an act undertaken by one of the participants in furtherance of the agreement or involving an organized criminal group; (ii) Conduct by a person who, with knowledge of either the aim and general criminal activity of an organized criminal group or its intention to commit the crimes in question, takes an active part in : a. Criminal activities of the organized criminal group;

b. Other activities of the organized criminal group in the knowledge that his or her participation will contribute to the achievement of the above-described criminal aim.