Imminent terrorist attacks via the Internet are frequently entitled "Electronic Pearl Harbor" or "Digital Waterloo." Until now, however, very few if any actual attacks have been registered. On behalf of the Council of Europe, this project examines both the opportunities and options that the Internet in fact offers terrorists as well as the currently existing international legal instruments for fighting cyberterrorism.

"Cy­berter­ror­ism is as dan­ger­ous as a mis­sile at­tack," a high-rank­ing NATO rep­res­ent­at­ive said re­cently, thereby ex­press­ing the sig­ni­fic­ance this mil­it­ary or­gan­iz­a­tion ascribes to the phe­nomen­on. This as­sess­ment is, however, con­tro­ver­sial. There are many dif­fer­ent con­cep­tions of what "cy­berter­ror­ism" is. Some in­clude even those ter­ror­ist activ­it­ies that have only a re­mote con­nec­tion to com­puters (for in­stance, send­ing E-mails). Ac­cord­ing to an­oth­er point of view, only a very nar­row defin­i­tion can do justice to the phe­nomen­on. Thus, in this view, only those ter­ror­ist at­tacks that are ex­ecuted via or with the help of the In­ter­net can qual­i­fy as cy­berter­ror­ism. In terms of the In­sti­tute’s re­search pro­gram, both the func­tion­al as well as the ter­rit­ori­al lim­its of crim­in­al law are af­fected, be­cause ter­ror­ists can em­ploy an­onym­iz­a­tion and en­cryp­tion tech­no­logy in or­der to im­pede their trace­ab­il­ity and be­cause they can pur­pose­fully route their di­git­al at­tacks through many coun­tries.

This pro­ject deals with two as­pects of the phe­nomen­on "cy­berter­ror­ism" with­in the scope of an ex­pert opin­ion for the Coun­cil of Europe. The sub­ject – and at the same time the goal – of the study was first to identi­fy the op­tions cur­rently avail­able to ter­ror­ists if they make use of the In­ter­net. Second, a re­view of ex­ist­ing in­ter­na­tion­al leg­al in­stru­ments, con­ven­tions, and pro­to­cols was un­der­taken in or­der to look for loop­holes with re­spect to the pre­vi­ously iden­ti­fied tech­nic­al op­tions that should be filled by means of sup­ple­ment­ary le­gis­la­tion.

A meth­od­o­lo­gic­al dis­tinc­tion needs to be drawn between the pro­ject's tech­nic­al and its leg­al goals. The former was car­ried out by means of an ana­lys­is of the lit­er­at­ure, cur­rent me­dia re­ports, and pub­lic­a­tions of the se­cur­ity branch of in­form­a­tion tech­no­logy. The leg­al goals were real­ized by means of an ana­lys­is of in­ter­na­tion­al law, es­pe­cially the bi­lat­er­al and mul­ti­lat­er­al con­ven­tions and pro­to­cols on the level of the Coun­cil of Europe and the United Na­tions as well as those of oth­er or­gan­iz­a­tions.

This ex­pert opin­ion, which has been pub­lished in the in­ter­im, of­fers an alarm­ing pic­ture with re­spect to tech­nic­al op­tions. Op­tions avail­able to oth­er crim­in­al users of the In­ter­net are equally avail­able to ter­ror­ists. While the former seek fin­an­cial gain, ter­ror­ists are more in­ter­ested in caus­ing ma­jor dam­age worthy of me­dia at­ten­tion. Thus, due to the ad­vanced state of com­pu­ter­iz­a­tion – in train or air traffic, for in­stance – scen­ari­os of ter­ror­ist at­tacks in­volving use of the In­ter­net ap­pear pos­sible. The only lim­it­a­tion is that such at­tacks (at least to date) ap­pear to be es­pe­cially com­plex and tra­di­tion­al ter­ror­ist activ­it­ies ap­pear easi­er to carry out. Oth­er forms of ter­ror­ist use of the In­ter­net – those that do not threaten an im­me­di­ate at­tack but rather in­volve such pre­par­at­ory activ­it­ies as plan­ning or com­mu­nic­a­tion – are like­wise of in­terest.

The leg­al part of the ex­pert opin­ion, in con­trast, presents a more re­as­sur­ing pic­ture. The in­ter­na­tion­al in­stru­ments for har­mon­iz­a­tion of crim­in­al law em­ploy two dif­fer­ing reg­u­lat­ory meth­ods geared either to the of­fense (for in­stance a per­son’s death) or the elec­tron­ic mod­us op­erandi. In­tense scru­tiny of all the pro­vi­sions re­vealed only minor leg­al loop­holes. A cause for con­cern, however, is the fact that each in­di­vidu­al in­ter­na­tion­al in­stru­ment was rat­i­fied by a dif­fer­ent group of states. This could lead to ter­rit­ori­al dif­fer­ences in terms of pro­tec­tion and to prac­tic­al prob­lems in the de­tec­tion and pro­sec­u­tion of cy­berter­ror­ist activ­it­ies. There is thus no jus­ti­fic­a­tion for re­lax­ing pre­cau­tions.