International Journal on Criminology Volume 7, Number 1, Winter 2019/2020 | Page 15
International Journal on Criminology
The objective of the European Commission’s two proposals, which happen
to be essential for effectively combating cybercrime, is to be able to directly obtain,
from any representative in the EU, data held or administered by any person,
including when these data have been transmitted outside the EU—for example, to
the United States. 20
In parallel, at the European level, it is necessary to update the common minimum
standards relating to definitions of offenses in order to adapt them to new
forms of cybercrime. This harmonization must as a minimum promote the mutual
recognition of investigation measures and prevent difficulties related to dual
criminal liability. Directive 2013/40/EU contributes to this. 21 It should be adapted
to take account of new forms of fraud such as the unlawful processing of personal
data, the use of cryptography, the unlawful refusal to reveal an encryption key, and
fraud related to blockchain technology.
At the national level, the legislator regularly adapts definitions of offenses
in order to take new developments into account. On the level of criminal procedure,
however, it seems necessary to streamline the rules in order to reduce the
time between decision making and access to useful data. Therefore, the general
structure of the rules relating to perquisitions of information; requisitions; seizure
of computer data; and decryption through national-defense, geolocation, or computer
data capture processes 22 should be simplified in order to ensure that they are
effective on a day-to-day basis. As a matter of urgency, the state should also develop
technical tools to enable the implementation of these provisions, in particular
those from articles 706-102-1 et seq of the Code of Criminal Procedure relating to
computer data capture, and it should commit to the development, on the basis of
articles 230-6 et seq of the same code, of files that allow the systematic analysis of
the facts and data collected.
3. Strengthening Capabilities
This sounds obvious. In the face of a form of crime that continues to grow,
adapting legislative frameworks is necessary but not sufficient.
First, there is an urgent need to strengthen material and human resources
and to train services that specialize in cybercrime, whether at the national or regional
level, in connection with Europol, which has set up a center of expertise in
this area. These services must accommodate interdisciplinary skills and establish
20 Regarding the United States, there is a framework agreement, the EU-US Privacy Shield, which
came into force on August 1, 2016. It sets out a system of certification and self-certification for
companies that transfer personal data to the United States. This mechanism has several limitations.
21 Directive of August 12, 2013, on attacks against information systems and replacing the framework
decision.
22 See in particular articles 57-1, 77-1-1, 99-5, 230-1, 230-32, 706-102-1 et seq of the Code of Criminal
Procedure.
10