International Journal on Criminology Volume 7, Number 1, Winter 2019/2020 | Page 20
For a More Effective Fight against Cybercrime
Digital data have become the focus of a real power struggle between states
that want control over data circulating within their territory and between private
companies that provide the networks through which data are channeled. The interest
generated in this truly immaterial wealth reflects the transformations that
geopolitics has undergone in the digital age: a questioning of physical national
borders, an affirmation of private and nonstate actors, a “digitization” of conflicts
and claims regarding sovereignty in cyberspace, and cyberattacks.
Controlling data requires knowledge of the means and conditions of their
production, their transmission channels, and how and where they are stored. 4 Data
create value and power, and they are “the link between physical and digital spaces.”
Data and their control are reconfiguring the balance of power at the strategic and
economic levels, and they are giving rise to new representations of sovereignty.
We are also seeing the development of “cyberhavens”: states with weak or
nonexistent legislation. Moreover, traditional legal tools are inadequate because
they take too long to implement, 5 given that electronic evidence is ephemeral;
this makes it more difficult to identify cybercriminals. And then there are attacks
against automated data-processing systems, such as distributed denial-of-service
(DDos) attacks, including instances of hacking, particularly those launched from
abroad.
The international dimension of cybercrime 6 entails a harmonization of national
laws, or at least the facilitation of cooperation at the European and international
levels in order to strengthen the means of fighting this phenomenon. Criminal
proceedings may face obstacles or be slowed down by the international nature
of this type of crime.
When service providers are not established in the European Union, a request
for international mutual legal assistance in criminal matters should be made.
The implementation of these procedures can be further complicated if the service
provider’s data are located in multiple countries. This can then lead to other issues
relating to the location of the data and the determination of the jurisdictions territorially
competent to access them.
There are major challenges here, and one cannot overlook their geopolitical
and strategic aspects, with the emergence of extraterritorial legislation that could
harm Europe, such as the Clarifying Lawful Overseas Use of Data Act, or CLOUD
Act. Although the CLOUD Act, 7 adopted by the United States Congress on March
4 Myriam Quéméner, “Le droit face à la disruption numérique,” LGDJ (2018).
5 Ten months on average for requests for international mutual legal assistance in criminal matters
(CRI or MLAT—Mutual Legal Assistant Treaty—in the case of the United States), with a maximum
response time for a European Investigation Order set at 120 days.
6 “Cybersécurité, cybercriminalité: quelles réponses stratégiques et juridiques?,” special report, Dalloz
IP/IT 3 (March 2018): 158.
7 Garance Mathias and Aline Alfer, “Conséquences du Cloud Act pour les européens?” Expertises
15