Edito – Report on the “Protection of Internet Users”: towards an interdepartmental chain of fight against cybercrime by Myriam Quéméner

A report prepared by the interdepartmental working group on cybercrime, presided over by Mr Marc Robert, prosecutor general at the Court of Appeal of Riom, was handed over on 30 June 2014 to the Ministers of Justice, of Home Affairs, of Economy & Finance and to the Minister for the Digital Economy. The report comprises fifty-five proposals to protect the Internet users[1].

Such document[2] highlights the necessity to better assess the situation thanks to accurate statistics, established yearly under the aegis of the ONDRP (National Office of Delinquency and Criminal Response).

Amongst other things, the report recommends adapting the criminal arsenal of procedures, for instance by increasing the penalty for attacks against automated data processing systems; by creating the aggravating circumstance of crimes committed by an organised group; by defining a specific penalty for spamming; by incriminating the theft of intangible assets; and by creating the aggravating circumstance of digital identity theft over the Internet.

The report also recommends to improve criminal procedures to fight this new type of crime, by considering that all crimes and offences targeting a French natural person or legal entity and punishable by one year of imprisonment are deemed to have been committed on the French territory; by extending search and seizure procedures to “any private place housing IT data and objects”; by optimising the search warrants sent to operators based outside of France; by enabling the police forces, outside of a particular investigation, to freely use pseudonyms when accessing the public space; and by generalising the possibility to carry out investigations under a pseudonym. The working group further supports the “right to be forgotten” for minors.

The report suggests the creation of an alerting centre, open to the general public and to small- and medium-sized enterprises, able to receive reports of “cyber offences” and to advise victims. The working group also suggests the establishment of a regulatory agency, responsible for the consistency and implementation of standards applicable to the Internet, acting as the interface with private companies and empowered to impose administrative sanctions in breach of their legal obligations, more particularly if they fail to take action following the reporting of an offence by an Internet user.

In this respect, the report deems it necessary to redefine cooperation procedures with hosting companies and to increase the accountability of all active intermediaries. It also proposes the establishment of an interdepartmental delegation for the fight against cybercrime. However, such proposal is understandably not receiving the support of the stakeholders concerned, as in times of budget cuts, efficacy and pragmatism are preferred to dispersal. Further, the report pleads in favour of a comprehensive fighting strategy offering a prevention and repression response that will be more effective and more adapted to the new methods of cyber offenders, while respecting the fundamental freedoms. Investigation departments have already set up specialised units, unlike the judicial system, where almost everything remains to be done[3], both in terms of jurisdiction and central administration, whereas the Ministries of Justice in the other European countries already have dedicated units. The report pertinently suggests the establishment of a commission, reporting to the DACG (Criminal Matters and Pardons Directorate), which could implement a specific criminal policy and follow up on the corresponding projects, both in France and abroad.

Most importantly, the judicial system[4] must become involved in this process, because the increasing number of procedures initiated by investigation services must be processed effectively by trained and competent magistrates working in specialised units such as the JIRSs (Specialised Interregional Jurisdictions), or even, for affairs that have a large or international scale or that are targeting OIVs (organisations of vital importance), in a national jurisdiction located in Paris.

As indicated on the website of the French Ministry of Justice as early as 2012, judging cyber crimes must no longer be the work of amateurs or novices[5], it must become a specialisation for the future for magistrates[6].