A legislative proposal on the reinforcement of fighting computer crime confers far-reaching powers upon the public prosecutor
With a draft legislative proposal of 28 July, caretaker Minister
Hirsch Ballin wants to tighten criminal law measures in order to
protect privacy on the Internet, the fast developments in
information and communication technology being the reason for this
legislative proposal. In practice, 'hijacking' computer
data and disseminating such data through the internet is becoming
easier, thus continually giving rise to the question whether the
current regulation is still well equipped to fight computer crime
effectively.
The proposed changes in a nutshell
The draft bill contains three changes. First of all, it
introduces an extension of the criminal-law provisions regarding
monitoring, tapping or recording of confidential communication,
which change is in line with the current laws of France and
Germany. Secondly, the illegal copying of computer data and making
such data available or otherwise disclosing it will be deemed a
criminal offence by equating such conduct with receiving of stolen
property. Both the person who has stolen the data in the first
place, as well as the person who has received the data will be
liable to prosecution. Thirdly, the draft bill - apart from these
changes in material criminal law - also confers new powers upon the
Public Prosecutor, who will be authorized to independently demand
that data on the internet be made inaccessible. As we will explain
below after sketching the current situation, this amounts to a very
fundamental change.
Current situation of making data
inaccessible on the internet
Currently, the Public Prosecutor has the power, after prior
written authorization from the examining magistrate judge, to order
a provider of a communication service to make data inaccessible.
Such prior written authorization functions as a safeguard of the
legal order, as it balances the executive branch, i.e. the Public
Prosecutor, by requiring judicial review from the judicial power,
i.e. the examining magistrate. The intervention of the latter is
geared at preventing otherwise possibly fast and drastic
infringements of freedom of speech and also at preventing the
possible self-censorship of the provider of the internet service.
At present, this is set out in the Criminal Code. From a systematic
point of view it is desirable to include this power in the Code of
Criminal Procedure where similar powers are regulated. The current
proposal will achieve this by including this power of the Public
Prosecutor as an independent power into the Code of Criminal
Procedure.
Consequences Desirable for Practice?
We believe that the proposed change regarding the power of the
Public Prosecutor to make data on the internet inaccessible will
cause a stir before a final bill will be in place. The reason is
that the requirement of a prior written authorization from the
examining magistrate will be thrown overboard. In the Explanatory
Memorandum to the draft bill, the reasons for doing so are briefly
explained as follows:
"The introduction of the possibility to complain about
the order [of the Public Prosecutor] to the Chamber of the Court is
one of the reasons why the [present] condition of having a prior
written authorization from the examining magistrate is no longer
necessary."
But given this very essential change in law, this explanation is
very poor. Abolishing the criterion of a prior written
authorization leaves the Public Prosecutor with freedom to act as
he sees fit. If a party disagrees with the Prosecutor's order
to make data on the internet inaccessible, it will have to initiate
complaint proceedings before the Chamber of the Court. As a result,
some form of testing will only occur afterwards, and then again
only in those cases where the injured party initiates proceedings.
This cannot have been the Minister's intention.
Furthermore, it is not clear in what cases the Prosecutor may use
this power. Does this only apply in cases where an intermediary
(i.e. a service provider) does not voluntarily make data
inaccessible on the basis of the 'Notice and Take Down'
Code of Conduct because the data or expression are not manifestly
unlawful? In that case it is ultimately the Prosecutor who will
determine whether or not something is unlawful. Or can the
Prosecutor prohibit the access to certain data immediately, i.e.
without first having to resort to the 'Notice and Take
Down' Code of Conduct? And how does this relate to the freedom
of speech? Unfortunately, the draft bill offers little clarity in
this regard. The only criterion is that the Prosecutor may order to
make data inaccessible as far as this is necessary to make an end
to a criminal offence or to prevent new criminal offences. More
clarity about how to interpret this broad power is, to say the
least, desirable.
Conclusion
It is difficult to get a better understanding of
'cybercrime' and, thus, all attempts tackling this
subject-matter deserve a positive reception. The purpose of this
draft bill is the reinforcement of the fight against computer
crime, which in our opinion is a justified ambition in 2010 when
technology is gaining an ever more powerful role in crime. However,
the principles of rule of law should not be overlooked or eroded.
After all, in our opinion this draft bill represents a large
extension of the Public Prosecutor's powers which lacks
sufficient substantiation. The consequences could be enormous if
the Prosecutor were to act as he sees fit here, possibly even
jeopardizing the now-existing freedom of speech on the internet..
Since this draft bill is still in the consultation phase, everyone
is allowed to submit their well-founded comments. Hopefully this
will cause a return to the drawing table to re-think the changes
thoroughly once more, and to adjust them before this bill becomes
final.