Projet de loi relatif à la criminalité informatique.
General information ¶
- Submitted by
- Groen Open Vld Vooruit PS | SP Ecolo MR Verhofstadt Ⅰ
- Submission date
- Nov. 3, 1999
- Official page
- Visit
- Status
- Adopted
- Requirement
- Simple
- Subjects
- computer crime database computer systems criminal law telecommunications
Voting ¶
- Voted to adopt
- Groen CD&V Vooruit Ecolo LE PS | SP Open Vld N-VA MR FN VB
Contact form ¶
Do you have a question or request regarding this proposition? Select the most appropriate option for your request and I will get back to you shortly.
Discussion ¶
March 30, 2000 | Plenary session (Chamber of representatives)
Full source
Rapporteur Servais Verherstraeten ⚙
Mr. Speaker, Mr. Minister, colleagues, these bills were discussed in six meetings of the Justice Committee. They are actually a repetition of a bill draft that was approved by the previous government and that was submitted to the State Council for advice. The original bill was amended in two places. This bill is the logical result of the work of the OECD and the Council of Europe. The development of information technology and its exponential growth has led to the fact that this new technology has become a means of committing various crimes. In addition, the technology has become the target of criminals. To address these new forms of crime, this bill was in place. Within the existing criminal law and the existing criminal proceedings, structural reforms appear to be superfluous. Some crimes are computer-neutral and should not be changed. The amendments imposed on other criminal acts. For this reason, new crimes were included in the bill: the fraud in computer science, information fraud, unauthorized access - hacking - and data and computer sabotage. The criminal procedure should also be amended. In addition to confiscation, copyname is now also possible. The research of networks, the network search, is made possible and it can take place not only outside the district boundaries but also abroad. Finally, the draft law also covers the obligation of cooperation and information, coupled with the obligation of secrecy of those who are professionally active in the information sector. In addition, telecommunications legislation also needed to be adapted in order to regulate the identification and retention of data. The committee organized a number of hearings with the Committee on the Protection of the Privacy. They have expressed concerns about, among other things, legality and proportionality. They also clearly pointed out that this bill should not affect the law on privacy. The committee agreed. Several comments were answered through amendments. In addition, the committee also received the National Guard and the Judicial Police. They also had their doubts. They pointed out that detection is extremely difficult given the rapid technological evolution. They acknowledged that this bill provides an answer to various problems and highlighted the problem of data retention. Currently, the providers use a storage period of three to six months. They considered this period much too short and suggested a three-year period while the Commission for the Protection of Privacy suggested a three-month period. This bill was also discussed in the consultation committee and eventually an agreement was reached on an optional bicameral treatment. During the discussion, several amendments were discussed and adopted, including regarding the fraud in computer science. In this regard, a special design is now required, as was also provided in the preliminary design. In addition, deletion of data contrary to public order and good morals is excluded. Such data will be confiscated. There will also be a ban on access if it constitutes a crime or results from a crime. The network search was clarified. Network searching is only permitted for the purpose of finding out the truth and when other measures would be disproportionate or evidence threatens to be lost. Finally, an amendment was adopted regarding the retention period of providers. Initially, the draft stipulated that the King could arrange this and was intended to have deadlines set according to technological development. However, that point has been amended. Now the King remains competent, although with a minimum period of twelve months, and the detention must take place in Belgium. This draft was approved by a large majority. For the rest, I refer to the written report.
President Herman De Croo ⚙
Mr. Verherstraeten, if I understand it correctly, the two bills were bundled into one bill.
Servais Verherstraeten CD&V ⚙
So is it. Mr. Speaker, if I have permission, I would like to step out of my role as a rapporteur. I would like to make three comments on this draft. First, during the hearings, it was shown, among other things, that we are facing an exploding market. The likelihood of crimes is also increasing phenomenally. Last year we saw a fifth increase in the number of reports of crimes on the Internet. That means a phenomenal increase in case load in these new forms of crime. This design may be a means to tackle this new form of crime, but that requires more people and resources. That requires skillfully trained personnel, who are permanently up-trained, because in this sector the knowledge of today is the history of tomorrow. There should also be room for the courts to retain certain data. This implies financial resources. If this majority, after budget control or in the preparation of the 2001 budget, does not take this into account, then this weapon, which is now given to police and justice, remains without ammunition. This will not be shot. Then this opportunity to tackle white board crime will be pure window-dressing. Therefore, our group proposes a clear expansion of personnel and resources, as is the case in the Netherlands. Second, in any case, this design includes an Achilles tail: the network search across national boundaries. After all, it is very possible for a police officer to find evidence abroad through network search and make a copy thereof. This draft provides for the obligation to report crimes to the relevant government through the appropriate channels. Well, if such a situation occurs, we will be faced with criminal procedural strikes. After all, in the light of international jurisprudence – which actually prohibits overseas search and judicial investigation – there remains the risk that researchers landing here violate foreign legislation, with the risk that evidence here will have to be removed from the criminal investigation. That is and remains the Achilles heels of this design. We are not the first in Europe to prepare a draft law on cybercrime, but we could be the first to take initiatives, not to renounce sovereignty in criminal law but to give a new connotation to that sovereignty. Criminal law is becoming more and more international. It is true that we would go more toward shared sovereignty and could develop a much more smooth legal aid procedure. This would provide a solution to the Achilles tail of the persistent problem in international legal discovery, in international criminal law and in evidence gathering outside our national borders. Finally, and not insignificant in this design, there is the cooperation obligation for the providers and for all who are professionally active in this sector. This matter is so technical and changes so quickly that we, the government, can do nothing here without the civic sense of who are professionally active in the sector. Therefore, the obligation of cooperation, the obligation of information and the obligation of secrecy are in place. Therefore, the retention period of data from providers is also in place. Initially, the draft granted full authority to the King, but through an unanimously approved amendment of my group, a minimum period of at least twelve months is provided and the retention obligation applies within our national borders. We know, Mr. Minister, that this was not welcomed by the providers, nor by your own Belgacom. Critical comments followed, resulting in amendments that we were unable to address for formalist reasons. However, we believe that the twelve-month period is in place. Facts are not discovered immediately after they have been committed. If we would equate the retention period to the period that the providers want and which is merely attached to checking their invoice data, then I fear that justice and police will come much too late. Of course, this has financial consequences, we are aware of this. However, I believe that this unanimously adopted amendment, with the full approval and support of the Minister of Justice, should remain in place. Today, in this hemisphere, we do not see any new amendments. The story is not over, and the lobbying work is not over. We will see if the Senate will evocate, or if there will be something else to say about this later in any program law. In any case, we suggest that you and the Minister of Justice will not shut down the lobbying work, this for the sake of the security and the proof-gathering that is so necessary in these new forms of crime, the crime of the twenty-first century. In any case, we approve this amended draft with confidence.
Jean-Pol Poncelet LE ⚙
Mr. Speaker, Mr. Minister, cybercrime is a topic that writers and filmmakers have become very affectionate about. The number of books and films devoted to this subject has been very high in recent years, with such auctions between one and another that hackers are often presented as sympathetic characters and even very often heroes. When one notices that his computer has been hacked or is the victim of a virus, or when the media replicates the performance of hackers – since this is how it is appropriate to call them – when one evokes large-scale espionage as it has been ⁇ recently in the commission of the Interior, one realizes that reality quickly joins fiction and even often surpasses it. Given the central place of computer science in our society, cybercrime can have disastrous effects on each of us and on society itself. Even a few days ago, during a debate in the framework of the program The Witness Screen at the RTBF on the topic of computer hacking, we were able to realize that new technologies were evolving very quickly and that our right was often exceeded in this matter. Montesquieu said that the law is always overcome by the morals. In this case, it is the morals themselves that are surpassed by technoscience. On behalf of my group, I would like to express today our satisfaction to see that this project can reach maturity because it responds to very concrete problems that have arisen. It creates four new incriminations that were needed: computer fraud, computer fraud, unauthorized access, data sabotage and computer sabotage. If new incriminations are created, the project also incorporates in the Code of Criminal Instruction a number of innovations with regard to the acts of information and instruction in a computer context. Dear colleagues, if I rejoice on behalf of my group to know that we will soon be better armed to fight cybercrime, I am also satisfied – and this is what I want to emphasize – that different majorities can have convergent views on this type of issues. In this case, the project almost completely takes over the project that had been finalised by the previous team. It is therefore, if I dare to say - but the term is risky in the period we currently live in - a shared paternity since it was also an agreement of the previous majority, which explains the broad consensus obtained in commission. I am especially pleased that we have been able to take into account, in a committee, the comments made at the end of the hearings, in particular by the Committee on Privacy, and that amendments have been introduced which very faithfully reflect the concerns of that committee. If the project is a positive element, the work is far from completed. As the rapporteur has just pointed out, it still needs to be given the means to exist, including the tools necessary for justice to be able to function. In addition, Mr. Minister, we are awaiting – and I know that the Government is working on it – two other projects that have been finalised, the first aimed at amending certain provisions of the Civil Code relating to proof of obligations, the second regulating the activity of accredited certification authorities for the use of digital signatures. Beyond these two projects, I am ⁇ committed to taking initiatives in the field of IT security and equal access for the greatest number to new technologies. Of course, if we must face the criminal problems that arise, we must also allow the greatest number of our fellow citizens to use these technologies safely. Dear colleagues, because we look forward to the work done together and lead a constructive opposition, it is with great pleasure that I announce that the PSC will vote on the bill that is presented to us.
Hugo Coveliers Open Vld ⚙
Mr. Speaker, Mr. Minister, colleagues, as usual, I thank the reporter for his report. However, in order to avoid any misunderstandings, I would like to immediately add a comment. Colleague, you said that a special arrangement would be required. I think that is not correct. This is a general purpose, not a particular purpose. This is important because, when someone is prosecuted under the provisions of these articles, it is sufficient to prove the general criminal intent and not the specific intent. There should be no misunderstanding about this. It is true that the previous government prepared these texts – I agree with the previous speaker – and that they have been largely adopted. This also demonstrates the general recognition that a legal framework for combating cybercrime is necessary for two reasons. At first, what was then referred to as computer crime – only later was this terminology broadened – was considered as a means of committing a crime. Through the control of that means, on the transfer of data, other crimes were wanted to be detected. This is still important now, because it is still used. Today, there is cybercrime as such, which has a criminal intent. That often makes it difficult. It is rightly pointed out the problem of evidence-making. In our criminal procedure law, in the Code of Criminal Procedure, there is no rule on evidence. The only rule we have is the conviction of the criminal judge. These can be suspicions, which can be evidence that is circumstantially motivated in a judgment or judgment. There is no provision in the Code of Criminal Procedure where these means of evidence are pushed forward. This makes it more difficult to combat cross-border crime. As we are a small country, 90% of this type of crime is likely to be cross-border. Through the Internet and other possibilities, one can easily maintain global contacts. You rightly took that example. We must be aware that often, when investigations take place in Belgium, for example, and one virtually seizes data via a server abroad such as one gets here on the screen, one gets the problem of double incrimination or of responsibility of the one who seizes here on things that are tolerated elsewhere. Of course, one will not be able to seize the data, because they are possibly on the other side of the world. This can only be resolved through treaties. In this, you are right and the government is aware of it, as evidenced by the statements of the ministers in the committee. We should do so in the first place in the 15 Member States of the European Union, where we should at least try to obtain a uniform right in that area. Of course, there must also be a look further. After all, it is just as easy to establish an internet connection with the Netherlands as it is with Mongolia. A second element that I would like to highlight is that we need to be clearly aware of the two aspects of cybercrime. On the one hand, there is the means used to enable organized crime. On the other hand, there is the specific crime. If it is a means of enabling other forms of crime, detection will be easier. It is important to know which data is transmitted. The burden of proof will be less important. If one wants to obtain a conviction before a court in the context of the specific cybercrime, this will, given all the treaties that this country has concluded and the constitutional provisions, of course be much more difficult to ⁇ . We must very clearly realize that this form of crime inaugurates a new era in criminal law. I do not have an immediate solution for this. We provide for prison sentences of up to five years. This means that anyone who erroneously enters a particular file and makes changes to it risks being removed from the community for up to five years. We must keep this in mind when we begin to discuss Article 7 of the Criminal Code and the diversification of penalties. The punishment will become more difficult. We will no longer have to determine whether the punishment should be a fine or a prison sentence. On the other hand, it will be necessary to specify specifically what form of sanction is to be provided, unless, of course, the criminal judge is to be given full freedom. I have found with great interest that there is a quasi-unanimity on this text. Colleague Verherstraeten, I have also heard your correct warning about the resources. It is obvious that legislation without resources is counterproductive. A law that cannot be applied will work hand in hand with the violation and the norm-blurring. So you are right. In my opinion, it is not enough to expand the current computer crime unit, which is now divided into two corpses but which hopefully will soon become a unit. In my opinion, it is necessary to teach all those who are engaged in detection a basic technology. We need specialists. Since this form of means of crime is so common, at least the local investigation – but of course not every police officer or woman – should be founded and provided the necessary support through the subsidiarity system. I would like to talk about the amendment that could not be discussed in the committee due to the intervention of the reporter. After thorough deliberation, I decided not to return it. I am fully aware that the deadline that is now imposed is a relatively long deadline for the providers. Keeping these data for 12 months is a lot of work. This requires a heavy investment and for stakeholders arises the question of how far they can remain competitive with similar companies. I support the argument that, given the five-year criminal limitation period, a guaranteed three-month period for collecting evidence is relatively short and that this period should therefore be reduced to twelve months. I would like to point out that the Netherlands currently still has a three-month period, although signals are being sent to extend this period. In France, a longer term is considered, and in Germany, it is also desired to extend the term. I urge the Minister of Justice and his colleague for Telecommunications and Public Enterprises and Participations to urge, during the European negotiation, to draft a European directive on this subject as soon as possible. It is indeed competitive distortion if one company is required to keep its data for twelve months, while a few kilometers further, across the border, another company is required to keep those data only for three months, although there is no difference between the two companies in terms of providing services. If the European Directive to be drafted in question provides for a shorter deadline, it seems to me appropriate to review this matter and accept the predetermined deadline. If, however, no European agreement is reached, I suggest that, after a certain period of time, the use of the predetermined period be evaluated in order to determine whether the retention of the data for one year is really necessary and whether the period cannot be shortened. Mr. Speaker, Mr. Speaker, Mr. Speaker, this bill comes in time. In 1986, resolutions on computer crime were already discussed in this assembly. Now we are doing an inhalation manoeuvre. It is essential to provide the necessary resources in this regard and to be aware that the evolution is ongoing and that other elements of criminal law will also need to be adapted to this evolution. In the meantime, we will approve this bill with great conviction.
Fred Erdman Vooruit ⚙
Taking into account the remarks of the previous speakers, I can be very concise on this subject. First of all, I would like to thank the rapporteur for his sound report. Mr. Minister, dealing with this bill in the committee was not an easy task, but that is the fate of the Ministers of Justice. The intense committee work resulted in changes and adjustments to the original text. In the end, we ended up where it was due to good cooperation across the boundaries of majority and opposition. Per ⁇ we were all aware of the need to legislate on this subject. The archaic states on that level are far behind us. It has been a long time since a court ruling allowed the electricity to be picked up. No new legislation was required for the theft of electricity; the ruling of the Court of Cassation, which also qualified theft of electricity as theft, was sufficient. Today, modern means call us to draw up new texts. The scientific support that, thanks to hearings, could be given to our work, delights me. Furthermore, it is true that, with regard to the adjustments and amendments, we have not only been concerned with safeguarding the rights of defence and the right to privacy, but have also sought to make the whole fit within the framework of the existing concepts. I will not extend on the resources. Collega Verherstraeten spoke about this and colleague Coveliers supplemented it. I just want to warn. Colleague Coveliers, I do not think that in this subject with basic knowledge to give everyone, the problem can be solved. One will depend on super specialists. My concern is that the legal control, starting from the prosecutor and the investigative judge, as well as in the context of the judicial proceedings, must be expanded so as to avoid becoming dependent on a decision made by super specialists in the matter. If not, they can mortgage the decision with their knowledge until almost the judgment. That is a warning that we should actually be able to incorporate in the beginning of the implementation of these texts. Mr. Minister, I expect that, when the texts are operational, you will communicate this warning also in front of those who should handle the texts. For the rest, I can confirm that we will approve this design with enthusiasm. We are therefore confident that it can be applied in an efficient way.