Cybercrime will increasingly be at the heart of our daily lives. How many revealed computer attacks, dismantled online networks will be enough to make us fully aware of this? At a time when the whole of our society and economy is being put into data, the risk lies in the explosion of this crime, while a feeling of impunity persists. This worrying observation reveals a lack of knowledge that reduces its seriousness. The proposed countermeasures are currently insufficient. In this context, it is becoming urgent to reflect on how to organise collectively to combat these threats.
What is cybercrime? Its facets are multiple. In the absence of a legally established definition, cybercrime covers all criminal offences attempted or committed against or by means of an information and communication system. It ranges from fraud, data theft and identity theft to child pornography, the dissemination of illegal or malicious content, corporate espionage and the saturation of websites. This activity can be very lucrative. In three years, Silk Road, the world's largest drug sales site, is estimated to have generated $1.2 billion in traffic with commissions of about $80 million.
Cybercrime is becoming more "democratic". Far from targeting only large groups, it now reaches small and medium-sized companies, individuals and communities alike. All sectors are concerned, from agriculture to education and heavy industry, because almost all our activities and interactions are now linked to an information system and are therefore vulnerable to intrusions and piracy. Indeed, each organization becomes an information technology company whose data is a coveted asset. It also presents a degree of complexity that requires a high degree of specialisation of actors and tools in order to better understand the mechanisms used, as in the case of anonymisation processes used by the TOR browser (The Onion Router) or ransom requests in Bitcoin.
Silk Road, a topical example. Closed by the FBI in November 2014, the "Silk Road" website offered, among other things, according to the prosecution, the sale and purchase, only in Bitcoin, of drugs, weapons, forged documents, and the services of hired killers. During the trial, Ross Ulbricht's lawyers - prosecuted for leading this black market and finally sentenced by the American courts in May 2017 to life imprisonment - challenged several aspects of the investigation, particularly the behaviour of two federal agents who tried to extort and blackmail the accused. Shaun Bridges, a member of the US secret service, was convicted after pleading guilty to embezzling $800,000 in Bitcoin electronic currency. When Carl Mark Force, an officer with the US Drug Enforcement Administration (DEA), was sentenced to 78 months in prison for extortion and money laundering. This complex case highlights the specificities inherent in technologies, and the need to train the next generations of investigators, judges and lawyers to understand all the subtleties. Specialisation of the entire criminal justice system seems necessary: from investigation, to prosecution, to the trial phase.
The analogy with the National Financial Prosecutor's Office. The current limits for combating cybercrime are similar to those that existed in the economic and financial field before the creation, in 2014, of the French National Financial Prosecutor's Office: aggravation and complexity of economic crime, absence of a precisely defined interlocutor at national and international level, insufficient specialisation of judges, insufficient human and technical resources, cost of the loss of income resulting from fraud. The National Financial Prosecutor's Office could thus serve as an example.
The creation of a public prosecutor's office specialising in digital technology would make it possible to respond to the problems raised by offences specific to electronic networks, [...] as well as those committed using electronic communication networks and information systems when they reach a certain degree of complexity or constitute particularly serious offences.
The creation of a public prosecutor's office specialising in digital technology would make it possible to respond to the problems raised by offences specific to electronic networks, in particular attacks on information systems, denial of service and piracy, as well as those committed using electronic communication networks and information systems when they reach a certain degree of complexity or constitute particularly serious offences. Its high level of specialization and the advanced tools it would be entrusted with would make it possible, for example, to identify authors using encryption processes and to collect evidence made more difficult to obtain by advanced technologies. Some initiatives have already been implemented in the State of Rio in Brazil, or in Spain where there is a General Prosecutor in charge of cybercrime who benefits from the help of 70 prosecutors gathered within a specific prosecutor's office dedicated to this type of crime.
Training of judges. The creation of a digital judicial system requires an upstream debate on the type of specialization of judges, their number, the centralization or decentralization of such a prosecution service, and even the possibility of implementing a prosecution service at European level.
A major challenge will then be to coordinate the action of the Digital Prosecutor's Office with the various existing specialized services, as digital technology is often a means of enabling major organized crime to launder money or finance terrorist networks, for which other bodies are already competent.
A major challenge will then be to coordinate the action of the Digital Prosecutor's Office with the various existing specialized services, as digital technology is often a means of enabling major organized crime to launder money or finance terrorist networks, for which other bodies are already competent. In the long term, the creation of a 33rd Correctional Chamber specialized and exclusively dedicated to the prosecution of offences investigated by the French National Digital Public Prosecutor's Office - like the 32nd Correctional Chamber at the Paris Court, dedicated to cases originating from the French National Financial Prosecutor's Office (Cahuzac, Wildenstein, etc.) - could prove relevant.
The relevance of pan-European coordination. All the above findings suggest that cooperation at a supranational level should be considered, particularly in view of the substantially transnational nature of cybercrime. In support of the implementation of such a cooperation mechanism, we should bear in mind the reasoning developed by the European Union institutions for the establishment of a European Public Prosecutor's Office for criminal offences against the EU's financial interests. As security, justice and fundamental rights are matters of shared competence between the EU and the Member States, the principle of subsidiarity is particularly relevant here in that action at European level would be much more effective in combating cybercrime offences. As such, the creation of a European Digital Public Prosecutor's Office would also give concrete expression to several of the EU's priorities in the field of justice, for example with regard to consumer protection, the stated objective of which being in particular to adapt consumer law to the digital age but also to provide "a stronger, coordinated and global response to [...] cybercrime".
The emergency now requires us to reflect on the evolution of digital litigation at European level. This development will seem prospective for some. However, anticipating it is essential. Change management is a long process. But inevitably, this will be the only way to ensure that tomorrow there will be prosecutors and investigation services with the necessary knowledge and resources to deal with cybercrime cases.
Originally published in French here.
TO GO FURTHER: