Belgium’s original computer crime law dates from 2001. At that time, Belgium was one of the first countries to implement the European Convention on Cybercrime. In 2015, under the initiative of Minister of Justice Koen Geens, the cyber legislation was rewritten. Philippe Van Linthout contributed to the drafting. “The law itself remains solid, but requires updating. We are being confronted by new online phenomena that cannot immediately be classified into an existing legislative box: banking, crypto and telecom claims, or claims based on the economic law code. That makes it difficult for us to draw up a good claim.”
It's worthwhile to file a complaint
Another challenge for the Justice Department is that too much remains hidden beneath the surface. “People sometimes report a fact to the Centre for Cybersecurity Belgium or to the FPS Economy, but a report is not an official complaint,” says Van Linthout. “We must therefore convince victims that it is worthwhile to file a formal complaint. In our Mechelen-Antwerp district, for example, there are judgments every week on bank card fraud. And if we are quick enough, we can sometimes recover money in the crypto world.”
The investigating judge is all-too aware, however, that this is just the tip of the iceberg. “Perpetrators usually spend their profits very quickly, or the loot is immediately transferred to tax havens. We must be able to penetrate deeper and tackle the organisations behind all these cyber phenomena.”
International cooperation and instruments such as the European search warrant have made it possible to track down international gangs. However, things can still be improved, notes Van Linthout: “A new European regulation should make it possible for me, as an investigating judge, to request information directly in other EU countries. Because the slowness of the administrative mill unfortunately often means that we are struggling to keep pace. For example, we are a popular target for Dutch cybercriminals. But the Netherlands is unable to meet our information requests, as our files are not a top priority for the police and judiciary there.”
Justice needs tech profiles
Over the past 25 years, Belgium has invested in capacity and expertise to detect and prosecute cybercrime. These efforts must continue unabated. “To give a simple example, as an investigating judge I am allowed to hack a computer or a mobile phone. But am I able to? We need the help of tech profiles if we want to keep up with developments. Recruiting additional competencies remains urgent,” says Van Linthout. “And we must certainly tap into the knowledge of Belgian researchers. Our country is top in cryptography; why can't we use that expertise more in our field?”
The delicate balance with privacy
There is also the delicate balance between privacy and cybercrime investigation. “The right to privacy is important, but it must be proportionate. We cannot build a file without data. Belgian legislation works to our disadvantage there. The 12-month retention period for terrorism crimes and 9 months for most other serious crimes is very short, while the limitation period for criminal offenses is much longer. So much evidence is thrown away, à charge and à décharge. I hear privacy lobbyists proclaim that the government is becoming too invasive in private life. But no one has a problem sharing their data online with giants like Google. If we want to tackle (cyber)crime, we must be able to access victims' data so that we can solve cases.”
Finally, Van Linthout makes a passionate plea to increase awareness: “I am still amazed every day by the files that we receive and the amounts involved. We must make the population fully aware of the risks and prevent them from falling into the trap of phishing and hackers. Organisations such as the Cyber Security Coalition are doing a good job in this area, but we must scale up those efforts even further. After all, prevention yields the greatest benefits for all parties involved.”