This is a subject that regularly occupies the benches of the Assembly. Over the past ten years, legislative initiatives concerning the deployment of digital technologies in the security field have multiplied. Among them, the law relating to the prevention of acts of terrorism and intelligence, the draft law relating to criminal responsibility and internal security, or the law for global security preserving freedoms. These developments aim to fight against crime and ensure respect for public order, but their deployment raises questions, while experiments based on technologies (such as biometric identification or audiovisual capture devices) are exploding. Faced with these developments, a question arises: are the existing legal and democratic safeguards sufficient to maintain this balance in the digital age? This is the subject of the meeting organized by Renaissance Numérique, in partnership with the Express, this Monday, February 21, between 5:30 p.m. and 6:30 p.m., on Youtube. Several guests will discuss the following question: “Digital in the service of security: from exception to trivialization?”
Among them, Myriam Quéméner, magistrate in the criminal service of the Versailles Court of Appeal and expert for the Council of Europe in the field of cybercrime, will notably bring her view of the rise of digital crime, as well as the articulation between the use of digital technology by justice and respect for individual rights.
L’Express: Justice and the police integrate digital tools a little more into their work every day. Do the concerns surrounding individual freedoms raised by the media or associations, such as La Quadrature du net, seem legitimate to you?
Myriam Quemener: Digital now concerns all human and economic activities. Delinquency has adapted to it, which can facilitate the passage to the act. Judicial responses must therefore adapt accordingly. Obviously, dangers to fundamental rights and privacy must be avoided. So the question is where to place the cursor. Being vigilant is important, but the framework for this use exists today with remedies.
The State cannot disarm itself in the face of international and digital crime, but it must be remembered that digital investigation procedures such as data capture or investigations under a pseudonym are very legally framed in order to respect fundamental rights and the privacy of individuals.
Isn’t there a risk of abuse?
High-profile and high-profile cases like those of Edward Snowden have shown us that concerns for privacy are real, both on the side of judges, lawyers and citizens. But the ambient discourse is very worried, without really knowing the procedures. When we look at it seriously, we see that there are a lot of guarantees. For example, there is a little-known court – namely the investigating chamber which rules on procedural disputes – or even requests for nullity before judgment by lawyers.
“The risk of drift exists, of course, but it is very controlled”
The risk of drift exists, of course, but it is very controlled. These procedures can be controlled by a judge of freedoms and detention. Recently, a decision of the Constitutional Council considered that the guarantees provided by the requisitions to obtain connection data in the preliminary investigation were not sufficient. This will be settled by the end of the year. This is further proof that remedies in the event of potentially abusive use in the context of legal proceedings exist.
What can be done to improve the judicial treatment of digital cases?
I think we need to increase the number of magistrates who deal with cybercrime cases. It is also necessary to strengthen their training because business is increasing. In this respect, it is necessary to underline the great mobilization of the national school of the magistrature, in connection in particular with the school of the bar. The digital dimension is integrated into all training regardless of the disputes. But the latter must be made compulsory for the magistrates who are in charge of these procedures.
Today, many actors exist to fight against cybersecurity. But if the police, the gendarmerie and the customs are expanding their staff in this area, as well as the national authority for security and defense of information systems (ANSSI) this is less the case for justice. It would be necessary to create real services dedicated to digital and to the fight against cybercrime, which has become a real economic and financial crime.
Do you think that legislation can evolve at the same rate as technology?
It is often said that there is a legal vacuum on these digital issues. I rather think there is an overflow. The legislator sometimes has the reflex to make a new text to repress illicit behavior that may already fall under existing texts.
There are provisions in multiple codes, which complicates the fight against these phenomena: in fact, counterfeiting is punishable by the intellectual property code, money laundering by cryptoassets by the Monetary and Financial Code, the retention of data is included in the post and communications code, the regulation of ethical hackers is included in the Defense code… There is a problem with the legibility of the legislative criminal arsenal as a whole. Everything should be overhauled, cleaning up certain codes, conducting a public policy on all of these subjects. We are in a democracy, and the legislation regulates intrusive procedures, for example. There is constant attention paid to this balance between repression and the protection of privacy.
A red thread guides us: that of respect for the proportionality of the measures which must be debated contradictorily during the trials. I even see it on the side of the platforms, which for a long time were sheltered from sanctions. But there is a responsibility of the actors, from these companies to the Internet user. Before, when a citizen was a victim of phishing, they were often told that it was not worth filing a complaint; that the bank was going to compensate them. From now on, the commercial chamber of the Court of Cassation indicates that it is necessary to find whether there has been negligence on the part of the Internet user. On the platform side, the European texts adopted in recent years, such as the general regulation on data protection, or the digital service act (DSA) are moving in the right direction of a framework for these companies.
The Gafam have for a long time been reluctant to transmit private data to French justice. Is the situation improving?
Indeed, there is more international cooperation, especially with the United States, which hosts a lot of data. The fight against cybercrime requires public and private cooperation which must be strengthened.