Octopus Cybercrime Community

Previous to the coming into force of the Cybercrime Convention the Netherlands already adopted Cybercrime Law in 1993, containing provisions of substantive and procedural law as well on international co-operation (CC-I). In order to be able to ratify the Cybercrime Convention 2001 the Computercrime Law (CC-II) was adopted in 2006 [1] Under preparation is a third law concerning substantive and procedural provisions (CC-III), to be sent to Parliament soon. In the meantime a number of subsequent amendments concerning cybercrime provisions were adopted.

[1] Stb. 2006, nr. 300, in force September 1 2006.

The Penal Code includes the following crimes as defined by Articles 2-6 of the Cybercrime Convention: illegal access (Article 138ab Sr), unlawful interception (Article 139c and d Sr), data manipulation (Article 350a an b Sr), computer sabotage (Article 161sexies and septies Sr).

Articles 7 and 8 of the Cybercrime Convention were implemented as follows: Article 225 Sr , forgery of documents , according to Dutch legal doctrine a document includes an electronic document as well. With regard to payment cards a separate provision was enacted by Article 232 Sr. Computer fraud of Article 8 is covered by traditional provisions of Article 326 and 326c Sr). So far no separate provision on identity fraud was announced. Child pornography (Article 9) is covered by Article 240b Sr.

Article 10 is covered by the criminal offences of the Copyright Act (Auteurswet 1912).

Article 11 is covered by Article 51 Sr

Article 12 is dealt with by Articles 45-50 Sr, which find general application.

A bill is currently at Parliamentary reading level for furthering procedural powers at the disposal of public authorities in the fight against cybercrime. The bill will authorize the police and prosecutors to:

• arrest persons suspected of selling stolen digital data;
• investigate or hack into suspects' computers remotely, for instance by installing software to detect serious forms of cybercrime;
• intercept data or make it inaccessible, for instance by blocking child pornography or intercepting email messages containing information about offences.

Once the bill has been enacted, it will proceed to the Council of State for an advisory opinion. Later this year, it will return to the House of Representatives. (Source: https://www.government.nl/topics/cybercrime/fighting-cybercrime-in-the-netherlands)

The Code of criminal procedural law is applicable to all criminal investigations whether the criminal conduct constitutes a cybercrime or not, as is required by Article 14 Cybercrime Convention. The Cybercrime Law provides rules on the search of computer systems during a search of premises for the purpose of safeguarding computer data, including the extension of a search in connected systems and the order to decrypt or making inaccessible (articles 125i -125o Sv). The complex of powers for surveillance of electronic communications (Article 21) is worked out in detail by Articles 126la-126mn Sv. The legal order for the collection and disclosure of traffic data (Article 20) and subscriber data concerning electronic communications (Article 18 section c) is implemented by Article 126na Sv. Articles 126nc-126nh Sv deal with the legal order to disclose other data than traffic and subscriber (Article 18).[1] Expedited preservation of data (Article 16) is implemented in Article 126ni Sv, expedited disclosure of traffic data (Article 17) is implemented by Article 126n Sv. Interception of communications (Article 21) is regulated by Article 126m Sv.

[1] The Criminal Procedural Code contains a number of parallel powers in case of investigations of organised crime and terrorist crimes with different conditions and safeguards.

General rules and safeguards apply as e.g. defined by the Rome Convention 1954 and case law of the ECHR. General conditions and safeguards apply. No particular rules are in place concerning in cybercrime cases or the collection of electronic evidence. Some authorities can be executed by police officers, in appropriate cases with empowerment of the prosecution officer, some by the prosecution officer, in some cases with empowerment by the investigating judge, and some only by the investigating judge, depending from the estimated infringement of human rights or the seriousness of the crime of suspect or third persons. Overstepping an authority may lead to exclusion of the evidence obtained by it. In some cases third persons may file a complaint with the court against the taking of coercive measures.

Besides an extensive legal framework on technical aspects - regulated by means of statutory instruments – other important acts to be mentioned are:

• Telecommunications Act  (version 2012 in English) - Law of October 19, 1998, Stb. 1998, 310, latest amendment Stb. 2014, 247. Access to national infrastructures: Telecommunications Agency  of Ministry of Economic Affairs.

Under the Telecommunications Law:

Chapter 13 Telecommunications Act: Authorised Surveillance.

This chapter obliges service providers of public telecommunication networks and public communication services to provide for the capacity to intercept and shall cooperate with LEA or Intelligence Services when legally ordered.

Service providers shall retain traffic data for a period of two years. They shall provide subscriber data when so ordered.

Centraal Informatiepunt Onderzoek Telecommunicatie CIOT (Central Information Point Investigation Telecommunications). [1]

Chapter 11 Protection of personal data in telecommunications.

Notification of security breaches; unsolicited advertisement (spam); cookies, law enforcement by ACM by means of non-criminal but administrative sanctions.

• Wet bescherming persoonsgegevens (Data Protection Act), Law of July 6, 2000 [2], last amendment November 5, 2014.[3]

[1] Stb 2004, 394.

[2] Stb 2000, 302.

[3] Stb. 2014, 394

Authority for extradition and provisional arrest in the absence of other treaties (Article 24)

The Ministry of Security and Justice

Office of International Legal Assistance in Criminal Matters

PO BOX 20301

2500 EH THE HAGUE

Tel. +31 (0)70-3707911
Fax +31 (0)70-3707945

Authority for Mutual Legal Assistance in the absence of other agreements or arrangements (Article 27)

The Ministry of Security and Justice

Office of International Legal Assistance in Criminal Matters

PO BOX 20301

2500 EH THE HAGUE

Tel. +31 (0)70-3707911
Fax +31 (0)70-3707945

24/7 Contact point (Article 35)

National High Tech Crime Unit ,National Police

Postal address:

p.o.box 11, 3970 AA,

Driebergen, The Netherlands

The Netherlands are Party to most Council of Europe Conventions on International Co-operation in criminal matters. The Netherlands is, of course, also Party to the instruments of the European Union for International co-operation in criminal matters.

Dutch Law under Articles 2-8 Sr determines jurisdiction of the Netherlands which does not deviate from Article 22 of the Cybercrime Convention. Title X of the Criminal Procedural Code (Articles 552h-552qe Sv) deals with incoming requests for mutual assistance. The usual procedure is that the request is sent to the competent prosecution officer who is authorised to execute the request if it only concerns the provision of information if it does not require application of coercive measures. If the request is not based upon a Treaty it may be answered if estimated to be reasonable. In sensible cases permission of the Minister of Justice is required. Like is the case with internal law empowerment by the investigating judge may be needed. No distinction has been made by the law concerning requests for mutual legal assistance in regular cases and cybercrime cases, except in Article 552oa Sv where application of the powers mentioned requires a request that can be served on the basis of the relevant Treaty. The specified powers refer to Articles 29-30 and 33-34 Cybercrime Convention.

The Extradition Act [1]contains a minimum requirement of one ear imprisonment as is the case in Article 24 CCC.

[1]Law of March 9, 1967, Stb. 139, last amendment November 27, 2013, Stb. 2008, 484. See als Overleveringswet (intra European Union), Law of May 12, 2004, Stb. 2004, 195, Stb 2004, 195, last amendment November 27, 2013, Stb. 2008, 484