Belgium Imposes €5,000 Daily Fine on Cybercriminal for Withholding Device Passwords

Estimated read time 4 min read

Can the Demand for a Daily €5,000 Fine Compel a Suspect to Surrender Their Passwords?

The Belgian Public Prosecutor’s Office has put forth a compelling case, leveraging a hefty daily fine as a punitive measure against an individual’s refusal to divulge passwords. But does this approach stand on solid legal ground, and what implications might it have for privacy rights and legal processes?

The Intersection of Legal Authority and Individual Rights

The narrative unfolds with the Public Prosecutor’s Office in Belgium imposing a coercive demand: a daily fine of €5,000 against an 18-year-old suspected of being part of a phishing scheme. According to reports from Het Nieuwsblad1, the young man is withholding passwords to his phone, laptop, and storage devices, all of which are crucial to the ongoing investigation.

This case opens a Pandora’s box of legal and ethical questions. It pits the judiciary’s mandate to investigate against the individual’s right to privacy and potentially self-incrimination. Federal magistrate Jan Kerkhofs has been quoted emphasizing the significance of the information locked behind the suspect’s passwords — information that could unveil the extent of the illicit gains and possibly lead to their forfeiture.

The Dilemma of Digital Privacy Versus Law Enforcement Needs

In an era where digital evidence is king, law enforcement agencies worldwide are facing similar hurdles.

The crux of the issue lies in balancing the need to prosecute criminal activities with the rights of individuals to protect their personal information.

The Belgian case is emblematic of a global debate: should individuals be compelled to provide passwords, potentially incriminating themselves, or does this infringe on the principle of ‘nemo tenetur se ipsum accusare‘ — no one is bound to accuse themselves?

The suspect, currently detained following an interrogation by the investigating judge, may still be able to access the alleged illicit funds and cryptocurrencies if released, as pointed out by Kerkhofs. This possibility adds another layer of urgency to the prosecutor’s demands.

Legal Precedents and the Path Forward

The Belgian Public Prosecutor’s Office is not the first to confront this dilemma. Legal systems worldwide have grappled with similar issues, often arriving at divergent conclusions. Some jurisdictions maintain that the act of divulging a password is testimonial in nature and protected under the right against self-incrimination. Others argue that providing a password is akin to handing over a key to a lockbox — a non-testimonial act that can be compelled without infringing on constitutional rights.

The proposed fine raises questions about the extent to which financial penalties can and should be used to enforce compliance with judicial orders. Is a daily fine an effective deterrent or does it unduly punish before a verdict is reached?

Final Reflections and Provocations for Consideration

As we await the court’s decision on December 1st, all we can do is wait to see the results of this case. It stands at the intersection of cybersecurity, legal authority, and privacy rights, with each turn promising to set precedents for future engagements between individuals and the state.

The outcome of this case will undoubtedly send ripples through the legal and cybersecurity landscapes, prompting professionals to reassess the balance between personal liberties and the imperatives of justice.


Q: What’s at stake for the individual in the Belgian password case?

Beyond the immediate financial impact of the daily 5000 euro fine, the case touches on the individual’s right to privacy and the potential for self-incrimination. Compliance could reveal incriminating evidence, while refusal could result in significant financial penalties.

Q: How does this case affect the cybersecurity industry?

As we can see, the tension between encryption for privacy and security and the needs of law enforcement is growing. The outcome influences how cybersecurity professionals approach user privacy and the development of secure systems that may also need to accommodate lawful access as we are currently seeing in this case..

Q: What does the law say about compelling individuals to provide passwords?

The law varies by jurisdiction. Some consider the act of providing a password as self-incriminating testimony, protected under certain rights, while others view it as a non-testimonial act that can be compelled by the court. We can certainly imagine some cases where we would demand the password so that investigation can be done…

Q: What are the broader implications of this case?

The decision could set a legal precedent in Belgium and influence international discussions on privacy, cybersecurity, and law enforcement’s access to encrypted data. It brings to light the complex interplay between individual rights and the state’s duty to uphold justice.

  1. ↩︎
Tech Team

The Tech Team at is a collective of cybersecurity aficionados, each a specialist in their respective field. This ensemble includes seasoned DFIR mavens, management strategists, and cybersecurity tacticians.

You May Also Like

More From Author

+ There are no comments

Add yours