Electronic evidence

Electronic evidence consists of these two sub-forms:

  • analog (no longer so prevalent, but still existent in some sound recordings e.g), and
  • digital evidence (see longer article)

This rather complex relationship can be depicted graphically as shown in this part of an EU-funded project on the topic embedded here at the right. Chapter 10 of the associated 2018 book goes into more detail,[1] as does the website, http://www.evidenceproject.eu/categorization

Electronic evidence

Electronic evidence can be abbreviated as e-evidence, and this shorter term is gaining in acceptance in Continental Europe. This page covers mainly activity there and on the international level.

Access to electronic evidence

Access is the area where much of the current activity on the international level is taking place. A network called the Internet & Jurisdiction Policy Network holds global conferences on the topic at various locations.[2] Here are three key regional developments in Geneva, Strasbourg and Brussels.

International Organization for Standardization (ISO)

There is an international forensic standard issued by ISO with the International Electrical Commission ISO/IEC 27037.[3]

United Nations

Late in 2019 Russia and China initiated a move to consider drafting a global cybercrime convention. Western democracies are conspicuously absent from the sponsoring parties.[4] Many non-governmental organizations (NGOs) have issued a protest letter claiming the Russian initiative would potentially infringe upon human rights.[5]

Council of Europe

The Convention on Cybercrime (“Budapest Convention”) is "the first international treaty on crimes committed via the Internet".[6]

The CoE is currently drafting an update in the form of a second additional protocol to the Convention. An international group of national data protection authorities with a secretariat in Germany called the International Working Group on Data Protection in Telecommunications is monitoring the Council of Europe Cybercrime Convention holding 60-some meetings on the access problem, most recently to address events in Brazil, Belgium and China in addition to the Microsoft Ireland case.[7]

The draft protocol has proven quite controversial.[8] A joint civil society statement has been submitted.[9]

European Union

The European Parliament has been developing the so-called “e-evidence package”, which is summarized as "stops" in this legislative "train schedule".[10] The process is complex with both the Commission and Council producing parallel text drafts. In early 2020 there will be a vote in LIBE committee, probably combined with a mandate to begin trilogues. More specifically, the LIBE Committee's report will be submitted to the Plenary of the Parliament for adoption. It is only after this step that the trilogues between the Parliament, the Council and the Commission could start in order to agree on a common text.[11] The rapporteur Birgit Sippel MEP has released her report proposing changes to the versions of the Commission and the Council. The report has given rise to both a summary [12] and a more detailed commentary analysing its provisions for their efficiency and protection of human rights.[13]

In February 2019, the European Commission recommended "engaging in two international negotiations on cross-border rules to obtain electronic evidence," one involving the USA and one on the CoE.[14] Indeed, the USA/EU axis and the CoE are the scenes of work on these issues, as described and compared in a 2019 paper advocating a revamping of the Mutual legal assistance treaty, page 17.[15]

The reason for the above development was given as due to the fact that "[i]n the offline world, authorities can request and obtain documents necessary to investigate a crime within their own country, but electronic evidence is stored online by service providers often based in a different country than [sic] the investigator, even if the crime is only in one country." The Commission then gave data supporting this decision.[16] Indeed, this is the reason for treating electronic evidence differently from the ways that other evidence is treated. Moreover, it may expedite convergence or some form of reconciliation between the world's two main legal systems, i.e. common law and civil law, at least as regards this use case.[17] Negotiations are set to begin.[18]

Working documents are documents relating to the drafting of reports and opinions. These describe the proposed core instruments to handle cross-border requests: a European Production Order (EPOC) and a European Preservation Order (EPOC-PR).[19] The framework for those instruments is the European evidence warrant.[20]

Separately from the above, a dedicated convention has been drafted by a British barrister.[21]

United Kingdom

The UK government announced that the new "UK-US Bilateral Data Access Agreement will dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather than through governments, which can take years."

"It gives effect to the Crime (Overseas Production Orders) Act 2019, which received Royal Assent in February this year and was facilitated by the CLOUD Act in America, passed last year."

"The Agreement does not change anything about the way companies can use encryption and does not stop companies from encrypting data." On encryption, the US, UK and Australia are contacting Facebook directly [22]

The agreement means that UK officials can now apply to the US via the Crime (Overseas Production Orders) Act 2019.[23]

United States

The basis for obtaining cross-border access is the Stored Communications Act as amended by the CLOUD Act. A new agreement with the UK was negotiated and it "will enter into force following a six-month Congressional review period mandated by the CLOUD Act, and the related review by UK’s Parliament." [24]

Controversy

One of the most controversial cases brought yet to a court has been the 2013 Microsoft Corp. v. United States case.

Potential conflicts between the EU regime and the US CLOUD Act have led legal scholars Jennifer Daskal and Peter Swire to propose a US/EU agreement.[25] Those authors have also assembled a set of FAQ seeking to address questions specifically that have arisen from the European Union in connection with the CLOUD Act.[26]

Highlighting differences from the status quo, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs commissioned a study and held a hearing; the study is available.[27]

Europeans discussing ‘Co-operating in the Digital Age’ in the Internet Governance Forum have been critical of the EU's proposals, fearing that "companies and businesses [might] implement stronger filtering and blocking mechanisms in order to avoid sanctions or reputational damages."[28] Later in November at the Internet Governance Forum 2019 in Berlin panelists described new initiatives in Brazil and Russia respectively. [29]

Some problems quite different from those in the Microsoft case alluded to above have been found and described in an article in the German weekly ZEIT dated 19 December 2018 with 167 comments on the proposed direct access tracks described above under "European Union"; the journalist Martin Klingst entitled it "Nackt per Gesetz" (Naked by Law, meaning exposed to foreign observation by domestic law).[30]

Klingst is appalled at the thought that an EU member state like Hungary might demand his data. Apparently Katharina Barley, German Federal Minister of Justice, agrees. Germany has protections against infringements on one's "informational self-determination" that are the strongest of any EU member state. The European Arrest Warrant is another example of the national limits placed on EU rights in some conditions.

Besides, Klingst sees a contradiction between having Internet companies be the guardians of right and wrong, whereas in a new draft German law they might be punished themselves. Would other MSs respect Germany's interpretation of who maintains confidentiality? he asks rhetorically.

E-evidence could become the first case, Klingst predicts, testing whether Germany's top judges have reserved enough room for the most basic protections.

Much evidence is plain text; but some evidence is encrypted. In 2015 and 2016, another chapter was added to the long-standing encryption controversy with the FBI-Apple encryption dispute. That controversy continues in 2019 with multiple nation-states pressuring Facebook to put a backdoor in its messenger service.[31]

gollark: Selling what?
gollark: What sort of interest are we talking about here? And how can I be sure that you will?
gollark: It works surprisingly well.
gollark: I have accidentally ended up with the approach of "not really having any data I care about".
gollark: It certainly does have a large amount of topics programmed in.

References

  1. Handling and Exchanging Electronic Evidence Across Europe. Maria Angela Biasiotti, Jeanne Pia Mifsud Bonnici, Joe Cannataci, Fabrizio Turchi (editors)
  2. especially its Data and Jurisdiction Work Plan on pp. 6 ff. of its 2018 Ottawa Roadmap "Towards Policy Coherence and Joint Action. Summary by the Secretariat of the Internet and Jurisdiction Policy Network and Ottawa Roadmap" (PDF). Retrieved 22 March 2019.
  3. "Forensics Standards (ISO/IEC 27037 ISO/IEC 27037:2012 information technology -- Security techniques -- Guidelines for identification, collection, acquisition and preservation of digital evidence". Retrieved 11 March 2019.
  4. United Nations General Assembly. "Seventy-fourth session, Third Committee, Agenda item 107, Countering the use of information and communications technologies for criminal purposes". Retrieved 16 November 2019.
  5. 38 NGOs under the leadership of the Association for Progressive Communications (APC). "Open letter to UN General Assembly: Proposed international convention on cybercrime poses a threat to human rights online". Retrieved 1 January 2020.
  6. Council of Europe. "Details of Treaty No.185, Convention on Cybercrime". Retrieved 1 March 2019.
  7. "Working paper on Standards for data protection and personal privacy in cross-border data requests for criminal law enforcement purposes 63rd meeting, 9-10 April 2018, Budapest (Hungary)" (PDF). Retrieved 11 January 2019.
  8. Rodriguez, Katitza (2019-02-21). "What's the Emergency? Keeping International Requests for Law Enforcement Access Secure and Safe for Internet Users, Electronic Freedom Foundation". Retrieved 1 March 2019.
  9. "Joint Civil Society Response to the provisional draft text of the Second Additional Protocol to the Budapest Convention on Cybercrime" (PDF). Electronic Frontier Foundation (EFF), European Digital Rights (EDRi), IT-Pol Denmark, Electronic Privacy Information Center (EPIC). Retrieved 19 November 2019.
  10. European Parliament. "-European Production and Preservation Orders for electronic evidence in criminal matters". Retrieved 1 March 2019.
  11. Christakis, Theodore (2019-01-14). "E-Evidence in a Nutshell: Developments in 2018, Relations with the Cloud Act and the Bumpy Road Ahead". Cross-Border Data Forum. Retrieved 16 March 2019.
  12. Christakis, Théodore (21 January 2020). "E-Evidence in the EU Parliament: Basic Features of Birgit Sippel's Draft Report". European Law Blog. Retrieved 21 January 2020.
  13. Christakis, Théodore (7 January 2020). "Lost in Notification? Protective Logic as Compared to Efficiency in the European Parliament's E-Evidence Draft Report". Cross-Border Data Forum. Retrieved 7 January 2020.
  14. European Commission. "European Commission - Press release. Security Union: Commission recommends negotiating international rules for obtaining electronic evidence, Brussels, 5 February 2019". Retrieved 11 February 2019.
  15. Hohmann, Mirko; Barnett, Sophie. "System Upgrade: Improving Cross-Border Access to Electronic Evidence, Global Public Policy Institute, January 2019" (PDF). Retrieved 6 March 2019.
  16. European Commission. "European Commission - Fact Sheet Questions and Answers: Mandate for the EU-U.S. cooperation on electronic evidence". Retrieved 11 February 2019.
  17. Mason, Stephen (Autumn 2015). "Towards a global law of electronic evidence? An exploratory essay, citing Damaska, p.24". Amicus Curiae. 2015 (103): 19–28. doi:10.14296/ac.v2015i103.2481.
  18. European Commission. "Criminal justice: Joint statement on the launch of EU-U.S. negotiations to facilitate access to electronic evidence, Washington, DC, 26 September 2019". Retrieved 27 September 2019.
  19. European Commission. "-Working documents on the Proposal for a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters". Retrieved 1 March 2019.
  20. Williams, Charles (2006). "The European evidence warrant". Revue Internationale de Droit Pénal. 77 (1): 155–162. doi:10.3917/ridp.771.0155. Retrieved 6 March 2019.
  21. Electronic Evidence, Draft Convention on (2016). "Draft Convention on Electronic Evidence". Digital Evidence and Electronic Signature Law Review. 13. doi:10.14296/deeslr.v13i0.2321.
  22. "UK and US sign landmark Data Access Agreement, October 3, 2019". UK Government, Crime, justice and law. Retrieved 4 October 2019.
  23. The Act is here, and Explanatory Notes to the Act are available from a tab. "Crime (Overseas Production Orders) Act 2019, 3 October 2019". UK Government, Legislation. Retrieved 4 October 2019.
  24. "U.S. And UK Sign Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online, October 3, 2019". Department of Justice, Office of Public Affairs. 3 October 2019. Retrieved 4 October 2019.
  25. Daskal, Jennifer; Swire, Peter (21 May 2018). "A Possible US-EU Agreement on Law Enforcement Access to Data? May 21, 2018 [also cross-posted on Lawfare]". Retrieved 6 March 2019.
  26. Swire, Peter; Daskal, Jennifer (April 16, 2019). "Frequently Asked Questions about the U.S. CLOUD Act". Retrieved October 21, 2019.
  27. Boese, Martin. "An assessment of the Commission's proposals on electronic evidence, research paper requested by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs and commissioned, overseen and published by the Policy Department for Citizen's Rights and Constitutional Affairs". Retrieved 4 August 2019.
  28. Amon, Cedric. "EuroDIG 2019: Highlights from The Hague, 2019". Retrieved 16 July 2019.
  29. Maciel, Marilla. "Solutions for Law Enforcement to Access Data Across Borders, Report, Internet Governance Forum, Berlin, Workshop 288 (26 Nov 2019, 11:30 to 13:00)". Diplo Foundation. Retrieved 27 November 2019.
  30. Klingst, Martin (19 December 2018). "Nackt per Gesetz" (Naked by Law)".
  31. "US, UK and Australia urge Facebook to create backdoor access to encrypted messages". The Guardian. Retrieved 4 October 2019.

Further reading

Journals

Books

  • Mason, Stephen and Daniel Seng, editors, Electronic Evidence (4th edition, Institute of Advanced Legal Studies for the SAS Humanities Digital Library, School of Advanced Study, University of London, 2017), http://ials.sas.ac.uk/digital/humanities-digital-library/observing-law-ials-open-book-service-law/electronic-evidence
  • Paul, George L.: Foundations of Digital Evidence (American Bar Association, 2008)
  • Scanlan, Daniel M.: Digital Evidence in Criminal Law (Thomson Reuters Canada Limited, 2011)
  • Scheindlin Shira A. and The Sedona Conference (2016): Electronic Discovery and Digital Evidence in a Nutshell, Second Edition, West Academic Publishing, ISBN 978 1 63459 748 7
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.