Digital evidence in criminal proceedings: legal considerations

1
Digital evidence in criminal proceedings legal
considerations

• Arkadiusz Lach
• Department of Criminal Procedure
• Faculty of Law
• University of Nicolaus Copernicus in Torun

2
Terminology

• Evidence in an electronic form is called computer
  evidence, electronic evidence, digital evidence,
  IT evidence, electronic traces, etc.
• IOCE definition of digital evidence information
  stored or transmitted in binary form that may be
  relied upon in court
• Electronic evidence is the most neutral name

3
Classification (ex.)

• Evidence collected in real time and collected
  while stored some problems may arise how to
  classify certain forms of evidence, ex. e-mail
• Documentary evidence and real evidence
• Substantive evidence (independent, ex. electronic
  documents) and demonstrative evidence (ex.
  computer animations)

4
Main legal problems connected with electronic
evidence

• Interception of communication
• Collecting traffic data in real time
• Extended search
• Power to copy, retire, make inaccessible
  electronic data
• Data preservation
• Data retention
• Cryptography
• Gathering electronic evidence by private persons,
  especially employers

5
Interception of communication

• Range of interception how far should it be
  allowed
• Subsidiary clause (ex. art. 19 Police Act 1990 in
  Poland)
• Regulations on interception must be clear and
  precise to meet requirements of art. 8 ECHR
• Evidence or only information?

6
Real-time collection of traffic data

• Traffic data art. 1d of the Convention on
  Cybercrime the origin of communication, its
  destination, route, time, date, size, duration,
  type of underlying service (auxiliary to the
  communication itself)
• The difference between traffic data and content
  data in e-communication is decreasing, ex.
  http//www.google.com/search?hlenieISO-8859-1q
  sexkidsbtnGGoogleSearch
• Despite the fact that real time collection of
  traffic data is generally less intrusive than
  interception of content there should be an
  independent control over it (ECtHR Malone)

7
Extended search

• Two possibilities
• Police conducting a lawful search is allowed to
  search another system when there are reasonable
  grounds to believe that relevant data will be
  found on the another system
• Judge may specifically authorise by warrant a
  search of a computer or data
• Traditional way is a simultanious search of
  computer systems (ex. Operation
  Cathedral-fighting child pornography)
• Extended search should be limited to the
  territory of executing country to avoid
  sovereignity infringements

8
Power to remove, render inaccesible, copy
electronic data

• seizure traditionally relates to data with a
  physical carrier
• removalmeans seizing data without destroying it
  
• rendering inaccessible-ex. encrypting data when
  harmful (child pornography, viruses)
• Copies could be make by police not to deprive the
  person serched of data or in some circumstances
  by the person searched when it is relevant and
  important to business

9
Data preservation

• Preservation orders (freezing orders) oblige
  holder of certain data to maintain its integrity
  until more formal steps are taken, ex. production
  order is issued by a judge
• To react quickly and effectively police should be
  allowed to issue such orders
• Art. 16 i 17 CyberConvention preservation
  traffic data and other kinds of data up to 90
  days with the possibility of prolongation

10
Data retention

• It must be distinguished from data
  preservation-it is storing of all traffic data
  just in case
• Art. 15 directive 2002/58/EC allows EU members
  retention for a limited period
• Basic problems storage, retrieval, costs,
  privacy protection,
• Period of retention should be standarised within
  EU and meet the proportionality principle.
• In Belgium the period is 12 months, in UK it is
  proposed to set different periods for different
  types of data (ex. 12 m. for phone metering, 6 m.
  for e-mail, SMS and EMS data, 4 days for proxy
  servers logs)

11
Cryptography

• More and more communication become encrypted
• Law enforcement agencies are not able to break
  every cryptographic protection
• Communication service providers can be obliged in
  certain circumstances to decrypte certain files
  when they use cryptography but not to break
  cryptographic protection applied by others
• Key escrow and key recovery proposals

12
Gathering electronic evidence by private persons,
esp. employers

• In some situations private persons (esp. victims)
  must be allowed to gather or preserve electronic
  traces
• Under certain conditions the traces should be
  admissible in the criminal proceedings
• In some countries employers are permitted to have
  access to employees communications, efforts
  should be taken to inform about the control all
  persons which can use the telecommunication
  system, listed situations

13
The role of an expert

• Experts would be needed to gather electronic data
  and assess it
• Experts should be certificated
• There must be a code of practice for dealing with
  electronic evidence, ex. IOCE standards
• In more complicated cases complex opinion may be
  needed
• Does the principle of free estimation of evidence
  still apply in cases with electronic evidence?
• Private opinions

14
Main differences between common law and civil law
countries

• Legal theory of evidence versus free estimation
  of evidence
• Authentification as a condition of admissibility
  in some common law countries
• Hearsay rule in the context of documents
• Corroboration rule

15
Polish regulations in CCP

• Art. 218 CCP collection of traffic data (in real
  time or stored), order is issued by a judge or
  public prosecutor, under Police Act also by the
  police
• Art. 218b CCP-data preservation (judge or public
  prosecutor) not by the police
• Art. 236a CCP regulations concerning search and
  seizure are to be applied accordingly to
  electronic data problem of interpretation
• Art. 237 and 242 CCP interception of
  communication is allowed only in relation to
  listed crimes, typical computer crimes are not
  enumerated

16
Presentation of electronic evidence

• The principle of immediacy (best evidence)
  requires to present original evidence if
  possible
• In the case of electronic data the concept of
  original and copy is with a little
  significance
• There are some tools to present evidence in an
  electronic form, ex. DEPS (Digital Evidence
  Presentation System)
• The vision of cybercourt

17
Conclusions

• Electronic traces have to be treated as evidence,
  not only information
• Technical procedures of handling electronic
  evidence shall be obeyed
• Human rights must be strongly protected during
  gathering of evidence
• International cooperation and exchange of
  information is one of the basic tasks due to the
  international character of cybercrime

18
Thank you for your attention
19
Questions?