Digital evidence in criminal proceedings: legal considerations - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Digital evidence in criminal proceedings: legal considerations

Description:

... phone metering, 6 m. for e-mail, SMS and EMS data, 4 days for proxy servers logs) ... Does the principle of free estimation of evidence still apply in cases ... – PowerPoint PPT presentation

Number of Views:132
Avg rating:3.0/5.0
Slides: 20
Provided by: x7330
Category:

less

Transcript and Presenter's Notes

Title: Digital evidence in criminal proceedings: legal considerations


1
Digital evidence in criminal proceedings legal
considerations
  • Arkadiusz Lach
  • Department of Criminal Procedure
  • Faculty of Law
  • University of Nicolaus Copernicus in Torun

2
Terminology
  • Evidence in an electronic form is called computer
    evidence, electronic evidence, digital evidence,
    IT evidence, electronic traces, etc.
  • IOCE definition of digital evidence information
    stored or transmitted in binary form that may be
    relied upon in court
  • Electronic evidence is the most neutral name

3
Classification (ex.)
  • Evidence collected in real time and collected
    while stored some problems may arise how to
    classify certain forms of evidence, ex. e-mail
  • Documentary evidence and real evidence
  • Substantive evidence (independent, ex. electronic
    documents) and demonstrative evidence (ex.
    computer animations)

4
Main legal problems connected with electronic
evidence
  • Interception of communication
  • Collecting traffic data in real time
  • Extended search
  • Power to copy, retire, make inaccessible
    electronic data
  • Data preservation
  • Data retention
  • Cryptography
  • Gathering electronic evidence by private persons,
    especially employers

5
Interception of communication
  • Range of interception how far should it be
    allowed
  • Subsidiary clause (ex. art. 19 Police Act 1990 in
    Poland)
  • Regulations on interception must be clear and
    precise to meet requirements of art. 8 ECHR
  • Evidence or only information?

6
Real-time collection of traffic data
  • Traffic data art. 1d of the Convention on
    Cybercrime the origin of communication, its
    destination, route, time, date, size, duration,
    type of underlying service (auxiliary to the
    communication itself)
  • The difference between traffic data and content
    data in e-communication is decreasing, ex.
    http//www.google.com/search?hlenieISO-8859-1q
    sexkidsbtnGGoogleSearch
  • Despite the fact that real time collection of
    traffic data is generally less intrusive than
    interception of content there should be an
    independent control over it (ECtHR Malone)

7
Extended search
  • Two possibilities
  • Police conducting a lawful search is allowed to
    search another system when there are reasonable
    grounds to believe that relevant data will be
    found on the another system
  • Judge may specifically authorise by warrant a
    search of a computer or data
  • Traditional way is a simultanious search of
    computer systems (ex. Operation
    Cathedral-fighting child pornography)
  • Extended search should be limited to the
    territory of executing country to avoid
    sovereignity infringements

8
Power to remove, render inaccesible, copy
electronic data
  • seizure traditionally relates to data with a
    physical carrier
  • removalmeans seizing data without destroying it
  • rendering inaccessible-ex. encrypting data when
    harmful (child pornography, viruses)
  • Copies could be make by police not to deprive the
    person serched of data or in some circumstances
    by the person searched when it is relevant and
    important to business

9
Data preservation
  • Preservation orders (freezing orders) oblige
    holder of certain data to maintain its integrity
    until more formal steps are taken, ex. production
    order is issued by a judge
  • To react quickly and effectively police should be
    allowed to issue such orders
  • Art. 16 i 17 CyberConvention preservation
    traffic data and other kinds of data up to 90
    days with the possibility of prolongation

10
Data retention
  • It must be distinguished from data
    preservation-it is storing of all traffic data
    just in case
  • Art. 15 directive 2002/58/EC allows EU members
    retention for a limited period
  • Basic problems storage, retrieval, costs,
    privacy protection,
  • Period of retention should be standarised within
    EU and meet the proportionality principle.
  • In Belgium the period is 12 months, in UK it is
    proposed to set different periods for different
    types of data (ex. 12 m. for phone metering, 6 m.
    for e-mail, SMS and EMS data, 4 days for proxy
    servers logs)

11
Cryptography
  • More and more communication become encrypted
  • Law enforcement agencies are not able to break
    every cryptographic protection
  • Communication service providers can be obliged in
    certain circumstances to decrypte certain files
    when they use cryptography but not to break
    cryptographic protection applied by others
  • Key escrow and key recovery proposals

12
Gathering electronic evidence by private persons,
esp. employers
  • In some situations private persons (esp. victims)
    must be allowed to gather or preserve electronic
    traces
  • Under certain conditions the traces should be
    admissible in the criminal proceedings
  • In some countries employers are permitted to have
    access to employees communications, efforts
    should be taken to inform about the control all
    persons which can use the telecommunication
    system, listed situations

13
The role of an expert
  • Experts would be needed to gather electronic data
    and assess it
  • Experts should be certificated
  • There must be a code of practice for dealing with
    electronic evidence, ex. IOCE standards
  • In more complicated cases complex opinion may be
    needed
  • Does the principle of free estimation of evidence
    still apply in cases with electronic evidence?
  • Private opinions

14
Main differences between common law and civil law
countries
  • Legal theory of evidence versus free estimation
    of evidence
  • Authentification as a condition of admissibility
    in some common law countries
  • Hearsay rule in the context of documents
  • Corroboration rule

15
Polish regulations in CCP
  • Art. 218 CCP collection of traffic data (in real
    time or stored), order is issued by a judge or
    public prosecutor, under Police Act also by the
    police
  • Art. 218b CCP-data preservation (judge or public
    prosecutor) not by the police
  • Art. 236a CCP regulations concerning search and
    seizure are to be applied accordingly to
    electronic data problem of interpretation
  • Art. 237 and 242 CCP interception of
    communication is allowed only in relation to
    listed crimes, typical computer crimes are not
    enumerated

16
Presentation of electronic evidence
  • The principle of immediacy (best evidence)
    requires to present original evidence if
    possible
  • In the case of electronic data the concept of
    original and copy is with a little
    significance
  • There are some tools to present evidence in an
    electronic form, ex. DEPS (Digital Evidence
    Presentation System)
  • The vision of cybercourt

17
Conclusions
  • Electronic traces have to be treated as evidence,
    not only information
  • Technical procedures of handling electronic
    evidence shall be obeyed
  • Human rights must be strongly protected during
    gathering of evidence
  • International cooperation and exchange of
    information is one of the basic tasks due to the
    international character of cybercrime

18
Thank you for your attention
19
Questions?
Write a Comment
User Comments (0)
About PowerShow.com