Electronic evidence
Electronic evidence consists of these two sub-forms:
- analog, and
- digital evidence
Electronic evidence can be abbreviated as e-evidence, and this shorter term is gaining in acceptance in Continental Europe. This page covers mainly activity there and on the international level.
Access to electronic evidence
Access is the area where much of the current activity on the international level is taking place. A network called the Internet & Jurisdiction Policy Network holds global conferences on the topic at various locations. Here are three key regional developments in Geneva, Strasbourg and Brussels.[International Organization for Standardization] (ISO)
There is an international forensic standard issued by ISO with the International Electrical Commission ISO/IEC 27037.United Nations
Late in 2019 Russia and China initiated a move to consider drafting a global cybercrime convention. Western democracies are conspicuously absent from the sponsoring parties. Many non-governmental organizations have issued a protest letter claiming the Russian initiative would potentially infringe upon human rights.Council of Europe
The Convention on Cybercrime is "the first international treaty on crimes committed via the Internet".The CoE is currently drafting an update in the form of a second additional protocol to the Convention.
An international group of national data protection authorities with a secretariat in Germany called the International Working Group on Data Protection in Telecommunications is monitoring the Council of Europe Cybercrime Convention holding 60-some meetings on the access problem, most recently to address events in Brazil, Belgium and China in addition to the Microsoft Ireland case.
The draft protocol has proven quite controversial. A joint civil society statement has been submitted.
European Union
The European Parliament has been developing the so-called “e-evidence package”, which is summarized as "stops" in this legislative "train schedule". The process is complex with both the Commission and Council producing parallel text drafts. In early 2020 there will be a vote in LIBE committee, probably combined with a mandate to begin trilogues. More specifically, the LIBE Committee's report will be submitted to the Plenary of the Parliament for adoption. It is only after this step that the trilogues between the Parliament, the Council and the Commission could start in order to agree on a common text. The rapporteur Birgit Sippel MEP has released her report proposing changes to the versions of the Commission and the Council. The report has given rise to both a summaryand a more detailed commentary analysing its provisions for their efficiency and protection of human rights.
In February 2019, the European Commission recommended "engaging in two international negotiations on cross-border rules to obtain electronic evidence," one involving the USA and one on the CoE. Indeed, the USA/EU axis and the CoE are the scenes of work on these issues, as described and compared in a 2019 paper advocating a revamping of the Mutual legal assistance treaty, page 17.
The reason for the above development was given as due to the fact that "n the offline world, authorities can request and obtain documents necessary to investigate a crime within their own country, but electronic evidence is stored online by service providers often based in a different country than the investigator, even if the crime is only in one country." The Commission then gave data supporting this decision. Indeed, this is the reason for treating electronic evidence differently from the ways that other evidence is treated. Moreover, it may expedite convergence or some form of reconciliation between the world's two main legal systems, i.e. common law and civil law, at least as regards this use case. Negotiations are set to begin.
Working documents are documents relating to the drafting of reports and opinions. These describe the proposed core instruments to handle cross-border requests: a European Production Order and a European Preservation Order.
The framework for those instruments is the European evidence warrant.
Separately from the above, a dedicated convention has been drafted by a British barrister.
United Kingdom
The UK government announced that the new "UK-US Bilateral Data Access Agreement will dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather than through governments, which can take years.""It gives effect to the Crime Act 2019, which received Royal Assent in February this year and was facilitated by the CLOUD Act in America, passed last year."
"The Agreement does not change anything about the way companies can use encryption and does not stop companies from encrypting data." On encryption, the US, UK and Australia are contacting Facebook directly
The agreement means that UK officials can now apply to the US via the Crime Act 2019.
United States
The basis for obtaining cross-border access is the Stored Communications Act as amended by the CLOUD Act. A new agreement with the UK was negotiated and it "will enter into force following a six-month Congressional review period mandated by the CLOUD Act, and the related review by UK’s Parliament."Controversy
One of the most controversial cases brought yet to a court has been the 2013 Microsoft Corp. v. United States case.Potential conflicts between the EU regime and the US CLOUD Act have led legal scholars Jennifer Daskal and Peter Swire to propose a US/EU agreement. Those authors have also assembled a set of FAQ seeking to address questions specifically that have arisen from the European Union in connection with the CLOUD Act.
Highlighting differences from the status quo, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs commissioned a study and held a hearing; the study is available.
Europeans discussing ‘Co-operating in the Digital Age’ in the Internet Governance Forum have been critical of the EU's proposals, fearing that "companies and businesses implement stronger filtering and blocking mechanisms in order to avoid sanctions or reputational damages." Later in November at the Internet Governance Forum 2019 in Berlin panelists described new initiatives in Brazil and Russia respectively.
Some problems quite different from those in the Microsoft case alluded to above have been found and described in an article in the German weekly ZEIT dated 19 December 2018 with 167 comments on the proposed direct access tracks described above under "European Union"; the journalist Martin Klingst entitled it "Nackt per Gesetz".
Klingst is appalled at the thought that an EU member state like Hungary might demand his data. Apparently Katharina Barley, German Federal Minister of Justice, agrees. Germany has protections against infringements on one's "informational self-determination" that are the strongest of any EU member state. The European Arrest Warrant is another example of the national limits placed on EU rights in some conditions.
Besides, Klingst sees a contradiction between having Internet companies be the guardians of right and wrong, whereas in a new draft German law they might be punished themselves. Would other MSs respect Germany's interpretation of who maintains confidentiality? he asks rhetorically.
E-evidence could become the first case, Klingst predicts, testing whether Germany's top judges have reserved enough room for the most basic protections.
Much evidence is plain text; but some evidence is encrypted. In 2015 and 2016, another chapter was added to the long-standing encryption controversy with the FBI-Apple encryption dispute. That controversy continues in 2019 with multiple nation-states pressuring Facebook to put a backdoor in its messenger service.