Anna-Maria Osula PhD thesis: “Remote search and seizure of extraterritorial data”
Defense date: 17.04.2017 – 12:00, Näituse 20, room K-03
Professor Jaan Ginter
Dr Christoffer Wong (University of Lund)
Due to increasing digitalization, criminal procedure has to take into account the characteristics of the Internet, related technologies and digitally stored or electronically transmitted data. The objective of the dissertation is to examine, building on the example of the Council of Europe Convention on Cybercrime (CoCC), the regulation of remote search and seizure in circumstances where the targeted evidence is extraterritorially located or where it is not possible to identify the exact location of the data (‘loss of location’). Remote search and seizure entails searches that are either carried out by extending the initial search and seizure to devices accessible from the originally searched device or by remotely conducting search and seizure from other devices such as the law enforcement’s own. In addition to discussing the traditional mutual legal assistance procedures and alternative measures for accessing extraterritorial data, the dissertation scrutinizes whether remote search and seizure of extraterritorial data entails an extraterritorial application of jurisdiction to enforce and whether it can thereby be viewed as a breach of territorial sovereignty of the other state.
The focus of this Yearbook is on criminal procedure with special emphasis on surveillance operations. There are three articles that are of our interest.
“Supervision over surveillance”, Uno Lõhmus, Visiting Professor at the University of Tartu:
First, full judicial pre-approval of surveillance operations, judicial supervision of the operations at the time of conduct thereof, and effective review of the operations after their completion are not ensured. Second, the rules on surveillance are laconic, incomplete and ambiguous, and the case law has not been able to improve this situation. In other words, legal clarity of the law is not ensured. This adds to the complexity of judges’ work and may also contribute to superficiality.
In addition, the case law does not clarify whether the installation of spyware in a computer system should be regarded as the installation of a technical means.
As of 1 January 2013, examination of traffic and location data in electronic communication is not considered to be a surveillance operation.
“Problems related to surveillance – the perspective of a defence counsel”, Küllike Namm, attorney-at-law:
This article focuses on the questions that have arisen in connection with surveillance operations and to which the current law does not provide answers. The discussion of these issues is intended to point out that the activities of public authorities in organising surveillance are inadequately regulated by the Code of Criminal Procedure. This creates a situation where the provisions on access to information on surveillance operations do not guarantee that a person subjected to surveillance can examine the data collected by surveillance operations and, where necessary, take possession of the data in a format that can be played back.
“Some problems encountered in computer system searches”, Eneli Laurits, Adviser to the Penal Law and Procedure Division of the Ministry of Justice:
The Code of Criminal Procedure of Estonia does not regulate computer system searches. It is relatively difficult to apply the existing rules to the collection of evidence in the manner described in this article, but it is still possible.
When performing an inspection, the body conducting proceedings is not entirely free of jurisdiction-related issues: for example, if the object of inspection is the social media website of a victim or a suspect, then the inspection of the website is complicated in theory, but simple in practice – a mouse click is enough to display various data within the territory of Estonia. An inspection can be based on cooperation (the subject voluntarily provides the user IDs and passwords), but there is always the possibility that voluntary cooperation fails. An investigative body should be able to rely on a legal regime in such cases.
It has been decided in Estonia that by the year 2020, a criminal file may be digital. Following on from this decision, it is necessary to decide how to incorporate into the law a regulation concerning digital evidence with the aim of seizing as much as possible evidence in its initial digital form, and ensuring the evidence is seized in the place where it is physically located.
This article aims to sum up the most common activities within which digital evidence might be taken, highlighting the potential problems of interest to the legislature when elaborating specific regulations for digital evidence.
Quite disturbing revelation is that by the current law, the law enforcement agents, after court authorized inspection, seizure or remote take-over of the computer system, are allowed to access any other remote resources that the system has access to:
The Advisory Guidelines on IT-Evidence, prepared on 24.05.2016 by law enforcement agencies, claim that in case of public investigative measures (inspection, search) and covert surveillance, no request for legal assistance is needed for data stored in cloud on foreign states’ servers.
For example, upon apprehension, a suspect has a computer or a smartphone unprotected with a password, and it is possible to obtain and to look through the information about the data stored, for example, in the cloud or in an e-mail box (which are not on the Estonian servers). Even when prosecutors approach the court on their own initiative, and by pointing out an obvious similarity between the search of a computer system and the search of a physical space to obtain permission from the court, preliminary investigation judges have so far found that such permission is not needed.
The Supreme Court has found that a permission granted by a prosecutor, and not by a court, is enough to observe, copy data in the person’s e-mail box (including when an e-mail box is located on a foreign state’s server) and to covertly examine a part of the server where a particular e-mail box is located, because messages are then not being transmitted, but they have already reached a recipient.