For years, countries have grappled with illicit money flows (IMFs) via traditional money laundering (ML) methods. The rise of cyber-enabled technologies has introduced new challenges and opportunities to respond to these illicit activities. Many scholars have called for the streamlining of e-evidence collection to counter trans-border cybercrimes and ML. While digitalisation offers many benefits, criminals also exploit these technologies to devise complex schemes, launder proceeds, and perpetrate crimes, posing significant risks to society, the economy, and the rule of law.
In response, the European Parliament ratified an e-evidence legislative package on 13 June 2023. This package, composed of a Regulation on European Production and Preservation Orders and a Directive on the appointment of legal representatives, aims to allow judicial and law enforcement authorities (LEAs) to collect e-evidence in criminal cases quickly and legally, both within and outside the EU. However, evolving criminal tactics show that conventional approaches are no longer enough. LEAs require modern legal and practical tools to stay ahead of offenders. This calls for robust regulatory frameworks to empower LEAs, providing them with the authority and resources to gather evidence effectively in cross-border crimes. Key considerations for improving e-evidence collection include:
Cross-border coordination
The borderless nature of cyberspace presents jurisdictional challenges in collecting e-evidence. According to the EU Commission, 85% of investigations require cross-border access to e-evidence, with 65% of requests sent to providers based outside the jurisdiction. Determining which country's LEA has jurisdiction over the evidence and which legal frameworks apply can be complex, especially when multiple countries are involved. The use of electronic communication also requires compliance with Regulations (EU) 910/2014, ensuring that qualified electronic seals or signatures are used in cross-border procedures.
Data privacy and protection
The General Data Protection Regulation (GDPR) sets strict rules for collecting, processing, and transferring personal data within the EU. LEAs and judicial authorities must ensure that they comply with GDPR when handling e-evidence to protect individuals' privacy rights. This includes ensuring that there is a lawful basis for data processing, maintaining data security, and obtaining consent when necessary. Additionally, the EU-US Data Privacy Framework plays a role in governing cross-border data exchanges.
Technical challenges
E-evidence collection requires specialised expertise and tools. Technologies like encryption and blockchain complicate investigations, and LEAs may lack the necessary resources or training to handle such cases effectively. Keeping pace with technological advancements is critical to overcome these challenges. Tools such as automatic reasoning, which create e-evidence, can help, but require significant investments in training and infrastructure.
Chain of custody
To be admissible in court, e-evidence must remain authentic and intact throughout its lifecycle. LEAs must establish a clear chain of custody to prevent tampering, alteration, or erasure. Regulation (EU) 2023/1543 outlines rules for the preservation and production of e-evidence by service providers, while Directive (EU) 2023/1544 sets out guidelines for legal representatives to ensure compliance with orders from LEAs. These frameworks aim to protect the integrity of e-evidence during investigations and court proceedings.
Resource constraints
LEAs often face funding, administrative, and technological constraints when handling e-evidence. Gaining expertise in digital forensics and cybersecurity requires significant investments in training, AI tools, and partnerships with forensic labs and industry experts. Service providers must ensure their representatives have the necessary resources to comply with authorities' orders, but resource limitations can delay investigations.
Addressing these challenges requires a multi-faceted approach, including legal, technical, and operational measures. Stronger international cooperation, information-sharing agreements, and public-private partnerships are essential for enhancing LEA capabilities in handling e-evidence.
• Legal Harmonisation: Harmonising laws related to e-evidence across EU member states can facilitate smoother cooperation and ensure compliance with both legal and industry standards.
• New Technologies: LEAs should harness new technologies such as blockchain analysis, AI for data analysis, and secure digital platforms to improve their investigative capabilities.
• Stronger Cooperation: Standardised protocols and Mutual Legal Assistance Treaties (MLATs) can enhance cross-border collaboration and speed up the exchange of e-evidence.
Conclusion
The EU and global authorities face significant challenges in combating transnational crime and collecting e-evidence. However, by leveraging new technologies, harmonising regulations, and fostering international cooperation, LEAs can enhance their ability to address these challenges. Investing in secure platforms, training, and cross-border collaboration offers promising ways to strengthen e-evidence collection and combat cybercrime more effectively.
Comentarios