Www.coe.int/cybercrime E-evidence and access to data in the cloud Issues and options under consideration by the Cloud Evidence Group of the Cybercrime.

Slides:

Advertisements

Similar presentations

The European Law Students Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.

Advertisements

State of play and activities in 2014 March 2014

MUTUALLY REINFORCING INSTITUTIONS NATO HQ - POLITICAL AFFAIRS DIVISION.

Communication ICM Bodrum, 21st of October The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina.

UNIVERSITY OF JYVÄSKYLÄ INTERNATIONAL COOPERATION.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

Corruption prevention in respect of judges and prosecutors - GRECO in the midst of its fourth evaluation round Christian Manquet, Vice-President of GRECO.

The Camden Asset Recovery Inter-Agency Network (CARIN)

Delegations ICM Cluj-Napoca, 20th April The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina.

Delegations III KAM, Bratislava 4th to 8th September 2013.

Study Visits IV KAM Prague, 3 rd to 7 th September 2014.

Knowledge Management LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Study Visits ICM Croatia, Opatija, 27th October to 3th November 2013.

UNIFIED ELSA ELSA 2013/2014 III Supporting Area Meeting Konjic, Bosnia and Herzegovina 11 th - 15 th September 2013.

The Council of Europe Convention on Cybercrime: status quo and future challenges Cristina Schulman Council of Europe Strasbourg, France Tel

Institutional Visits IV KAM Prague, 3 rd to 7th September.

ELSA Shop(ping) – Spring SALE! LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Knowledge Management and Transition ICM Cluj-Napoca, 24th April 2015.

Delegations IV KAM Prague 3rd to 7th September 2014.

BDU conference - 28 September Sign language interpreting in legal settings: a European overview Marinella Salami, efsli president European.

Where it all starts - RESEARCH LXIV International Council Meeting Opatija, Croatia October 28 th - November 3 rd 2013.

Institutional Visits ICM Cluj Napoca, 19 th to 26 th April 2015 Patrick Zischeck, Assistant for IV and SV.

ELSA Shop(ping) LXIV International Council Meeting Opatija, Croatia October 28 th - November 3 rd 2013.

Partner Opportunities ELSA 2014/ PATRON The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina.

Cybercrime and the Council of Europe response Strasbourg, October 2007 Alexander Seger Council of Europe, Strasbourg, France Tel

Institutional Visits III KAM, Bratislava 4th to 8th September 2013.

Importance of IP for researchers Noël Campling, Director European Patent Academy 28 April 2009.

Study Visits LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Area Definition III KAM,Bratislava. The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria.

Bureau for International Language Coordination

ELSA Law Schools ICM Cluj-Napoca, 21st April 2015.

Institutional Relations LXVI ICM Bodrum, 21st of October 2014.

Attorney-General’s Department International Transfer of Prisoners Unit.

Grants LXIV International Council Meeting 19th – 26th October, Bodrum Turkey.

Grant case study LXVII International Council Meeting 19th – 25th April, Cluj-Napoca Romania.

Workshop Positions Data Collection /Assessment Thursday, June 2 nd How Can We Make “International Strategy for Cyberspace” Acceptable?

Additional Protocol to the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine,

Make it Smart&Creative ICM Cluj-Napoca, 21st April 2015.

KAM Prague 3 rd -7 th September AA Workshop Studies Abroad Projects Embrace cultural diversity!

Conference Objectives To highlight the rising number of people living with HIV in Europe who are unaware of their serostatus To identify political, structural,

Doing Business in Europe Bay Area CITD Seminar Series Tuesday, September 21st, 2004 Kemarra Inc. - Key Marketing Resources & Associates San Francisco USA.

Study Visits ICM Cluj Napoca, 19 th to 26 th April 2015 Patrick Zischeck, Assistant for IV and SV.

ICM Bodrum 24 th October AA Workshop Legal Research Group.

PERC meeting 31 March 2011 ITUH - Brussels 1 Council of Europe (Revised) Social Charter Trade union & workers’ representative rights Conclusions 2010 Stefan.

Institutional Visit LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

ELSA as the Franchise? LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Natural gas, and oil sectors in Europe Vaidotas Levickis Fort Worth, Texas 2015.

EXTREME MAKEOVER Members’ Magazine LXIV International Council Meeting Opatija, Croatia October 28 th - November 3 rd 2013.

Map - Region 3 Europe.

ELSA Summer Law Schools IV KAM Prague, 3rd to 7th September 2014.

Which role is yours? ADV and Promotion of ELSA projects/events LXIV International Council Meeting Opatija, Croatia October 28 th - November 3 rd 2013.

KAM Prague 3 rd -7 th September AA Workhsop Law Review.

Delegations LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Social Studies: Europe & Russia Lesson 34 Practice & Review

Youth in Action Youth in Action supports providing competencies for young people contributes to the Lisbon strategy builds on the previous.

Geography Review On Map 1, please identify: -Spain -France -England -Russia -Ottoman empire -Persia -China -Mughal India -Songhai Empire.

The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.

1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 29 – Customs union Bilateral screening:

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 2– Freedom Movement for Workers Bilateral.

LXVI Internationl Council Meeting Turkey 19th – 26th of October 2014 Academic Activites Workshop Monday 20th of October –

CONFIDENTIAL 1 EPC, European Union and unitary patent/UPC EPC: yes EEA: no EU: no (*) (*) Also means no unitary patent Albania, Macedonia, Monaco, San.

France Ireland Norway Sweden Finland Estonia Latvia Spain Portugal Belgium Netherlands Germany Switzerland Italy Czech Rep Slovakia Austria Poland Ukraine.

Public-private cooperation

Comparative European Law on Abortion Joint Oireachtas Committee on the Eighth Amendment of the Constitution – 8 November 2017 Leah Hoctor, Regional.

U.S. Department of Justice

Overview of the Budapest Convention on Cybercrime (2001)

European survey respondents by region.

Cybercrime in the election process:

Cybercrime legislation and policies in Africa: Issues for discussion

Presentation transcript:

E-evidence and access to data in the cloud Issues and options under consideration by the Cloud Evidence Group of the Cybercrime Convention Committee Alexander Seger Executive Secretary Cybercrime Convention Committee Council of Europe New Challenges in Collecting Evidence in Cyberspace Conference, Milan, 12 May 2016

2 2 Context : Criminal justice access to evidence in the cloud – options and issues Budapest Convention on Cybercrime:  49 Parties + 17 States signatories or invited to accede = 66 States  Follow up by Cybercrime Convention Committee (T-CY) = Committee of the Parties T-CY: How to ensure the rule of law in cyberspace through more efficient access to evidence for criminal justice purposes?  Assessment of mutual legal assistance provisions ►24 recommendations to make MLA more efficient (Dec 2014)  Transborder access to data (T-CY Transborder Group ) Clarification of Article 32b Budapest Convention ►Guidance Note (Dec 2014) Additional options for transborder access ►necessary but politically not feasible in 2014  T-CY Cloud Evidence Group ( ): issues and options (Feb 2016 / prov.)

3 3 Issue: Subscriber vs traffic vs content data  Subscriber information most often required in criminal investigations.  Less privacy-sensitive than traffic or content data. Rules for access to subscriber information not harmonised.  Subscriber information held by service providers and obtained through production orders. Lesser interference in rights than search and seizure.

4 4 Issue: Mutual legal assistance  Mutual legal assistance remains a primary means to obtain electronic evidence for criminal justice purposes  MLA needs to be made more efficient  Often subscriber information or traffic data needed first to substantiate or address an MLA request  MLA often not feasible to secure volatile evidence in unknown or multiple jurisdictions

5 5 Issue: Loss of location  In “loss of location” situations (unknown source of attack, servers in multiple or changing locations, live forensics, etc.) MLA not feasible ►principle of territoriality not always applicable  Direct transborder access to data may be necessary  What conditions and safeguards?  Article 32b Budapest Convention limited ►Absence of international legal framework for lawful transborder access  Unilateral solutions by governments / jungle ►risks to rights of individuals and state to state relations

6 6 Issue: A service provider offering a service on the territory of a State  When is a service provider “present” on the territory of a State? “offering a service” on the territory of a State?  Therefore, when is a service provider subject to a domestic production or other type of coercive order?  If domestic production orders for subscriber information ►reduction of pressure on MLA system

7 7 Issue: “Voluntary” disclosure by private sector entities  More than 100,000 requests/year by European States to major US providers  Disclosure of subscriber or traffic data (ca. 60%)  Providers decide whether or not to respond to lawful requests and whether to notify customers  Provider policies/practices volatile  Data protection concerns  No disclosure by European providers  No admissibility of data received in some States ►Clearer / more stable framework required

Requests for data sent to Apple, Facebook, Google, Microsoft, Twitter and Yahoo in 2014 Parties ReceivedDisclosure% Albania % Armenia % Australia ,23666% Austria % Azerbaijan - - Belgium 1,804 1,31673% Canada % Croatia % Cyprus % Czech Republic % Denmark % Dominican Republic % Estonia % Finland % France 21,772 12,86359% Georgia 1 00% Germany 25,519 13,80154% Hungary % Iceland 3 267% Italy 9,365 4,62049% Japan 1,617 1,01062% Romania % Serbia % Slovakia % Slovenia % Spain 4,462 2,39154% Sri Lanka 1 -0% Switzerland % “The former Yugoslav Republic of Macedonia” - - Turkey 8,405 5,62567% Ukraine 8 225% United Kingdom 20,127 13,89469% USA80,703 63,14778% Total excluding USA 108,829 64,90160% Total including USA 189, ,04868%

9 9 Issue: “Voluntary” disclosure by private sector entities The six providers cooperate in a very inconsistent manner with different Parties. In terms of disclosure rates, for example: Google cooperates above average with Finland (83%), Netherlands (81%) and Japan (79%) but below average with Poland (29%) and Slovakia (8%) and not all with Hungary (0%) or Turkey (0%). Microsoft on the other hands cooperates rather well with Hungary (83%) and Turkey (76%). Facebook also responds well to Hungary (83%) and Turkey (66%), but less to Poland (29%), Portugal (38%) and Spain (37%). Yahoo cooperates rather well with Australia (51%) but responds not at all to Netherlands, Norway, Portugal and Switzerland. Microsoft on the other hand cooperates very well with Netherlands (83%), Norway (82%), Portugal (85%) and Switzerland (74%). Twitter cooperates above average with Australia (58%), Japan (36%) and Norway (50%) but not at all with Turkey (0%) and below average with France (11%), Germany (16%) or Spain (12%).

Issue: Emergency procedures  Emergency procedures needed to obtain evidence located in foreign jurisdictions through Mutual legal assistance and through Direct cooperation with a service provider

Issue: Data protection and other safeguards  Data protection requirements normally met if powers to obtain data defined in domestic criminal procedure law and/or MLA agreements  MLA not always feasible  Increasing “asymmetric” disclosure of data transborder From LEA to service provider ►Permitted in exceptional situations From service provider to LEA ►Unclear legal basis ►providers to assess lawfulness, legitimate interest ►risk of being held liable =Clearer framework for private to public disclosure transborder required

Option 1: More efficient MLA  Implement legal and practical measures ►Recommendations 1 – 15 of T-CY assessment report on MLA at domestic levels More resources and training Electronic transmission of requests Streamlining of procedures Etc.  Parties to establish emergency procedures for obtaining data in their MLA systems  Parties to facilitate access to subscriber information in domestic legislation (full implementation of Article 18 Budapest Convention)

Option 2: Guidance Note on Article 18 Guidance Note on Article 18 Budapest Convention on production of subscriber information:  Domestic production orders if a provider is in the territory of a Party even if data is stored in another jurisdiction (Article 18.1.a)  Domestic production orders for subscriber information if a provider is NOT in the territory of a Party but is offering a service in the territory of the Party (Article 18.1.b)

Option 3: Cooperation with providers Pending longer-term solutions: Practical measures to facilitate transborder cooperation between service providers and criminal justice authorities  Focus on disclosure of subscriber information upon lawful requests in specific criminal investigations  Emergency situations  Consideration of legitimate interests and data protection requirements In practice: ▶ Regular meetings between T-CY and providers (1 x year prior to a T-CY Plenary?) ▶ Online tool Part A: Provider policies/procedures, Part B: Legal basis and procedures for production orders in Parties ▶ Standard multi-language template for requests for subscriber information ▶ Support through capacity building programmes

Option 4: Protocol to Budapest Convention Provisions for more efficient MLA  International production orders or simplified MLA for subscriber information  Direct cooperation between judicial authorities in MLA  Joint investigations and joint investigation teams  Requests in English  Emergency procedures Provisions for direct transborder cooperation with providers  Disclosure of data by LEA to a service provider abroad in specific situations  Disclosure of subscriber information by service providers to LEA abroad with conditions and safeguards  Direct preservation requests to providers abroad  Admissibility of data obtained directly in domestic proceedings  Emergency procedures

Option 4 cont’d: Protocol to Budapest Convention Framework and safeguards for transborder access to data  Transborder access to data with lawfully obtained credentials  Transborder access in good faith or in exigent circumstances  The power of disposal as connecting legal factor Data protection  Requirements for transfer transborder by LEA to a service provider abroad  Requirements for transfer transborder by a service provider to LEA abroad

Issues and options: What next? Agenda of Cloud Evidence Group  Meetings with providers (Brussels 25 April 2016) ✔  Exchange of views with data protection organisations (23 May 2016)  Discussion at T-CY Plenary May 2016  Presentation of final recommendations to T-CY on November 2016  Octopus Conference, Strasbourg, November 2016 Options proposed to be pursued in parallel 1.Legal and practical measures for more efficient MLA 2.Guidance Note on Article 18 Budapest Convention 3.Practical measures to facilitate cooperation with service providers 4.Protocol to Budapest Convention Note: Similar issues are also discussed within the European Union