Data in Law Enforcement:

Introduction

On October 5th 2022, Microsoft brought together relevant stakeholders and partners into a per invitation only workshop that explored core topics related to law enforcement access to electronic evidence. The agenda featured four dedicated sessions with experts from several intergovernmental organizations, academia, and industry, who addressed some of the most pressing issues associated with law enforcement’s access to electronic evidence both in the EU and globally. Key topics included the OECD Guidance on Trusted Government Access to Personal Data, international agreements on electronic evidence access, the UN Cybercrime Convention and digital evidence of war crimes.

Building a Foundation for Trusted Government Access to Personal Data

The workshop ‘Data in Law Enforcement’ started with a first session discussing the current work of the OECD on lawful government access to data. The long history of digital work carried out by the OECD has enabled it to bring together different communities of experts in a multidisciplinary task that affects many fields of our society.

For the last two years, the OECD has worked on articulating a set of principles on government access to personal data held by the private sector, based on commonalities in laws and practices of OECD countries in the safeguards they apply to such access. The panelists agreed that one of the main challenges in drafting international standards on government access to data is identifying the commonalities across the different legal frameworks. Terminological nuances and applications must be carefully scrutinized, as cultures and governments have different understandings of terms like ‘transparency’ and ‘lawful access’. Striking a balance between granularity and generality has been another important aspect that was taken into consideration, to be able to allow space for interpretation. Panelists agreed that while there is a concern that various legal instruments on data privacy and access may cause international conflicts, the emerging OECD principles could help avoid the emergence of bilateral disputes.

The industry has been dealing with uncertainty on the process of data transfers, which depends on the requesting authority, location of requested data, location of company and other circumstances. The OECD principles are one of the many initiatives to advance work around this topic. For many years, law enforcement did not reach out to the private sector to discuss policies and best practices. However, there is now a general acknowledgement that multistakeholder consultations are vital for this topic. The principles are expected to be finalized by the end of the year.

International Agreements: Strengthening Electronic Evidence Access

The second session focused on the recently signed Data Access Agreement between the UK and the US. The UK-US CLOUD Act Agreement is the first of its kind, putting forward a single standardized structure for requests from UK and US law enforcement bodies to have direct access to electronic data stored by companies in the other country. The agreement, which came into force on October 3rd, will enable authorities to filter 100.000 requests, with responses taking only a few weeks. Mutual Legal Assistance agreements will still be used only in exceptional cases.

On the other hand, the Australia-US data sharing agreement has already been signed in December 2021, and the procedure only took a few years compared to thirteen years between the UK and the US. The latter has also set a good foundation for the Australian negotiations.

Panelists agreed on the fact that a deal between the US and the EU for data transfers is absolutely necessary as the largest digital companies are registered in the US. However, the current priority for the EU is to have in place harmonized internal rules on access to electronic evidence. The adoption of the e-Evidence regulation, which is expected soon, will enable the EU to continue negotiations with the US. Signing an agreement with the US would ultimately prevent having a fragmented situation where Member States themselves enter into agreements with the US. However, while fragmentation is a risk, it is nevertheless important to note that most US tech providers have European headquarters in Ireland and thus requests for data can be issued there.

Negotiating a New Cybercrime Treaty: a Challenge or an Opportunity?

The third session was dedicated to the current negotiations of the UN Cybercrime Convention. All panelists agreed that a global treaty on cybercrime creates opportunities for stronger collaboration between law enforcement agencies globally, but also between the private and public sector, through the creation of a common collaboration framework. From the industry perspective, the treaty can provide a baseline for better collaboration on technological matters like data access in and across different sectors. Acknowledging the varying level of capacities of law enforcement agencies around the globe, the treaty may create an opportunity to establish potential benchmarks for the required capacities and mobilize donor/partner states for capacity building projects. As such, the treaty may provide the opportunities for building on existing best practices, increasing the interoperability of agencies by defining clear processes and criteria, and providing a framework for capacity building so that states can more effectively combat cybercrime.

Panelists raised concerns that the treaty may be too broad and that some countries may try to include controversial issues that have little chance of reaching wide agreement, let alone consensus. To tackle this issue, advocacy for a narrow scope of the potential cybercrime treaty is critical. Furthermore, more clarity on the nature of cooperation, conditions on data flows, understanding of data preservation and the role of sovereignty is critical. Moreover, panelists raised concerns that the treaty may lead to either duplication of existing collaborations and conventions or overrule existing networks of international cooperation that work fine at this point. To avoid this, a stronger inclusion of law enforcement agencies and the private sector is needed to ensure the bridging of diplomatic and operational practices. Lastly, not all states have the required capacity to tackle cybercrime. To ensure the effectiveness of the treaty, capacity building remains essential. As it stands, the aim is for the negotiation to be concluded by February 2024.

The Road to Digital Evidence in War Crimes

The last panel of the workshop raised awareness of the unique challenges of war crime investigations and prosecutions and to the opportunities that digital transformation can bring to such investigations. There are several types of data that end up in the courtroom, from witness statements, official records, to more complex types that often require interpretation, such as satellite imagery or call data records. Investigations and prosecutions of international crimes are coupled with a unique set of challenges in terms of online sources. There are scanned handwritten documents, where language varies, where computers inaccurately digitalize pictures and symbols, complex and varied battlefield evidence, coming in various different formats, often damaged, violent and disturbing multimedia that comes in large volumes.

To tackle these issues, the ICC partnered with Microsoft and Accenture to find digital solutions to investigating international crimes. For multimedia evidence, the ICC is able to identify faces with the help of AI, programs can identify objects in a video, such as weapons, landscapes, groups of people. Voices can also be transcribed and translated into text. From there, searchable descriptions and tags are developed, through a set of parameters and information can be put forward for human examiners that will present the evidence to the Court.

Outside the challenges faced within a single intergovernmental organization, there are multiple sovereign nations and stakeholders operating in the same space under different rules. Some of the issues include the potential exercise of universal jurisdiction by multiple countries, the lack of a unifying police force to coordinate the multiple complex investigations, the unique role of the public in gathering evidence, and lawful bases for sharing and managing the data.

The mobile app eyeWitness is an example of a tool that can be used by the public: based on a program that labels digital information, the app enables users to capture photos or videos and share them directly without being able to manipulate the content afterwards. Bellingcat is another independent organization that uses open source and social media investigation to probe narratives of conflict, crime, and human rights abuses. It archives data that is valuable for international investigations before it is taken down by online platforms, as a result of policy violations. The sudden interest in open source and the lack of actual knowledge in its intrinsic working complicates the discussions, as people draw too much attention to it without understanding its benefits and limitations. This leads to a need for standardization in the field. The Berkeley Protocol on Digital Open Source Investigations provides legitimacy to digital evidence as well as a general overview on how to lead open source investigations. Nonetheless, individual states have their own degrees of scrutiny in investigations and, as highlighted in previous panels, this is coupled with the issue of data sharing between countries. On top of this, the specificity of jurisdictions and new technology, and hence evidence, needs to be formally tested, as empirical knowledge on the matter is lacking.

Conclusion

The topics covered by the four panels are pieces of the same puzzle, and the exchanges led to the same conclusion: the solution will only come from a global multilateral approach, and a strong collaboration between private and public stakeholders. The OECD principles will set up a standard in both OECD and non-OECD countries, however, while they will not deliver the absolute answer to the topic, they could instigate a discussion for future regulation. Turning to international agreements on data access, the advancements in the field are unique and revolutionary for law enforcement authorities and Big Tech companies. There is an equal acknowledgement that bilateral agreements will get us part of the way, but not all the way; only multilateral agreements will solve conflict of laws and account for third party countries. The UN Cybercrime Convention discussions have enabled stakeholders from governments, industry, and civil society to raise concerns but also highlight the opportunities provided by these negotiations. The last panel emphasized the complexity of war crime investigations and prosecutions, but also the impact of digital transformation. The power to analyze large data sets in a way which can increase efficiencies, taking a lot of the repetitive work out, so that professionals can focus on adding value instead. This shift not only increases happiness in the workplace, but also helps to drive down time to prepare the prosecution of these complex, multi-jurisdictional offences.

Microsoft will continue to actively participate in various workstreams related to data in law enforcement with the aim of positively shaping the outcomes.