Tag Right to a fair trial

The future of data driven investigation in light of the Sky ECC operation

jjoerlemans Een reactie plaatsen

In our article, ‘The future of data driven investigations in light of the Sky ECC operation’, we examine whether or not, and on what terms, there is a future for data driven criminal investigations.  To answer the research question, we identified the main characteristics and legal criteria for data driven investigations. We use the Sky ECC operation to contextualise data driven investigations. The legal criteria are derived from the right to privacy and the right to a fair trial. Finally, we examine the impact of a violation of these criteria for the use of evidence in criminal proceedings.

The full article is published in open access in the New Journal of European Criminal Law (.pdf). It is part of a thematic issue ‘Bridging the Regulatory Disconnection Between Data Collection and Data Analysis in Criminal Investigation’. In this blog post, we share our main findings.

The Sky ECC operation

Sky ECC is an app on so-called cryptophones, which were widely used by individuals involved in organised crime. The app used encryption techniques to communicate more securely and entailed additional features to anonymise its users.

French, Dutch and Belgium law enforcement authorities cooperated in a Joint Investigation Team (JIT) to gather evidence about the criminal activities of Sky Global and its users and share technical knowhow. In our article we explain the events of the operation as detailed as possible. Most notably, French law enforcement authorities were able to collect and decrypt messages and other data sent by Sky ECC cryptophones from 18 December 2020 until presumably approximately 9 March 2021.

According to Belgian law enforcement officials, 1 billion (!) messages were intercepted by French law enforcement authorities in France and shared with the JIT partners. At least 500 million messages of this ‘bulk interception’ were decrypted within the first month. We believe that these messages represent a treasure trove or “jackpot” for law enforcement authorities, due to the potential evidence of crimes and intelligence that can be derived from them. Law enforcement officials have made similar statements in interviews.

Therefore, the Sky ECC operation is a prime example of a data driven investigation. This type of investigation involves the processing of data that has been collected by law enforcement authorities in an earlier phase, which is then enriched, and linked with other data for future investigations. Of course, the bulk collection and subsequent analyses of data for use of evidence, raises questions relating to the right to privacy and the right to a fair trial.

  1. Right to privacy

In our article, we examine the privacy interference in an operation such as Sky ECC and identify which minimum safeguards the European Court of Human Rights (ECtHR) would probably require in a (future) case involving this type of operation. We explain that the bulk collection in Sky ECC significantly interferes with the right to privacy and the ECtHR would probably require at least the same safeguards as identified in the case of Big Brother Watch and Centrum för Rättvisa.

We find it particularly noteworthy that the minimum safeguards do not only focus on the collection phase, but require safeguards during all phases, including the (further) processing of data. Obviously, only a warrant provided by a judge or independent authority to justify bulk interception of communications is not enough. With these minimum safeguards, the ECtHR makes clear that throughout the phases of bulk data investigations, principles of data protection regulations apply. Here, the ECtHR clearly establishes a connection between criminal procedural law and data protection law.

In order to minimise the risk of the bulk interception power being abused, the ECtHR emphasises the need for ‘end-to-end safeguards’. This entails the following key elements: (a) a necessity and proportionality assessment should be made at each stage of the process; (b) bulk interception should be subject to independent authorisation at the outset, when the object and scope of the operation are being defined; and (c) the operation should be subject to supervision and independent ex post facto review.

  1. Right to a fair trial

In our analysis of the right to fair trial, we focused on the ‘equality of arms’, a key principle of the right to a fair trial. The ECtHR has consistently judged that criminal procedure should be adversarial and that there should be ‘equality of arms’ between prosecution and defence. Building upon earlier work of others, we identified three main elements of the equality of arms in the context of the Sky ECC operation: (1) transparency; (2) reliability of evidence; and (3) access to datasets.

We noted that the use of algorithms, key word indexes, or network analysis techniques is rarely mentioned in case law. Yet, this information may be relevant when discussing the reliability of the evidence. Compared to earlier work, we made a more in-depth analysis regarding the issue of the reliability of evidence.

The legal evaluation of the authenticity and reliability of digital evidence, and therefore the opportunity for the defence to challenge digital forensics expertise, depends on the selected digital forensic process, methods, and tools for each forensic task. There must be sufficient documentation and possibilities to challenge the reliability of evidence. At the same time, we point out that Sky ECC messages are rarely the only source of evidence used to convict individuals of crimes. Oftentimes, additional sources of evidence are available, such as data production orders directed at telecommunication service providers to gather subscriber and location data, data production orders to gather passenger name records, seizing a suspect’s cryptophone, correlating the nicknames of suspects from other sources of evidence to Sky ECC messages, and, of course, obtaining testimonials or even confessions from suspects. Taken together, this may be factored in when assessing the reliability of evidence.

With regard to access to datasets, we reiterated that all information that is deemed relevant in a particular case and that can be used against the suspect in a criminal case (the tertiary dataset), should be disclosed to the suspect. In addition, the defence should have sufficient facilities (an ‘effective opportunity’) to access and analyse the data. The defence can request and should motivate why they require further access to the secondary dataset. When the Public Prosecution Service denies access to the data, it must motivate this refusal, for example by referring to ongoing (other) criminal investigations or the risk of reprisals for individuals who are also part of the dataset.

  1. Exclusion of evidence

In general, the ECtHR keeps aloof when it comes to the assessment of evidence, as this is rather a task for the national judges, especially assessing the admissibility or weight of specific pieces of evidence. In other words, the ECtHR provides for a large margin of appreciation on this matter by national judges. Nevertheless, some overall observations should be made.

In our article we first point out that the ECtHR has repeatedly found that evidence obtained through a violation of the right to privacy does not necessarily amount to a violation of the right to a fair trial. Hence, privacy violations should not lead to the exclusion of evidence and could have little to no impact on ongoing and future possible criminal cases. However, it is uncertain this will remain so, due to case law of the Court of Justice of the European Union.

Second, violations of the right to a fair trial may have serious consequences for the outcome of an investigation. Not only can evidence be excluded from the procedure, e.g., when evidence is not reliable, but a violation of the right to a fair trial can also render the procedure as a whole inadmissible or lead to the acquittal of suspects, e.g., when the defendant has not had proper access to the evidence.

Conclusion

The Sky ECC operation illustrates a law enforcement practice in which intelligence and criminal investigations have become intricately intertwined, potentially spawning hundreds, if not thousands, of criminal cases from a single activity involving bulk data collection.

We posit that Sky ECC may serve as a precursor to future operations in which law enforcement authorities target similar ‘grey infrastructures’, employing investigative techniques such as the seizure of servers, hacking, or the interception of communications, or all of these at the same time. However, law enforcement authorities must tread carefully on the fine line between intelligence gathering and criminal investigation. There is a danger that the main objective becomes a fishing expedition, because the sought-after data may be a treasure trove for other criminal investigations, but not sufficiently related to the investigation at hand. There is also the risk of a slippery slope, as it is unclear what proportion of criminal activity makes an infrastructure exactly ‘grey’ and thereby a potential target for law enforcement agencies.

When regulating data-driven investigations, the main take-away of our analysis relating to the right to privacy is that a warrant authorising the acquisition of the data is not a sufficient safeguard. The ECtHR requires that data protection regulations are also applied and overseen by independent and effective oversight bodies. Criminal procedural law, which regulates the collection of data, and data protection law, which regulates the processing of data, are connected and intertwined.We also emphasise that violations of the right to a fair trial may have serious consequences for criminal proceedings, since they may lead to the exclusion of evidence. Therefore, we anticipate an ongoing discourse on the transparency and reliability concerns in operations like Sky ECC.

Jan-Jaap Oerlemans & Sofie Royer

This is a cross-post from sofieroyer.be and Montaigne Centre Blog.

Legal Aspects of the EncroChat-Operation

jjoerlemans Een reactie plaatsen

In our article, ‘Legal Aspects of the EncroChat Operation: A Human Rights Perspective’, we examined what lessons can be learned from the Dutch experience with the EncroChat operation from a human rights perspective, in particular the right to a fair trial. The full article is published in open access in the European Journal of Crime, Criminal Law and Criminal Justice (.pdf).

As compared to other legal systems, the Dutch judiciary published a large number of cases at First Instance Courts and Courts of Appeal, in which EncroChat evidence is used. Dutch courts extensively considered arguments of defence attorneys relating to the right to a trial. Therefore, it is interesting for lawyers from other legal systems to review the state of knowledge in the Netherlands.

In order to explain what lessons can be learned from the Dutch experience, we set out the known facts about the operation, show how Dutch courts dealt with legal questions arising from the operation and examined relevant case law of the European Court of Human Rights (ECtHR).

We conclude that the right to a fair trial in Article 6 ECHR proved important in Dutch case law in three ways:

  1. Providing transparency about the operation;
  2. Providing a legal basis to test the reliability of the evidence obtained; and
  3. Providing access to data used as evidence against suspects in a criminal case.

1. Transparency about the operation

In our article, we explain how unrelenting questions of defence attorneys, with a(n) often implicit) basis in article 6 ECHR, led to discovery of details about the EncroChat operation in France and how the data was shared by French authorities and further processed by Dutch authorities. That was no easy feat, as the French declared the operation a state secret and the Dutch judiciary accepted that as fact with regards of the principle of trust.

Keeping the operation secret challenges the right to a fair trial under article 6 ECHR, more specifically the principle of equality of arms. Part of the principle of equality of arms is transparency about the manner in which the evidence is gathered. Law enforcement authorities and the public prosecutor can have a legitimate interest to keep information about the operation secret. However, keeping this information secret is allowed only insofar as it is strictly necessary and must be counterbalanced by the procedures followed by the judicial authorities.

In the Netherlands, as a counterbalance, an extra warrant must be obtained to create a subset of the EncroChat data to use it in a (new) criminal investigation. This way another (Dutch) judge will test the principles of proportionality and subsidiarity with regard to the processing of the EncroChat data, while taking into account the reproducibility of evidence and the protection of privileged communication.

2. Testing the reliability of the evidence obtained

The right to a fair trial also provides a legal basis to test the reliability of the evidence and the method of acquisition. When software is used in the collection of data, this can have a major influence on the reliability of evidence, because it challenges the confidentiality, integrity and availability of data.

Dutch case law shows that the Netherlands Forensic Institute reported that the hacking and interception software did not operate continuously, not all messages on EncroChat phones were intercepted during the entire operation and there had been instances of a mix-up in outgoing and incoming calls from EncroChat phones.

However, these shortcomings did not lead to the conclusion that all evidence from the EncroChat operation is unreliable. So far, Dutch defence attorneys failed to establish that the EncroChat data used as evidence was unreliable and no data has been excluded from evidence.

3. Access to EncroChat data

The right to a fair trial enables the defence – to a certain extent – to access EncroChat data that may be relevant in the trial against their client. Suspects need to be able to access the data in order (a) to review its integrity; (b) to review its reliability (because all EncroChat messages are sent under pseudonyms); and (c) to determine whether exculpatory evidence can be found in the dataset.

Our analysis of case law of the ECtHR shows that, while suspects cannot access all information collected in the EncroChat operation, they have a right to access data that is deemed relevant in their case. In addition, the defence should be able to reason why they require further access to EncroChat data, including data that is not part of the dataset created by the public prosecution service. They should also have the sufficient facilities (an ‘effective opportunity’) to access and analyse the data.

In the Netherlands, the defence can argue why they should be able to access both types of data based on key words and the use of filters. Sometimes access is refused because of ongoing (other) criminal investigations or for privacy reasons of individuals involved. The defence is facilitated in accessing the data at the Netherlands Forensic Institute and can use the same software as law enforcement authorities use to search and analyse the EncroChat data themselves. They can also request the data, which could then be provided to the defence in a readable format.

Conclusion

In conclusion, legal practitioners can learn from the Dutch experience with criminal cases following from the EncroChat operation. Especially arguments of defence attorneys relating to the right to a fair trial and the way Dutch practice dealt with these questions are noteworthy. 

The following three lessons can be learned:

  1. Defence attorneys will demand more transparency about the way the evidence is collected following the EncroChat operation. Some details about the operation may be kept secret, but must be counterbalanced. In the Netherlands, additional warrants with specific safeguards must be obtained to create a subset of the collected data. This data can then be used in a new criminal investigation. We argue this should be viewed a good practice.

  1. Defence attorneys will question the reliability of the evidence. The public prosecution service and law enforcement authorities should prepare for this argument and explain why the particular EncroChat data that is used in a criminal investigation is reliable. In addition, we recommend that other sources of evidence are used besides EncroChat data. Multiple sources of evidence may validate each other and strengthen the case.

  1. The defence has a right to access data that is used as evidence against a suspect. In the Netherlands, the defence now has the practical means to access this data and the right to argue why they should have access to a larger dataset. The defence is also facilitated in accessing the data in readable format. In our view, the public prosecution office and judiciary should prepare for requests of defence attorneys to access EncroChat data and States should invest in an infrastructure to facilitate these requests.

J.J. Oerlemans and D.A.G. van Toor

This blog is a cross-post from ‘Montaigne Blog‘.