The increasingly sophisticated realm of crime involves challenges related to digital evidence, and employing such evidence in court, as well as actors, actions, or substantial effects that are wholly or in some part located or have been carried out in different jurisdictions. Access to relevant evidence is essential both for the conviction of criminals and for the protection of those wrongly accused. However, due to the decentralised nature of cyberspace, the targeted evidence may be residing in multiple jurisdictions at once or it may be impossible to identify the location at all at a given time (e.g. in the case of cloud computing). This presentation examines a range of traditional and novel tools aimed at ensuring law enforcement agencies’ cross-border access to evidence such as the Mutual Legal Assistance framework, and the initiatives in the European Union (notably the e-Evidence proposal), Council of Europe (the Budapest Convention) and in the United States. The discussion then moves on to relevant principles of international law such as territorial sovereignty, and seeks to examine the possible global reach and effect on other regions of the EU e-Evidence proposal.

1. Law Enforcement Access to
Transborder Data: Global
Reach of the Proposed EU
e-Evidence Regulation
Dr Anna-Maria Osula
Guardtime / Tallinn University Of Technology / Masaryk University
October 2020
Code Blue Conference

2. • This presentation is partly based on the following article: Dan
Svantesson and Anna-Maria Osula, ”Unresolved jurisdictional issues in
law enforcement access to data”, to be published as a chapter in the
“Cambridge Handbook of Digital Evidence in Criminal Matters“, edited
byVanessa Franssen and StanisławTosza, Cambridge University Press
(2020/2021) and based on research that was supported by Masaryk
University project no. CZ.02.1.01/0.0/0.0/16_019/0000822 (C4E) .

3. OUTLINE
INTRODUCTION
1.Current means for transborder access
2.Legal bases for transborder access
3.International cooperation
CONCLUSIONS

4. INTRODUCTION

5. INTRODUCTION (I)
• Increase in the use of ICT coupled with increase in malicious cyber
incidents
• Evidence needed for criminal proceedings is increasingly in digital
form
• “more than half of all investigations involve a cross-border request to access
[electronic] evidence” (EC 2018)
• Modern technologies are transforming investigations
5

6. INTRODUCTION (II)
• Need effective investigation techniques & time-critical access to data
• Evidence often located outside domestic territory
• Ambiguous regulation regarding extraterritorial investigations
• ‘Surveillance’ is outside the scope of this presentation
6

7. INTRODUCTION (III)
• Examples of cases involving cyber crime and resulting in class action
settlement:
• Yahoo data intrusion 2012-2016 – 117 million USD
• Equifax data intrusion ivolving 147 million people – 700 million USD
7

8. CURRENT MEANS FOR
TRANSBORDER ACCESS
HOW TO GET THE EVIDENCE?

9. OPTIONS FOR ACCESSING DATA EXTRATERRITORIALLY
• Mutual Legal AssistanceTreaties (MLATs)
• Conventions, bilateral agreements
• Through other networks of national entities
• Mutual Legal Assistance (MLA) process heavily critiqued
• “…inefficient in general, and with regard to obtaining digital evidence in
particular…” (Council of Europe, 2012)
9

10. MLATS’ DOWNSIDES MAY INCLUDE
• Time
• ‘Message in a bottle’
• Not between all countries
• Not up to date
• Do not include necessary measures
• The other Party decides not to cooperate
• Etc.
10

11. Prosecutor
X
MoJ
MFA
Foreign
MFA
Foreign
MoJ
Foreign
Prosecutor
Y
Slide from ‘International Cooperation in Fighting Cybercrime: the Future is Now’ by Mr Lodewijk Van Zwieten, Dutch National Prosecutor for Cybercrime & Mr Geert Schoorens, Federal Prosecutor’s
Office of Belgium, CyCon 2015
MLATS’ MECHANISM

12. OTHER OPTIONS
• Europol, Eurojust or Interpol
• 24/7 point of contact networks
• (In)formal LEA-LEA cooperation

13. CHALLENGES
• Speed
• Loss of (knowledge of) location
• In some instances impossible to determine the location of the data
• Growing ease of use and accessibility to technologies facilitating online anonymity
• Off-shore heavens?
• Inaccessible by using MLATs
• How to proceed?
• Possible inadmissibility in court

14. LEGAL BASES FOR
TRANSBORDER ACCESS
IS SUCH ACCESS LEGAL?

15. INTERNATIONAL AND DOMESTIC LAW
• International law
• International agreements (e.g. the Council of Europe Convention on
Cybercrime, 2nd Additional Protocal; EU regulation)
• International law (e.g. sovereignty)
• Replacing “State-to-State” with “State-to-ISP”
• Domestic law
• E.g. US Cloud Act (2018)
• requires internet service providers to hand over data to US LE agencies, no
matter where that data is stored
• bilateral agreements with “qualifying foreign governments”

16. EUROPEAN UNION (I)
• E-Evidence initial proposal (still up to debate):
• create a “European Production Order” which will allow a judicial
authority in one Member State to request electronic evidence
directly from a service provider offering services in the EU and
established or represented in another Member State, regardless of
the location of data,
• SP will be obliged to respond within 10 days, and within 6 hours in
cases of emergency; compared to up to 120 days for the existing
European Investigation Order or an average of 10 months for a
Mutual Legal Assistance procedure

17. EUROPEAN UNION (II)
• offer a tool for preventing data being from being deleted.This will
be done via a “European Preservation Order” which will allow to
preserve specific data to enable the authority to request this
information later via other means (MLA, a European Investigation
Order or a European Production Order);
• include strong safeguards and remedies. Both orders can only be
issued in the framework of criminal proceedings and all criminal law
procedural safeguards apply.

18. EUROPEAN UNION (II)
• oblige service providers to designate a legal representative in the
Union: to ensure that all service providers that offer services in the
EU are subject to the same obligations, even if their headquarters are
in a third country;
• provide legal certainty for businesses and service providers:
whereas today, law enforcement authorities often depend on the
good will of service providers to hand them the evidence they need,
in the future, applying the same rules for ordering the provision of
electronic evidence will improve legal certainty for authorities and for
service providers.

19. INTERNATIONAL
COOPERATION
OR JUST AN EUROPEAN AFFAIR?

20. INTERNATIONAL COOPERATION
• The European Commission will engage in two international
negotiations on cross-border rules to obtain electronic evidence:
• with the United States, and
• on the Second Additional Protocol to the Council of Europe Budapest Convention
on Cybercrime
• Both mandates include specific safeguards on data protection,
privacy and procedural rights of individuals.
• Also examples of “data nationalism” / localisation

21. GLOBAL REACH OF THE PROPOSAL
• Proposal still under review, multiple issues under debate (see e.g.
MEP Birgit Sippel’s report)
• Clear global reach due to targeting foreign-based service providers =
not focusing on the (physical) location of the data
• Good cooperation with the EU (Japan: GDPR example) could offer
bases for expedited cooperation in criminal investigations
• Possible model law

22. CHALLENGES
• Challenges and possibilities for international partners
• Role of SPs (responsibility of protecting human rights shifted to
them?)
• Safeguards, human rights (notification?, effective legal remedies)
• Sovereignty, conflicts of law
• Speed of investigations
• New form of cooperation

23. OTHER GLOBAL TRENDS
• State-to-state approaches and those ‘sidestepping’ the central role
of states regarding the data stored on their territory
• Traditional focus on the territoriality principle shifting to more
operative mechanisms not necessarily requiring the prior
authorisation of the other state
• Conflicts and uncertainty between states may occur as States’
activities may be breaching both national and international law, and
result in unsought escalation of retaliation measures

24. Conclusions
THE END OF TERRITORIALITY?

25. CONCLUSIONS
• States can not accept impunity for criminals
• Time of change: emerging state practice & interpretation of
traditional concepts of international law
• Threshold for a breach of sovereignty
• Exception for „Loss of location“
• Replacing “State-to-State” with “State-to-ISP”
• Dissonance between actual state practice & regulation
• More transparency of domestic approaches needed
25

26. References
• Proposal for Regulation on cross-border access to e-Evidence
https://eur-lex.europa.eu/legal-
content/EN/TXT/HTML/?uri=CELEX:52018PC0225&from=EN
• Proposal for Directive on appointing a Legal Representative
https://eur-lex.europa.eu/legal-
content/EN/TXT/HTML/?uri=CELEX:52018PC0226&from=EN
• European Commission Impact Assessment (2018) https://eur-
lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:52018SC0118&from=EN
• MEP Birgit Sipper draft report (2019)
https://www.europarl.europa.eu/doceo/document/LIBE-PR-
642987_EN.pdf

27. Thank you! Q&A