Fifteen Eighty Four

The age of electronic evidence: challenges and the need for cooperation of service providers

In today’s digital age, where information and communication technologies have revolutionised how we communicate, store, access, and share information, and where artificial intelligence is becoming more and more widely used, the role of technology in criminal investigations has increased significantly. This digital transformation brings both opportunities and challenges.

Electronic devices and online services have become integral to modern criminality, ranging from hard-core cybercrime to traditional offences enabled or facilitated by such tools.As a result,almost every criminal case involves nowadays the use of such tools, leaving behind valuable digital traces for criminal investigations.

Nevertheless, collecting and preserving digital evidence is no simple task.In their efforts to collect the evidence, law enforcement authorities (LEAs) encounter multiple technical, legal and procedural obstacles, which hamper the effectiveness of criminal investigations.

Firstly, their existing investigative tools and powers do not always keep pace with the new technological reality. The lack of adequate legal powers creates a grey zone, which raises concerns for citizens and other stakeholders.

Secondly, data is inherently volatile for both technological and legal reasons. Its storage location is often uncertain or changing due to the characteristics of the data infrastructure. The applicable legal frameworks (e.g. with respect to data retention) differ across jurisdictions and fluctuate over time, also under the influence of European legislation and case law.

Thirdly, encrypted and anonymised communications, provided by private companies to protect the personal data and privacy of their users, have become mainstream and evermore strong. But they also complicate the conduct of criminal investigations.

Last but not least, the collaboration of private actors, which provide the said technologies and services, has become essential for the success of many criminal investigations, regardless of the type of crime. Without their cooperation, LEAs risk either failing to obtain crucial evidence or, perhaps even worse, resorting to overly intrusive investigative measures that could severely infringe the fundamental rights of users of the technology or service. While cooperation with private actors is nothing new (e.g. traditional telecommunications providers and financial institutions have been cooperating with LEAs for several decades), the novelty of this cooperation in the digital era is that new technologies and online services are often provided by foreign and even global service providers. As these providers are located outside the territory of LEAs, they operate under different legal frameworks, which inevitably leads to conflicts of laws and legal uncertainty.

In connection with the aforementioned challenges, criminal investigations nowadays frequently require international cooperation. But gathering digital evidence across jurisdictions is far from straightforward. Mutual legal assistance is notoriously slow and burdensome, and constitutes a real concern for LEAs, as they need to able to act swiftly before the data is lost. To compensate, there is a growing trend towards more direct cooperation with foreign service providers, but the legal framework for this cooperation is fragmented and still developing. Moreover, certain approaches are questionable in light of the state sovereignty. In the absence of a fitting legal framework, such cooperation sometimes takes place on a voluntary or informal basis, raising additional concerns about accountability, legal certainty, and the protection of fundamental rights.

At a global level, without a solid legal framework, cooperation with service providers risks falling prey to non-democratic regimes. Even in democratic regimes, there may be a strong push for further cooperation with minimum safeguards. At the same time, though, certain service providers are becoming more powerful than states, raising questions about their role in a democratic society and creating a real danger that they become the playball of a few tech moguls.

At EU level, the scattered approach to cooperation with service providers can disrupt the proper functioning of the EU internal market and impede the development of the Digital Single Market. Conflicting legal obligations are also likely to hamper the freedom to conduct business.

In reaction to those challenges, the legislative landscape is changing rapidly, in an attempt to keep up with the fast pace of technological developments and new criminal threats. This holds true for national law, as the various national chapters in the Handbook illustrate eloquently. Indeed, all legislators are confronted with the same problems, but the solutions to those problems are far from identical.

In the EU, the so-called e-Evidence Regulation was adopted in July 2023, after a long and difficult legislative process that was kicked off in April 2018. This Regulation – once it becomes operational in August 2026 – will bring about tangible changes by creating, for the first time ever, a direct cooperation mechanism between the judicial authorities of one member state and the service providers established or represented in another member state. While revolutionary from the perspective of cross-border judicial cooperation, its scope of application is however limited to two types of orders, relating to certain categories of data and addressing only certain service providers. Moreover, its application still requires substantial technical preparations and legal adjustments, at EU and national levels. Other pieces of the legislative puzzles (such as an EU legal framework on data retention) are still missing.

Furthermore, on a more global level, the Second Additional Protocol to the Cybercrime Convention, adopted in 2022 after four years of difficult negotiations, tries to provide a minimum set of guarantees. Even if this Protocol is unlikely to be a real game-changer, it does make some (small) steps forward in facilitating the gathering of digital evidence in a cross-border context. Its real added value will, however, depend on subsequent bilateral or multilateral agreements between states.  Most recently, in December 2024, the United Nations also adopted a Convention on Cybercrime, providing for some basic minimum protections.

Objectives and key elements of the Handbook

The Cambridge Handbook of Digital Evidence in Criminal Investigations offers a thorough legal examination of electronic evidence gathering in criminal investigations by providing an all-encompassing and intra-disciplinary analysis of the challenges, based on transversal and comparative research. In doing so, the Handbook seeks to contribute to a better understanding of the challenges and the solutions so far adopted at different levels – national, supranational, and international. Considering the key role of service providers in helping LEAs gather digital evidence, one of the key themes addressed in the Handbook is the importance of cooperation between LEAs and private actors.

Despite the pressing need for a solid legal framework for digital evidence gathering, existing legal solutions are diverse and often take a piecemeal approach. Essential for any common discussion on future-proof solutions is the adherence to a common terminology. But the Handbook shows that terms vary greatly across jurisdictions. For instance, while the term ‘digital evidence’ is widely used in legal doctrine, it rarely appears in national codes of criminal procedure. Similar concerns exist with respect to data categories (and the categorisation of new types of data) as well as service providers, which are subdivided differently and sometimes in overlapping manners, resulting in a disparate and scattered legal framework of rights and duties. This absence of standardised terminology complicates the cooperation between states, LEAs and private actors.

Furthermore, the Handbook unveils that issues like data localisation for the purpose of (enforcement) jurisdiction have not yet been adequately addressed and will be a source of discussion in the years to come. As far as data retention regimes go, national laws show great disparities, in the EU and beyond, notwithstanding several landmark cases of the Court of Justice of the EU. This inevitably creates an impediment to a level-playing field for LEAs seeking to get access to valuable data for criminal investigations and puts pressure on private actors.

More generally, the Handbook tries to grasp the overall impact the push for more effective gathering of digital evidence has on the design of the criminal justice system and analyses the blurring boundaries between criminal law and intelligence, as certain types of crimes rather belong to the field of cyberwarfare and/or threats to national security. Yet, the distinction between criminal law and intelligence is far from insignificant, considering its implications for the protection of fundamental rights.

Next, as criminal investigations often intersect with data protection laws, there are numerous questions tackled regarding balancing the need for effective law enforcement with the safeguarding of privacy rights. This balance is however complicated by the lack of coherence and complex interplay between different EU legal instruments.EU legal frameworks often result from topic-specific negotiations between the European institutions and member states, that yield disparate solutions for similar or related issues regarding cross-border evidence gathering.

The structure of the Handbook

The Cambridge Handbook of Digital Evidence in Criminal Investigations is divided into three parts.

Part I focuses on specific topics related to the collection of digital evidence, emphasising a transversal and more in-depth approach, examining such issues as: encryption, data protection, admissibility of evidence, jurisdiction in cyberspace and intelligence activities, as well providing an in-depth analysis of the adoption of the e-Evidence Package and the Second Additional Protocol to the Cybercrime Convention.

Part II examines the processes involved in gathering digital evidence and explores the collaboration between LEAs and private service providers in seven EU member states: Belgium, Estonia, Germany, Ireland, Luxembourg, Poland and Spain. This section concludes with a comparative analysis of the legal systems in these EU countries, revealing significant differences, disparate approaches, as well as notable gaps in the protection of fundamental rights.

Lastly, considering the complexity of the topic extends beyond the EU, Part III analyses five significant non-EU legal systems: China, Russia, Turkey, the United Kingdom and the United States. The presentations of these jurisdictions help understand better the challenges and risks of cross-border cooperation for digital evidence gathering.

In its conclusion, the Handbook advocates for greater coherence and consistency in EU legal frameworks, particularly concerning cross-border digital evidence gathering and the intersection of criminal procedure with data protection. It highlights the fragmentation in existing regulations, the complexity of enforcement mechanisms, and the challenges posed by under-regulated areas such as data retention and the distinction between intelligence and criminal law. Additionally, it emphasizes the insufficient procedural safeguards and legal remedies for citizens in cross-border investigations, calling for stronger protections of fundamental rights. Ultimately, it urges policymakers to prioritize legal clarity and balance fundamental rights with effective law enforcement.