Electronic evidence

In December 2014, The Council of Europe Cybercrime Convention Committee (T-CY) established the ‘Cloud Evidence Group’ to explore the issues surrounding access to evidence in the cloud for criminal justice purposes. We examine some of the key challenges and solutions identified.




Scale of cybercrime and the rise of electronic evidence

The current scale of cybercrime is enormous. It is predicted that cybercrime as well as other crime involving electronic evidence will continue to rise significantly.


Ensuring the rule of law in cyberspace

Due to the incredible scale of cybercrime, only a small proportion of cases involving electronic evidence will ever be investigated. For most cybercrime victims, justice will not be served. This threatens the rule of law and the ability of governments to meet their obligations to protect society against crime and to protect the rights of victims.1


Cloud computing, territoriality and jurisdiction

“Cloud computing” means that data is distributed over different services, providers, locations and often jurisdictions. Some key issues include:

  • It is often not obvious for criminal justice authorities in which jurisdiction the data is stored, and which rules apply for lawful access by these authorities.
  • Different jurisdictions may apply to a service provider at the same time, due to various legal aspects related to its service
  • The sharing of resources is a key characteristic of cloud computing, and it is often unclear which service provider is in possession or control of which type of data.


The mutual legal assistance process was assessed by the T-CY as being inefficient in general, and with respect to obtaining electronic evidence in particular. It was found that response times to requests were between 6-24 months, and as a result many requests and investigations were being abandoned.



The Cloud Evidence Group proposed a combination of solutions for consideration:


Guidance Note on Article 18 Budapest Convention

A Guidance Note could be adopted to address the question of production orders for subscriber information. This would help in obtaining the type of information needed most often in criminal investigations.


Access to subscriber information

Access to subscriber information could be facilitated by differentiating between traffic data and subscriber information. Subscriber information is less privacy sensitive than traffic and content data. Therefore, the same safeguards are not needed in production orders for subscriber information. A policy reflecting this would facilitate domestic investigations and international cooperation.


Facilitating transborder cooperation

Steps could be taken to encourage cooperation between service providers and criminal justice authorities, in particular with respect to the disclosure of subscriber information upon a lawful request.

This could be achieved through methods including:

  • An annual meeting between the T-CY and service providers.
  • Establishing an online resource on provider policies and on procedural rules in Parties regarding production orders for subscriber information.


Direct cooperation

There should be provisions allowing for direct cooperation with service providers in other jurisdictions. The procedures and conditions should be clarified, and data received from service providers should be admissible as evidence in criminal proceedings.


Transborder access to data

There should be a clearer framework and stronger safeguards for existing practices of transborder access to data.2


Measures to increase efficiency of mutual legal assistance

The T-CY provides a set of recommendations to achieve more efficient mutual legal assistance.


Key takeaways

The Cybercrime Convention Committee (T-CY) established a working group to explore solutions for access to evidence in the cloud for criminal justice purposes, including through mutual legal assistance. This decision was motivated by the recognition that in the light of the proliferation of cybercrime and other offences involving electronic evidence, and in the context of technological change and uncertainty regarding jurisdiction, additional solutions are required to permit criminal justice authorities to obtain electronic evidence in criminal investigations.




1 On the obligation of Governments to protect individuals against crime, including through criminal law, see European Court of Human Rights in K.U. v. Finland


2 https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016802e70b6

Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations, and in all aspects of mutual legal assistance law.

Contact us if you require assistance.