The media, new technologies, and Artificial Intelligence undoubtedly offer countless advantages for work, study, and daily life. However, they also present significant drawbacks from a legal perspective and regarding the prosecution of computer crimes committed using these tools.
One of the problems is authorship, which is needed to attribute a specific crime to someone. Behind IT systems or even social networks, it seems relatively easy to hide a person’s real identity, and it is also easy, through various VPN connections and different servers, to obscure the trail that a person with malicious intentions could leave when committing a crime. In other words, to the problem of authorship, we can add the inconvenience of determining traffic data and browsing traces.
Legislative gaps and responsibility of technology platforms
Legislation is always far behind in addressing new problems (if not entirely new): Why don’t platforms obligatorily verify profiles, both for identity and age majority? The solution does not seem complex but rather reflects the will of these large tech companies, which, under the guise of unrestricted freedom (and, in my opinion, misunderstood, since not everything goes), override other safeguards, which at least in Europe we have earned over many years. False profiles would be eliminated or limited from where they are indiscriminately disseminated, regardless of the accuracy of a news item, or exploited to commit various crimes. There are gaps in regulation and, above all, a lack of cooperation between States within the International Community.
And if we consider how this affects the legal profession, we can see that these types of crimes, where money can disappear from an account in one country and appear in seconds in another (globalization without any control), require agility in reporting to the State Security Forces, the Public Prosecutor’s Office, or in the initial proceedings (essential) before the Court on Duty. Every hour that passes increases the damage and lowers the chances of success. In addition, tech companies are not equipped to respond quickly to such requests.
The challenge of electronic evidence and the chain of custody
It is also important to ensure the chain of custody of the evidence obtained and that any potential data extraction remains sealed for subsequent forensic analysis. This leads us to the problem of the limited regulation of electronic evidence, which has already been analyzed and studied by legal experts and some prosecutors. Additionally, in many cases, it is necessary to rely on circumstantial evidence to link the user to the criminal act and enable formal charges.
On the other hand, responsibility is very much shared: users are still very reckless, but we demand technological tools, paperless processes, and speed; however, legal professionals are accustomed to taking photos with our mobile phones of court files on a table or in a hallway. This is a solution for small cases, but impossible for cases with several volumes of investigation. We are moving toward digitalization in the courts, but the same staff must scan and take extra time from their ordinary work. There are no resources—it’s easy to say, but this is the reality, and it especially affects the investigation of crimes that use IT tools.
There are criminal organizations capable of launching massive attacks over the internet, anonymously, and able to erase their traces once crimes are committed. How do we fight against this? Rapid response by the Police, Prosecutors, and Courts, training for all agents and citizens, immediate digitalization with the necessary resources, real international cooperation, updating applicable legislation, implementing minimum controls on platforms and internet giants (and holding them accountable), and raising awareness among users.
Urgent needs: international cooperation, legislation, and awareness
Some supranational conventions have addressed this issue. The starting point was the Budapest Convention on Cybercrime of November 2001, ratified by Spain in 2010 and complemented by the Additional Protocol to the Council of Europe Cybercrime Convention. Both the National Police and the Civil Guard have specialized units, and there are highly trained prosecutors (excellent professionals I know) in a specialized unit, giving hope to those of us who defend the interests of clients who have suffered so-called “cyber” crimes. But this needs to be extended to all police stations, all courts, and legislators must be required to adapt the law to current punishable behaviors.
ARTICLE PUBLISHED IN THE CONNECTADOS MAGAZINE OF THE CEF-UDIMA GROUP
LINK
