Digital forensics: Not everything that is technically possible is legally permissible
When gathering evidence for criminal cases, the field of digital forensics is becoming increasingly important. Smartphones, laptops and other electronic storage media are recovered and used to provide important evidence in the investigation of a crime. This presents frequent challenges to the authorities – for example, they are faced with the problem analysing unimaginable volumes of data. Indeed, this work could be considered impossible without the support of IT professionals. We talked to Prof. Dr. Felix Freiling, Chair of Computer Science I and Prof. Dr. Christoph Safferling from the Chair of Criminal Law, Criminal Procedure, International Criminal Law and Public International Law about digital forensics and the need for co-operation between computer scientists and the authorities.
Why is digital forensics currently so relevant?
Prof. Dr. Felix Freiling: ‘Electronic media are increasingly dominating our lives. Every smartphone or in-car navigation system stores data about our communications or our movements, which can be of interest to the public prosecution service and the police when facts need to be clarified.
Prof. Dr. Christoph Safferling: ‘These days there is hardly ever a criminal offence in which the police do not immediately confiscate all mobile phones. The data from these must be carefully interpreted and professionally handled to provide suitable evidence for investigation procedures.’
What do we mean by digital forensics and how do computer scientists and lawyers actually collaborate?
Freiling: ‘Digital forensics involves collecting and analysing evidence recorded on digital media. This is relevant not only to computer-related crimes, such as the sending of scam and phishing emails, but it is also used in the case of conventional crime, for example when the authorities wish to establish the motive for a murder they will examine electronic media belonging to suspects such as mobile phones and laptops. IT specialists can examine the devices and even uncover any tampering that may have occurred.’
Safferling: ‘For their part, lawyers have a different skills set. They are familiar with the legal aspects of the crimes committed and can therefore say what type of evidence to look for. In addition, they can look beyond the boundaries of what is procedurally permissible. Not everything that is technically possible is also legally permissible – you only need to think of the protection afforded to personal privacy against state intervention.’
What are the new challenges facing criminal prosecution? For example, are specially trained personnel needed? Why does digital forensics pose challenges to the authorities?
Safferling: ‘Misunderstandings often occur between legal and technical fields. For example, if a lawyer specifies that they want all documents from a hard disk, then the IT specialist is not sure what exactly is meant: only Word files, e-mails, or chat log files?’
Freiling: ‘In addition, the capabilities of the digital world are constantly changing. Highly complex algorithms have to be understood, for example in the case of virtual currencies, like Bitcoin. Without an in-depth technical understanding of the processes, the prosecutors cannot get anywhere.’
Safferling: ‘A judge certainly cannot be expected to have this kind of specialised computer knowledge. As in other areas, such as forensic medicine or forensic psychiatry, the judge is therefore reliant on experts to make the processes understandable. At the same time though, the opportunities to produce evidence by analysing electronic devices can be extremely helpful to the legal process because these contain unbelievable amounts of information that may be relevant to the case.’
Freiling: ‘The interpretation of stored data depends on very many related factors, such as the installed program versions and personal settings and is therefore a complex affair which needs trained specialists. Another difficulty we often face is the sheer amount of data that can now be stored on very small devices. So if you don’t know exactly what you’re looking for, then you have a problem. If you add encryption to that, it becomes even more difficult.’
Will new legislation be necessary or useful for digital forensics?
Safferling: ‘Under the constitution, the German government can only take actions that contravene the basic rights of individuals if it has the legal authority to do so. In some prosecution cases the impact on basic rights is huge and we still do not have the explicit statutory authorisation we need. Here it would be helpful if the authorities would take charge of the situation and draft an appropriate legal framework. I could give you plenty more examples. Another problem is the fact that jurisdiction does not extend across national borders. At this level you need more international co-operation, but even within the EU this is still proving difficult. If you applied the usual rules of sovereignty here, you would come up against fundamental problems of international law that can only be resolved by international agreements.’
How does Germany compare with other countries in terms of digital forensics?
Freiling: ‘In international terms, Germany is already relatively far advanced when it comes to the prosecution of cybercrime. The level of digital forensics expertise within the law enforcement community is growing. Nevertheless, the police often seem somewhat out of their depth when faced with specific criminal cases. The successes in the fight against cybercrime, such as the breaking up of so-called botnets, have been achieved by specialist departments like the Central Department of Cybercrime in Bavaria; this has been part of the Office of the Public Prosecutor based in Bamberg since January 2015. However, such institutions are rarely brought to the attention of the general public.’
Further information:
Prof. Dr. Felix Freiling:
Phone: +49 9131 85 69901
felix.freiling@cs.fau.de
Prof. Dr. Christoph Safferling:
Phone: +49 9131 85 22247
christoph.safferling@fau.de