The Cyber Evidence Question — Comments

Change Sort Order
Now: Recent First

Comment on the Cyber Evidence Question: “To what extent can cyber evidence repositories, and digital and open-source evidence, facilitate the work of the OTP, and the ICC more generally?”

Cyber evidence repositories, digital evidence, and open-source data can greatly enhance the OTP and ICC’s work by providing faster, more accessible evidence, particularly in conflict zones where traditional evidence may be hard to obtain. Digital tools like social media, satellite imagery, and mobile data offer real-time documentation of crimes, helping the OTP gather crucial evidence efficiently. However, challenges such as data authenticity, verification, and legal frameworks for using such evidence must be addressed to ensure its reliability in court. Overall, while digital evidence offers powerful opportunities, its integration requires careful management and expertise.

The OTP and ICC can take advantage of open source evidence and digital evidence repositories, core elements of almost all grave crimes investigations, if they undertake cultural, procedural, and bureaucratic changes to create a more agile and open institutional environment.

There Are National Laws to Handle Cyber Crime Evidence

The OTP should arrange for training its staff to deal with cyber crime evidence. There is a law called Convention on Cyber Crime 2001  whose procedural section details how to collect cyber evidence. From that provision, it is clear that the national laws will dictate how to collect cyber evidence. I think there is no need for a separate law on cyber crime.

Admissibility of Illegally Obtained Cyber Evidence at the ICC

I. Introduction

The International Criminal Court (ICC) is already grappling with questions about what types of cyber evidence will be admissible to the Court. Even more difficult questions about the admissibility of illegally obtained cyber information are on the horizon. The law governing the admissibility of illegally obtained cyber evidence contains several ambiguities, and new types of evidence are likely to expose the ambiguities. This comment attempts to answer the question: What types of illegally obtained cyber evidence would be inadmissible to the Court?

While not conclusive, this comment asserts that a few categories of evidence are inadmissible. Untailored seizures of individual data acquired directly by the Prosecutor and cyber evidence unlawfully acquired by intermediaries at the specific instruction of the Prosecutor are likely inadmissible. Illegally obtained privileged cyber evidence and evidence obtained by means of torture are also clearly inadmissibly, but because of the underlying content of the evidence rather than the means of delivery to the Office of the Prosecutor (OTP).

This is an important and relevant issue because many ICC prosecutions have failed due to weak evidence. The OTP has relied heavily on witness testimony which is notoriously unreliable. International criminal prosecutors appear to increasingly rely on quantity of evidence rather than quality.1

Illegally obtained cyber evidence has the potential of shifting the trend toward admission of fewer exhibits which are more probative, and will be an attractive option for the OTP moving forward. This type of evidence is already making its way into courts. In December 2018, the US Department of Justice successfully convicted suspects, involved with the firm Mossack Fonseca, largely on the strength of the illegally obtained hacked evidence derived from the Panama Papers and hacked data provided to the prosecutor by a third party.2 This type of evidence will become increasingly accessible to prosecutors, including the ICC OTP.3 Clarifying the law regarding admissibility is critical.

The “Coming Storm”: Possibilities for Preserving Evidence of War Crimes Published on Major Online Service Providers

I. Introduction

There should be no greater windfall for criminal prosecutors, national or international, than the growth of the Internet as a tool for communication and networking. Potential evidence against perpetrators abounds: photos and videos posted by offenders, victims, and witnesses alike; personal communications that can establish a wrongdoer’s motive or intent or uncover a conspiracy; even perpetual, personalized tracking devices in the form of cell phones that have the potential to pinpoint a person’s whereabouts down to a specific address whenever turned on. Legal systems the world over have recognized the importance of utilizing this type of online data and evidence and the International Criminal Court (ICC) is no exception. From an institutional perspective, the ICC has clearly identified digital evidence as a potentially vital source of data while carrying out investigations. As early as 2012, the Office of the Prosecutor (OTP) has consulted on workshops in which the growth in importance of digital evidence was recognized as a “coming storm.”1 The ICC has also recently begun using digital data more frequently in practice. The investigation of the conflict in Darfur, culminating with the 2015 cases of Banda, Jerbo, and Abu Garda, utilized satellite imaging from private parties, including Google Earth, to demonstrate village destruction and follow population and troop movements.2 In the Al Mahdi case, the Court was presented evidence from YouTube and other audio posted online.3 Evidence from YouTube and social media sites was presented in the Al-Werfalli case, and evidence from Facebook helped prove witness tampering in the Bemba case.4 It is reasonable to infer, therefore, that the ICC recognizes the potential for digital evidence to be utilized in its investigations.

That being said, the challenges presented by the vast expanses of potential data stored on major online platforms have not been entirely dealt with on an international level, and there are aspects of the use of digital evidence that have not been completely reconciled by the ICC. Amongst the myriad of challenges presented by the rapid growth in the prevalence and relative importance of digital evidence is that a significant percentage of the evidence that could be used by the ICC in its investigations is posted to major online service providers (OSPs) like Twitter, Facebook, or YouTube. Each of these OSPs have some form of overarching community guidelines, all of which disallow—and promise to remove—posts that depict images of violence or exploitation of humans. While those guidelines ostensibly seem altogether reasonable, they produce an unfortunate consequence in that the automatic removal process for posts flagged for violations of community guidelines sometimes removes valuable evidence of crimes falling under the purview of the ICC. In recent years, both Facebook and YouTube have removed significant amounts of content depicting atrocities perpetrated during the Syrian Civil War, and Facebook has also removed evidence of further potential crimes against humanity committed in Myanmar against the Rohingya population.5 This practice poses an issue for the ICC. When content is removed by the platform it is published on, the data itself as well as all of its authenticating markers is no longer accessible through the site. Unless it has been saved elsewhere, the only way to retrieve the data is to get it from the firm’s servers, which comes with significant barriers to an international tribunal like the ICC.

Protecting Against Deepfakes: How the ICC Can Ensure Trust in the Verification and Use of Open-Source Evidence

I. Introduction

Digital devices have allowed ordinary civilians to become on-the-ground investigative reporters in almost every region of the world. Contemporaneous uploads of footage featuring protestors being tear-gassed in Hong Kong or Syrians fleeing from chemical warfare have allowed viewers all over the world to see, hear, and emotionally feel human rights crises unfold in real-time. As a result, the amount of online evidence and information available to prosecutors and investigators through open-source channels has raised the possibility of reinvigorating—or even changing the narrative—in formerly stalled investigations. The Office of the Prosecutor (OTP) has already begun to utilize open-source information from social media and other online platforms to further investigations. In 2017, the ICC issued a first-of-its-kind warrant for the arrest of Mahmoud Al-Werfalli, a commander within the Libyan National Army, based on open-source videos.1 In the sphere of international criminal law and the fight against human rights abuses, the new and increasing use of open-source information has opened up the possibility for investigations to be better, safer, and more efficient than ever before.

Open-source refers to publicly available online materials, ranging from photographs to documents to audio and visual recordings.2 Such information, commonly housed on social media sites, is often posted by ordinary civilians and is available and growing at a prodigious rate.3 The benefits of open-source information are clear. As Professor Danielle Citron of Boston University School of Law testified to the U.S. House Permanent Select Committee on Intelligence, the use of video and audio recordings obtained through online public records has allowed us to “become firsthand witnesses to events, obviating the need to trust others’ accounts.”4 Content captured contemporaneously by any individual with a capable phone or device has the power to strengthen investigations in ways that documentation and evidence gathered at a later time by investigators plainly do not. Open-source data enables researchers to advance investigations from anywhere around the world rather than risk traveling to volatile regions where they may be severely restricted or put in danger. At the same time, the use of such data in the judicial system has the potential to make investigations safer by corroborating and giving strength to witness testimony or by lowering the necessity for vulnerable witnesses to testify in court in the first place.5 Rebecca Hamilton, formerly of the OTP, suggests open-source evidence has the ability to “democratize” investigations by giving power to local communities and their own ability to bring an end to the abuses they have suffered or witnessed first-hand.6

What Policies Should the Office of the Prosecutor Adopt in Receiving Cyber Evidence From User-Generated Evidence Gathering Apps to Help Protect Those Providing It?

I. Introduction

The rapid increase in the use of camera-equipped and internet-connected devices has enabled individuals to record far more information about their lives and their surroundings than ever before. This fundamental shift in information gathering is transforming the way that evidence is collected, analyzed, and presented at trial. These changes are already being seen on an international level. In 2017, the International Criminal Court (ICC or Court) issued an arrest warrant for Mahmoud Mustafa Busayf Al-Werfalli that was primarily based on videos of executions found on social media websites.1

While this increased access to information provides the ICC with unique opportunities, such as the real-time recording of human rights violations and the gathering of evidence in areas inaccessible to investigators, it also brings with it notable and pressing challenges. As cellphone users begin documenting war crimes and crimes against humanity, private actors will play an increasingly influential role in international criminal investigations. This new role brings with it the many risks inherent in collecting evidence, including the security concerns of the evidence gatherer.

The act of documenting in a conflict zone or situation may put both the documenter and subject at risk at the time of capturing the images or information, and later, if the information is discovered.2

This risk is even greater for private actors who lack the support and evacuation plans that are available to court-appointed investigators.3 These security risks are also present if the evidence is used at trial. It is yet to be decided whether or not these private actors will fall under the ICC’s existing protection regime, whether as witnesses or as intermediaries.4

International non-governmental organizations (INGOs) have created two evidence-gathering apps that seek to mitigate these risks and preserve the user’s anonymity while also gathering enough information to verify and authenticate the evidence in the hopes that it will be admissible at trial. Because these risks can only be mitigated and not eliminated, both apps also rely heavily on the notion of informed consent to ensure that participants are fully informed about the potential risks of their involvement. However, there are fundamental concerns of just how informed that consent truly is. With the promise of anonymity and the belief that their evidence will be admissible at trial, individuals are more likely to take greater risks.

In this comment, I investigate ways in which the Office of the Prosecutor (OTP) can mitigate the risks that users face when submitting information through user-generated evidence apps. Section II of this comment provides a brief introduction to the spread of information communication technology, the advent of user-generated evidence, and the INGOs operating in this space. Section III discusses the security risks that private actors face when providing user-generated evidence and how INGOs have sought to mitigate these risks through app-design and outreach programs. Section IV introduces ways in which the OTP can mitigate these security risks moving forward by incentivizing meaningful informed consent and adopting guidelines that ensure accountability.

Digital Evidence and the Use of Artificial Intelligence

I. Introduction

With the advent of new advancements in the technological world, it should come as no surprise that the primary source of information gathering and documentation is within the grasp of every individual. Internet and smartphones have virtually created journalists and investigators on every corner. International human rights and criminal prosecution organizations have had their eyes for quite some time on the potential benefits of using the open web and social media platforms to gather information and evidence for investigation, prosecution, and averment of crimes. It has already been seen that International Tribunals such as the International Criminal Tribunal for Rwanda (ICTR), the International Criminal Tribunal for former Yugoslavia (ICTY) and even the International Criminal Court (ICC) have initiated investigations and prosecuted accused persons on the basis of digital evidence. With the benefits of having such vast amounts of information at hand there are bound to be challenges as well. The key challenges in using digital evidence are with regards to identification of relevant evidence and establishing their authentication in order to satisfy the Court’s threshold of admittance.

As we have seen in the case of Sri Lanka’s soldier’s 2009 video capturing execution of prisoners, forensic analysts have been used to verify the authenticity of digital evidence,1 but there has been very limited success in identifying the correct evidence. The relevance of evidence has been established only through manual sorting and this potentially leaves a lot of ground to be covered. Artificial Intelligence (AI) can be employed in such scenarios to effectively scour a dump of data and comb out the relevant information. In this comment, I first briefly discuss the threshold for admissibility, and standards for assigning evidentiary value to digital evidence. Then I discuss the potential of AI in gathering and sorting data to be used for investigation and prosecution by the ICC.

Digital Evidence Repositories and Vulnerable Populations: How the Accumulation of Digital Evidence May Interact with the Privacy of Sexual Assault Survivors

I. Introduction

With the rise of digital technology, it is likely that the future of evidence collection at the International Criminal Court (ICC) will increasingly rely on digital evidence. This may take the form of videos, images, etc. (media) taken by victims or civil society organizations, or evidence uploaded to social media platforms by victims themselves. We have already seen a recent arrest warrant heavily rely on digital evidence.1 The collection of digital evidence would aid in the documentation of mass atrocities; the international community would no longer have to wait to document events because it is deemed too unsafe to send people into active conflict zones. It would probably be faster, cheaper, and easier to collect evidence.

However, the collection and storage of digital evidence does not come without concerns over individual privacy. It is unclear who would control such a repository: The ICC itself? Civil society groups? International governments? Private companies? The answer to this question would also likely dictate whether and to what extent it would be accessible to the public. Keeping it from the public could prompt criticism of a lack of transparency. On the other hand, opening it up to public viewing would increase concerns around the individual privacy of those whose likenesses or other personal information could be gathered from the media. Even if the repository is intended to be private, the likelihood that it would stay that way is questionable, as centralized storage of this sort of data could garner public attention and run the risk of being vulnerable to hacking and publication. There have already been multiple hacks of government data around the world.2 Whether the repository is public or private, therefore, it is possible that the identities of victims could eventually be made public.

While the possibility that the details of an investigation, including victim information, could be leaked to the public has always been a concern with any kind of evidence, digital or not, the sheer mass scale of a digital repository makes it a unique consideration. Once information is publicly available, it could be seen by virtually anyone, at any time. Today, an estimated five billion people, or about 66% of the world’s population, report having a smartphone.3 Each of these five billion people could have access to sensitive information about victims. Additionally, individual victims usually have the option to testify or cooperate with an investigation or trial. Using media in which they are featured, which may or may not have been collected with their consent, strips this level of voluntariness from the ICC-victim/survivor relationship.

The Promise and Problems of Open Source Evidence in ICC Investigations and Trials

I. Introduction

On August 15, 2017, the Pre-Trial Chamber of the International Criminal Court (ICC) issued an arrest warrant for senior Libyan military commander, Mahmoud Al-Werfalli.1 Al-Werfalli is accused of personally committing or ordering thirty-three murders in Benghazi between June 2016 and July 2017. Importantly, this is the first ICC arrest warrant that relies significantly on evidence that was uploaded and later collected from social media. Specifically, the warrant describes events captured in several videos—which were posted on social media sites such as Facebook—that appear to show Al-Werfalli shooting individuals and ordering others to shoot.2

The ICC’s reliance on these videos is telling. More and more, today’s conflicts see large amounts of videos and photos that document crimes find their way online.3 Sometimes bystanders are able to record events with their cellphones and share the recordings as a way of alerting the wider world to the state of affairs in areas of conflict. Perhaps surprisingly often, the incriminating material is posted by the perpetrators themselves.4 This new mine of incriminating evidence is both promising and puzzling for courts the world over, and the ICC is no different. Although potentially powerful, open source evidence continues to be plagued with doubts as to authenticity.5 Obtaining evidence from online sources is one thing, but then next figuring out if and how to use the evidence in a truth-finding forum such as a trial is another. In the case of Al-Werfalli, it remains an open question how the videos relied upon in his arrest warrant would be used by the Office of the Prosecutor (OTP) at trial, or if the Trial Chamber would even find the videos admissible.

In this comment, I explore the benefits and limitations of the use of open source evidence by the ICC, particularly at two different procedural stages: investigation and trial. I argue that open source evidence has the potential to alleviate some of the considerable investigatory constraints the ICC continues to face, and also supplement the Court’s over-reliance on live witness testimony during trial proceedings. However, the Court’s flexible and amorphous evidentiary standard—which favors permitting evidence but attributing it little to no weight to counteract doubts as to reliability—threatens to undermine the potential benefits of open source evidence. To counteract this, I propose development of and reliance on external verification methods which have been used by international tribunals in the past to ensure only the most reliable open source evidence is used in criminal proceedings.