Terrorist attacks often require immediate responses to emergency incidents, preservation of data and urgent data requests for international cooperation. Lawfully obtaining electronic evidence, or e-evidence, from the Internet and communication service providers is critical to successful prosecutions. More specifically, e-evidence can be used to indicate the location of terrorists and organized crime suspects, with whom they were communicating, and what crimes they planned and committed.
United Nations Security Council resolutions 2322 (2016) and 2396 (2017) recognized the importance of considering the re-evaluation of methods and best practices, in particular those related to e-evidence, and the challenges faced by Member States in obtaining admissible e-evidence. They also stressed the importance of Member States’ capacity to cooperate with the private sector in accordance with applicable law.
Further, United Nations Security Council resolution 2617 (2021) stressed the need for Member States to act cooperatively to prevent terrorists from exploiting information and communication technologies, as well as the need for Member States to continue voluntary cooperation with the private sector and civil society to develop and implement more effective means to counter the use of the Internet for terrorist purposes. This includes developing counterterrorist narratives and technological solutions, all while respecting human rights and fundamental freedoms in compliance with domestic and international law.
Whereas mutual legal assistance (MLA) remains the primary method of obtaining e-evidence, an increasing number of States are now exploring non-MLA measures, including voluntary data preservation and disclosure in both emergency and non-emergency situations.
Preservation of data may be thought of as a “snapshot” of the user’s data at the time a request is received and actioned by service providers. To ensure this process is quick and effective, State authorities may contact service providers to preserve data.
It is to be noted that voluntary data preservation or disclosure at the request of foreign governments is not allowed in every jurisdiction. Especially for voluntary disclosure, States may determine if service providers in their territories are allowed to communicate with, or transfer, data directly to overseas State authorities. If voluntary disclosure is conducted effectively, this can have a significant impact on an investigation or prosecution and may mean a requesting State does not need MLA, thereby saving resources and time for all parties concerned.
At the same time, however, there are multiple challenges faced by the service providers. Medium and smaller service providers often lack the time and resources to research law enforcement’s operational practices, sometimes leading to the rejection of direct requests. Service providers may also be concerned about the potential violation of user privacy and applicable data protection standards if they share everything that is being requested.
To provide less experienced service providers with general practices developed by other international service providers in responding to data requests from foreign governments, UNODC’s Terrorism Prevention Branch (UNODC/TPB) and the United Nations Security Council Counter-Terrorism Committee Executive Directorate (CTED) developed the Data Disclosure Framework (DDF).
The DDF is the result of active engagement with service providers to give start-ups, smaller companies and micro-platforms an opportunity to enhance their knowledge in lawfully responding to requests for data in counter-terrorism investigations, all the while respecting the right to privacy.
Following the official launch of the DDF in October 2021, UNODC/TPB delivered a series of introductory webinars with support from the Government of Germany. These events guided the audience through the publication and offered opportunities to discuss it with experts, as well as pose any questions. Following the success of these initial webinars, UNODC/TPB received positive feedback from relevant stakeholders and was requested to hold more knowledge-sharing sessions on the DDF.
UNODC/TPB, in collaboration with the UNODC Global Programme on Cybercrime, is organizing another series of introductory webinars in April and May 2022, with the support from the Government of the United Kingdom. The details of the event, including registration links, are available at this link: https://sherloc.unodc.org/cld/en/st/evidence/ddf.html.
It is critical that all stakeholders work together to keep our society free from terrorism and bring terrorists to justice. UNODC is ready to continue to work with the private sector, ensuring the Global Initiative remains relevant and useful for day-to-day criminal justice efforts. Improving communication and cooperation between public and private sectors will help address operational challenges related to e-evidence.
UNODC/TPB continues its collaboration with the UN-affiliated Tech Against Terrorism initiative, which supports the global tech industry to tackle terrorist exploitation of their platforms. The DDF is now available as a third-party resource at the Tech Against Terrorism Knowledge-Sharing Platform at: https://ksp.techagainstterrorism.org/knowledgebase/third-party-resources/ (pre-registration required).
More information on UNODC’s e-evidence work is available at the Electronic Evidence Hub: https://sherloc.unodc.org/cld/en/st/evidence/electronic-evidence-hub.html.