The use of policeware to hack electronic evidence in Germany and the Netherlands
Abstract
Hacking аs manipulation of software, data, computer system or network, without the knowledge and permission of the user, constitutes an act of criminal offence. However, given that certain technological tendencies make it difficult/impossible to collect electronic evidence, the question arises as to whether the authorities responsible for detecting and proving criminal offenses should be authorized to hack, i.e. to conduct investigations in the digital environment in such a way that they would be authorized to exploit technical, systemic and human vulnerabilities within the IT system, without knowledge and permission of the user, in order to gain a remote access to protected system and conduct further actions. Although a state authorities’ hacking with the aim of collecting electronic evidence carries immence risks for information security and human rights and freedoms with it, one cannot dispute that the deployment of such techniques might be useful in criminal investigations. However, the application of hacking technique would not not per se violate the right to privacy and other guaranteed rights and freedoms, only as far as such an interference is properly regulated. Hence, the legal framework should explicitly regulate the lawful hacking as a special investigative measure, especially the conditions that should be met and mechanisms that should be applied. As hacking for the purposes of criminal investigation may be performed through various techniques, this paper focuses on a hacking technique based on a malware, and its regulations in two countries with explicit provisions - Germany and the Netherlands.
References
Die Strafprozessordnung in der Fassung der Bekanntmachung von 7. April 1987 (BGBI. I S. 1074, s. 1319) die zuletzt durch Artikel 2 des Gesetzes vom 25. März 2022 (BGBl. I S. 571) geändert worden ist. https://www.gesetze-im-internet.de/stpo/BJNR006290950.html.
Gesetz zur Effektiveren und Praxistauglicheren Ausgestaltung des Strafverfahrens vom 17. Avgust 2017, BGBI. I 2017 Nr. 58 23.8.2017, S. 3206, https://www.bgbl.de/xaver/bgbl/start.xav?startbk=Bundesanzeiger_BGBl&start=//*%5B@attr_id=%27bgbl117s3202.pdf%27%5D#__bgbl__%2F%2F*%5B%40attr_id%3D%27bgbl117s3202.pdf%27%5D__1680267814537.
Oerlemans, J-J. (2017). De Wet computercriminaliteit III: meer handhaving op internet. Strafblad, 49, 350-359.
Pisarić, M. (2021). Enkripcija mobilnog telefona kao prepreka otkrivanјu i dokazivanјu krivičnih dela – osvrt na uporedna rešenјa. Anali Pravnog fakulteta u Beogradu, 69 (2), 415-442.
Pisarić, M. (2022). Communications encryption as an investigative obstacle. Journal of criminology and criminal law, 60 (1), 61-74.
Pisarić, M. (2023). Lawful hacking – technical issues in law. In T. Kesić (Ed.), XII International scientific conference “Archibald Reiss Days”, (pp. 175–195). Academy of Criminalistic and Police Studies.
Vaciago, G. & Ramalho, D.S. (2016). Online searches and online surveillance: the use of Trojans and other
types of malware as means of obtaining evidence in criminal proceedings. Digital Evidence and Electronic
Signature Law Review, 13, 88-96
Wet van 27 juni 2018 tot wijziging van het Wetboek van Strafrecht en het Wetboek van Strafvordering in verband met de verbetering en versterking van de opsporing en vervolging van computercriminaliteit (computercriminaliteit III), Staatsblad 2018, 322. https://zoek.officielebekendmakingen.nl/stb-2018-322.html
Wetboek van Strafvordering. Geldend van 01-01-2022 t/m 30-06-2022. https://wetten.overheid.nl/BWBR0001903/2022-01-01#Aanhef.