Karine e Silva
Last known affiliation: Apple
Karine e Silva 🗣
Abstract (click to view)
Business, organizations, and individuals can largely contribute to a better collective response to botnets. Apart from the power of thwarting attacks as they occur, multistakeholders play a meaningful role in handing over evidence to law enforcement about botnet crimes. Yet, criminal procedure law places significant a threshold on how evidence collected by third parties may be used in a criminal investigation and before court. In this study, I am particularly interested with the so-called category of illegally obtained evidence, in other words, evidence that is amassed in a way that (potentially) violates the standards prescribed by criminal procedural law. This distinction is downright pertinent to the current debate on botnet intelligence that could be disclosed to law enforcement and, more importantly, on whether data gathered in grey zones of the law could be used against cybercriminals.
Traditionally, legal systems have opposed to the doctrine of the fruit of the poisonous tree. Following this stream, evidence gathered via unlawful means suffers from the same spoilage as the original source of the collection. According to this doctrine, illegally obtained evidence is per se illegal and holds no value in the due legal procedure. This remains largely the doctrine adopted by most civil law systems, including many EU Member States. However, pragmatic perspectives of the law have refused to repudiate the nature of the poisonous fruits: the silver platter doctrine has gained space among EU Member States, such as the Netherlands, where illegally obtained evidence handed over to law enforcement, where such unlawful obtaining was not influenced by the authorities, should not be disavowed but brought into play. I intend to investigate whether an adaptation of the silver platter doctrine may be deemed legitimate in the context of cybercrime and justify the sharing of botnet evidence with law enforcement where such data is collected by businesses, organizations, and individuals.
This is an experimental study. It explores and critically analyses the main trends on the use of unlawfully obtained evidence by law enforcement in the U.S. and in select EU Member States (the NL and DE or FR). It builds upon these findings to propose rules that may pave the way for greater use of botnet evidence by law enforcement in a way that is consistent and respectful of the EU framework for fundamental rights: including the limits and opportunities that such a framework may entail.
Karine e Silva 🗣
Abstract (click to view)
Security experts have accomplished significant knowledge on how the most impenetrable botnets operate. While botnet intelligence gathering and disruptive tools are fast evolving, the legal mechanisms that enable investigation and prosecution of cyber crime are not progressing at the same pace. This has frustrated security experts, who show lack of confidence on the work done by law enforcement. There are many reasons why law enforcement is lagging behind in the fight against cyber crime. Despite insufficient qualified staff, other structural issues are pronounceable. Problems often unknown to experts fighting cyber crime. Part of these obstacles is related to insufficient legal provisions that would enable the work of law enforcement, as many have figured out. Others are connected to the need to rethink fundamental legal concepts such as jurisdiction and authorship. But then again rethinking established legal concepts in a cyber crime context is a long process that is showing slow signs of progress.
In spite of everything, the past year has struck our attention with international efforts led by industry and law enforcement. A closer look into the ZeroAccess (Dec/2013) and Gameover Zeus & Cryptolocker (Jun/2014) disruptions reveals that law enforcement has found creative ways to investigate and go after botmasters, despite the structural barriers above mentioned.