Prof. Avv. Roberto De Vita gave the first lecture to officials of the Federal Bureau…
There is a widespread tendency to blame the victim for sexual assault related to alcohol or substance abuse, whereas, on the contrary, the judgment of responsibility should concern only those who perpetrated it and the social context that has encouraged (or not prevented) its occurrence. Still, this mentality infects even the classrooms of justice, where unacceptable cases of “secondary victimization” continue to occur, which have exposed our country to harsh censorship by the European Court of Human Rights.
The consumption of alcohol and drugs has taken on a decisive role in the daily dimension of people, especially the youngest, as an element of “socially accepted” conviviality. There is, however, an increasingly close relationship between the use/abuse of drugs and alcohol and the increase in violence that has become the subject of much research over the last decade. The phenomenon has been further intensified during the recent pandemic, also due to the increase of the c.d. “alcohol marketing”[1], which has been combined with increasing ease in the availability and consumption of drugs. This has increased the acceptability of their consumption, with the onset at an early age of abuse behaviors that, in most cases, result in acts of violence, especially sexual.
Where awareness-raising and cultural growth (as primary means of prevention) are not enough, the criminal law is called upon to intervene, which does not always prove to be suitable to meet the needs of protection of victims. Violence, in fact, is becoming increasingly difficult to clearly frame in abstract cases that are sometimes obsolete or are sometimes distorted through certain moralizing lenses of our judicial system.
The connection between substance use and the increase in violent behaviour
A recent study by the American Addiction Centers[2] highlighted how drug and alcohol use is present in cases of domestic abuse in a percentage ranging from 40% to 60%; every year about 300,000 victims report attacks by people under the influence of alcohol and, In 2016 alone, alcohol caused around 90,000 deaths as a result of domestic violence around the world. In addition, in the United States alcohol plays a key role in 32% of murder cases.
Alcohol consumption, in particular, is related to the increase in violent behavior, much more than other substances. In fact, although intoxication by alcohol – whether in the aggressor or the victim, or both – is not necessarily the sole and exclusive cause of violence, it can significantly increase the risk of this happening. Research has found among the common causes an increase in disinhibition (alcohol encourages behaviors that, normally, would be repressed, acting on the areas of the brain that control impulses) or the c.d. “alcohol myopia” (or the narrowing of the individual visual focus with consequent misperception of reality)[3]. In addition, alcoholic substances affect cognitive processes, affecting the ability to control rabies, to react appropriately to situations, as well as predict the consequences of their behavior (c.d. “here-and-now focus”)[4].
World Health Organization (WHO) latest global report[5] highlighted, in 2018, how alcohol was consumed by more than half of the population in three regions (Americas, Europe and the Western Pacific); worldwide, more than a quarter (26.5%) of all 15-19 years old were “current drinkers” (about 155 million adolescents)with higher prevalence rates among 15-19 year olds in the European region (43.8%), followed by the Americas (38.2%) and the Western Pacific region (37.9%). In all regions of the WHO, women “drinkers today” were fewer than men. Moreover, a quarter (25.5%) of all alcohol consumed in the world was unregistered, that is, not considered in the official national statistics on taxation or sales, as it is usually produced, distributed and sold outside the official channels. All over the world, 44.8% of the total alcohol recorded was consumed in the form of spirits, the second most consumed drink was beer (34.3%) followed by wine (11.7%).
While previous studies focused mainly on the role of alcohol in street violence (predominantly male-on-male), in recent years there has been a greater focus on episodes of violence in the family and in intimate relationships, including sexual assault. Studies on the involvement of alcohol in the perpetration of sexual assaults by young males found a strong connection: a survey in 10 countries of Central and Southern Europe found that both sexual aggression and sexual victimization are associated with drinking in combination with sex, with higher rates in males than women[6].
The situation has changed significantly following the COVID-19 pandemic, where there has been a significant increase in the spread and use of alcohol, especially in the younger population, because of the different strategies used by the digital market. According to a 2021 WHO report[7], digital platforms have quickly become a powerful marketing tool for alcoholic beverages, in line with the widespread shift from traditional to digital marketing contexts. Through a constant and systematic data collection, in fact, digital platforms collect information about individuals that are used to target individual users and influence consumer preferences, attitudes and behaviors. The digital ecosystem exposes people to alcohol advertising, identifies people most likely to buy and consume alcohol – often those most at risk of developing alcohol use disorders – and turns users into vulnerable targets. Research indicates that those who consume more alcohol may be more susceptible to such strategies; among these the most vulnerable are children and young people, whose early exposure to alcohol marketing increases the chances of reporting permanent harm[8].
In any case, alcohol is not the only substance of abuse linked to the increase in violent behaviour: as noted by the WHO, it is often associated with the consumption of narcotic and psychotropic substances. In particular, alcohol is often consumed before, together with or after the use of other psychoactive substances, and in addition, the comorbidity of alcohol and tobacco dependence is narrow and well documented; there is, then, a frequent association of alcohol consumption with opioid use, benzodiazepines and with cannabis intake[9].
Substance abuse and sexual assault
Studies have shown a number of links between substance use and the risk of sexual assault. To the increase of vulnerability that derives, in fact, is added in most cases a condition of c.d. incapacitation: the effect of the substances can lower the inhibitions and the level of attention, putting at risk the ability to recognize dangerous situations and make informed decisions; in some cases, attackers may use drugs or alcohol to make victims unable to resist or protect themselves from sexual assault. This practice is often referred to as “drug-assisted rape” or “induced rape”. The use of substances can also lead people to participate in high-risk situations or to frequent dangerous environments, increasing the likelihood of becoming victims of sexual violence.
Research has shown that in at least half of all sexual assaults between acquaintances there has been alcohol consumption by the author, the victim or, more commonly, both.[10]. Alcohol consumption can increase the risk of sexual violence through both physiological and learned effects, or expectation. On the one hand, in fact, the c.d. “alcohol myopia” can lead the victim to focus attention on prevailing social signals (fun, greater disinhibition in social relationships etc.) rather than on those of ambiguous and less evident risk: in the absence of the alarm that would normally arise from recognizing the risk, a woman may not feel the anxiety or fear that would motivate her to move away from a dangerous situation. On the other hand, expectations about the effects of alcohol could indirectly increase the risk of sexual violence by motivating a woman to drink excessively to experience the beneficial effects commonly associated with drinking (especially in convivial settings) or increasing her belief that alcohol makes her “socially” more acceptable.
Alcohol can also play a key role in the consequences of sexual assault, whether or not it occurred after drinking. Drinking to cope with trauma can lead to alcoholism and increase the risk of being victimised again. One of the most frequent problems is self-discovery: if a woman feels somehow responsible for sexual assault because she had taken alcohol, she may be less willing to denounce the violence, thus making it much lower the probability of receiving the necessary help to deal with all its consequences. This could also cause phenomena such as dissociation or a strong feeling of powerlessness, which could make you more vulnerable in the event of new aggression. Finally, as child sexual abuse can lead to alcoholism problems as an adult, women who have suffered this trauma have a higher risk of being victimised again and suffering from PTSD[11] and the negative consequences of alcohol dependence[12].
L’alcol, infine, può aumentare l’effetto di alcune sostanze stupefacenti usate dagli aggressori per facilitare una violenza sessuale. The most common are the Rohypnol, the GHB[13], the GBL[14] and ketamine, which all have sedative effects and impaired memory of the victim[15]. These medications are typically odorless, colorless, and tasteless when placed in a drink, with the exception of GBL, a bitter-tasting substance that can easily be masked by strong-tasting beverages. Within 30 minutes of ingestion, the person may have difficulty speaking or moving and may faint, becoming vulnerable to assault. Moreover, because of the effects of the drug, the victim may have little or no memory of the events, and for this reason many victims do not report or report to others what happened to him.
Sexual assaults and specific context: university and military environments
The analysis of the relationship between sexual assaults and alcohol or drug use has focused on specific contexts, where certain environmental or social factors could play a decisive role.
One of these is represented by the university world, where at least 50% of sexual assaults are linked to alcohol use[16]. A research conducted in 2021[17] by the UK Healthy Universities Network, in collaboration with UK universities and the Office for Students found that alcohol and drug use is relatively common among higher education students. Drinking alcohol and taking drugs is part of the experience of freshmen, many of whom live away from home for the first time.
A quarter of the students interviewed by the Higher Education Policy Institute (HEPI) said they had taken illegal drugs in the previous year. 76% of respondents in a 2018 National Union of Students (NUS) survey on alcohol consumption said that students are expected to drink to get drunk[18]. In addition, “Everyone’s Invited“, a website where victims of sexual violence can share their stories anonymously, contains frequent mentions and specific stories of alcohol and drugs in user-shared testimonials[19].
The study also reports that full-time students are more likely to suffer sexual assault than all other occupational groups[20] and, from surveys conducted by the association Brook[21], it emerged that at least 50% of women reported having suffered unwanted behaviors (cat calling, chases, sexual conversations and explicit messages, inappropriate physical contacts or non-consensual sexual intercourse[22]) and 62% of students or recent graduates have suffered sexual violence[23]. However, only 5% of women who have had inappropriate physical contact and 3% of those who have received unwanted explicit sexual messages have reported it. In addition, 53% of respondents confirmed that they had suffered unwanted sexual behavior from other students, and 30% of the incidents occurred on a campus. Finally, women are much more likely to become victims of such behaviour than men (49% against 3%)[24].
As for the relationship between alcohol and consent, only 52% of the students interviewed are aware that it is not possible to give consent when you are drunk[25]. 90% of students feel confident in saying no to unwanted sexual advances, however, 52% of those who are not reported fearing that their refusal could lead to violence[26].
Recently, similar considerations have also arisen in the military context, especially in the USA. And in fact, although no specific research has been conducted in scientific literature that has examined the correlation between the use of alcohol (both by the aggressor and the victim) and sexual assaults involving US military personnel or veterans, the constant trend of military alcohol use/abuse has prompted institutions[27] to question the issue, starting from some data already present.
A study from 2019[28] carried out on the staff of the US Department of Defense (DoD)[29] showed that alcohol was present in 62% of cases of sexual assault involving women belonging to the DoD and in 49% of cases concerning men. The target subjects of the study included active service members of the Army, Navy, Marine Corps, Air Force and Coast Guard who were below a certain rank and had been on active duty for at least five months. The answers provided showed an increase, compared to a previous survey in 2016, of all behaviors considered “sexual harassment” (sexually explicit speeches, jokes and messages, sexually significant and unwanted gestures and physical contacts, unwanted relationships), often combined with discriminatory behaviour (on a sexual or gender basis)[30].
Assessment of liability and victim’s guilt
The widespread blaming of the victim who was sexually assaulted while drunk or under the influence of drugs (regardless of whether or not this condition is voluntary) is still a hard-to-overcome bias in public opinion and, above all, in the specialized operators called to intervene. This tendency can first of all influence the way in which law enforcement or health services treat the victim, hindering his willingness to report the crime suffered, as well as seeking medical help or specific psychological advice. Similarly, the judicial process following a complaint could represent a new form of violence for the victim, which most often risks becoming the subject of judgment (and, often, of blame) in place of the true perpetrator of the violent and reprehensible conduct.
The reading of some pronouncements of recent years confirms the existence of this tendency which, like a red thread, subtly runs through the thought of part of the jurisprudence. And in fact, although the judges of legitimacy have intervened several times to affirm well-established principles on the subject of violence against women (especially that of a sexual type), it is still possible to find real stereotypes, on the basis of which some judges of merit (but not only) make their own assessments. This is despite the harsh repression of the European Court of Human Rights which, in its judgment 5671/16, condemned Italy for violation of Article 8 of the ECHR – in a sentence of acquittal against seven men accused of group sexual violence – of “a blaming and moralizing language that discourages the trust of victims in the judicial system” and for the “secondary victimization to which it exposes them“[31].
The issue is not only about the configurability or otherwise of sexual violence crimes (art. 609 bis c.p.) and group sexual assault (art. 609 octies c.p.) but, above all, in relation to the role that the use of alcoholic or narcotic substances (in particular in the victim) assumes on the valid provision of consent, as well as on the applicability of any aggravating circumstances.
With regard to consensus, despite the fact that there are still many conflicting substantive rulings[32], is settled in law[33] that consent to the sexual act should be verified at the time of intercourse, regardless of any provocative behavior earlier[34] and must remain for the duration of the same[35], so the eventual dissent not only integrates the crime of sexual violence (single or group) but precludes the recognition of the attenuating of the lesser gravity[36].
However, there are still cases in which this peaceful assumption presents margins of uncertainty. In a very recent pronunciation[37]the Court of Cassation annulled a judgment of the Court of Appeal of Turin (with which the accused was acquitted for lack of psychological element regarding multiple episodes of aggravated sexual violence and convicted only for the last fact committed in order of time)since the latter would have deduced the man’s guilt according to his guilty state of drunkenness. According to the stoats, in fact, “the alleged drunkenness is not relevant as a decisive element of guilt in the verification of consent and its permanence during the relationship“.
Different is the assessment of the state of alteration of the victim when it is discussed the possible applicability of the aggravating circumstance provided by art. 609 ter, n. 2, c.p., that is, in the case in which the violence is committed “with the use of alcoholic, narcotic or narcotic substances or other tools or substances seriously detrimental to the health of the injured person“. On this point, several pronouncements have evaluated negatively the “voluntary” intake of alcohol by the victim for the purpose of the applicability of the aggravating circumstance. Although, in fact, the judges of legitimacy agree that integrates the crime of sexual violence with abuse of the conditions of mental or physical inferiority the conduct of those who induce the offended person to undergo sexual acts in a state of psychic infirmity determined from the intake of alcoholic beverages “being the aggression to the other’s sexual sphere is characterized by insidious and devious modalities, even if the offended party has voluntarily taken alcohol and drugs, detecting only his condition of psychic or physical inferiority following the intake of the said substances“[38]this state of affairs is of varying importance for the purpose of increasing the penalty: according to the Court, the voluntary intake of alcohol by the victim excludes the existence of the aggravating circumstance, since the rule provides for the use of arms or alcohol, narcotic or narcotic drugs necessarily instrumental to sexual violence; therefore, “must be the active subject of the crime that uses alcohol for violence, administering it to the victim; instead voluntary use, yes, as seen, on the evaluation of the valid consent, but not also on the subsistence of the aggravating circumstance“[39].
Similar principles are reiterated in a 2020 pronouncement where, with articulated exegesis “literal and systematic“[40], the configurability of the aggravating factor is excluded on the basis of an alleged will of the legislator: “the reference to the “facts (…) committed (…) by the use” and the juxtaposition, alternatively, of alcoholic or narcotic substances to arms are elements from which it is reasonably inferable as, for the legislator, for the purposes of the aggravating circumstance in question, the use of such substances is seen as a means of forcing or inducing the victim to perform or undergo sexual acts and, therefore, gives rise to a different, and more serious, situation than that in which the agent “limits himself” to take advantage of an inferiority situation of the offended person”[41].
These assessments, however, do not take into account the specific context in which this “voluntary recruitment” took place. In the case of 2018, in fact, the two defendants had taken the victim to dinner and, after having induced her to drink an excessive amount of wine, they had taken her to the bedroom to undergo repeated sexual violence. Similarly, the 2020 judgment concerns a victim already suffering from a “significant psychological and cognitive deficit“[42] who, before being repeatedly abused, had voluntarily “smoked a joint“.
Well, to what extent we can say with absolute certainty that the voluntariness in taking alcoholic or narcotic substances (a joint) is such as to configure a situation of which the aggressor has only “limited himself to taking advantage” and is not part of the agent’s voluntary conduct (in the form of induction)? Moreover, it is precisely the numerous studies mentioned above that show that alcohol intake, especially in young people, is often justified in the sense of inadequacy, in the desire to overcome personal or social barriers that limit interpersonal relationships and in the desire to make them simpler through greater ease. Not to mention the cases of previous traumatic or negative experiences that could have given the victim problems of addiction with alcohol or drugs. The awareness in the head of the aggressor – even if matured at the time of the event, for example because you realize that the person in front of you is strongly inclined to drink and “let go” – often plays a fundamental role in its decision to commit violence (with the expectation of greater freedom of action), when it does not even become a pre-ordered instrument for the consummation of criminal activity.
The conscious intake of drugs should therefore take on a different importance in the evaluation of the fact, more similar to a “handicapped defense” than to a voluntary contribution to the realization of the event (the adage “she sought it”). The focus of the analysis, in fact, should be the conduct of the eventual rapist and in particular the actual consciousness and representation of the conditions of reduced (or absent) consent of the victim.
The penal system, in fact, has found itself delayed in effectively coping with the complexity of the phenomenon, which has evolved rapidly in recent years, collecting a changed social need for regulation. At the same time, the unsatisfactory ageing of certain rules has not been mitigated by court arrests, indeed censored for the tone “blaming and moralizing that discourages the trust of victims in the judicial system“[43].
In the light of the change taking place, a systematic adaptation, which is not a radical transformation, would be desirable, but that accompanies the new vulnerabilities and the relative requests for protection with sartorial precision. In this sense, it would be possible to intervene in the wake of the anti-violence reforms that have animated the legislative activity of recent years. However, it will have to follow an interpretation of the new institutions that is consistent with these changes and that does not make the attempts at regulation a dead letter, nor leave room again for inertia from cultural backwardness already stigmatized by the European Court of Human Rights.
Avv. Valentina Guerrisi
Avv. Giada Caprini
References
[1] Cfr. Global status report on alcohol and health, WHO, 2018.
[2] https://americanaddictioncenters.org/rehab-guide/addiction-and-violence
[3] https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0092965
[4] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3357898/
[5] Cfr. note 1.
[6] Cfr. note 1.
[7] “Digital marketing of alcoholic beverages, what has changed?”, WHO, December 2021.
[8] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7063998/
[9] Cfr. note 1.
[10] https://vawnet.org/material/relationship-between-alcohol-consumption-and-sexual-victimization
[11] Post Traumatic Stress Disorder, cfr. https://www.epicentro.iss.it/stress/
[12] “Under the influence? Considering the role of alcohol and sexual assault in social contexts”, ACSSA – Australian Center for the Studies on Sexual Assault, n. 18/2014
[13] Gamma hydroxybutyrate.
[14] Gamma-butyrolactone, illegal precursor to GHB.
[15] https://www.campusdrugprevention.gov/sites/default/files/2021-11/DFSA.pdf
[16] https://nida.nih.gov/sites/default/files/sexualassault.pdf
[17] https://www.officeforstudents.org.uk/media/52171396-39cd-420c-b094-9aa7246d7278/the-intersection-of-sexual-violence-alcohol-and-drugs-at-universities-and-colleges.pdf
[18] https://www.nusconnect.org.uk/resources/students-alcohol-national-survey
[19] https://www.everyonesinvited.uk/read-testimonies-page-57
[20] https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/sexualoffencesvictimcharacteristicsenglandandwales/march2020
[21] https://www.brook.org.uk/about-brook/#story
[22] https://legacy.brook.org.uk/press-releases/sexual-violence-and-harassment-remains-rife-in- universities-according-to-ne
[23] https://revoltsexualassault.com/research/
[24] http://legacy.brook.org.uk/data/Brook_DigIN_summary_report2.pdf
[25] http://legacy.brook.org.uk/data/Brook_DigIN_summary_report2.pdf
[26] http://legacy.brook.org.uk/data/Brook_DigIN_summary_report2.pdf
[27] Rapid Review of Alcohol-Related Sexual Assault/ Harassment in the Military – Phsycological Health Center of Excellence, February 2020.
[28] 2018 Workplace and Gender Relations Survey of the Active Duty Military – OPA Report, 2019-024, May 2019, https://apps.dtic.mil/sti/pdfs/AD1072334.pdf
[29] In the study were considered on a statistical basis all members of the dod, quantified in 1,285,290 men (divided between the Army, Navy, Marine Corps and Air Force), plus 41,204 of the Coast Guard, both civilian and military, divided on the basis of gender, the salary received, the role played and the strength of belonging.
[30] 2018 Workplace and Gender Relations Survey of the Active Duty Military – OPA Report, 2019-024, May 2019, https://apps.dtic.mil/sti/pdfs/AD1072334.pdf
[31] EDU Court, section I, 27/05/2021, appeal n. 5671/16, J.L. c. Italia https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-210299%22%5D%7D
[32] Cfr. Court of Appeal of Turin, judgment no. 2277 del 31.03.2022 (dept. on 20.04.2022), Sez. IV.
[33] Cfr. lastly, Cass. Sez. III, n. 32447 of 26.07.2023.
[34] Sez. 3, n. 7873 of 19/01/2022, D., Rv. 282834-01.
[35] Sez. 3, n. 15010 of 11/12/2018, F., Rv. 275393-01.
[36] Sez. 3, n. 16440 of 22/01/2020, S., Rv. 279386-01.
[37] Cass. Sez. III, 26.07.2023 n. 32447.
[38] Cass. Sez. III, 16.07.2018 n. 32462.
[39] Cass. n. 32462/2018 cit.
[40] Cass. Sez. III, 24.03.2020 n. 10596.
[41] Cass. n. 10596/2020 cit.
[42] Cfr. Cass. 10956/2020 cit.
[43] Cfr. Judgment CEDU 5671/16 cit.
The numerous international investigations led by the French police into Encrochat and Sky-ECC have repeatedly highlighted the issue of the use of foreign investigative tools in domestic proceedings. On the one hand, the reliability of investigation results and the review of them by defenses and judges comes into focus, and on the other hand that of legality and the compatibility of the investigative tool with due process.
The issue was brought before the Dutch Judicial Authorities again, coming before the Supreme Court of the Netherlands (Hoge Raad) in the form of preliminary questions, which were decided in Judgment No. 913 dated 06/13/2023 [1].
The case in point
In the cases under discussion, the evidence produced by the Dutch prosecutors is based mainly on (de)encrypted communications exchanged by the defendants on phones provided by the Encrochat and Sky-ECC services. Since both services made use of servers in France [2], authorities in the latter country initiated activities to intercept users’ real-time communications (tens of thousands of people) as part of a joint investigation (through the establishment of joint investigation teams, JIT[3]) that also involved the Police Force of the Netherlands.
As a result of the investigative activities, intercepted communications were shared with other foreign authorities that had directly participated or that (like Germany) became interested only later in the development of the investigation.
As has already happened in Italy or Germany, advocates of intercepted persons involved in criminal proceedings in the Netherlands have raised the question regarding the verification of the “legality” of activities carried out in France and their reliability and trustworthiness. In fact, the technical ways in which the data were obtained by the French authorities are bound by the State Secret and, therefore, were not and cannot be shared with other cooperating countries, much less cognizable by the defenses.
This constraint once again posed an extremely significant obstacle to the fullness of the right of defense and, in particular, to the exercise of cross-examination of the manner in which evidence was formed. The method of data acquisition-unknowable to the defendants-thus becomes impossible for the parties to challenge and is also removed from the Judge’s review of legality.
In this respect, in the Netherlands as well as in other countries, the prosecution’s position is based on the application of the principle of mutual trust between states in the context of investigations carried out through Joint Investigation Teams, which would make any further exploration of method and substance unnecessary.
Preliminary questions
In light of this complexity, the District Court of the Northern Netherlands and the District Court of Overjssel addressed a preliminary question to the Hoge Raad, aimed at understanding whether data extracted by the French police by an unknowable method can be used as evidence in Dutch proceedings on the basis of the principle of interstate trust.
The procedure followed to reach the Court’s ruling is the preliminary reference provided for in Art. 553 para. 1 of the Dutch Code of Criminal Procedure, according to which a question of law may be submitted to the Hoge Raad whenever the resolution is, at the same time, necessary to decide on the merits of the proceedings and the subject of an interest beyond the specific case and, therefore, relevant to more than one criminal case. Therefore, it must be a question of cross-cutting interest, which may also affect cases from other Courts in addition to the one being dealt with before the referring court.
The most important issue addressed by the Supreme Judges concerns the usability of the results of investigations carried out in other states in Dutch domestic proceedings by a JIT to which the Netherlands was a party, based on the aforementioned principle of interstate trust; whether, therefore, the recognition by the Dutch system of the foreign one allows for the assumption that the investigative procedures provided for and followed by the latter are a guarantee of a reliable result compatible with “due process.”
The (ir)relevance of Directives 2002/58/EC and 2016/680 (EU)
Another question submitted to the Supreme Court concerns the applicability to investigations of this kind of the provisions of Directives 2002/58/EC (concerning the processing of personal data and the protection of privacy in the electronic communications sector) [4] and 2016/680 (EU) (on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data) [5].
The ruling resolves the issue in the negative. In fact, Directive 2002/58/EC imposes retention requirements for electronic communications data (e.g., traffic or location data) to be made available to national authorities.
However, citing the Court of Justice of the European Union, the Dutch court clarified that where member states use measures that infringe on the confidentiality of electronic communications, without availing themselves of processing obligations imposed on service provider companies, this directive does not apply. Moreover, the very nature of the service offered by Sky-ECC or Encrochat meant that no personal data of users was processed, and users never had to disclose any personal data in order to make use of the platforms.
Where, on the other hand, potential relevance is recognized to the rules of Directive 2016/680 (EU), the Court dismissed the question of its applicability by deeming it irrelevant for the sole purpose of resolving the preliminary questions before it.
The limits set by the Dutch investigating judges.
However, on the subject of stakeholder protection, it is useful to mention the precautions taken in some of the national cases mentioned in the judgment. In the context of one of the operations on Sky-ECC chats, conducted instead by Dutch authorities on Dutch users, when the investigating judges (the equivalent of the Italian Judge for preliminary investigations) had to authorize wiretapping activities, they decided to strictly limit the use of the extracted data according to a proportionality test to protect the privacy of those involved and aimed at avoiding “fishing expeditions” [sic].
Specifically, information collected and decrypted could only be investigated using queries submitted to the court in advance, including: user information from ongoing investigations of criminal organizations; keywords or images that in themselves are indicative of serious criminal activity in an organized setting.
The query investigation, moreover, must be carried out in a way that can be repeatable and verifiable for the judge and the defense by obtaining the same search datasets, allowing them to see what data were used and made available for conducting the investigation. Subsequently, the results of the activity must be submitted to the investigating judge for verification of the content and scope, as well as the actual existence of indications of crime.
Particular protection is afforded to privileged communications, such as with advocates, which must be actively filtered as much as possible.
The investigating judge, moreover, must have access to the foreign (in this case French) judicial decisions underlying the data collection.
Finally, the information collected may be made available to the prosecutor’s office or judicial police for further investigation only with the permission of the investigating judge and only for particularly serious crimes or crimes committed for the purpose of terrorism.
The decision
The Court’s pronouncement, following a clear but mortifying course of argumentation toward the rights of the accused, followed a particularly favorable criterion toward the principle of interstate trust.
In fact, the ruling severely limits the possibility of domestic court scrutiny with respect to investigative activities conducted abroad-under the responsibility of a foreign judicial authority-whose results have flowed into domestic proceedings.
In particular, the trial court cannot make an assessment of whether the investigation complies with the relevant foreign domestic regulations for this type of activity, as such a screening would be a violation of the sovereignty of the third country. Moreover, if the actual conduct of an investigation occurred in violation of the rights guaranteed by the ECHR, the suspect would be protected by the possibility of bringing an appeal under Article 13 ECHR[6] in the country where the investigation was conducted.
In fact, the Court believes that the decisions of the Foreign Judicial Authorities on which the investigations are based should be respected and there is a presumption of legitimate conduct of the related activities. The only exception to this principle is in the event that an irrevocable decision has since been made in the same state that has established the existence of investigative methods that differ from the applicable regulations. Only then will the Dutch court be empowered to assess whether there are repercussions on the usability of the relevant findings in the domestic proceedings, considering the seriousness of the violation and the concrete detriment to the suspect’s rights.
Ostensibly, the Court’s reasoning is concerned with the rights of the suspect and refers to the Strasbourg Court’s jurisprudence to remind us that the ECHR does not preclude the use of foreign investigative findings in criminal proceedings as long as it does not conflict with the right to a fair trial under Article 6[7] and the trial judge ensures its “overall correctness.”
However, the attention that the deciding magistrate should pay to the legality of the investigation appears to be merely formal and abstract, an assessment of pure legitimacy that does not investigate in concrete terms the reliability of the results produced, unless there are “concrete indications to the contrary,” also pointed out by the defense.
Therefore, merely because they come from countries that participate in European judicial cooperation, investigative activities that are ostensibly and formally compatible with domestic law would not merit any further investigation; a presumption that is perhaps hazardous in practice, given the varying geometries of both the guarantees vis-à-vis the rights of defendants and the independence of the judiciary within states of the European Union itself.
Of course, in cases where there are elements of doubt about the reliability of the results of the investigation, it is possible for the Judge to make an assessment of the guarantees observed in practice – for example, in the case of the extraction of computer data, with respect to the reliability, traceability, and integrity of the data.
However, one has to wonder how a defense can identify concrete indications of unreliability on ways of conducting investigations to which it does not have access because of (albeit legitimate) foreign state regulations and measures – as in the case of the French affixing of the Secret of State on how encrypted data was extracted.
In this regard, the Court’s reasoning is unconvincing when, in affirming the fundamental nature of due process and the equality of arms between prosecution and defense in cross-examination (both on the merits and on aspects concerning procedure), it simultaneously argues that the right to knowledge of evidence is not an absolute right, but must be balanced against any competing interests, such as national security, the protection of witnesses at risk of retaliation, or the secrecy of the judicial police’s methods of investigation.
In the Court’s opinion, in fact, in order to assess whether the defense can bring certain acts into the trial and have knowledge of them, the following elements must be evaluated: whether the prosecution has made available all the computer files collected in the proceedings, the extent to which these acts may have relevance in the specific trial, and the lawfulness (evaluated as above) of the investigative process within the limits of the scope of assessment allowed to the Dutch court. Beyond the issue of relevance, it is clear that the mere availability of the data collected by the Dutch Public Prosecutor’s Office is not sufficient to scrutinize the methods of obtaining them, and the limitation placed on the national court’s assessment prevents any effective further verification. And in fact, the ruling clarifies by pointing out how any request for the acquisition of documents or for further study on which a Dutch court cannot rule can only be rejected.
In light of the arguments of the judgment under review, the repercussions of which will be seen on the decisions taken by the judges on the merits, the way in which principles of law of constitutional rank, also crystallized in the EDU Convention, are used as an abstract premise and then deprived of meaning at the time of concrete application appears worrying. Although other domestic jurisprudence (e.g., Italian) has been more cautious in the past, what should cause serious concern is that several domestic courts of legitimacy may be allowing themselves to be tempted with respect to the need to save important international police operations, systematically sacrificing on the altar of a supposedly higher national interest the fundamental rights of defendants, hollowing out due process and subordinating the procedural order not to the rule of law but to the reason of state.
Prof. Avv. Roberto De Vita
Avv. Marco Della Bruna
References
[1] https://uitspraken.rechtspraak.nl/#!/details?id=ECLI:NL:HR:2023:913
[2] In the servers of the OVH Company in Roubaix.
[3] The Joint Investigation Team is a joint investigation team governed by Art. 13 of the Convention on Mutual Legal Assistance between the Member States of the European Union dated 12.07.2000, which may be established for a limited period and with a specific purpose to carry out investigations within one of the countries that decide to establish it, https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:42000A0712(01)
[4] https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX:32002L0058
[5] https://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32016L0680&from=RO
[6] https://www.echr.coe.int/documents/d/echr/convention_ita
[7] Ibid.
The expansion of cross-border crime in the European Union has led to unified action on the transfer of criminal proceedings between Member States. The European Commission, on 5 April 2023, presented proposal for a regulation no. COM/2023/185 on the allocation of justice within the EU.
The proposal stems from the need to ensure a uniform legal framework in a scenario in which, precisely because of the plurality of jurisdictions often coexisting between the various Member States, various problems arise in terms of the coordination and effectiveness of the prosecution, as well as possible violations of the rights and interests of individuals arising precisely from the duplication of procedural activities[1].
Transnational crime
Statistically, three categories of offences are distinguished, in which the characteristic of “transnationality” clearly emerges.
The first is certainly the crimes committed by organised crime groups. Criminal groups take their place in all EU countries and often operate across borders. 70% of these are active in at least three Member States at the same time [2] and the main criminal activities they carry out can be traced back to drug trafficking, migrant trafficking, money laundering and cybercrime.
The second, however, is that of common crimes with cross-border aspects: a typical example of this category are cases of online fraud or the dissemination of pornographic material, in which the offender acts causing the detrimental effects of the conduct in the territory of another State.
The last, finally, concerns small crimes committed between neighbouring countries: many European citizens often move for work or family reasons and this means that there are cases in which criminal offences are committed on both sides of the border: think of the hypothesis of who, a citizen of State A, damages an asset in the neighboring State B and then returns to their own country.
The current legal framework
Although the transfer of proceedings is often necessary, existing instruments at European level are fragmented, insufficient and do not properly balance the needs for cross-border judicial cooperation with the rights of individuals.
At present, Member States transfer criminal proceedings between themselves using different legal instruments, without uniform rules throughout the European Union.
The European Convention on the Transfer of Criminal Proceedings of 15 May 1972 certainly comes to the fore. This piece of legislation, which offers a complete and gradual procedure for requesting the transfer of proceedings and a list of criteria which may support them, was in the abstract a suitable and effective instrument, however only 13 states have ratified and applied it [3].
For this very reason, most national legal systems have opted to use an additional regulatory tool: art. 21 of the European Convention on Mutual Assistance in Criminal Matters of April 20, 1959[4].
For the latter form of cooperation, there is a much more simplified discipline, for which there is no obligation or specific procedure to be followed but, at most, a mechanism is identified through which each state can request the prosecution of a suspect who is in another convention country.
Therefore, for these characteristics, this instrument is also inadequate: it lacks a unified regulation of the transfer procedure to coordinate all member states.
In addition to these internationally intervening instruments, some states have bilateral or multilateral agreements that serve as the basis for the transfer of criminal proceedings. An example of this “domestic” instrument is the Nordic Cooperation Agreement between Finland, Norway, Sweden, Iceland and Denmark[5].
It is also necessary to consider additional regulatory institutions that, although they do not directly deal with the subject of transfer of criminal proceedings, are instrumental in ensuring adequate cooperation and harmonization between domestic systems, including in the judicial sphere[6].
These include Framework Decision 2009/948/JHA.[7], which establishes a procedure for the exchange of information and direct consultations between competent authorities in order to reach preventive solutions to regulate the allocation and contributions of investigation and prosecution, limiting the negative effects of parallel proceedings.
On more specific areas, Directive (EU) 2017/541[8] on combating terrorism and Framework Decision 2008/841/JHA.[9] on organized crime have identified criteria for centralizing prosecutions in a single state in cases where several member states are entitled to prosecute the same facts.
On the topic of coordination, the European Union Agency for Judicial Cooperation in Criminal Matters (Eurojust)[10] is in charge of facilitating cooperation in judicial matters, including resolving any jurisdictional issues. Given its role, the latter is considered in today’s proposed Commission regulation – in Art. 16 – as an auxiliary authority in the transfer procedure for member states[11].
Lastly, the institution of the M.A.E.[12] (European Arrest Warrant), within strict limits, allows judicial authorities to obtain the surrender of a person from another country of the Union for the purpose of prosecution or execution of a sentence or custodial security measure.
The new proposal
Thus, the European Commission’s April 5, 2023 proposal fits into this fragmented regulatory framework.
The legal basis for this initiative can be found in Art. 82(1)(b) and (d) TFEU, under which the Union has the competence to establish measures to facilitate cooperation between judicial or counterpart authorities of member states in relation to prosecution and to prevent and resolve conflicts of jurisdiction.
The executive body of the European Union, in doing so, makes a proposal consisting of five separate chapters.
The first chapter-“general provisions”-indicates the objective of the proposal and provides definitions of all stakeholders in the procedure. Articles 3 and 4, in particular, dictate a rule of jurisdiction for specific cases and the cases in which criminal proceedings can be waived, suspended or discontinued in favor of another member state deemed more suitable for prosecution.
Chapter Two-“transfer of criminal proceedings,” on the other hand, details the criteria and procedures for requesting or making a decision on the transfer of criminal proceedings. This part of the proposal, moreover, includes the rights and interests of the defendant in case of transfer.
Chapter Three-“effects of the transfer of criminal proceedings”-identifies the procedural and substantive consequences arising from the completion of the transaction as well as the rules applicable to the transferred criminal proceedings.
On the other hand, Chapter Four-“means of communication”-indicates the means of electronic communication between requesting and requested authorities, as well as with central authorities and “Eurojust,” again with a view to effective Euro-EU cooperation.
The last chapter-“Final Provisions”-concludes the proposal with provisions on statistics, reporting, notifications by member states, coordination between regulation, international agreements and arrangements, and transitional provisions to be applied regarding means of communication before authorities are obliged to use the decentralized information system provided therein.
From the content of the proposal, therefore, it is clear that the Commission has moved on three distinct levels in order to create a common legal framework: the creation of a specific procedure for the transfer of criminal proceedings between member states; the provision of guarantees and safeguards for suspects or defendants; and the provision of a digital channel for cross-border communications between the authorities concerned.
In practice, the procedure thus structured stipulates that the so-called “requested” state, upon the request for transfer from the so-called “requesting” state, has a 60-day deadline to decide whether to accept or reject it. If so, the requested state shall apply the discipline provided by domestic law to the crime of the transferred proceedings.
In observance of Art. 5 of the proposed regulation, the transfer can be made according to specific criteria. Examples include: the citizenship of the suspect/defendant, the pendency of criminal proceedings for the same or other facts, and the locus commissi delicti.
The European Commission’s goal
The Commission’s choice of the instrument of a regulation is certainly not accidental; as is well known, this would ensure common application of the rules throughout the Union and their simultaneous entry into force, as well as prevent divergent interpretations between one member state and another
[13] .
The identification of a common framework for the transfer of proceedings serves to ensure that the member state is in the best position to investigate or prosecute a given crime, thus preventing two possible scenarios.
First, the institution of multiple parallel proceedings for the same facts and against the same person in different jurisdictions, which could result in the violation of the ne bis in idem principle enshrined in Art. 50 of the Charter of Fundamental Rights of the European Union[14].
Second, the lack of effectiveness of prosecution, when the surrender under an E.M.A. of prosecuted individuals is delayed or refused
[15] .
The limits of a long-awaited innovation
In the absence of a unified regulatory framework and because of the different criminal justice systems in each member state, the transfer of criminal proceedings has always been subject to various legal and practical obstacles.
The introduction of specific legislation has indeed been under discussion since the entry into force of the Lisbon Treaty-December 1, 2009-and today’s proposal is among the objectives set out in the EU’s 2021-2025 strategy for combating organized crime, in relation to which the transfer of criminal proceedings assumes great significance, especially with a view to strengthening the fight against cross-border crime.
In fact, so far, the various procedures tried out have been hampered by undue delays and the lack of specific communication arrangements between the authorities involved, resulting in inefficiencies in the allocation of human and financial resources.
Differences in the systems of member states on fundamental institutions concerning criminal procedural law-especially in terms of the rights and guarantees of suspects or defendants-have often prevented advanced forms of cooperation, given the obvious legal uncertainty and the risk of insufficient protection of fundamental rights of individuals.
Approval of the regulation could provide greater legal certainty in the Union while strengthening tools for combating trans-European crime. However, balancing the needs for efficiency in judicial cooperation should never result in a compression of the fundamental procedural rights of the persons concerned. In the face of the detail with which aspects of procedural management in relations between judicial authorities of member states are declined, equal prescriptive punctuality is not found on the individual guarantees front, the proposal containing overly general statements of principle aimed at guaranteeing the “procedural rights” of the accused. Additions and amendments to the proposal will therefore be necessary so that, as has happened in the past, the fundamental freedoms of the individual do not remain abstract petitions, mortified by the punitive claim of states.
Prof. Avv. Roberto De Vita
Lawyer Maria Caponnetto
References
[1] On the relationship between conflicts of jurisdiction and transfer of proceedings see. M. Carmona Ruano, Prevention and settlement of conflicts of jurisdiction, in K. Ligeti, Preventing and resolving conflicts of jurisdiction in EU Criminal Law, Oxford University Press 2018, 119-139. M. Kaiafa-Gbandi, Addressing the Problems of Jurisdictional Conflicts, in Ciminal Matters within the EUE, EUCRIMI 2020, no. 3, 209-212.
[2] https://www.consilium.europa.eu/it/policies/eu-fight-against-crime/
[3] V. M. R. Marchetti – E. Selvaggi, The new criminal judicial cooperation, 2019, 149 ff.
[4] G. De Amicis, On the Transfer of Criminal Proceedings, in Dir. pen. proc., 2010, 1246 ff.
[5] https://www.nordefco.org/Files/nordefco-mou.pdf
[6] For a general discussion see. F. Ruggieri, Criminal process and European rules: acts, rights, subjects and decisions, 2018.
[7] In particular, the measure introduces a useful tool to prevent violation of the prohibition of ne bis in idem by providing procedural mechanisms that prevent multiple criminal proceedings before different European national authorities against the same person and in relation to the same fact.
[8] https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=celex%3A32017L0541
[9] https://eur-lex.europa.eu/legal-content/IT/ALL/?uri=CELEX:32008F0841
[10] http://data.europa.eu/eli/dec/2002/187/oj
[11] For a more detailed discussion on the topic, see. G. Barrocu, Investigative cooperation in the European context – From Eurojust to the investigation order, 2017.
[12] http://data.europa.eu/eli/dec_framw/2002/584/oj
[13] Further possible options, such as a recommendation, were discarded as lacking a directly binding nature and, as such, not adequate to provide a concrete and effective solution to the problems encountered on the issue.
[14] http://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:12016P/TXT&from=IT. For an analysis of Art. 50 of the Charter of Fundamental Rights of the European Union v. M. Castellaneta, Sub art. 50, in F. Pocar, M.C. Baruffi, Short Commentary on the Treaties of the European Union, 2014, 1794-1795.
[15] On the topic, see. F. Schorkopf, European Arrest Warrant, in Oxford Public International Law, June 2019; Cf. Court of Justice of the EU, April 5, 2012, C-404/15 and C-659/15 (Aranyosi & Caladararu)
Artificial intelligence is emerging as a powerful tool for combating child abuse online, which is of growing concern compared to the pre-pandemic period. The digital world, in fact, offers many opportunities for learning, entertainment and communication, but also presents serious risks for the safety of young people. Among these, the most worrying are the dissemination of images resulting from sexual abuse of minors (child sexual abuse materials, CSAM) and predatory behavior that anticipate the realization.
Online abuse
According to UNICEF, one in five girls and one in 13 children are sexually abused or exploited, and online interactions are now at the heart of almost every incident [1].
The phenomenon of online abuse, in fact, is in a sad and frightening growth and in 2022 alone recorded a peak of 32 million reports of suspected cases[2]. These include both dissemination of material on minors (such as photos and videos) and episodes of so called grooming: manipulation practices aimed at exploiting and abusing people. The latter recorded an increase of 82% of cases over the past year, of whichsextortion was the main event.
The phenomenon affects the European Union, from which comes 68% of the 2022 reports. In the face of these appalling data, there are already significant initiatives taken to combat the phenomenon: the European Commission, in particular, presented a proposal for a regulation in 2022 [3] to introduce obligations to prevent and combat all phenomena of child abuse on the Internet.
In particular, the objectives would be to ensure the detection, reporting and removal of sexual abuse of children online; to improve legal certainty, transparency and accountability and to ensure the protection of fundamental rights; reduce the proliferation and effects of sexual abuse on children through harmonisation of rules and better coordination of efforts. The latter would be ensured through the establishment of a new specialised agency: the EU centre on child sexual abuse (EUCSA).
As further proof of the increased sensitivity on the subject, the recent approvals of the Digital Services Act[4] and the AI Act[5] by the European Parliament, as well as the Online Safety Bill currently under discussion in the UK[6]: legislative initiatives stemming from the common concern to ensure the increasingly uncertain safety of users on the Internet and which could soon be followed by the adoption of the proposal for a European Regulation on the prevention and combating of sexual abuse and sexual exploitation of children[7].
Emblem of this uncertainty is also the recent decision of the Supreme Court of the United States not to resolve the dating debate on the immunity of platforms with respect to the content published by users, which will probably intervene in the coming years Congress.
However, the apparent breadth of the material to be monitored across the network does not allow for effective (or efficient) manual control by either platforms or law enforcement. For example, the only “self-produced” abuse material, that is, explicit photos and videos made by minors themselves, in 2021 grew by 374% compared to the pre-pandemic levels, making it even more difficult to operate and control non-automated[8].
The contribution of artificial intelligence
Instead, AI offers a wide range of possibilities to identify and combat child sexual abuse on the Internet. Through the analysis of digital content, in fact, it can detect suspicious images and videos, automatically detecting signals and characteristics that indicate the presence of sexual abuse. This rapid and efficient analysis capability would enable the identification and removal of illegal content in a timely manner, reducing the exposure of children to harmful images or the dissemination of material concerning them.
In fact, another field of application of AI is the prevention of online sexual abuse. Through real-time analysis of user behavior on the network, it can identify patterns and signals that may indicate a child’s interaction with any abuser. By monitoring online chats, messages, and activities, AI can detect suspicious patterns of behavior and even automatically alert parents, guardians, or security workers to take timely action to protect the child.
Collaboration between technology companies and law enforcement is also critical to ensuring the effectiveness of AI in online child protection. Companies can, in fact, develop and implement AI tools that automatically analyze content uploaded to their platforms, immediately reporting illegal or suspicious content to moderation managers and competent authorities.
The United Nations and the AI4SC project
An example of the application of AI to effectively counter child abuse online comes from the United Nations: in 2020 the United Nations Interregional Crime and Justice Research Institute’s (UNICRI) Centre for AI and Robotics and the Ministry of Interior of the United Arab Emirates have launched the project AI for Safer Children(AI4SC)[9].
As part of this initiative, the AI for Safer Children Global Hub, a centralized platform for police forces around the world designed to combat child abuse, with the ambition to derive a model for further issues related to risky material, from fake news to extremist propaganda[10].
Thus, the Global Hub provides police with a catalog of artificial intelligence tools that can be used in investigations, enabling selection with respect to specific investigative needs; offers specialized training on child abuse and the implications regarding the mental health of victims; enables networking among agencies in different countries so as to create a stronger international community of law enforcement through sharing experiences in artificial intelligence (the project has 270 investigators from 72 countries).
The need for an integrated approach
However, the use of AI for online child protection also raises important ethical issues; it is essential to ensure that AI is used responsibly and that the individual rights of users are respected[11]. Automated content analysis may involve the collection and processing of large amounts of personal data, which requires adequate information protection and security.
The AI4SC project itself is based on a specific legal and ethical strategy, based on fundamental principles[12] including a responsible approach to the purchase, development, and deployment of artificial intelligence technology so as not to compress the fundamental freedoms of individuals[13]. Likewise, the work of the investigators.[14] and tech companies[15] who cooperate with the project is guided by the principles of the 1989 Convention on the Rights of the Child[16].
Moreover, AI cannot be the only tool in online child protection. A combination of efforts among parents, educators, online safety practitioners and legislators is needed to create a safe environment for children on the Internet. Raising awareness of online threats, digital education, and promoting safe online behaviors are equally important to ensure the protection of children.
Information materials such as those disseminated by companies like Thorn[17] – including in the context of the many phenomena of non-consensual pornography-can allow a safer approach for minors (and their parents) to their inevitable online lives. These can be usefully complemented by CSAM identification and prevention tools that are easily accessible to private platforms or police forces and have already had a significant impact.
The private Safer software, for example, boasts identification of one million cases and makes available to its users a database of 32 million hash codes
[18] identifying abuse materials already identified on the network by other programs as well
[19] .
The use of artificial intelligence for online child protection and countering the dissemination of images resulting from sexual abuse is thus already proving to be an important development in the field of digital safety.
However, it is crucial to reiterate the need for ethical employment, which ensures the protection of the individuals subject to the controls and the security of the personal data processed. Therefore, through effective (digital) collaboration between web platforms and law enforcement, on the one hand, and proper training on online life, on the other, it will be possible to achieve a safe online environment for minors, enabling them to take advantage of the benefits of technology in a protected manner.
Prof. Avv. Roberto De Vita
Avv. Marco Della Bruna
References
[1] M. Grzegorczyk, The AI for Safer Children initiative – a collaboration between the UN Interregional Crime and Justice Research Institute’s Centre for AI and Robotics and the Ministry of Interior of the UAE – is helping law enforcement agencies tap into the potential of AI, UNICRI; UNICEF, Children from all walks of life endure violence, and millions more are at risk.
[2] For an in-depth look at the evolution of data from 2020 to 2022:
CyberTipline 2022 Report
.
[3] European Parliament,
Combating child sexual abuse online
.
[4] European Commission,
The package on the digital services law
.
[5] The text of the proposal approved by the European Parliament: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52021PC0206
[7] European Commission,
EU Strategy for a more effective fight against child sexual abuse
.
[8] Internet Watch Foundation,
‘Self-generated’ child sexual abuse prevention campaign
.
[9] UNICRI,
AI for Safer Children
.
[10] UNICRI,
AI for Safer Children Global Hub
.
[11] It was precisely concerns about the risks posed by the use of artificial intelligence that recently led to the passage of the much-cited AI Act.
[12] AI for Safer Children,
The core principles of the AI for Safer Children initiative
.
[13] The framework for this approach is the United Nations Guiding Principles on Business and Human Rights.
[14] UNICRI,
Terms of engagement for law enforcement users
.
[15] UNICRI,
Terms of engagement for tech providers
.
[16]
Convention on the Rights of the Child
.
[17] Thorn,
2022 Impact Report
.
[18] An alphanumeric code that uniquely identifies a particular file and from which the original file cannot be reconstructed. For more, see https://www.ionos.it/digitalguide/server/sicurezza/funzione-di-hash/
[19] Safer,
How it works
.
The U.S. Supreme Court has been asked to rule on the liability of computer service providers (such as social media and other online platforms) for content posted by their users. The issue, known overseas as“internet liability,” has been the focus of heated debate for years, and the Court’s intervention helps highlight the need for organic reform in the U.S. legal system.
At the center of the issue is Section 230 of the Communications Decency Act 1996[1], which has over the past three decades provided a kind of immunity to online platforms for user-generated content: if a user posts offensive, defamatory, or otherwise illicit content on a platform, in fact, the platform cannot be held liable for it.
Despite the high expectations placed on the pronouncement in the case Gonzalez v. Google, the Supreme Court chose not to intervene directly on the rule’s applicability to the complex dynamics of algorithms that select content based on users’ tastes. On the contrary, she expressed institutional discomfort at being asked to rule on an issue that would finally require congressional action.
However, in the judgment issued at the same time in a related case (Twitter v. Taamneh), the Justices offered interesting insights into the liability profiles of platforms for activities carried out by users – albeit under the different legal profile of aiding and abetting terrorism.
Section 230 of the Communications Decency Act
In the 1990s, the Communication Decency Act initially threatened to become a gag on the very young Internet, still largely lacking any kind of regulatory embankment. The U.S. legislature, in fact, had felt the need to fill this gap by extending regulations on “obscene and indecent”[2] communications aimed at minors under 18 and on the prohibition of distribution of “patently offensive” materials that were also available to minors under 18.
Originally, the dominant concern with respect to content available on the Internet was about uncontrolled access to pornography by minors. In the early stages of the legislative process, in fact, no particular attention had arisen toward the possible repercussions on web operators.
In contrast, the origin of the amendment that introduced Section 230 is to be found in two decisions made by New York judges during those years.
In the first one, Cubby, Inc. v. CompuServe (1991), it was argued that CompuServe could not be held liable for defamatory comments posted in one of that company’s forums because it did not review the content before it was posted, but merely hosted it on its platform.
In 1995, however, in Stratton Oakmont, Inc. v. Prodigy Services Co. the conclusion was different: because Prodigy carried out moderation activities on its online message boards and deleted certain messages for “offensiveness and bad taste,” it was argued that it could be held liable for content posted on its platform.
Two Republican representatives in Congress, Ron Wyden and Chris Cox, therefore proposed an amendment to exclude the liability of providers for content posted by users, even if moderation activity was carried out on the platform.
“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”[3]
According to some U.S. authors[4], the foundation for the development of the mammoth American web industry was laid on these 26 words.
In addition, Section 230 also provides that “No provider or user of an interactive computer service shall be held liable for
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user deems obscene, lewd, filthy, excessively violent, harassing, or otherwise objectionable, if such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to the material described in the paragraph.” [traduzione a cura dell’autore].[5]
Thus, both possible interpretations with respect to the active or passive actions of ISPs toward user content were resolved, in each case limiting their liability.
Following the approval of the Communications Decency Act, however, numerous protests from civil rights groups followed, questioning the constitutionality of the rest of the legislation and the prohibitions it contained, which were considered contrary to the First Amendment (which protects freedom of thought and expression).
In 1997, therefore, the case Reno v. American Civil Liberties Union came before the Supreme Court, which declared unconstitutional the parts of the text that restricted “obscene and indecent” content, fearing that health-related materials, such as techniques for preventing the spread of AIDS, might also fall under the definition.
Although the prohibitions initially introduced by the Communications Decency Act had disappeared, Section 230 remained in force, maintaining the condition of immunity of providers for all kinds of content posted by their users.
This has allowed Internet platforms to grow and thrive more easily without being stifled by costly content audits and without having to restrict freedom of expression online.
However, in recent years, there have been many harsh criticisms of Section 230 because it allows platforms to tolerate defamatory content, misinformation and incitement to violence. In addition, several authors argue that while platforms guarantee the right to free expression, they still do not do enough to remove offensive content and protect users[6].
Previous cases
In the recent past, the issue has stimulated interesting evaluations by Supreme Court justices, particularly in the cases Force v. Facebook Inc. (2019)[7] e Malwarebytes, Inc. v. Enigma Software Group USA, LLC. (2019)[8]
The first, in particular, concerned the case of a police officer killed by an ISIS-affiliated terrorist group. The mother accused Facebook of providing support to terrorists by allowing them to use the platform to spread their propaganda message and organize attacks.
The basis of the platform’s alleged liability would be mainly the operation of the algorithm and the tendency to create “echo-chambers,”[9] favoring the discovery of content compatible with users’ ideas or tastes.
The U.S. Second Circuit Appeals Court had thus ruled-for the first time-that Section 230 also protects platforms such as Facebook from civil actions brought by victims of terrorism. However, following the appeal filed by the relatives of the victims, the Supreme Court had rejected the request to examine the issue[10].
Nevertheless, Judge Katzman’s dissenting opinion had pointed out that the “active” role of certain platforms in users’ choices was worthy of greater consideration: “Growing evidence suggests that ISPs have designed their algorithms to steer users toward content and people with whom the users themselves agree-and that they have done this too well, pushing sensitive souls further and further down dark paths.” [traduzione a cura dell’autore]” [11].
The issue of internet provider liability, therefore, after being rejected again by the Court in the subsequent Malwarebytes, Inc. v. Enigma Software Group USA, LLC. (in which Justice Thomas’ dissenting opinion cited that of Justice Katzman in Force v. Facebook Inc.), has now finally come before the Justices in the context of three different cases: Gonzalez v. Google[12], Twitter v. Taamneh[13] e Clayborn v. Twitter[14].
Gonzalez v. Google
Nohemi Gonzalez, a U.S. citizen, was being killed in the 2015 Bataclan terrorist attack in Paris.
The following day, ISIS claimed authorship of the attack, releasing a written statement and a YouTube video.
Gonzalez’s father then acted against Google, Twitter, and Facebook, claiming, among others, that Google had aided and abetted international terrorism by allowing ISIS to use its platform, particularly YouTube, “to recruit members, plan terrorist attacks, issue terrorist threats, instill fear and intimidate civilian populations.”[15] He also claimed that the very use of computer algorithms that suggest content for users based on their viewing history helped ISIS spread its message. In addition, Google’s YouTube monetization system also allegedly caused the algorithm to evaluate and approve content from ISIS, resulting in revenue sharing with individuals linked to the terrorist organization.
In the first two levels of court, the motion to dismiss
[16]
of Google was granted, as was the case in previous cases
[17] .
Twitter v. Taamneh
In contrast, the second case in decision originates from the 2017 terrorist attack on Istanbul’s Reina[18] and concerns aiding and abetting charges against Google, Twitter and Facebook for failing to take meaningful measures to prevent the use of their services for terrorism purposes. In this case, after the initial dismissal in the first instance, the Court of Appeals for the Ninth Circuit reversed the decision, finding that there was a direct link between the dissemination of the ISIS message by social platforms and the harm caused to the victims of the attacks[19].
Gonzalez v. Google: the decision
The cited cases were treated jointly by the Supreme Court, which encapsulated its reasoning on Section 230 in the Gonzalez ruling, while using the Twitter ruling to rule on aiding and abetting liability as enucleated from the text of the Anti-Terrorism Act
[20] .
According to reports in the U.S. media, at the hearing the Supreme Court Justices had already expressed considerable perplexity at the appropriateness of deciding the future of the Internet, where it should be the legislature that takes action to bring about such a turnaround: “Isn’t it better to keep it the way it is, for us, and to put the burden on Congress to change that and they can consider the implications and make these predictive judgments?“[21]
Numerous reform proposals have been put forward in recent years by both Republican and Democratic congressmen, some to eliminate the text altogether, others to modify it
[22] .
And indeed, it comes as little surprise that the Supreme Judges’ decision was not to rule on the issue of Section 230 application at all: “[…] we think it is sufficient to recognize that much (if not all) of the plaintiffs’ appeal appears to be dismissed on the basis of our decision in Twitter or by the Ninth Circuit Court’s unchallenged determinations below. We therefore decline to address the application of §230 to a complaint that appears to be able to assert few-if any-claims. [traduzione a cura dell’autore]”[23]
The Supreme Court, therefore, ruled exclusively on the issue of the applicability of aiding and abetting liability under the Anti-Terrorism Act (in Twitter v. Taamneh), avoiding directly addressing the sensitive issue that has agitated observers (lawyers and others) for months.
The motivations of Twitter v. Taamneh
Specifically, two interesting insights can be drawn from the reasons expressed in the Twitter case by Justice Thomas , in terms of assessing the liability of ISPs with respect to how they manage content.
In the argumentative path, the judgment confronts the relevance of the provider’s awareness of the presence of customers/users using the provided service for illicit purposes (e.g., the presence of ISIS on YouTube).
In this regard, the Supreme Court relied on the concept of neutrality of provider action (already used by the 9th Circuit Court of Appeals with respect to the algorithm’s operation)[24] and pointed out that “distant inertia” cannot be transformed into conscious and substantial assistance to terrorist activity; therefore, it found insufficient, per se, the observation that the platforms under consideration do anything more than transmit information for billions of people (through user preference analysis).
In addition, with specific reference to Google and YouTube’s monetization system, the plaintiffs allegedly failed to bring concrete evidence of a substantial contribution made to ISIS or its members, either in terms of the amount of monies paid or with respect to the number of accounts and content approved by the platform.
Therefore, it would not be possible to claim that Google provided assistance to ISIS, either in the 2017 Istanbul attack or in the organization’s other activities of a terrorist nature.
The future of the Internet
The Supreme Court’s almost pilatesque decision certainly meets with favor among those, such as digital rights activists, who argue that Section 230 should remain a part of the U.S. legal system; it would have allowed greater freedom of expression online, fostering the ability to connect and communicate in ways that were not previously possible. It would also allow online platforms to remove offensive content without necessarily censoring freedom of expression.[25]
However, the U.S. Courts’ stance upholding the neutrality of online platforms is difficult to endorse, precisely in light of the known functioning of user preference analysis algorithms.
Indeed, these cases again demonstrated the importance of striking a balance between freedom of expression and protecting users online. Platforms have the power to reach millions of people around the world, but with that power also comes the responsibility to make sure that the content posted on them does not harm users-or at least to make concrete efforts to do so.
In addition, the widespread perception of the need for greater regulation and supervision of online platforms has further emerged. While Section 230 has long provided functional immunity to the development of the Internet, concerns remain about the safety of users and about the dissemination of content that poses dangers both online and offline.
The role and choices of providers are becoming increasingly central, especially in light of the operation of the algorithms they rely on.
Therefore, what is needed-before and far beyond a judicial pronouncement-is a regulatory intervention that addresses the problem with the critical gaze of our decade and can meet the (often) conflicting demands of security and freedom of expression.
Prof. Avv. Roberto De Vita
Avv. Marco Della Bruna
References
[1] Title V of the broader Telecommunications Act of 1996, which amended Title 47 of the United States Code.
[2] “Obscene and indecent.”
[3] “No provider or user of an interactive information service shall be treated as the publisher or spokesperson for information provided by another information content provider.” [traduzione a cura dell’autore].
[4] https://www.cornellpress.cornell.edu/book/9781501714412/the-twenty-six-words-that-created-the-internet/
[5] “No provider or user of an interactive computer service shall be held liable on account of-
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph.”
[6] https://www.eff.org/it/deeplinks/2021/04/content-moderation-losing-battle-infrastructure-companies-should-refuse-join-fight
[7] https://law.justia.com/cases/federal/appellate-courts/ca2/18-397/18-397-2019-07-31.html
[8] https://law.justia.com/cases/federal/appellate-courts/ca9/17-17351/17-17351-2019-09-12.html
[9] https://www.treccani.it/vocabolario/echo-chamber_(Neologisms)/
[10] https://www.supremecourt.gov/DocketPDF/19/19-859/127371/20200102175456524_ForcePetPDF.pdf
[11] “Mounting evidence suggests that providers designed their algorithms to drive users toward content and people the users agreed with – and that they have done it too well, nudging susceptible souls ever further down dark paths.”
[12] https://law.justia.com/cases/federal/appellate-courts/ca9/18-16700/18-16700-2021-06-22.html
[13] https://supreme.justia.com/cases/federal/us/598/21-1496/
[14] https://casetext.com/case/clayborn-v-twitter-inc
[15] Author’s translation.
[16] The defendant’s (in this case Google’s) motion to dismiss the claims of the litigant.
[17] https://law.justia.com/cases/federal/appellate-courts/ca9/18-16700/18-16700-2021-06-22.html
[18]https://www.repubblica.it/esteri/2017/01/01/news/istanbul_attacco_armato_ad_un_night_club_vittime_e_feriti-155199540/
[19] The Ninth Circuit Court used an original but effective example: “Assume that a person on one side of a crowded football stadium fires a high-powered rifle at a group of people on the other side of the stadium whose identities are unknown. Would the majority here affirm that the rifle shot hitting an unidentified bystander on the other side of the stadium has no direct relationship to the shooter and that the shot probably did not cause the resulting death?” [traduzione dell’autore]
Similar allegations, moreover, are at the heart of the case Clayborn v. Twitter, which originates from the 2015 San Bernardino massacre, https://casetext.com/case/clayborn-v-twitter-inc
[20] As last novated in 2016, https://www.congress.gov/bill/114th-congress/senate-bill/2040/text
[21] Quote attributed to Judge Kavanaugh, https://rollcall.com/2023/02/21/supreme-court-cautious-during-arguments-on-internet-liability-law/
[22] https://slate.com/technology/2021/03/section-230-reform-legislative-tracker.html
[23] “[…] we think it sufficient to acknowledge that much (if not all) of plaintiffs’ complaint seems to fail under either our decision in Twitter or the Ninth Circuit’s unchallenged holdings below. We therefore decline to address the application of §230 to a complaint that appears to state little, if any, plausible claim for relief.”
[24] https://law.justia.com/cases/federal/appellate-courts/ca9/18-16700/18-16700-2021-06-22.html
[25] https://www.eff.org/it/deeplinks/2020/12/section-230-good-actually
The Berlin Regional Criminal Court (Landgerith Berlin) has ordered the preliminary referral to the Court of Justice concerning the use of EncroChat messaging data. The order for reference disputes the legality of the European Order of Investigation for the acquisition by the German authorities and highlights the restriction of rights resulting from the impossibility of knowing the technical methods of data extraction, which calls into question its usability as evidence.
The case
In 2020, following a lengthy investigation, the police and judicial authorities of France and the Netherlands, Europol and Eurojust announced that they had dismantled the EncroChat encrypted communications network, which is mainly used by criminal organisations.
The joint investigation activity made it possible to intercept and analyze in real time millions of messages transmitted on the chats.
Based on an extraction of the EncroChat server in Roubaix, France, investigators had developed a trojan virus that was inoculated inside the server itself and then inside users’ devices in the form of a fake system update.
Out of 64,134 registered users, 32,477 from 122 countries were intercepted, of which 380 in France and 4,600 in Germany.
Therefore, between April and June 2020, the French authorities were able to obtain the IMEI[1] of the devices, the email addresses of the users, the date and time of the communication, the location of the antennas through which the access was made, as well as texts and images transmitted in ongoing chats. In addition, the complete memory of the intercepted devices was read, also accessing the chats of the periods before the investigation and that had not yet been deleted.
This was followed by the arrests of numerous suspects, even in countries outside the investigation but particularly affected by the widespread use of encrypted networks by organized crime.
In France alone, the Gendarmerie employed a task force of 60 men to monitor the communications of thousands of criminals, initiating a large number of criminal proceedings.
In the Netherlands, at the same time, the work of hundreds of investigators has benefited from the information extracted from the chats and has managed to arrest over 100 suspects, dismantle 19 synthetic drug laboratories, seize tons of cocaine and crystal meth, as well as weapons, vehicles and millions of euros in cash.
The interception activity finally stopped on June 13, 2020, when EncroChat noticed the violation of the systems by the authorities and immediately sent an alarm message to all users.
The defendant in the present case was also a user of the platform, which he used for drug trafficking activities. In particular, he was charged with 14 counts of trafficking charges and four counts of possession: 188 kg of marijuana and 3.5 kg of cocaine only between April and May 2020.
The proceedings against him arose from the acquisition by the BKA (Bundeskriminalamt) [2] of data concerning users operating in Germany, carried out through external collaboration with the Franco-Dutch Joint Investigation Team. Only at a later stage did the German authorities issue a European Order of Investigation to ask to use the data acquired by the Gendarmerie in its investigation activities.
In the context of this acquisition procedure, which is considered to be contrary to the guarantees laid down by German and European law, The Regional Court of Berlin considered it necessary to refer the question of their legitimacy and the usability of the results to the Court of Justice of the European Union. So far, it is the only higher court that has deviated (already in 2021) from the prevailing orientation whereby EncroChat data would instead be fully usable[3].
The messaging system of Encrochat
The system offered by EncroChat was similar to that proposed by Sky-ECC, which we have already discussed.
Crypto phones were presented to customers as a guarantee of absolute anonymity and complete discretion of both the encrypted interface and the device itself.
First, no association was made between devices or SIM cards and the customer’s account. In addition, the devices had a dual operating system, so that the encrypted system was undetectable. Finally, the GPS, camera, microphone and USB port were disabled.
The functions of the messaging system were also designed to increase the possibility of concealing communications: automatic cancellation of messages on the receiving devices, specific PIN code to erase all data on the device, deletion of all data in case of consecutive entry of a wrong password. In addition, it was possible for users to have their data deleted remotely through reseller assistance.
The crypto phones were sold around 1,000 euros each, with half-yearly subscriptions of 1,500 euros with 24/7 support. [4]
The referral of the Regional Court
The Regional Court of Berlin referred 14 questions to the Court of Justice in its request for a preliminary ruling, in order to determine whether the instrument of the European Investigation Order was legitimately used, whether it is relevant that it is not possible to know the technical means of acquiring the data and, where appropriate, the way in which the data can be used.
It should first of all be pointed out that the operation of the Trojan used by the French police is not currently known or known, as it is protected by French military secrecy.
Similarly, the German authorities have never even divulged the non-secret information they have learned from their French colleagues on the subject.
Moreover, the initial method of reporting by the French was not known at the beginning of the first proceedings in Germany. Therefore, the German Courts based the first decisions, both precautionary and substantive, on the assumption that the investigation findings underlying the proceedings had been sent “spontaneously” to the German authorities and that there had been no active role of collecting the latter by the German investigators.
On the contrary, an informal exchange of information took place at an early stage, in which the German authorities activated monitoring of EncroChat users in Germany for criminal purposes, using the work already in progress in France. According to the Court, this operation constitutes an investigative activity that should have been based from the outset on an OIE, so that its legitimacy under German law can subsequently be assessed and the fundamental rights of suspects guaranteed (by verifying the necessity and proportionality of the order and the legality of the investigative activity with respect to national law).
Already in the past, the CJEU itself [5] has pointed out that the transmission of traffic or location data to an authority is in itself a serious constraint on the fundamental rights set out in Arts. 7 and 8 of the Charter[6].
Moreover, as noted by the Supreme Court with regard to the data of the Sky-ECC chats, also in this case there emerges an insurmountable obstacle to the celebration of a fair trial, which requires that the defenses have the opportunity to fully confront the evidence.
In the opinion of the German court, this is all the more necessary on the basis of European case-law where the evidence in question is the result of a technical field in which neither the court nor the parties have expertise[7].
The usability of EncroChat data would therefore be questioned by the impossibility, in the state, to evaluate the technical methods of interception, hijacking, storage and extraction. The exercise of the right of defence, in fact, is compromised without being able to verify the correctness, completeness and consistency of the data used in court.
On the other hand – the German Court emphasizes – in many cases like that in examination the data of the chat EncroChat constitute the only test in relation to the disputed fact.
In the present case, for example, proof of negotiations on the sale of substances would be sufficient to supplement the crime of drug trafficking. Therefore, it is essential for the defence to be able to evaluate both the individual messages themselves and the temporal and content relationship between messages sent and received.
In fact, errors of a technical nature or incompleteness can lead to distort the meaning of the chats without it being possible to notice them having only the results of the investigative activity available.
According to the criteria developed by the Court of Justice in the Steffensen judgment[8], the mere fact that the data used cannot be verified by the defence via a technical expert would suffice to conclude that it is unusable as evidence.
This has been compounded by the refusal by the European agencies and the German authorities to make available documents which are not subject to French military secrecy and which, however, would have been of defence significance.
In particular, the refusal to share messages exchanged by the German authorities through the SIENA system has been stigmatized [9] and which would at least have made it possible to verify whether technical anomalies have been reported during the initial phase of cooperation with the French investigators and in respect of which data. In fact, one of the few messages of this system that has been incorporated in the acts would suggest that there have been reports on this, but it is not possible to determine which users and periods have concerned.
In addition, the German Court stressed that European case-law has established that combating serious crimes cannot in any way justify indiscriminate and generalised retention of data. There have been rulings which have allowed access to precise traffic and location data for criminal purposes, but which at the same time have linked their legitimacy to compliance with the principle of proportionality, and the constant presence of a review by a judge or an independent administrative authority [10].
In this case (and others related to it) both requirements are lacking. The data collection was carried out on a huge and indiscriminate sample of users (32,477 users out of 64,134), without it being possible to consider a priori a membership of all EncroChat customers to a single criminal network; nor were any very reinforced privacy needs due to the exercise of lawful activities investigated. On the contrary, the equation has been developed whereby for certain costs and functionalities a service must necessarily be provided for illicit activities.
Moreover, the activity of stimulating investigations in Germany did not derive from activities under the control of the judicial authority, but was the result of police cooperation coordinated by Europol. Even later, when the German judiciary intervened, only the results of technical activity performed by the Joint Investigation Team on EncroChat and in particular by the Gendarmerie were acquired.
This has prevented both ex ante control by an independent authority and ex post control in the form of the exercise of the right of defence through evidence in cross-examination between the parties.
The reference for a preliminary ruling was made as a matter of urgency because of the risk that the precautionary measure applied to the accused might lapse as a result of the time-limit, highlighting the importance of the decision also for a large number of parallel proceedings currently pending [11].
It is to be hoped that the decision of the ECJ can contribute to restoring the centrality of the protection of the fundamental rights of individuals in the field of data and the guarantee of the full exercise of the right of defence also in digital age.
Prof. Avv. Roberto De Vita
Avv. Marco Della Bruna
REFERENCES
[1] International Mobile Equipment Identity, the numeric code that uniquely identifies the mobile device.
[2] Federal German police authority under the responsibility of the Federal Ministry of the Interior.
[3] https://www.spiegel.de/panorama/justiz/berlin-landgericht-laesst-encrochat-daten-nicht-zu-a-6dd9be2e-f558-40fa-9995-2f8136581f8e
[4] https://www.europol.europa.eu/media-press/newsroom/news/dismantling-of-encrypted-network-sends-shockwaves-through-organised-crime-groups-across-europe
[5] Cf. CJUE, decision of March 2 2021, La Quadrature du Net and others – C-511/18.
[6] “Respect for private and family life” and “Protection of personal data”, cf. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT.
[7] Cf. CJUE, decisions of March 2 2021 H.K./Prokuratuur – C-746/18, La Quadrature du Net and others – C-511/18, and of April 10 2003 Steffensen – C-276/01; ECHR, decision of March 18 1997, Mantovanelli/France.
[8] Cf. CJUE, decision April 10 2003, Steffensen – C-276/01.
[9] Secure Information Exchange Network Application, a communication platform for European Union law enforcement.
[10] Cf. CJUE, sentenza del 2 marzo 2021 H.K./Prokuratuur – C-746/18 .
[11] Cf. Decision of the Berlin Regional Court of 19.10.2022, https://www.hrr-strafrecht.de/hrr/lg/22/279-js-30-22.php
Read the original article on Reuters
Reporting by Crispian Balmer; Editing by Alison Williams and Bill Berkrot
ROME, March 9 (Reuters) – An Italian navy captain was found guilty on Thursday of selling secrets to Russia and sentenced by a military tribunal to 30 years in jail.
Walter Biot, 56, was arrested in 2021 as he was handing information to a Russian embassy employee in a Rome car park.
Italy subsequently expelled two Russian diplomats and accused Biot of selling documents, including classified NATO documents, for 5,000 euros ($5,280).
His lawyer has said Biot did not hand over any sensitive material and announced on Thursday he would appeal the verdict. The military prosecutor had sought a life term.
“Biot traded in secrets and was caught in the act,” the prosecutor said on Thursday. “He displayed a high degree of disloyalty and criminal ability, but also sorry greed.”
A court last year detailed some of the allegations against Biot when it rejected his request to be freed pending the trial.
It said he had given his Russian contact a memory card that contained 181 photographs of documents and images from his computer. It said 47 were marked as “NATO secret” and 57 “NATO confidential”.
Italian media said that among the documents were information about the war on Islamist militants in Libya and Syria.
Prosecutors have said Biot was caught on camera on three separate occasions in March 2021 taking photographs with his phone of images on the screen of his office computer.
At the time of his arrest, Biot had the rank of a frigate captain but was working at the defence ministry department tasked with developing national security policy and managing relations with Italy’s allies.
Biot’s lawyer has said his client was not ideologically driven and had never handed over documents that could “put Italy or other countries at risk”.
($1 = 0.9465 euros)
Prof. Avv. Roberto De Vita gave the first lecture to officials of the Federal Bureau of Investigation, the United States Secret Service, the UK Police and the Royal Canadian Mounted Police, entitled “Intelligence and analysis techniques”, as part of the Course “The fight against money laundering and organized crime. Economic and financial investigation techniques” organized by the Economic-Financial Police School of the Guardia di Finanza.
According to the Supreme Court, the procedures of acquisition of chats on Sky-ECC are relevant to evaluate the usability of the results of investigation activities carried out on the conversations of users.
The parties must be guaranteed access to the documents attesting to such procedures, in order to be able to control the validity of the operations carried out and the actual correspondence of the text of the messages to the content of the intercepted conversations.
The case
The Liberty Court of Rome upheld the order implementing the measure of pre-trial detention in prison ordered by the judge for preliminary investigations for the crime of association aimed at illicit trafficking of narcotic drugs or psychotropic substances under art. 74 D.P.R. 309/1990.
Against this last order, the suspects appealed to the Supreme Court with two recourses.
With the second application, in particular, the defence contested the nature of the summary note of the Carabinieri relating to the acquisition of the Sky-ECC system’s chats, extracted following decryption of the same system and received by the Italian judicial authority through Europol.
It was noted that the defense – through this note – could only know the results of this activity, summarized by the Carabinieri, but not the documentation of Europol reporting the technical procedures of data acquisition too. Therefore, because of these assumptions, the defence complained that it had not been able to verify what the actual data acquisition methods of the Sky-ECC system had been, thus preventing any examination of the validity of the procedure used.
In fact, the relevant documents had not been made available to the defence because of the assumption that they were exchanges of information between police forces of different countries, which could not be used in court.
However, the collection of the platform’s data flows and the subsequent decryption were carried out without any prior control by the Italian judicial authority.
In this regard, the Liberty Court had held that there was a presumption of legality of the activity carried out, since the acts had been received from foreign judicial authorities.
Moreover, they had considered the chat merely as documents under art. 234, Code of Criminal Procedure, excluding that they could be considered correspondence or wiretap (of telematic flows).
The Sky – ECC system
The Sky – ECC messaging system had been at the heart of a massive joint police operation coordinated by Europol in early 2021 and planned in previous years, similar to what happened with Encrochat and other similar systems [1].
According to reports by the same agency and the Paris Prosecutor, the investigagtion activities on the chats had allowed to carry out numerous inspections and seizures in the Netherlands and in Belgium, as well as to identify over 2,000 users in France (observing a total of 70,000 users for several months), thus allowing to “take down large-scale drug trafficking and attacks on people” [2].
However, at the time, the platform issued a statement denying that the police in question had penetrated their network, stating that “SKY ECC is built on “zero-trust” security principles which assumes every request as a breach and verifies it by employing layers of security to protect its users’ messages. All SKY ECC communications are encrypted through private tunnels via private distributed networks. All messages are encrypted with today’s highest level of encryption.” [3]
In addition, the Sky-ECC statement suggested that the access made in the context of the investigation had been based on a system only apparently linked to their network, by means of devices previously stolen from the legitimate distribution chain and deprived of the security features attributed by the company.
In fact, the peculiarity of this messaging system lies in the possibility of buying an annual license (for about € 2200) for the use of devices provided by the company, which among other features have the disabling of microphones, GPS and video cameras, as well as the deletion of (encrypted) messages sent after only 30 seconds; moreover, if a receiving device is not reachable from the network, the message not received is deleted after 48 hours from sending [4].
The decision of the Supreme Court
The Court of Cassation deemed the plea relating to the acquisition of Sky-ECC chats well grounded.
The messages in question, as mentioned above, were acquired by Europol through direct access to the servers of Sky Global, the owner of the messaging system, as part of a coordinated investigation activity with the French, Belgian and Dutch police forces.
First of all, the Supreme Court has highlighted the confusion that emerges from the answer given by the Prosecutor to deny the defence access to the documents requested, overlapping the results of the investigation activities with the procedures adopted, apodictically claiming to have made available all the documentation to the defence.
The Court has considered as it is instead necessary to estimate in concrete terms – in the main criminal procedure as well as in the pre-trial detention procedure – whether the methods used for the acquisition of the chats from the servers are in contrast with mandatory provisions and fundamental principles of the legal system.
Therefore, it is necessary that the adversarial procedure is guaranteed both on the outcomes of the activity and (inevitably) on the methods of acquisition of the material, in order to be able to review its legitimacy under art. 191, Code of Criminal Procedure, and to be able to detect any unusability of evidence acquired in violation of the prohibitions established by law.
Equally, according to the Court, this assessment is also relevant in the pre-trial detention procedure, if the evidence at issue has affected the judge’s decision (as in the present case).
The Supreme Court, therefore, has ruled that it is essential for the exercise of the right of defence to know the methods and procedures adopted by the investigators, as it highlighted the fundamental aspects (of substantial nature) of the possibility of verification upon the investigation activities’ findings.
In particular, in order for the results of the analysis of a messaging service such as the one under examination to have probative value, it is necessary to verify the actual “correspondence of the text of such messaging to the literal content of the messages originally sent and received and of the users of the identified senders and recipients with the actual ones, which is why the issue at hand also unfolds its relevance with regard to the phase of collection and decryption of telematic flows“.
Through this ruling, the Supreme Court seems to have placed a first fundamental curb to the trend (often occurring in courtrooms) to underestimate the importance, in terms of probative value, of procedural hygiene in data acquisition and analysis operations, with the risk of focusing solely on the findings of such activities, depriving the accused of the right to an adversarial procedure in the formation of evidence and depriving the Judge of epistemologically essential elements for the assessment of the facts allegedly proven.
Avv. Antonio Laudisa
Dr. Marco Della Bruna
All rights reserved©
Photo by Raniero Botti ©2020
References
[1] C. Bonini, F. Bulfon, Criptomafia. Storia della guerra digitale dichiarata dalle polizie di Usa ed Europa alle reti di comunicazione protetta dei narcos e dei boss del crimine internazionale, La Repubblica, 16.12.2021.
[2] E. Follis, Europol smantella una rete telefonica criptata usata dai gruppi criminali, Euractiv, 11.03.2021.
[3] P. Arntz, Police credit “unlocked” SKY ECC encryption for organized crime bust, Malwarebites Labs, 11.03.2021.
[4] Sky ECC, what is it?, Funinformatique.
Read the original article on Taiwan News
By Nicole Winfield and Gordon Walker, Associated Press
ROME (AP) — An Italian Navy captain accused of passing classified documents to Russia says he didn’t have access to any information that would have compromised the security or strategic operations of Italy or NATO, his lawyer said Friday.
Attorney Roberto De Vita met with Capt. Walter Biot at Rome’s Regina Coeli prison, where the frigate captain and Defense Ministry policy officer is being held on espionage charges in an isolation cell, a normal procedure for new inmates during the pandemic to prevent COVID-19 outbreaks.
Biot was arrested Tuesday after Italian special operations forces allegedly caught him handing over a flash drive with 181 documents stored on it to a Russian Embassy diplomat in exchange for 5,000 euros ($5,881).
Italy expelled the Russian and another embassy diplomat for what Italian Foreign Minister Luigi Di Maio called a “hostile act of extreme gravity.”
A judge in Rome on Thursday denied Biot’s request to be released from jail and put under house arrest, citing the gravity of the accusations and the concern that he might commit further crimes.
Italian news reports quoted the judge’s order as saying Biot’s actions were “not isolated or sporadic” but well-planned. The judge said the evidence showed the officer used four different cellphones and “had no scruples betraying the trust of his institution for economic reasons.”
Defense lawyer De Vita said Biot, who initially declined to respond to prosecutors’ questions, was ready to provide his version of events and to demonstrate that the documents in question were “of little or scarce relevance and that regardless, in most cases were already available from other sources.”
“He will specify how he did not have access to information that could compromise national, military, strategic and NATO operations,” De Vita told The Associated Press outside the prison. “Precisely because the position he held did not allow him access.”
Biot’s relatives have said he would never betray his country. But they said he struggled to provide for his family of six and to pay his mortgage on a monthly Defense Ministry salary of 3,000 euros ($3529).
De Vita said his client was most concerned about the impact of the scandal on his family. The lawyer said the case raises geopolitical and institutional issues “beyond the judicial dimension” of the captain’s conduct.
“He is convinced that he can reduce or put into perspective the significance of his actions compared to what was divulged and what was said,” De Vita said.
Read the original article on Washington Times
By Nicole Winfield and Gordon Walker
ROME (AP) – An Italian Navy captain accused of passing classified documents to Russia says he didn’t have access to any information that would have compromised the security or strategic operations of Italy or NATO, his lawyer said Friday.
Attorney Roberto De Vita met with Capt. Walter Biot at Rome’s Regina Coeli prison, where the frigate captain and Defense Ministry policy officer is being held on espionage charges in an isolation cell, a normal procedure for new inmates during the pandemic to prevent COVID-19 outbreaks.
Biot was arrested Tuesday after Italian special operations forces allegedly caught him handing over a flash drive with 181 documents stored on it to a Russian Embassy diplomat in exchange for 5,000 euros ($5,881).
Italy expelled the Russian and another embassy diplomat for what Italian Foreign Minister Luigi Di Maio called a “hostile act of extreme gravity.”
A judge in Rome on Thursday denied Biot’s request to be released from jail and put under house arrest, citing the gravity of the accusations and the concern that he might commit further crimes.
Read the original article on Reuters
By Crispian Balmer, Domenico Lusi
ROME (Reuters) – Italian police have found a stash of classified and highly classified military documents they believe an Italian navy captain gave to a Russian official in return for cash, a judicial source said on Friday.
Walter Biot, 54, was arrested on Tuesday in a Rome carpark. A police source said he had been seen handing information to a Russian military attache in exchange for 5,000 euros ($5,900).
The judicial source with access to the case files said police had recovered a memory card containing 181 photos classified as confidential, nine classified as highly confidential and 47 classified as secret documents from NATO.
Biot’s lawyer Roberto De Vita told an Italian newspaper that his client had told him that he had handed over information to Russia for money, but denied having leaked classified documents.
Biot appeared in court for the first time on Thursday but declined to speak. “He asked for time to collect his thoughts,” De Vita told reporters.
Interviewed later by Corriere della Sera newspaper, De Vita said that Biot had told him he was not ideologically driven and had never handed over “documents which could put Italy or other countries at risk”.
Italy, which has traditionally enjoyed better relations with Moscow than many other Western states, has expelled two Russian diplomats in retaliation and denounced the alleged espionage as a “hostile act”.