RightsCon 2022: How much user data can be used in criminal investigations? Electronic Evidence and Types of User Data

Criminal investigations increasingly rely on so-called “electronic evidence”, ie all user data collected by online services. Are the categories used in legislation always the right ones to ensure adequate protection of human rights? Three categories, corresponding to different levels of protection, and largely derived from historical practices vis-à-vis telecom operators, are commonly used: and Traffic and/or transactional data (consisting of timestamps, the history of IP addresses , source and destination of communications, etc.). As digital services become ubiquitous, the diversity of user data collected by service providers has increased exponentially. Thus, many other types of user data can be requested or obtained.

This raises two important questions: are the existing protections attached to the three categories sufficient in relation to new types of data (for example: a fitbit device collecting the heart rate and sleep habits of users)? More generally, should any type of user data collected by a service provider be able to be requested in the context of criminal investigations and be interpreted as electronic evidence? (For example: user behavioral and preference profiles developed by social media platforms to feed predictive modeling algorithms).

This session aims to raise awareness of the limitations of the current system, built on the remnants of a bygone era of telecommunications. It will articulate the need for a goal-oriented and rights-respecting framework through the elaboration of different perspectives by the interventions of civil society, government and industry actors.

Learn more: Scoping note: categories of electronic evidence

Host institution : Electronic Frontiers Foundation (EFF) | Center for Democracy and Technology (CDT) | Internet Policy and Jurisdiction Network | Cross Border Data Forum

Mark M. Gagnon