The technology has resulted in significant innovations in many aspects of the society. As far as law is concerned, in a few decades, deep and rapid changes have been affecting a millennial legal culture such as the European one and the national legal traditions of which it is made up.
The “evidence” is extremely delicate for legal science as it sits between general theory and philosophy of law, substantive law and adjective law, epistemology and interpretation, computer science brings new challenges – it happens in scientific evidence as well – as it is necessary to anticipate the acquisition phase of the balance between the powers of investigation and the right of defense which - in particular in the criminal proceedings - finds its place in judgment.
Digital forensics can be defined «the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations» (Palmer, A Road Map for Digital Forensic Research. Report From the First Digital Forensic Research Workshop (DFRWS), New York, 2001, p. 23)
There are several definitions of digital evidence.
The most recent one has been defined in the European Project “Evidence”, whose results have recently been published. According to the authors electronic evidence is «any data resulting from the output of an analog and / or digital device that is admissible in court proceedings and that it has been generated, processed, stored or transmitted by any electronic device», while digital evidence is «the electronic evidence that has been generated or converted into a numerical format».
In practical terms, such evidence is characterized by immateriality, due to collection of an autonomous existence from the physical source of origin, transmission, or destination.
In the present scenario, three kinds of problems can be identified, which can be distinguished depending on whether they concern: (1) the nature of the digital evidence; (2) the sharing between various investigating authorities; (3) the trial.
In regards to the first aspect, as it is known that in the digital world the traditional difference between "original" and "copy" vanishes, the extreme volatility of content makes it difficult to use evidence, which is intended to document past events. In fact, the extreme exposure to alterations makes it difficult to identify traces of tampering and thus guarantee its genuineness.
In regards to the second aspect, the increasing amount of data available, their heterogeneity in technological terms, and the need to coordinate investigative efforts which involves an increase number of authorities - and even more if we consider the international scenario – makes transmission and sharing of data more and more complex. Redundancy, confusion, disorder might cause loss of "information" by the system - resulting in inefficiency to prevent and repress crimes.
Regarding to the third element, the evidence collection is just only the first stage of an articulated evaluation process – usually under cross-examination between different parties - where the judge, as impartial observer, makes a decision. This is a process that, as for scientific evidence in general, depends on many factors and requires not only new technologies, but also redefining the organizational context, as well as new skills and expertise by all the parties involved (source of data holders, investigators, defenders, judges, consultants, officials).
Concerns in Digital Forensics
Each challenge highlighted above has been addressed at various levels through diplomatic initiatives, policy actions or legislative instruments.
With regard to the first aspect, it is paramount to mention the Convention on Cybercrime signed under the aegis of the Council of Europe in Budapest in 2001. For the first time all the nations combined the efforts against the cybercrime and provided for the possibility of using the "chain of custody" for digital evidence.
Regarding the second aspect, several instruments have been adopted to increase and strengthen the legal cooperation, from Mutual Assistance (MLA) provided by the 1959 Council of Europe Convention - introduced in the European Union from 2000 - to the 2002 European arrest warrant, up to the European Investigation Order (Directive 2014/41 / EU, adopted by the Italian country through the recent Legislative Decree 108/2017 coming into effect the 28th of July 2017.
Concerning the third aspect, within the framework of initiatives related to "electronic justice", the European Union has adopted several initiatives not only related to the dematerialization of the legal communications "E-Codex" but has also invested in developing new professions and expertise where all the stakeholders are involved. Moreover, initiatives have been taken to simplify and improve the legal system for the benefit of professionals and citizens.
In the near future, we will be facing several challenges, which are worth highlighting.
First of all, the transnational character becomes a physiological element of the most common crimes (online defamation, for instance) and it is no longer exclusive to the most serious offenses (organized crime, not least the terrorism).
Secondly, the introduction of new technologies such as the Internet of Things and the spread of artificial intelligence require to review not only how the security is managed, but also the procedures how the digital evidence is collected.
Thirdly, due to the new regulations, such as the General Data Protection Regulation (GDPR), companies and institutions will be forced to review and update not only the technology and the organisational structure, but also they will be required to invest in skills and expertise.
The conference organizers believe it is paramount to analyse the current situation and the future challenges in regards to the digital evidence collection in the light of what discussed so far and referring back to previous occasion.
In fact, on the 19th of November 2012, the University of Udine hosted the "Digital Forensics" conference (http://www.digitalforensics.ud.it/) sponsored by the departments of Mathematics/Computer Science and Law at the University of Udine. The conference was about identification, acquisition and use of digital evidence, legal issues, best practices, new perspectives. For the first time in Friuli Venezia Giulia region the topics related to the Digital Forensics were presented systematically - adopting an interdisciplinary approach between computer science and law - intended to facilitate the debate between different professionals involved.
Aim of this conference
In this event, we intend to examine in depth the topics already addressed during the previous conference but adopting an approach that takes in greater account of the complexity of the subject.
Firstly, an international perspective was considered necessary - with the favor of the decentralized geographical position of Udine - and thus to extend the comparison to the experience of closest countries (Austria and Slovenia) for historical reasons (the common root of Mitteleuropa), and territorial (the prospect of the Alpe Adria macro-region). Secondly, it was considered that deeper discussions and debates might be encouraged by the introduction of different ways of dialogue between speakers and greater interaction with the public.
This conference is the final event of the course “Sapere e Saperi nell’era digitale”- "Informatics and Law" module - held in the academic year 2016/2017 at the High School of the University of Udine; It is also part of the activities provided by the Strategic Plan of the Department of Legal Sciences as an in-depth workshop and as a functional initiative to enhance international academic relations. It is organized with the contribution of the High School, the Department of Law, and the Institute of Theory and Techniques of communication (ITTIG) of the National Research Council (CNR) based in Florence.
The conference aims at building an international network of relationships between different subjects and players - academics, professionals, stakeholders, judicial authorities - enabling future research projects to be developed; facilitating a debate between institutions that, albeit contiguous and interconnected through international networks, struggle to make the time for direct contact; providing students - particularly those of the University's "Scuola Superiore" and in the legal field - the opportunity to explore a particular topic of interest - such as the digital evidence - by verifying the real applications of the studied subjects; enabling professionals in the area to meet up top international experts.
Overview of the conference
The event consists of three different moments: the conference in the morning, a workshop in the early afternoon and a final in-depth session.
The conference intends to deepen the digital evidence issues from the academics perspective, outlining the technological and legal context where the electronic evidence issues emerge.
Particular attention is devoted to data protection and confidentiality matters, and specifically dealing with the challenges the "Privacy Package" will bring the 26th of May, 2018. Legal issues related to cryptography and challenges that such technologies will uncover will also be discussed during the conference. Balancing investigative needs and protecting the rights of the defense is another of the challenges we will be approaching.
The workshop is a good opportunity to debate on real case scenarios - a kind of "lab" where each participant brings personal experience and expertise encouraging challenges and solutions. Over the allocated time frame of 20 minutes, speakers are encouraged to provide a brief presentation of their professional context (the institution they belong to, the tasks assigned and the operating procedures) and to highlight the day-to-day emerging issues. The topics discussed relate to the the previous session (digital evidence in the conflict between investigative needs and defense rights with particular reference to data protection and confidentiality from the EU perspective).
For the purpose of the conference, it would be interesting having speakers discussing about how to obtain data from foreign providers (such as telephone traffic, text messages, IM as Whatsapp and Telegram), and sharing this information with other foreign investigative authorities (particularly the three countries involved in the conference). Specifically: what data is easily available? What are the technological, organizational or legal challenges that hinder cross-border exchange? How would it be possible to overcome these difficulties together?
Audience participation will be of great importance and it will be guided by a qualified moderator.
The third part of the conference will be reserved to "questions and answers" session and it is expected to have a guest from the aster in "Digital Investigation & Forensic Computing" and "Forensic Computing & Cybercrime Investigation" (reserved for law enforcement members).