The European Investigation Order in criminal matters allows judicial authorities in all EU Member States to instruct each other to collect evidence. It also sets forth provisions for cross-border telecommunications surveillance. The European standardisation institute ETSI is consequently working on interfaces for the hand-over of intercepted phone calls.

By May 22nd, the Member States of the European Union have to transpose the European Investigation Order in criminal matters (EIO) into national law. The Directive defines cross-border cooperation between judicial authorities including courts, investigating judges and public prosecutor’s offices. In the future, an “issuing State” can oblige an “executing State” to gather evidence in criminal proceedings. This entails inter alia conducting investigations.

It also sets forth provisions for the “temporary transfer of persons held in custody”, hearings by video or telephone conference or the use of the European arrest warrant to transfer people (including temporarily) to courts of another state. There is a dedicated chapter on telecommunications surveillance and the transfer of the “electronic evidence” gathered during such.

The issuing authority can request “decoding or decrypting”

For instance, an authority in Spain could order the telephones of suspected hackers to be tapped in Denmark. The surveillance is not restricted to the content of the telecommunications but also includes gathering traffic and location data. The issuing authority can also request the “decoding or decryption” of the recording. Some Member States spoke out against such an obligation, which is why in the text of the Directive the wording “request” was chosen.

For the transfer of the data interfaces need to be put in place to hand over electronic evidence. They need to be standardised and wherever possible suitable for international use. The European Telecom Standards Institute (ETSI) is therefore working on the development of technical and legal specifications for such interfaces. At the European standardisation agency, the telecommunications providers, providers of surveillance electronics and security agencies are organised in a joint working group on “Lawful Interception”. From Germany, the company Utimaco from Aachen, the Customs Investigation Bureau (Zollkriminalamt) and the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz) are involved for instance.

Interface with the acronym “SMILE”

ETSI is also currently working on draft specifications for an interface of this kind for the Investigation Order in criminal matters. The Federal Government is classifying all the information on this as confidential. One of the people involved has published some details on this, however. According to this information, ETSI has been looking into how to implement the transfer from the executing State to the issuing State since the middle of last year.

The executing State is to treat the request like a national interception measure. Intercepted telephone calls are then transferred to the issuing State almost in real time. To this end ETSI is working on an interface which is to be available by the middle of the year under the acronym “SMILE” (“Smart Handover Interface between Law Enforcement Agencies”).

The efforts by ETSI probably build on the “EVIDENCE” research project, which designed a roadmap with guidelines, recommendations and technical standards and a research agenda with the involvement of Interpol. The project cites other concrete outcomes of EVIDENCE as “an electronic evidence categorisation tool, an electronic evidence map of actors and a digital forensics tools catalogue”.

Regulatory proposal by the Federal Government

In the future, the technical work for the Investigation Order in criminal matters could gain greater significance. The European Commission is verifying to what extent the Directive could also be used to force US Internet companies to hand over electronic evidence. A regulatory proposal in this vein has been penned by the Federal Government. The European Commission is expected to table proposals in summer this year.

What has already trickled through at this stage is the establishment of an Internet portal connecting the investigating authorities and public prosecutors in the European Union as a first step. It is currently being examined whether such a portal should be set up centrally (so at the European Commission or its agencies) or de-centrally (so in the Member States). The system could start operating in 30 months at the latest.

Cybercrime Convention gets additional protocol

For access to data outside the EU an international agreement is required, however. To this end the European Commission has earmarked one million euros for studies searching for “measures in the area of EU-US cooperation relating to electronic evidence”. Of particular interest is the simplification and acceleration of mutual legal assistance. Also being sought are procedures to determine the physical storage place of data.

It is now certain that the Cybercrime Convention of the Council of Europe will be expanded by an additional protocol on the acquisition of electronic evidence. A dedicated “Cloud Evidence Group” has been set up and has already presented a draft of the possible contents. The plan is to complete the work on the draft for the additional protocol by December 2019.

Image: All rights reserved EU research project EVIDENCE