War crimes and gross human rights violations: e-evidence | IGF 2023 WS #535

Report

The Budapest Convention is seen as a potentially beneficial legal framework for dealing with cyber crimes and war crimes, especially in relation to SDG 16: Peace, Justice, and Strong Institutions. However, there is skepticism about its applicability to crimes originating from Ukraine.

Examples of alleged crimes committed by Ukrainian forces and Ukrainian-based scammers have raised doubts about the effectiveness of the Budapest Convention in addressing these specific crimes.

Access to e-evidence is considered crucial for effectively resolving crimes. The importance of obtaining electronic evidence for the purpose of investigation and prosecution is highlighted, emphasizing its role in uncovering the truth and holding perpetrators accountable.

Concerns have been raised regarding the lack of effective safeguards in both the Budapest Convention and the UN Cybercrime Treaty.

Law enforcement officials involved in war crimes, crimes against humanity, and human rights abuses, along with dissatisfaction among civil society groups regarding the absence of adequate safeguards, have generated worry about potential misuse of these conventions.

There is frustration over the lack of communication and fear that the provisions within these conventions might be abused to commit crimes with impunity.

This highlights the need for stronger and more effective safeguards to prevent the misuse of these legal frameworks.

War crimes are a pressing issue, and it is argued that they should be addressed regardless of the perpetrators involved.

The need for applying international law and cooperation in conflicts is emphasized. It is paramount to hold all parties accountable for their actions, promoting justice and upholding human rights.

During discussions, questions were raised about war crimes committed by Ukrainians, beyond the focus on Russian activities.

The structure of the convention for crimes committed by Ukrainians remains unclear, and it is suggested that some war crimes may be committed without Russian involvement, indicating a need for further clarity.

Assertions were made about war crimes committed by the Ukrainian army against civilians, highlighting the gravity of the situation and the urgency to address these crimes.

In conclusion, the Budapest Convention is seen as a potentially beneficial legal framework for cyber crimes and war crimes.

However, doubts persist regarding its application to crimes originating from Ukraine. The importance of access to e-evidence is emphasized, while concerns are raised about the lack of effective safeguards in the Budapest Convention and UN Cybercrime Treaty. The necessity to address war crimes, regardless of the perpetrators, using international law and cooperation is stressed.

The need for clarity in dealing with crimes committed by Ukrainians and the alarming allegations of war crimes committed by the Ukrainian army against civilians are also highlighted.

Report

During the discussion, the speakers explored the significance of open source intelligence (OSINT) in uncovering evidence of war crimes and gross human rights violations. They highlighted the extensive experience of Giorgi Jokhadze in Ukraine, where he has utilised OSINT techniques.

Notably, he has been actively involved in supporting Ukraine through the Council of Europe since the beginning of Russian aggression in 2022.

The Budapest Convention on Cybercrime, specifically Article 32, was emphasized as a powerful tool for member states to access OSINT from both public and private domains with consent.

It was argued that these provisions could greatly assist Ukraine in obtaining compelling evidence for both domestic and international investigations. The tools provided by the Budapest Convention were also seen as instrumental in facilitating the collection of such evidence.

Furthermore, the discussion emphasised that open source intelligence should be considered as an integral part of the overall chain of evidence in criminal investigations.

It was acknowledged that open source intelligence plays a crucial role in providing leads and clues that can lead to more comprehensive investigations and successful outcomes.

The speakers also raised the challenges posed by electronic evidence, which often transcends borders.

This highlighted the importance of cross-sharing evidence among relevant parties to ensure a unified approach to investigations and the pursuit of justice across jurisdictions.

In addition to the technical aspects of open source intelligence and cybercrime conventions, the discussion touched upon the need for a clear and applicable legal framework.

The speakers recognized the importance of integrating open source intelligence and data from open sources within a comprehensive legal framework. Such integration is crucial for ensuring that perpetrators are brought to justice while adhering to legal requirements and due process.

Overall, the speakers concluded that open source intelligence and data obtained from open sources are invaluable assets in the pursuit of justice.

However, to maximize their effectiveness, they must be employed within an applicable legal framework. These insights highlighted the need for proper communication and implementation of conclusions derived from discussions with the IGF Secretariat.

In summary, the discussion highlighted the value of open source intelligence in uncovering evidence of war crimes and human rights violations.

It also emphasized the role of the Budapest Convention on Cybercrime in supporting Ukraine’s evidence collection efforts. The integration of open source intelligence within the overall chain of evidence and the importance of cross-sharing electronic evidence were also stressed.

Additionally, the need for a clear and applicable legal framework that incorporates open source intelligence and data from open sources was underlined. The speakers concluded that integrating open source intelligence and data within a legal framework is crucial for ensuring that perpetrators are brought to justice.

Report

The Budapest Convention, in conjunction with its Second Additional Protocol, offers valuable tools for collecting and sharing electronic evidence. These tools are crucial in combating cybercrime and promoting cooperation between countries and service providers.

The Second Additional Protocol was negotiated by the State Parties to the Convention following the finalisation of the Cloud Evidence Report in 2017.

It facilitates direct cooperation between countries and domain name registration information providers and includes measures for expedited disclosure of computer data in emergency situations. It also outlines procedures for international cooperation, even when parties and experts are in different locations.

However, the effectiveness of these tools depends on the domestic capacity of each country to handle and utilise them effectively.

The Budapest Convention, also known as the Council of Europe Convention, has a capacity-building initiative that supports global action against cybercrime. Countries that have implemented these initiatives have benefited from training expert judges who can then train judges in their respective regions.

A significant provision of the Budapest Convention is Article 32, which concerns the open-source framework provided under the Convention.

It addresses the issue of cross-border access to data and is only available to state parties.

Parties to the Budapest Convention form a community of trust and must uphold principles of the rule of law and human rights, as described in Article 15.

Compliance with international standards and respect for fundamental rights are emphasised.

Law enforcement authorities regularly use Article 32, provided they have received appropriate training and comply with minimum standards. This provision applies to a wide range of offences, including drug-related crimes.

The use of these tools is guided by standard operating procedures that respect the principles outlined in Article 15, ensuring that they are used in a manner that upholds human rights.

Procedural safeguards and adherence to standards are essential to protect human rights and maintain the rule of law.

State parties to international conventions have introduced measures to enable judicial authorities to effectively oversee the process. For example, Sri Lankan law enforcement authorities, as a state party to the Budapest Convention, have revised their standard operating procedures to ensure that electronic evidence gathering and international cooperation comply with international standards.

The Budapest Convention applies to any crime involving digital evidence, including war crimes.

Specific procedural provisions, such as Article 14, 18, and 26, are particularly relevant in the context of war crimes. These provisions allow for the invocation of Article 14 in war crime investigations, facilitate the acquisition of evidence from any service provider under Article 18, and enable the spontaneous sharing of information among law enforcement authorities under Article 26.

In summary, the Budapest Convention and its Second Additional Protocol play a crucial role in collecting and sharing electronic evidence.

However, their effectiveness relies on the domestic capacity of each country. Upholding the principles of the rule of law and human rights is essential. Law enforcement authorities frequently utilise Article 32, guided by procedural safeguards and minimum standards, to address various offences, including war crimes.

Report

John Hering, a prominent figure in the field of cybercrime and war crimes, highly commends the Budapest Convention as an invaluable tool in combating international cybercrime. He also suggests that the UN cybercrime negotiation process should draw inspiration from the Budapest Convention, which has been successful in addressing cybercrime globally.

Hering discusses the challenges posed by the rise of cyber-enabled war crimes and hybrid warfare.

He highlights the potential for traditional war crimes to have a cyber component and cites the conflict in Ukraine as a significant example of hybrid warfare, combining conventional military tactics with cyber operations.

In relation to the role of Microsoft in conflicts, Hering believes that the company should increase transparency and reporting.

He appreciates Microsoft’s efforts in providing greater transparency in response to the challenges presented by conflicts, particularly in Ukraine. By increasing reporting on the breadth of cyber operations occurring in these conflicts, Microsoft can contribute to a more comprehensive understanding of the situation.

Hering proposes the expedited collection of digital evidence of traditional war crimes.

He advocates for the development of tools and support to capture digital evidence, which could aid in the investigation and prosecution of war crimes.

Hering expresses concerns about the widespread use of cyber capabilities in armed conflicts, as it brings forth the possibility of cyber-enabled war crimes.

The submission of Article 15 reports to the International Criminal Court alleging cyber-enabled war crimes, along with reports from multiple technology companies providing evidence of malicious cyber activities during conflicts, highlights the need to address this emerging issue.

Transparency and disclosure of data requests are key aspects emphasized by Hering.

He highlights the importance of transparency in understanding when and for how long data is requested, advocating for disclosure of relevant information within a reasonable timeframe.

Highlighting the valuable role of technology companies, Hering mentions Microsoft’s partnership with Accenture in supporting the International Criminal Court (ICC) with the creation of the OTP Link platform.

This platform serves as an objective system for creating a digital chain of custody and a tamper-proof record of evidence, aiding the collection and preservation of digital evidence for war crime cases.

Hering values the independent tools created by technology companies, such as the OTP Link platform, as they ensure neutrality and preserve the integrity of digital evidence.

By fostering collaboration between technology companies and international institutions, a more objective and robust platform for addressing war crimes can be achieved.

In light of the emerging domain of conflict in relation to cyber operations, Hering calls for innovation in international systems.

He believes that international institutions should step in to uphold expectations in the digital domain, just as they would in the physical domain. The recent decision by the ICC prosecutor to investigate cyber-enabled war crimes is seen as a positive development, reflecting the growing recognition of the need to adapt international systems to address cyber-related conflicts.

In conclusion, John Hering’s insights encompass a wide range of issues related to cybercrime, war crimes, and the role of technology companies.

He highlights the effectiveness of the Budapest Convention in combating international cybercrime and encourages the adoption of its principles in the UN cybercrime negotiation process. Hering also underscores the challenges posed by cyber-enabled war crimes, the importance of transparency and data disclosure, and the instrumental role of technology companies in collecting and preserving digital evidence.

Through his observations, Hering advocates for innovation in international systems and emphasizes the need for international institutions to address the emerging domain of conflict in relation to cyber operations.

Report

The session aimed to discuss the use of open source intelligence and digital evidence in the prosecution of war crimes and human rights abuses. It highlighted the Budapest Convention on Cybercrime and Electronic Evidence as an important tool in these efforts.

The convention provides guidance on how electronic evidence is collected, presented, deemed admissible, and safeguarded.

The importance of investigative journalism and open source information in holding those responsible for war crimes accountable was emphasized. It was mentioned that investigative journalism and open source information play a vital role in investigations, and the speaker emphasized the importance of bringing those in charge to account.

The role of Bellingcat, an organization that specialises in open source investigation, was discussed, and its impact in conflict zones was highlighted. It was mentioned that Bellingcat utilised various methods of analysis and verification to ensure the accuracy of their findings in conflict zones such as Ukraine.

Cooperation with international partners in the fight against human rights violations and cyber crime was also emphasized.

The Budapest Convention was mentioned as promoting international and cross-border cooperation in the realm of cybersecurity. The speaker highlighted the effectiveness of international cooperation in handling violations and cyber crimes, and the importance of a coordinated approach in gathering evidence and presenting it in various forums.

Concerns were raised about Russian aggression and cyber warfare, with 90,000 cases of war crimes registered since the Russian aggression started.

The continued cyber attacks on Ukraine’s critical infrastructures by Russia were also highlighted. It was mentioned that Russia has chosen not to join the Budapest Convention.

The session also addressed concerns about data manipulation and the need for data authentication.

It was mentioned that technological advancements have made data manipulation easier, and electronic evidence is vulnerable to manipulation. The importance of preserving data and authenticating data sources to ensure credibility and admissibility in court was stressed.

The role of social media platforms in enabling harmful events was discussed.

The differences in moderation policies among platforms, as well as the accusation of Facebook enabling ethnic cleansing in Myanmar, were highlighted. It was mentioned that social media platforms bear some responsibility for the information shared on their platforms, and the influence of algorithms on what is shown to users was also acknowledged.

The importance of joining the Budapest Convention was emphasized.

It was mentioned that the convention now covers 68 states, and countries that join the convention comply with the principles of human rights, the rule of law, and democratic society. It was stressed that more states need to join the convention to strengthen international cooperation in addressing cyber crimes and human rights violations.

In conclusion, the session highlighted the significance of open source intelligence and digital evidence in prosecuting war crimes and human rights abuses.

The Budapest Convention was recognised as an important tool in this regard, providing guidance on the collection, admissibility, and safeguarding of electronic evidence. The session also brought attention to the role of investigative journalism, international cooperation, and the need for improved handling of open source intelligence and electronic evidence.

Moreover, concerns were raised about Russian aggression, data manipulation, and the responsibility of social media platforms in enabling harmful events. Overall, the session emphasized the importance of international cooperation and effective legislative tools in addressing these pressing issues.

Report

The analysis highlights the importance of international cooperation in addressing cyber threats. It emphasizes the need for coordination and control activities among state actors involved in information and cybersecurity in Ukraine. Nataliya Tkachuk, responsible for coordinating these activities, specifically mentions the Russian Federation as the first country to use cyberattacks and disinformation as tools for special information operations.

Tkachuk also points out the Russian Federation’s manipulation of social media platforms to spread disinformation and influence public opinion and elections in democratic states. This highlights the need for collaboration between nations to effectively combat cyber threats.

The analysis also underscores the role of electronic evidence in documenting and investigating war crimes.

Tkachuk discusses how the law enforcement in Ukraine has registered over 90,000 war crimes since the Russian aggression began. She emphasizes that it would be impossible for any single law enforcement agency or country to document and investigate all of these crimes without the assistance of civil society, international partners, and NGOs.

This highlights the significance of electronic evidence, which can provide a comprehensive understanding of war crimes and aid in holding perpetrators accountable.

The analysis reveals instances of cyberattacks on critical infrastructure facilities in Ukraine, such as electric power stations, conducted by the Russian Federation.

This highlights the detrimental impact of cyberwar on civilian infrastructure and emphasizes the need for international cooperation to address and mitigate these attacks effectively.

Furthermore, the analysis mentions the success of Ukraine and the United States in attributing cyber crimes to specific individuals and states.

The Armageddon Hacker Group is cited as an example, identified as part of Russian counterintelligence. This showcases the possibility and importance of attributing cyber crimes, offering hope for accountability and deterrence in cyberspace.

The analysis emphasizes the significance of international partnerships and efforts in tackling cyber war crimes.

It calls on the international community to support these initiatives, recognizing the need for collective action to combat cyber threats effectively.

Moreover, the analysis highlights the Budapest Convention as an effective instrument in investigating cybercrimes. It acknowledges that Ukraine is still working towards complete implementation of the Convention and, prior to the conflict, faced challenges in providing full disclosure and preservation of technical data as required by the Convention.

The analysis also discusses the role of common democratic values in Ukraine’s fight against Russian aggression.

It advocates for the upholding of justice and the rule of law, as these values are fundamental for ensuring peace and stability.

In addition, the analysis acknowledges the role of civil society in collecting evidence of war crimes in Ukraine.

It recognizes their crucial involvement in gathering information and supporting investigations into these crimes.

Lastly, the analysis appreciates the Council of Europe’s efforts in training judges, prosecutors, and civil society in Ukraine. This training is seen as a valuable contribution to Ukraine’s justice system and evidence collection processes.

In summary, the analysis emphasizes the importance of international cooperation in countering cyber threats, the role of electronic evidence in war crime investigations, and the need for effective implementation of international conventions.

It also underscores the significance of common democratic values, the attribution of cyber crimes, the role of civil society, and the contribution of the Council of Europe in supporting Ukraine’s efforts in documenting and addressing war crimes.

Report

The development of open-source investigation has revolutionized the way footage from conflict zones is analyzed. By extracting detailed information from videos, it allows for a deeper understanding of events that take place in these regions. Nick Waters, an expert in open-source investigation, described an example where his team was able to geolocate a potential location from a video related to a series of executions in Benghazi.

Working with three to four people for three weeks, they meticulously analyzed the footage to accurately determine the location.

Open source information, if extracted correctly, has the potential to be used as evidence. By using the latest high-resolution satellite imagery and overlaying the video footage on top of it, Waters and his team were able to definitively confirm the location of the execution.

They also used the individuals in the video as sundials to establish the accurate time of the incident. These successful uses of open-source information demonstrate its potential as valuable evidence in various contexts, particularly in the realms of peace, justice, and strong institutions.

However, the Russian legal system has expressed skepticism towards the use of open-source information as evidence in previous incidents.

Waters emphasizes the importance of ensuring the credibility of information in the Ukraine civilian harm database. He cautions against attributing incidents to any state party without extensive investigation. The dismissive attitude of the Russian legal system presents challenges in using open-source information effectively in this context.

To address the need for verification of authenticity in legal evidence, collaboration with the Global Legal Action Network has led to the development of a methodology for verifying digital evidence.

The process involves locating images and videos in space and time, and excluding misleading information. This methodology not only ensures the admissibility of evidence but also provides a framework for verification in legal proceedings.

Although AI has made significant advances, it is not yet reliable enough to create believable content.

Waters acknowledges that the majority of problems in this field arise from real content being repurposed for different events. AI, such as AlphaZero, currently cannot produce credible fake content. Therefore, caution is necessary when relying on AI-generated content for verification purposes.

Waters emphasizes the importance of hiring individuals with deep local knowledge to gather a more accurate understanding of situations.

By doing so, it is possible to reduce bias and enhance the comprehension of events, ultimately leading to more reliable and nuanced investigations.

The responsibility of social media platforms for the information they post is a notable concern.

Different moderation policies exist within and between platforms, leading to inconsistent treatment of content. Additionally, their algorithms play a significant role in determining what information is shown to users. Platforms have often tried to distance themselves from responsibility by claiming they are not publishers.

However, Waters argues that social media platforms should bear partial responsibility for the information they disseminate, highlighting the need for greater accountability.

Cyber-enabled war crimes provide valuable information for investigating atrocities. The International Criminal Court (ICC) has recently announced its plans to investigate cyber-enabled war crimes for the first time.

While this presents new opportunities, it is essential to note that computer-generated evidence should not replace traditional evidence. It must conform to legal admissibility and be used in conjunction with other forms of evidence to ensure a comprehensive and valid investigation.

In conclusion, the development of open-source investigation has revolutionized the way footage from conflict zones is analyzed.

Open-source information has the potential to be used as evidence, but challenges arise in adopting it within certain legal systems. Collaboration with the Global Legal Action Network has led to the formulation of a methodology for verifying digital evidence in legal contexts.

AI, although advancing, is not yet reliable enough to create believable content. Hiring individuals with local knowledge is crucial for accurate comprehension of situations. Social media platforms bear responsibility for the information they post. Cyber-enabled war crimes offer new insights, but computer-based evidence should not replace traditional evidence.

Ultimately, a multi-faceted approach to evidence collection and verification is necessary for effective investigations in the pursuit of justice and peace.

Report

The Council of Europe was commended for its active promotion of human rights, the rule of law, and democracy. Its crucial role in promoting basic values, combatting war crimes, and addressing human rights violations was highlighted. The session focused on the role of investigative journalism and open-source information in investigations, recognizing their significance in holding accountable those responsible for war crimes.

The Budapest Convention was lauded as a global instrument for fighting cybercrime and promoting accountability.

It was noted that the convention has been ratified by 68 countries, with more nations having signed or invited to accede. The opening of the second additional protocol to the Budapest Convention in May 2022 was also mentioned. The convention provides a legal basis for disclosing domain name registration information and direct cooperation with service providers.

The session also expressed support for the active role of various actors in combating disinformation and holding those responsible for war crimes accountable.

The engagement of the private sector and organizations like Bellingcat in combating disinformation was acknowledged. The importance of investigative journalism and reliance on open-source information in exposing war crimes were emphasized.

However, it was stated that not all open-source information can be used as evidence in trials.

The admissibility of open-source information was discussed, highlighting the need to comply with existing legislation and best practice procedures. Information used as evidence must be reliable, authentic, complete, and believable.

Concerns were raised about the rise of deep fakes and systemic disinformation in the current era.

It was noted that some countries are actively promoting disinformation campaigns, posing significant challenges in maintaining information reliability and accuracy.

Regarding electronic evidence and data manipulation, it was observed that technological advancements have enabled individuals, states, and regimes to easily manipulate electronic data.

The credibility and authenticity of data were emphasized as crucial factors, and it was argued that questions about their credibility and authenticity are legitimate.

The preservation, authentication, and availability of data for trial purposes were highlighted as essential criteria.

It was mentioned that data must be preserved, securely guarded, protected, authenticated, verified, and available for review to ensure its admissibility in trials.

The role of the court in determining the validity of data for trials was discussed.

It was stated that the court should ultimately decide whether information can be used as evidence in a trial or not.

While the Budapest Convention was praised as an effective instrument, it was noted that it does not cover all countries.

Joining the convention implies compliance with its principles, including the protection of human rights, the rule of law, and pluralist democracy. It was also mentioned that countries not part of the convention are not covered by it.

Furthermore, it was clarified that the Budapest Convention is primarily a criminal law convention, rather than specifically focusing on war crimes.

Nevertheless, Article 2 of the convention was highlighted for its importance in enabling cross-border access and obtaining of open-source information for use in trials.

The expulsion of the Russian Federation from the Council of Europe was mentioned, resulting from its illegal invasion of Ukraine and its failure to respect human rights and basic values.

In conclusion, the session highlighted the Council of Europe’s active promotion of human rights, the rule of law, and democracy.

The Budapest Convention was celebrated as an effective global instrument for combatting cybercrime and ensuring accountability. The significance of investigative journalism, open-source information, and the need for data credibility and authenticity were emphasized. However, challenges regarding the admissibility of open-source information, the rise of deep fakes and disinformation, and the limitations of the Budapest Convention were also discussed.

The expulsion of the Russian Federation from the Council of Europe was noted as a consequence of its violations of human rights and basic values.