What do States need in order to pursue cybercrime?
Cybercrime is a cross-cutting phenomenon. Any type of criminal activity can be committed using information and communication technologies.
It is therefore not only about pursuing what we could call technological crimes in the strict sense, such as: damage to data, computer programs or electronic documents; computer sabotage; service refusal attacks; use of viruses (ransomware, Trojans, logic bombs) or the development of such malicious software tools, but it is clear that criminals use new technologies to perform complex criminal set-ups that affect such diverse problems as corruption of minors to develop child pornography, drug trafficking, money laundering and fraud, among others.
The peculiarities of technological investigation make it essential for countries that do not yet have specific legislation to regulate new forms of criminality, and to provide new means of technological investigation in accordance with the guiding principles of any investigation that involves interference in fundamental rights (speciality, suitability, proportionality and need), so that they can be effective in pursuing offenders.
Are there sufficient regulations to access data between countries of the region?
Some countries have been seen to have not yet regulated the method to allow access to the necessary data to identify users, terminals and connectivity devices, or to agree on the interception of telematic communications, the registration of computer systems and physical or virtual (cloud) mass storage devices, or the figure of the undercover computer agent.
This, together with the rapid technological evolution that leads to the constant emergence of new forms of internet crime, means that legislators from different states have to define these criminal types and new investigation tools such as the remote registry of computer systems.
As well as legislation, do state authorities have to make technological mechanisms available to police units?
Certainly. In fact, one of the key issues revealed in the anti-cybercrime workshop organised by EL PAcCTO in Santiago in October is the need for states to invest in providing the police investigators with the technological tools that allow intervened computer equipment to be analysed with all due guarantees.
To what extent is cooperation between the police and the state attorney’s office necessary?
It is essential and this has been shown in the meetings we have had and from the experiences that have been shared by participants from the different countries.
The cooperation of police officers with specialised training with the specialist prosecutors, and especially with the members of @iberred, may bring investigations in cyberspace to fruition to ascertain the identity of criminals and, with due respect for fundamental rights, enervate the presumption of innocence.
Can you give examples of some practices of the different States that have joined the fight against cybercrime?
Several operations have been brought together in which joint investigation teams have been created under the protection of the Budapest Convention on Cybercrime, achieving the transnational and simultaneous detention of criminal organisations that used the new technologies to coordinate with each other and operate in several countries at once.
Therefore, the ratification of the aforementioned agreement is a very useful tool for the fight against a criminal phenomenon that does not understand the term territoriality, since there are no borders on the net.
The collaboration agreements already existing between some States, are also useful in sharing the technological tools available.
Have obstacles arisen between countries that want coordination?
If countries have not ratified and implemented the corresponding international cooperation treaties and conventions, they cannot create the joint investigation teams , which within Europe are constituted by agreements of the competent authorities of two or more member States of the European Union, to carry out criminal investigations in the territory of any or all of them that require coordinated action, with the same objective and for a limited period; that is why we have always spoken of the need for appropriate legal instruments to be adopted.
Patricia Rodríguez Lastras
Prosecutor assigned to the Chamber against Computer Crime
General State Attorney of Spain