Cybercrime4 and the challenges related to electronic evidence have reached a level and complexity that undermines the confidence, security and trust in information and communication technologies (ICT).
A review of the current scale, scope and challenges related to cybercrime and electronic evidence (that is, evidence in the form of data generated by or stored on a computer system) suggests that cybercrime has become a serious threat to the fundamental rights of individuals, to the rule of law in cyberspace and to democratic societies:
- The theft and misuse of personal data (email account data, credit card details, address books, patient records etc.) affects the right to private life (including the protection of personal data) of hundreds of millions of individuals.
- Cybercrime is an attack against the dignity and integrity of individuals, in particular children.
- Cyberattacks (such as distributed denial of service attacks, website defacement and others) against media, civil society organisations, individuals or public institutions are attacks against the freedom of expression.
- Cybercrime is an attack against democracy. Governments, parliaments and other public institutions as well as critical infrastructure are faced with attacks every day.
- Cybercrime is a threat to democratic stability. Information and communication technologies are misused for xenophobia and racism, contribute to radicalisation and serve terrorist purposes.
- Cybercrime causes economic cost and risks to societies and undermines human development opportunities through ICT.
- Cybercrime is a threat to international peace and stability. Military conflicts and political disagreements are increasingly accompanied by cyberattacks.
The purpose of the present discussion paper is to facilitate an exchange of views on current and emerging challenges faced by criminal justice authorities and to seek the cooperation of industry and other stakeholders in identifying solutions. Such solutions may range from practical measures and documentation of good practices, to guidelines or a binding additional protocol to the Budapest Convention on Cybercrime.