EuroISPA: National authorities must retain primary role in cross-border cybercrime investigations
Brussels, 30 October 2017- The primacy of national courts and law enforcement authorities must be retained in any future legislative initiative to enhance cross-border cooperation in the fight against cybercrime. This was the key message the European Internet infrastructure sector stressed in its response to the European Commission’s public consultation ahead of its upcoming E-Evidence initiative.
Many companies represented by EuroISPA, from access providers, hosting providers, domain name registries to hotlines, have long-standing and effective cooperation with national law enforcement authorities. ISPs are well aware of the role and responsibilities of safeguarding their users’ privacy, thus are well-versed in verifying the authenticity of demands, and whether the relevant national authority has the required competence to address such a request to an ISP. However, ISPs would encounter difficulties in assessing the authenticity of other Member States’ law enforcement authority demands. Additional obligations for ISPs to cooperate with other public authorities would be costly, time-consuming, and risky. On this basis, EuroISPA asserts that direct cross-border cooperation for e-evidence is unsuitable.
Existing tools on the EU level already provide ample options for cross-border cooperation such as the Mutual Legal Assistance procedure (MLA), the European Investigation Order (EIO) and the recently created European Public Prosecutor’s Office. These mechanisms alleviate the abovementioned issues, as ISPs are required to cooperate only with national public authorities. Moreover, disruption to current procedures on the national level could result in legal uncertainty, slowing down the process and hamper ongoing investigations. EuroISPA therefore calls for effective EU-wide implementation of existing measures before drafting new tools.
In the event of any new obligations for ISPs, cost-reimbursement regimes should be a core element. The overwhelming majority of EuroISPA members are SMEs, to whom additional requirements to directly respond to law enforcement requests from other Member States would pose significant economic burdens, as well as a risk to competition. Furthermore, there would be a disproportionate effect on SMEs. Additional resources would need to be channelled to handle cross-border data requests, such as the assessment of their legal basis, secure communication solutions, and translation costs. Many EU Member States already include costs reimbursement for ISPs in national legislation, a principle which should feature in any potential EU legislation.
EuroISPA has long been engaged in political discussions surrounding cross-border cooperation for evidence, in fora such as Europol’s EC3 communications providers advisory group, the European Commission’s DG JUST/DG HOME taskforce on E-Evidence and the European Commission’s former expert group on data retention. Here we gain further knowledge about requirements brought forward by law enforcement authorities, and take the opportunity to bring greater clarity to existing legal regimes that ISPs are subject to. Emphasis is placed on the need for transparency and safeguards to guarantee user confidence in the rule of law on the Internet in the post-Snowden era. As underscored by Chair of the EuroISPA Cybersecurity Committee Dr. Maximilian Schubert, “EuroISPA understands that law enforcement authorities need certain competences, but repeatedly stresses that the key to success lies in the proper application, evaluation and improvement of existing regimes rather than the creation of alleged silver bullets to tackle issues of law enforcement”.
Existing measures should be implemented across the EU and subsequently evaluated and refined. More effective use should be made of the existing arsenal of cross-border investigatory mechanisms, including the MLA procedure, the EIO, and the European Public Prosecutor’s Office, rather than unnecessarily increasing the already significant obligations for ISPs and placing an economic burden on SMEs.
Please find here the EuroISPA E-evidence position paper
Image Creator attribution: Nick Youngson (http://nyphotographic.com/)