Abstract
In response to cross-border cybercrime, investigative organs have adopted cross-border criminal forensic measures such as online public extraction, remote electronic data inspection and real-time monitoring, which may violate the principles of data sovereignty and judicial assistance. While promoting the establishment of a cross-border cooperation mechanism, China should establish a new cross-border electronic evidence criminal forensics model by promoting the procedural justification of cross-border search and monitoring measures. To better regulate cross-border criminal forensics activities, it is necessary to improve the cross-border cybercrime procuratorial organs system to intervene in advance and guide investigations.
Keywords
Background
With the rapid development of new network technology, such as cloud computing, big data and 5G, countries around the world are increasingly interconnected in economic and social fields. Meanwhile, cross-border cybercrime is on the rise and affects almost everyone. In recent years, Chinese investigative organs have stepped up efforts to crack down on cross-border cybercrimes, but such crimes remain at a high rate. Fighting cybercrime effectively has proven to be a problem for judicial organs. The international community has reached a consensus that cross-border cybercrime generates large amounts of electronic data, and the key to combating this crime is to obtain evidence legally. This should be taken seriously by Chinese judicial authorities to ensure the legality of the process of obtaining evidence and the authenticity of electronic evidence.
Most of those suspected of cybercrime set up servers in the areas surrounding China, such as Laos, Myanmar and other Southeast Asian countries. They commit cross-border cybercrimes through the division of labour and cooperation inside and outside the border. However, the storage location of the electronic evidence is uncertain, which leads to multiple challenges for investigative organs in terms of the progress of forensic investigations. Due to the high correlation between the time limit for detection and the scope of the damage, investigative organs need to raise their efficiency when conducting investigations and obtaining evidence.
There are two ways of conducting electronic evidence forensics for cross-border cybercrime: judicial assistance and unilateral forensics. The former fully respects the sovereignty of other countries and conforms to the principle of data sovereignty advocated by China, but the forensics systems and review processes are different, which will result in low forensics cooperation and efficiency. Although the latter way lacks the support of international documents and may lead to disputes in the international comity, it has efficiency advantages. Therefore, in practice, the use of unilateral forensics is more common. In a word, it is imperative for China to establish a more standardised and efficient system for cross-border electronic evidence forensics based on its cross-border criminal mechanism.
Legal risks of cross-border electronic evidence forensic measures in China
Chinese procedural regulations on cross-border electronic forensics were first seen in the ‘Regulations on Computer Crime Scene Inspection and Electronic Evidence Inspection’ issued by the Ministry of Public Security in 2005. 1 According to different types of cross-border electronic evidence, there are four ways for investigative organs to obtain the evidence: online extraction, login acquisition, remote electronic data inspection and real-time monitoring, which are also China's unique cross-border cybercrime electronic data forensics methods. Cross-border online extraction involves investigative organs logging into public open areas, such as overseas web pages and social platforms, as ordinary users to extract various forms of electronic data or information. This measure is seldom used because the data stored on public websites do not involve specific illegal content. Cross-border login acquisition refers to the investigative organs logging into the users’ or the owners’ accounts or websites with their permissions, or using the user account and password obtained in the investigation process to log in to their accounts or websites to obtain corresponding ‘quasi-public’ electronic evidence. Cross-border remote electronic data inspection is the most commonly adopted measure in investigations. Investigative organs can directly use technical means to log into overseas systems or websites to collect evidence without the consent of the suspects. Cross-border real-time monitoring involves investigative organs secretly entering the device server of criminal suspects and obtaining criminal evidence in time through real-time monitoring. International law has not agreed on the rules of cross-border electronic evidence forensics, but there are some problems with the forensic measures taken in China. It is imperative to review the current cross-border forensic mechanism in China and build a more standardised and efficient system.
The complexity of safeguarding data sovereignty
The concept of ‘data sovereignty’ is derived from the fact that data are properties and resources that can be transmitted indefinitely and contain an intangible value. Data sovereignty is the highest exclusive right a country enjoys. It is national sovereignty in cyberspace that is bounded by national boundaries. When data are stored locally on servers within a country, that country is automatically sovereign over the data. Parranche, a professor of international law in Sweden, believes that data sovereignty can be exercised through territorial and personal jurisdiction, but it can also be exercised through legislative (promulgation and implementation of public law), judicial and administrative jurisdiction. Overlapping jurisdictions can lead to ‘over-regulation’, and the forensics of cross-border cybercrime can conflict with the interests of the country where the data are stored (Pål Wrange, 2022). The first article of Chinese Network Security Review Measures 2 stipulates that ‘The Measures are formulated to ensure the security of crucial information infrastructure supply chain and safeguard national security’, which further clarifies the importance of electronic data sovereignty. The Cybersecurity Law 3 stipulates that cyberspace sovereignty and national security must be safeguarded. Data generated, released and flowing in cyberspace activities are property and a state's sovereign right. Article 37 of the Cybersecurity Law stipulates that operators of critical information infrastructure should store personal information and important data collected and generated during their operations in China, which means that Chinese data sovereignty includes the storage obligation of data service providers inside and outside the country. For example, as a multinational company with operation points in China, Apple should store the data generated during its operation and service for users in the country in the server and keep it properly. It cannot provide data to foreign countries and regions without authorisation.
Although cyberspace is a virtual space, people in physical space implement various data behaviours to exchange information, and data positioning is bound to be possible. However, with the development of Internet technology and the maturity of cloud computing technology, traditional data sovereignty has become blurred by the jurisdiction boundary of the storage medium. This trend has been reflected in overseas legislation and many cases.
The Clarifying Lawful Overseas Use of Data Act, 4 also known as the CLOUD Act, expands USA's jurisdiction through the ‘controller standard’ theory and adopts the ‘long-arm jurisdiction’ principle for electronic evidence forensics. The territorial jurisdiction principle is no longer a single standard for cross-border data forensics. Cross-border data service providers with entities in the USA have obligations to preserve, back up and disclose to law enforcement agencies the electronic data in their possession that are stored abroad. The introduction of the CLOUD Act and the extended application of the long-arm jurisdiction principle have resulted in data jurisdiction conflicts with countries adopting the ‘data storage location model’. Influenced by the USA, the European Production Order and the European Preservation Order provide two significant measures: Member States can directly force service providers in the EU to release electronic data, regardless of whether the data are stored in the EU; and Member States can compel service providers in the EU to save specific data. The common point of the cross-border electronic forensics systems in the EU and the USA is that they attach importance to the assistance status of network service providers. They obtain data through mechanisms other than judicial assistance, known as the unmediated access model, which takes the location of users and companies as the determinants of jurisdiction. It has transformed cross-border electronic forensics from the ‘territorial principle’ of determining jurisdiction according to the data storage area to the ‘personalism’ of relying on the data controller. Internet service providers control varieties of data that can be used as evidence, and they can access ‘overseas’ data from ‘domestic’ places to fulfill the obligation of cooperating with evidence forensics (Carrera et al: 2015: 9).
The practices of the USA and EU pose a challenge to existing cross-border electronic evidence forensics regimes, and the electronic data stored in China may face the risk of unilateral forensics abroad. The Cybersecurity Law and the Data Security Law represent a response to the mandatory data disclosure system. Internet service providers cannot directly provide data overseas and must comply with the legal review and consent process. This will limit the cross-border flow of data to a certain extent. However, it also puts multinational data service providers in a dilemma. For example, Apple Inc. must disclose the domestic data it possesses to the U.S. investigation authorities, but China is not allowed to provide such data without authorisation. Thus, Apple Inc. may face punishment in the two countries. Similarly, Chinese Internet companies going overseas in recent years will also face the risk of consistent regulation of cross-border data ‘input’ and ‘output’.
The practice of cross-border criminal forensics in various countries is relatively arbitrary at present. Some forensic activities are contrary to the principle of data sovereignty, especially in cross-border remote electronic data inspection. Directly using technology to obtain overseas data without prior permission will inevitably infringe on the data sovereignty of the country storing the data to a certain extent. In the cross-border real-time monitoring measures, the investigative organs directly and secretly monitor overseas devices through more severe means; this is a suspected violation of data sovereignty. Chinese legislation on electronic evidence forensics of cross-border cybercrime is cautious, and the relevant procedures are increasingly strict.
The uncertainty of cross-border criminal forensics cooperation
The evolution of the electronic evidence forensics of cross-border cybercrime systems can be roughly divided into three stages. At first, countries represented by the USA passed legislation that provided necessary assistance to foreign law enforcement requests based on the principle of international comity. European countries were also increasingly willing to provide criminal judicial assistance. Cross-border forensics is mainly carried out by the court of one country issuing letters rogatory to the court of another country, which is inefficient. Then, the international community encouraged the promotion of international judicial assistance to fight against cross-border cybercrime. In 1959, the Council of Europe signed the European Convention on Mutual Assistance in Criminal Matters, the first multilateral document in the area of international criminal judicial assistance. Now, more and more countries are establishing and improving their domestic cross-border electronic evidence forensics systems under the judicial assistance framework.
The ‘provision order’ system stipulated in Article 18 of the Council of Europe Convention on Cybercrime (hereinafter the ‘Convention on Cybercrime’) 5 means that the competent authorities of each contracting party may obtain electronic data held or under their control by ordering individuals or service providers in the country to submit it. Article 32 of the Convention on Cybercrime stipulates that state parties may extract online data from overseas open websites across borders and extract or receive overseas data with the consent of the data rights holder. To increase the speed of evidence collection, the European Production Order sets a time limit of 10 days (or only six hours in emergency cases) for data service providers to respond. 6
China did not accede to the Convention on Cybercrime because Article 36 stipulates that a country can search for data with the consent of the network intermediary service providers without the agreement of territorial states. The clause is open to abuse for intelligence gathering in the criminal investigation procedure, which can threaten national sovereignty. Article 9 of the Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence stipulates the requirements for data disclosure in emergencies. 7 Article 35 of the Cybercrime Convention states that ‘Each Party shall designate a point of contact available to ensure the provision of immediate assistance for investigations or proceedings concerning criminal offenses related to computer systems and data, or for the collection of evidence in electronic form of a criminal offense.’ Such assistance shall include facilitating, if permitted by domestic law and practice; directly carrying out the provision of technical advice; collecting evidence; providing legal information; and locating suspects. This clause is open to abuse in the future. There are two principal methods of cross-border criminal electronic evidence forensics adopted by relevant departments in China: judicial assistance and unilateral forensics (without the consent of other countries). In practice, the latter method is used more. Although the judicial assistance method fully respects the sovereignty of other countries and is in line with the principle of data sovereignty advocated by China, it is often inefficient in practice due to different factors, such as the internal declaration of the requesting state and the requested state's review systems and processes. Moreover, the constitution and sentencing standards for cybercrimes vary among countries. Some online gambling and fraud cases may be serious crimes in one country, but in another country, perpetrators can get away with murder because such cases do not constitute crimes (Wu and Jia, 2022). However, unilateral evidence forensics without the support of international law may cause disputes regarding the legitimacy of the evidence, international comity and respect for sovereignty; nevertheless, it has a strong efficiency advantage.
The Law of the People's Republic of China on International Criminal Judicial Assistance (hereinafter referred to as the ‘Law of Judicial Assistance’) 8 stipulates that when requesting or providing electronic data stored in the territory of another country, the data need to be obtained through cross-border judicial assistance based on the cross-border criminal judicial assistance treaty reached between the two countries. However, the process of cross-border criminal judicial assistance is complicated and often takes months. Since 1987, China has only signed bilateral cross-border criminal judicial assistance agreements with 57 countries, including Russia and the USA. When investigative organs carry out cross-border electronic forensics with countries without such agreements, such as Myanmar and Bangladesh, they can only negotiate specifically. Therefore, in the cross-border acquisition of overseas data by law enforcement agencies, it is difficult to carry out judicial assistance procedures to improve the efficiency of obtaining evidence.
The ambiguity of cross-border electronic forensics procedures in China
Chinese procedural regulations on cross-border electronic forensics were first seen in the ‘Regulations on Computer Crime Scene Inspection and Electronic Evidence Inspection’. This document clarified remote inspection for the first time. Since then, China has issued several departmental rules and judicial interpretations and authorised various cross-border electronic evidence forensics methods. According to the ‘Regulations on Provisions on Several Issues Concerning Collection, Extraction, and Judgment of Electronic Data in Handling Criminal Cases’ (hereinafter referred to as the ‘Regulations on Electronic Data’), electronic data whose original storage medium is located overseas or on remote computer information systems can be extracted online through the network. 9 According to Article 23 of the Rules of Obtainment of Electronic Data as Evidence by Public Security Organs in Handling Criminal Cases (hereinafter referred to as the ‘Rules of Public Security Organs’), investigative organs can extract publicly published electronic data on the open network or remote computer information systems through the Internet. 10 On this basis, investigative organs are authorised to perform remote network inspections of remote computer information systems when necessary, but strict approval procedures have to be passed according to the law. 11 The ‘Regulations on Computer Crime Scene Inspection and Electronic Evidence Inspection Authorities’ authorise remote network inspections under circumstances requiring further investigation. The Decision of the Ministry of Public Security on Amending the Provisions on the Procedures for Handling Criminal Cases by Public Security Organs (hereinafter referred to as the ‘Provisions on the Procedures’) promulgated further regulation monitoring techniques and investigative measures, such as records, whereabouts, communications, and locations. 12 The relevant provisions of the abovementioned departmental regulations should be related to the Law of Judicial Assistance's requirements on cross-border criminal judicial assistance procedures for cross-border access to electronic evidence. 13 During the execution process, case-handling organs must safeguard the lawful rights and interests of the parties and other relevant personnel and protect their personal information. When investigative organs obtain electronic evidence from a device, they usually need to retrieve the data to find the information involved in the case, and citizens’ privacy will be threatened.
The relevant provisions of the abovementioned departmental regulations do not conform with the stipulation of the superior law that cross-border access to electronic evidence shall be subject to cross-border criminal judicial assistance procedures. Moreover, the practice of cross-border criminal evidence forensics by the authorities is relatively arbitrary and may even run counter to the principle of data sovereignty advocated by China. This practice is especially prominent in cross-border remote electronic data inspection, as using technology to obtain foreign data without prior permission will undermine the sovereignty of the country that stored the data. In both ‘data inspection’ or ‘real-time monitoring’, when obtaining electronic evidence from a device, the data on the device are retrieved as a whole to find the information involved in the case. Information related to citizens’ privacy will thus be exposed with any information related to the case, which may constitute a danger to the privacy of data rights holders.
Under the current system in China, the organs in charge of cross-border electronic evidence forensics are fully responsible for the investigative organ system. There is no supervision mechanism from other organs, which will result in the arbitrariness of forensics conducted by the public security organs. Firstly, before the public security organs carry out forensics, there are no strict preapproval procedures or non-investigative organs exercising approval power to regulate the conduct of an investigation. Secondly, there is a lack of a mechanism for proactively providing real-time guidance and suggestions to the investigative organs when conducting forensics so that the obtained evidence meets the evidentiary standards. Finally, after forensics, there is a lack of post-event safeguard procedures. The situation of evidence being stored overseas is complicated, and a mechanism for evidence filing and retention is urgently needed.
Investigative organs use different methods to obtain overseas evidence which may violate other countries’ data sovereignty and threaten the privacy of data rights holders. In addition, it remains to be clarified whether cross-border remote electronic data inspection can be defined as inspection. The concept of the inspection was initially expressed in Article 128 of the Criminal Procedure Law, which refers to investigation personnel inspecting and measuring the places and objects and examining the persons related to crimes. Inspection should be a peaceful process and should be carried out as soon as possible before the evidence of a crime is likely to be destroyed. It is suitable for crime scene investigations: For example, in the case of a traffic accident, inspecting the distance of the rutting at the scene of the accident and the victim's injuries is important, and in the case of a murder, inspecting weapons and traces is essential. However, in electronic evidence forensics, investigative organs use technical means to enter the suspect system to collect evidence in the case directly, which is not a peaceful method carried out under the condition of obtaining the consent of the relevant personnel. It is more appropriate to identify such activity as a ‘search’. Professor Stephen Mason believes the electronic evidence obtained through online searches is difficult to evaluate because it is typically obtained in an end-user device without the user being aware of the fact that the device was deliberately being made use of. But the value of this type of evidence can be improved where corroboration of the evidence is sought, and obtained, through other sources (Mason and Seng, 2021).
Improvement of the electronic evidence forensic system for cross-border cybercrime in China
Clarify the legitimate procedures for remote searches
The Regulations on Electronic Data stipulate that cross-border online open extraction, a forensics measure without potential harm, can continue to be retained. From a global perspective, cross-border online extraction is generally accepted by the international community. For example, under the Convention on Cybercrime, a party may access publicly available (open source) stored computer data, regardless of where the data are located, without another party's authorisation. 14 Michael Schmidt, an American expert on international law, commented: ‘In this case, since such data are publicly available in the place of law enforcement, it should be considered not to exercise extraterritorial jurisdiction, but to exercise intraterritorial jurisdiction’ (Schmidt, 2019). In addition, cross-border login acquisition does not break through the relevant technical protection measures. It’s a method of extraction authorised by consent. This type of cross-border evidence forensics is not illegal and can be retained in the future.
In the implementation of cross-border remote electronic data inspection, the data are stored in the right holder's device, which is the private place of the data rights holder. If the investigative organs directly enter the electronic system for forensics without the consent of the data rights holder or through the corresponding legal procedures, the legality of the inspection is in question. In the ‘Computer and Network Search’ section of its Computer Crime Law, Belgium clarified that under certain circumstances, the investigative agency can search a computer system (only copying overseas data) after obtaining a warrant of authorisation from the investigating judge. The investigative agency should promptly investigate the relevant countries (Liang, 2019). Belgium has carefully authorised the ‘copying of foreign data’ in cross-border technical investigations, but the practice of searching servers for evidence is not generally accepted internationally.
Therefore, the following clause could be added to the ‘Rules of Public Security Organs’ and the ‘Regulations on Electronic Data’: ‘Without the data rights holders’ consent, using cross-border remote electronic inspection technology software to enter overseas systems to obtain evidence is a cross-border remote search, which can only be applied in specific circumstances.’
Due to the strong fluidity and protection of encryption, the storage location of the involved data cannot be determined by the existing technology. Sometimes, data are transmitted across countries. These criminal data may lead to new legal violations in a few seconds, and the uncertainty of the storage location of the data will hinder the investigation process of the case. To solve the problem, investigative organs can be authorised to use technical means to conduct remote searches before they can confirm the actual storage location of the data and prevent the criminal data from causing new legal infringements. The remote searches continue until the exact location of the data is determined. The investigative organs should promptly inform the relevant countries of the progress of the case on the cross-border criminal forensics express online platform.
The investigative organs will take control of the criminal suspects in advance and monitor their electronic devices in real time, which will directly put the data sovereignty of other countries and the data rights holders involved in the situation of losing their asylum. The Netherlands’ Computer Crime Law (III) authorises enforcement measures that allow cross-border ‘hacking’ into computer systems and real-time monitoring, but the coercive measures are limited to drug trafficking, smuggling, paedophilia and bank attacks. Other countries have not followed suit, citing the harshness of the measures and the need to respect criminal suspects’ legitimate privacy rights. 15 Judging from the general legal principles in the criminal procedure laws of various countries, the right of the presumption of innocence, the right to participate in the procedure and the right to choose, the right to equal confrontation and the right to defence are regarded as the minimum original rights of the prosecuted. In the investigation procedure, the right of presumption of innocence should be fully guaranteed, and in the trial stage, the right to equal confrontation and the right of defence rise to become the primary rights. Therefore, on the basis of the relevant provisions of the Law of Judicial Assistance, China can set strict and detailed procedures for cross-border electronic forensics activities, such as temporary remote searches.
China can learn from the practice of the EU and set up a separate encryption area on the cross-border criminal forensics express online platform for judicial assistance procedures with other countries to improve the efficiency of forensics. In response to the issue of cross-border electronic evidence forensic assistance, the EU has created an online encrypted communication platform that stipulates (a) that the Member State receiving the request has the longest time to accept the investigation order and (b) the specific implementation period of quick forensics after a request has been received. The issuing country should also provide an electronic version of the survey order with simple and clear guidelines to make it easy to understand. 16
Establish a judicial assistance mechanism for cross-border electronic evidence forensics
China has always advocated the principle of reciprocity in cross-border criminal judicial assistance. This reflects the provisions of Article 13 of the Law of Judicial Assistance which indicate that cross-border electronic evidence forensics encourages the principle of reciprocity. When two countries have not signed relevant bilateral or multilateral international criminal judicial assistance treaties, the requested country can assist the requesting country in individual cases on the basis of the principle of reciprocity, and the latter should also make corresponding commitments based on the same principle.
Sign bilateral and multilateral cross-border electronic evidence forensics treaties
Judicial assistance is reflected in international and multilateral treaties, whose essence is inter-state cooperation. Article 18 of the United Nations Convention against Transnational Organized Crime provides that state parties shall afford one another the widest measure of mutual legal assistance in investigations, prosecutions, and judicial proceedings concerning the offenses covered by the Convention, as provided for in Article 3. 17 According to Article 1 of the European Convention on Judicial Assistance in Criminal Matters, the contracting parties undertake to give the widest measure of mutual assistance in proceedings at the time of the request for assistance, which falls within the jurisdiction of the judicial authorities of the requesting party. 18 The basic structure of judicial assistance is a two-party structure of countries. International conventions and judicial assistance treaties mainly regulate the relations between the state parties. The judicial assistance treaties signed by the USA stipulate that private subjects are forbidden to obtain or exclude foreign evidence through judicial assistance treaties.
The UK and the US governments signed the Agreement of Access to Electronic Data to Counter Serious Crime (hereinafter referred to as the ‘Data Access Agreement’), which entered into force in October 2022. 19 The UK government also announced the building of a global data partnership with Australia, Singapore, and other countries to sign new data transmission agreements, the purpose of which is to create reliable conditions for the independent development of the national digital economy. The Data Access Agreement requires state parties to ensure that their laws allow telecom operators to respond to direct requests for relevant data from relevant public authorities in each other's jurisdiction legally. The requests subject to the Agreement are consistent with the existing domestic obligations of each party. The Data Access Agreement is the world's first bilateral international agreement specifically for cross-border data forensics. For serious crimes involving data evidence, it has played a positive role in facilitating faster access to data evidence and in the prevention, investigation, and prosecution of such crimes. China can draw lessons from the Data Access Agreement when it signs judicial assistance treaties in the future. On 7 October 2022, the EU and Japan announced that they would negotiate the integration of rules on cross-border data flows into the Economic Partnership Agreement, with formal discussions scheduled for October 24 in Brussels. 20 The EU has also reached and formulated regulations on cross-border data flow in trade cooperation agreements with New Zealand and the UK through bilateral negotiations.
The provisions on investigation and cross-border data forensics in a treaty on judicial assistance mainly relate to filing, handing over, executing, replying to, and rejecting an application. The procedural process is extremely complicated and there are uncertainties. Some scholars believe two issues should be considered when signing bilateral or multilateral treaties on judicial assistance for cross-border electronic evidence forensics: whether the state parties have relatively complete data privacy, security regulations and a legal basis for cross-border electronic evidence forensics, and whether the effective connection of electronic evidence forensics rules can be achieved in the process. Therefore, when signing a treaty, China should jointly agree on the scope of international cooperation, procedures and rules for cross-border electronic evidence forensics with other signatory countries to reduce the uncertainty of overseas forensics.
Improve efficiency and simplify procedures
From the perspective of the development of judicial assistance investigations and data forensics, improving the efficiency of judicial assistance and simplifying its procedures has become a new development direction for cross-border electronic evidence forensics for cross-border cybercrime. It is necessary to simplify judicial assistance procedures to improve forensic efficiency, and safeguarding the rights of data holders should be the basis for the simplification of procedures.
The Law of Judicial Assistance stipulates the procedural requirements for the methods of criminal judicial assistance. Investigative organs should prepare a request letter to obtain overseas electronic data through judicial assistance and attach relevant materials and translations for the requested country. The provided materials should be in a strict format and should abide by the laws of China while respecting the legal norms of the requested country. This procedure wastes a lot of time and may lead to the tampering or deletion of electronic evidence, thus missing the best opportunity to obtain evidence. China should simplify the judicial assistance procedure on the basis of the principle of legality and efficiency (Wang, 2020).
A European Investigation Order (EIO) 21 can be issued in the course of taking any evidence collection measures. An EIO replaces the traditional combination of tools, such as a freezing order and an evidence authorisation, and makes significant progress toward overcoming the complexity of the operation and improving the efficiency of handling cases. The EU has also launched Criminal Justice Access to Digital Evidences in the Cloud-LIVE-FORensics to facilitate the enforcement of EIOs.
China can learn from the relevant provisions of the EIO. The simplification of judicial assistance procedures is based on the premise that domestic and foreign parties have signed an international treaty to break down the barriers to evidence collection caused by differences in legal interpretation and application. There are two specific approaches: simplifying the document review process and establishing an electronic evidence collection assistance mechanism for individual cases. China has made efforts to improve the efficiency of cross-border electronic evidence forensics, such as building a sharing platform for cross-border forensics. The China-Cambodia Law Enforcement Cooperation and Coordination Office was established in Phnom Penh in 2019. 22 Law enforcement officials and policy experts from both sides work together to deepen the sharing of electronic evidence forensics and jointly combat crime. Establishing an electronic evidence collection assistance mechanism can enable countries that have not concluded judicial assistance treaties to reach a consensus on individual case assistance, which has been reflected in Article 13 of the Law of Judicial Assistance.
There are differences in cross-border data flow systems between China and other countries. China can set up disclosure conditions and procedures for specific categories of data after classifying electronic data and listing the types of data that the requesting country is allowed to obtain in the network service platform. When providing relevant evidence to foreign countries, China should abide by the regulations on cross-border data transmission and safeguard national sovereignty. Therefore, the following clause could be added to the ‘Rules of Public Security Organs’ and the ‘Regulations on Electronic Data’: ‘When conducting a cross-border remote inspection, cross-border data service providers inside and outside China shall cooperate with forensics following the agreement. The inspection should be carried out on the premise of respecting the cross-border flow system of state parties and promoting the free flow of data and should be encouraged through the online platform for electronic data on cross-border cybercrime.’
Treat the inflows and outflows of electronic data equally
China should optimise the judicial assistance system to respond primarily to urgent problems. First and foremost, China should treat the inflows and outflows of electronic data equally. China is not only an electronic data provider that accepts cross-border electronic forensics requests from other countries but also an electronic data demander that applies for forensic information. China has made legal provisions for one-way cross-border electronic evidence in the form of departmental normative documents, which can easily lead to diplomatic disputes (Wang, 2022a). The Cybersecurity Law affirms sovereignty in cyberspace and stipulates that personal information and important data collected and generated by operators of critical information infrastructure during their operations in China should be stored in China and not provided overseas without a security assessment. The Law of Judicial Assistance stipulates that, in principle, institutions, organisations, and individuals in China are not allowed to provide evidentiary materials to foreign countries. On the one hand, China hopes to limit the law enforcement space of other countries’ cross-border forensics through dependency jurisdiction. On the other hand, it hopes to break through dependency jurisdiction to achieve one-way cross-border electronic forensics (Pei, 2021).
Electronic data cannot be ‘wide in and strict out’. The CLOUD Act breaks through traditional restrictions on territorial sovereignty and advocates the free flow of data, but it only sets strict conditions on foreign governments’ access to U.S. data. It explicitly authorises law enforcement agencies to force data service providers to provide electronic data stored abroad in their possession without the consent of the corresponding foreign government.
China should sum up the legislative experience of foreign countries and remedy its inadequacies and coordinate domestic laws and regulations to form a logical and self-consistent regulatory system. At the basic law level, it should make special regulations on the entities and procedures of cross-border electronic forensics to ensure there is a legal basis for cross-border electronic data collection. At the legal level, it should clarify the scope of one-way cross-border evidence collection to avoid legal risks and disputes in one-way cross-border electronic forensics. This would involve coordinating legislative contradictions between one-way cross-border electronic forensics and restrictions on data output, formulating a special forensics system for major crimes and exploring international law enforcement cooperation for cross-border electronic evidence forensics.
Prevent technological hegemony in cross-border forensics
Developed countries with advantages in cross-border forensics exert technological hegemony over countries lagging behind in terms of cross-border forensics development, which makes it hard to build a fair forensic system. A few developed countries, such as the USA, and the EU have demonstrated their basic positions on cross-border forensics and data protection through legislation and applied artificial intelligence and other technologies to the process of cross-border forensics. They have established clear technical standards and ethical guidelines and have gradually established hegemony over countries whose forensics technology is lagging. The formulation of cross-border rules of electronic evidence forensics is inseparable from the development of forensic technology. China should strengthen the forward-looking legislation on cross-border electronic evidence forensics, reinforce frontier and predictive research on data flow and governance and build a reasonable legal system for personal information protection. China can establish a logical legal system of personal information protection to influence the international rules on cross-border electronic evidence forensics through previous legislation. In the course of obtaining evidence, China should strengthen cooperation in the formulation of data storage and processing technical standards, reduce technology dependence, adopt advanced technologies and different cross-border evidence collection methods and formulate distinct data protection standards and data cross-border evidence collection rules that meet national conditions. Finally, to build a shared future community for human data, China should establish a secure and unified cross-border electronic evidence forensics technical standard system globally (Feng, 2021).
Set up exception clauses for special operations of investigative agencies
Article 9 of the Rules of Public Security Organs enumerates the six situations when it is necessary to use online extraction stipulated in Article 23. The catch-all provision ‘in other situations requiring further investigation of the relevant situation in online network extraction’ indirectly grants investigators the right of discretion and judgment regarding when to exercise a remote network investigation, which may lead to the abuse of rights. To solve the problem, Stephen indicated that the sources of electronic evidence exist in a number of separate geographical locations. Before taking any action, the investigators will need to be aware of the range of original data that might be required and ascertain whether it is possible or feasible to shut the network down in order to gain legal access to the data (Feng, 2021).
Undoubtedly, an international judicial cooperative forensics mechanism should be established on the basis of diplomatic relations, political mutual trust and international mutual benefit. It is necessary to reach an agreement between countries in advance and to set up specific personal information or data security rules for criminal investigation forensics.
It must be pointed out that an except clause based on the general legal principles of necessity, proportionality, and irreplaceability should be set up for investigative organs’ special actions. Compensation, such as economic compensation, for loss caused by evidence collection is given afterward (Liu, 2019). For example, if it is necessary to combat severe disruption of its socialist legal order and there are no alternative measures, within a reasonable limit, China can use strictly illegal means of investigation: for instance, breaking the password to gain access to a system. If this except clause can operate under a specific power supervision mechanism, it will have greater legitimacy.
Design new measures for electronic forensics of cross-border cybercrime
Obtaining overseas public electronic data through cross-border online extraction can produce very little valuable information. Cross-border remote inspection and real-time monitoring should not be generalised. There is an urgent need to improve the efficiency and design of data forensics and new measures for the electronic forensics of cross-border cybercrime.
‘It's a stone from the mountain that can attack jade’: China can learn from extraterritorial legislation to design more flexible measures of electronic data in cross-border forensics. To avoid conflicts between inferior law and superordinate law, the following clause could be added to Article 4 of the Law of Judicial Assistance: ‘There are exceptions when there are international treaties or bilateral agreements on judicial assistance with foreign countries.’ The EIO specially developed cross-border electronic evidence forensics to assist online encryption communication platforms and improve the efficiency of forensics between Member States. It stipulates ‘the maximum time for the requesting member state to accept the investigation order and the specific implementation period for quick forensics after acceptance’ and states that ‘the country issuing the investigation order must provide the electronic version of the investigation order [and] attach simple and clear guidelines’. 23 China can learn from the provisions of the EIO when using the electronic data of cross-border cybercrime online platforms to carry out evidence collection activities and could set up a separate encryption area on the platform dedicated to carrying out cross-border criminal judicial assistance procedures with other countries. The electronic version of the application and approval documents could be published in the encrypted area under the charge of the online commissioners to improve the forensic efficiency and utilisation of the cross-border judicial assistance mechanism in practice.
Strengthen the protection of individual rights
Under the framework of judicial assistance, the traditional cross-border forensic system adheres to the two-party structure of ‘state-state’ and ignores the protection of the rights of private subjects such as parties and data holders, which results in the core concept of human rights protection in the Criminal Procedure Law not being fully reflected. In a series of cross-border electronic forensics rules, there is no provision for the protection of citizens’ rights during the process of forensics. Article 8 of the Regulations on Electronic Data stipulates that the collection and extraction of electronic data shall give priority to the seizure and sealing of the original storage media. Although this is efficient, it cannot separate a citizen's personal information that is unrelated to the case in the storage media. President Xi Jinping has repeatedly emphasised that China must adhere to the concept of network sovereignty: that is, data sovereignty. The sovereign state is the subject of criminal judicial assistance, individuals are not. Individuals can only collect overseas evidence by themselves and have no right to request the exclusion of evidence obtained by the requesting country. The basic rights of citizens have not been fully reflected in current cross-border forensics practice, nor has the balance point between the state's power and the rights of the accused. The investigative agency takes secret measures to obtain unfavourable evidence without the prosecutor's knowledge and to provide an independent supervision mechanism to regulate the conduct of the investigation, which may easily lead to the expansion and abuse of investigation power.
Implement a personal information protection certification system
To improve the ability to protect personal information, the State Administration for Market Regulation and the Cyberspace Administration of China decided to implement a personal information protection certification system. The certification system means that the processors and overseas receivers who carry out the cross-border processing of personal information must abide by the unified rules governing such processing. The two parties sign a legally binding agreement and promise to accept the relevant laws and regulations on China's information protection and the supervision of cross-border information processing by Chinese certification bodies.
There are three types of certification mechanisms: unilateral, bilateral and multilateral. The unilateral certification mechanism is exemplified by the Binding Corporate Rules and Codes of Conduct stipulated in the General Data Protection Regulation (hereinafter referred to as GDPR), which is mainly applicable to multinational companies and other joint economies. According to the Data Protection Certification Mechanism stipulated in Article 42 of the GDPR, data controllers or processors can establish data protection certification mechanisms, seals or marks to prove that personal data are transferred to third countries or international organisations. The bilateral certification mechanism is represented by the defunct ‘Safe Harbor’ and ‘Privacy Shield’ agreements between the USA and the EU. American companies apply to the U.S. Department of Commerce for certification showing that they comply with the protection principles of the agreement, and the U.S. Federal Trade Commission enforces the law. Multilateral authentication mechanisms are represented by the Global Cross-Border Privacy Rules (hereinafter referred to as CBPR) system led by the U.S. CBPR system first proposed under the Asia-Pacific Economic Cooperation (hereinafter referred to as APEC) framework. If different companies located in different countries make a unified commitment and follow the nine personal data protection principles proposed in the APEC Privacy Framework, the flow of data between companies should be unhindered. China could gradually open up cross-border personal information flow channels with countries and regions along the Belt and Road and learn from the experience of the USA to build a multilateral certification mechanism. China aims to encourage the global data cross-border flow governance system to move in a more fair and reasonable direction.
Strengthen and protect personal data rights
Firstly, it is important to respect personal data rights. China can learn from the experience of the EU and establish the right of personal information as a fundamental right, expand the right's object to cover the whole cycle of data processing behaviour, and actively legislate and refine the protection of personal information rights. Cross-border electronic evidence forensics is prioritised through international judicial assistance. The EU's e-Evidence Regulation (hereinafter referred to as the ‘Regulation’) defines and classifies ‘electronic evidence’ as evidence stored in electronic form when a network service provider receives instructions, including registration information, access data, interactive data and content data. It also distinguishes the issuing subject of the submission of the preservation order in the EU according to the type of electronic evidence: The judge of the court or the judge of the examiners may issue relevant orders for all data, prosecutors may issue instructions for registration information and access data, and other competent authorities exercising the right to investigate and collect evidence following the laws of Member States may also issue relevant orders after confirmation by competent authorities. China can learn from the experience of the EU and classify and manage data at different levels to ensure data security while improving the efficiency of cross-border forensics and protecting personal data rights.
Secondly, China should strengthen the defendant's participation in forensics. In any bilateral judicial assistance treaty signed in the future, the parties should be allowed to acquire or exclude relevant evidence. Even if this right is excluded from the treaty, the court should allow the accused to challenge the authenticity of the evidence to make up for the imbalance of the accused's status in the process of obtaining evidence in cross-border cybercrime cases.
Finally, China should protect the right of data holders to know. This should be reflected in the setting up of a notification procedure for those accused who have taken compulsory measures in cross-border forensics. The defence should be (a) allowed to understand and consult the forensics content of the investigation organ after obtaining evidence and (b) entitled to consult and understand the electronic data in the examination of papers. China can learn from the relevant rules of the EU on the right to personal information in future legislation and entitle the parties to know and access data in advance. When the retention period of personal information expires or the data information is irrelevant to the case, the party should be able to exercise the right of correction or deletion and request that the investigative organ delete or destroy personal data to ensure the accuracy of that data. Also, the parties should be given the right to apply for relief from the data regulatory organisation (Wang, 2022b).
Strengthen relevant legislation to protect the right to personal information
China's existing laws and regulations do not stipulate how to deal with irrelevant electronic data and how to use data stored in the investigative organs (Ding, 2022). China can draw lessons from EU rules on personal information rights in future legislation. Article 5 of the GDPR sets out principles for handling personal data processing, and Article 25 sets out data protection by design and data protection by default. Under Article 25, data controllers must consider the risks and purposes and put them into context, then implement the principles listed in Article 5. The GDPR provisions’ legal principles and terms are vague and broad, giving data holders sufficient leeway to consider the specific circumstances of data processing. The EU Data Act (Draft) stipulates that when data holders are obliged to provide data to data recipients, they should transparently provide the data on fair, reasonable and nondiscriminatory terms. Any compensation agreed upon by both parties for the provision of data shall be reasonable to realise the legitimate rights and interests of the parties involved in the data element.
China is at a watershed for citizen-led demands for data rights. In December 2022, the CPC Central Committee and the State Council released Opinions on Building a Data-based System to Better Play the Role of Data Elements. To speed up the establishment of a basic data system, China should actively participate in the formulation of international rules for cross-border data flow, explore joining regional international data cross-border flow institutional arrangements, explore safe and standardised data cross-border flow methods for cross-border electronic forensics, explore the establishment of a cross-border data classification hierarchical management mechanism, promote bilateral and multilateral consultations on cross-border data flows and promote the establishment of mutually beneficial rules, explore the construction of a multichannel and convenient data cross-border flow supervision mechanism and improve the data cross-border flow supervision system coordinated by multiple departments.
China can learn from the EU provisions on the adequacy identification of personal data, enrich and improve the certification system, and strengthen data protection in cross-border electronic forensics. China is striving to make personal data protection a constitutional right in the future, to oppose data hegemony and protectionism, and to effectively respond to long-arm jurisdiction in the data field.
Establish a new mechanism for cross-border electronic evidence forensics
In March 2022, the EU and the USA made a joint statement, announcing that they had agreed to the Trans-Atlantic Data Privacy Framework (hereinafter referred to as ‘the Framework’) in principle and that they were just working out the final specifics. The Framework aims to let companies transfer personal data between the EU and the USA without creating a loophole in the EU's existing privacy legislation. In September 2022, the European Commission pushed forward the EU-U.S. Data Privacy Framework process. The Framework includes new safeguards on signals intelligence activities and a new two-tier redress system that includes a data protection review court for resolving complaints (similar to the European Data Protection Board), and EU individuals will be able to file complaints with what the US intelligence community calls the ‘Civil Liberties Protection Officer’, who is responsible for ensuring that US intelligence agencies abide by privacy and basic rights. Above all, the Framework includes greater oversight to ensure relevant organisations are following civil liberties standards. Additionally, concerns raised about how data are handled can go through this new redress mechanism, which will hopefully solve any concerns faster. After the final adequacy decision (one of the tools provided by the GDPR) is adopted by the European Commission, data will be allowed to flow freely and securely between the EU and US companies certified by the US Department of Commerce under the Framework without additional data protection safeguards or restrictions. The EU and the USA reached a new cross-border electronic forensics agreement to reduce the possibility of legal conflicts and conflict zones between the two jurisdictions. They attach great importance to the assisting status of data service providers, establishing a new mechanism of cross-border electronic forensics.
China can gradually explore the establishment of the unmediated access model, take users’ and companies’ location as the determining factor of jurisdiction and try to build a new treaty system that respects judicial sovereignty and protects data rights and interests.
Introduce procuratorial organs to intervene in advance to guide the cross-border cybercrime investigation system
The legal basis for procuratorial organs to intervene in advance to guide investigations
The system of procuratorial organs to intervene in advance to guide investigations is stipulated in the Criminal Procedure Law of the People's Republic of China and the Criminal Procedure Rules of the People's Procuratorate Criminal Procedural Regulation (Trial Version). It is a system whereby the procuratorial organs send personnel to participate in the investigation activities of the investigative organs on major and complex cases (such as violent and terrorist cases) and to give opinions and suggestions on the legality of evidence retrieval, fact determination, law application and the investigation. The practice of procuratorial organs intervening in advance to guide public security investigations already exists in the practice of cross-border cybercrime case trials in China. For example, the investigative organs invite the procuratorate of the same level to intervene in an investigation; the procuratorate then holds a seminar with the investigative organ to raise issues in the case, such as cross-border electronic evidence forensics and the proof standards that the evidence needs to meet, and to put forward investigation suggestions and standardise forensics.
The procuratorial organs intervene in advance to guide investigations in a criminal investigation using a system that integrates the prosecution and the police, and many civil law countries have adopted this approach. For example, France adopts the pattern of a joint investigation by prosecutors, examining magistrates, and judicial police. The prosecutor has the right to direct all the investigation activities of the police, and the judicial police have no independent investigation power but do have preliminary investigation power. German prosecutors not only have the right to investigate but also the right to lead and direct the police investigation (Ding, 2016). Introducing procuratorial organs to intervene in advance to guide cross-border cybercrime investigation systems is of practical significance. First, the procuratorial organs can play a supervisory role in forcing the investigative organs to carry out forensics in strict accordance with the law and not use arbitrary forensic measures. Second, it can strengthen the attention investigative organs give to protecting the privacy of the rights of data holders and avoid the infringement of personal information by forensics. Third, the procuratorial organs have a relatively deep understanding and insight into the scope, relevance and sufficiency of the evidence involved in the case, which can point out the direction of investigation for the investigative organs. According to Article 12 of Issuing the Provisions on the Handling of Cybercrime Cases by People's Procuratorates, ‘At the request of an investigative organ, a people's procuratorate may, as needed for prosecution against a crime, appoint any of its employees to intervene in the investigation of a major, difficult, and complex cybercrime case in due course.’ 24 As the Supreme People's Procuratorate once emphasised in the Notice of Issuing the 18th Group of Guiding Cases, to effectively crack down on cybercrimes, procuratorial organs should strengthen cooperation with investigative organs, intervene timely in the investigation to guide forensics, and put forward clear and specific supplementary investigation opinions based on the characteristics of the case. The mentioned provisions are the normative basis for the procuratorial organs to intervene in advance to guide an investigation, but it is not specified in China's legislation. It is of urgent need and practical significance to establish a system for the prosecution of cross-border cybercrimes in which the procuratorial organs intervene in advance to guide the investigation.
Procuratorial organs can also act as examination and approval agencies for cross-border forensics by investigative organs as part of the intervention in advance to guide the cross-border cybercrime investigations system. The investigative organ should obtain the approval of the examination and approval organ, or get a ‘writ’ issued by it, before the forensics (Chen, 2014). There are similar practices in foreign countries. For example, the Criminal Procedure Law of the USA stipulates that investigative organs must obtain a writ issued by the court before searching and seizing electronic equipment. If China learns from the legislation of the USA that the court is the forensics examination and approval authority, two problems will arise. First, Chinese judges should maintain neutrality in reviewing the facts, evidence and legal relationships of a case in order to exercise judicial power independently. If the judicial organ acts as the examination and approval organ for forensics, it cannot block the connection between the trial and the pretrial procedure and thus may cause unjust results. It is similar to the pretrial conference regulations. 25 In the pretrial conference stage, only procedural matters can be dealt with; the substantive evidence is reviewed in the investigation stage. Even if the pretrial procedural judges and the trial judges are different, they belong to the same judicial body, which must ‘separate judicial power from pretrial procedures, and exercise judicial power independently and impartially’. Second, most judges focus on examining the facts and evidence of the case and analysing the legal relationship, lack understanding of the investigation procedure, and sometimes fail to exercise the power of examination and approval properly. As the legal supervision organ in China, the procuratorial organ should play the role of judicial supervision and exercise examination and approval power with regard to cross-border forensics as an integral part of the intervention in advance to guide the cross-border cybercrime investigations system.
The procedure design of the procuratorial organ exercising examination and approval power
Investigative organs should conduct cross-border forensics under the guidance of the principle of proportionality. Before obtaining overseas electronic data related to a cross-border cybercrime, investigative organs should submit a forensic application to the procuratorial organs and explain the reason, the necessity and the scope of the data forensics in detail. The electronic evidence forensics of cross-border cybercrimes obtained by the investigative organs is limited to the information involved in the case. The investigative organs cannot ‘generically’ obtain private data, such as people's daily life records. If the data rights holder believes the investigative organs have violated their privacy, they can submit a written complaint to the procuratorial organs. The procuratorial organs will then urge the investigative organs to make amendments. The procedure should be added to Chapter 2 of the Rules of the Public Security Organs, the Provisions of the People's Procuratorate on Handling Cyber Crime Cases, the Provisions on Electronic Data and other relevant departmental regulations.
The establishment of a system of procuratorial organs to intervene in advance to guide cross-border cybercrime investigations suggests higher requirements with regard to the quality of prosecutors, such as having professional knowledge of the investigation or having relevant working experience. The purpose of the intervening investigation is to provide advice for the investigative organs’ cross-border data forensics and to supervise them to ensure that they carry out forensic activities in a legal and standardised way. The procuratorial organs cannot fully intervene in the forensics of the investigative organs and confuse their responsibilities. China should establish a system for procuratorial organs to intervene in the field of cross-border cybercrime in advance to guide investigations and clarify the boundaries of power. It is necessary to add the following stipulation to the People's Procuratorate's Criminal Procedure Rules and the Criminal Procedure Rules of the People's Procuratorate Criminal Procedural Regulation: ‘For cross-border cybercrimes that require electronic evidence forensics, the procuratorial organs have the power to intervene in advance to guide the investigation, provide opinions, and supervise the forensic activities of the investigative organs.’ The stipulation should further clarify the requirement for prosecutors to improve their professional quality, ensure the smooth progress of the investigation, and improve the efficiency of forensics.
Establish a mechanism to prevent illegal electronic data
To introduce procuratorial organs to intervene in advance to guide the cross-border cybercrime investigations system, it is necessary to consider the legality of the data. The Supreme People's Procuratorate made it clear in the Notice of Issuing the 18th Group of Guiding Cases that the legality of evidence for crimes committed abroad should be investigated. According to Article 112 of the Interpretation of the New Criminal Procedure Law, when electronic data are used as evidence, they shall be accompanied by a written description of the production process and a description of the source and be signed or sealed by the producer. When examining such evidence, the procuratorial organs should pay attention to whether it is continuous in time and whether the content is truncated. In subsequent Chinese legislation, China should make explanations on the legality of cross-border electronic data clearer, empower the procuratorate to conduct a legality review of evidence obtained overseas and ensure that the evidence obtained by the investigative organs is consistent with the evidence for the arrest and prosecution standard (Dai, 2019).
Currently, it is not stipulated whether the exclusionary rule of illegal evidence applies to electronic data, but in judicial practice, illegal electronic data are taken as illegal evidence to be excluded. According to Article 68 of Some Provisions of the Supreme People's Court on Evidence in Civil Procedures, 26 forensics using the infringement of the legitimate rights and interests of others or the violation of the prohibitive provisions of the law are not the basis for ascertaining the facts of a case. According to semantic interpretation, as one of the types of legal evidence, electronic data are part of the application scope of the illegal evidence exclusion rule. According to the purpose interpretation, the legislative purpose of the rules to exclude illegal evidence is to standardise the investigative organs’ forensics and prohibit the investigative organs from taking illegal forensic measures. The exclusion of illegal evidence should be applied to electronic data, and this should be made clear in future legislation.
After completing cross-border forensics, the investigative organs should prepare a report on the forensic process and results and submit the report to the procuratorial organs for the record. Therefore, the following clause could be added to Section 4 of the Rules for Public Security Organs and Provisions on Electronic Data: ‘After the cross-border cybercrime forensics (except cross-border open online extraction) are completed, investigative organs shall prepare cross-border forensic reports and submit them to procurators for filing.’ The following stipulation could be added to Article 12 of the Provisions on the Handling of Cybercrime Cases by People's Procuratorates: ‘The People's Procuratorate shall promptly receive the report of the investigative organ's forensic collection results and keep it for the record after the investigative organ's cross-border forensic collection activities.’
The plan for the transformation of China's electronic evidence forensics system for cross-border cybercrime
Promote benign interaction between international law and domestic law
China should promote benign interaction between international law and domestic law to provide a solid legal basis for the cross-border forensics system. Electronic evidence forensics for cross-border cybercrime is a global issue involving international and domestic law, and its legal regulation should consider the coordination, interaction, and common development of international and domestic law (Guo, 2022). The EU's Electronic Data Regulation and the proposal to authorise participation in the negotiation of the Second Additional Protocol to the Council of Europe's Convention on Cybercrime tend to be unified with the CLOUD Act and will be closer to the USA after the negotiation. Therefore, the standards set by the EU and the USA are highly likely to become ‘international standards’ in the future, and similar legislation may also form a global or regional electronic evidence law. With the continuous development and improvement of the domestic rule of law, countries have adopted legislative reform measures and improved relevant policies for cross-border electronic evidence forensics. Global or regional legal instruments for cross-border electronic evidence forensics are expected to be supported by some countries.
International law guides the development and reform of domestic law, but it needs to take into account the development level and stage of domestic law in order to (a) promote the judicial assistance of countries in the area of electronic evidence forensics; (b) help countries to reach a preliminary consensus on data sovereignty, jurisdiction rules, and a cross-border forensics system; (c) adhere to the spirit of jurisdiction coordination generally accepted by the international community; and (d) promote cooperation based on sovereign equality and respect for mutual interests. Consideration of reciprocity, comity, and limitation of jurisdiction is essential to avoid and resolve conflicts. The effectiveness and effect of the formulation and implementation of international law largely depend on the state's political will, and the stage from the conclusion to the recognition, ratification, and implementation of a judicial assistance treaty remains difficult. Improving the domestic legal system is the ultimate solution. Domestic law promotes or restricts the development of international law. Xi Jinping pointed out: ‘To carry out law enforcement and security cooperation between countries, we should not only abide by the respective laws of the two countries but also ensure the equal and uniform application of international law. We should not adopt double standards, nor should we use them when it suits us or abandon them when it does not suit us’ (Xi, 2017). China can take the Belt and Road construction as an opportunity, uphold the principle of reciprocity, promote the transformation of cross-border electronic evidence forensics, and advocate for the establishment of a new cybercrime convention to seek international cooperation consensus on cross-border electronic forensics. It is China's position as a great power to strengthen the policy coordination of cross-border forensics with the help of international cooperation, continue to promote the positive interaction between international law and domestic law and provide a solid legal basis for the cross-border forensics system (Wang, 2021).
Participate in building a new international order of cross-border electronic evidence forensics
Nowadays, some countries speed up the ‘fragmented’ development of cross-border forensics systems and ignore the traditional judicial assistance system to a certain extent. Cross-border forensics of electronic data is moving towards pragmatism and isolationism. Worldwide, geopolitics, privacy protection and data policy are increasingly influencing electronic evidence forensic systems for cross-border cybercrime. How to coordinate the integrated development of traditional cross-border electronic evidence forensic systems and modern cross-border electronic evidence forensic systems is also an important theoretical and practical problem that must be faced.
The implementation of Decision of the Central Committee of the Communist Party of China on Major Issues Concerning Upholding and Improving Socialism with Chinese Characteristics and Modernizing the State Governance System and Capacity, deliberated and adopted at the Fourth Plenary Session of the 19th Central Committee of the CPC, has become an urgent practical need to ‘accelerate the construction of China's extraterritorial legal system’, Concerning the provisions of relevant legislation of the EU, China could set up a data governance system in line with international standards, maintain its data sovereignty and network sovereignty or adjust the rules of cross-border electronic evidence forensics on the basis of the principle of ‘personalism’ and expand its jurisdiction.
The internal logic of the reform of cross-border electronic forensics is a transformation from territorialism to personalism, and it is a common feature of recent legislation in various countries. Adhering to the principle of national sovereignty, China should innovate the humanistic model of cross-border electronic forensics, such as constructing a data arbitrary visitor pattern. The theory of humanism supports the data arbitrary visitor model that reflects the civil rights standard. China's cross-border remote inspection abstract also belongs to this model. Under the data arbitrary visitor pattern, the case-handling agency issues a warrant, and the litigation participants or other subjects directly collect the electronic data. The state entitles parties, lawyers, and other subjects to obtain evidence through legislation and clarifies the principles, procedures, rights, and obligations of evidence collection they should follow. Private rights subjects conduct cross-border electronic forensic activities according to the law, and access to data is not technical or compulsory in legal terms. Judicial agencies, law enforcement agencies and other public power agencies issue warrants to private rights subjects to retrieve electronic data they have obtained; the power of the case-handling agency is limited to random access to the data only.
Another significant measure to promote the transformation of electronic evidence forensics for cross-border cybercrime systems that China, Russia and other countries have proposed and drafted is the United Nations Convention on Combating the Use of ICT for Criminal Purposes (hereinafter referred to as the ‘Convention’). In December 2021, the 74th session of the UN General Assembly adopted resolution 74/247, officially launching the negotiation process of a global convention against cybercrime under the UN framework. China submitted its views on the scope, objectives and framework of the Convention, proposing that it should (a) consider using electronic signatures and other technical means to realise the online exchange of cross-border legal documents and electronic evidence under the framework of the national security management system for cross-border data transmission and (b) provide judicial assistance in emergencies, such as the rapid preservation of electronic evidence and its rapid disclosure after preservation. 27 The first negotiating meeting of the Ad Hoc Committee on the Convention was held at the beginning of 2023, and most countries supported the completion of the negotiations as scheduled following the resolution of the UN General Assembly. At present, the Shanghai Cooperation Organization, the Council of Europe, the League of Arab States and other international organisations have formulated multilateral treaties to combat cybercrime. The EU is stepping up efforts to integrate its Member States’ relevant resources and expertise and plans to set up a special agency to deal with cyberattacks in 2023. The members of this special agency will include experts from the EU Member States, Europol, the EU's External Action Service and other agencies in order to strengthen their joint ability to fight cybercrime. China should follow the agenda of the Convention in real time, take an active part in building a new international order for cross-border electronic evidence forensics and contribute Chinese wisdom and solutions to the rule-making of international law and the progress of the rule of law (Chen, 2022).
Participate in the construction of international cooperation mechanisms
China should refer to the framework of the Belt and Road Initiative in its context. On the basis of respecting the principles of national sovereignty, non-interference in internal affairs, equality and reciprocity, and protection of human rights, China should use the concept of win-win cooperation, harmony and different concepts of seeking common ground while reserving differences to participate actively in the construction of an international cooperation mechanism for cross-border electronic evidence forensics and to promote the coexistence of different types and modes of subject cooperation at multiple levels (Zhang, 2021). Specifically, between different subjects, including international organisations, countries and subnational actors, constructing different levels of judicial cooperation models, giving clear and appropriate empowerment and enhancing the flexibility of the cooperation mechanism are required. For example, in the cooperation between the Chinese and Cambodian police forces, China can give full play to the role of the Lancang-Mekong Integrated Law Enforcement and Security Cooperation Center. In the future, China could establish a China-Southeast Asia Judicial Cooperation Area to cooperate with Southeast Asian countries in combating cross-border cybercrime, strengthen judicial and law enforcement cooperation in electronic forensics and further expand the scope of the cooperation area.
To build an international judicial cooperation mechanism for cross-border electronic forensics, China should first maintain regional and international relations, enhance political mutual trust and establish ‘identity’ between countries. There are differences in the existing cross-border electronic forensics systems, but China can promote cooperation based on rationality and inclusiveness among countries (e.g., EU and ASEAN countries) to form a centripetal force for judicial cooperation. The specific path is to rely on the international organisations countries have joined or the international conferences and forums they have attended, including the United Nations, Interpol, Asia-Pacific Economic Cooperation and so on. Countries will enhance their interactions and exchanges under the threat of international cybercrime and will prioritise judicial collaboration on cross-border electronic evidence forensics.
Secondly, China should promote the construction and improvement of both international and domestic legal systems. The most urgent thing is to promote the formulation of the Convention on Combating the Use of ICT for Criminal Purposes at the international level. As early as 2016, Professor Stephen Mason made clear in the Draft Convention on Electronic Evidence 28 that there are differences in the treatment of evidence in individual jurisdictions. The purpose of the Convention is to pursue a common policy towards electronic evidence and promote international cooperation. It is clearly stipulated in Article 7 that except where incompatible with national legislation, codes or procedure, the Parties to this Convention shall implement agreed common requirements on the acquisition, obtaining, processing and examination of electronic evidence. It's instructive to formulate regional unified legal norms according to the characteristics of different regions and crimes. China can try to formulate corresponding unified regional framework agreements in different cooperation areas of the Belt and Road initiative. On the basis of unifying existing scattered bilateral treaties and agreements and other legal normative documents, China can integrate the content of cooperation scattered in the judicial field and unify the concept, principle, and procedure of cooperation and other minimum guidelines. China will advocate the following: continuing to sign bilateral and multilateral judicial assistance treaties, expanding the coverage of treaties between China and countries within the framework of the Belt and Road initiative, gradually reaching a consensus in the process of consultation, formulating special laws and regulations on cross-border cybercrime to pursue a common policy towards electronic evidence, and carrying out judicial cooperation in a more targeted way.
Finally, China can promote the establishment of a special assistance mechanism for cross-border data forensics to accelerate the construction of an international cooperation mechanism—a permanent coordination organisation. The tasks of the coordination organisation would be to design different access conditions for different data categories and to reduce complex procedures for the purpose of quickly responding and effectively extracting electronic data. The coordination organisation could learn from the core functions and operations of Interpol, which requires the mutual trust and support of all Member States. The Lancang-Mekong Integrated Law Enforcement and Security Cooperation Center established by China, Laos, Cambodia, Myanmar, Thailand and Vietnam embodies the characteristics of international criminal judicial cooperation, which can be further developed and constructed as a specialised regional coordination organisation. On this basis, China can participate in and promote the establishment of a systematic coordination organisation on a global scale to bring the fight against cross-border cybercrime into the scope of international cooperation.
The traditional judicial assistance procedure will continue to be the basic scheme of cross-border electronic evidence forensics in the future. Improving the judicial assistance mechanism can expand the scope of countries implementing judicial assistance, promote the establishment of a special assistance mechanism for cross-border data retrieval, and simplify the procedure. The EU is building an encrypted communication platform for data exchange to facilitate the issuance and execution of EIOs. This can become a significant reference for China to promote the rapid operation of international bilateral and multilateral, and domestic interregional, criminal judicial assistance procedures in the future. China can facilitate the establishment of a shared platform for cross-border electronic evidence forensics, allow foreign governments to track the status of requests, or provide information directly to law enforcement agencies through the system. The requested state shall promise to respond to the legitimate demands of the requesting state promptly. The requesting state may require the requested state to report the number of requests received, the response time, and the procedure to ensure that the process of implementing the mutual judicial assistance agreement is open and efficient. States could explore establishing a common guidance framework on when and how to authorise the extraction of data abroad (Zhao, 1991). The acquisition of cross-border electronic data needs the regulation of criminal judicial assistance. Seeking a balance between different countries’ legislation is the key to electronic data forensics in the Internet era. Various countries around the world must strike a balance between fighting crime and national interests before deciding on bilateral or multilateral international judicial assistance and reaching an international consensus on whether to transfer rights.
Conclusion
In the Information Era, the number of cross-border cybercrimes is increasing and the difficulty of electronic data forensics is rising. While strengthening the control of electronic data sovereignty, Chinese legislation will increase the difficulty of cross-border forensics to a certain extent, which is a double-edged sword. Therefore, in the future, China should not only respect the data sovereignty of other countries equally on the basis of international law and treat the inflow and outflow of data equally but should also pay attention to the improvement of domestic legal rules. While improving the efficiency of evidence forensics, China should collect evidence according to the law and protect the legitimate rights of criminal suspects. One issue is how to control domestic electronic data while respecting the sovereign data of other countries. Also, the issue of how to improve the efficiency of forensics in such cases while ensuring the norms of forensics standards and safeguarding the legal rights of criminal suspects needs a solution. First of all, China should make flexible adjustments to the cross-border forensic methods of investigative organs on the basis of accurately defining the nature of various investigative measures in cross-border cybercrime forensic activities: this would involve continuing to apply cross-border online extraction measures and cross-border login acquisition, designing cross-border remote inspection measures agreed upon by the data rights holder, designing mechanisms to collaborate with cross-border data service providers to obtain electronic data and prohibiting arbitrary investigation measures. Secondly, China should improve its cross-border electronic data forensics system and learn from the Data Access Agreement and conduct forensics through international criminal judicial assistance. Expanding the application of bilateral judicial assistance in Case 67 of the Supreme People's Procuratorate, reducing the application of unilateral cross-border forensics and avoiding unnecessary diplomatic disputes are also important. Finally, Chinese legislation should introduce procuratorial organs to intervene in advance to guide the investigations of cross-border cybercrime systems. The procuratorial organs should exercise powers of approval and file for cross-border forensics by the investigative organs. China should give full play to the integrated advantages of cooperation and exchange between the procuratorial organs and the police and improve the efficiency of case handling.
With the increasing need for electronic data forensics for cross-border cybercrime, the traditional cross-border forensics system is facing many challenges. While adhering to the forensics method based on international criminal judicial assistance, Chinese legislation must reach a balance with the different legislations of other countries. This will involve setting up different application conditions to regulate unilateral cross-border electronic data forensics, maintaining network data sovereignty and national sovereignty, improving the data disclosure system, and protecting the legitimate rights and interests of rights holders in the context of strengthening the free flow of global data. Currently, there is a contradiction between fighting cross-border cybercrime and respecting national data sovereignty, which is an inevitable result of the development of cyber technology. However, with the further integration of the Internet and human lives, there will be a consensus on cross-border electronic data forensics and data sovereignty in the future. China should promote the positive interaction between international law and domestic law, construct a new international order of cross-border electronic data forensics, and put great effort into the transformation of its cross-border cybercrime electronic data forensics system. Beforehand, China can improve the unilateral cross-border regulation of electronic evidence forensics and strengthen the efforts of external electronic data forensics on the premise of safeguarding the data sovereignty of each country and protecting the rights and interests of data rights holders.
Footnotes
Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.
