A infiltração online no processo penal – Notícia sobre a experiência alemã

The article describes the German discussion about the online-infiltration as a fact-finding measure in Criminal Procedure and tries to learn some lessons for the Brazilian system.O artigo descreve a discussão alemã sobre a técnica de investigação da infiltração online no processo penal e tenta extrair lições para o sistema brasileiro

“My Computer Is My Castle”: New Privacy Frameworks to Regulate Police Hacking

Several countries have recently introduced laws allowing the police to hack into suspects’ computers. Legislators recognize that police hacking is highly intrusive to personal privacy but consider it justified by the increased use of encryption and mobile computing—both of which challenge traditional investigative methods. Police hacking also exemplifies a major challenge to the way legal systems deal with, and conceptualize, privacy. Existing conceptualizations of privacy and privacy rights do not always adequately address the types and degrees of intrusion into individuals’ private lives that police hacking powers enable. Traditional privacy pillars such as the home and secrecy of communications do not always apply to computer-based police investigations in an era of mobile technologies and ubiquitous data. In this Article, we conduct a comparative legal analysis of criminal procedure rules in the United States, Germany, Italy, the Netherlands, and the United Kingdom to see which privacy frameworks lawmakers and courts apply when regulating police hacking. We show that while classic privacy frames of inviolability of the home and secrecy of communications remain adequate for some forms of police hacking (observation and interception), they fail to capture novel and fundamentally different ways in which the most intrusive forms of police hacking (covert online searches and remote surveillance) impact privacy in twenty-first-century society. Our analysis shows the emergence of two new frameworks that have the potential to begin filling this void: 1) a container-based approach, focusing on the computer as protection-worthy in itself—or the “informatic home;” and 2) a content-based approach, focusing on the protection of data—or “informatic privacy.” Since both approaches have valuable benefits and potential drawbacks, we propose that a complementary application of the two might work best to capitalize on their advantages over traditional privacy frameworks to regulate police hacking

EL "DERECHO FUNDAMENTAL A LA CONFIDENCIALIDAD E INTEFRIDAD DE SISTEMAS INFORMÁTICOS"- UN APORTE EXITOSO A LA CREACIÓN DE DERECHOS DE LIBERTAD?

Después de la notificación de la Sentencia del Tribunal Constitucional Federal sobre la inconstitucionalidad de las disposiciones relacionadas con el denominado Registro informático que se contemplaban en la Ley de seguridad constitucional del estado federado de Nordrhein-Westfalen los medios de comunicación informaron sobre la creación de un nuevo derecho fundamental por parte del Tribunal Constitucional Federal: el llamado derecho fundamental informático. El objeto de este artículo es, tomando como punto de partida dicha sentencia, analizar de forma crítica el problema de la creación de “derechos fundamentales”

EL "DERECHO FUNDAMENTAL A LA CONFIDENCIALIDAD E INTEFRIDAD DE SISTEMAS INFORMÁTICOS"- UN APORTE EXITOSO A LA CREACIÓN DE DERECHOS DE LIBERTAD?

Después de la notificación de la Sentencia del Tribunal Constitucional Federal sobre la inconstitucionalidad de las disposiciones relacionadas con el denominado Registro informático que se contemplaban en la Ley de seguridad constitucional del estado federado de Nordrhein-Westfalen los medios de comunicación informaron sobre la creación de un nuevo derecho fundamental por parte del Tribunal Constitucional Federal: el llamado derecho fundamental informático. El objeto de este artículo es, tomando como punto de partida dicha sentencia, analizar de forma crítica el problema de la creación de “derechos fundamentales”

Fundamental Rights in the Use and Abuse of the Social Networks in Italy: Criminal Aspects

Aquesta anàlisi dels comportaments il·lícits en l’ús i l’abús de les xarxes socials se centra, en primer lloc, en els delictes que aquestes conductes poden configurar (epígrafs 3 a 6) –alguns dels quals són s’han introduït recentment, com el ciberassetjament a menors (child grooming)–, en els quals els usuaris de les xarxes poden ser tant autors com víctimes de les violacions dels drets fonamentals que aquestes conductes afecten (epígraf 2). En segon lloc, es tracta de la qüestió de la possible responsabilitat penal dels gestors de les xarxes socials –que es poden reconduir a la categoria general dels proveïdors de serveis d’internet– que assumeixen un paper cada vegada més incisiu i protagonista en l’evolució del sistema i, per tant, també en les estratègies de prevenció i control de les activitats il·lícites a la xarxa (epígraf 7). Els principals aspectes crítics sorgits d’aquesta investigació suggereixen algunes indicacions inicials per a adequar el dret penal que regula aquesta matèria a les necessitats que presenta. This analysis of criminal behaviour in the use and abuse of social networks focuses, firstly, on the crimes that this behaviour can lead to (epigraphs 3 to 6) – some of which have been introduced recently, such as child grooming – where users of these networks can be both the offender or victim in the violation of the fundamental rights affected by such behaviour (epigraph 2). Secondly, it looks at the question of the possible criminal responsibility of social network managers – who are taking on an increasingly incisive role and becoming more important agents in the system’s evolution, and, thus, also in the strategies for preventing and controlling criminal activities on the web (epigraph 7). The main critical aspects arising from this research highlight initial indications for how to adapt the criminal law regulating this area to the current needs.Este análisis de los comportamientos ilícitos en el uso y el abuso de las redes sociales se centra, en primer lugar, en los delitos que estas conductas pueden configurar (epígrafes 3 a 6) –algunos de ellos de reciente introducción, como el de child grooming– en que los usuarios de las redes pueden ser tanto autores como víctimas de las violaciones de los derechos fundamentales a los que tales conductas afectan (epígrafe 2). En segundo lugar, se trata la cuestión de la posible responsabilidad penal de los gestores de las redes sociales –que se pueden reconducir a la categoría general de los internet service providers– que están asumiendo un papel cada vez más incisivo y protagonista en la evolución del sistema y, por tanto, también en las estrategias de prevención y control de las actividades ilícitas en la red (epígrafe 7). Los principales aspectos críticos surgidos de la presente investigación sugieren algunas indicaciones iniciales para adecuar el derecho penal que regula esta materia a las necesidades que presenta

Remote forensic investigations

Diese Arbeit setzt sich zur Aufgabe, die neue Ermittlungsmethode der Online Durchsuchung zu erörtern und in einer breiten und allgemeinen Art zu präsentieren. Ein besonderer Fokus wird dabei auf das Verhältnis von Technik und Recht gelegt. Dem Leser wird vorab ein weit gefasster technischer Teil präsentiert, der die Darstellung der verschiedenen, im Zuge einer Online Durchsuchung angewendeten, Software-Programme involviert, wobei besonderes Augenmerk auf die technischen Aspekte der Telekommunikation sowie der Verschlüsselungstechnik gelegt wird. Darüber hinaus beinhaltet die, in einem Abschnitt konzentrierte, technische Aufarbeitung des Dissertationsthemas eine kurze Einführung in die Computer-Forensik, also die Vorgehensweise einer „Computerdurchsuchung“ durch die Strafverfolgungsbehörden. Neben einer Beschreibung der festgelegten Verfahren und Prinzipien einer derartigen „Computerdurchsuchung“ wird überblicksmäßig auch auf die speziellen Hard- und Software-Tools eingegangen. Diesen technischen Teil abschließend werden sodann auch die angedachten Einsatzgebiete der Online-Durchsuchung aufgezeigt und einer faktisch-technischen Begutachtung unterzogen. Der auf die technische Erörterung folgende Rechtsteil der Arbeit enthält neben einem Überblick über die verfassungsrechtlichen Bestimmungen, insbesondere eine Auseinandersetzung mit der in punkto Online-Durchsuchung wesentlichen Frage der Verhältnismäßigkeit. Trotz des Umstandes, dass sich die vorliegende Dissertation vor allem mit dem Verfahrensrecht befasst, erfolgt eine kurze Darstellung von wichtigen materiell-rechtliche Bestimmungen. Nach einer Einführung in die Strafprozessordnung und ihrer Grundsätze – wobei insbesondere das Kräfteverhältnis zwischen Kriminalpolizei, Staatsanwaltschaft und Gerichten sowie das System zur Durchsetzung von Zwangsmaßnahmen erläutert wird – konzentriert sich die Darstellung auf einzelne Bestimmungen der StPO, die auf den ersten Blick gerechtfertigt erscheinen, eine Online-Durchsuchung durchzuführen. Die dabei eingehend beleuchteten verfahrensrechtlichen Paragraphen betreffen: - Durchsuchung von Orten und Gegenständen (§§ 117 Z2 iVm 119 Abs 1 StPO), - Überwachung von Nachrichten (§§ 135 Abs 3 iVm 134 Z3 StPO), - Auskunft über Daten einer Nachrichtenübermittlung (§§ 134 Z2 iVm 135 Abs 2 StPO), - Großer bzw. kleiner Lauschangriff (§§ 136 iVm 134 Z4 StPO). Im Anschluss widmet sich die Dissertation dem Sicherheitspolizeigesetz. Die Aufarbeitung des SPG erfolgt in gleicher Art und Weise wie die zuvor erörterten Thematiken, wobei die darin normierten Aufgaben des Rechtsträgers, i.e. die erste allgemeine Hilfeleistungspflicht sowie die Aufrechterhaltung der öffentlichen Sicherheit und Ordnung und die damit einhergehenden Kompetenzen der Sicherheitspolizei, einer näheren Begutachtung unterzogen werden. Im Speziellen werden folgende Bestimmungen untersucht: - Betreten und Durchsuchen von Grundstücken, Räumen und Fahrzeugen (§ 39 SPG), - Zulässigkeit der Verarbeitung von personenbezogenen Daten (§ 53 SPG), - Besondere Bestimmungen für die Ermittlung (§ 54 SPG). Die betreffenden Unterkapiteln des rechtlichen Teils dieser Dissertation endet mit dem Versuch, die Online-Durchsuchung als modernes Ermittlungs- und Beweissicherungsinstrument die besprochenen verfahrensrechtlichen Bestimmungen zu subsumieren. Im abschließenden Teil beschäftigt sich die vorliegende Arbeit mit dem Verhältnis von Prävention und (Straf-)Verfahrensrecht. Ausgehend von generellen Überlegungen zu Prävention und einem historischen Abriss der Entwicklung vom Naturrecht zum Rechts- und schließlich zum Präventionsstaat, beleuchtet der Autor die problematische Wechselbeziehung anhand von fünf Punkte näher: - Generelle Überlegungen zur Prävention, - Verhältnis der Kompetenzen von Kriminal- und Sicherheitspolizei, - Systematische Problem der Eingliederung der Online Durchsuchung im Rechtssystem Österreichs, - Präventive Aspekte im materiellen Strafrecht, - Verdachtslage vor Durchführung einer Online Durchsuchung. Zusammenfassend ist festzuhalten, dass nach Intention der vorliegenden Dissertation der geschätzte Leser einen generellen Überblick über das Thema „Online Durchsuchung“ erhalten soll. Darüber hinaus wird der Versuch unternommen, sowohl die in der Maßnahme involvierten technischen als auch rechtlichen Aspekte gleichermaßen zu erläutern und einander gegenüber zu stellen. Der Fokus soll dabei jedoch nicht wie in anderen, bereits verfügbaren Schriften auf grund- und menschenrechtlicher Basis liegen, sondern wird vielmehr die problematische Eingliederung dieser Ermittlungsmethode in das österreichische (Verfahrens-)Rechtsystem aufgezeigt. Dabei dienen insbesondere die Strafprozessordnung und das Sicherheitspolizeigesetz als Vergleichsmaßstab.The purpose of this thesis is to provide an introduction and general overview of the newly developed method of remote forensic investigations. It intends to present RFIs in a rather broad and general way with a special focus on the relationship between technology and law. T The technical part of this thesis involves presentations of software programs potentially capable to be applied in RIFs. The terms of ‘malware’ and ‘viruses’ are also clarified, as are the expressions ‘spyware’ and the various forms of ‘Trojan horses’. Special attention is given to the technical issues and properties of telecommunication as well as to that of decryption and encryption. In order to show how a computer has to be searched physically by law enforcement agencies, the author gives a brief introduction into computer forensics. The illustration includes a description of the established procedures for the investigation authorities and the various principles the process is based on. Furthermore, a brief overview of the special hardware as well as software tools is given. Thereafter, a presentation of the potential application of a remote forensic investigation in regards to its two main purposes, i.e. obtaining access to a computer and the exploitation of that access. The legal part of this thesis starts with an overview on the relevant provisions in the Austrian constitutional law and one of its cornerstones - the principle of proportionality. Despite the fact that this thesis is mainly dedicated to procedural law, the author gives a summary of important substantive law provisions. This is necessary in order to show that the security agencies would – without empowerment to conduct a remote forensic investigation – commit a criminal act and would therefore be liable for it as well. After an introduction into criminal procedures law, involving an illustration of general principles – such as the principle of indictment, or the system of warrants – the relationship between the criminal police, the public prosecution and the court as well as their special tasks and competences, the provisions in regard to remote forensic investigations are pointed out extensively. Especially the following provisions of the Austrian Code of Criminal Procedure are examined in detail including an extensive effort to subsume an RFI under them: - Search of Locations and Objects according to section 117 no. 2 in conjunction with section 119 para. 1 of the Austrian Code of Criminal Procedure - Surveillance of Data and Communication according to section 135 para. 3 in conjunction with section 134 no. 3 of the Austrian Code of Criminal Procedure - Disclosure of Transmission Data according to section 134 no. 2 in conjunction with section 135 para. 2 of the Austrian Code of Criminal Procedure - Surveillance of Persons according to section 136 in conjunction with section 134 no. 4 of the Austrian Code of Criminal Procedure Following this, a similar approach is used in order to present the Austrian Security Police Act. Special focus is put on the tasks of maintaining public order, primary assistance and maintaining public security. Consequently, the competences of the public security police will be illustrated in the same manner as the competences of the criminal police: - Competence to Enter and Search of Premises, Rooms and Vehicles according to section 39 of the Austrian Security Police Act - Legitimacy of Processing of Personal Data according to section 53 of the Austrian Security Police Act - Special Regulations for Investigation according to section 54 Austrian Security Police Act The final part of this thesis is dedicated to the relationship between the prevention of criminal incidents and criminal procedural law. Starting with rather general considerations to prevention and a historic overview on the development from a state of nature, to a state of law and finally to a state of prevention, following five aspects are examined in depth: - General aspects of prevention, - Relationship between the criminal police and the public security police, - Systematic questions regarding an incorporation of RFIs into the Austrian legal order, - Preventive aspects within the regime of substantive criminal law, and - Demanded degree of suspicion. Summarizing, it is to state that the intention for this thesis is to give a broad and general overview on RFIs, from a technological as well as a legal point of view. The focus is – unlike other publications in this respect – not directed on fundamental/human rights issues, rather than on issues related to a potential incorporation of RFIs into the Austrian legal order. The Austrian Code of Criminal Procedure and the Austria Security Police Act are the points of reference and the standard of comparison

Mobile, intelligent and autonomous policing tools and the law

This thesis resolves around problems arising for the existing legal framework from the use of novel software-­‐based policing tools during criminal investigations. The increasing dependence on information and communication technologies and the Internet means that more aspects of people’s lives move online, and crime follows them. This has triggered the development of innovative, autonomous investigative technologies that are increasingly replacing human officers for the policing of the online sphere. While only recently discussions of the legal status of embodied and unembodied robotical devices have gained more widespread attention, discussions of the legal status of autonomous agent technology are not new. They have focussed however in the past on applications in the private domain, enabling contract formation online. No systematic study has so far been carried out that looks at the use of autonomous agent technology when deployed by state actors, to fulfil core state functions. This thesis starts with the hypothesis that the use of automated, intelligent devices to replicate core police functions in the online world will increase in the future. Looking at first emerging technologies, but with an eye towards future deployment of much more capable software tools that fulfil policing functions on the Internet, this thesis looks at the challenges this poses for regulators and software developers. Based on extensive qualitative research interviews with stakeholders from two different jurisdictions (Germany & UK) this thesis finds that these novel policing technologies challenge existing legal frameworks, which are still premised on the parameters of the offline world. It therefore develops an alternative governance model for these policing tools, which enables their law-­‐compliant use and prevents rights violations of suspects. In doing so it draws upon both worlds, the technical and the legal, while also incorporating the empirical research results from the interviews with experts. The first part of this thesis analyses the technical foundations of these software-­‐based policing tools. Here, one of the key findings is that the current governance system focuses on ex-­‐ante authorisation of very specific, individual software tools without developing a systematic classification. This contradicts the principle of sustainable law making. To overcome this piecemeal approach, as a first contribution to existing research this work defines a new class of investigative technologies – mobile, intelligent and autonomous (MIA) policing tools ‐ based on the findings of the technical analysis. Identifying such a natural class of present and future technologies that pose the same type of legal issues should facilitate the sustainable governance of these new policing tools. The second part of this thesis analyses two specific legal issues: cross-­jurisdictional investigations and the evidentiary value of the seized data. These issues were identified as most pressing by the experts interviewed for this work. This analysis reveals that investigative activities of MIA tools are potentially in conflict with international law principles and criminal procedure law. In order to gain legitimacy, these new policing tools need to operate within the parameters of the existing legal framework. This thesis argues that given the unique technical capabilities of MIA tools, the primary approach to achieving this is to assign legal responsibility to these tools. The third part of this thesis develops a novel governance approach to ensure that MIA tools operate within the parameters of the legal framework, and therefore obtain legitimacy and relevance, also with regard to the investigative results. This approach builds on existing research identifying code as a regulatory modality and contributes to the field of legal theory. It constitutes a solution for the governance problems of MIA tools, however, it requires currently lacking collaboration among stakeholders and cross-­disciplinary research