War crimes and gross human rights violations: e-evidence | IGF 2023 WS #535

11 Oct 2023 08:00h - 09:30h UTC

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Knowledge Graph of Debate

Session report

Full session report

John Hering

John Hering, a prominent figure in the field of cybercrime and war crimes, highly commends the Budapest Convention as an invaluable tool in combating international cybercrime. He also suggests that the UN cybercrime negotiation process should draw inspiration from the Budapest Convention, which has been successful in addressing cybercrime globally.

Hering discusses the challenges posed by the rise of cyber-enabled war crimes and hybrid warfare. He highlights the potential for traditional war crimes to have a cyber component and cites the conflict in Ukraine as a significant example of hybrid warfare, combining conventional military tactics with cyber operations.

In relation to the role of Microsoft in conflicts, Hering believes that the company should increase transparency and reporting. He appreciates Microsoft’s efforts in providing greater transparency in response to the challenges presented by conflicts, particularly in Ukraine. By increasing reporting on the breadth of cyber operations occurring in these conflicts, Microsoft can contribute to a more comprehensive understanding of the situation.

Hering proposes the expedited collection of digital evidence of traditional war crimes. He advocates for the development of tools and support to capture digital evidence, which could aid in the investigation and prosecution of war crimes.

Hering expresses concerns about the widespread use of cyber capabilities in armed conflicts, as it brings forth the possibility of cyber-enabled war crimes. The submission of Article 15 reports to the International Criminal Court alleging cyber-enabled war crimes, along with reports from multiple technology companies providing evidence of malicious cyber activities during conflicts, highlights the need to address this emerging issue.

Transparency and disclosure of data requests are key aspects emphasized by Hering. He highlights the importance of transparency in understanding when and for how long data is requested, advocating for disclosure of relevant information within a reasonable timeframe.

Highlighting the valuable role of technology companies, Hering mentions Microsoft’s partnership with Accenture in supporting the International Criminal Court (ICC) with the creation of the OTP Link platform. This platform serves as an objective system for creating a digital chain of custody and a tamper-proof record of evidence, aiding the collection and preservation of digital evidence for war crime cases.

Hering values the independent tools created by technology companies, such as the OTP Link platform, as they ensure neutrality and preserve the integrity of digital evidence. By fostering collaboration between technology companies and international institutions, a more objective and robust platform for addressing war crimes can be achieved.

In light of the emerging domain of conflict in relation to cyber operations, Hering calls for innovation in international systems. He believes that international institutions should step in to uphold expectations in the digital domain, just as they would in the physical domain. The recent decision by the ICC prosecutor to investigate cyber-enabled war crimes is seen as a positive development, reflecting the growing recognition of the need to adapt international systems to address cyber-related conflicts.

In conclusion, John Hering’s insights encompass a wide range of issues related to cybercrime, war crimes, and the role of technology companies. He highlights the effectiveness of the Budapest Convention in combating international cybercrime and encourages the adoption of its principles in the UN cybercrime negotiation process. Hering also underscores the challenges posed by cyber-enabled war crimes, the importance of transparency and data disclosure, and the instrumental role of technology companies in collecting and preserving digital evidence. Through his observations, Hering advocates for innovation in international systems and emphasizes the need for international institutions to address the emerging domain of conflict in relation to cyber operations.

Giorgi Jokhadze

During the discussion, the speakers explored the significance of open source intelligence (OSINT) in uncovering evidence of war crimes and gross human rights violations. They highlighted the extensive experience of Giorgi Jokhadze in Ukraine, where he has utilised OSINT techniques. Notably, he has been actively involved in supporting Ukraine through the Council of Europe since the beginning of Russian aggression in 2022.

The Budapest Convention on Cybercrime, specifically Article 32, was emphasized as a powerful tool for member states to access OSINT from both public and private domains with consent. It was argued that these provisions could greatly assist Ukraine in obtaining compelling evidence for both domestic and international investigations. The tools provided by the Budapest Convention were also seen as instrumental in facilitating the collection of such evidence.

Furthermore, the discussion emphasised that open source intelligence should be considered as an integral part of the overall chain of evidence in criminal investigations. It was acknowledged that open source intelligence plays a crucial role in providing leads and clues that can lead to more comprehensive investigations and successful outcomes.

The speakers also raised the challenges posed by electronic evidence, which often transcends borders. This highlighted the importance of cross-sharing evidence among relevant parties to ensure a unified approach to investigations and the pursuit of justice across jurisdictions.

In addition to the technical aspects of open source intelligence and cybercrime conventions, the discussion touched upon the need for a clear and applicable legal framework. The speakers recognized the importance of integrating open source intelligence and data from open sources within a comprehensive legal framework. Such integration is crucial for ensuring that perpetrators are brought to justice while adhering to legal requirements and due process.

Overall, the speakers concluded that open source intelligence and data obtained from open sources are invaluable assets in the pursuit of justice. However, to maximize their effectiveness, they must be employed within an applicable legal framework. These insights highlighted the need for proper communication and implementation of conclusions derived from discussions with the IGF Secretariat.

In summary, the discussion highlighted the value of open source intelligence in uncovering evidence of war crimes and human rights violations. It also emphasized the role of the Budapest Convention on Cybercrime in supporting Ukraine’s evidence collection efforts. The integration of open source intelligence within the overall chain of evidence and the importance of cross-sharing electronic evidence were also stressed. Additionally, the need for a clear and applicable legal framework that incorporates open source intelligence and data from open sources was underlined. The speakers concluded that integrating open source intelligence and data within a legal framework is crucial for ensuring that perpetrators are brought to justice.

Audience

The Budapest Convention is seen as a potentially beneficial legal framework for dealing with cyber crimes and war crimes, especially in relation to SDG 16: Peace, Justice, and Strong Institutions. However, there is skepticism about its applicability to crimes originating from Ukraine. Examples of alleged crimes committed by Ukrainian forces and Ukrainian-based scammers have raised doubts about the effectiveness of the Budapest Convention in addressing these specific crimes.

Access to e-evidence is considered crucial for effectively resolving crimes. The importance of obtaining electronic evidence for the purpose of investigation and prosecution is highlighted, emphasizing its role in uncovering the truth and holding perpetrators accountable.

Concerns have been raised regarding the lack of effective safeguards in both the Budapest Convention and the UN Cybercrime Treaty. Law enforcement officials involved in war crimes, crimes against humanity, and human rights abuses, along with dissatisfaction among civil society groups regarding the absence of adequate safeguards, have generated worry about potential misuse of these conventions.

There is frustration over the lack of communication and fear that the provisions within these conventions might be abused to commit crimes with impunity. This highlights the need for stronger and more effective safeguards to prevent the misuse of these legal frameworks.

War crimes are a pressing issue, and it is argued that they should be addressed regardless of the perpetrators involved. The need for applying international law and cooperation in conflicts is emphasized. It is paramount to hold all parties accountable for their actions, promoting justice and upholding human rights.

During discussions, questions were raised about war crimes committed by Ukrainians, beyond the focus on Russian activities. The structure of the convention for crimes committed by Ukrainians remains unclear, and it is suggested that some war crimes may be committed without Russian involvement, indicating a need for further clarity.

Assertions were made about war crimes committed by the Ukrainian army against civilians, highlighting the gravity of the situation and the urgency to address these crimes.

In conclusion, the Budapest Convention is seen as a potentially beneficial legal framework for cyber crimes and war crimes. However, doubts persist regarding its application to crimes originating from Ukraine. The importance of access to e-evidence is emphasized, while concerns are raised about the lack of effective safeguards in the Budapest Convention and UN Cybercrime Treaty. The necessity to address war crimes, regardless of the perpetrators, using international law and cooperation is stressed. The need for clarity in dealing with crimes committed by Ukrainians and the alarming allegations of war crimes committed by the Ukrainian army against civilians are also highlighted.

Jayantha Fernando

The Budapest Convention, in conjunction with its Second Additional Protocol, offers valuable tools for collecting and sharing electronic evidence. These tools are crucial in combating cybercrime and promoting cooperation between countries and service providers.

The Second Additional Protocol was negotiated by the State Parties to the Convention following the finalisation of the Cloud Evidence Report in 2017. It facilitates direct cooperation between countries and domain name registration information providers and includes measures for expedited disclosure of computer data in emergency situations. It also outlines procedures for international cooperation, even when parties and experts are in different locations.

However, the effectiveness of these tools depends on the domestic capacity of each country to handle and utilise them effectively. The Budapest Convention, also known as the Council of Europe Convention, has a capacity-building initiative that supports global action against cybercrime. Countries that have implemented these initiatives have benefited from training expert judges who can then train judges in their respective regions.

A significant provision of the Budapest Convention is Article 32, which concerns the open-source framework provided under the Convention. It addresses the issue of cross-border access to data and is only available to state parties.

Parties to the Budapest Convention form a community of trust and must uphold principles of the rule of law and human rights, as described in Article 15. Compliance with international standards and respect for fundamental rights are emphasised.

Law enforcement authorities regularly use Article 32, provided they have received appropriate training and comply with minimum standards. This provision applies to a wide range of offences, including drug-related crimes. The use of these tools is guided by standard operating procedures that respect the principles outlined in Article 15, ensuring that they are used in a manner that upholds human rights.

Procedural safeguards and adherence to standards are essential to protect human rights and maintain the rule of law. State parties to international conventions have introduced measures to enable judicial authorities to effectively oversee the process. For example, Sri Lankan law enforcement authorities, as a state party to the Budapest Convention, have revised their standard operating procedures to ensure that electronic evidence gathering and international cooperation comply with international standards.

The Budapest Convention applies to any crime involving digital evidence, including war crimes. Specific procedural provisions, such as Article 14, 18, and 26, are particularly relevant in the context of war crimes. These provisions allow for the invocation of Article 14 in war crime investigations, facilitate the acquisition of evidence from any service provider under Article 18, and enable the spontaneous sharing of information among law enforcement authorities under Article 26.

In summary, the Budapest Convention and its Second Additional Protocol play a crucial role in collecting and sharing electronic evidence. However, their effectiveness relies on the domestic capacity of each country. Upholding the principles of the rule of law and human rights is essential. Law enforcement authorities frequently utilise Article 32, guided by procedural safeguards and minimum standards, to address various offences, including war crimes.

Patrick Penninchx

The Council of Europe was commended for its active promotion of human rights, the rule of law, and democracy. Its crucial role in promoting basic values, combatting war crimes, and addressing human rights violations was highlighted. The session focused on the role of investigative journalism and open-source information in investigations, recognizing their significance in holding accountable those responsible for war crimes.

The Budapest Convention was lauded as a global instrument for fighting cybercrime and promoting accountability. It was noted that the convention has been ratified by 68 countries, with more nations having signed or invited to accede. The opening of the second additional protocol to the Budapest Convention in May 2022 was also mentioned. The convention provides a legal basis for disclosing domain name registration information and direct cooperation with service providers.

The session also expressed support for the active role of various actors in combating disinformation and holding those responsible for war crimes accountable. The engagement of the private sector and organizations like Bellingcat in combating disinformation was acknowledged. The importance of investigative journalism and reliance on open-source information in exposing war crimes were emphasized.

However, it was stated that not all open-source information can be used as evidence in trials. The admissibility of open-source information was discussed, highlighting the need to comply with existing legislation and best practice procedures. Information used as evidence must be reliable, authentic, complete, and believable.

Concerns were raised about the rise of deep fakes and systemic disinformation in the current era. It was noted that some countries are actively promoting disinformation campaigns, posing significant challenges in maintaining information reliability and accuracy.

Regarding electronic evidence and data manipulation, it was observed that technological advancements have enabled individuals, states, and regimes to easily manipulate electronic data. The credibility and authenticity of data were emphasized as crucial factors, and it was argued that questions about their credibility and authenticity are legitimate.

The preservation, authentication, and availability of data for trial purposes were highlighted as essential criteria. It was mentioned that data must be preserved, securely guarded, protected, authenticated, verified, and available for review to ensure its admissibility in trials.

The role of the court in determining the validity of data for trials was discussed. It was stated that the court should ultimately decide whether information can be used as evidence in a trial or not.

While the Budapest Convention was praised as an effective instrument, it was noted that it does not cover all countries. Joining the convention implies compliance with its principles, including the protection of human rights, the rule of law, and pluralist democracy. It was also mentioned that countries not part of the convention are not covered by it.

Furthermore, it was clarified that the Budapest Convention is primarily a criminal law convention, rather than specifically focusing on war crimes. Nevertheless, Article 2 of the convention was highlighted for its importance in enabling cross-border access and obtaining of open-source information for use in trials.

The expulsion of the Russian Federation from the Council of Europe was mentioned, resulting from its illegal invasion of Ukraine and its failure to respect human rights and basic values.

In conclusion, the session highlighted the Council of Europe’s active promotion of human rights, the rule of law, and democracy. The Budapest Convention was celebrated as an effective global instrument for combatting cybercrime and ensuring accountability. The significance of investigative journalism, open-source information, and the need for data credibility and authenticity were emphasized. However, challenges regarding the admissibility of open-source information, the rise of deep fakes and disinformation, and the limitations of the Budapest Convention were also discussed. The expulsion of the Russian Federation from the Council of Europe was noted as a consequence of its violations of human rights and basic values.

Nick Waters

The development of open-source investigation has revolutionized the way footage from conflict zones is analyzed. By extracting detailed information from videos, it allows for a deeper understanding of events that take place in these regions. Nick Waters, an expert in open-source investigation, described an example where his team was able to geolocate a potential location from a video related to a series of executions in Benghazi. Working with three to four people for three weeks, they meticulously analyzed the footage to accurately determine the location.

Open source information, if extracted correctly, has the potential to be used as evidence. By using the latest high-resolution satellite imagery and overlaying the video footage on top of it, Waters and his team were able to definitively confirm the location of the execution. They also used the individuals in the video as sundials to establish the accurate time of the incident. These successful uses of open-source information demonstrate its potential as valuable evidence in various contexts, particularly in the realms of peace, justice, and strong institutions.

However, the Russian legal system has expressed skepticism towards the use of open-source information as evidence in previous incidents. Waters emphasizes the importance of ensuring the credibility of information in the Ukraine civilian harm database. He cautions against attributing incidents to any state party without extensive investigation. The dismissive attitude of the Russian legal system presents challenges in using open-source information effectively in this context.

To address the need for verification of authenticity in legal evidence, collaboration with the Global Legal Action Network has led to the development of a methodology for verifying digital evidence. The process involves locating images and videos in space and time, and excluding misleading information. This methodology not only ensures the admissibility of evidence but also provides a framework for verification in legal proceedings.

Although AI has made significant advances, it is not yet reliable enough to create believable content. Waters acknowledges that the majority of problems in this field arise from real content being repurposed for different events. AI, such as AlphaZero, currently cannot produce credible fake content. Therefore, caution is necessary when relying on AI-generated content for verification purposes.

Waters emphasizes the importance of hiring individuals with deep local knowledge to gather a more accurate understanding of situations. By doing so, it is possible to reduce bias and enhance the comprehension of events, ultimately leading to more reliable and nuanced investigations.

The responsibility of social media platforms for the information they post is a notable concern. Different moderation policies exist within and between platforms, leading to inconsistent treatment of content. Additionally, their algorithms play a significant role in determining what information is shown to users. Platforms have often tried to distance themselves from responsibility by claiming they are not publishers. However, Waters argues that social media platforms should bear partial responsibility for the information they disseminate, highlighting the need for greater accountability.

Cyber-enabled war crimes provide valuable information for investigating atrocities. The International Criminal Court (ICC) has recently announced its plans to investigate cyber-enabled war crimes for the first time. While this presents new opportunities, it is essential to note that computer-generated evidence should not replace traditional evidence. It must conform to legal admissibility and be used in conjunction with other forms of evidence to ensure a comprehensive and valid investigation.

In conclusion, the development of open-source investigation has revolutionized the way footage from conflict zones is analyzed. Open-source information has the potential to be used as evidence, but challenges arise in adopting it within certain legal systems. Collaboration with the Global Legal Action Network has led to the formulation of a methodology for verifying digital evidence in legal contexts. AI, although advancing, is not yet reliable enough to create believable content. Hiring individuals with local knowledge is crucial for accurate comprehension of situations. Social media platforms bear responsibility for the information they post. Cyber-enabled war crimes offer new insights, but computer-based evidence should not replace traditional evidence. Ultimately, a multi-faceted approach to evidence collection and verification is necessary for effective investigations in the pursuit of justice and peace.

Nataliya Tkachuk

The analysis highlights the importance of international cooperation in addressing cyber threats. It emphasizes the need for coordination and control activities among state actors involved in information and cybersecurity in Ukraine. Nataliya Tkachuk, responsible for coordinating these activities, specifically mentions the Russian Federation as the first country to use cyberattacks and disinformation as tools for special information operations. Tkachuk also points out the Russian Federation’s manipulation of social media platforms to spread disinformation and influence public opinion and elections in democratic states. This highlights the need for collaboration between nations to effectively combat cyber threats.

The analysis also underscores the role of electronic evidence in documenting and investigating war crimes. Tkachuk discusses how the law enforcement in Ukraine has registered over 90,000 war crimes since the Russian aggression began. She emphasizes that it would be impossible for any single law enforcement agency or country to document and investigate all of these crimes without the assistance of civil society, international partners, and NGOs. This highlights the significance of electronic evidence, which can provide a comprehensive understanding of war crimes and aid in holding perpetrators accountable.

The analysis reveals instances of cyberattacks on critical infrastructure facilities in Ukraine, such as electric power stations, conducted by the Russian Federation. This highlights the detrimental impact of cyberwar on civilian infrastructure and emphasizes the need for international cooperation to address and mitigate these attacks effectively.

Furthermore, the analysis mentions the success of Ukraine and the United States in attributing cyber crimes to specific individuals and states. The Armageddon Hacker Group is cited as an example, identified as part of Russian counterintelligence. This showcases the possibility and importance of attributing cyber crimes, offering hope for accountability and deterrence in cyberspace.

The analysis emphasizes the significance of international partnerships and efforts in tackling cyber war crimes. It calls on the international community to support these initiatives, recognizing the need for collective action to combat cyber threats effectively.

Moreover, the analysis highlights the Budapest Convention as an effective instrument in investigating cybercrimes. It acknowledges that Ukraine is still working towards complete implementation of the Convention and, prior to the conflict, faced challenges in providing full disclosure and preservation of technical data as required by the Convention.

The analysis also discusses the role of common democratic values in Ukraine’s fight against Russian aggression. It advocates for the upholding of justice and the rule of law, as these values are fundamental for ensuring peace and stability.

In addition, the analysis acknowledges the role of civil society in collecting evidence of war crimes in Ukraine. It recognizes their crucial involvement in gathering information and supporting investigations into these crimes.

Lastly, the analysis appreciates the Council of Europe’s efforts in training judges, prosecutors, and civil society in Ukraine. This training is seen as a valuable contribution to Ukraine’s justice system and evidence collection processes.

In summary, the analysis emphasizes the importance of international cooperation in countering cyber threats, the role of electronic evidence in war crime investigations, and the need for effective implementation of international conventions. It also underscores the significance of common democratic values, the attribution of cyber crimes, the role of civil society, and the contribution of the Council of Europe in supporting Ukraine’s efforts in documenting and addressing war crimes.

Moderator

The session aimed to discuss the use of open source intelligence and digital evidence in the prosecution of war crimes and human rights abuses. It highlighted the Budapest Convention on Cybercrime and Electronic Evidence as an important tool in these efforts. The convention provides guidance on how electronic evidence is collected, presented, deemed admissible, and safeguarded.

The importance of investigative journalism and open source information in holding those responsible for war crimes accountable was emphasized. It was mentioned that investigative journalism and open source information play a vital role in investigations, and the speaker emphasized the importance of bringing those in charge to account. The role of Bellingcat, an organization that specialises in open source investigation, was discussed, and its impact in conflict zones was highlighted. It was mentioned that Bellingcat utilised various methods of analysis and verification to ensure the accuracy of their findings in conflict zones such as Ukraine.

Cooperation with international partners in the fight against human rights violations and cyber crime was also emphasized. The Budapest Convention was mentioned as promoting international and cross-border cooperation in the realm of cybersecurity. The speaker highlighted the effectiveness of international cooperation in handling violations and cyber crimes, and the importance of a coordinated approach in gathering evidence and presenting it in various forums.

Concerns were raised about Russian aggression and cyber warfare, with 90,000 cases of war crimes registered since the Russian aggression started. The continued cyber attacks on Ukraine’s critical infrastructures by Russia were also highlighted. It was mentioned that Russia has chosen not to join the Budapest Convention.

The session also addressed concerns about data manipulation and the need for data authentication. It was mentioned that technological advancements have made data manipulation easier, and electronic evidence is vulnerable to manipulation. The importance of preserving data and authenticating data sources to ensure credibility and admissibility in court was stressed.

The role of social media platforms in enabling harmful events was discussed. The differences in moderation policies among platforms, as well as the accusation of Facebook enabling ethnic cleansing in Myanmar, were highlighted. It was mentioned that social media platforms bear some responsibility for the information shared on their platforms, and the influence of algorithms on what is shown to users was also acknowledged.

The importance of joining the Budapest Convention was emphasized. It was mentioned that the convention now covers 68 states, and countries that join the convention comply with the principles of human rights, the rule of law, and democratic society. It was stressed that more states need to join the convention to strengthen international cooperation in addressing cyber crimes and human rights violations.

In conclusion, the session highlighted the significance of open source intelligence and digital evidence in prosecuting war crimes and human rights abuses. The Budapest Convention was recognised as an important tool in this regard, providing guidance on the collection, admissibility, and safeguarding of electronic evidence. The session also brought attention to the role of investigative journalism, international cooperation, and the need for improved handling of open source intelligence and electronic evidence. Moreover, concerns were raised about Russian aggression, data manipulation, and the responsibility of social media platforms in enabling harmful events. Overall, the session emphasized the importance of international cooperation and effective legislative tools in addressing these pressing issues.

Session transcript

Moderator:
crimes and electronic evidence. We’ll start in about three minutes. The panel is sitting on the right, if you’re facing us, so that we can actually see the audience. Otherwise, you’d be facing the screen. So we’ve decided to sit here, so if anybody comes up, we can actually see them and face the audience. So please feel free to sit in the audience, or even if you want to come up and sit at the table, you’re most welcome. Thank you. Thank you. Thank you. Thank you. Thank you. you you you you Good evening everybody. Welcome to the session on Open Source Intelligence and prosecuting using digital evidence, war crimes and human rights abuses. I am the moderator. My name is Zahid Jameel. I’m an attorney. It’s an honor and a privilege and it gives me great pleasure to co-moderate this session with my colleague Gyorgy who is joining us online and will be helping us moderate through an online platform. Under Gyorgy’s leadership and myself as a consultant, we have in the last excess of 24 months undertaken an extensive project on behalf of the Council of Europe that related to today’s discussion, the topic of discussion today which is trying to assist the Ukrainian government in addressing issues related to open source intelligence that can be collected and used as electronic evidence in terms of its own domestic legislation as well as international law. In particular, using the Budapest Convention on Cybercrime and Electronic Evidence as one of the mechanisms to take such open source intelligence and electronic evidence obtained from there and make it admissible and usable before various forums such as domestic courts and international courts or other forums as well, possibly war crimes tribunals. Whilst we could speak in detail about this in today’s conversation, however, and discussion, it aims to introduce our honored guests and we shall dilate upon these challenges and instances whereupon open source intelligence can be used as electronic evidence for prosecuting human rights abuses and war crimes. I will lead the first segment leading up to a round of introductory remarks by the panelists and then hand over to my co-moderator Jorgi to maybe sort of ask some sort of questions we may have received from online participants and also open it to the floor for comments and questions and then come back to the panel for possibly a second round as well. So with that, if I can introduce my first panelist, of course, we are very honored and privileged to have Patrick here who is the Head of Information Society, the Department of Council of Europe. His areas of responsibility include freedom of expression and freedom of media, internet governance, artificial intelligence, cybercrime, data protection and he’s also responsible for projects related to public-private partnerships and cooperation with business partners. His professional focus, of course, encompasses areas such as freedom of expression, safety for journalists, sound internet governance and international standards and data protection. It’s a pleasure to have you here, Patrick, please. The floor is yours.

Patrick Penninchx:
is yours. Thank you. Thank you so much, Saeed. In fact, this panel represents all the Council of Europe stands for. That is, we want to create an environment that is promoting human rights, the rule of law and democratic society. And in fact, what we see in war crimes and especially is these profound human rights violations in which all the actors that take an active role in promoting those basic values have to stand together in order to be able to fight the disinformation about the war, first of all, but also to ensure that those that are in charge and have to take the responsibility for the war crimes that are being committed. And in that respect, the instruments of the Council of Europe, and you mentioned the different areas in which I have a particular role to play, they come together. And I think this session really focuses on the role of investigative journalism, open source information, the use of such open source information in investigations, and bringing those in charge to account. The Budapest Convention is one of those instruments. And the Budapest Convention is not only a European convention. It is now ratified by 68 countries, when a number of countries, 23 more have signed or have been invited to accede to the Budapest Convention. And that makes it a worldwide instrument. That’s really important. Of course, the fact of having the war on the European soil. has of course meant that we took an extra interest in what was happening from a Council of Europe perspective and in that sense have been engaging quite a bit, including with the private sector. We’re very happy to have Microsoft here around the table, but also with organizations such as Bellingcat that have made open source investigation one of their leading goals in terms of making sure that those responsible are taken into account. A number of elements of the Budapest Convention and especially the second additional protocol which was opened in May 2022 and has had an immediate success in terms of the number of signatories of the second additional protocol will of course help us to fight the proliferation of cybercrime on the one side, but also to fight and to make sure that the increasing complexity in obtaining electronic evidence which is stored in foreign multiple shifting or unknown jurisdictions and the powers of law enforcement which are limited, we have to ensure that with that we can combat that and provide a legal basis for the disclosure of domain name registration information and direct cooperation with the service providers. While offering at the same time mutual assistance tools and of course personal data protection safeguards. This will be also presented by my co-panelists later in this session. So I would like to thank you very much already the ones here present in the room and also the panelists for taking part in this important session. Thank you. Thank you very much. Thank you Patrick. It’s a pleasure

Moderator:
to have had you. Thank you so much and of course we’ll come back to you for more clarifications and questions probably more about the European status and what may be happening in Ukraine. Of course we have other panelists who are from Ukraine with us to also speak about that. I will now ask my colleague, Jayantha Fernando, who is joining us online as the second panelist, if we could switch to him. Jayantha is a lawyer, now in active digital law practice from South Asia, who has helped to bring Sri Lanka and several countries to the Budapest Convention. He was a bureau member of the TCY, which is the committee of the Budapest Convention of the Member States, which negotiated the second additional protocol and several guidance notes to the Budapest Convention. And I can tell you that he’s done an excellent job of trying to advocate for the adoption of the Budapest Convention right across the globe in several countries, both in the South Pacific and also in Asia. So it gives me great pleasure to invite Jayantha, if you could, please, the floor is yours, Jayantha. I don’t know if you can hear us since you’re online. Just wanted to check if you are there.

Jayantha Fernando:
Yeah, I can hear you very well. Can I be heard?

Moderator:
Please go ahead. Thank you.

Jayantha Fernando:
Thank you, Saeed. And it’s nice to speak after Patrick. And if I think in the interest of time, I’ll be brief in this initial intervention. I think in the context of open source intelligence and use of modern techniques for gathering electronic evidence, Saeed has very clearly enunciated in your opening address as well as what was mentioned by Patrick. And in the context of what we are seeing happening, being live streamed from the Middle East, as we speak, the tragedies and all that’s happening these days, I think this topic is really of significance. I think it is… has been discussed at a very opportune moment at the IGF. In the context of the Budapest Convention and its operative provisions, I think it goes without saying that the tools provided through the Budapest Convention, including through the Second Additional Protocol, are vital in the context of allowing new techniques to be adopted in the investigation of all categories of offenses, including human rights violations, that you very clearly mentioned a short while ago. Most notably, it is relevant to note that the Convention State Parties got together after the Cloud Evidence Report was finalized in 2017 to negotiate the Second Additional Protocol that provides new and novel methods for investigators to gather and share electronic evidence with other parties, as well as directly laced with international service providers. So we have, for the first time, mechanisms provided for enhanced direct cooperation between countries and providers of service, including domain name registration information providers. We have disclosure of subscriber information provided under Article 7 of the Second Additional Protocol, and heaps of measures connected with that. Then there is also a mechanism to give effect to an order made by one country for expedited production of subscriber information and traffic data that’s provided under Article 8. We also have. in the second edition of protocol article nine, which provides for expedited disclosure of scored computer data in an emergency situation. And then procedural measures that deals with now new techniques for emergency mutual assistance, which was either to never provided in any other treaty. Then of course, there are very practical solutions also in the second edition of protocol, most notably in article 11, that describes procedures for international cooperation where parties and experts are in different places. And it is difficult to reduce the evidence that you have gathered. And there is mechanisms available for obtaining the evidence required and clarity and depositions to be provided through video conferencing techniques. And then also joint investigation teams and joint investigations. But most notably, what I would like to emphasize are the additional safeguards that were brought in through the second edition of protocol, which has either to not been found in any other international treaty. There is the provisions contained in article 14, which has got specific data protection safeguards dealing with processing of data that is gathered in the course of investigation and for cross-border sharing of electronic evidence gathered through the new techniques provided under the second edition protocol. Having said that, ladies and gentlemen, what I want to in conclusion emphasize is another important tool that is made available under the Budapest Convention, namely the capacity building measures. All of these tools, legislative tools become meaningful and effective only if there is… domestic capacity in a given country to deal with the problem and equip the criminal justice authorities with the ability to investigate, prosecute, as well as hear and determine these matters within your territories. For that to happen, Council of Europe Convention, the Budapest Convention, and its rules provide a capacity-building initiative for the global action against cyber crime, which has benefited many countries, including mine. So we find, in conclusion, illustrate an example. We have, over the years, been able to have expert judges. Now, we have 14 of them who have gone through a training of the training program, who, in turn, have been able to replicate and introduce cyber crime and electronic evidence module in the Judges Institute to train judges across the provinces in the country. That resulted in 323 judges being trained in the provinces by the 14 expert judges trained under the Council of Europe PLACY program called Global Action Against Cybercrime. Similarly, prosecutors have been trained, who have developed the ability to deal with this problem and equip them with tools to prosecute. And then investigators, who are the first respondents in a human rights violation, genocide, or any other cybercrime-related incident, who can gather the essential ingredients necessary to prove the offence. They have also been trained under the PLACY program, under the Council of Europe. And I just want to flag those benefits as a country that has progressed over the years as a state party to the Budapest Convention, how we have benefited from it. those capacity building tools to develop domestic capability to deal with the range of issues and challenges where electronic evidence is required to be gathered to present them in the various fora, including in the context of the topic being discussed today and the need for such capacity to be developed over a period of time and maintain in a sustainable manner so as to create an ecosystem where the modern day threats, issues, challenges can be dealt with in a coordinated manner with international partners. So with that, Zahid, I will close my intervention at this point and I’ll be available for Q&A. Thank you.

Moderator:
Absolutely. Thank you so much, Antha. In fact, of course, we will come back to you because we’d love to hear more about the incidents and examples that have been helpful to your country and how you’ve used them. But at the moment, we’ll move to John. Let me introduce my next panelist, John Herring, who’s here in the room to my right. He is a Senior Government Affairs Manager for Digital Diplomacy at Microsoft. He analyzes global cybersecurity landscapes and drives engagement with regional government teams and contributes to Microsoft’s efforts to promote peace and security in cyberspace through various multi-stakeholder initiatives. He’s worked previously with the US government and prior to joining Microsoft, John served as a White House Defense Fellow in the Obama administration at the Department of Defense and the Office of Secretary of Defense for Policy. He has also previously led humanitarian aid research in Northeast Nigeria with the Danish Refugee Council and worked as a math and science teacher also through Teach for America. I know you had a fantastic session this morning, John. I just talked a little bit about what’s happening in the international landscape, but over to you to discuss this very important topic and what Microsoft’s doing in regards. Thanks.

John Hering:
Thank you. Thank you so much. And thank you to the IGF for hosting this important discussion. I mean, it’s a privilege to be up here with all of you. And maybe just to begin by saying that, you know, to commend the Budapest Convention as, you know, the invaluable tool that exists for successfully combating international cybercrime. And just to say that we hope that the current UN cybercrime negotiation process to the ad hoc committee sort of takes a cue from the Budapest Convention to certainly not conflict and also to hopefully replicate many of the good measures that are reflected in that to support international cooperation against cybercrime while safeguarding effectively human rights. I wanna pivot a little bit to talk about the topic that brings us here today, which is sort of the potential for war crimes and the potential for cybercrime in the future. And I wanna start by saying that I’m a big believer in the importance of data and documentation is there because innovation in conflict has necessitated innovations in collection, in documentation and of the evidence. My team at Microsoft is our digital diplomacy team. We’re relatively new, but we’re, you know, one way to think of us is Microsoft’s response to cyberspace emerging as a domain of conflict. We spend a lot of time trying to promote new expectations for responsible behavior online and elsewhere. We do what we can to promote accountability to those expectations. And to that end, the use of cyber operations in the, you know, full-scale war in Ukraine that began a little over a year and a half ago, you know, has been rather novel in sort of being the first large-scale example of hybrid warfare that perhaps the world has seen. There are certainly other examples, but not at the scale that we’re seeing in Ukraine. And this has introduced sort of two challenges. The first is obviously the potential for traditional war crimes that we’ve seen in the past and in other conflicts and that are as old as time in many ways. And then the other is the potential for specifically cyber-enabled or cyber-dependent war crimes. And then also everything in between, you know, war crimes that have a cyber component to them or that are enabled by those operations. And this creates new challenges in terms of what our responsibilities as different stakeholders in this space, what is our responsibilities as an industry player that has access to information and can help with documentation. So on the sort of cyber-based. potential war crimes side of this equation, Microsoft has responded to these challenges with greater transparency and increased reporting. In particular, out of our Microsoft Threat Analysis Center, in addition to trying to work to protect and secure civilian data, Ukrainian data, customer data that might be tied up in the conflict, we’re also reporting on the breadth of cyber operations that we are seeing across the conflict itself. This has been in successive reports from our Threat Analysis Center, includes information on the targets, the different malware types, the actors that are responsible, to the degree we can trace who the actor responsible is, and to the degree we can know what the impact of those attacks has been as well, to hopefully serve as a tool of accountability on its own, but then a valuable source of open source intelligence as well. And then there’s the other side of the equation when it comes to more traditional war crimes allegations for which digital documentation could be proof essential. And so we’ve also been exploring how to expedite the collection of evidence or otherwise provide support for the capture of digital evidence alleging for just traditional war crimes under underneath the Rome Statute or other provisions, and making sure that the International Criminal Court would have the ability to document that in a more immutable fashion. So I might leave that there for further discussion just to tee up how we’re seeing this space and how that intersects with some of the work of my team. Thank you.

Moderator:
Thank you so much. That’s very helpful because it gives us an idea of how businesses are trying to tackle and address and trying to ameliorate the very serious concerns and incidents that are taking place. Now, if I may turn to our participants and speaker from Ukraine, Natalia Tagchuk. She is the head of the Information and Cybersecurity Directorate at the Office of the National Security and Defense Council of Ukraine. She also holds the position of the Secretary of Ukraine’s National Coordination Center for Cybersecurity and has 20 years of practical experience in the sector of national security and defense of Ukraine. She is responsible for providing coordination and control over activities of main state actors in the sphere of information and cybersecurity, and she holds a PhD in the field of law and national security. Slava Kuranya, pleasure, welcome. Thank you.

Nataliya Tkachuk:
We please you, the floor is yours. Thank you, Zahid. It’s a great pleasure and honor for me to be here with such a great professionals. Thank you very much for your support to Ukraine. It’s very important for us. I would like to start to say a few words. You know, my trip to Japan took almost three days because we don’t have no air connections as this war going on in Ukraine. But this trip was worth it because the AGEA Forum is a very important venue where we can discuss the most important issues of the internet, of new technologies, of cybersecurity. And you know, the first day during the opening panel, I was admiring the opening speeches on the first panel. Everybody were talking about the importance of the internet in democratic world, about artificial intelligence, and also about threats that these technologies can possess. First of all, cyber attacks and disinformation. But to my regrets, no one mentioned the country who actually invented the mechanisms of disinformation, using social media, internet to manipulate public opinion, to manipulate elections in democratic states. Country who was the first country using cyber attacks also as an instrument for further special information operations. I’m talking about the Russian Federation, about the terrorist country. And why it’s important to remember, because when we are discussing the future of the internet, the future of cybersecurity and new secure frameworks, we need to keep this in mind. Today, we will discuss the war crimes and the role of electronic evidence. I should say that since the Russian aggression started, our law enforcement already registered more than 90,000 of war crimes. Can you imagine this number? And even this is old data. Maybe now it’s even bigger, 90,000. And it’s simply impossible for any law enforcement agency, or even for one country to document and to investigate all these crimes. And it’s simply impossible without your help, without the help of civil society, without our international partners, without help of people who take care of human rights, NGOs, and so on. And this is why the question of electronic evidence is very important. And I’m happy that today we will discuss the main issues of this topic. Thank you.

Moderator:
Thank you very much. You’re absolutely right. And I think a lot more attention needs to be paid and heeded to the kind of issues that you’ve mentioned. Also, I think it’s important that you mentioned the importance of attribution in attacks, et cetera, and also with the evidence that you collect to be able to attribute it is extremely important. So I move now to our last panelist. Of course, we will be having several rounds after this, of course. Nick Waters, he’s the head of the justice and accountability team at Bellingcat. We’re really happy to have you, Nick. Thank you. With a background in the military and cybersecurity, his interests have focused on conflict and the applicability of open source information as evidence. Nick will be speaking about the development of open source investigation, starting with the inception of Bellingcat, the development of a methodology with the Global Legal Action Network to enable the use of open source information to investigate Saudi-led coalition strikes in Yemen, and ultimately its application to the invasion in Ukraine. Over to you, Nick. The floor is yours.

Nick Waters:
First, thank you very much for inviting me. It’s incredibly privileged to be able to speak to all of you here. What I’m going to show you is a much more granular idea of what this can actually mean in terms of information or open source information as evidence. And in order to do that, we have a, or I wanted to show you a video which relates to a series of executions carried out by Mr. Bithali in 2017. So Mr. Bithali was the subject of a restaurant issue by the International Criminal Court regarding the executions of large numbers of people that he accused of being members of the Islamic State, but who had not gone through any kind of judicial process. When we found out about this, we decided that we would also try and find out what kind of information you could work out from each one of these videos. And I would like to show that to you now. Just a warning, this does show the aftermath of an execution. It doesn’t show the actual execution itself. So that is Mr. Bithali reading from a sheet and those are detainees who were about to be executed. And what we needed to do was try and squeeze as much information out from this video as possible. Now, when you see a video, watch a video, you’re only seeing a single still frame at a time. So what we did is we extracted multiple still frames and then blended them together to form a panorama. And within that panorama, it makes it easier to identify features which you can use to geolocate it, to place it in space. In this case, we could identify some buildings in the back left with quite distinctive design with gaps at the base, a wall on the right-hand side and a fork in the road where the actual execution took place. Now, finding the general area wasn’t too difficult. There’s a place called the Chinese Housing Project in Benghazi where fighting had been taking place at the time of these executions, which matched the building. that we could see in the video. And so that’s where we started looking. Now, if you’ve ever seen these kind of geolocations or read an article from Bellingcat, you can see that when you reach the final product, it can sometimes be like really clear. It seems self-evident that the location is correct, but frequently this can take a very long time to achieve. In this case, I think it took us about three weeks with three or four people working several hours a day in order to actually identify the potential location, but we did eventually identify a potential location. And this location had the properties that we were looking for in terms of a fork in the road, a building, and a wall, which are in the correct orientation. However, for us, that isn’t confirmation enough. We want to be absolutely certain. So what we did is we bought the latest high-resolution satellite imagery that was available, and then we overlaid the video of the execution on top of it. And we saw that the bushes that you can see in the top of the image matched exactly with what you could see in satellite imagery. And as we were buying this latest satellite imagery, we also noticed new satellite imagery appeared, which had these black spots in the road. And it took us a while to work out precisely what these black spots were, but again, when we compared them to the video, we worked out that they were the bloodstains of the people who had been executed. So we knew we had the location exactly. We could then use the people within the video as effectively as sundials to work out where the sun was in the sky in order to establish the time, which would have been about 6.30 in the morning. And then we were pretty confident about the date because the bloodstains appeared between the 15th, 16th, and 17th of July. So we had an exact location, a time, probably accurately, within a few minutes, and then a date, accurate to within a few days. And this is the kind of information that we deal with in order to take content like this, images, videos, from primarily from conflict zones, and then verify that content in order to conduct further in-depth investigations. And this kind of information can be incredibly important, especially when it’s combined with other traditional forms of information. Forms of evidence. Yeah, and I think that is my time up. I’m very happy to speak about that if anyone has any further questions. Thank you.

Moderator:
Nick, that was breathtaking, to say the least. Thank you very much. Very helpful. I would like to now go to the remote participants and my co-moderator, Gyorgy. But before I do that, I wanted to give an opportunity to Natalia. Natalia, you see what has just been shown. And while there’s Bellingcat, now it might change to Bellingbear, near Russia. So my question is, how do you feel about this sort of information? Would it be helpful to you in the Ukraine and the conflict there?

Nataliya Tkachuk:
Yeah, of course. This information would be very helpful to Ukraine. And actually, Bellingcat is helping Ukraine right now. They have a special platform which gathers all the electronic evidence of Russian aggression in Ukraine.

Moderator:
Thank you. So obviously, hopefully more people from the tech industry will be also helping out. We hope that is the case. I would like to now take the opportunity and go to my co-moderator, Gyorgy. Maybe he can mention a few comments. I know he’s done extensive work, of course, in Ukraine with respect to OSINT. And also maybe he can tell us if there’s anybody who would like to comment or has questions from the online platform. We’ll go there first. Gyorgy, over to you.

Giorgi Jokhadze:
Thank you, Zahid. And greetings. everyone from Strasbourg. It’s it’s been it’s been a pleasure to to listen to all of the speakers and to participate in this in this event so thank you very much for this opportunity and thank you for all the information shared so far. I’ll start with the second question from Zahid at the moment we have about 30 participants online but there are no particular questions yet coming in or comments that are being relayed to speakers so using this opportunity maybe I can sort of step in myself and and provide a couple of comments as Zahid rightly mentioned when it comes to the use of open source intelligence or generally evidence of war crimes and gross human rights violations in the context of our assistance to Ukraine so for the last few years I worked for the Council of Europe where I’m managing a regional project on cybercrime and ethnic evidence in the Eastern Partnership which also covers Ukraine and it happened to cover Ukraine also from on the days when the Russian aggression against Ukraine started in February 2022 so we’ve been actually quite involved with Ukrainian authorities especially with the prosecutor’s office from the very early days I would say of our action of our joint action to support Ukraine in the war of aggression in terms of like really clarifying the issues where actually do our standards such as the Budapest Convention on Cybercrime and potentially second edition standard in terms of supporting Ukraine to basically to have a clear case and the clear sort of evidence and then standing either domestically or through potential international investigations or international judicial process in these issues as well so what we try to focus on was not really to go that much in depth into the features of the national law because there we had the help of the Ukrainian expert who was actually looking at this quite extensively but for us it was important to identify whether the tools that we have would be helpful and fortunately we have the Budapest Convention on our side and we identified a few tools there including for example article 32 of the convention which is underutilized in daily practice, but still opens up a lot of possibilities to all member states to the Budapest Convention to also have access to open source intelligence, either in the public domain or in the private domain. If let’s say the owner of the data, be it a service provider or a foreign company, or even the civil society organization expresses its content to share with authorities of Ukraine, should such a request would be. It may be, it may sound a bit superfluous, but it’s also very important to note that we view the open source intelligence in this context as a part of the overall chain of evidence and chain of custody leading to criminal investigations and overall criminal justice context. For us, it is important to treat the OSINT as information and evidence, which is just a part of the rest of investigative powers and investigative procedures that investigators and prosecutors have to use to prove the cases either domestically before domestic courts or internationally should this be required. And last but not least, I think it’s very important to note that one of the features of electronic evidence that is that it likes to travel beyond borders. And this is where the tools of the convention and tools of a second edition protocol come into place because cross-sharing of evidence is not just simply about international investigations or the tribunals, but also in terms of the actual acquisition of the data, the actual sharing of the data would be great if it’s sort of put in the framework of a process which is provided by the Budapest Convention, specifically Article 32 and the other instruments that are there. So, sorry for abusing a bit my position as a co-moderator to this meeting, but I thought it would be also a bit thought provoking maybe to focus on those tools as well in terms of discussion in this workshop. Thank you. So far, I see that there are no further questions at the moment from the chat.

Moderator:
Gheorghe, thank you so much, by the way, really appreciate you giving us sort of a primer on how the different provisions of the convention actually work. This is very, very helpful, especially Article 32. I will first of all, look towards the audience to see if there are any questions from the audience. Of course, I have a few questions which I’ll pose to next Jayantha, just giving him a warning, but please, there’s a mic right behind you and we’re happy to give you mics from here if you wish, but if you could go there and then you’d also be on camera when you ask the question.

Audience:
Yeah, sure. Hello, thanks all for coming and thanks to the panelists and moderator for giving the floor. My name is Tim. I think that this Budapest Convention framework may still like a useful legal framework in context of war crimes and crimes in general. However, do you think it can be used for punishing those criminals who are Ukrainian based as long as there is plenty of electronic evidence of war crimes committed by Ukrainian army forces as well, like tortures, killing civilians, presence of war and so on. Same as cyber crimes, fraud and scam. Just for example, Ukraine has a record of having call centers with scammers pretending to be like central bank employees. These scammers call Russian citizens and convince them to transfer money to the attacker’s account. That’s definitely a cyber crime. So my question is, is there any chance Ukrainian based criminals will ever be punished with your help? Thank you so much.

Moderator:
Thank you for the question. I’m definitely going to have some comments to that, but over to anyone in the panel who would like to respond.

Nataliya Tkachuk:
First of all, I would like to comment that actually there is a not only conventional war, but cyber war that is going on in Ukraine. And the Russian Federation started the cyber war in 2014. And actually it was the first example of cyber war when Russia attacked our electric power station with black energy, simultaneously annexing the Crimea and other parts of Ukraine. And I’m thankful to John that you mentioned cyber war. crimes and your question about the cyber war crimes. I can say that Russians are constantly conducting cyber war crimes against Ukrainian population. They are constantly attacking civil critical infrastructure facilities, electronic grids, and other facilities that is being used by civil population. And it’s no matter that it’s rather difficult to attribute cyber crimes, but we managed to do this. And I should say that Ukraine, together with the United States of America, maybe only the two countries in the world really managed to attribute the cyber crimes to a particular people who did this. For example, I should give you an example of Armageddon Hacker Group. The Security Service of Ukraine, together with the Office of General Prosecutor and military department of it, managed to investigate the constant cyber attacks of this hacking group. And this hacking group is a part of the Russian counterintelligence, which is based in Crimea. We had the particular names, phone calls of the people who conducted these cyber attacks. And we can prove that this was actually cyber war crimes. And this is very important for international community to support this, because it’s very important issue. And I should say that this is a new issue, because it’s not the first war, but this is the first

Moderator:
cyber war that’s going on. Thank you. Thank you. Thank you. What we’ll do now is we’ll basically ask others to explain what is new about this. And of course, we’ll take more questions. Just one response from me. I’m the moderator, but I think it’s helpful just as a matter of information. And it’s neutral comment. Obviously, these allegations would be by Russian complainants or victims, et cetera. So it’s a very simple answer to this question. Ukraine is a member of the Budapest Convention. Others are members of the Budapest Convention. Russia can become a member of the Budapest Convention, but for some reason it chooses not to. If Russia, just to answer your question, if Russia became a member of the Budapest Convention, then it would be able to assert these rights. But for some reason, the External Affairs Ministry of Russia decides not to do so. So maybe the question should be asked of the Russian Ministry of Foreign Affairs or External Affairs, why don’t they join to solve this problem? I wanted to move to John. And of course, I know you are, they will come back. I want to move to John and say, John, what kind of new challenges are you seeing here with respect to war crimes and electronic? This is one of the first we’ve witnessed since the new age of cyber. And are there specific cyber specific war crimes that you want to sort of talk about and what does that do to the environment? Thanks.

John Hering:
See, it’s not Microsoft’s place to be, I think, deciding in any way what constitutes a war crime one way or the other. But I think, obviously, the widespread use of cyber capabilities in an armed conflict represents the possibility of there being cyber-enabled war crimes. And hence why we’ve sort of been stepping up that degree to which we are reporting out on the offensive cyber activities that we’re seeing in the context of that particular conflict, but then also more broadly. And so I actually would probably direct you to the work of the Human Rights Center out of Berkeley Law School, who has filed now, I think, three successive Article 15 submissions with the International Criminal Court that does allege cyber-enabled war crimes. And as part of, and certainly throughout their sort of very well-documented submissions, there is a very well-resourced set of evidence based on the reporting from not just Microsoft, but a whole host of technology companies who have sort of stepped into that space to say, hey, here’s the activity that we’re seeing. Here’s the best information that we have in terms of where we can trace it back to. Here’s the type of malware that was used in this operation. And then also, to what degree, at least this was something that Microsoft reported on last year, to what degree do we see alignment between military objectives in the kinetic space, as well as then the cyber operations that we see as being aligned? And so whether that’s missile attacks or other kinetic strikes, we are also seeing some evidence of potential alignment there that can be used in similar violence.

Moderator:
Thank you, very helpful. I wanted to now turn to Nick. I know we didn’t give you enough time and you just were able to present the video, but is there anything you wanted to generally state? And also, in particular, to sort of the things you’ve seen happening with respect to on the ground? Because a question was just asked about that it would be helpful to get some sort of response about the experience you’re having.

Nick Waters:
Yeah, so from our perspective, this is less in terms of like the Budapest Convention and more in terms of specific open source information. One of the things that we’ve actually been very careful about specifically with the map that was previously talked about, which looks at instances of civilian harm in Ukraine, is that we’re very, very careful about attributing responsibility for that. So the Ukraine civilian harm database, which we run, contains all the incidents that we can find, which is obviously only minority of what has happened, where civilians have been harmed or civilian infrastructure has been harmed in Ukraine as a result of the Russian invasion. We have taken several safeguards to make sure that we’re careful about the kind of information that’s placed in there. So, for example, we talked for a couple of hours about what colour to label the instance. So they’re not blue, they’re not red, they’re not green, they are specifically purple. We haven’t attributed any of those instances to anyone. So in theory, what you see on that map could in fact have been carried out by any state party. That is something we’ve had to be very, very careful of because we cannot make comment on who has actually carried out a particular instance until we have conducted further in-depth investigations of that. In terms of the Russian state specifically, firstly, we would find it very difficult, for example, to cooperate with the Russian legal system, firstly, because we don’t think it’s a particularly effective one, and secondly, because as soon as we get off the plane, they would arrest us. And secondly, that same legal system has spent the last few years denigrating the idea that this kind of information can be used as evidence, specifically in relation to MH17, as well as in relation to their intelligence agencies carrying out poisonings in Europe. And so I don’t think this kind of information would successfully be used as evidence within the Russian legal system, simply because they rejected that as a possibility over the previous few years. Thank you.

Moderator:
I’m going to ask Jan and Fernando to possibly share with us examples of the use of Article 32, because as I mentioned earlier, we’re going to come back to you and see how you think that Article 32 is unique and provides the ability to be able to combat or deal with open source intelligence, for instance. And I would like to come back to the floor because I believe there’s a question from here and then we’ll come back to the earlier participant. Please go ahead, Jan. Thank you, Saeed.

Jayantha Fernando:
a couple of points I just want to emphasize here in the context of some of the questions also that was raised. It’s important to know that the tools available under the Budapest Convention, including Article 32, is available for state parties to the Budapest Convention and not otherwise. So, I think we need to be very clear about the unique features of the Convention, especially the open source framework provided to Article 32, which is clarified more clearly through the guidance note on transport access to data, Article 32. So, there’s a guidance note, Zahid, if you may remember, on Article 32, which was agreed to between state parties to the Budapest Convention. And it is also important to note a particular sentence I would like to quote from the guidance note, where it is presumed that the parties to the Convention form a community of trust. And that rule of law, human rights principles are respected in line with Article 15 of the Budapest Convention. So, if a state party to a Budapest Convention who wants to benefit from Article 32 and rely on the open source material available online, as clearly explained by many of our panelists today, it is also important to understand that the concept of this being used within a community of trust and to ensure that rule of law human rights principles are respected in line with article 15. That said, I want to emphasize that not only on a day-to-day basis but on a very regular basis, be it in relation to a drug-related offense or any other offense, our law enforcement authorities are using this provision on a regular basis because they have been trained, and not only because they have been trained, they comply with the minimum standards under article 15 and the standard operating procedures on which they use those tools are also respecting the provisions contained in article 15. Thanks.

Moderator:
Thank you. Thank you, Janatha. And article 15, for those who are in the room, is basically the human rights provision. So it’s very important for the convention to basically make sure that any provision of procedural or investigative powers are subject to these human rights provisions. We have a question in the room. Gentleman, please, over to you, sir. Please, you can ask your question. Thank you. I’m Fernando Garcia, and I’m the… Sorry. Hi,

Audience:
I’m Fernando Garcia, and I’m the Secretary Director of R3D, the Utah Rights Defense Network from Mexico. Obviously, I think no one can deny that access to e-evidence can be crucial to resolve crimes. However, I think it’s really important to also make notice that, unfortunately, in many places in the world, law enforcement officials also participate in the commission of war crimes, crimes against humanity, human rights abuses. In this respect, I think it’s important to say that unfortunately, a lot of dissatisfaction and frustration among several civil society groups with regard to the lack of effective safeguards, both in the protocol of the Budapest Convention and in the proposed draft in the Cybercrime Treaty being negotiated in the UN. For example, the lack of judicial safeguards being mentioned. And in general, I think… There’s a lot of frustration, I think, lack of communication, I think. And I think my question is, does anyone in the panel recognize that the safeguards that are in the protocol or in the draft text of the UN Cybercrime Convention are inadequate? And there’s much more to do with regard to building effective safeguards that prevent the provisions of the Budapest Convention of being used actually to commit crimes with impunity, as unfortunately many places in the world, like in the country that I come from, happens regularly.

Moderator:
Thank you for the questions, very good question. I’m happy to give some response, but any piece, Patrick, go ahead.

Patrick Penninchx:
Well, I think it is indeed better that the parties to the Budapest Convention can respond to that because ultimately they are in charge of committing to the Budapest Convention and using its articles. I just wanted to say two things, also with regards to the previous question. We’re a panel on war crimes and gross human rights violations. This is not the International Criminal Court. So let’s also refocus and make sure that we focus on the topic of our panel right now. And maybe also despite the fact that we emphasize the usefulness of open source information as being potential evidence of war crimes, we also, however, we need to distinguish between intelligence, information, and evidence, and that not every open source information is or can be used for trial purposes. I think that’s important that we recognize that electronic… evidence must obviously be obtained in compliance with existing legislation and best practice procedures to be admissible in a trial. That’s one thing. And from the example that Nick has given us, let’s also be very clear. We need information, open source information that is reliable, that is authentic, that is complete, that is also believable and reliable. And I think those elements are core components once we have to decide when certain information can be used in trial or not. And that’s why the importance of reliable information, not manufactured information, is of clear importance. And when we see that we’re in an era where deep fakes and disinformation, systemic disinformation, is taking place worldwide but also ensured by a number of countries which have a particular interest in that, that we need to ensure that this information is in the first place reliable. Then I leave it to the parties, to the Budapest Convention, to see what the limitations are and where we need to work

Moderator:
further. Thank you. That’s very, very helpful. I just wanted to add a comment, and then of course there are more interventions I believe, that the Convention under Article 15, and I don’t know if you may have read it, stipulates that the human rights standards, in fact it mentions several treaties that have to be applicable, and it talks specifically about safeguards. Every single procedural investigative power, because I teach this constantly every few weeks, actually stipulates that there should be judicial oversight of every single procedural provision within the convention. So this is very much embedded within the crux of the convention. But in addition to that, the capacity building training that the convention does continually talks about the human rights aspect. So I completely agree with you that it’s essential that police, law enforcement and others don’t abuse this. And the Budapest Convention at least provides some. I’m happy to have a conversation with you about where you feel maybe there are gaps. But I do think that you are right when we look at the UN Convention, that our committee convention in the UN currently, there are various concerns of civil society and others. And absolutely correctly, I think, that there are many gaps related to human rights and civil liberty safeguards as it applies to the UN Draft Convention. I should call it a draft at the moment. But Natalia, over to you. And then of course, I have a question for Nick and then we’ll go to the audience back again, please.

Nataliya Tkachuk:
I would like to add that, of course, the Budapest Convention is the very effective instruments in investigation of cyber crimes. But it’s not enough simply to become part of this convention. The implementation is a very important next step. And for example, Ukraine is still working on the implementation of the Budapest Convention. And I think that it’s a very important next step for the implementation of the Budapest Convention. Ukraine is still working on the implementation of the Budapest Convention. Now, there is war going on. We have different regime of war times. But before the war, we still had problems with provisions that provide disclosure and preservation of data, of technical data. Because in Ukraine, law enforcement didn’t have the possibility to issue some warrants strictly as it is implied in the Budapest Convention. And this is also very important. The effective. implementation of this international document.

Moderator:
Thank you, Natalia. I know that, John, you wanted to quickly intervene, please.

John Hering:
Yeah, and I think there’s been well enough said about the provisions of the Budapest Convention, but just to circle back on the UNHC, the Cybercrime Convention negotiations that are ongoing, two points ahead. Thankfully, it is still, I think, a draft, and we still have fairly significant concerns about making sure that there are sufficient safeguards in place for things like human rights, particularly as it relates to some of the data access provisions and opportunities for more transparency as to when and for how long data was requested and making sure that information can always be disclosed on a long enough timeline.

Moderator:
For instance, Article 32 of the Convention actually states that there has to be certain consents given for transport or access. We have no such provision within the UN Convention. So the question is, anybody can then access anything? It’s a question to be asked, Nick. I have a question for you regarding what Patrick said. It’s very important that whatever data you look at is authentic, reliable. And so my question is, how do you verify these images? We saw this wonderful video, to the standard that allowed them to be used as evidence in court, you know, what is the, and have you had experience with, say, war crimes triangles, et cetera? Thank you.

Nick Waters:
Okay, yeah, so what we’ve been doing is working with the Global Legal Action Network, who are a group of lawyers, carry out strategic litigation in order to assess if this kind of information that I showed you can actually be used as evidence. Primarily, this is focused in common law, so the law of England and Wales. However, what we’ve done is focus on the principles of the admissibility of evidence. And so we believe that the methodology that we’ve created with the Global Legal Action Network enables the possibility that some of this, these videos, these images, could be used as evidence in the future. Obviously, it’s not a guarantee, and this is only one way of doing it. Human Rights Centre at Berkeley obviously has the Berkeley Protocol, which our methodology, we believe, is consistent with, but those are the principles that we’ve sought to apply. So when you actually investigate these kind of pieces of content, we talked specifically about AI. However, AI still isn’t really at the point where it can create believable content. At the moment, the majority of the problems come from real content that’s been repurposed from one event that’s been repurposed to say it comes from a different event. And by some very simple verification steps, by placing a piece of content in space and time, you can exclude all of that misleading information. We also seek to use contextual verification as well, comparing it to the context of the event at the time, as well as cross-reference verification. So for example, you can imagine that if a incident happens in a large city, say an airstrike, there will be multiple people who will take pictures and videos, because that’s what people do. It’s happened in Syria, it happened in Yemen, it’s happened in Ukraine. And so we will seek out that content, place it in space and time, and seek it to compare with other pieces of content. So we’ve been thinking about this from the very kind of basic, placing this content in time and space, and then all the way up to the principles of evidential admissibility. anyone is interested in that our methodology with Global Legal Action Network is available online. You just need to look for Glenn Bellingcat and then methodology and you’ll find it.

Moderator:
Thank you, Nick. Thanks. I hope that addresses some of the concerns regarding how this can be used, especially with respect to prosecution. I will be asking John a question about what you’ve been doing with the ICC prosecutor and how you’ve helped. But before I do that, I know a gentleman’s been waiting for some time actually. No, no, absolutely. Please, the floor is yours.

Audience:
Thank you for giving me the second time. I have like small commentary for Natalia. Please. I completely agree with her, with you about that Russia and Ukraine actually have not only like classical war, but also informational war. And the citizens of both countries are suffering from that. It’s absolutely true. But my question to you was about like Ukrainian, baked and sometimes Ukrainian state baked criminals, not like Russian because everything is clear about Russian criminals. So I feel like my question was left unanswered. But my next question is like to you and to Nick, because frankly speaking, I think that war crime is war crime and no matter who did it, who committed it and where. And in terms of conventions, because you said that the Russian inside and conventions, it doesn’t trust or these war crimes cannot be persecuted by this legal way. This sounds a bit strange because there are certain war crimes where like Russia is not even a struggling party. For example, like some soldier killing some civilian on Ukrainian territory, not related to Russia at all. And this is actually the situation where this convention would be used possibly, but let’s stand off Ukraine for a while because I see it like causes some like hot atmosphere here. Thank you for like letting me continue. So my question is to Nick, because in the context I have just given for like last three days, we actually seeing like this normal events in between Israel and Palestine. And like there is plenty of direct electronic evidence of war crimes committed by each party, by Palestinians and by Israelis. There are clearly war crimes. You don’t have to be an expert. You don’t have to be like a lawyer or some kind of specialist to call what is it actually is. So what is your attitude? What is your approach to these kinds of war crimes in this conflict? And maybe there are any investigations already available. And what do you think if any international law or international cooperation could be used in such a way of, in such a conflict? Thank you.

Moderator:
Thank you for your question. First of all, let me clarify what I said earlier was that you’d given examples of cyber crime, not war crimes. And so-

Audience:
I’ve given also examples of war crimes because there were like some situations where like, sorry about getting to Ukraine again, but there was some like events when Ukrainian army, Ukrainian soldiers were killing Ukrainian civilians. That is what I was speaking about. Thank you.

Moderator:
Thank you for your question. Okay. So the idea was that basically for cyber crime and for electronic evidence, the Budapest Convention provides an international law basis. We don’t have another convention that does that. So therefore one would have to be a party to be able to do the exchange of information. and electronic evidence, therefore, Russia being a party to that would be helpful if Russia wanted to take advantage of it. So for instance, I assume that since the point that you’re making is that Russian victims are involved, it would be then, therefore, the responsibility, I would imagine, of Russian government to say that it wants to be able to defend its people. And so therefore, I would imagine they would want to join the commission, but they’ve chosen not to. That was the point we were making. On the other question regarding Palestine and Israel, et cetera, let me just say this, of course. We will obviously go to the panel. We are not here discussing international war crimes generally. The topic of our conversation, and I think you said it earlier, Patrick, you realize we’re not the War Crimes Tribunal, is to look at electronic evidence and how it, especially OSINT, can be used in various segments. It could be any conflict. It could be the Palestinian conflict. It could be the Russian-Israel situation we just saw. Sorry, the Russian-Ukraine situation and the Palestine-Israel situation we just recently saw. We’re not taking any position, per se. It’s a question of academic question. Now, over to the panel. Does anybody else want to answer any of the questions that have been asked? John, anyone? Natalia, please.

Nataliya Tkachuk:
Thank you for your comments, for your question. And you’re totally right. The justice and the rule of law is a common democratic value. This is the value that my country is fighting against the Russian Federation. And every war criminal should be brought to justice, should be accounted for what he did. That’s why there is international mechanisms, international legislation, and the Budapest Convention as well. But I disagree with you that you said that there is information war, that Ukrainians are suffering and Russians are suffering. Russians are not suffering from information war from any other countries, except from their political leaders. They block all the internet. They block all the media. And people who have another point of view that they are political leaders, they are simply scared, because they simply go to jail. This is the information war. information war in Russia, war from its political leadership. That’s what I wanted to comment. Thank you.

Patrick Penninchx:
I know there was a very specific question that is directed to Nick. And so I hope that Nick and John can answer those questions. But unfortunately, Zahid, I have to correct you at this point in time, because I must say that the Russian Federation at this point in time will not be able to join the Cybercrime Convention for the simple reason that the Russian Federation was expelled from the Council of Europe and has lost its status with the Council of Europe because of not respecting human rights and the basic values that the Council of Europe stands for and was therefore expelled from the Council of Europe following the Russian invasion, illegal invasion in Ukraine. So that option is not open at this point in time. It was open in the past, as you said, but that is no longer an option right now. That’s all I wanted to say because there were some specific questions to the other.

Moderator:
This is one of the welcome times where I like your criticism and disagreement with me. So I’m very happy. Thank you so much for that.

Nick Waters:
Nick, please. Yeah, sure. So in the context of Israel-Palestine, yeah, so the very first thing you said that we can say that war crimes, one of the things we’ve been very, very careful about from Bellingcat’s side, specifically within my team, is that we cannot say that. We cannot say something like that. We are not lawyers. We work with lawyers, with GLAN, but we cannot make those kind of statements. And that’s one thing that we’ve been very careful about doing, and in terms of using the vocabulary to describe events that have been happening, both in terms of Israel-Palestine now, but also in terms of Russian invasion of Ukraine, and also other instances as well. We can’t say that. We’re not lawyers. So in terms of the actual approach, at the moment, the amount of content is horrifying. What we’ve been doing is pretty much what has become standard for these kind of incidents. We’ve been collecting the content and we’ve been trying to preserve it. So there are some organizations which do this. You may be familiar with Mnemonic, which helped to collect this kind of information. of content and preserve that forensically so that later on there is a chain of custody and it could potentially be used as evidence. And that’s what we’re doing at the moment. But in terms of further investigations, I don’t know at this point. As I said, like the amount of stuff going on is absolutely horrific. You know, we’re talking about the use of high explosive weapons within Garda Strip and then also the events that Hamas has perpetrated, which looks like widespread killings of civilians, including minors. And this is something which is very, very difficult to investigate simply because there’s so much of it. The vast amount of atrocities that we see simply are never investigated. With that said, our partners, BLAN, are very keen to work within the context of Israel-Palestine simply because they have been working on strategic litigation in support of potential breaches, potential crimes have happened or alleged crimes, I beg your pardon, that have happened in the occupied Palestinian territories. So that’s something that I think that I would hope that we would eventually be able to contribute towards. Thank you.

Moderator:
Thank you very much, Nick. We obviously are trying to make sure that we also are paying attention to the online participation. And Georgi, I believe you have a comment that’s been made in the chat. And if you could read it out for the audience, please, over to you.

Giorgi Jokhadze:
Yes, thank you very much, Zahid. So there was some exchange in the chat and one of the questions came through, which is, I’ll just read it out like directly and then let everyone respond to it. How can we ensure having the neutral, valid and legitimate evidence system when the crime is committed against Ukrainian and Palestinian people? So the question is about, I mean, the availability of neutral, valid and legitimate evidence system, irrespective, actually, if I understood where the crime is being committed. Georgi, we’re having some difficulty understanding

Moderator:
the question, if you could slowly and maybe loudly, because we lost some of it, if you could repeat it. Thank you so much. Okay, my apologies. So the question is,

Giorgi Jokhadze:
is, how can we ensure having the neutral, valid, and legitimate evidence system, whether the crime is committed against Ukrainian or Palestinian people? So in my interpretation, that refers to what is the, I mean, how is the question of availability of neutral, valid, and legitimate evidence system at the moment, irrespective of whether crime is being committed?

Moderator:
So I think the question for all of us is, how do we, in this process of where we’re looking at OSINT and electronic evidence, ensure that there is neutrality and independence, and that we’re not biased and prejudiced? And this is a good question for everybody, because we are all doing different roles. Someone’s from the National Security Organization, someone’s from organizations which are private sector, et cetera. If you could let me go one after the other. John, would you like to take the first one, please?

John Hering:
Yeah, I mean, I think it’s a good example here from sort of just an objective new tool that Microsoft partnered with Accenture to support the ICC, the National Criminal Court. And its prosecutor that was launched last summer is the OTP Link platform that we put together. This is a fairly sophisticated, but at the end of the day, simple platform created for the recipient of Article 15 submissions from witnesses to potential war crimes, either before or after a preliminary examination has begun by the ICC. Again, this is irrespective of which side of a conflict you would find yourself on. But it would serve to unify a sort of disjointed process into a single system, create a digital chain of custody to collect and preserve that information, to hopefully create a tamper-proof record that can be used to be substantiated and further investigated later. So this is one example of the type of sort of objective tool that technology companies can help advance.

Nick Waters:
Yeah, in terms of the type of policy, there are a couple of points within our technology that we found to be really valuable. Right there. Hello? Yeah. So with regards to neutrality and bias, the methodology that we’ve worked with GLAN has a specific section regarding bias. And that includes both your own personal bias as well as the bias of potential from algorithms, for example. And that’s something we’ve really sought to address within that methodology. From my own personal perspective, it’s important to be able to mitigate our own biases and recognize them as well. Because once you can recognize those biases, then you can actually go on to seek to mitigate them. And one of the things that we’ve sought to do is to hire people who have deep local knowledge of context. So it’s not just another group of, forgive me, white European people looking at a situation and saying, this is exactly what’s happening. We have sought to actually hire people who have that particular perspective and who understand the local issues. Thank you.

Patrick Penninchx:
If I may. It’s clear that right now, technological advantage. and advancements have enabled individuals, but also states and regimes to easily manipulate data in an electronic form. So raising questions about the credibility and authenticity is fully legitimate. And I think that’s really important. And in order to ensure that data may be used as an electronic evidence for trial purposes, there must be a number of criteria, as I mentioned before. Data must be preserved like any data, like any evidence in any court. They must be preserved safely and kept due to, especially the high volatility of these data. They must be safely guarded and protected. Quite a lot of the data which are right now specific to the war against Ukraine, but also Palestine and Israel right now is available also from foreign sources. And some of those sources and many of those are stored in foreign jurisdictions. That means that including also in the cloud, obviously. So we need to be able to authenticate those sources in order to ensure that they are not flout. And that goes for any conflict from any side, from any party, whether that be Israel or Palestine, whether that be Russian Federation or Ukraine. I think that is really important. The collected information and the sources, they must be authenticated, as I said, verified and available for review to be able to demonstrate that the data is not fake, simply. And I think if we can take that as a starting point, and it is not for this panel, but it’s for the court to decide whether that is in the end information that can be used in trial or not. Thank you.

Moderator:
We’ll be going to Jayanth because I want to also ask him to explain, because the question was asked earlier about Article 15 and human rights and the Budapest Convention. So maybe he can shed some light on that, but also wanted to. to just inform the audience, are there any other questions? If there are, please do what you’re invited to come to the mic and ask. If you have a question, comment, or intervention, please, you’re very welcome to do so. Jayantha, if we could go to you online and ask you if you could respond to the question that was made, and I know because you do a lot of this work about the human rights aspects and the possible abuse by law enforcement of the powers that are available within the Budapest Convention and how that is mitigated, et cetera. If we could all go over to you and maybe you can help us with that. Thank you.

Jayantha Fernando:
Yeah, you were not very clear, Zahid, on your question, but if I’m to clarify the rule of Article 15, the provisions contained in the Budapest Convention starts with Article 14, the procedural measures where every party that is introducing legislative and other procedural measures provided for under the procedural tools and international cooperation tools in the convention for the purposes of not only cybercrime investigations, but all other investigations or other criminal investigations have to ensure that there are established safeguards within the scope of Article 15. And as you rightly said, the Article 15 human rights safeguards illustrates this with reference to international conventions that countries would have to may consider joining. So as far as some of our countries are concerned, many of us have become state parties to international conventions such as ICCPR. so on and so forth. And that has led to introduction of procedural measures in our domestic system to enable the judicial authorities to exercise their supervision. So that is one way in which I would say that the safeguards are implemented. This is not magic, this is not rocket science, this is just the procedural safeguards and standards that our country following rule of law, human rights safeguards have to follow through judicial intervention and other measures. And going further, as a state party to the Budapest Convention, the Sri Lankan law enforcement authorities revised their standard operating procedures based on inputs we got under the Council of Europe LACI project to ensure that the methodology for electronic evidence gathering, collection and international cooperation that led to its collection are done in accordance with international standards. And the SOPs were mapped to the international law instruments available within the

Moderator:
scope of the convention. Thank you. Thank you, Jayanta, that’s very helpful. I understand we have another question that has come online. So Georgi, may I move over to you and you can

Giorgi Jokhadze:
read out the question? Thank you. Yes, of course, Zahid. I hope there are no problems this time, so I’ll read it out slowly. The question is exactly which provisions of the Budapest Convention would be applicable to investigate and prosecute war crimes?

Moderator:
Thank you. I’m sure I have something to say about that, but maybe anybody from the panel wants to take that? No? Okay. So provisions, basically these provisions apply to any investigation. It doesn’t matter whether it’s war crimes or anything. In fact, there’s an article 14 that specifically states that any crime… where there’s electronic evidence involved, the convention would be applicable to such investigation and prosecution. So whether it’s war crimes, whether it’s theft, kidnapping, rape, whatever have you, as long as there’s digital evidence involved, the Budapest Convention applies. So that would be the sort of basic answer to that. But beyond that, I think the international cooperation provisions of the convention, particularly Article 32, which allows for trans-border access in certain circumstances is an important tool. And as I mentioned earlier, it’s absent from the UN draft that we are currently seeing. And so the question arises, what are the human rights or civil liberties restrictions that would apply to trans-border access, for instance? Of course, they do exist in the Budapest Convention. So I think that’s my answer. Janatha, since you do this a lot as well with me, would you like to also say something about what are the provisions that would be applicable to war crimes, for instance, related to the Budapest Convention? Thank you.

Jayantha Fernando:
Yeah, so I think you can clearly mention the applicability of the procedural provisions based on the reference to Article 14. So I think Article 14 is the provision that can be invoked here. But what is, in addition to Article 32, I think we need to understand the scope and ambit of other provisions, such as, I would say, Article 18, the production order provisions that enables a domestic authority to obtain evidence from any service provider, offering a service to one’s own jurisdiction. And then you have other very innovative provisions, such as Article 26, spontaneous information, where information gathered from. international service providers can be shared by law enforcement authorities. But we have to understand that all this is available tools for state parties to the Budapest Cyber Crime Prevention Convention. And that is something we need to emphasize in the context of the question that was posed. Thank you.

Moderator:
Jonathan, thank you. That’s amazing. We always come back to you when we need a question on the convention answer. So we have a question and I must sort of alert everybody that there are certain platforms who might be present in the room. I mentioned in this question. So going to the remote participant, would you be able to please read out the question in the chat?

Giorgi Jokhadze:
Thank you. Yes, I’ll try to also remind you. I mean, I’m worried it out quickly. Remind you also because of a limit of time. So maybe we’ll not take the questions after this as well. So basically, I’ll just shorten it as well. But because please read the whole thing. And if you could speak loudly, that would help. Yes. Yes. Since in relation to the Budapest Convention, the war crimes as such were mentioned and meaning a comprehensive approach that we can expect the Budapest Convention and its protocol to be used for investigation, prosecution of. Sorry, that’s that’s another question. Sorry, I just missed the previous one. My apologies. My apologies. We’re having some difficulty hearing you, Jorgi.

Moderator:
Do you mind if I just take this because it’s the last one? I really doubt if that’s all right. Thank you. Yes. Thank you. Sorry, Zahid. Not at all. Not at all. You know, technology. The issue of bias of cross-border digital platforms regarding the parties to the conflict in maintaining and preserving electronic data and evidence is very important. How do you want to face it? For example, Meta and Instagram cannot be neutral about the Israeli-Palestinian conflict due to their ownership structure. With thanks for your attention. This is the question that we posted in the chat. Anybody want to take that? John? Nick? Go ahead, please.

Nick Waters:
I’ll give you my mic. Yeah, OK. So social media platforms definitely should not be regarded as being neutral. They have obviously between them, they each have different moderation policies. And even within them, the moderation policies are very, very different from country to country. If anyone recalls the kind of moderation changing over 2015 as a result of Islamic State content being posted online, they’ll understand this. Arabic content was and I believe is still being used. moderated very, very differently from, say, for example, English speaking content. And we’ve seen that very specifically in the case of Myanmar, where Facebook has basically been accused of enabling ethnic cleansing. These platforms have deliberately tried to distance themselves from their responsibilities, deliberately stating that they are not publishers of that information, so trying to avoid responsibility. However, they are, to a certain extent, responsible for some of the information that they post online. You know, the algorithm decides what information is shown to what people. So should they be regarded as being neutral? No, I don’t believe they are. And so you need to try and seek that to mitigate that. They are an incredibly valuable source of information. But yes, they should not be regarded as neutral, I think, in these contexts.

Moderator:
Thank you. We’re starting to get a lot of questions in the chat. If I may read out the next one we have. And since in relation to the Budapest Convention, I believe I should say, war crimes as such were mentioned and meaning a comprehensive approach, can we expect the Budapest Convention and this protocol to be used for investigation and prosecution of the U.S. military outrages in Afghanistan, Syria, and Iraq? There is plenty of evidence on those notorious cases, is the question asked in the chat. Anyone who would like to take that? Please, Patrick.

Patrick Penninchx:
Well, Zahid, you also already mentioned before that for the time being, and as I said in the opening remarks, even though the Budapest Convention now covers 68 states, it doesn’t cover all the countries in the world. And we’re hoping and wanting to increase, of course, the number of states that will join the Budapest Convention, provided that a respect article 15, because the Budapest Convention is not a convention that exists in the void. It exists within a specific context, which is the protection of human rights, rule of law, and pluralist democracy. And countries that join the Budapest Convention comply with those principles. And in that respect, of course, the 20 or more countries that have now been invited to accede, unfortunately, the countries that have been mentioned there are not part of that list. So I think that is one of the key principles. Of course, we would like to see that all those other countries would join. We know that there are a number of differences and divergences when we look at the UN discussions that are taking place. So we cannot make a convention applicable to those countries that have not joined it. And again, article 15, human rights principles need to be respected.

Moderator:
Absolutely right. And in addition, I would also sort of add that absolutely, the answer to the question that has been raised, to the extent that the countries are part of the list, as Patrick mentioned, those would be, the convention could be used for electronic evidence. It’s very important to be clear. The Budapest Convention’s role is of an electronic evidence convention. It is only going to tell you that this is evidence, it’s admissible, this is how you collect it, this is how you present it, these are the safeguards. From then on, basically the rules of the court, whether it’s the ICC, for instance, whether it’s a domestic court or any other would take over. And so the question that I think you pose is not about electronic evidence, unfortunately, I wish it was, but it is about what the other courts would do. And I think that’s a question for them. But Patrick, thank you so much for that response. We are now absolutely last at the last minute. I’m not doing a great job keeping up. So if I could ask the panel to give wrap-ups and I will go to my right and then down the chain. I believe that Jayanthi would not be available, so it’s only us in the room who will be wrapping up. John, please, over to you.

John Hering:
Absolutely. I actually think that’s a great transition to sort of my final thoughts here. Yes, I opened it by saying that there’s a new domain of conflict that’s going to require us to innovate appropriately in our international systems, is that we’re keeping pace with new threats and new challenges, including cyber operations and armed conflict. And so to your point, it’s important that our international institutions are stepping into play a role to uphold those same expectations that exist in the physical domain as well as in the digital domain. And so it was heartening to hear just last month, perhaps it was like six weeks ago now, the ICC prosecutor for the first time announced that his office will be investigating cyber-enabled war crimes specifically. And it’s encouraging to see our international framework starting to apply

Nick Waters:
online as well. Yeah, thank you. Just to say that I think this kind of information would allow more atrocities to be investigated. That kind of information will help, but it cannot replace traditional evidence and it must fit within the currently established principles of legal admissibility. And hopefully, being able to share that kind of information will be useful in the future to holding more people to account for their actions. Thank you.

Nataliya Tkachuk:
Thank you very much for this discussion. I think this discussion was very fruitful. And again, thank you for your support to Ukraine. And this war showed the new role of electronic evidence, the new role of open source intelligence. And we will learn how to do with this. And we were discussing bias and neutrality of electronic evidence. And I agree with you that the main thing, these are procedures. We need to follow the procedures. We need to understand procedures. And I’m thankful to the Council of Europe, because I know the Council of Europe conducts a lot of trainings in Ukraine for judges, prosecutors, for civil society. Because in Ukraine, collecting evidence of war crime is a task for all civil society. And this is very, very important. Thank you.

Patrick Penninchx:
Thank you. The Budapest Convention, as we said, is a criminal law convention. It is not a war crime convention. That is number one. But we know that expedited preservation and exchange of stored information data, including from service providers, is crucial. And a reminder that Article 2 of the Budapest Convention can be used to access and obtain open source information across borders. And that can later on be used in trial. Thank you.

Moderator:
Absolutely. Thank you for adding that, Patrick. So it’s my job now to give the floor back to Georgi, and then I’ll make some closing remarks. Georgi, over to you for some wrap-up.

Giorgi Jokhadze:
Yes, thank you very much. I think we heard a lot of very interesting ideas. And it’s a challenge to compress everything into the final, let’s say, points of the meeting, which I’m not trying to do. do right now because I think it will be just a job for myself and Zahid in the aftermath of the meeting that will communicate them properly to IGF Secretariat. But if I can sort of try to play to the main leitmotif, I think that we have covered a lot of ground when it comes to the open source intelligence and information being a part of the overall picture. So I think that, to paraphrase maybe Patrick a bit, so we don’t apply these concepts in the void as much as we also don’t apply the Budapest Convention in the void. So we have to make sure that the open source intelligence, that all the data information we’re getting from open sources is also part of the applicable and clear legal framework that is going to bring perpetrators to justice. So that is my own, let’s say, view on the discussions here, but I think that we’ll have to flesh it out a little bit more also as conclusions to the Secretariat. Thank you, Gyorgy. Zahid, back to you.

Moderator:
Thank you, Gyorgy. Just last comments. So open source intelligence and the use of how this evidence works is very different from something we’ve seen before, because it’s open source, it can change hands, etc. And to be able to use this electronic evidence in various things, including war crimes and human rights abuses, is extremely important. And the role of the Convention in being able to do that vis-a-vis, for instance, we don’t have that possibility within the UN Convention, for instance, and maybe other places. So it’s helpful to think about what we can do to improve that in other structures as well. I just wanted to say thank you for all the participants who have been here. Thank you for the questions that were asked. I think that was very helpful because they engaged. Thank you for the questions. Also, to the online participants and questions, thank you for that. It helped us basically answer and think about new things. And thanks to the organizers, because they provide us a massive room. And so a lot of people, we didn’t expect this many people to fill this room. So I really appreciate everybody coming. Thank you. That’s all from us. Goodbye.

Speakers

Audience

Speech speed

167 words per minute

Speech length

895 words

Speech time

321 secs

Giorgi Jokhadze

Speech speed

195 words per minute

Speech length

1353 words

Speech time

417 secs

Jayantha Fernando

Speech speed

132 words per minute

Speech length

1879 words

Speech time

852 secs

John Hering

Speech speed

208 words per minute

Speech length

1556 words

Speech time

449 secs

Moderator

Speech speed

215 words per minute

Speech length

4726 words

Speech time

1317 secs

Nataliya Tkachuk

Speech speed

158 words per minute

Speech length

1285 words

Speech time

489 secs

Nick Waters

Speech speed

193 words per minute

Speech length

2641 words

Speech time

823 secs

Patrick Penninchx

Speech speed

137 words per minute

Speech length

1690 words

Speech time

738 secs