Open Forum #35 Addressing International Crimes Enabled by Cyber Operations

Summary

This discussion focused on addressing international crimes enabled by cyber operations, specifically examining how international criminal law can strengthen global cybersecurity and prosecute core international crimes committed through digital means. The session was jointly hosted by the International Criminal Court (ICC) and Microsoft, featuring experts from policy, private sector, and civil society backgrounds.

Professor Marko Milanović, Special Advisor to the ICC’s Office of the Prosecutor, outlined the forthcoming ICC policy on cyber-enabled crimes, which explains how the Rome Statute applies to international crimes committed or facilitated by cyber means. The policy addresses war crimes, genocide, crimes against humanity, and aggression that involve digital technologies, emphasizing that the ICC is prepared to prosecute those who use technology to commit these serious crimes. Examples include using AI to facilitate attacks on civilians, disseminating humiliating imagery of prisoners of war online, or conducting direct incitement to genocide through social media.

Panelists highlighted several critical challenges in investigating and prosecuting cyber-enabled crimes. Estonian prosecutor Kati Reitsak emphasized the importance of international partnerships and trust-building, noting similarities between organized crime and international crimes in their cross-border nature. The preservation and authentication of digital evidence emerged as a major concern, particularly given that these cases can take decades to prosecute while digital evidence is ephemeral and easily altered.

Microsoft’s Michael Karimian discussed the private sector’s crucial role in evidence collection, attribution, and international cooperation, while acknowledging potential conflicts of interest when tech companies provide services to various parties in conflicts. Civil society representatives Katitza Rodriguez and Chantal Joris stressed the importance of adhering to international human rights standards during investigations and avoiding overly broad surveillance powers that could undermine the very evidence needed for prosecutions.

The discussion concluded that while existing international criminal law is adequate for addressing cyber-enabled crimes, success requires unprecedented cooperation between states, private sector entities, and civil society organizations to overcome the unique challenges posed by the digital nature of these crimes.

Keypoints

## Major Discussion Points:

– **ICC’s Proposed Policy on Cyber-Enabled International Crimes**: The International Criminal Court’s Office of the Prosecutor is developing a groundbreaking policy document that explains how existing Rome Statute crimes (genocide, war crimes, crimes against humanity, and aggression) can be committed or facilitated through cyber means, rather than creating new categories of crimes.

– **Evidence Collection and Preservation Challenges**: Panelists extensively discussed the unique difficulties of collecting, preserving, and authenticating digital evidence in cyber-enabled crimes, including issues with evidence disappearing quickly, the need for rapid response, maintaining chain of custody over decades-long investigations, and the risk of platforms deleting crucial evidence.

– **Multi-Stakeholder Cooperation and Partnerships**: The discussion emphasized the critical importance of collaboration between various actors including international courts, national prosecutors, private sector companies (especially tech platforms), civil society organizations, and intelligence agencies to effectively investigate and prosecute these cross-border crimes.

– **Human Rights Considerations and Conflicts of Interest**: Significant attention was given to ensuring that investigations respect international human rights law, avoid legitimizing mass surveillance or repressive practices, and manage potential conflicts of interest when tech companies both hold evidence and provide services that may facilitate crimes.

– **Practical Implementation and Case Prioritization**: The panel explored which types of cases might be prioritized initially (starting with smaller, less complex cases), the challenges of attribution in sophisticated cyber operations, and how traditional legal frameworks need to adapt to address the unique aspects of cyber-enabled international crimes.

## Overall Purpose:

The discussion aimed to explore the legal, operational, and technical challenges involved in prosecuting international crimes committed through cyber means, highlighting the ICC’s forthcoming policy as a significant milestone while examining the roles of various stakeholders in strengthening global cybersecurity and accountability for core international crimes.

## Overall Tone:

The discussion maintained a professional, collaborative, and forward-looking tone throughout. Participants demonstrated expertise while acknowledging the complexity and novelty of the challenges. The tone was constructive and solution-oriented, with panelists building on each other’s points and offering practical insights. There was a sense of cautious optimism about the potential impact of the ICC’s policy, balanced with realistic assessments of the significant challenges ahead. The atmosphere remained respectful even when addressing sensitive topics like conflicts of interest and human rights concerns.

Speakers

**Speakers from the provided list:**

– **Harriet Moynihan** – Head of Accountability in International Law at the Oxford Institute of Technology and Justice at the Blavatnik School of Government, University of Oxford; Associate Fellow in the International Law Programme at Chatham House; Session moderator

– **Marko Milanović** – Professor; Special Advisor to the International Criminal Court, specifically to the Office of the Prosecutor on Cyber Enabled Crimes

– **Chantal Joris** – Senior Legal Officer at Article 19; focuses on freedom of expression

– **Katitza Rodriguez** – Policy Director for Global Privacy at the Electronic Frontier Foundation

– **Michael Karimian** – Director of Digital Diplomacy at Microsoft

– **Kati Reitsak** – Prosecutor at the State Prosecutor’s Office of the Republic of Estonia; has over 10 years of experience combating organized crime and recently moved to dealing with international law and international crimes

– **Audience** – Various audience members who asked questions during the Q&A session

**Additional speakers:**

– **Chelsea Smith-Hurst** – Microsoft representative; helped with online moderation questions during the Q&A (mentioned but did not speak in the transcript)

– **Joeri Bokovoy** – Finnish Green Party member; audience questioner

– **Aaron Clements-Hunt** – Works for the Heartland Initiative; audience questioner

– **Vilda** – Criminologist; audience questioner

– **Christian Faizili** – Public prosecutor from the Democratic Republic of Congo; audience questioner

– **Meredith** – Works with the Business and Human Rights Resource Center; audience questioner

# Addressing International Crimes Enabled by Cyber Operations: A Comprehensive Discussion Report

## Introduction and Context

This discussion, jointly hosted by the International Criminal Court (ICC) and Microsoft, brought together leading experts from policy, private sector, and civil society backgrounds to examine how international criminal law can address core international crimes committed through digital means. The session was moderated by Harriet Moynihan, Head of Accountability in International Law at the Oxford Institute of Technology and Justice, and featured distinguished panellists including Professor Marko Milanović, Special Advisor to the ICC’s Office of the Prosecutor on Cyber Enabled Crimes, alongside representatives from civil society organisations, the private sector, and national prosecution services.

The discussion centred on the ICC’s forthcoming policy on cyber-enabled crimes, which represents a groundbreaking initiative in international criminal law. This policy addresses how existing Rome Statute crimes—genocide, war crimes, crimes against humanity, and aggression—can be committed or facilitated through cyber means, rather than creating entirely new categories of international crimes.

## The ICC’s Policy on Cyber-Enabled International Crimes

### Policy Framework and Scope

Professor Marko Milanović outlined the comprehensive nature of the ICC’s proposed policy, explaining that it focuses on applying existing international criminal law to cyber-enabled crimes rather than expanding the Rome Statute’s scope. The policy addresses four core areas: genocide, war crimes, crimes against humanity, and aggression when committed through digital technologies. Additionally, it covers offences against the administration of justice under Article 70 of the Rome Statute, such as hacking court systems or intimidating witnesses through cyber means.

Milanović provided specific examples of cyber-enabled crimes the ICC is prepared to prosecute: using artificial intelligence to facilitate attacks on civilians, disseminating humiliating imagery of prisoners of war online, conducting direct incitement to genocide through social media platforms, and attacks on critical infrastructure that could cause severe humanitarian consequences. He emphasised that the policy serves dual purposes: providing internal guidance for the Office of the Prosecutor’s operations and communicating publicly how the Rome Statute applies to cyber-enabled crimes.

### Civil Society Support and Human Rights Considerations

Civil society representatives strongly supported the policy’s approach of focusing on existing Rome Statute crimes rather than creating new categories. Katitza Rodriguez from the Electronic Frontier Foundation noted that this approach helps avoid overly broad cybercrime laws that could undermine human rights. She emphasised that all investigations must respect international human rights law frameworks, including principles of necessity, legality, proportionality, and transparency with proper oversight mechanisms.

Chantal Joris from Article 19 reinforced these concerns, highlighting that whilst internet shutdowns and mass surveillance often violate freedom of expression and can exacerbate harms for communities impacted by conflict, most do not rise to the level of international crimes. She specifically noted that direct attacks on ICT infrastructure and internet shutdowns could potentially constitute international crimes depending on their scale and impact.

## Evidence Collection and Preservation Challenges

### Digital Evidence Vulnerabilities

One of the most significant challenges identified relates to the unique nature of digital evidence in international crimes prosecutions. Katitza Rodriguez highlighted the fundamental challenge: “evidence in this context must last. We are talking about 10, 20, 30 years. A video recorded today might remain courtroom ready for a long period of time, even 20 years from now. One mobile phone clip can expose a massacre and be published on YouTube. An algorithm can delete that proof forever.”

Rodriguez provided a specific example of YouTube’s automatic extremism filter purging channels and videos of human rights researchers and journalists documenting Syrian conflicts, illustrating how platform content moderation policies can inadvertently destroy crucial evidence. She also referenced the Guatemala National Police Archive case and Patrick Ball’s work on statistical analysis of human rights violations, demonstrating how digital documentation can provide crucial evidence for accountability efforts.

### Technical and Procedural Requirements

Michael Karimian from Microsoft detailed the technical complexities involved in evidence preservation, emphasising that digital evidence requires rapid identification and preservation using sophisticated technical capabilities. Estonian prosecutor Kati Reitsak reinforced these concerns from a practical perspective, explaining that investigators must preserve and collect evidence following strict standards to ensure admissibility in court, particularly given that digital evidence is heavily contested.

Reitsak also highlighted the need to overcome institutional siloing, noting that successful cyber-enabled crime investigations require cooperation between different units within law enforcement agencies, such as cybercrime units and international crimes units. She compared this to organised crime investigations, which also require extensive technical capabilities and cross-border cooperation.

## Multi-Stakeholder Cooperation and Partnerships

### The Essential Role of Private Sector Cooperation

Throughout the discussion, there was strong consensus that private sector cooperation is essential for successfully prosecuting cyber-enabled international crimes. Michael Karimian outlined the crucial roles that private companies play in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in investigations.

Karimian explained that attribution—one of the most complex challenges in prosecuting cyber-enabled crimes—requires the ability to track activity across different digital infrastructures and jurisdictions, capabilities that often reside primarily within private companies. He noted that successful investigations require judicial frameworks with international partners and technical expertise that goes beyond traditional law enforcement capabilities.

### Trust and Cross-Border Cooperation

Kati Reitsak emphasised the critical importance of personal connections and trust between partners in successful cross-border investigations. She noted that these investigations require swift action and reliable information sharing, which depends not only on formal frameworks but also on established relationships between investigators across different jurisdictions.

Reitsak provided examples of successful prosecutions in France, the Netherlands, and Norway for Syria-related cases, and mentioned Estonia’s specific rules about in absentia proceedings and the genocide network at Eurojust as examples of effective cooperation mechanisms.

### Civil Society as Evidence Holders

Civil society organisations emerged as crucial stakeholders in the evidence ecosystem. Rodriguez highlighted that civil society organisations often hold crucial evidence and documentation that may be the last remaining proof of atrocities, requiring collaboration with prosecutors. This positions civil society not merely as advocates but as essential partners in the investigative process.

## Conflicts of Interest and Corporate Accountability

### The Dual Role of Technology Companies

One of the most challenging aspects of the discussion concerned the complex position of technology companies in cyber-enabled international crimes. Chantal Joris identified a fundamental tension: “The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address.”

This tension became particularly evident during the question-and-answer session, when Aaron Clements-Hunt directly questioned Microsoft’s provision of services to Israeli entities whilst simultaneously positioning itself as a partner in international justice efforts. This exchange illustrated the real-world complexities of public-private partnerships in this space.

### Managing Corporate Responsibility

In response to civil society feedback, Milanović noted that the ICC policy will include language acknowledging potential criminal responsibility of corporate executives, representing an attempt to balance the need for private sector cooperation with recognition of their potential liability. This represents a significant development in how international criminal law addresses corporate involvement in international crimes.

## Case Prioritisation and Prosecution Strategy

### Different Strategic Approaches

The discussion revealed different perspectives on how the ICC should begin prosecuting cyber-enabled crimes. Professor Milanović advocated for starting with smaller, less complex cases, particularly Article 70 offences against the administration of justice, such as hacking court systems. He argued that “a good way to start would be, for example, an Article 70 case, so a case about the administration of justice. Somebody hacks the court… Those are easier cases to deal with.”

Michael Karimian offered a different perspective, arguing that cases involving widespread harm to critical infrastructure and essential services should be prioritised because they pose substantial risks to human life and send clear international signals.

Kati Reitsak supported the general principle of starting with smaller cases but suggested that war crimes or crimes against humanity cases would be preferable starting points as they provide broader possibilities for establishing new legal precedents in cyber-enabled crime prosecutions.

## Practical Challenges and Unresolved Issues

### Attribution and Technical Complexity

Attribution emerged as one of the most significant technical challenges in prosecuting cyber-enabled crimes. The discussion acknowledged that sophisticated cyber operations often involve multiple layers of obfuscation designed specifically to complicate attribution efforts, requiring extensive technical expertise and international cooperation.

### Outstanding Questions from Practitioners

Several practical questions remained unresolved during the discussion. Christian Faizili from the Democratic Republic of Congo raised a specific concern about how prosecutors can prove command responsibility via digital traces when forensic laboratories are destroyed in conflict zones, highlighting the intersection between traditional conflict dynamics and new technological challenges.

Questions were also raised about gaming platforms and voice chat monitoring, illustrating the breadth of digital spaces where potential evidence of international crimes might be found.

### Institutional Capacity Gaps

Both Reitsak and Karimian acknowledged that traditional law enforcement institutions often lack sufficient technical capabilities for complex cyber investigations. This represents a significant institutional challenge that requires law enforcement agencies to develop new capabilities or rely heavily on external expertise.

## Human Rights Safeguards and Concerns

### Avoiding Legitimisation of Mass Surveillance

Civil society representatives consistently emphasised the importance of ensuring that cyber-enabled crime investigations do not legitimise mass surveillance or repressive practices. Rodriguez specifically warned against the ICC relying on evidence gathered through abusive surveillance powers, arguing that this could undermine both the legitimacy of prosecutions and the broader human rights framework.

### Platform Policies and Content Moderation

The discussion highlighted concerns about platform content moderation policies that may inadvertently destroy evidence. Rodriguez noted that platforms face incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it. This prompted discussion about the need for platforms to implement public interest exceptions for content with educational, documentation, or newsworthy value.

## Broader Impact and Future Directions

### The ICC’s Leadership Role

Multiple speakers emphasised that the ICC’s policy will likely have impact far beyond the ICC itself. Harriet Moynihan described it as “a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents.” Kati Reitsak noted that national courts can look to the ICC as a beacon and be encouraged by its systematic approach to cyber-enabled international crimes.

### Policy Development Timeline

The discussion concluded with concrete next steps for policy development. The ICC Office of the Prosecutor has received many comments during the public consultation phase and will take these on board as they revise the draft policy. The policy is expected to be formally promulgated at the Assembly of States Parties later this year.

### Supporting Research and Documentation

The UC Berkeley Human Rights Center’s submission to the Office of the Prosecutor regarding Mali was mentioned as an example of academic institutions contributing to the development of this area of law. Additionally, ongoing research efforts are supporting the practical implementation of the policy framework.

## Conclusion

This discussion represented a significant milestone in the development of international criminal law’s response to cyber-enabled crimes. The ICC’s forthcoming policy addresses a critical gap in international justice mechanisms by providing a framework for prosecuting serious international crimes committed through digital means.

The conversation revealed both the promise and the challenges of this initiative. While there was broad support for the policy’s approach and recognition of the need for multi-stakeholder cooperation, significant practical challenges remain around evidence preservation, attribution, conflicts of interest, and the development of new institutional capabilities.

Perhaps most importantly, the discussion demonstrated that addressing cyber-enabled international crimes requires extensive cooperation between diverse stakeholders with different capabilities and perspectives. The success of this effort will depend on building trust between partners, managing conflicts of interest, and developing new technical and legal capabilities that bridge traditional boundaries between different sectors and jurisdictions.

As the ICC moves forward with implementing this policy, the frameworks and partnerships developed through this initiative will likely prove crucial for maintaining accountability for international crimes in the digital age. The broad engagement from various stakeholders suggests a strong foundation for this work, while the practical challenges identified highlight areas where continued development and cooperation will be essential.

Harriet Moynihan: At this point, Harriet was tired when she heard that she would no longer be on time and was decided to quit. Relax. Relax We are all women. We are all women. Is this… a quake? I thought it was a quake. So they will give you a sign? I’m not sure. Well, good afternoon everyone. Both to those of you who are joining us here in the room and those of you joining us online. Welcome to… to this session on addressing international crimes enabled by cyber operations. I’m Harriet Moynihan, I’m Head of Accountability in International Law at the Oxford Institute of Technology and Justice at the Blavatnik School of Government, University of Oxford. I’m also an Associate Fellow in the International Law Programme at Chatham House and I’m delighted to be moderating this session. I’m also going to be joined online by Chelsea Smith-Hurst of Microsoft, who’s going to be helping with online moderation questions once we get into the Q&A. Today we’re going to look at how international criminal law within both national and international judicial settings can help to strengthen global cyber security and address core international crimes which are committed through cyber means. And of course by international crimes we mean war crimes, genocide, aggression and crimes against humanity. And this session is going to highlight the forthcoming policy of the International Criminal Court on international crimes committed by cyber means and that’s obviously a significant milestone in investigating and prosecuting such crimes at the international level. This session is being hosted jointly by the International Criminal Court and by Microsoft and I’m delighted to say that both are represented here today. And in this panel we’re going to have the opportunity to explore some of the legal, operational and technical challenges in this area by hearing from a range of experts from policy makers to private sector, to civil society and the special advisor to the International Criminal Court on cyber enabled crimes. And I should add that at Chatham House where I’ve been working we’re conducting a research project on this very issue which seeks to complement the work of the International Criminal Court and we’re going to be publishing a research paper that dives into some of the broader legal and practical issues around this area and that paper will be published in January. Today our panellists are going to look at the evolving cyber threat landscape, challenges in the collection and attribution of evidence, the need for stronger multi-stakeholder cooperation in this area, and ways to strengthen accountability generally. And the way that we’re going to do this is we’re going to have a moderated panel discussion, and then we’re going to open it up to Q&A, both from you here in the audience and those of you joining us online. But before that, let me introduce our speakers. We’re joined online by two speakers, first of all Professor Marko Milanović, who amongst many other roles is the Special Advisor to the International Criminal Court, specifically to the Office of the Prosecutor on Cyber Enabled Crimes. Welcome Marko. Also joining us online, we have Michael Karimian, who’s Director of Digital Diplomacy at Microsoft. And here in the room, the stellar panel continues. We have Kati Reitsak, who’s a prosecutor at the State Prosecutor’s Office of the Republic of Estonia. We have Chantal Joris, who’s Senior Legal Officer at Article 19. And last but not least, we have Katica Rodriguez, Policy Director for Global Privacy at the Electronic Frontier Foundation. I’d like to start the conversation by turning to Marko. Marko, could you set the scene for us a bit by telling us a bit more about the Office of the Prosecutor’s proposed policy in this area? How does it relate to the various initiatives that are going on worldwide in relation to cyber crimes? And what does it mean for the work of the International Criminal Court? Thank you so much, Kerit.

Marko Milanović: And allow me to welcome everybody, both online and offline, also on behalf of the Office of the Prosecutor of the ICC, to this event that we have jointly organized together with Microsoft. And thank you so much, Kerit, for moderating the panel. The Office of the Prosecutor launched this effort to formulate a policy document, which will be used both for its internal purposes, but also for communicating with the public, which does several things. It explains how the Rome Statute of the International Criminal Court can be applied to the commission or facilitation of international crimes by cyber means. That’s the first thing it does. It also explains how other than the core international crimes, also the offenses against the administration of justice, which interfere with the working of the court as such, can also be committed and facilitated by cyber means. And then it goes on into various practical questions about the investigation, prosecution of these crimes, about the cooperation that the office needs to have with national authorities and the capacities that the office needs to build to essentially be able to investigate these offenses properly. So that is the point of this policy. The policy has now finished the public consultation phase. We have received many comments from states, from civil society, including organizations represented at this panel, from academics, from various other stakeholders, which we will take on board. And the policy will then be revised and adopted by the Office of the Prosecutor and formally promulgated at the Assembly of States Parties later this year. So that is the core idea of this policy. And the message that the Office of the Prosecutor essentially wants to send is that it is ready, it is prepared to prosecute those who use these technologies to commit international crimes. Here, it is really important to emphasize as Harriet did in her introduction, that we’re not talking here about normal, ordinary cybercrime like hacking, unauthorized access to a computer system, fraud, the dissemination of imagery of child sexual abuse, and so on. What we’re here talking about is genocide, war crimes, feminism, anti-aggression, and all of these crimes, including offenses against the administration of justice, can be committed by cyber means. AI, for example, can be used to facilitate attacks against civilians or the civilian population during an armed conflict, which is a war crime. Online technologies can be used to disseminate humiliating imagery of prisoners of war, which can also be a war crime, depending on the intensity of the suffering that these individuals are exposed to. Attacks against critical infrastructure, against airports, against air traffic control can qualify, for example, as murder, as a crime against humanity. Direct and public incitement to genocide can very easily be committed by social media, and so on. So that’s the core thing that the policy does. It really explains how cyber tools, including AI, can be used to commit these crimes. It also emphasizes the facilitation aspect. Many of these crimes can be committed, and most of them will be committed by traditional kinetic means, but cyber will be used to facilitate them. Everything from obtaining targets to conducting monetary transactions using cryptocurrency, for example, in a way that facilitates the commission of these crimes. The office is ready to prosecute these crimes, and that is the key signal that it wishes to send through this policy. and Marko Milanović, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian And also, perhaps, if you can talk about what makes a successful investigation when you’re looking at these cross-border type crimes.

Kati Reitsak: Thank you, Harriet. Thank you, everyone, for gathering here today, in here and online. So, yeah, it’s true. My main experience is more than 10 years combating organized crime. And just recently, I think maybe four or three years ago, I moved on to deal with cases concerned international law and international crimes. So, but there are so many similarities. If we are talking about core international crimes, there is very often a state actor at play. And if you are thinking about traditional organized crime, they often attempt to function as a state. within the state. It’s like a parallel force. It maintains the hierarchy with clearly defined roles and assignments. Organized crime also collects and distributes finances as they see fit, provides financial assistance to those who need and enforces its own system of punishment if someone were to break the rules. So, if we think in these concepts, we see that there are actually very many similarities between a wannabe state, like an organized crime group, traditional one, or a really legal state. So, we then have to assess both the jura and the facto powers of these persons acting within these systems and understand how these systems work kind of beneath the surface. Also, I have to say that in jurisdiction wise in Estonia there are also very many similarities. For example, core international crimes, Estonia exercises universal jurisdiction over them as they are considered as crimes that every state, every civilized state should be interested in prosecuting them. And the cross-border element is also something that is similar to those two. Because like organized crime, also crimes against humanity, they don’t know any state borders. And they are not limited by it, but they might seek profit all over. So, I think that what makes a successful investigation, both in organized crime and in crime against humanity, and in international crimes is a judicial framework with your partners. You have to have a very good partnership with all the other state and state actors. And if we are talking about criminal investigations, I think you all agree that information and evidence sharing is of the essence. And you have to trust the partner that you share your information and evidence with because otherwise you might be putting danger to your witnesses and your sources. So personal contacts that have always been very helpful in combating organized crime which acts cross-border and I think in international crimes as well. We have to build those personal connections because sometimes time is of essence. Especially if we are talking about cyber-enabled international crimes. Just tackling like a network, it needs to be very, very, very swift. And it is based on personal communication and personal sources. So it all comes down to willingness of the partners to investigate and get some good results. And of course as we go on, all the evidence is being very, very heavily contested in courts. As you see already, if you are looking at the media, you see that if there is a news clip already one of the parts of this clip might call it fake news. This is doctor, this is not true. So in this digital area that we are living in, it is very difficult to know what is the truth, true truth. and what is doctored. And therefore, for investigators also, it presents a challenge to preserve and collect evidence in a way that it will be fully admissible later on in a court of law. As I mentioned, these personal connections that we use to tackle organized crime with, they are also being formed at international level concerning international crimes. For example, I would just point out the genocide network at the moment in Eurojust. And do not be fooled by the name, it’s not only limited to genocide, but the members of this network actually share the experiences of investigating both war crimes and crimes against humanity as well. So I think I will stop here and thank you.

Harriet Moynihan: Thank you, Kati, and thank you for highlighting the importance of partnership and trust and cooperation and indeed giving examples of some of the forums that exist at the moment to try and promote that. And you mentioned the genocide network and the great work that they do. Michael, if I may turn now to you, and thank you for joining us online. The role of the private sector is very important in this space because, as we’re hearing, by their very nature, cyber-enabled crimes are likely to involve infrastructure that will traditionally be owned by the private sector. It might be social media companies, it might be cloud services, it might be computer networks. And so it would be really interesting to hear from you about what role you see for the private sector in this space, perhaps particularly in relation to things like collecting evidence, because obviously some platforms will hold evidence. How do prosecutors go about getting that evidence? Well, they’ll have to approach tech companies or they’ll have to go through states to do so. So any thoughts you have on that? in general but also in relation to evidence would be really interesting to hear. Over to you.

Michael Karimian: Absolutely and thank you Harriet not just for facilitating today’s discussion but also for the important work of yourself and colleagues at Chatham House and the research project that you’re undertaking and of course thank you to Marko and colleagues at the Office of the Prosecutor for their essential work in developing the policy. It’s been a real privilege to witness and support that work from the outset and I’m very glad to be part of this discussion today. Evidence preservation and collection in cyber-enabled international crimes presents a number of technical, legal and operational challenges and I think Microsoft’s experience could highlight several critical roles that the private sector can play in effectively addressing these challenges. Roles that are explicitly recognized in the ICC OTP’s forthcoming policy on cyber-enabled crimes and also further expanded upon in Chatham House’s important upcoming research. First I think rapid identification and preservation of digital evidence are crucial just as Kati was touching upon. Cyber-enabled crimes can often leave behind digital traces that are quite ephemeral and easily lost, deleted or altered and a number of technology companies have developed quite sophisticated technical capabilities for rapid detection, attribution and preservation of digital evidence. For example at Microsoft our digital crimes unit the DCU routinely uses advanced threat intelligence, machine learning and sophisticated analytics to identify and preserve relevant evidence from cyber operations swiftly and accurately and these capabilities allow companies like Microsoft to secure time-sensitive digital evidence long before traditional law enforcement methods can respond and that’s a critical element which is highlighted in the OTP’s drug policy as essential for successful prosecutions. Second, in terms of attribution, which is one of the most complex challenges in prosecuting cyber-enabled international crimes, the private sector brings unique technical capabilities. You know, accurate attribution requires the ability to track and correlate activity across different digital infrastructures and jurisdictions. And Microsoft’s global telemetry and network visibility, which is detailed quite extensively in our annual digital defense report, enables quite granular tracking of cyber-threat actors, including state-sponsored groups and sophisticated criminal networks. This capability aligns with Chatham House’s research, which emphasizes the need for robust technical partnerships to enhance prosecutorial confidence and attribution. Third, the cross-border nature of cyber-enabled crimes demands unprecedented international cooperation, not only among law enforcement, but significantly with the private sector. And again, the OTP’s draft policy explicitly underscores the importance of such cooperation networks, where you see emphasis on the value of private sector expertise in navigating jurisdictional complexities. And, you know, at Microsoft, we have firsthand experience with such cooperation, including partnerships like our recent collaboration with Europol, where investigators are being directly embedded within the European Cybercrime Center. Those types of partnerships really help to streamline international evidence sharing and overcome procedural hurdles, which, again, has been identified by Chatham House as a major bottleneck in prosecuting cyber-enabled crimes. Finally, in terms of ensuring evidence visibility in court, as we just touched upon, again, that requires private sector entities to follow quite rigorous standards in digital forensics and chain of custody management. At Microsoft, we have been proactively investing in building evidence handling capabilities compliant with international legal standards, again, recognizing the emphasis both OTP and Chatham House place on meeting rigorous. legal thresholds for evidence collection and admissibility. You know, by sharing best practices and technical standards, I think companies can also help court to build robust, credible cases against perpetrators. I guess I’ll end by saying that the private sector’s role seems to really extend far beyond just, you know, sort of passive cooperation, and instead it must really involve quite active partnership in evidence collection, attribution, international coordination, and ensuring procedural integrity. And Microsoft’s experience seems to be relatively consistent with the OTP’s forthcoming policy and Chatterhouse’s comprehensive analysis, all of which I think demonstrates that strong public-private collaboration is advantageous, but also indispensable for effectively prosecuting cyber-enabled international crimes.

Harriet Moynihan: Thanks, Michael. And I think what comes out of your remarks there is the fact that the private sector are involved throughout the process, from the very beginning of an investigation right through to evidence being submitted to court in a trial. And it’s also that word partnership coming out again, and thank you for the example you gave of the partnership with Europol. I’d like to turn now to another sector, another actor, civil society, and to you, Katitza. You work for the Electronic Frontier Foundation, and it would be really interesting to hear about what role you see for civil society here, how they can help, and perhaps maybe what the ICC

Katitza Rodriguez: should learn from the experience of civil society in this area. Okay, so thank you for the very kind invitation. We are actually really glad to see the prosecutors that draft policy on cyber-enabled crimes, especially because it explains how technology can be used to commit or facilitate crimes. Crucially, it sticks to Rome statute crimes rather than creating new types of crimes. This is important because it helps guard against the very pitfalls we have witnessed when a state has adopted overly broad cybercrime laws that have been used at the domestic level to undermine human rights. We submitted comments on the OTP policy consultation together with Derecho Digitales. We came up with a few recommendations. From time, I will just share a few ones. One is, and I will focus on evidence in this case. First, evidence in this context must last. We are talking about 10, 20, 30 years. A video recorded today might remain courtroom ready for a long period of time, even 20 years from now. One mobile phone clip can expose a massacre and be published on YouTube. An algorithm can delete that proof forever. Second, the Rome Statute is crystal clear that every investigation must fulfill or respect international human rights law. Meaning that the prosecutor and the authorities must gather detailed proof and detailed evidence under a framework of necessity, legality, proportionality, legitimate aim, and transparency and, of course, oversight mechanisms which are embedded in international human rights law and standards. And third, overly broad surveillance and cybercrime status have jailed journalists and silent dissidents. The ICC should ensure not to rely on evidence gathered through such abusive surveillance powers and avoid risk legitimizing repression and intentionally undermining its own cases. It’s the time for everyone to work together. to ensure justice can be delivered. And I think this is a good way of working holistically in these cases. And why does it matter? Because if the evidence disappears or it is tainted by abusive surveillance powers, the perpetrator walk free and the Rome Statue promise to victims is broken. And that’s serious things. I’m thinking on the Guatemala National Police Archive, 18 million pages of paper records were discovered in a collapsed warehouse. Later, using prosecution from disappearance and crimes against humanity, we had an interview with Patrick Ball, which is a data scientist analyst on the Human Rights Data Analysis Group, who told us that regime files have been central for documentary and data analytic evidence in trials of former heads of state in a couple of countries, where he identified patterns of repressions. In those cases, former dictators, police, and military leaders were convicted of war crimes, war crimes against humanity, disappearance, and genocide. Without contemporaneous record, and Patrick told us, our work, his work, would have been immensely harder. The digital age has not changed that lesson. It has merely shifted the evidence from dusty papers to bites. And so they rely a lot on preservations and collaborations with the courts to preserve the evidence. So for lack of time, I will focus on just one topic, which is improper incentives to destroy evidence. But there are other topics that we like to talk about, territoriality or about joint investigations, too. But on the improper incentives to destroy evidence, we are concerned that sometimes routine platforms functions are threatened with criminal or civil liability, and companies. When this happens, companies try to comply, over comply with the law to avoid fines, steep fines. This creates an incentive for companies to mass delete information, content that can be used in litigation, that can be used, can serve as evidence in courts. The result is that the very material prosecutors need in a case is wiped and possibly permanently destroyed before any court can see it. This is a case study. We have concerns of this global liability concerns and their own concerns about community standards. Platforms are being incentivized to delete conflict-related materials on a huge scale. And a paper that we wrote a few years back, where we document how YouTube used a new automatic extremism filter that was purging channels and videos of human rights researchers and journalists documenting Syrian conflicts. So our recommendation to the OTP is not only to caution about free expression, but also to ensure about the risk of destroying important evidence and the risk from state-compelling companies or companies voluntarily destroying evidence that can be used in courts. And we ask that much good can come from collaboration. And one of the things that could be done that the OTP should avoid is incentivizing these blanket takedowns orders and instead should encourage platforms and states to honor public interest exceptions so that content with educational documentation or newsworthy information remains online, even if it is not public. even if it’s graphic. So some of that is some of our concerns. NGOs, there are a lot of NGOs working in humanitarian response and in conflict documentations, whether contemporaneous or after the fact, may also hold the last, that we should collaborate with those NGOs because they may hold the evidence. And there are needs to ensure that, for instance, and that’s the words of my colleague, of this friend, Patrick Ball, that it’s documented cases and they use change of command and way of ensuring that the evidence is authenticated and that it still can serve in the court. And it can be done with a preservation order without relying on mass surveillance or abuse of surveillance powers that will end up not only, that will end up also impacting human rights. And I will stop here because of the five minutes.

Harriet Moynihan: Thank you so much. Thank you, Katitza. And you’ve really underlined the importance of international human rights law, which is always good to hear, and the role of civil society and the importance of preserving evidence, which is difficult when these cases can take so long. And now we have another voice here from civil society as well as Chantal being a very impressive international lawyer. So I’d like to turn to you, Chantal. I know you work for Article 19 focusing on freedom of expression. So it would be interesting to hear if you have any thoughts on how that fits into this place. Also, if you have anything you want to pick up from Katitza and if there are potentially any things that the ICC needs to be bearing in mind when it’s prosecuting these cases. Yes, absolutely. Thanks and thanks everyone for joining us at lunchtime or right after lunchtime.

Chantal Joris: Yeah, so I wanna agree with Katitza for sure. We think it’s a very important initiative together with many other human rights organizations. We have documented extensively the way in which digital rights violations, freedom of expression violations exacerbate harms. for Communities Impacted by Conflict or Prosecution or Crimes against Humanity, Occupation, and so on. So, we have, Article 19, been calling systematically on accountability mechanisms, also, for example, the International Court of Justice, as it assesses genocide cases, for example, in South Africa against Israel, to consider also the role of the human rights violations, free expression violations, digital rights violations, even if they may, in certain instances, directly amount to genocide or one of the other substantive crimes under the Rome Statute, but they certainly can play such an important contributing factor, be it in directly carrying out these more, perhaps, kinetic crimes, but also in contributing to a culture of impunity, in concealing evidence, and in potentially prolonging the situation of conflict or prolonging the situation in which these mass atrocities can take place. So, good initiative. Also, it will also be an important contribution, I mean, you mentioned there are so many discussions about how international law can apply, does it have responses to these new technologies, evolving technologies, so it’s also a very important contribution to that general discussion, I think. I think, perhaps, three main comments. So, we have also recommended that the policy, and of course the ICC, focus perhaps a bit more on direct attacks. Marko mentioned critical infrastructure, that should include also, of course, ICT infrastructure. For example, there is such an increased use now of internet shutdowns through various means, kinetic means, non-kinetic means. and others who are working on the digital transformation of the internet, the digital transformation of the internet by using the internet as a genetic means that have extreme implications now in conflict zones and, again, other zones impacted by atrocity crimes. And those should really also be considered more extensively. In fact, two certain forms of online harms have on human rights defenders, on journalists, on specifically those communities that, specifically in very restrictive information environments that we, of course, often see in those settings. They are key stakeholders, of course, for the evidence, to bring evidence to the prosecutor. I also want to mention, we’ve talked about the role of private entities, technology companies, and the policy does mention them as an important potential partner. It is a reality. They often hold important evidence. They might be able to assist and cooperate in the prosecution, investigation of crimes. The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address. So, I think that that sort of big challenge that we are facing, given that we have tech giants that are essentially used by every institution and every conflict actor at the same time, that needs to be spelled out better, I think, in the policy. And there needs to be a recognition that the ICC doesn’t only rely on them, but also needs to put them on notice of legal risks that are involved with the proliferation of these services. How to avoid unintended consequences? Again, Katitza has touched upon it, the responses to cyber security threats, cyber crimes, very often fall short of international human rights standards, both in terms of the substantive offences, but also in terms of how they are investigated. So I think it’s very important that there is a clear distinction between the OTP being active in investigating, prosecuting crimes under the Rome Statute, but not being too generous in extending cooperation with any domestic authorities that could go beyond what is really covered by the Rome Statute. And as a last point, I think that just means that it’s very important that any human rights consequences are really carefully considered, that is through engagement, close engagement with civil society. We have this Article 21, Paragraph 3 in the Rome Statute, of course, that says in terms of the substantive crimes, but also in terms of any prosecutions, human rights need to be considered. I think there is much to learn as well from human rights bodies, taking the example of the idea of cyber torture, for example, has been quite extensively looked at under human rights standards. I think those are aspects that also the ICC can learn from and also avoid, we’ve talked about this yesterday, any fragmentation of how, for example, a torture concept in the cyber domain is understood as opposed to in the human rights aspect. Thank you, Chantal, and thank you for mentioning the impact on civilians and

Harriet Moynihan: journalists and human rights defenders. It’s obviously quite easy to have these conversations in the abstract, but victims are and should be centred to this. You also mentioned conflicts of interest and thinking about how to manage those when partnerships are put together, which which are very necessary. I’d like to have a bit of a more relaxed conversation with the panel now just for a short time before I open it up to questions. While I’m doing so, please be thinking of questions that you might like to ask, both those of you in the room and those of you online. I think there’s a Zoom facility for raising questions, so do have them ready. Marko, if I may come back to you, it’s clear that what we’ve heard is that there’s all sorts of different ways in which cyber-enabled crimes can be carried out. For example, a commander using his phone to send a message to his troops to incite genocide. But at the other end of the spectrum, perhaps a massive cyber attack which uses very complex malware. We’ve also heard about mass surveillance. Obviously the ICC’s resources are finite. Do you have a sense of which kind of cases might be prioritised? And this is actually to all of the panel, but Marko perhaps to start with you. Are there some types of cases that would particularly benefit from being prioritised here under the new policy?

Marko Milanović: It’s a really interesting question, Harriet. Of course, it’s one that I cannot answer by reference to anything going on right now in the sense of what the Office is actually investigating. I will say two things. First of all, even today, even the most traditional kind of kinetic crime cases will involve digital evidence. All of my predecessors talked about digital evidence as sort of being indispensable to modern investigations. That’s true. So every kind of investigation that, for example, was dealt with by the tribunals for Yugoslavia or Rwanda a couple of decades ago would today involve analysing people’s phones, analysing social media postings, analysing various kinds of cyber operations, digital records and so on. So in that sense, every single ICC case will have a huge digital aspect. Our policy, though, does not mainly deal with that. Like, so, I mean, the whole question of digital evidence is so big that our policy only touches upon it. So, again, our main focus is really on how can a person be held responsible for enabling an international crime by cyber means, or by committing an international crime by cyber means. And if the question is, what’s the best first case, you know, my own sense would be, it would actually be nice to start relatively small. You know, so Michael talked about attribution being like a huge issue in many cyber operations. You know, it will be really difficult to prosecute a case, a first case dealing with, you know, super sophisticated state actors who are very well versed in hiding their tracks. You know, you don’t necessarily need to start off that way. You know, a good way to start would be, for example, an Article 70 case, so a case about the administration of justice. Somebody hacks the court, which has actually happened a few years ago. You know, somebody falsifies evidence before the court uses AI to submit fake evidence to the court, intimidates witnesses or prosecutors or judges by using online means. Those are easier cases to deal with. And, you know, if it was up to me, you know, a first digital or cyber case would be something fairly modest rather than something enormous. But, you know, I think that’s a good way of testing various abilities and capabilities. But it really all depends on the facts. It really all depends on what the prosecutors have before them at any given time.

Harriet Moynihan: Thanks, Marko. Starting small sounds sensible in this area, which is pretty new and cutting edge, and establishing a good precedent would be good. Opening up to the other critics, what are your thoughts? Well, I’m not a prosecutor, but I have an idea.

Katitza Rodriguez: I’m not an expert on the Roma status, I will defer that to the experts, but an idea that I have and that we have been discussing in my office is that investigated use of cross-border malware campaign that are targeted against ethnic groups and against the diaspora community that have been used actually for transnational repression, but we are wondering to what extent to understand the scope and the impact of those campaigns against this ethnic group in order to see whether they may rise to the level of a Roma status crime or not. They may or may not, but there’s so much we don’t know about the scope and the scale and purpose of the use of malware in this context, so I would try to learn more of those details. And of course, we may find, as the policy seems to suggest, that some of these are facets of larger campaigns and persecutions that have both online and offline campaigns. And that’s why, just tying to the submission, when we were talking about the definition of cyber, we were saying that it can be used not only to directly harm people, but in order to identify targets from other attacks too. They could be used to locate targets for a physical attack, for physical persecution, but so we do envision and we hope that perhaps malware and other mechanisms would turn out to be part of this larger pattern again with online and offline elements. So it’s not only also about the data, it’s not just about the physical, but when it comes to, you know, attacks against ethnic groups that have led to actually death, disappearance and repression.

Harriet Moynihan: Thank you. And that actually relates to a question I had, which is, obviously, as I said, the ICC’s resources are somewhat limited, and the draft policy makes clear that the prosecutor’s only going to pursue the gravest cases, and in traditional cases that usually… does mean death and serious injury. But in the cyber-enabled crimes context, do we need to think about gravity more broadly or differently? Chantal, did you have any thoughts on that or on anything that Katitza said in this regard, which some of the points that Katitza herself was making?

Chantal Joris: I mean, perhaps I would agree with Marko starting small is a good idea. I think also starting small could mean, again, for example, prosecuting a crime against humanity and explicitly recognising the chapeau elements, like what are indications of a widespread systemic attack on the civilian population that is needed for a crime against humanity? And there, looking at questions around internet shutdowns, mass surveillance and so on, or looking at a war crime around impeding humanitarian assistance, looking at has this happened also through attacks. So it could also be another way to just more emphasise that role in the commission of more kinetic attacks. I think also when it comes to what you mentioned around the assessment of harm, assessment of gravity is obviously very complicated as we have these more sort of kinetic, physical notions of harm. I think at least, I mean, there are so many, on the one hand, indirect consequences. Again, a shutdown might, you know, kill someone because they can’t communicate with the hospital, or even further down the line, there can be psychological consequences. So other types of harms, but I also think we should not completely forget any sort of broader societal impacts, economic impacts. They might not neatly fit under any of the crimes under the Rome Statute, but I do think they need to be considered as well, and the ICC should be cognisant of those broader effects of what a mass surveillance campaign can produce within a population, and consider those aspects as well.

Harriet Moynihan: Thank you. Katy, as a prosecutor, I can’t resist asking you, what would be your sort of first kind of case? What would you be? I suppose there’s no such thing as an easy case, but perhaps one of the priority cases in this area. Do you have a sense for that?

Kati Reitsak: Yeah, I think that at first, as a national prosecutor, if I were a national judge, I would really like the ICC to show us the way by choosing whether a war crime or a crime against humanity. Because this would give us, kind of the ICC, the more broader possibility to say the essence of this new terminology that is being used, like cyber-enabled and how will it start to fit in ICC’s work. And I also want to say that I think that national courts can look up to ICC as a kind of beacon leading the way and being maybe encouraged by the ICC’s very systematic approach to cyber-enabled international crimes. If we are talking, of course preferably, I would not have any cases of war crimes or crimes against humanity, but in Estonia you would have to take into account the very, very strict in absentia rules. So I think this is also, and it depends of course on the state, on the rules, but for example in Estonia you cannot indict anyone unless you have pressed charges and the person has been present to see the charges and has had the possibility to personally get acquainted to the material of the criminal investigation. And then maybe later on, maybe in trial stage, if this person has been present to see the criminal investigation and has had the possibility to personally get acquainted to the material of the criminal investigation and has had the possibility to personally get acquainted to the material of the criminal investigation. If this person then leaves, then we can kind of carry on without him or her. But yeah, the rules in national courts are even sometimes a bit more stricter than in international courts, if we are talking about. So I would choose a case where I would have a suspect, like present. So this is definitely something that I would choose. Also, a war crime and a crime against humanity. Maybe a war crime episode could be more individual. You don’t have to have that many aspects. It doesn’t have to be very, very large-scale. For example, if we are talking about genocide, I think that the burden of proof there is much higher and much more difficult to obtain, for example, than if we are talking about war crimes or crimes against humanity. So definitely, I agree with Marko that it should be smaller, start with small steps, but still significant enough to lead the way.

Harriet Moynihan: Yeah, thanks, Kati, for thinking about some of the practical and procedural issues that come up in these cases. And you mentioned about having the suspect in the jurisdiction. Obviously, in the cyber context, often these operations are carried out remotely. Certainly, if we’re thinking about a cyber attack, and that can be one of the problems that the suspect is in a jurisdiction that refuses to extradite. So I can see why you’d like that as a starting point. Michael, I’ve been leaving you a long time. Thank you for being patient. But I had a question for you, which is for all the panel, but to you to start with, which is really to think about the ICC’s policy more broadly. What are the wider benefits? Do we think there are wider benefits? Do you think states will embrace this? We have heard from Kati that this policy could lead the way. And I certainly think it is groundbreaking and significant. Do you see it as having impact beyond just the ICC?

Michael Karimian: So, in brief, the answer is yes, Harriet. Firstly, I’ll just maybe turn to the other questions you’ve posed to the panel. In terms of prioritising cases, absolutely a long-term view is essential. In an ideal world, once the policy has been released, we would see dozens of cases in front of the court, but of course, perhaps that’s not so likely. Ultimately, it’s up to the prosecutor to decide which cases to prioritise, but one way to think about it would be cases that involve widespread harm to critical infrastructure, as Chantal mentioned, but also critical services such as healthcare, humanitarian organisations or essential utilities. Those are sectors we already see being highly targeted by threat actors anyway, and there are two reasons why I think it’s beneficial to focus on such cases. One is that these attacks pose substantial risks to human life and wellbeing, even if their immediate physical harm might not seem as direct as traditional kinetic violence. Also, prioritising such cases sends a clear international signal about the unacceptable nature that such cyber operations pose when they endanger civilian populations. Again, just briefly, Harriet, on the question of gravity, of course traditional definitions focus on physical violence and direct casualties, but of course cyber-enabled crimes can lead to severe, widespread and prolonged disruptions of essential services, as well as significant economic damage and psychological impacts, again, as has already been mentioned. And so I do think we should consider how such assessments can incorporate not just immediate physical harm, but also the scale, scope and duration of those indirect humanitarian consequences that cyber-enabled crimes can cause. That’s something which perhaps we need to expand upon further. In terms of that question you mentioned there, Harriet, of wider benefits of the ICC’s involvement, I am optimistic that states will embrace the ICC’s initiative on cyber-enabled crimes, because these threats affect everyone really, they transcend borders. There will undoubtedly be challenges and sensitivities around sovereignty and jurisdiction. But despite this, the ICC’s involvement can significantly enhance the legitimacy of international efforts to hold cybercriminals accountable, and quite importantly, to set legal standards and precedents elsewhere. Additionally, I think the ICC’s focus can simulate more robust national action. So Estonia leads the way in its application of the principle of universal jurisdiction. We’d love to see more countries taking such action. Perhaps we will see that. But of course, other benefits we might see include fostering better cross-border cooperation and encouraging public-private partnerships, all of which I think would ultimately contribute to greater global cybersecurity and resilience.

Harriet Moynihan: Thank you, Michael. Thank you for addressing all of those points. And I’m thinking through a bit how this policy could have wider benefits. I’d like to hear from you as well. We start with you, perhaps, Katitza, about the idea of the policy leading the way and having wider impact. So, yeah. Well, I agree with the prosecutor about a specific case that will lead the way, but I want to build upon the last speaker’s comments. I think it’s clear that every year that computer systems are used in various ways in committing, like, mass killings or all kinds of crimes under the Rome Statute. And I think there will be many, many more cases as technology advances and the prosecutors and the authorities start investigating those cases.

Katitza Rodriguez: But at some point, I think, when I was reviewing the draft policy, the OTP mentioned that military cyberattacks targeted against civilians, perhaps including civilian ICT systems, civilian data, and groups of civilians, could conceivably constitute war crimes. even without causing tangible physical injury. And we think that this perspective is useful because of just how important ICT systems are in people’s life, culture, family, life. It’s not just like a hobby, it’s part of how communities and society organize themselves and talk to themselves. And it’s also about organize themselves when there is like a bomb coming and we need to leave the area and maybe we need that mechanism of communication to be able to go to a safe place. And being cut off of that is just like problematic. So cyber attacks against communications infrastructure but also against data or things that will not allow people to get health information or information that is crucial to get timing could be really problematic. And that may lead eventually to personal injury but not directly and I think that’s equally important.

Harriet Moynihan: Thank you. Before we open it up, Kati, Chantal, I’d be interested in your thoughts on this sort of wider question. I mean the question about whether states would be interested in this policy, whether they will be leading the way. There have actually been some states, I should say, that have prosecuted war crimes which involve cyber means. So for example, fighters in Syria who have been filming pictures of dead bodies or maimed bodies and putting them online. They’ve been prosecuted in France and the Netherlands and I think Norway as well actually. So it would be interesting to hear your thoughts on this as a state prosecutor.

Kati Reitsak: Okay, thank you. As Katicia very well pointed out that our societies are changing and the values that we kind of tend to take granted like with all this information technology systems, they are totally different than for example, 10 or 20 years ago. But if you think of the judiciary system. in many countries, the people who are working in judiciary, for example, judges, this is a position for life. So, it means that we might have in the judiciary system very many people who are not, like, they don’t feel comfortable with dealing with this digital era that has dawned upon us, right? So, more and more we have to rely on technical expertise as well. So, I think that, and it’s probably the same in every country, that there always will be people who are willing and wanting to learn and to develop their knowledge. And I think that we should be, and we should help them and assist them. And of course, the private sector’s assistance, the trainings, the investigators have to be trained. So, from a very practical viewpoint, as you pointed out, yes, there are videos and it’s not that complicated to to see whether it’s authentic and what’s the metadata behind this video or a photograph. But still, as they are going more complex and complex, and as you pointed out, these foreign actors, they might be cross-border, we will never see them. And we will have to tell and explain to the court how exactly a very, very sophisticated digital attack has been committed. It definitely needs high-level expertise from outside of the investigative authorities. And just on that point, I would like to point out that, for example, in Estonia, we have a cyber crimes unit in our central criminal police, right? But international crime is being investigated by security service. totally different authorities, with totally different kind of, not background, but their data and their intelligence and their focus is on different things. Therefore, if we are talking about very successful investigations, we also have to see that siloing your data and information between investigative authorities is not an answer, you have to also cooperate and exchange the knowledge that one or the other unit actually has in order to have a successful investigation.

Harriet Moynihan: Thank you. So, joined up not just in a cooperation between states, but even within a state. Yes, very interesting. Thank you. And Chantal, over to you for any final thoughts on this. Yeah, I think from the perspective of civil society, I think we can, also for us,

Chantal Joris: we can use the policy as well in our advocacy. We have plenty of conversations about the role of taking on conflicts. For example, we had one two days ago at IGF itself. So, I think it just helps also to complete the picture from different angles. And also, Kati, you mentioned that it might also be leading the way in terms of the domestic authorities. The ICC has so many jurisdictional constraints plus this element of gravity that you mentioned that makes it a fact that they will not be able to prosecute that many cases. So, I think I find it also very interesting to think about strategic litigations in front of domestic courts under universal jurisdiction provisions. And then, we have the policy showing that it is not something totally far-fetched. And it contains a lot of interesting examples that can be used to think about how we can push the needle further in this aspect. Thank you so much. Well, we’ve got lots of food for thought there.

Harriet Moynihan: And thank you to the panel for coming. for setting us up for the Q&A. So now is the chance, if you’d like to raise a question. We have a microphone here. We already have one questioner. That’s perfect. So feel free to form a queue if you’d like to raise a question. And also, for those of you joining us online, please do type in your questions to Zoom and Chelsea, my online moderator, will help to get those to us. So if I could turn to the first questioner to say your question, please.

Audience: Yeah, Joeri Bokovoy from the Finnish Green Party. Chantal mentioned about crimes against humanity or human rights violations in suppression of information networks. One thing that comes to mind is in, and this is the question more, I guess, to Marko, in which, I guess, capacity does this apply to also partial suppression of network, which we have seen, especially recently in the Southeast Asian territories, where internet shutdowns have been used to push users more to telecommunications in traditional way, which are more easy to surveil and break their privacy in that way. And I have a second question about, Katitza was mentioning the removal of evidence by social media platforms. There are known cases of organized crime being perpetrated or conspired through gaming platforms as well, like the PlayStation Network or different other services, which a lot of them don’t even record or monitor the voice chats, because it’s much cheaper for them to either turn it off in the regions where they’re forced to or just leave it on and not deal with it at all, and basically wash their hands in the regions where they’re not. What can be actually done about that?

Harriet Moynihan: Thank you very much for both questions. So the first question was about… the suppression of networks and internet shutdowns, and thinking about how the proposed policy might be relevant to that. And Marko, perhaps if I turn to you on that one

Marko Milanović: initially. Well, thank you. I mean, it’s an excellent question. So I have to preface it, though, by doing this horrible lawyerly thing, which is to make some… Marko, we’ve lost the sound. I’m not sure if you’re muted. It’s okay, your end. It might be our end. Just give it a minute. Testing. You’re back. Yes. Perfect. Thank you. Good. So the key point I want to make is that most internet shutdowns are human rights violations, right? In particular, they violate freedom of expression. To date, of the examples of various internet shutdowns that many states have done, it is really difficult to find an example of an internet shutdown that could be justified in human rights terms. So most internet shutdowns violate human rights in a relatively straightforward way. However, it is difficult to say, though, that every internet shutdown is a crime for which individuals accrue responsibility at the international level. For example, a crime against humanity. A crime against humanity is defined, for instance, as an act which takes place in the context of a widespread or systematic attack against the civilian population. Crimes against humanity include, for example, things such as murder or extermination. They could include persecution, which is a discriminatory denial of fundamental rights. And one could think of an extreme type of an internet shutdown that could qualify as, for example, persecution. But the vast majority of internet shutdowns will not be criminal. and many others. So that is the sort of point I would make. Remember our policy is not about human rights online, it is about international crimes committed by cyber means. And so only a smaller subset of human rights violations in the digital context will actually accrue criminal responsibility directly under international law. There might again be some shutdowns that could be justified. You saw, for example, how a few days ago Iran shut down the internet on its territory in order to stop cyber attacks from Israel, right, in the context of an armed conflict. That is one of those rare situations where you could think of a justified shutdown, maybe, maybe. Yeah, again, so the fact that most internet shutdowns violate human rights does not however translate to an international crime is the point I would make.

Harriet Moynihan: Thanks Marko, very clearly explaining the distinction there. The other question was about the removal of evidence by social media and the question I mentioned in particular gaming platforms and the fact that they do not even monitor voice chats sometimes, so there is this problem with having evidence and retaining it. I do not know if any of you would like to either pick up on that question or the question about internet shutdowns. Of course, Katitza, you had mentioned this issue of internet shutdowns, so do you have any thoughts on that question?

Katitza Rodriguez: No, I was mentioning more whether it rises or not to a Roma statute crime, and that was more my question from the prosecutor because we are not like super experts on all the court cases that are under the Roma statute right now, so it was whether or not it could potentially rise. I did not understand the question on evidence, on platform, what was the question? I think it was about the fact that you had been talking about preservation of evidence and that sometimes social media platforms have been accused of deleting evidence. With gaming platforms, that might be a problem because sometimes they have even less sort of transparency around what they are doing and they may not even be retaining, recording the evidence at all. We don’t want retention. Retention is different than preservation. Preservation is linked to a specific crime. It’s for a specific period. It’s not mass surveillance. So I don’t know if he is specifically concerned about… What we say in EFF, if it did exist, it will be low access to that data. Some companies have certain policies about how long they retain certain data. Now, when we ask preservation, you know, is when there is like… They don’t have all the necessary information right now to probably… But they ask authorities to preserve it for a period of time for a specific investigation. The nuance in the Romance Statute is that these crimes take 20, 30 years. It’s not crimes that come very fast. They take years and years to change in governments and be able to persecute someone. And how we preserve the evidence and how that will work, how we do a change of cost and custody in a way that, for instance, civil society, who may be more up to date with where evidence and violations have happened, can learn from the traditional human rights in Europe, who have been doing Romance Statute for years, documenting abuses, and trying to do it in the digital age with a chain of custody and all the knowledge that we have about harsh metadata and trying to have these standards. So whenever is the time to bring the case to justice, the evidence can pass a test that the court settles for admissibility of evidence in the court. And that was my point. Not to try to establish laws that will… And I don’t know if that was his concern, that will record all chat or voice communications on all platforms, because that will be the…

Harriet Moynihan: Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Katitza Rodriguez, Michael Karimian Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian

Chantal Joris: Chantal Joris that also, or alignments, that will also favour one side of the conflict over the other. And that’s even on the moderation level and then, of course, even if moderation or removal might be justified then there’s a question around how do you preserve that sort of evidence, what sort of mechanisms you have in place with accountability mechanisms or certain vetted CSOs or international courts so that evidence doesn’t get lost. And again, we’re often talking about extreme… extremely restrictive information environments where journalists are threatened, killed, have to go into exile, where the only evidence that you have really comes from those users that simply witness what’s happening.

Harriet Moynihan: Thank you. And I suppose just one point that’s come out of our Chatham House research is that some of the bigger companies have quite sophisticated systems for at least holding evidence and for providing that evidence to law enforcement, whereas some of the smaller companies, and you mentioned the gaming platforms, but there may be other smaller companies who just not as set up for this. Their procedures aren’t perhaps ready and there may be a role for training and cooperation around those issues. We don’t, as far as I’m aware, we don’t have any questions online yet, so I’m going to throw it back to you, the in-person audience, and we have a question over to you.

Audience: Yeah, good afternoon everyone. I’m Aaron Clements-Hunt. I work for the Heartland Initiative. Thank you Harriet and all the panelists for a really thought-provoking discussion so far. My question is to Michael. There seems to be a pretty clear tension between Microsoft’s admirable work in partnership with the ICC and their now well-documented involvement or links to cyber-enabled crimes. I’m talking in particular about the fact that since the Hamas attack on Israel in October 2023, Microsoft has surged capacity and services to Israeli state entities, including the Ministry of Defense and the IDF. So my question, Michael, is, is Microsoft really in a position to lead private sector efforts to address international crimes enabled by cyber operations when the company itself can be credibly linked to those very crimes? Thank you. So Michael, I didn’t go to you before on the questions we had earlier, so

Harriet Moynihan: feel free to pick up on any of the ones we’ve had already, including the idea of companies cooperating on evidence. But that question was obviously about this question I suppose that came up earlier about the sort of potential for conflicts of interest. how tech companies approach those. As we’ve heard, tech companies are important in this space, their cooperation is vital. But at the same time, it’s important that conflicts of interest are managed. So if you could talk to that. Thank you, Harriet. Glad to do so.

Michael Karimian: Firstly, in terms of the question on internet shutdowns, I really appreciated Marko’s articulation of the way in which the policy will likely relate to internet shutdowns, just broadly, if anyone is interested on this topic. Access Now has done tremendous work in its coalition and campaign in shedding light on the impacts and widespread use of internet shutdowns. And that’s available online at their Keep It On webpage. Definitely encourage colleagues and interested stakeholders to take a look at that. In terms of the earlier question as well on online gaming platforms, historically, the issues we’ve seen there have more fit into the categories of child sex abuse material online, so CSAM, as well as terrorist and violent extremist content, TBEC. But that’s not to say that actually we won’t see connections to the crimes relevant to this policy, more crimes, crimes against humanity and genocide in online gaming platforms, if we take a very long term view as to how actors may engage in those platforms in the long term. As some stakeholders might know, UC Berkeley’s Human Rights Center just submitted evidence to the OTP in relation to a case in Mali, evidence in Mali, which really demonstrates the use of multimedia and outrages upon personal dignity. And actually, it’s possible to see how you would witness similar uses of multimedia in online gaming platforms, too. And so this question of retention in such platforms is really critical. And so, just as you touched upon, Harriet, how companies of different sizes This is a really important topic and I appreciate that it has been brought up. There has been a lot of information in the public domain about this, and Microsoft recently published a blog post in the past month or so, which is available online, and of course I would encourage anyone interested to please take a moment to read that. The blog post seeks to provide insights to the work that Microsoft has been doing to better understand the issues. So for example, we’ve hired an external third party to undertake an independent assessment to identify the extent to which the allegations that came out in the press in January and February were truthful, and as well the company has been undertaking its own investigations in this space by engaging with Microsoft’s subsidiary in Israel, and with that it was found that actually there is no direct connection between the provision of Microsoft services and the conflict in Gaza, and there is work now underway to improve how human rights due diligence is applied in these contexts built upon the company’s long-standing human rights policies and practices. To the kind of question, Aaron, which you pose as well about the conflict of interest and tensions here, and Harry, you picked up on this earlier, this also came up in the discussion so far, that this is a challenge whereby these large platform companies provide products and services to a wide range of customers around the world, and those customers in turn can use products and services in harmful ways. This is a challenge that has existed across how companies apply the UN guiding principles on business and human rights. an extent to which they can effectively conduct human rights due diligence and, where needed, have remedy and transparency in place. This is not unique to the issues that we’re discussing here in the context of the ICC’s, OTP’s upcoming policy but it does demonstrate I think not just the responsibility that companies have. Companies of course have a responsibility to respect domestic law, they also have a responsibility to respect international law including international criminal law. And when Microsoft’s human rights policy was last debated, which I believe was 2019, and the policy is available at microsoft.com slash human rights, intentionally the wrong statute was included in the list of human rights frameworks and individual conventions and frameworks which the company looks to when it seeks to uphold its corporate responsibility to respect human rights. And so that recognition is there and this policy I think will go a long way to assisting technology companies including Microsoft among others to be better at respecting international criminal law as well as identifying the role that they can play in helping all actors address cyber-enabled crimes. Thank you Michael and I recommend that blog post

Harriet Moynihan: as well. We are also going to have another opportunity to go to in-person questions if there are any questions. I think there was one over there so thank you. If you’d like to say where you come from before you say the question thank you. Of course, I also want to remind you that there are two more people who want to ask the questions. Thank you so much for an excellent panel.

Audience: My name is Vilda and as a criminologist I’ve spent a lot of time looking at traditional crime versus cybercrime and the differences between them and obviously there are a lot of similarities but in my opinion cybercrime has so many unique elements to it that it’s hard to sort of treat them the same way. So I would love to hear your thoughts on this. When setting up a system to deal with cybercrime, where do we, in which part can we use the tools that we already know and where do we have to start from scratch? Thank you. Thank you. And now Kati, I’m going to go to you on that but

Harriet Moynihan: you’re very welcome to touch on any of the things that we’ve heard in all the questions if you have thoughts. I mean it’s similar to the point in a way that we were talking about organized crime and cybercrime but if in your experience you’re seeing anything that’s, you know, some of the unique features that the questioner mentioned and how those can be addressed.

Kati Reitsak: Thank you for the question. Yes, it might seem and it definitely is that investigating cybercrime, there are so many nuances that one must know in order to get the evidence from the private partners, in order to seize the evidence quickly, as I said, as it is very, very prone to being deleted. So, this is the cooperation part which in some ways is the same but investigators have been training, have had extensive training also on how to, for example, seize digital devices in order not to compromise the material that is in the digital devices. Also, we should not forget digital currency because we have to, as organized crime and crime in itself, you know, there is financial interests moving in these circles also and in order for the crime not to pay, states also have an obligation to seize possible criminal assets, whether they are in a physical or crypto form also and this needs a specific knowledge and training. and our investigators in cybercrime units are trained to do that. But in the end, sometimes it all comes down to the good old ways of collecting evidence. For example, you have to have, as these are all covered crimes, you don’t necessarily have a victim if we’re talking just about cybercrimes. And who could point out the actor, you need intelligence. You need good old-fashioned intelligence, which is very difficult to get if these actors are not in your own country. And this, of course, then intelligence agencies and their partnerships are coming to role. If we are talking about organized crime, cyber-enabled international crime, I wanted to point out this aspect before. And also, when civil society was talking about communicating with victims and witnesses, actually, and collecting evidence themselves. In a matter of trust, it’s also important not the partners only to trust each other, but the victims and witnesses to trust the law enforcement in order to turn to us. Because in many countries, it’s not like that. In Estonia, we see that most people, we trust law enforcement and we don’t fear retaliation if we turn to the police, right? But it’s not like that in many countries. So, even if we have, for example, citizens of other countries who are on Estonian territory and could be valuable witnesses or victims of international crimes, it’s also difficult to gain that trust. Because they’re in a foreign country, they don’t know. They don’t know what’s going on, they don’t know the traditions or the background. So this is also something we have to address as law enforcement representatives. Also, if we are talking that digital evidence might disappear, so can human evidence disappear. Because judicial systems are very different of how we accept a person’s testimony. For example, if we go to trial in Estonia, just this written paper, maybe in pre-trial phase, this means nothing, it’s nothing, unless I have to bring the person into court, they have to be cross-examined, and then it will be like good evidence. Otherwise, I will not be able to use this kind of pre-trial piece of paper testimony, maybe only if the person is dead, or yeah, maybe, that’s about it. But this is our own national kind of specifics, every national system has its own. So we have to think about preserving human evidence as well. Maybe because you are absolutely right, after 10, 20 years, 30 years, these crimes against, I’m sorry, these international crimes, they don’t have any statute limitations.

Harriet Moynihan: Thank you, and interesting to hear some of the similarities as well as the differences and unique features. Now we haven’t got many minutes left, so we’re going to have the two questions together, and if you could be brief, and the responses will be brief, then we can stick to time. Over to you.

Audience: Yes, thank you. My name is Christian Faizili, I’m a public prosecutor from the Democratic Republic of Congo, and thank you for the insightful presentation and discussion. The situation in the DRC, as you know, recently, our courthouse has been destroyed when the M23 took over the town. So I would like to know how can prosecutors prove command responsibility via digital traces if our forensic labs in Goma and Bukavu are destroyed? Another one is how can Article 28 of the Rome Statutes apply for foreign officials enabling civil war crimes? If not, how do we close these impunity gaps? Thank you very much. Thank you. Hi, my name is Meredith. I’m with the Business and Human Rights Resource Center. Thank you for this fantastic panel. My question actually is for Marko about any updates to the draft policy. Chantal had pointed out that the language is very much in favor of corporate cooperation for getting what’s needed in order to effectively implement the new policy. But is there a shift now that we can expect in relation to accountability, given, as you mentioned, that making sure that individuals are accountable for these crimes is the key ethos behind the document as such, including tech executives who may be involved in execution of some of this, whether or not there is explicit instructions coming from a state? Thank you.

Harriet Moynihan: Thank you very much to both of you. Given time, we’re going to have very quick responses. Marko, I think one of those questions was directed to you, but if you wanted to pick up on any of them, then please do. I just have one minute.

Marko Milanović: Sure. On superior responsibility, I would simply direct you to looking at the draft policy. The draft policy directly addresses questions of liability for modes of liability other than direct commission, and it includes a discussion of superior responsibility. So we do think that an individual can be responsible by those means by article 28 of the statute, including for cyber-enabled crimes. I will not talk about specific situations though. On the question of corporate actors and accountability, we have had very productive engagement with civil society organizations in particular, those focused on business and human rights, and we took their comments on board, and you will see the exact formulations the policy will use when the final text comes out, but I can assure you that the policy does include language that acknowledges the potential criminal responsibility of corporate executives. Thank you, Marko, and thank you for being brief. I’m sure that we all have further comments, but I’m very conscious of time, so I would just like to take this moment to do a bit

Harriet Moynihan: of summing up before we close. I think we’ve heard that existing international criminal law is very much fit for purpose and able to deal with cyber-enabled international crimes, and we look forward to the proposed policy coming out, but we’ve also heard a lot about the challenges, a lot of which relate to the cross-border nature of these crimes and the digital evidence and managing that. We’ve been reminded about the importance of international human rights law and also conflicts of interest in managing those. Above all, cooperation networks are vital, and we’ve heard about the importance of partnerships and given many examples of those, and I’m sure there will be more to come as they’ll need to be strengthened in order to tackle these kind of crimes. So we look forward to not only the policy itself, but the influence it will surely have on different national jurisdictions as they think about how to prosecute cyber-enabled crimes. It remains for me to thank you in the room for actively participating and for your questions, to thank those of you who joined us online, and to thank this wonderful panel. If you could join me in thanking them. And finally, thank you to Microsoft and the International Criminal Court for co-hosting this event, and I’ll end it there. Thank you. Thank you.

Agreement points

Starting with smaller, less complex cases for ICC prosecution

Speakers

– Marko Milanović
– Kati Reitsak

Arguments

Starting with smaller, less complex cases like Article 70 offenses against the administration of justice would be preferable to establish capabilities before tackling sophisticated state actors

War crimes or crimes against humanity cases would be preferable starting points as they provide broader possibilities for establishing new cyber-enabled crime terminology

Summary

Both speakers agree that the ICC should begin with more manageable cases rather than highly sophisticated cyber operations to establish precedents and test capabilities

Topics

Legal and regulatory | Cybersecurity

Importance of partnerships and cooperation in cyber-enabled crime investigations

Speakers

– Kati Reitsak
– Michael Karimian
– Katitza Rodriguez

Arguments

Personal connections and trust between partners are essential for successful cross-border investigations, requiring swift action and reliable information sharing

Strong public-private collaboration is indispensable rather than merely advantageous for effectively prosecuting cyber-enabled international crimes

Civil society organizations hold crucial evidence and documentation that may be the last remaining proof of atrocities, requiring collaboration with prosecutors

Summary

All speakers emphasize that successful prosecution of cyber-enabled crimes requires extensive cooperation between various stakeholders including states, private sector, and civil society

Topics

Legal and regulatory | Cybersecurity | Human rights

Evidence preservation challenges in cyber-enabled crimes

Speakers

– Michael Karimian
– Katitza Rodriguez
– Kati Reitsak

Arguments

Digital evidence in cyber-enabled crimes is ephemeral and easily lost, requiring rapid identification and preservation using sophisticated technical capabilities

Evidence must remain admissible in court for decades, but algorithms and platform policies can delete crucial proof forever

Investigators must preserve and collect evidence following rigorous standards to ensure full admissibility in court, especially given that digital evidence is heavily contested

Summary

All speakers recognize the unique challenges of preserving digital evidence that can be easily lost or deleted while ensuring it remains admissible in court proceedings that may occur years later

Topics

Legal and regulatory | Cybersecurity

Support for ICC policy focusing on existing Rome Statute crimes

Speakers

– Marko Milanović
– Katitza Rodriguez

Arguments

The ICC Office of the Prosecutor is developing a policy to address international crimes committed through cyber means, focusing on genocide, war crimes, crimes against humanity, and aggression rather than ordinary cybercrime

Civil society supports the policy’s focus on existing Rome Statute crimes rather than creating new crime categories, which helps avoid overly broad cybercrime laws that undermine human rights

Summary

Both speakers support the approach of applying existing international criminal law to cyber-enabled crimes rather than creating entirely new categories of offenses

Topics

Legal and regulatory | Human rights | Cybersecurity

Similar viewpoints

Both civil society representatives emphasize the critical importance of maintaining human rights standards in cyber-enabled crime investigations and prosecutions

Speakers

– Katitza Rodriguez
– Chantal Joris

Arguments

All investigations must respect international human rights law frameworks including necessity, legality, proportionality, and transparency with proper oversight mechanisms

Internet shutdowns and mass surveillance often violate freedom of expression and can exacerbate harms for communities impacted by conflict, though most don’t rise to the level of international crimes

Topics

Human rights | Legal and regulatory | Cybersecurity

Both speakers acknowledge the dual role of technology companies as both essential partners in investigations and potential contributors to the crimes being investigated

Speakers

– Michael Karimian
– Chantal Joris

Arguments

The private sector plays crucial roles in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in cyber-enabled crime investigations

Tech companies often provide services to conflict parties while simultaneously holding evidence needed for prosecutions, creating complex conflicts of interest that must be managed

Topics

Cybersecurity | Legal and regulatory | Human rights

Both speakers see the ICC policy as having significant influence beyond the ICC itself, serving as guidance for national jurisdictions

Speakers

– Kati Reitsak
– Harriet Moynihan

Arguments

National courts can look to the ICC as a beacon leading the way and be encouraged by its systematic approach to cyber-enabled international crimes

The policy represents a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents

Topics

Legal and regulatory | Cybersecurity

Unexpected consensus

Private sector as indispensable partner despite potential conflicts of interest

Speakers

– Michael Karimian
– Chantal Joris
– Katitza Rodriguez

Arguments

Strong public-private collaboration is indispensable rather than merely advantageous for effectively prosecuting cyber-enabled international crimes

Tech companies often provide services to conflict parties while simultaneously holding evidence needed for prosecutions, creating complex conflicts of interest that must be managed

Companies face improper incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it

Explanation

Despite representing different perspectives (private sector vs civil society), there is unexpected consensus that private sector involvement is essential while simultaneously acknowledging the serious conflicts of interest and challenges this creates

Topics

Cybersecurity | Legal and regulatory | Human rights

Need for technical expertise from outside traditional law enforcement

Speakers

– Kati Reitsak
– Michael Karimian

Arguments

Successful investigations require judicial frameworks with international partners and extensive technical expertise from outside investigative authorities

Attribution is one of the most complex challenges in prosecuting cyber-enabled crimes, requiring ability to track activity across different digital infrastructures and jurisdictions

Explanation

A state prosecutor and private sector representative unexpectedly agree that traditional law enforcement lacks sufficient technical capabilities and must rely on external expertise, representing acknowledgment of institutional limitations

Topics

Legal and regulatory | Cybersecurity

Overall assessment

Summary

There is strong consensus among speakers on the fundamental challenges of cyber-enabled crime prosecution, the need for multi-stakeholder cooperation, evidence preservation difficulties, and the value of the ICC policy as a guiding framework. Agreement spans across different sectors (prosecutors, civil society, private sector, academia) on core operational and legal principles.

Consensus level

High level of consensus with significant implications for successful implementation of cyber-enabled crime prosecution. The broad agreement across diverse stakeholders suggests strong foundation for developing effective international cooperation mechanisms and legal frameworks, though practical implementation challenges around conflicts of interest and technical capabilities remain to be addressed.

Different viewpoints

Case prioritization strategy – complexity vs. scope

Speakers

– Marko Milanović
– Michael Karimian

Arguments

Starting with smaller, less complex cases like Article 70 offenses against the administration of justice would be preferable to establish capabilities before tackling sophisticated state actors

Cases involving widespread harm to critical infrastructure and essential services should be prioritized as they pose substantial risks to human life and send clear international signals

Summary

Marko advocates for starting small with less complex cases like administration of justice offenses to build capabilities, while Michael argues for prioritizing cases with widespread harm to critical infrastructure that send stronger international signals, representing different strategic approaches to establishing precedent.

Topics

Legal and regulatory | Cybersecurity

Evidence preservation approach – targeted vs. mass retention concerns

Speakers

– Katitza Rodriguez
– Michael Karimian

Arguments

Companies face improper incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it

Digital evidence in cyber-enabled crimes is ephemeral and easily lost, requiring rapid identification and preservation using sophisticated technical capabilities

Summary

Katitza focuses on the problem of over-deletion by companies trying to avoid liability, advocating for targeted preservation orders, while Michael emphasizes the need for rapid technical preservation capabilities, representing different perspectives on balancing evidence preservation with privacy concerns.

Topics

Human rights | Legal and regulatory | Cybersecurity

Unexpected differences

Scope of gravity assessment for international crimes

Speakers

– Michael Karimian
– Chantal Joris

Arguments

Cases involving widespread harm to critical infrastructure and essential services should be prioritized as they pose substantial risks to human life and send clear international signals

Internet shutdowns and mass surveillance often violate freedom of expression and can exacerbate harms for communities impacted by conflict, though most don’t rise to the level of international crimes

Explanation

While both speakers acknowledge that cyber operations can cause significant harm beyond direct physical violence, they disagree on how broadly to interpret gravity. Michael advocates for including infrastructure attacks with indirect humanitarian consequences in prioritization, while Chantal is more cautious about expanding the scope, emphasizing that most digital rights violations don’t rise to international crime levels despite their serious impact.

Topics

Human rights | Legal and regulatory | Cybersecurity | Infrastructure

Overall assessment

Summary

The discussion reveals relatively low levels of fundamental disagreement, with most tensions arising around strategic approaches rather than core principles. Main areas of disagreement include case prioritization strategies (starting small vs. high-impact cases), evidence preservation approaches (targeted vs. comprehensive), and the scope of gravity assessment for international crimes.

Disagreement level

Low to moderate disagreement level. The speakers largely agree on the importance of the ICC policy, the need for multi-stakeholder cooperation, and the application of existing international criminal law to cyber-enabled crimes. Disagreements are primarily tactical and strategic rather than fundamental, which suggests good prospects for developing consensus approaches while allowing for different implementation strategies based on specific circumstances and institutional capabilities.

Partial agreements

Similar viewpoints

Both civil society representatives emphasize the critical importance of maintaining human rights standards in cyber-enabled crime investigations and prosecutions

Speakers

– Katitza Rodriguez
– Chantal Joris

Arguments

All investigations must respect international human rights law frameworks including necessity, legality, proportionality, and transparency with proper oversight mechanisms

Internet shutdowns and mass surveillance often violate freedom of expression and can exacerbate harms for communities impacted by conflict, though most don’t rise to the level of international crimes

Topics

Human rights | Legal and regulatory | Cybersecurity

Both speakers acknowledge the dual role of technology companies as both essential partners in investigations and potential contributors to the crimes being investigated

Speakers

– Michael Karimian
– Chantal Joris

Arguments

The private sector plays crucial roles in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in cyber-enabled crime investigations

Tech companies often provide services to conflict parties while simultaneously holding evidence needed for prosecutions, creating complex conflicts of interest that must be managed

Topics

Cybersecurity | Legal and regulatory | Human rights

Both speakers see the ICC policy as having significant influence beyond the ICC itself, serving as guidance for national jurisdictions

Speakers

– Kati Reitsak
– Harriet Moynihan

Arguments

National courts can look to the ICC as a beacon leading the way and be encouraged by its systematic approach to cyber-enabled international crimes

The policy represents a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents

Topics

Legal and regulatory | Cybersecurity

Key takeaways

The ICC’s proposed policy on cyber-enabled international crimes represents a groundbreaking initiative that applies existing Rome Statute crimes (genocide, war crimes, crimes against humanity, aggression) to cyber means rather than creating new crime categories

Digital evidence preservation is critical but challenging due to its ephemeral nature – evidence must remain admissible for decades while platforms may delete it through automated systems or compliance policies

Public-private partnerships are indispensable for successful prosecutions, with tech companies providing crucial capabilities in evidence preservation, attribution, and cross-border cooperation

International human rights law must be respected throughout investigations, with concerns about avoiding evidence gathered through abusive surveillance powers

Starting with smaller, less complex cases (like Article 70 administration of justice offenses) would be preferable to establish precedents before tackling sophisticated state actors

Cross-border cooperation and trust between partners are essential, requiring both formal frameworks and personal connections for swift action

The policy will likely have broader impact beyond the ICC, leading the way for national jurisdictions and setting important legal precedents

Resolutions and action items

The ICC Office of the Prosecutor will revise the draft policy based on public consultation comments and formally promulgate it at the Assembly of States Parties later this year

Chatham House will publish a research paper on cyber-enabled international crimes in January to complement the ICC’s work

Microsoft mentioned ongoing work including hiring external third parties for independent assessments and improving human rights due diligence processes

The policy will include language acknowledging potential criminal responsibility of corporate executives based on civil society feedback

Unresolved issues

How to effectively manage conflicts of interest when tech companies both provide services to conflict parties and hold evidence needed for prosecutions

Whether and how internet shutdowns and mass surveillance campaigns could rise to the level of Rome Statute crimes versus human rights violations

How to assess gravity in cyber-enabled crimes context – whether traditional focus on death and physical harm needs to be expanded to include indirect humanitarian consequences

How prosecutors can prove command responsibility via digital traces when forensic labs are destroyed in conflict zones

How to address evidence preservation challenges with smaller gaming platforms and companies that lack sophisticated retention systems

How to build trust with victims and witnesses from different countries who may fear law enforcement

How to preserve human evidence over the decades-long timeframes typical for international crimes prosecutions

Suggested compromises

Platforms should honor public interest exceptions for content with educational, documentation, or newsworthy value even if graphic, rather than implementing blanket takedown orders

Evidence preservation orders should be used for specific investigations rather than mass surveillance or blanket data retention requirements

The ICC should focus on cooperation with vetted civil society organizations and accountability mechanisms for evidence preservation rather than requiring broad platform monitoring

Starting with simpler cases to establish precedents while building toward more complex prosecutions involving sophisticated state actors

Balancing the need for private sector cooperation with recognition of their potential criminal liability through clear policy language

Evidence in this context must last. We are talking about 10, 20, 30 years. A video recorded today might remain courtroom ready for a long period of time, even 20 years from now. One mobile phone clip can expose a massacre and be published on YouTube. An algorithm can delete that proof forever.

Speaker

Katitza Rodriguez

Reason

This comment brilliantly captures the unique temporal challenge of cyber-enabled international crimes – the paradox that digital evidence can be both incredibly durable and incredibly fragile. It highlights how the ephemeral nature of digital platforms conflicts with the long-term nature of international criminal proceedings.

Impact

This observation fundamentally reframed the discussion around evidence preservation, leading other panelists to address the technical and procedural challenges of maintaining chain of custody over decades. It also prompted Michael Karimian to elaborate on Microsoft’s sophisticated preservation capabilities and influenced the conversation about public-private partnerships.

Platforms are being incentivized to delete conflict-related materials on a huge scale… YouTube used a new automatic extremism filter that was purging channels and videos of human rights researchers and journalists documenting Syrian conflicts.

Speaker

Katitza Rodriguez

Reason

This comment exposed a critical unintended consequence of content moderation policies – that well-intentioned efforts to combat extremism can inadvertently destroy crucial evidence of international crimes. It reveals the tension between platform safety measures and justice accountability.

Impact

This insight shifted the discussion toward examining the complex role of private platforms as both evidence holders and potential evidence destroyers. It prompted Chantal Joris to elaborate on the need for public interest exceptions and influenced the conversation about balancing content moderation with evidence preservation.

The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address.

Speaker

Chantal Joris

Reason

This comment identified a fundamental conflict of interest that hadn’t been explicitly addressed – that technology companies are simultaneously potential partners in prosecution and potential enablers of the crimes being prosecuted. It highlights the ethical complexity of public-private partnerships in this space.

Impact

This observation led to direct questioning of Microsoft’s role in conflicts (as seen in Aaron Clements-Hunt’s pointed question about Microsoft’s services to Israeli entities), forcing the discussion to confront real-world tensions between corporate cooperation and corporate complicity. It elevated the conversation from theoretical cooperation to practical accountability.

You know, a good way to start would be, for example, an Article 70 case, so a case about the administration of justice. Somebody hacks the court… Those are easier cases to deal with. And, you know, if it was up to me, you know, a first digital or cyber case would be something fairly modest rather than something enormous.

Speaker

Marko Milanović

Reason

This strategic insight about starting with simpler cases rather than complex state-sponsored cyber operations demonstrates sophisticated thinking about building legal precedent. It shows understanding that the first cases will set important precedents and should be winnable.

Impact

This comment redirected the discussion from theoretical possibilities to practical implementation strategy. It influenced other panelists to consider what types of cases would be most suitable for establishing precedent, with Kati Reitsak agreeing about starting small and other panelists building on this strategic approach.

Most internet shutdowns are human rights violations… However, it is difficult to say, though, that every internet shutdown is a crime for which individuals accrue responsibility at the international level… only a smaller subset of human rights violations in the digital context will actually accrue criminal responsibility directly under international law.

Speaker

Marko Milanović

Reason

This comment provided crucial legal clarity by distinguishing between human rights violations and international crimes – a distinction that’s often blurred in discussions about cyber-enabled harms. It demonstrates the precision needed in international criminal law.

Impact

This clarification helped ground the entire discussion in legal reality, preventing the conversation from expanding too broadly into general human rights concerns. It reinforced the ICC’s specific mandate and helped other panelists focus on crimes that would actually fall under the Rome Statute.

In Estonia you cannot indict anyone unless you have pressed charges and the person has been present to see the charges… the rules in national courts are even sometimes a bit more stricter than in international courts… So I would choose a case where I would have a suspect, like present.

Speaker

Kati Reitsak

Reason

This comment brought crucial practical reality to the discussion by highlighting how national procedural requirements can be even more restrictive than international ones. It shows how cyber-enabled crimes, often committed remotely, create particular challenges for domestic prosecution.

Impact

This observation grounded the theoretical discussion in practical prosecutorial challenges, leading to consideration of jurisdictional issues and the importance of having suspects physically present. It influenced the conversation about which cases to prioritize and highlighted the complexity of cross-border cyber crimes.

Overall assessment

These key comments fundamentally shaped the discussion by introducing critical tensions and practical realities that elevated the conversation beyond theoretical cooperation. Katitza Rodriguez’s insights about evidence preservation and platform incentives forced the panel to confront the temporal and structural challenges unique to cyber-enabled crimes. Chantal Joris’s observation about corporate conflicts of interest created a more honest examination of public-private partnerships, leading to direct questioning of corporate accountability. Marko Milanović’s strategic and legal clarifications provided necessary boundaries and practical direction, while Kati Reitsak’s prosecutorial perspective grounded the discussion in real-world constraints. Together, these comments transformed what could have been a superficial discussion about cooperation into a nuanced examination of the complex, sometimes contradictory relationships between technology, law, evidence, and justice in the digital age.

How can prosecutors prove command responsibility via digital traces if forensic labs are destroyed in conflict zones?

Speaker

Christian Faizili (prosecutor from Democratic Republic of Congo)

Explanation

This addresses a practical challenge where physical infrastructure needed for digital forensics is destroyed during conflicts, making it difficult to collect and analyze cyber evidence for international crimes prosecutions.

How can Article 28 of the Rome Statute apply for foreign officials enabling civil war crimes, and how do we close impunity gaps if it doesn’t apply?

Speaker

Christian Faizili (prosecutor from Democratic Republic of Congo)

Explanation

This explores jurisdictional and legal gaps in holding foreign officials accountable for enabling crimes through cyber means, which is crucial for comprehensive accountability.

What updates will there be to the draft policy regarding accountability for tech executives who may be involved in execution of cyber-enabled crimes?

Speaker

Meredith (Business and Human Rights Resource Center)

Explanation

This addresses the balance between corporate cooperation and corporate accountability, particularly for executives who may facilitate international crimes through technology platforms.

To what extent could cross-border malware campaigns targeted against ethnic groups and diaspora communities rise to the level of Rome Statute crimes?

Speaker

Katitza Rodriguez

Explanation

This explores whether systematic cyber persecution of ethnic groups through malware could constitute crimes against humanity or genocide, requiring further investigation into scope, scale and purpose.

How should gravity be assessed differently for cyber-enabled crimes that may not cause immediate physical harm but have widespread indirect consequences?

Speaker

Implied by multiple speakers (Michael Karimian, Chantal Joris, Harriet Moynihan)

Explanation

Traditional gravity assessments focus on physical violence and casualties, but cyber crimes can cause severe humanitarian consequences through infrastructure disruption, requiring new assessment frameworks.

How can evidence be preserved for 20-30 years in cyber-enabled international crimes cases while maintaining chain of custody and admissibility standards?

Speaker

Katitza Rodriguez

Explanation

International crimes cases take decades to prosecute, but digital evidence is ephemeral and technology changes rapidly, creating unique preservation challenges.

How can smaller technology companies and gaming platforms be better equipped to preserve evidence and cooperate with law enforcement?

Speaker

Implied by audience member and Harriet Moynihan

Explanation

While larger companies have sophisticated evidence handling systems, smaller platforms may lack procedures and training for evidence preservation and cooperation with prosecutors.

How can investigators overcome the challenge of siloed information between different investigative authorities (cyber crime units vs. international crime units) within the same state?

Speaker

Kati Reitsak

Explanation

Successful investigations require cooperation not just between states but within states, as different units may have complementary expertise and intelligence needed for cyber-enabled international crimes.

How can platforms balance content moderation with evidence preservation, particularly regarding conflict-related materials that may be removed as extremist content?

Speaker

Katitza Rodriguez and Chantal Joris

Explanation

Automated content removal systems may delete crucial evidence of international crimes, requiring mechanisms to preserve such content for potential prosecutions while respecting community standards.