WS #190 Judging in the Digital Age Cybersecurity Digital Evidence

Summary

This discussion focused on “Judging in the Digital Age: Cybersecurity and Digital Evidence,” examining how courts worldwide are adapting to function as digital ecosystems where evidence, records, and hearings increasingly exist online. Dr. Naza Nicholas from Tanzania’s Internet Society opened the session by explaining the initiative’s goal to bridge the gap between judiciary systems and internet governance spaces, building on previous efforts since 2022 to bring judges into digital rights discussions.

Judge Eliamani Laltaika from Tanzania’s High Court outlined the five key considerations courts use when evaluating digital evidence: relevance, authenticity, system integrity, chain of custody, and statutory compliance. He emphasized that these principles apply regardless of whether evidence originates domestically or internationally, and noted that everyone creates digital evidence through daily activities like taking photos or using messaging apps.

Professor Peter Swire from Georgia Tech highlighted three critical areas where digital evidence differs from traditional evidence: authentication challenges in verifying identity, maintaining chain of custody through digital signatures and hash functions, and addressing AI hallucinations where artificial intelligence systems may generate false citations or information. He recommended implementing two-factor authentication and systematic verification of AI-generated content.

The discussion addressed significant challenges including spyware surveillance, with Dr. Jacqueline Pegato from Data Privacy Brazil citing cases where surveillance tools were used against activists and even Supreme Court justices. Advocate Umar Khan from Pakistan emphasized the need for balanced surveillance that protects both security and privacy rights, while Marin Ashraf from IT4Change discussed specific challenges in prosecuting online gender-based violence cases, particularly regarding evidence authentication and platform cooperation.

Participants identified critical gaps including outdated legislation, insufficient judicial training in cybersecurity, and the need for better international cooperation frameworks. The session concluded with calls for continued capacity building, multi-stakeholder dialogue, and systematic reforms to ensure courts can effectively handle digital evidence while protecting fundamental rights in an increasingly connected world.

Keypoints

## Major Discussion Points:

– **Digital Evidence Authentication and Chain of Custody**: The panel extensively discussed the five key considerations for admitting digital evidence in courts: relevance, authenticity, system integrity, chain of custody, and statutory compliance. Speakers emphasized the challenges of verifying digital evidence, especially when it originates from different jurisdictions or involves AI-generated content.

– **Cross-Border Legal Cooperation and Jurisdictional Challenges**: Multiple speakers addressed the complexities of handling digital evidence that crosses international boundaries, discussing the need for legal harmonization, mutual legal assistance treaties, and standardized procedures for accessing data from foreign jurisdictions while respecting data protection laws.

– **State Surveillance vs. Individual Rights**: The discussion covered the tension between legitimate law enforcement needs for digital surveillance and cybersecurity measures versus protecting individual privacy rights and ensuring fair trials. The Brazilian spyware case and Pakistani digital rights experiences were highlighted as examples of this ongoing challenge.

– **Online Gender-Based Violence and Platform Accountability**: Speakers examined the specific challenges courts face when dealing with online gender-based violence cases, including difficulties in obtaining digital evidence from platforms, ensuring survivor privacy, and addressing algorithmic amplification of harm.

– **Judicial Capacity Building and Training Gaps**: A recurring theme was the urgent need for specialized training for judges and legal professionals in cybersecurity, digital forensics, AI literacy, and data protection to keep pace with rapidly evolving technology and emerging forms of digital crime.

## Overall Purpose:

The session aimed to bridge the gap between the judiciary and the internet governance community by creating a permanent platform for dialogue and exchange. The goal was to bring judges into the Internet Governance Forum space, break down institutional silos, and equip judicial systems with the knowledge and tools needed to handle digital evidence and cybersecurity challenges in the modern era.

## Overall Tone:

The discussion maintained a collaborative and educational tone throughout, characterized by mutual respect among panelists from different jurisdictions and backgrounds. The atmosphere was constructive and forward-looking, with speakers sharing practical experiences and concrete recommendations. There was a sense of urgency about addressing the digital knowledge gap in judicial systems, but the tone remained optimistic about the potential for capacity building and international cooperation. The session concluded on an encouraging note, with participants expressing commitment to continued collaboration and training initiatives.

Speakers

**Speakers from the provided list:**

– **Naza Nicholas** – Dr. Naza Nicholas Kirama from Tanzania, works with Internet Society Tanzania Chapter, coordinator for the Tanzania Internet Governance Forum

– **Eliamani Isaya Laltaika** – Honorable Dr. Eliamani Isaya Laltaika, sitting judge of High Court of Tanzania

– **Peter Swire** – Professor at Georgia Tech, law professor teaching in the College of Computing, leader of the Cross-Border Data Forum, expert on cross-border data and law enforcement access issues

– **Jacqueline Pegato** – Works with Data Privacy Brazil, a Brazilian NGO focused on digital rights in Brazil and the Global South

– **Umar Khan** – Advocate of the high court in Pakistan, digital rights and defense lawyer, works on cyber cases in Pakistan

– **Marin Ashraf** – Senior research associate at IT4Change (India-based not-for-profit organization), works on online gender-based violence, digital platform accountability, information integrity, and AI governance issues

– **Adriana Castro** – Professor at External University in Colombia

– **Participant** – (Role/expertise not specified in transcript)

**Additional speakers:**

None identified beyond the provided speakers names list.

# Judging in the Digital Age: Cybersecurity and Digital Evidence – Discussion Report

## Introduction and Context

The session “Judging in the Digital Age: Cybersecurity and Digital Evidence” aimed to bridge the gap between judicial systems and internet governance communities. Dr. Naza Nicholas from Tanzania’s Internet Society opened by explaining that this initiative began in 2023 in Japan, building on efforts to bring judges into digital rights discussions and create dialogue platforms between the judiciary and multi-stakeholder internet governance spaces.

The panel included Judge Eliamani Isaya Laltaika from Tanzania’s High Court, Professor Peter Swire from Georgia Tech, Dr. Jacqueline Pegato from Data Privacy Brazil, Advocate Umar Khan from Pakistan’s high court, Marin Ashraf from India’s IT4Change, and Professor Adriana Castro from Colombia’s External University. Dr. Nicholas outlined four key questions the session would address: how courts assess digital evidence, balancing surveillance with privacy rights, handling cross-border digital evidence, and protecting court systems from cyber threats.

## Digital Evidence Assessment Framework

Judge Laltaika established the foundational principles courts use when evaluating digital evidence, emphasizing five key considerations: relevance, authenticity, system integrity, chain of custody, and statutory compliance. He noted that “digital evidence assessment follows the same principles regardless of jurisdiction, with no discrimination between domestic and foreign evidence.”

The judge provided historical context, explaining that digital evidence is relatively new in legal development, beginning in the late 1970s in the United States. He made the discussion relevant by observing that “each one of you is currently creating digital evidence or electronic evidence from the pictures you are taking, from your geolocation, from the voices you are sending over WhatsApp.”

## Technical Challenges and AI Concerns

Professor Swire highlighted critical differences between digital and traditional evidence, particularly around authentication and chain of custody. He emphasized that two-factor authentication is significantly more secure than password-based systems and that digital signatures using mathematical hash operations can prove document integrity.

Swire raised concerns about AI-generated content, providing a specific example: “We know that AI can have hallucinations. We’ve seen law cases in the United States where a lawyer just put in a question to the AI system and got back case citations that were not true. They made them up.” He recommended systematic verification of AI-generated content, suggesting judges sample-check citations when full verification isn’t feasible.

## Surveillance and Privacy Rights

Dr. Pegato presented concerning examples of spyware surveillance tools being used against activists and Supreme Court justices in Brazil. She argued that “when surveillance happens outside transparent legal frameworks, courts are sidelined and unable to guarantee fundamental rights they are tasked to protect.” She emphasized that spyware tools “move way beyond traditional investigative methods, such as telephonic interceptions” and require strict judicial oversight.

Advocate Khan offered a different perspective, acknowledging that “surveillance is necessary for cybersecurity but must balance legality, proportionality, and transparency while protecting constitutional rights to privacy and dignity.” This highlighted different approaches to surveillance regulation across jurisdictions.

## Online Gender-Based Violence Challenges

Marin Ashraf addressed specific challenges courts face with online gender-based violence cases. She explained that “digital evidence in online gender-based violence cases often fails to meet burden of proof due to authentication certificate difficulties and lack of platform cooperation.” Her research in India found that “in many cases, even if the prosecution fails to even submit digital evidence, and the main barrier here comes from the lack of cooperation from the digital platforms.”

Ashraf emphasized that courts must understand how platforms and algorithms can amplify harms against survivors, arguing for “ecosystem-level changes in sensitisation and inclusive policies for handling online violence cases.”

## Cross-Border Evidence and Jurisdictional Issues

The panel discussed complexities of handling digital evidence crossing international boundaries. Judge Laltaika noted that “international collaboration mechanisms are necessary for data exchange and extraterritorial expertise in cybercrime cases.” Professor Castro raised practical concerns about “notification and contact information procedures present ongoing challenges in data protection investigations.”

Dr. Nicholas emphasized that “legal harmonisation across jurisdictions is needed to handle digital evidence uniformly and share best practices from diverse legal systems,” highlighting the need for standardized procedures accommodating the borderless nature of digital evidence.

## Judicial Training and Capacity Building

A recurring theme was the urgent need for specialized training. Judge Laltaika acknowledged that “many courts still operate in physical form without understanding digital evidence, creating risks of wrongful convictions.” He advocated for “capacity building programmes should invite judges to forums and designate specific training programmes.”

Dr. Pegato reinforced this, stating that “judges need continuous specialised training in cybersecurity, digital forensics, and data protection to address knowledge gaps.” Advocate Khan noted that “legal frameworks need updating as outdated laws from 2015 cannot adequately address 2025 digital crimes.”

## Cybersecurity for Court Systems

The discussion revealed different approaches to protecting judicial systems from cyber threats. Professor Swire advocated for courts having independent backup systems, arguing that “courts need backup systems and offline storage to protect against ransomware attacks that could lock up judicial files.”

Judge Laltaika presented an alternative view, suggesting that “courts can leverage government data centres for security standards rather than operating in isolation.” He explained that “the judiciary does not operate in silo… we are part of the government. So the standard of security that applies to records of parliament or state house applies to the court as well.”

## Data Protection in Legal Proceedings

The panel addressed balancing transparency in legal proceedings with privacy protection. Dr. Pegato noted that “Brazil has constitutional right to data protection and comprehensive LGPD law but lacks criminal data protection framework,” highlighting legislative gaps even in jurisdictions with advanced privacy laws.

Professor Swire mentioned practical solutions such as protective orders for handling sensitive information, while Professor Castro reinforced the complexity of these issues in cross-border contexts where different privacy regimes must be reconciled.

## Key Implementation Challenges

Several critical challenges emerged from the discussion. Platform cooperation remains problematic, with companies often unresponsive to law enforcement requests for digital evidence. Resource constraints limit courts’ ability to develop comprehensive cybersecurity infrastructure, particularly in developing countries.

Authentication certificate difficulties create barriers to justice access, especially when complainants lack computer resources. Outdated legal frameworks struggle to address rapidly evolving digital crimes and technologies, creating persistent gaps between legal capabilities and technological realities.

## Proposed Solutions

The panel identified concrete steps for addressing these challenges. Continuing dialogue between multi-stakeholder communities and judiciary through IGF sessions was seen as essential. Developing technical and legal standards for digital chain of custody, including metadata preservation and authentication layers, emerged as a priority.

Establishing systematic training programmes for judges in cybersecurity and digital forensics through judicial academies was universally supported. Creating multi-stakeholder dialogue platforms among courts, technologists, civil society, and policymakers was identified as crucial for collaborative solutions.

Updating legal frameworks to address contemporary digital crimes and implementing cybersecurity protocols for courts were emphasized as urgent needs.

## Conclusion

The session successfully brought together diverse stakeholders to address common challenges courts face in adapting to digital evidence and cybersecurity threats. While speakers represented different legal traditions and perspectives, they shared recognition of the urgent need for judicial capacity building, proper digital evidence procedures, and balanced approaches to surveillance and privacy rights.

The discussion established a foundation for ongoing collaboration between traditionally separate communities, demonstrating that technological challenges create opportunities for judicial reform across diverse legal systems. The commitment to continued dialogue and capacity building provides a pathway for ensuring justice systems can effectively serve populations in an increasingly digital world while protecting fundamental rights.

Naza Nicholas: Thank you so much, and you’re welcome to this session, Judging in the Digital Age, Cybersecurity and Digital Evidence. And we are on Channel 5. If you would take your equipment and turn it on, put it on Channel 5. Today we have a number of speakers from various jurisdictions in terms of our IGF, you know, segments. And can I have this slide, please? Thank you. My name is Dr. Naza Nicholas Kirama from Tanzania. I work with Internet Society Tanzania Chapter, and I also double up as the coordinator for the Tanzania Internet Governance Forum. And today we are going to have a very good session on Judging in the Digital Age, Cybersecurity and Digital Evidence. And why are we here? We are here because courts globally are now digital ecosystems, and evidence records and even hearings actually exist online. Digital evidence is central to more than cases, mobile data, emails, metadata, surveillance footage, blockchain logs, AI-generated content. We have things like… Welcome to the session on digital rights online. We have been working tirelessly since 2023, 2022, to bring the judiciary, especially judges, to the Internet Governance Space, and it started in 2023. In Japan, we had a session called Judges on Digital Rights Online. And the goal is to break the silos, to link judiciary with the Internet Governance Space, and to create a platform for dialogue and exchange. We are working with experts, technologists, and policemakers, and not forgetting the regular Internet users. This session builds on the momentum by creating a permanent platform for dialogue and exchange. We are not just talking tech, we are reshaping the judicial culture for the future. We hope to strengthen the social Islam dynamics in the world and reach different levels of accessibility of the electronic device, in the regulatory commission, in opposing and expressing an open commentary in the district. In January, we launched a new report on cybersecurity in the IQ and we are trying to structure this report. How do we protect institutions? That is question number three. AI and justice. Can we trust machines, machine learning in evidence analysis or sentencing? Question number four. Training gaps. Judges need continuous specialized training to keep up with emerging tech and things like AI. The next slide is about our vision. We need to continue to be resilient, digitally literate, to have those in the judicial system. We need to build legal harmonization across jurisdictions to handle digital evidence uniformly. Share best practices from diverse legal systems. Civil, common, and hybrid traditions. And also develop capacity building programs, cyber law, data protection, digital forensic, and AI literacy. Also we foster collaboration between judiciary, civil society, tech developers, and also empower courts not just to catch up, but lead in shaping responsible digital justice. With that introduction, now I take this whole burden to the Honorable Dr. Eliamani Laltaika from the High Court of Tanzania. And the issue of the whole of this that I have been able to talk about. Honorable Eliamani, as a sitting judge of High Court in Tanzania, Are your courts currently addressing challenges related to admissibility of digital evidence, especially when such evidence originates from outside your jurisdiction or lacks clear standard for authentication?

Eliamani Isaya Laltaika: Thank you very much, Dr. Naza. First and foremost, my appreciation to the IGF Secretariat for their willingness and continuous support to engage the judiciary in this very important part of the 21st century legal process. Before I answer your question, Dr. Naza, I would like to kind of unpack some of these concepts. From a legal point of view, cyber security, these processes, legal, policy, economic, social and even diplomatic processes are to keep the cyberspace safe for all users, including children, people with disability and across regions. So that is the whole concept of cyber security is to ensure that the cyberspace is safe for all of us to use. And digital evidence, also known as electronic evidence, this is now the information with probative value presented to a court for a judge to consider in making a decision whether something has happened or has not. And digital evidence or electronic evidence is a newcomer in the development of law and judiciaries all over the world. It started in the late 70s in the U.S. Before that, only hard copies were used to prove something that has happened or not. When courts consider whether to admit evidence or not, there are usually five considerations. And this doesn’t really distinguish whether that piece of evidence is from one’s jurisdiction or it’s from some other country. Number one, relevance. I would ask counsel who is addressing me or I will use my own conviction to judge whether a certain piece of evidence is relevant to the case I’m addressing. If it doesn’t, it’s not relevant, however impressive it is. Number two, authenticity. The evidence must be shown to be what it purports to be. If you are telling me this is a video of someone stabbing a knife on some innocent passerby, I should be able to know that that is actually what is being done. It’s not a cartoon that has been curated. Number three, integrity of the system. I should be able to verify the system from which that video was extracted or that piece of paper or that email was printed out. Number four, chain of custody. I should know who took care of that piece of evidence. How many hands did it change through before it came to my court? And finally, and this is a little bit technical, I would check whether it complies with the statutory requirements. I would like to focus on the evidence of my own country. Every country has its own legal system, its own precedent, its own way of judging evidence. So if a piece of evidence passes that process, there is no discrimination whether it is from my jurisdiction or not. And I would only say that people thought these are only things from the movie, but I can say that these are actual things that are happening. And each one of you is currently creating digital evidence or electronic evidence from the pictures you are taking, from your geolocation, from the voices you are sending over WhatsApp. Everything, the meta tags can be used to authenticate that so-and-so was in Norway at this date and this is what he did. Everything you are doing, from shopping online to walking into a casino, that is actually building some sort of a digital evidence ecosystem. What does this mean in practice? It means cyber security law is much, much, much beyond what many people consider criminal. Law, as I said two years ago in Japan, is not only about punishing people. There are so many roles of the law and I will conclude by this, that law can play a punitive role. So-and-so has done something wrong and must be punished. Law can play a facilitative role.

Naza Nicholas: Can you hear us?

Peter Swire: Can you hear me right now?

Naza Nicholas: Yes, we can hear you loud and clear. If you can spend one minute to introduce yourself.

Peter Swire: and the background. Yes. Okay. And I don’t know if the video is working. Maybe it doesn’t work. Oh, there it goes. Okay. Hello. I’m in Spain today. My name is Peter Swire. I’m a professor at Georgia Tech. My background is a law professor, but I teach in the College of Computing, so I work on these issues. I also work on these issues as the leader of the Cross-Border Data Forum, where we do a lot of research on issues of data going across borders, especially law enforcement access. So that’s a little bit of my background. Is there a specific question you’d like me to address?

Naza Nicholas: Yes. The question I have for you, professor, is what are the key principles or methodologies that judges and lawyers must understand to critically assess the reliability and chain of custody for digital evidence, especially when it is presented through automated or AI-generated tools? You have five minutes.

Peter Swire: Yes, and I’ll try to stay within the time. So first of all, thank you for including me here today. I’m teaching in Spain this summer, and I feel honored to get to participate in this panel. I will turn to your question with just a little bit of background first, because we have resources at the Cross-Border Data Forum that talks about issues of government access to data across borders, such as the Budapest Convention and how to compare it to the new UN Cybercrime Convention. So we have a very recent study on the Cross-Border Data Forum about this. We’ve also written about how regional conventions, such as in Africa, might be useful for having governments get access to law enforcement requests that exist in other countries, because without that access, the United States has a blocking statute, and it’s hard to get the content of email communications for the judges. So that is background. I would like to emphasize three areas where the digital evidence issues are different. But first, I’ll tell you how much the digital issues are the same. So listening to our distinguished judge just now, his principles for evidence, including relevance and dependability, are the principles of evidence that existed before the Internet happened in a very large extent. And so each country has its own. You’ve always faced the problem that maybe this piece of paper has a fake signature on it. Now it might be a fake document electronically, but it’s been the same problem for judges since forever about whether to believe the evidence that comes into court. So for the three things I’d emphasize, the first is authentication. Somebody might say that they are writing from a police agency or a prosecutor’s office, but in fact, they’re faking it. They might be from some other place. And so and this was mentioned by the judge. And so the first thing to trust in evidence is that you’re dealing with the right party, that is the right person sending you the data. And in a world now where passwords can be broken many times, the standard good technology is to have what’s called two factor authentication. And many of you have used this where you log in with a password, then they send you a code and you send the code. And that’s much harder to fake than than simply a password based system. So that’s the first thing, some some confidence you’re dealing with the right people for authentication. The second question is chain of custody and whether you believe the document that came from Alice is the same document that’s received by Bob. And we have well-established procedures, what are called digital signatures. And the basic idea is Alice sends a document and they do a mathematical operation on it called a hash. And this unique number that emerges on the far end. And if even one sentence or one word in the document is changed, the hash of the document changes. And so these digital signatures are a mechanism to prove what left from Alice is the same thing received by. Bobb, such as the court system. And so systems of digital signatures are very important. The third question that’s come up more recently is what about AI? And we know that AI can have hallucinations. We’ve seen law cases in the United States where a lawyer just put in a question to the AI system and got back case citations that were not true. They made them up. Because AI and large language models use predictive technology, not definite technology, when they are trying to send evidence. And so when you receive a set of documents that have been generated by AI or might have been generated by AI, should you believe all the citations? And there’s no perfect answer to this, but one answer to this is to double check the citations. Maybe if you have time, you double check all of the citations. You go to the link in the page and make sure it says what they say it says. And that’s something, when I worked with a judge as a clerk, we did already. We checked to make sure the lawyers were giving us a proper citation. But if there’s too many citations to check in this way, maybe you do a sample. Maybe you try 10, or you try 50, or whatever the number is, and start to see whether you have any fake citations come in. So I think what I’m emphasizing for today is, in many ways, the problems are the same judges have had since forever. But we have to be sure about authentication. Is this really the person? We have to have some assurances on chain of custody and authenticity, and that’s digital signatures. And we have to worry about hallucinations in AI. And that means checking the sources, because otherwise it might be a fake citation that you don’t trust. So I’ll stop there. Thank you very much.

Naza Nicholas: Thank you, Professor. Now we have learned that there is a definitely predictive and definitive citations and all that. And that is why we are bringing the whole court system into the IGF. I want to now go to Dr. Jacqueline, who is here with us. And Dr. Jacqueline, if you would spend the next one minute to introduce yourself and then I will do a question for you.

Jacqueline Pegato: Of course. Thank you so much for having me. My name is Jacqueline Pegato. I’m with Data Privacy Brazil, a Brazilian NGO working with digital rights in Brazil and also in the Global South. It’s a pleasure to be here. Although I’m not a lawyer, I’ll try my best to address your question.

Naza Nicholas: Thank you so much, because we are a multi-stakeholder driven body of the United Nations, the IGF. Now I receive the order from the judge for every speaker to stay within five minutes. Thank you, Professor, for staying within five minutes. It was actually around 3.43 minutes. Now, Dr. Jacqueline, with the rise of things like spyware, the state surveillance tools being used in the name of national security, how should the judiciary respond when such technologies are used together with evidence? What role do courts play in safeguarding rights while navigating cases where surveillance methods themselves may be legally or ethically contested?

Jacqueline Pegato: Thank you. I think I’m going to first bring the concept of spyware for those who are not familiar with it. But I think most of us know by now that spyware refers to surveillance technologies used to secretly extract data from personal devices and networks, often without the user’s knowledge and with minimal legal oversight. So while presented as legitimate tools in the context of national security or law enforcement, these tools are increasingly being used in ways that erode democratic institutions. that I think exemplifies this threat. First Mile, a spyware tool, was deployed by intelligence officials to surveil targets that ranged from activists to Supreme Court justice themselves. So it is a paradigmatic case that stresses the most salient features of this type of surveillance. But it’s only one example in a broader context of lack of oversight. This incident reveals a structural problem. When surveillance happens outside transparent legal frameworks, courts are sidelined and unable to guarantee fundamental rights they are tasked to protect. And in the Brazilian context of use of spyware by the state, there is a Supreme Court case pending in which the regulatory gap that allows for the current state of things is being challenged as unconstitutional. In this case, we argue that the use of different spyware for surveillance by the state should be ruled unconstitutional, since even in possible legitimate contexts of criminal persecution and law enforcement, the nature of how they work and their affordances move way beyond traditional investigative methods, such as telephonic interceptions. Taking advantage of vulnerabilities found in other platforms and networks. resulting in a level of intrusion that is difficult to justify under democratic parameters. However, even if the entire system is not ruled unconstitutional, we are requesting that strict criteria be established for the use of spyware, analogous to the existing regulations for other cases of breach of confidentiality, particularly the requirements of prior judicial authorization and adherence to similar strictness as in other situations of confidentiality breach, the constitutional interpretation of communication confidentiality updated to contemporary standards of intrusiveness, the inclusion of mechanisms to respect the chain of custody, the individualization of subjects subjected to intrusion procedures, and the development of other parameters compatible with the constitutional order. So I’ll stop here now. Thank you.

Naza Nicholas: Thank you, Dr. Jacqueline. That was very informative. And I’m very glad that you could do this submission. Now I go to Advocate Umar Khan from Pakistan. If you can introduce yourself first.

Umar Khan: Thank you so much, Dr. Nazer. Thank you so much, IGF, and the new trick into this IGF somehow following from the last two IGF. This is Umar Khan from Pakistan. I’m basically a high court lawyer and working on the digital rights, dealing cyber cases in Pakistan, which is a bit new thing in Pakistan. Onward, we are having our first national law from 2016 Prevention of Electronics Crime Act. So this is from my side. Yeah, Dr. Nazer. Thank you so much, Umar Khan, advocate of the high court in Pakistan. You have a vast experience as a digital rights and defense lawyer. How do you see the balance between state surveillance for cybersecurity and the individual’s right to fair trial, particularly when digital forensics are used to prosecute cybercrime? Very important question. I think there are two questions within one question, digital forensics and digital surveillance. Basically, to prosecute a digital crime or a cybercrime, it is very much important. Digital surveillance is the same as the government or the state is looking after the general public. Also in the digital world, when the world has become a globe, on just one click there are certain issues related to the people, general masses, are also arising at the same time. So I believe that surveillance is a key. Without it, you cannot go with the internet. Everybody will be doing their own job. Everybody can do a crime. So surveillance is just to monitor, track and collect data. But the main thing is the key, the balance, that how they keep the balance, look into the principle of legality, professionality and with that the transparency. That if the surveillance they are doing, the state agencies are doing, whether it is protecting the rights of the people, along with that, is this not violating the right to privacy, the right to dignity, which are the constitutional rights given to the humans, to the citizens, by the law, by the constitution, or by the Universal Declaration of Human Rights. So I believe that surveillance, data collection, and all these things are important but how the data collected from the end user are protected because we have seen in the world that on the state level the data of the user have been shared so I believe that this is very important. The second one that the important thing is the digital evidence in forensic so by the end of the day if a crime has been committed it is the evidence that has to prove whether the crime has committed or not. The way the professor and the honorable judge has mentioned that the chain of the custody the evidence that reached the court that is very much important and without forensic it is not possible to prove whether it is to be proved in the way that the evidence that has been collected is according to the law is it following the SOPs whether the forensic the legality of the evidence so I believe that whenever it is happening you are prosecuting a crime you are collecting evidence it has to follow the standard of a digital forensic in a way that it has been proved because forgery is very much important is very much easy now AI has become a tool that can create hurdles for the people so it is the state that should ensure the standard of the digital process in the way that a crime that has committed should be prosecuted in a way that the right to a fair trial has not been violated which is very important this is from my side.

Naza Nicholas: Thank you so much I appreciate your intervention and now I go to Marin Ashraf she’s a tech research policy researcher and I would like to ask you to to use the next one to to introduce yourself and that will be followed by a question

Marin Ashraf: yeah thank you Dr. Nasir. Hi everyone my name is Marin and I am a senior research associate at IT4Change which is an India-based not-for-profit organization working at the intersections of digital technology and social justice. My core area of work includes working on online gender-based violence and legal and policy responses to it, digital platform accountability, information integrity, and AI governance issues. Very happy to be here and to share the space with the esteemed panelists.

Naza Nicholas: Thank you so much, Marin. I know you are doing a fantastic job of research and informing the community. Your work experience explores the intersection of tech and governance and social justice. From a feminist legal and policy perspective, how can judicial systems be better equipped to handle cases of online gender-based violence and platform-related harms, especially when evidence is embedded within opaque algorithms and transnational digital ecosystems?

Marin Ashraf: Thank you, Dr. Nasir. To answer that question, I would like to first briefly share some insights from my research that IT4Change, the organization that I work with, undertook on judicial approaches to online gender-based violence cases in India. The challenges that are commonly encountered in prosecuting such cases, especially the digital evidentiary issues. Online gender-based violence is typically dealt as a criminal offense in India under the General Penal Code and the Information Technology Act. As with any criminal offense, it becomes crucial to prove the guilt of the accused person beyond reasonable doubt. In our study, we found that in several cases of online gender-based violence, it unfortunately failed to meet the high burden of proof that is required because of difficulties in bringing in expert testimony, relying on witnesses, and ensuring the admissibility of digital evidence. So under Indian law, digital evidence will be admissible under two conditions. Either it has to be if the original computer source in which the evidence is recorded is produced, and in which case it’s a primary evidence, or if the copies of the electronic record are produced, in which case we need a certificate of authentication. And in our research study, we found that in many cases the court tend to dismiss the digital evidence because of lack of authentication certificate. And the issue is that it’s very difficult to sometimes obtain the authentication certificate, especially if the complainant doesn’t have access to the computer resource, or in many cases they might have applied to obtain the certificate, but it is not issued, or they may not be aware how to get the authentication certificate. So in such cases, the court tend to dismiss, of course, because of concerns of authenticity. And that means depriving a crucial piece of evidence, which might only be the single evidence in many cases, and thus depriving access to justice for the survivors. Now another issue is that in many cases, even if the prosecution fails to even submit digital evidence, and the main barrier here comes from the lack of cooperation from the digital platforms, like social media platforms, in responding to requests from law enforcement agencies to provide information. Despite the police asking for information from the social media platforms or from telecom service providers, sometimes there’s a delay in responding to it. And another issue with respect to digital evidence is the threat to privacy. Because in many cases, the evidence and other materials and the devices has to be submitted to the state or the police, and there have been concerns of manipulation or leaking to the accused side. So there is significant threat to privacy in that regard, the chain of custody, in preserving the chain of custody. Now, apart from the digital evidentiary issues, I also wanted to touch…

Naza Nicholas: If we were to come up with one red flag, judges should look for a digital forensic report. What would that be?

Peter Swire: Well, I hadn’t prepared that question.

Naza Nicholas: Yes.

Peter Swire: I thought you might ask of one piece of advice to judicial systems that they would do. Yes. And I want to mention the problem of ransomware, which is the possibility that a bad actor will try to lock up the files of a court system so that the judges and the courts lose access to the files. And when I teach my cybersecurity class, I say to people, for ransomware, the most important thing is to have some offline backups of your records, if at all possible. And you also have to protect your backup system from attack, because the bad guys try to get into your backup system. We have seen a lot of, in the United States, state and local governments get hit with these attacks. We have seen court systems get hit with these ransomware attacks. And having a good backup, where you can go back and get everything the way it was yesterday, that’s a huge help if you’re able to have that kind of technical backup in place. You asked about red flags. I think that the thing I would worry about is whether somebody on the other end of the line is really who they say they are, right? We know in our personal lives that we think we might be talking to somebody on social media, and it’s somebody else. And so finding some way to have a channel to communicate with them, and a second channel to make sure they are who they really say they are, that kind of two-factor thing is important, because otherwise you might be getting evidence from somebody who’s not even the right person.

Naza Nicholas: Thank you, Professor. Now I go to Dr. Jacqueline. I know you are not a lawyer, but we are all, you know, in some way or somehow we’ll be ending up in court. So what would be your suggestion or recommendations on spyware? If you could spend like one minute to respond to that.

Jacqueline Pegato: Sure. Thank you for the question. We have in our project, Data Privacy Brazil, we are developing some key recommendations on the research. And just to also clarify that I spoke about the Brazilian case, but we also, this is not an exclusive view of Brazil. We have cases in Colombia. We have a very important precedence in the US with the Pegasus and the ruling ordering to damages to META. But yeah, let me say some recommendations we are working on in terms of, I think we have four recommendations, key recommendations, I would say. The first one is to develop technical and legal standards for the digital chain of custody, including metadata preservation, access logs, authentication layers and independent audit trails. The second one would be trained judges and legal professionals in cybersecurity, digital forensics and especially data protection. The digital knowledge gap within our courts is a risk we can no longer afford in this scenario. The third recommendation would be to equip courts with cybersecurity protocols and contingency plans to strengthen institutional resilience against cyber threats, including unauthorized access to judicial data. And last but not least, of course, promote multistakeholder dialogue among courts, technologists, civil society and policymakers. I think judicial systems must evolve collaboratively to meet these realities we are talking about here. So thank you.

Naza Nicholas: Thank you so much. Marin, can you share one way courts could be more responsive to survivors of online violence? If you could put that in one minute, I think it would be very short and clear.

Marin Ashraf: Yeah, sure. I’ll try. So I think one of the important ways, as I said in my previous intervention, that it’s very important to understand the online public sphere itself and how the unique vulnerabilities that people face in the online sphere, especially also the role of the platforms and the algorithms in amplifying the harms. Secondly, it’s really important for the courts to uphold the right to privacy of the survivors in cases of OHV.

Eliamani Isaya Laltaika: using a computer system while in a plane or a ship registered in Tanzania, the law will catch up with you. So to be able to exchange data and get, you know, extra territorial expertise, one must be able to collaborate. And I’m seeing a positive development within the East African community where there are initiatives to empower judges and the legal fraternity to borrow a phrase from my panelist here on how to really get into the 21st century well-equipped with protecting citizenry. Thank you.

Naza Nicholas: Thank you, Dr. Judge. Uma, I know from the legal perspective serving the civil society, what do you think should be the legal safeguards that are of most urgent to protect, you know, defendants in digital crime cases?

Umar Khan: Very important question. There’s a principle the honorable judge will know that innocent until proven guilty. So a person is innocent until he is proven guilty. So there are certain challenges which are often faced by the defendants in the digital crimes. And I will just mention a few of them. One of them is like updating outdated law legislations because every day new thing is happening in the digital world. So with this, a law passed in 2015 cannot be brought in 2025 because digital crimes are…

Participant: case in Ecuador and would like to know your perspective. I don’t know if it will be contempt of court, but Ola Bini is a digital rights defender, has been facing a political judicial case in Ecuador since 2019. His case illustrates the risks of misusing digital evidence in judicial proceedings. In his trial, the prosecutor’s office used a simple photograph which showed the connection from an unverified user to an IP to support an alleged attempt to gain unauthorized access to a state telecommunication system. Marta says, commonsensically, that a single photograph is not in itself evidence of a digital crime. So Marta wants to know, in addition to the need for digital forensics, what other protocols must be in place to ensure that alleged digital evidence

Peter Swire: Okay. There’s many good possible first steps, but one thing is to have backup so that you don’t lose the court records. And that’s what I said about ransomware. So now, even in a resource-constrained place, digital storage is relatively inexpensive. And if you lose all the records because of a cyber attack, now you have a very hard time doing your judging. But if at least you have the records saved, then you can start again tomorrow and have a good chance to have a fair trial.

Eliamani Isaya Laltaika: Thank you very much. To share a practical experience from my country, we have our slot in the data center. So the judiciary does not operate in silo, like it has its own way of preserving. No, we are part of the government. So the standard of security that applies to records of parliament or state house applies to the court as well. So we do not foresee anyone easily targeting the judiciary and succeeding because you are targeting the heart of the government.

Naza Nicholas: Thank you, Judge. I saw a hand and then there’s another hand over here. If you can be on the mic. So do we have to take all the questions and then we’ll respond at once? Yes, as they come.

Adriana Castro: Yes. Hi, my name is Adriana Castro. I’m a professor at External University in Colombia. And I would like to raise an additional issue. A moment before the digital evidence, the contact information and notification. The Ibero-American data protection network composed of data protection authorities recently published an open letter to the companies accountable on data processing. It’s an open invitation directed to the companies which massively process

Eliamani Isaya Laltaika: The goal of cyber security is to ensure that the cyberspace is safe for all users, including people with disabilities and even children. With progressive data protection laws, there are ways that judges are instructed to ensure in-camera hearing.

Peter Swire: So in the United States, we have a law about medical privacy that’s called HIPAA, which I worked on when we created it. And it has a mechanism for what they call qualified protective orders. So one possibility is only the judge looks at the evidence, the sensitive evidence in camera, just the judge. Another possibility is they close the courtroom just for the medical information so that both parties see it. And both of those are allowed by the judge to create a protective order around this very sensitive information. So there’s a model for that that you can find easily online if you look for it for qualified protective orders.

Naza Nicholas: Thank you so much. I see, I don’t see, is there any question from online? Okay. Thank you so much. And now I go to, is there anybody? There was a lady who asked the question, I think.

Eliamani Isaya Laltaika: That was not responded. I just wanted to say a sentence or two from the lady, a professor from Colombia. There are current ongoing UN mechanisms to ensure that country laws are not too restrictive. So there are diplomatic processes to collaborate and ensure that data flows easily for purposes of conviction and adducing evidence. At the moment we are

Naza Nicholas: Eliamani, today we have participated in this judging in the digital era, cyber security and digital evidence. If you look at the way you have interacted with the audience, the questions that they have brought to the panelists, what would be your parting shot today?

Jacqueline Pegato: I’m going back to Brazil because it’s the context that I know. In Brazil we have the right to data protection as a constitutional right. This happened in 2022 and I think it was a great victory. We also have a comprehensive general data protection law, we call LGPD, that is in place also with an independent data protection authority. But we still don’t have a criminal data protection framework. So I think that’s an important gap to address. And I think all of the questions and discussions that we raised here today could share this concern of having this framework to fight against private related crimes and also these weaknesses of the judicial system, their ability to handle cyber crime effectively. So this gap in Brazil has been identified and debated in some legislative reform efforts, including the reform of the Brazilian Code of Criminal Procedure and some specific advocacy efforts, but no law has been approved so far. So I think that’s one development that we still have to fight for.

Naza Nicholas: Thank you, Dr. Jacqueline. Marin, the same question goes to you also. Just in one minute, if you can give your parting shot, what would you like to see in the future?

Marin Ashraf: Speaking from the perspective of the area of work that I work in that is online gender-based violence, I think court should be safe spaces for women and other survivors of online violence that are seeking justice. It’s very important that criminal justice system undertake ecosystem level changes in sensitization and inclusive policies and equip judges and law enforcement to deal with online violence cases in a sensitive and rights respecting manner. At the same time, it’s also important to update our laws to reflect the current realities and to to even to recognize newer forms of violence like gender trolling or gender-based hate speech, doxxing. So not all jurisdictions have yet recognized. So the changes at the legislature levels are also crucial for the judiciary to work effectively in this case. Thank you.

Naza Nicholas: Professor Peter

Peter Swire: Yes, thank you very much and thank you for being able to participate remotely in this very well organized session today. What I want to come back to the data protection point that’s come up a couple of times. So the cross-border data forum we created seven years ago, and it has stated goals in the website. One of them is that government should get access to data when there’s a legitimate government need. You know, there’s an actual crime. Maybe there’s a warrant with a judicial court order. On the other hand, we also have to have privacy and data protection happen when these requests come in. So imagine if you’re a company or imagine if you’re a court and there’s a request from some other country and you don’t know the practices there. Maybe it’s a request for data that’s really to stop political dissent. Maybe it’s illegitimate and not protecting data protection rules. And so our work has been for seven years to try to figure out how do we have correct access when it’s criminal and there’s the right showing. How to have privacy and data protection when those rights need to be upheld as part of the system. And how can we make it workable so that the people who hold the data know what their responsibility is.

Naza Nicholas: What will be your parting shot today?

Eliamani Isaya Laltaika: My parting shot actually is just to say thank you to the many people, especially the civil society, fraternity, who are doing a fantastic job to ensure that there is capacity building for judges. My colleagues here from India and from Brazil, even from Pakistan, have highlighted that there is this knowledge gap. It’s true that some of us are not aware of some of these developments in the cyberspace. You can find a court that is still in its physical form, and if you ask someone about digital evidence, that is the hardest question you can ask. But we can generally narrow the gap by ensuring that we invite judges to some of these fora. We designate programs for capacity building, and many of us will attend. We will not stay in courts only to wait to convict someone wrongfully because we don’t know the law or we don’t know just a bit of science. So thank you very much, Dr. Naza. You have been a trailblazer in Tanzania. That’s how you got me out of my chamber to travel with you many places to try and learn, and I can assure you that what you are doing is making a difference, not only in Tanzania but across the continent and some other parts of the world. Thank you.

Umar Khan: Thank you so much, Dr. Nazer. And I believe this is for the second time I’m sitting with the people from the Sambi ground or the relevant background towards the legal or judiciary track. So I believe it should be continued by the end of the day. Crimes are happening, and it is the courts, the prosecutors, the lawyers, and the agencies who are going to handle these cases. And as mentioned by the Honorable Judge, High Court Tanzania, that the capacity building of the judges are very important. They should not just sit in the courts. It is very important. And I’m happy that from the last time when we sit in the Saudi, when we go back home, we just tried to have a training for the judicial academy of my province. Unfortunately, that didn’t happen because of the timing in the Ramadan. But I’m hopeful that this time when I go back home, we are having some judges to be trained, inshallah, and we will be looking into your support. Thank you once again.

Naza Nicholas: Thank you so much. Is the professor from Columbia still around? If you have one minute for your parting shot. If you have anything to say, one minute.

Adriana Castro: I would say just that there are still a lot of challenges in Columbia. We have the main challenge of notification. I mentioned something about data protection investigations, but also in human rights procedures, we have a specific issue on notification. So that’s one of the main capacity building areas that we will look forward. Thank you very much.

Naza Nicholas: Professor, I think I’ll keep in touch. Thank you, ladies and gentlemen, for attending our session. We have come to the end of our session. Thank you so much for your contribution, and thank you so much for listening. And one of our goals of our session is to bridge the divide between the multi-stakeholder and the judiciary, to make sure that we inform and transform the judiciary to become the better institution and get the judiciary out of their silos so we can make justice better for every single one of us. Thank you so much. So if we can come for a picture, for a photo. Thank you so much. Thank you so much.

Agreement points

Need for judicial capacity building and training in digital technologies

Speakers

– Eliamani Isaya Laltaika
– Jacqueline Pegato
– Umar Khan

Arguments

Many courts still operate in physical form without understanding digital evidence, creating risks of wrongful convictions

Capacity building programs should invite judges to forums and designate specific training programs

Judges need continuous specialized training in cybersecurity, digital forensics, and data protection to address knowledge gaps

Legal frameworks need updating as outdated laws from 2015 cannot adequately address 2025 digital crimes

Summary

All speakers agreed that there is a significant knowledge gap in the judiciary regarding digital evidence and emerging technologies, requiring systematic capacity building programs and continuous training to prevent wrongful decisions and keep pace with technological developments.

Topics

Capacity development | Legal and regulatory

Importance of proper digital evidence authentication and chain of custody

Speakers

– Eliamani Isaya Laltaika
– Peter Swire
– Jacqueline Pegato
– Participant

Arguments

Courts must verify five key considerations for digital evidence: relevance, authenticity, integrity of system, chain of custody, and statutory compliance

Authentication requires confidence in dealing with the right parties, with two-factor authentication being more secure than password-based systems

Digital signatures using mathematical hash operations can prove document integrity from sender to receiver

Technical and legal standards must be developed for digital chain of custody, including metadata preservation and independent audit trails

A simple photograph showing IP connection is insufficient evidence for digital crimes without proper forensic protocols

Summary

Speakers unanimously emphasized that digital evidence requires rigorous authentication processes, proper chain of custody documentation, and technical standards to ensure reliability and admissibility in court proceedings.

Topics

Legal and regulatory | Cybersecurity

Need for balance between surveillance/security and privacy rights

Speakers

– Jacqueline Pegato
– Umar Khan
– Peter Swire

Arguments

Spyware tools are increasingly used beyond legitimate law enforcement, eroding democratic institutions and requiring strict judicial oversight

Courts should establish strict criteria for spyware use, including prior judicial authorization and constitutional interpretation updated for contemporary intrusion standards

Surveillance is necessary for cybersecurity but must balance legality, proportionality, and transparency while protecting constitutional rights to privacy and dignity

Courts need mechanisms like qualified protective orders for handling sensitive information, including in-camera hearings

Summary

Speakers agreed that while surveillance and security measures are necessary for cybersecurity, they must be balanced with privacy rights through proper legal frameworks, judicial oversight, and constitutional protections.

Topics

Human rights | Cybersecurity

Similar viewpoints

Both speakers emphasized that digital evidence evaluation should follow consistent principles regardless of origin, and that courts need robust cybersecurity infrastructure including backup systems to protect against cyber threats.

Speakers

– Eliamani Isaya Laltaika
– Peter Swire

Arguments

Digital evidence assessment follows the same principles regardless of jurisdiction, with no discrimination between domestic and foreign evidence

Courts need backup systems and offline storage to protect against ransomware attacks that could lock up judicial files

Courts can leverage government data centers for security standards rather than operating in isolation

Topics

Legal and regulatory | Cybersecurity | Infrastructure

Both speakers highlighted gaps in legal frameworks and the need for comprehensive reforms to address digital rights violations, particularly emphasizing the challenges faced by vulnerable groups in accessing justice through digital evidence.

Speakers

– Jacqueline Pegato
– Marin Ashraf

Arguments

Brazil has constitutional right to data protection and comprehensive LGPD law but lacks criminal data protection framework

Digital evidence in online gender-based violence cases often fails to meet burden of proof due to authentication certificate difficulties and lack of platform cooperation

Criminal justice systems need ecosystem-level changes in sensitization and inclusive policies for handling online violence cases

Topics

Human rights | Legal and regulatory

Both speakers emphasized the risks posed by AI technology in legal proceedings and the need for courts to develop systematic approaches to verify AI-generated content while building institutional resilience against cyber threats.

Speakers

– Peter Swire
– Jacqueline Pegato

Arguments

AI systems can have hallucinations and generate fake citations, requiring judges to double-check sources and citations

Courts should distinguish between predictive AI technology and definitive evidence when assessing reliability

Judges should sample-check citations when there are too many to verify individually

Judicial systems should have cybersecurity protocols and contingency plans to strengthen institutional resilience

Topics

Legal and regulatory | Cybersecurity

Unexpected consensus

Cross-border cooperation and legal harmonization

Speakers

– Eliamani Isaya Laltaika
– Naza Nicholas
– Adriana Castro

Arguments

International collaboration mechanisms are necessary for data exchange and extraterritorial expertise in cybercrime cases

Legal harmonization across jurisdictions is needed to handle digital evidence uniformly and share best practices from diverse legal systems

Notification and contact information procedures present ongoing challenges in data protection investigations

Explanation

Despite representing different legal systems (Tanzania’s common law, Brazil’s civil law, and Colombia’s hybrid system), speakers showed unexpected consensus on the need for international cooperation and harmonized approaches to digital evidence, suggesting that technological challenges transcend traditional legal system boundaries.

Topics

Legal and regulatory | Jurisdiction

Multi-stakeholder approach to judicial reform

Speakers

– Eliamani Isaya Laltaika
– Jacqueline Pegato
– Marin Ashraf

Arguments

Capacity building programs should invite judges to forums and designate specific training programs

Judges need continuous specialized training in cybersecurity, digital forensics, and data protection to address knowledge gaps

Courts must understand online vulnerabilities and the role of platforms and algorithms in amplifying harms against survivors

Explanation

Unexpectedly, a sitting judge (Laltaika) showed strong alignment with civil society advocates (Pegato and Ashraf) on the need for collaborative, multi-stakeholder approaches to judicial education and reform, breaking down traditional institutional silos.

Topics

Capacity development | Human rights | Legal and regulatory

Overall assessment

Summary

The discussion revealed strong consensus across all speakers on three main areas: the critical need for judicial capacity building in digital technologies, the importance of rigorous digital evidence authentication processes, and the necessity of balancing security measures with privacy rights. Speakers also agreed on the need for international cooperation and multi-stakeholder approaches to address digital justice challenges.

Consensus level

High level of consensus with significant implications for digital justice reform. The agreement between judicial officials and civil society advocates suggests a shared understanding of the challenges and potential for collaborative solutions. This consensus indicates readiness for systematic reforms in judicial systems globally, including harmonized standards for digital evidence, comprehensive training programs, and balanced approaches to surveillance and privacy rights. The unexpected alignment between different legal traditions and stakeholder groups suggests that technological challenges are creating common ground for judicial reform across diverse legal systems.

Different viewpoints

Approach to cybersecurity infrastructure for courts

Speakers

– Peter Swire
– Eliamani Isaya Laltaika

Arguments

Courts need backup systems and offline storage to protect against ransomware attacks that could lock up judicial files

Courts can leverage government data centers for security standards rather than operating in isolation

Summary

Professor Swire advocates for courts to have independent backup systems and offline storage as protection against ransomware, while Judge Laltaika argues that courts should integrate with government data centers rather than operate independently for security

Topics

Cybersecurity | Infrastructure

Scope of spyware regulation

Speakers

– Jacqueline Pegato
– Umar Khan

Arguments

Spyware tools are increasingly used beyond legitimate law enforcement, eroding democratic institutions and requiring strict judicial oversight

Surveillance is necessary for cybersecurity but must balance legality, proportionality, and transparency while protecting constitutional rights to privacy and dignity

Summary

Jacqueline takes a more restrictive stance on spyware, arguing it erodes democratic institutions and should face strict judicial oversight, while Umar Khan sees surveillance as necessary for cybersecurity with appropriate balancing of rights

Topics

Human rights | Cybersecurity

Unexpected differences

Individual vs. institutional approach to judicial cybersecurity

Speakers

– Peter Swire
– Eliamani Isaya Laltaika

Arguments

Courts need backup systems and offline storage to protect against ransomware attacks that could lock up judicial files

Courts can leverage government data centers for security standards rather than operating in isolation

Explanation

This disagreement is unexpected because both speakers are cybersecurity experts, yet they have fundamentally different philosophies about whether courts should have independent security infrastructure or integrate with government systems. This reflects deeper questions about judicial independence versus efficiency

Topics

Cybersecurity | Infrastructure

Overall assessment

Summary

The discussion showed remarkable consensus on the need for judicial modernization, capacity building, and better digital evidence handling, with disagreements mainly on implementation approaches rather than fundamental goals

Disagreement level

Low to moderate disagreement level. Most speakers agreed on core principles but differed on specific methodologies and priorities. The main tensions were between individual versus institutional approaches to security, and between restrictive versus balanced approaches to surveillance. These disagreements reflect practical implementation challenges rather than fundamental philosophical differences, suggesting good potential for collaborative solutions.

Partial agreements

Similar viewpoints

Both speakers emphasized that digital evidence evaluation should follow consistent principles regardless of origin, and that courts need robust cybersecurity infrastructure including backup systems to protect against cyber threats.

Speakers

– Eliamani Isaya Laltaika
– Peter Swire

Arguments

Digital evidence assessment follows the same principles regardless of jurisdiction, with no discrimination between domestic and foreign evidence

Courts need backup systems and offline storage to protect against ransomware attacks that could lock up judicial files

Courts can leverage government data centers for security standards rather than operating in isolation

Topics

Legal and regulatory | Cybersecurity | Infrastructure

Both speakers highlighted gaps in legal frameworks and the need for comprehensive reforms to address digital rights violations, particularly emphasizing the challenges faced by vulnerable groups in accessing justice through digital evidence.

Speakers

– Jacqueline Pegato
– Marin Ashraf

Arguments

Brazil has constitutional right to data protection and comprehensive LGPD law but lacks criminal data protection framework

Digital evidence in online gender-based violence cases often fails to meet burden of proof due to authentication certificate difficulties and lack of platform cooperation

Criminal justice systems need ecosystem-level changes in sensitization and inclusive policies for handling online violence cases

Topics

Human rights | Legal and regulatory

Both speakers emphasized the risks posed by AI technology in legal proceedings and the need for courts to develop systematic approaches to verify AI-generated content while building institutional resilience against cyber threats.

Speakers

– Peter Swire
– Jacqueline Pegato

Arguments

AI systems can have hallucinations and generate fake citations, requiring judges to double-check sources and citations

Courts should distinguish between predictive AI technology and definitive evidence when assessing reliability

Judges should sample-check citations when there are too many to verify individually

Judicial systems should have cybersecurity protocols and contingency plans to strengthen institutional resilience

Topics

Legal and regulatory | Cybersecurity

Key takeaways

Courts must establish five key considerations for digital evidence admissibility: relevance, authenticity, integrity of system, chain of custody, and statutory compliance, with no discrimination between domestic and foreign evidence

AI-generated evidence poses new challenges as AI systems can hallucinate and create fake citations, requiring judges to double-check sources and sample-verify citations when volume is too large

Digital authentication requires two-factor verification and digital signatures using mathematical hash operations to ensure document integrity from sender to receiver

State surveillance tools like spyware require strict judicial oversight with prior authorization, constitutional interpretation updated for contemporary intrusion standards, and balance between security needs and privacy rights

Online gender-based violence cases face unique challenges with digital evidence authentication and platform cooperation, requiring courts to understand online vulnerabilities and algorithmic harm amplification

Cross-border digital evidence cooperation requires legal harmonization across jurisdictions and international collaboration mechanisms for data exchange in cybercrime cases

Judicial capacity building is critical as many judges lack knowledge of digital evidence, cybersecurity, and data protection, creating risks of wrongful convictions

Courts need robust cybersecurity infrastructure including backup systems, offline storage, and contingency plans to protect against ransomware attacks and maintain judicial operations

Resolutions and action items

Continue bridging the divide between multi-stakeholder community and judiciary through IGF sessions to transform judicial institutions

Develop technical and legal standards for digital chain of custody including metadata preservation, access logs, authentication layers and independent audit trails

Establish training programs for judges in cybersecurity, digital forensics, and data protection through judicial academies and capacity building initiatives

Create multistakeholder dialogue platforms among courts, technologists, civil society and policymakers for collaborative judicial system evolution

Update legal frameworks to address contemporary digital crimes and recognize newer forms of online violence like gender trolling and doxxing

Implement cybersecurity protocols and contingency plans to strengthen institutional resilience against cyber threats

Advocate for comprehensive criminal data protection frameworks in jurisdictions lacking such legislation

Unresolved issues

How to effectively balance state surveillance needs for cybersecurity with individual privacy rights and fair trial guarantees in practice

Lack of platform cooperation in providing digital evidence for law enforcement requests, causing delays and evidence gaps

Notification and contact information procedures in cross-border data protection investigations remain challenging

Outdated legal frameworks cannot adequately address rapidly evolving digital crimes and technologies

Resource constraints in developing comprehensive backup systems and cybersecurity infrastructure for courts

Gaps in criminal data protection frameworks in various jurisdictions including Brazil

Difficulty obtaining authentication certificates for digital evidence, particularly when complainants lack access to computer resources

Privacy threats and chain of custody concerns when digital devices must be submitted to law enforcement

Suggested compromises

Use qualified protective orders allowing judges to review sensitive evidence in-camera or close courtrooms only for sensitive information while maintaining transparency for other proceedings

Implement sample-checking of citations when full verification is not feasible due to volume constraints

Leverage existing government data center infrastructure for judicial cybersecurity rather than courts operating in isolation

Establish strict criteria for spyware use analogous to existing regulations for other confidentiality breaches while allowing legitimate law enforcement applications

Develop progressive data protection laws with in-camera hearing provisions to balance transparency with privacy protection

Create mechanisms for legitimate government access to data with proper judicial oversight while maintaining privacy and data protection when rights need to be upheld

Digital evidence is a newcomer in the development of law and judiciaries all over the world. It started in the late 70s in the U.S. Before that, only hard copies were used to prove something that has happened or not… each one of you is currently creating digital evidence or electronic evidence from the pictures you are taking, from your geolocation, from the voices you are sending over WhatsApp.

Speaker

Eliamani Isaya Laltaika

Reason

This comment was particularly insightful because it reframed digital evidence from an abstract legal concept to something personally relevant to every participant. By connecting everyday digital activities to evidence creation, Judge Laltaika made the technical discussion accessible and highlighted the ubiquity of digital footprints in modern life.

Impact

This observation shifted the discussion from theoretical legal principles to practical, personal implications. It helped establish the relevance of the topic for all participants and set the foundation for understanding why digital evidence standards matter for everyone, not just legal professionals.

We know that AI can have hallucinations. We’ve seen law cases in the United States where a lawyer just put in a question to the AI system and got back case citations that were not true. They made them up. Because AI and large language models use predictive technology, not definite technology.

Speaker

Peter Swire

Reason

This comment introduced a critical distinction between predictive and definitive technology that fundamentally challenges how courts might approach AI-generated evidence. The concept of AI ‘hallucinations’ in legal contexts represents a new category of evidentiary risk that traditional legal frameworks weren’t designed to handle.

Impact

This insight prompted a deeper discussion about verification methods and introduced the need for new protocols like citation checking. It elevated the conversation from basic digital evidence authentication to the more complex challenge of AI-generated content, influencing subsequent discussions about verification standards.

When surveillance happens outside transparent legal frameworks, courts are sidelined and unable to guarantee fundamental rights they are tasked to protect… the nature of how they work and their affordances move way beyond traditional investigative methods, such as telephonic interceptions.

Speaker

Jacqueline Pegato

Reason

This comment was thought-provoking because it highlighted how advanced surveillance technologies can undermine judicial authority itself. By pointing out that spyware capabilities exceed traditional investigative methods, Pegato challenged the adequacy of existing legal frameworks and raised questions about institutional power balance.

Impact

This observation shifted the discussion from technical evidence handling to broader questions of judicial oversight and democratic accountability. It introduced the concept that technology might be outpacing the law’s ability to maintain checks and balances, prompting discussions about constitutional interpretation and regulatory gaps.

In many cases, even if the prosecution fails to even submit digital evidence, and the main barrier here comes from the lack of cooperation from the digital platforms, like social media platforms, in responding to requests from law enforcement agencies to provide information.

Speaker

Marin Ashraf

Reason

This comment revealed a critical gap between legal authority and practical enforcement in the digital age. It highlighted how private platforms’ cooperation (or lack thereof) can determine access to justice, particularly for vulnerable populations like survivors of online gender-based violence.

Impact

This insight broadened the discussion beyond technical evidence standards to include jurisdictional and corporate accountability issues. It introduced the concept that justice outcomes might depend on private companies’ policies and responsiveness, adding a new dimension to the conversation about digital justice.

There’s a principle the honorable judge will know that innocent until proven guilty… there are certain challenges which are often faced by the defendants in the digital crimes. And I will just mention a few of them. One of them is like updating outdated law legislations because every day new thing is happening in the digital world.

Speaker

Umar Khan

Reason

This comment was insightful because it highlighted the tension between fundamental legal principles and rapidly evolving technology. Khan pointed out that the speed of technological change creates a structural challenge for legal systems that rely on precedent and established procedures.

Impact

This observation prompted discussion about the need for adaptive legal frameworks and continuous judicial education. It shifted focus to the systemic challenge of keeping legal systems current with technological developments, influencing later discussions about capacity building and international cooperation.

So the judiciary does not operate in silo, like it has its own way of preserving. No, we are part of the government. So the standard of security that applies to records of parliament or state house applies to the court as well.

Speaker

Eliamani Isaya Laltaika

Reason

This comment challenged assumptions about judicial independence in cybersecurity contexts. It revealed how digital infrastructure requirements might blur traditional separations between branches of government, raising questions about both security benefits and potential vulnerabilities.

Impact

This insight prompted discussion about institutional cybersecurity strategies and highlighted practical considerations for court system protection. It added a governance dimension to the technical discussion and influenced thinking about collaborative approaches to judicial cybersecurity.

Overall assessment

These key comments collectively transformed the discussion from a technical examination of digital evidence procedures into a comprehensive exploration of how technology is reshaping fundamental aspects of justice systems. The most impactful insights connected abstract legal concepts to personal experience, revealed gaps between legal authority and practical enforcement, and highlighted how technological change challenges traditional legal frameworks. The comments created a progression from individual evidence handling to systemic questions about judicial authority, democratic oversight, and institutional adaptation. This evolution helped establish the session’s central theme: that digital transformation requires not just new technical skills, but fundamental reconsideration of how justice systems operate in the digital age. The discussion successfully bridged technical, legal, and policy perspectives, achieving the stated goal of bringing judiciary concerns into the broader internet governance conversation.

How do we protect institutions from cyber threats?

Speaker

Naza Nicholas

Explanation

This was identified as question number three in the introduction, highlighting the need for institutional cybersecurity measures to protect judicial systems

AI and justice – Can we trust machines, machine learning in evidence analysis or sentencing?

Speaker

Naza Nicholas

Explanation

This was identified as question number four, addressing the critical issue of AI reliability in judicial decision-making processes

Training gaps – Judges need continuous specialized training to keep up with emerging tech and things like AI

Speaker

Naza Nicholas

Explanation

This highlights the ongoing need for judicial education and capacity building in digital technologies

What other protocols must be in place to ensure that alleged digital evidence is properly authenticated beyond digital forensics?

Speaker

Participant (Marta)

Explanation

This question arose from the Ola Bini case in Ecuador, emphasizing the need for comprehensive protocols to prevent misuse of digital evidence

How to handle contact information and notification issues in cross-border data processing cases?

Speaker

Adriana Castro

Explanation

This addresses practical challenges in international cooperation for digital evidence collection and data protection compliance

How to protect sensitive personal data during judicial proceedings while ensuring fair trial rights?

Speaker

Adriana Castro

Explanation

This concerns balancing transparency in legal proceedings with privacy protection, especially for sensitive personal information

Development of criminal data protection framework in jurisdictions that lack comprehensive cyber crime laws

Speaker

Jacqueline Pegato

Explanation

This addresses legislative gaps in countries like Brazil that have data protection laws but lack specific criminal frameworks for data-related crimes

How to update outdated legislation to address rapidly evolving digital crimes?

Speaker

Umar Khan

Explanation

This highlights the challenge of keeping legal frameworks current with technological developments in cybercrime

How to establish judicial training programs and capacity building initiatives across different jurisdictions?

Speaker

Multiple speakers (Eliamani Laltaika, Umar Khan)

Explanation

This addresses the urgent need for systematic education of judges and legal professionals in digital evidence and cybersecurity matters

How to improve cooperation between digital platforms and law enforcement agencies for evidence collection in online gender-based violence cases?

Speaker

Marin Ashraf

Explanation

This addresses practical barriers in obtaining digital evidence from social media platforms and service providers for prosecution of online violence cases