Abstract
Cloud computing poses challenges to criminal investigation and prosecution, according to a report published on 11 February 2013 by the Tilburg Institute for Law, Technology, and Society (TILT). Cloud computing involves outsourcing data storage and data processing, often to foreign service providers. The problems this creates for law enforcement are not new, but they acquire a new urgency through the fundamental shift once citizens and industry put data in the cloud on a large scale.
In cloud computing, it is often difficult to determine where data are stored exactly. Storage is distributed over different locations and dynamic in character. The 'loss of location' of the cloud fundamentally challenges the territorial orientation of law enforcement. This challenge should be met in legislation, policy, and practice.
The legislator should reconsider the legal framework's system of criminal law in relation to Internet providers. Cloud service providers do not seamlessly fit into concepts of 'communications provider' or 'telecommunications provider'. Moreover, the legal distinction between stored data and data in transit becomes fuzzy.
For public policy, challenges are to develop a barrier model for cloud-related cybercrime, to stimulate information security in cloud computing, and to developing a strategy to learn to live with the 'loss of location'. Besides investing in co-operation with foreign governments and cloud providers, cloud computing also forces governments to reconsider the meaning of sovereignty in a networked society.
Law-enforcement practice will have to better utilise computer and network searches and Internet interception in an age in which data are no longer stored on local hard disks but somewhere 'in the clouds'. This requires expertise as well investing in streamlining mutual legal assistance with foreign countries.
The report concludes that for the time being, cloud computing offers more impediments than opportunities for the investigation and prosecution of crime. If legislation, public policy, and legal practice manage to devise a new, systematic, and balanced regulatory framework and practice for investigating the cloud, they can make a virtue of necessity.
The report, B.J. Koops, R. Leenes, P. De Hert & S. Olislaegers (2012), Misdaad en opsporing in de wolken. Knelpunten en kansen van cloud computing voor de Nederlandse opsporing, Tilburg/The Hague: TILT/ WODC, October 2012, is available in Dutch, with an English summary, at http://www.wodc.nl/onderzoeksdatabase/cloud-computing.aspx
In cloud computing, it is often difficult to determine where data are stored exactly. Storage is distributed over different locations and dynamic in character. The 'loss of location' of the cloud fundamentally challenges the territorial orientation of law enforcement. This challenge should be met in legislation, policy, and practice.
The legislator should reconsider the legal framework's system of criminal law in relation to Internet providers. Cloud service providers do not seamlessly fit into concepts of 'communications provider' or 'telecommunications provider'. Moreover, the legal distinction between stored data and data in transit becomes fuzzy.
For public policy, challenges are to develop a barrier model for cloud-related cybercrime, to stimulate information security in cloud computing, and to developing a strategy to learn to live with the 'loss of location'. Besides investing in co-operation with foreign governments and cloud providers, cloud computing also forces governments to reconsider the meaning of sovereignty in a networked society.
Law-enforcement practice will have to better utilise computer and network searches and Internet interception in an age in which data are no longer stored on local hard disks but somewhere 'in the clouds'. This requires expertise as well investing in streamlining mutual legal assistance with foreign countries.
The report concludes that for the time being, cloud computing offers more impediments than opportunities for the investigation and prosecution of crime. If legislation, public policy, and legal practice manage to devise a new, systematic, and balanced regulatory framework and practice for investigating the cloud, they can make a virtue of necessity.
The report, B.J. Koops, R. Leenes, P. De Hert & S. Olislaegers (2012), Misdaad en opsporing in de wolken. Knelpunten en kansen van cloud computing voor de Nederlandse opsporing, Tilburg/The Hague: TILT/ WODC, October 2012, is available in Dutch, with an English summary, at http://www.wodc.nl/onderzoeksdatabase/cloud-computing.aspx
Original language | Dutch |
---|---|
Place of Publication | The Hague |
Publisher | WODC |
Number of pages | 69 |
Publication status | Published - 2012 |
Keywords
- cyber crime