Teutas - Diritto & Tecnologia

1. Introduction
The Council of the European Union has recently recommended that Member States should undertake clandestine remote searches of computers of suspects, if provided for under national law (Council of the European Union, 2008). This paper analyses the likely issues member states are going to face if legislating for this new type of investigative tool, drawing from the experience that Germany has made in its attempt of regulating the use of remote forensic tools by law enforcement agencies.
Recent developments in artificial intelligence and computer science have influenced the way police forces and law enforcement agencies are operating and combating crime. The evolvement of autonomous and semi-autonomous technologies has led to the adoption of new methods of investigating and gathering evidence.

This new generation of technologies, such as autonomous agent software and Trojans, features unique abilities, which considerably distinguish them from existing technologies currently used in investigations. During investigations, these technologies are able to go beyond the mere execution of operator commands, and act autonomously. Their autonomous decision making ability allows them to replace at least some of the functions previously performed by human officers, and without the direct supervision of a human controller. This raises the question if rules that confer legal rights to human officers can apply in analogy to agents, and if rules that are designed to restrain the police in interfering with citizen's rights can be circumvented by using technology (Schafer, 2006).

2. From Federal Trojans and Other Investigation Tools

2.1 The German "Federal Trojan"
During a recent investigation against a suspect in a terror case, the German Prosecution authorities suspected that information crucial to the investigation might be stored on the suspect's computer (Hornung, 2007). Therefore, the attorney general applied to the investigating judge in charge for a warrant to secretly search the private computer of the suspect. The application asked for permission to investigate the data stored on the hard disk and the working memory of the computer. To accomplish this, a specifically designed computer program was to be planted on the suspect's computer without raising his suspicion. This program would then copy all data stored on the computer and subsequently transfer it back to the investigating authority for evaluation. In addition to files stored on the computer, access was also asked for email traffic and information about visited websites (Leipold, 2007).
To prepare the ground for the analysis in the second part of this paper, we will now try to give some indications on how the technology is likely to work. There are few details available at the moment about the precise nature of the proposed "remote forensic tool" (RFS). The focus of this paper is on the use of software that shares crucial features with well known malware, in particular viruses and Trojans. Both can be used to access and extract personal data from targets, and hence are equally suitable for data collection by police authorities. The advantage of using these technologies is that they are designed to disguise as something harmless, when they actually include malicious or harmful code, and therefore trick the suspect into installing them. However, as with their criminal counterparts, police Trojans require the unwitting cooperation of the target. This can happen through opening an email, for instance an email that purports to come from a bona fide state agency such as the local council or the department for pensions. For obvious reasons, police investigators would have little difficulty generating emails that cannot be distinguished from genuine information coming from other public authorities by spam filters and similar software - indeed; these public authorities may well be the source of the email which carries the Trojan as a payload on behalf of the police. It might not even be necessary to fake sender addresses and other identifying data embedded in an email.

2.2 An individual case?
The use of Trojan or similar software for investigation purposes by law enforcement authorities is an entirely novel approach in Germany, and we will show how this causes legal and technical problems later in this paper. Other countries have also realised the need for new investigation tools along similar lines. However, it is unknown whether these countries are using similar technologies or following a different approach. For a discussion on the regulation of these technologies, it is relevant to establish whether the use of RFS tools for investigation purposes is an international phenomenon. For the purpose of this paper, we will briefly analyse the situation in two other countries, the United States and Austria. In both countries, there has been a recent discussion on the use and design of new software based investigation tools.
In the United States, software based investigation tools, employed by the FBI, which are designed to monitor communication via ICTs connected to the internet have been around since at least 1999 (Poulsen, 2007). The first tool designed and used by secret intelligence agencies whose existence was revealed to the public is a system called Carnivore. This surveillance tool is installed at a hardware intersection between the suspect's computer and the Internet, therefore typically on a computer of the suspect's Internet service provider (ISP). It then captures any information exchanged between the suspect's computer and the ISP, such as emails and IP addresses: thereby, allegedly, only transmitting information about people or email addresses specified in the warrant permitting the use of the tool (Forno, 2000).
Carnivore was replaced by a piece of software called Magic Lantern. This tool is more advanced insofar as it is possible to directly install it on the suspect's computer. Therefore, no third party is involved in the surveillance process. The software is embedded into a virus or Trojan, and deceptive email attachments or vulnerabilities in operating systems are used to infiltrate the suspect's system. It is designed to monitor the keystrokes typed by the suspect, which can then be analysed by the authorities to extract passwords (Poulsen, 2007).
The most recent software based investigation and surveillance tool that was developed in the US for use by authorities is the Computer and Internet Protocol Address Verifier (CIPAV). This tool is a piece of software that is, again, installed directly on the suspect's computer. It is able to capture a variety of information, such as IP address, Ethernet MAC addresses, a list of open TCP and UDP ports, running programs, operating system type and serial number, default browser, the registered user of the operating system and the last visited URL (Poulsen, 2008). It therefore offers real-time access to the targeted computer's hard-drive. Furthermore, having captured and transferred back to the operator this information, the CIPAV remains active on the suspect's system in form of a "pen register" for 60 days, monitoring internet use (Poulsen, 2007).
All three tools have in common that they covertly monitor suspect's computers. The targeted persons might never find out that these tools were used to gather information on them.
The extend to which these tools have been and are being used is difficult to determine. Information about this is sensitive and only on rare occasions made public. There is one reported case where the CIPAV software was used to monitor a person suspected of emailing bomb threats against a Washington high school in 2007 (Poulsen, 2007).
Austria has a different approach to the topic of the covert online search of suspect's computers. Currently theoretical discussions are considering whether the search of a suspect's computer using a RFS tool would be legal and desirable. A working group of the Federal Ministry for Internal Affairs and Justice has compiled and recently published a report on this, recommending that the covert online search of a suspect's computer using a RFS tool should generally be allowed (Bundesministerielle Arbeitsgruppe, 2008). However, it should only be applied in cases where a sentence of 10 years in prison or more is expected, and a judge has issued a warrant explicitly granting the use of such a tool. Furthermore, the suspect should be under strong suspicion (Tagesspiegel, 2007). It is anticipated that a law complying with these guidelines, allowing an online search using a RFS tool, will be passed in the near future.
The above short analysis has shown that both countries are either introducing or already using new investigation tools that are designed to remotely search a suspect's computer, to copy data and subsequently transmit it to the operator. Therefore, both countries are equally concerned with designing RFS tools, such as Trojans, for the use by law enforcement agencies. This shows that Germany's "Federal Trojan" is not an isolated case, but that this is an international phenomenon.

3. Remote Forensic Software Investigation Tools - Abilities and Challenges
RFS tools, such as Trojans, possess a number of unique attributes. Firstly, these new investigation tools are mobile. Mobile in this context means that they can move across different machines and architectures, using the internet as transportation means (d'Inverno and Luck, 2001). As highlighted by the examples analysed above, there is no need for them to be directly implemented on a suspect's computer. This causes several potential issues. For example, a German Trojan can report on a German suspect even if he (and his laptop) is abroad (problem of territoriality), and the Trojan can migrate across platforms (problem of the specificity of warrants etc).
Furthermore, they are (semi) autonomous. This can potentially cause a number of problems. For example, in Germany the law ties legal consequences to relevant mental states of police officers or prosecutors. German laws regulating police powers often use intensionalistic vocabulary to attribute responsibility and permission for investigative actions to individual human officers. A typical example is the notion of Anfangsverdacht "having an initial suspicion" (§§ 152, 160 StPO) that triggers rights to stop and search. Hence, if the RFS tool replaces a human officer and can act with a certain degree of autonomy the notion of Anfangsverdacht would have to be applied to software programs
Moreover, because these tools can work autonomously without the direct intervention of a human controller, their search is not limited to a specific time period. Hence, they are (potentially) ubiquitous and "always on". This challenges the balance between privacy and state interest that, for example, present laws of evidence try to strike, and blurs the boundaries between "pre-emptive" surveillance and directed crime investigation. The ontology presumed by existing privacy laws in liberal societies is a world where the "norm" is the absence of state interference, unless well defined conditions trigger a power by the state to "intrude" this private sphere. It is at least arguable if this ontology still makes sense in an environment where we constantly broadcast private information to the world, and the triggering conditions merely regulate the extend to which of this information can be intercepted.
It also blurs the private-public boundary, as similar technology is also used (legitimately and illegitimately) by private organisations. This has the potential that the same technologies that protect users from "genuine" malware would also be efficient against police operated RFTs, raising the issue of the boundaries of "self help" against legitimate police activities.

4. Problems
The last paragraph has highlighted that the design of these new investigation tools gives raise to several problems. These problems can generally be categorised into two groups. The first group are problems related to the use of the technology. These can be subdivided into technical and legal problems. For the scope of this article the focus will be on the technical problems, with only a brief outlook on the legal problems emerging from the use of these technologies.
The second group are problems related to the use of the data collected by these investigation devices. Again, these can be divided into two subcategories; the analysis of the obtained data and the use of the data as evidence in court proceedings.

4.1 Technical Problems
Several considerable technical problems exist when using RFS tools in the investigation of crime and it has been questioned in how far this undertaking is technically feasible at all (Buermeyer, 2007). By far not all problems can be mentioned or analysed within the scope of this article. Below, WE will briefly outline the most pressing problems.
The first serious technical hurdle that needs to be overcome is the implementation of the RFS tool on the targeted system. The different options of infiltration have been outlined above (see 3.1). The problem authorities face with any of those options is the circumvention of anti-virus products. Essentially, a Federal Trojan, virus or rootkit is from a design perspective nothing else than a piece of malware. As Hilley points out, ‘well in excess of 200,000 different examples of viruses, worms, Trojan horses, and spyware and adware are detected by security products already, and these anti-virus products are improving all the time in their detection of previously unseen malware'(Hilley, 2007). These products are designed to detect any software that appears to be harmful and aims to gain unauthorised access to a computer. The problem is that any government-designed RFS investigation tool features these attributes and may therefore be detected by anti-virus products because they are not able to differentiate between a Federal Trojan and a malicious Trojan. The risk of detection is, as Casey and Stanley point out, that suspects under investigation may be alerted by the investigators activities, and observe or subvert the communication with the remote system (Casey and Stanley, 2004). Furthermore, if detected by the anti-virus system, suspects could potentially make a copy of the RFS tool and use it to spy on other people.
A possible solution to the detection by anti-virus products could be the collaboration with security software vendors. Authorities would have to ask vendors to deliberately not detect RFS investigation tools. However, customers purchase these products to be protected of any malware trying to infiltrate the system. Therefore, if security software vendors would agree to collaborate with authorities to deliberately not detect governmental-designed spy ware the risk that consumers lose trust in their products could be significant. Security Consultant Graham Cluley from anti-virus firm Sophos says that if a customer forwards a Trojan horse suspecting that it is used to spy on him they will provide protection against it. He argues that it is impossible to establish to the user whether the software was designed by authorities, and even if so, if it was indeed used by them to investigate a suspect, or if it had been commandeered by a third party (Hilley, 2007). Purposefully not detecting governmental-designed malware also means creating a security loophole in the anti-virus software. This could potentially be exploited to infiltrate computers with non-governmental malware.
Furthermore, companies that provide anti-virus software are not necessarily in the same jurisdiction as the suspect in question. The incentive for a US company to cooperate with German police, to the disadvantage of its customers, is minimal. Indeed, they may well fall foul of the respective privacy laws of their domicile. Even more difficult would be the regulation of open source based anti-virus tools, which are used by diffuse communities and not easily identifiable legal entities. The question is whom the vendors (if anyone at all) should obey? The German government has therefore decided at this stage not to collaborate with anti-virus software vendors (BT-Drucksache 16/4995).
Assuming that the tool is successfully installed on the computer using one of the above-mentioned methods and having successfully circumvented anti-virus software, a further technical problem arising is the necessity of an internet connection. RFS tools can only access a computer of a suspect that is connected to the internet. Equally, an internet connection is necessary to transfer back the captured data to the operator. This means that if the computer is disconnected from the internet before or during the investigation, the RFS tool can not be successfully installed or the captured data not transferred to the operator.

4.2 Legal Problems
The abilities of this technology and its intended use can potentially be very useful for crime investigations, but also give raise to several legal issues (Abel, 2009). In this section, we will briefly analyse in how far the existing German legal system offers a solution to solve this dichotomy.
On the 25 November 2006, the investigating judge of the federal court, the Bundesgerichtshof (BGH), declined the application by the attorney general to search a suspect's computer using an RFS tool. The attorney general appealed against this decision to the BGH, claiming that articles 102 , 110 and 94 of the Criminal Code (Strafprozessordnung- StPO) allowed for such a search. The court disagreed, rejecting in its judgement the analogy between a traditional search of physical premises and clandestine searches of a computer, including real time internet traffic, through a remote device (BGH, NJW 2007, 930). Therefore, it concluded that no legal authorisation existed at that time under German law permitting the use of RFS tools in crime investigations by law enforcement agencies.
In parallel to the discussion at federal level, the state of Nordrhein-Westfalen has amended its "law for the protection of the constitution" (Verfassungsschutzgesetz) on 30 December 2006. Paragraph 11 was added to article 5 II of the Constitution Protection Act of Nordrhein-Westfalen (Verfassungsschutzgesetz Nordrhein-Westfalen - VSG NRW). This amendment permitted the secret observation and investigation of the internet, especially the undercover interception of communication via the internet and the secret access of its IT systems. This also would grant the legal basis for a secret online search of a private computer or laptop of a suspect by the constitutional protection agency. However, a constitutional complaint was filed against this amendment with the German Federal Constitutional Court (Bundesverfassungsgericht) challenging the amendment's constitutionality. The Federal Constitutional Court decided on 27 February 2008 that article 5 II paragraph 11 of the Constitution Protection Act of Nordrhein-Westfalen was not in accordance with the constitution and therefore unlawful (BVerfG, NJW 2008, 822). The decision was based on a "new" human right in the confidentiality and integrity of information technology systems, for the first time recognised explicitly by this court. The court in its reasoning derived this right from the fundamental rights in personal dignity and personality rights under articles 2 I in connection with 1 I of the Constitution (Grundgesetz - GG). This right can only be restricted, and therefore the use of RFS investigation tools by law enforcement agencies is only permissible, when significant higher ranking fundamental values, such as the life and integrity of others, or liberty or common goods essential for human existence, are in danger. While this in principle leaves open the use of RDF to prevent an imminent terrorist attack, it could not be used to retrospectively investigate one, nor for general prevention of acts of terrorism in the absence of a specific, imminent and clearly identified threat. However, a judge must authorise the use of such a tool on a case by case basis.

4.3 Analysis of the Data
Assuming that RFS investigation tools can be successfully and legally employed by authorities to monitor suspects, the amount of data that such a tool will collect during an investigation is potentially very large. The purpose of using these tools is to monitor any activity, and to copy all data and email traffic stored on the computer of the suspect. This allows investigators to gain, apart from relevant documents, access to passwords and encryption keys and an insight into the details of communication.
One of the reasons for using RFS tools during investigations is to increase efficiency and enhance capability while at the same time reducing manpower to achieve this. The data collection process will therefore be automated. This means that no human operator will actively decide what data is relevant and should therefore be copied and transmitted back. The problem with this is that even though RFS tools increase the efficiency of the data collection process and reduce the manpower required to collect this data, they cause problems when it comes to analysing the data. This is the case because they randomly collect any data stored on the computer or any email sent or received. Hence, along with information crucial to the investigation vast amounts of irrelevant data will also be transmitted. Potentially more problematic, highly sensible private data, such as medical and financial information or documents equivalent to diary entries could equally be copied and transmitted to the investigating authorities. To the extent that they form part of the "core" of private life, they enjoy specific protection by the constitution and are generally shielded from investigative activities (BVerfGE 80, 367). As a result, authorities are not permitted to analyse and use such data. At the very least, data of this nature that has been collected inadvertently has to be deleted and cannot be used for investigation purposes (BVerfGE 109, 279; 113, 348). This is in itself a very time consuming and labour intensive process. However, even more problematic is that the German Federal Court judgement has established as a requirement for the use of RFS tools by law enforcement authorities that this selection process has to be undertaken by an investigating judge, a state attorney, or a judicial officer (BVerfG, NJW 2008, 822). Currently, as Christoph Frank, head of the German Judges Association points out, the German judicial system lacks the manpower to do this (Frank, 2008).

4.4 Use As Evidence
When using traditional evidence acquisition methods, evidence is gained from static sources through physical interaction. This means, as Kenneally points out, that traditional digital evidence acquisition methods reflect the nature of the physical crime scene where time and space serve as boundaries (Kenneally, 2005). Traditionally, when computers are searched during investigations to secure potentially relevant data, the computer or hard-drive is seized and taken off-line to guarantee that no changes occur, and that the object will be in the same condition when the evidence is admitted, as it was when the crime occurred. Once this is done the relevant data is secured. By contrast, when authorities are using RFS tools to search computers and gain evidence, these computers are accessed remotely, remain in the control of the suspect, and have to be connected to the Internet before, during and after the search to operate the tool. This means that no physical source exists for later comparison with the admitted evidence. In other words, ‘a live image (or copy) can only be verified against itself from the point when acquisition occurred, whereas images of "dead" machines can be verified against the original media' (Kenneally, 2005).
Therefore, the problem with the acquisition of evidence using RFS tools is that not only is the source (the computer) not confiscated but also is it not a static environment but rather a flexible one, which can be manipulated. As a general rule, evidence from untrusted networks, such as the Internet, can always be subject to a challenge to its authenticity and reliability.
However, the source and environment are not the only problems involved in the use of data gathered by RFS tools as evidence. The design of the RFS tool, such as a Trojan, itself gives raise to further issues. Casey and Stanley, who point out that the use of tools that are not designed with the preservation of evidence in mind is risky, also highlight this (Casey and Stanley, 2004). Generally, as established above, RFS tools are nothing else than malware, designed to infiltrate computers and to collect data. Thus, the emphasis in this process is on collecting the data, not on collecting it legally.
Thus, the question is in how far digital data gathered using RFS investigation tools should be admitted as evidence in court. So far, no case law exists regarding the use of the technology by the epolice. In the UK at least however, a case involving the interaction between Trojans and digital evidence has shed some light on legal issues that are raised, and even though procedural law in Germany is different from the one that was applicable in the UK case , it gives us some indications of the issues that are likely to arise. The case of R v Aaron Caffrey highlights how difficult it is to solve problems in relation to these new technologies within the traditional legal frameworks (George, 2004). Caffrey was acquitted of a section 3(1) Computer Misuse Act 1990 offence of causing unauthorised modifications of computer material, allegedly having gained unauthorised administrator rights to Web services on the Port of Houston computer by using a known exploit within Microsoft software. He claimed in his defense that hackers had used a Trojan virus to gain control over his computer and launch programs to hack into the Port of Houston computer. Although no traces of a Trojan virus were found on his computer, and it was therefore highly unlikely that hackers had gained control over his computer, he was acquitted of the crime on the basis that the possibility that a Trojan virus had been installed on the computer and had destroyed itself, leaving no traces, could not be excluded.
This case highlights the legal uncertainty when dealing with these tools. It highlights how difficult it will be to analogously apply existing evidence laws to the use of RFS tools by law enforcement agencies. If it cannot be proven that a Trojan had not been installed on a computer, it will also be difficult to prove that a Trojan or similar software did not manipulate data during the evidence gathering process. Substantive and evidentiary issues seem, at least in Germany, to develop in parallel. As we have seen, the Constitutional court rejected the analogous application of laws permitting police to search physically the dwellings of a suspect and insisted on new, sui generis rules regulating RDF. Equally, the analogous application of the rules of handling, interpreting and storing physical evidence cannot simply be applied analogously to evidence collected by RFTs, as one of the most important features of traditional evidence, the independence of the evidence observed and the observer, cannot any longer be granted.

5. The Next Generation of Investigators
Technical advances have frequently challenged existing legal frameworks in the past. The response by legislators has often been an ad-hoc or tailor made solution. As Casey puts it, ‘frequently the legislation and the jurisdiction follow a tit-for-tat pattern, with the legislature responding to an unsavory decision with new laws, only to have the courts interpret the new legislation in light of technological advances'(Casey, 2008). This "special-case" legislation is drafted to specifically regulate one technology. However, this means that a small technological enhancement can cause major regulatory problems. The response by the German Constitutional Court with regards to RFS tools so far has followed this traditional regulatory model. The inevitable outcome of this approach, as highlighted above, is the need for post-investigation scrutiny first by the investigative judge and ultimately by the courts. Hence, the question is if an alternative approach, other than regulation through law, could regulate these technologies avoiding the above mentioned problems.
Potentially more promising could be regulation by software code. Software code can be regarded as the DNA of a technology. It determines the abilities and the degree of autonomy and intelligence of a technology. Hence, if designed properly the software code of RFS tools could enable these technologies to function in compliance with legislation, by making them ‘understand' the rights and limitations that apply to its investigative actions, and perform some of the legal reasoning described above. This method therefore offers the potential to create a new generation of investigators, law-abiding tools, which can replace human investigators in some investigation tasks.
To realise their full potential in the fight against crime, Trojans should ideally be able to address concerns "by design" (Schafer, 2006; Abel and Schafer, 2008). Ensuring, for example, that a Trojan that collects unsupervised suspicious data does not waste police resources by collecting information that due to its nature would be inadmissible in court, does not expose the police to litigation for civil rights violation and at the same time utilises all those additional powers granted to the police but not available to commercial agents, such as the penetration of firewalls or other manipulation of a computer system that would constitute a violation of the law if committed by a private person. For a specific type of software programs, autonomous agents, this idea has already been intensively studied. Trojans can be seen as a particularly simple form of autonomous agent, and for our purpose, everything that applies to the (software) code based regulation of agents also applies to Trojans. The need to imbue autonomous agents with explicit legal knowledge has already been recognised for commercial applications (Hahn, Fley and Florian, 2005). Hohfeld's formal system of rights and duties in particular has been proposed as a framework for agent communication languages (Krogh and Herrestad, 1999).
Other attempts at computational implementation of Hohfeld's theory have been developed in the wider AI and law community, but not with use for autonomous agents in mind. Layman Allan's language "A-Hohfeld" and Sergot's analysis of normative positions have been the most developed approaches so far (Sergot, 1999).
The following simple example can give an indication of the intended use of Hohfeld-type languages for addressing the problems we have identified above. If a police Trojan has accessed a suspect's computer and is searching the hard-drive for relevant data, it should ‘understand' that certain types of sensible, private data such as health records, is protected by the constitutional rights of the suspect, and is therefore "inaccessible" by the police. This should trigger a corresponding "disability" by the agent to collect information unless there is also a superseding "power" that overrules the suspect's constitutional rights on this occasion, and allows the exceptional violation. The Hohfeldian terms are represented formally as if-then rules. The documentation of these conditions would be part of the "header" of the program that the agent executes, ensuring continuous documentation of all the procedural steps that have been undertaken. In this example, the Trojan would stop analysing data once it "knows" it has accessed sensible, core-private data protected by the constitution. Consequently, the Trojan needs to be able to perform "defeasible" reasoning, applying a general rule first, but capable of revising the result of the rule application if exceptions are triggered. Giovanni Sartor has shown how these legal relations can be expressed formally in a system that combines action logic with a minimal deontic logic using a formalisation of basic legal concepts inspired by Hohfeld's work, but intended for agent communication (Sartor, 2006).

6. Conclusion
The current trend towards the development and use of RFS tools, such as Trojans, for investigation purposes by law enforcement agencies is challenging traditional legislation and regulatory concepts. The attempt to regulate these technologies in a traditional way, through law, produces ad hoc solutions and tailor-made legislation. This creates new ambiguities and the need for post-investigation scrutiny, which removes some of the advantages of these technologies (such as a reduction in the manpower required). Therefore, a principled, future proof approach, which is applicable to entire classes of investigative technologies, is needed. This could be achieved through designing law-abiding technologies, by "hard-wiring" the laws into the software code. Currently, the regulation through law is ahead of regulation through code. However, to successfully use and regulate these technologies in the future, this has to and will change soon.

References:

Abel, W., (2009) "Agents, Trojans and tags: the next generation of investigators", 23:1-2 International Review of Law, Computers & Technology (forthcoming).

Abel, W., Schafer, B., (2008) "Big Browser Manning the Thin Blue Line - Computational Legal Theory Meets Law Enforcement", 2 Problema, 51.

BGH, NJW 2007, 930.

BT-Drucksache 16/4995.

Buermeyer, U., (2007), "Die ‘Online-Durchsuchung' - Technischer Hintergrund des verdeckten hoheitlichen Zugriffs auf Computersysteme", 4 HRRS, 154.

Bundesministerielle Arbeitsgruppe ‘Online Durchsuchung', "Erweiterung des Ermittlungsinstrumentariums zur Bekämpfung schwerer, organisierter und terroristischer Kriminalitätsformen („Online-Durchsuchung") ", BMJ/BMI, March 2008.

BVerfG, NJW 2008, 822.

BVerfGE 80, 367.

BVerfGE 109, 279; 113, 348.

Casey, E., Stanley A., (2004),"Tool review - remote forensic preservation and examination tools", 1 Digital Examination, 284.

Casey, T., (2008), "Electronic Surveillance and the Right To Be Secure", 41:3 UC
Davis Law Review, 977.

Dutton, W. H., "Through the Network of Networks - The Fifth Estate", (2008) Working Paper Series, at http://ssrn.com/abstract=1134502.

Forno, R. F., (2000) "Who's Afraid of Carnivore? Not Me!", inforwarrior, at http://cryptome.org/carnivore-rf.pdf.

Frank C., in "Richter halten Kontrolle von heimlichen Online-Durchsuchungen für illusorisch", Heise 28.02.2008, at http://www.heise.de/newsticker/Richter-halten-Kontrolle-von-heimlichen-Online-Durchsuchungen-fuer-illusorisch--/meldung/104238.

George, E., (2004), "UK Computer Misuse Act - the Trojan virus defence Regina v Aaron Caffrey, Southwark Crown Court, 17 October 2003", 2 Digital Investigation.

Hahn, C., Fley, B., Florian, M., (2005), "Framework for the Design of Self-Regulation of Open Agent-based Electronic Marketplaces" in Proceedings of the 1st International Symposium on Normative Multiagent Systems (NorMAS2005) at http://72.14.207.104/search?q=cache:nBJUrfaGX1UJ:www.aisb.org.uk/publications/proceedings/aisb05/8_Normas_Final.pdf+Hahn+Fley+Florian+Agents&hl=en.

Hilley, S., (2007), "Trojan horse powers for the police", 4 Digital Investigation, 57.

Hornung, G., (2007) ,"Ermächtigungsgrundlage für die ‘Onlinedurchsuchung'?", 31 Datenschutz und Datensicherheit, 575-580.

d'Inverno M., Luck M., Understanding Agent Systems, (Berlin: Springer, 2001)

Kenneally, E.E., (2001), "Gatekeeping Out Of The Box: Open Source Software As A Mechanism To Assess Reliability For Digital Evidence", 6 Virginia Journal of Law and Technology 13, 73.

Kenneally, E. E., (2005), "Confluence of Digital Evidence and the Law: On the Forensic Soundness of Live-Remote Digital Evidence Collection", 9 (2) UCLA Journal of Law and Technology, 3.

Krogh, C., Herrestad, H., (1999), "Hohfeld in cyberspace and other applications of normative reasoning in agent technology", 7 Artificial Intelligence and Law, 81-96.
Sergot,M., (1999) "Normative Positions" in P McNamara and H Prakken (eds), Norms, Logics and Information System, IOS Press Amsterdam, pp. 289-308.

Leipold, K., (2007), "Die Online-Durchsuchung", 4 Neue Juristische Wochenschrift Spezial, p135.

Lindahl, L., "Position and Change: A Study in Law and Logic" 1997; Ross, A.,"Directives and Norms", 1968.

Mueller, R. S., "From 9/11 to 7/7: Global Terrorism Today and the Challenges of Tomorrow", Chatham House, April 2008, at http://www.chathamhouse.org.uk/files/11301_070408mueller.pdf.

Nikkel, B. J., (2006) "Improving evidence acquisition from live network sources", 3 Digital Investigation, 89.

Perl, R. F., "Terrorist Use of the Internet: Threat, Issues, and Options for International Co-operation", Organization for Security and Co-operation in Europe, April 2008, at http://www.osce.org/documents/cio/2008/04/30594_en.pdf.

Poulsen, K., "FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats", Wired 18.07.07, at http://www.wired.com/politics/law/news/2007/07/fbi_spyware.

Poulsen, K. , "FBI's Sought Approval for Custom Spyware in FISA Court", Wired 06.02.2008, at http://blog.wired.com/27bstroke6/2008/02/secretive-surve.html.

Sartor, G., (2006), "Fundamental Legal Concepts: A Formal and Teleological Characterisation", 14 Artificial Intelligence and Law 14, 101-142.

Schafer, B., (2006) "The Taming of the Sleuth-Problems and Potential of Autonomous Agents in Crime Investigation and Prosecution", 20 (1&2) International Review of Law, Computers & Technology, 63.

Tagesspiegel, "Online-Durchsuchung kommt - in Österreich", 17.10.2007, at http://www.tagesspiegel.de/politik/international/Online-Durchsuchung;art123,2401271.

The Register, "The Phorm files", 29.02.2008, at http://www.theregister.co.uk/2008/02/29/phorm_roundup/.

1999 SCCR 604 at 608.

Wiebke Abel, LL.M
University of Edinburgh
SCRIPT
w.abel@sms.ed.ac.uk
Burkhard Schafer
University of Edinburgh
Joseph Bell Centre

---

Aggiungi questo articolo ai tuoi social bookmarks preferiti