Law enforcement all over the world is struggling with time-critical access to evidence stored in electronic devices. At times these devices may be located in foreign territories or in cloud service providers’ servers. Considering the decentralization of the Internet and the ubiquity and complexity of cloud computing, the exact location of the data in question may not always be possible to determine. Both conditions—the possibly extraterritorially located data and the inability to identify the location of the data— raise questions regarding the legal limits of law enforcement’s access to such data. To tackle these issues, this article examines potential options for accessing extraterritorial data during a criminal investigation. In particular, the article will focus on the Council of Europe Convention on Cybercrime’s remote search and seizure procedures and analyses whether these provisions have been transposed to the Estonian Code of Criminal Procedure. Further, by comparing the legislation and practice of remote search and seizure in the Netherlands, Belgium and Germany, the article reflects upon the current European legal discussions that will likely inform the future regulation of transborder access and suggests potential options for the reform of domestic procedures. K E Y W O R D S : Remote search and seizure, criminal procedure, transborder access, Council of Europe Convention on Cybercrime, digital evidence I N T R O D U C T I O N Despite electronic evidence being relevant for the investigation of all types of crime, the challenges related to obtaining extraterritorially located data are mostly discussed in the context of cyber crime. Combating cyber crime faces several difficulties such as identifying the perpetrator as well as assessing the extent and impact of the criminal act including the vulnerability of the targeted data which may be altered, moved * Researcher at NATO CCD COE, lecturer at Tallinn University of Technology and PhD candidate at Tartu University. Email: annamaria.osula@gmail.com. I am very grateful for the helpful insights and support from Prof Jaan Ginter, Colin Sweet, Eneli Laurits, Imbi Markus, Robert Laid, Rainer Franosch, Lodewijk van Zwieten, Geert Schoorens and the anonymous reviewers. This article contains the opinion of the author and does not reflect the policy or the opinion of any other entity. 1 United Nations Office on Drugs and Crime, ‘Comprehensive Study on Cybercrime’ (2013) 122 (accessed 1 April 2016). VC The Author (2016). Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com. 1 International Journal of Law and Information Technology, 2016, 0, 1–31 doi: 10.1093/ijlit/eaw010 Article at U nited A ab E m iates U niersity on A uust 1, 2016 http://ijlirdjournals.org/ D ow nladed from or deleted in seconds. Furthermore, given the decentralized structure of the Internet as well as the ubiquitous use of cloud computing by citizens, private entities and states alike, the physical location of investigatory data is often difficult if not impossible to determine. The current approaches of law enforcement agencies (LEAs) to access and obtain data as part of an investigation from a foreign jurisdiction can be roughly divided into two groups. The first group consists of formal and informal mechanisms that guide cooperation among the LEAs of two or more countries, and thus, involve formal or informal state authorization in the provision of specific data to the requesting LEA. These mechanisms include Mutual Legal Assistance (MLA) agreements, informal cooperation between LEAs and maintaining 24/7 liaison networks with standing points of contact. Despite the need for time-effective international cooperation mechanisms to assist LEAs during transborder investigations, approximately 70% of international cyber crime investigations rely on traditional MLA—a formal multior bilateral framework agreement between states that may take up to a couple of months for the requested evidence to reach the requesting state. The dilatory pace of MLA mechanisms has led many to consider such agreements largely unsuitable to provide time-critical access to digital evidence. The second group of mechanisms for accessing and obtaining extraterritorial data by LEAs is characterized by a certain degree of ‘sidestepping’ the central role of the state and the principle of territorial jurisdiction as the determining factor for the location of the data, and thus, investigators do not always seek formal authorization from the relevant entities of the state where the data physically resides. Examples of such a way forward include directly contacting the Service Provider (SP), accessing publicly available data and undertaking investigative measures such as remote search and seizure. 2 Council of Europe, ‘Electronic Evidence Guide’ (Data Protection and Cybercrime Division 2013) Version 1.0 11, Council of Europe, ‘Explanatory Report to the Convention on Cybercrime (ETS No 185)’ 133 (accessed 1 April 2016). 3 The inability of identifying the exact location of the data at any given time is known as the ‘loss of location’. Read more at Jan Spoenle, ‘Cloud Computing and Cybercrime Investigations: Territoriality vs. the Power of Disposal?’ (CoE 2010) Discussion paper (accessed 1 April 2016). See also ‘loss of knowledge of location’ in Bert-Jaap Koops B.-J. and M. Goodwin, ‘Cyberspace, the Cloud, and Cross-Border Criminal Investigation’ (2014) 42 (accessed 1 April 2016). For difficulties in determining the location of the data in cloud computing, see, eg Mark Taylor and others, ‘Forensic Investigation of Cloud Computing Systems’ (2011) 2011 Network Security 4. 4 See in more detail, Anna-Maria Osula, ‘Mutual Legal Assistance & Other Mechanisms for Accessing Extraterritorially Located Data’ (2015) 9 Masaryk University Journal of Law and Technology 43. 5 Except for the use of MLAs, however, these methods are under-utilised and handle only approximately 3% of the cyber crime cased confronted by LEAs. United Nations Office on Drugs and Crime (n 1) xxv.

中文翻译：

---

家庭刑事诉讼中的远程搜查和扣押：爱沙尼亚案例研究

全世界的执法部门都在为获取电子设备中存储的证据的时间紧迫性而苦苦挣扎。有时，这些设备可能位于外国领土或云服务提供商的服务器中。考虑到Internet的分散性以及云计算的普遍性和复杂性，可能无法始终确定所讨论数据的确切位置。这两种情况（可能在域外定位的数据以及无法识别数据的位置）都引发了有关执法人员访问此类数据的法律限制的疑问。为了解决这些问题，本文研究了在刑事调查期间访问域外数据的潜在选择。特别是，本文将重点讨论欧洲委员会关于网络犯罪的远程搜索和扣押程序公约，并分析这些条款是否已被转换为《爱沙尼亚刑事诉讼法》。此外，通过比较荷兰，比利时和德国的远程搜查和扣押的立法和实践，本文对当前的欧洲法律讨论进行了反思，这些讨论可能会为将来的跨境获取法规提供参考，并提出了国内程序改革的潜在选择。关键字：远程搜索和扣押，刑事诉讼程序，越境访问，欧洲委员会网络犯罪公约，数字证据引言尽管电子证据与调查所有类型的犯罪有关，与获取域外数据相关的挑战主要是在网络犯罪的背景下进行的。打击网络犯罪面临若干困难，例如确定肇事者以及评估犯罪行为的程度和影响，包括可能改变，转移的目标数据的脆弱性。*北约CCD COE研究员，塔林理工大学讲师，塔尔图大学博士研究生。电子邮件：annamaria.osula@gmail.com。我非常感谢Jaan Ginter教授，Colin Sweet，Eneli Laurits，Imbi Markus，Robert Laid，Rainer Franosch，Lodewijk van Zwieten，Geert Schoorens和匿名审阅者的有用见解和支持。本文包含作者的观点，并不反映任何其他实体的政策或观点。（2016年4月1日访问）。VC作者（2016）。牛津大学出版社出版。版权所有。有关权限，请发送电子邮件至：journals.permissions@oup.com。1国际法律和信息技术杂志，2016，0，1-31，doi：10.1093 / ijlit / eaw010于2016年8月1日在联合国教科文组织发表文章http://ijlirdjournals.org/ Dow几秒钟内消失或删除。此外，考虑到Internet的分散结构以及公民，私人实体和国家对云计算的普遍使用，调查数据的物理位置通常很难甚至不是无法确定。执法机构（LEA）当前从国外司法管辖区访问和获取数据作为调查的一部分的方法可以大致分为两类。第一组由正式和非正式的机制组成，它们指导两个或多个国家的LEA之间的合作，因此，在向请求LEA提供特定数据时，需要正式或非正式的国家授权。这些机制包括司法互助（MLA）协议，LEA之间的非正式合作以及维持具有常设联络点的24/7联络网络。尽管需要及时有效的国际合作机制来协助跨界调查中的LEA，但大约70％的国际网络犯罪调查依赖于传统的MLA（国家之间的正式多边或双边框架协议，可能需要长达几个月的时间才能完成请求）证据达到请求状态。MLA机制的扩张步伐使许多人认为此类协议在很大程度上不适合提供对时间要求严格的数字证据访问。LEA用于获取和获取域外数据的第二组机制的特点是在一定程度上“避开了”国家的中心作用和领土管辖权原则作为确定数据位置的决定因素，因此，调查人员并不总是向数据实际所在州的相关实体寻求正式授权。这种前进方式的示例包括直接与服务提供商（SP）联系，访问可公开获得的数据以及采取诸如远程搜索和扣押之类的调查措施。2欧洲理事会，（2016年4月1日访问）。3无法在任何给定时间识别数据的确切位置称为“位置丢失”。在Jan Spoenle上阅读更多内容，“云计算和网络犯罪调查：地域性与处置的力量？”。（CoE 2010）讨论文件（2016年4月1日访问）。另请参阅Bert-Jaap Koops B.-J中的“位置信息丢失”。和M.Goodwin，“网络空间，云和跨境刑事调查”（2014年）42（2016年4月1日访问）。有关在云计算中确定数据位置的困难，请参见Mark Taylor等人，“云计算系统的取证调查”（2011）2011 Network Security4。4详细信息，请参阅Anna-Maria Osula，“相互之间”。法律援助和访问域外数据的其他机制”（2015年）9马萨里克大学法律与技术杂志43. 5但是，除了使用MLA之外，这些方法的使用率还很低，仅处理了大约3％的网络犯罪被LEA面对。联合国毒品和犯罪问题办公室（n 1）xxv。