mask
Proving crimes with e-evidence under criminal procedure law
E-evidence obtained from e-data sources may be expressed via e-messages which are capable of conveying information and used more and more extensively and diversely for proving criminal acts in criminal proceedings and, therefore, need unified understanding for being adequately institutionalized in relevant legal documents and enforced in practice.

Dang Dinh Thai

Regional Military Court of Military Zone 4

Presenting e-evidence during a court hearing at the Hanoi People’s Court on July 20, 2023__Photo: VNA

Evidence constitutes an important and decisive factor for criminal proceeding participants to present and defend their viewpoints and arguments in the course of settlement of criminal cases. E-evidence obtained from e-data sources may be expressed via e-messages which are capable of conveying information and used more and more extensively and diversely for proving criminal acts in criminal proceedings and, therefore, need unified understanding for being adequately institutionalized in relevant legal documents and enforced in practice.

The term “e-evidence” cannot be found in any of the current domestic legal texts though it has commonly been referred to in the practical judicial life of the country and jurisprudential documents as evidence derived from e-data sources. Around the world, e-evidence consists of two sub-forms: analog evidence and digital evidence.

The 2015 Criminal Procedure Code’s provisions concerning e-evidence and limitations thereof

The 2015 Criminal Procedure Code (the Code) defines evidence as facts collected according to the order and procedures specified in the Code and used as grounds to determine whether or not criminal acts have been committed and identify persons committing such acts, and other circumstances and facts significant to the settlement of criminal cases[1]. Obviously, looking at the above definition of e-evidence, the term “fact” seems to be not as explicit as the phrase “information reflecting criminal act”. Moreover, if the Code additionally provides that “e-evidence means a special type of evidence obtained from e-data sources”, this can make it easier for proceeding-conducting bodies to identify, collect, preserve, consolidate, evaluate and use this type of evidence in the settlement of criminal cases.

Before the Code was enacted, e-data had not been treated as one of evidence sources. For the first time ever, the Code lists e-data as one of the seven evidence sources[2], providing an important legal ground for proceeding-conducting bodies to collect evidence through the blocking of data reception, recovery of deleted data, collection of e-data in cyberspace and from software and i-Cloud, etc., while ensuring the legality of such evidence.

Additionally, the Code defines e-data as “symbols, characters, numbers, images, sounds or similar forms created, stored, transmitted or received by electronic devices” and specifies sources from which e-data may be collected, including “electronic devices, computer networks, telecommunications networks, transmission lines and other electronic sources”[3]. However, this provision confuses e-data with digital information-carrying messages originating from e-data (symbols, characters, numbers, images, sounds or similar forms).

To collect e-data for use in proving crimes in criminal proceedings, the Code specifies two methods of e-media seizure, namely seizing e-data storage media and copying e-data into e-media for preservation like exhibits (in case it is impossible to seize e-data storage media). In addition, the Code requires e-data restoration, search and assessment to be performed only on copies, and the restoration, search and assessment results to be converted into readable, audible or visible forms. E-media and e-data must be preserved like exhibits. When e-data as evidence are presented, they must be accompanied by their storage media or copies[4].

The above provisions imply that collected e-data that help evidence to be obtained must be intact and examinable throughout the course of criminal proceedings. E-evidence’s intactness may not be affected by the application of investigation measures involving the restoration of deleted data, or search for or assessment of e-data. To be used as e-evidence, e-data must be convertible into information-carrying messages.

However, it is unreasonable when stipulating that evidence being e-data must be preserved like other ordinary exhibits for use in proving crimes in criminal proceedings since it does not facilitate the application of advanced methods for exhibit preservation, such as determination of function value to prove the integrity of e-data or use of artificial intelligence in the preservation of e-evidence.

Disadvantages of the use of e-evidence in proving crimes   

With the ever-increasing number of mobile device-supported Internet services, more and more criminals can exploit computer and telecommunications networks to commit criminal acts in “borderless” cyberspace. The fact that cybercrimes cause particularly serious consequences and harms of a great extent to a very large number of victims and involve an enormous volume of collectible e-data requires proceeding-conducting bodies to apply appropriate approaches to screen, seize, collect and use e-data as e-evidence so as to prove such crimes in an adequate, prompt and timely manner.

Cyber offenders are usually hard to be detected, stopped or arrested due to their sophisticated tricks and schemes, such as use of information and communications networks to attack and cause harms to network service users in real time, or to facilitate or commit traditional criminal acts, or to find, approach, contact, entice and deceive network service users before committing criminal acts against them, etc.

This is attributable to the absence of a complete and uniform framework of regulations on use of e-data to serve the incrimination and adversarial process in criminal cases. More specifically, there is no standard process of digitalized audio or audio-visual recording during the interrogation of the accused and taking of their statements, investigative experiments, confrontation, identification, etc. Moreover, there are neither legal documents on methods and standards for recovery of deleted e-data from electronic equipment and devices nor specific regulations on preservation, copying and storage of e-data obtained or arising from criminal proceedings.

Another challenge is that most procurators have not been intensively trained and provided with expert knowledge about e-data, electronic equipment and devices as well as applied software thereon to fully and thoroughly exploit e-data during the incrimination and adversarial process at criminal court hearings.

Conditions to support the exploitation of e-data to serve the settlement of criminal cases as specified by the criminal procedure law still sees limitations and almost all investigation bodies, procuracies and courts are not equipped with appropriate electronic equipment and devices and software to serve their criminal proceeding activities.

Other major challenges are also facing criminal justice systems around the world, including Vietnam’s, during the exploitation of e-data to serve the investigation and settlement of criminal cases. Some of these include the lack of uniform regulations on the obligation of telecommunications companies and computer and telecommunications network service providers to provide law enforcement agencies with e-data on network service users, e.g., information on their activities and IP addresses and other information not covered by service provision contracts, and the responsibility to store such data as well as storage duration. This would make it harder for proceeding-conducting bodies to collect e-data from network service providers in case criminals use software or websites with servers situated outside the countries where cybercrimes are committed. The provision obligating Internet service users to clearly declare their personal identifications also varies from country to country. Meanwhile, the fact that many countries allow network service users to stay anonymous (not requiring the users to register their names for service use) also hinders the crime detection and investigation and incrimination process. Legal frameworks on e-data collection, seizure and preservation still constitute a sensitive issue. There is a lack of uniform regulations on espionage operations in transnational computer networks, and above all, there are no international conventions on this issue.

Limitations are also seen in investigative forces’ patrols in cyberspace to detect websites built for the purpose of crime commission due to the fact that these forces are in many cases not hi-tech crime task forces, while e-data collected through patrols are not considered valid according to the procedure law until criminal cases are initiated, unless they are later converted into information-carrying e-messages. Furthermore, the investigation measure of mocking up criminal circumstances (crime scenes) to make cybercrimes reveal their nature and identities is not yet included in the criminal procedure law as an official investigation measure.

Solutions for improving quality of using e-evidence for proving crimes

In order to effectively utilize e-evidence for proving crimes in the settlement of criminal cases, the author recommends working toward the following solutions :

(i) Further improving the legal framework on the exploitation and management of e-data to serve the incrimination and adversarial process at criminal court hearings, thereby addressing the aforesaid limitations.

(ii) Digitalizing as soon as possible ordinary documents, criminal records and information about Vietnamese citizens, stateless persons and foreign citizens on entry and exit, investigation conclusions, indictments and judgments related to sex crimes in general and sex assaults against children in particular in order to form e-data archives to facilitate the investigation, initiation, prosecution and trial of criminal cases.

(iii) Organizing training courses for persons with the procedural competence to improve their expert knowledge about cybercrimes as well as knowledge and skills for dealing with e-data and e-evidence and the use thereof in the incrimination and adversarial process. It is suggested to include in training programs of criminal justice training institutions in-depth subjects on cybercrimes, e-data and e-evidence.

(iv) Building physical facilities of proceeding-conducting bodies, including electronic equipment and devices and reliable software, to enable them to seek, uncover, record, collect, preserve, consolidate, evaluate and use e-data and e-evidence in the settlement of criminal cases. At the same time, it is necessary to consolidate other evidence based on the use of e-evidence and vice versa; and build a contingent of legal aid and assistance providers who possess expert knowledge and are capable of using electronic equipment and devices and software to uncover non-traditional and electronic traces so as to collect, preserve, assess and best exploit e-evidence sources in the settlement of criminal cases.

(v) Completing regulations on the management, exploitation and use of e-data from electronic equipment and devices and software in order to ensure the relevance, objectivity and legality of e-evidence in case e-data are restored after deletion; detection, preservation and backup of e-data before they are assessed; and seizure of e-data transmitted in cyberspace. Criminal procedure regulations on seeking, detection, recording, collection, preservation, evaluation and use of e-evidence should also be improved since this type of evidence is significantly different from traditional types of evidence. Particularly, it is proposed to apply reconnaissance measures in cyberspace to detect and prevent cybercrimes; and include in the procedure law the investigation measure of mocking up criminal circumstances to make cyber offenders reveal their nature, identities and addresses in order to arrest and handle criminals.

(vi) Intensifying international cooperation on and sharing of information and knowledge about e-data and e-evidence for the investigation, prosecution and trial of criminal cases, and on the application of scientific and technical advances, especially digital technology, electronics and artificial intelligence, in fighting crimes.

(vii) Increasing the use of electronic equipment and devices to support the provision of mutual legal assistance in criminal matters and international cooperation in the investigation, prosecution and trial of criminal cases involving offenders who commit crimes in different countries, transnational crimes, cybercrimes or hi-tech crimes in order to reduce legal costs and shorten the period of criminal case settlement.

(viii) Reaching agreement with other countries on the regulations concerning storage of information of network service providers and control of service users’ information. More specifically, network service providers should be obliged to store e-data relevant to Internet service users for a specified minimum period of time. In addition, there should be regulations on the obligation of owners or persons in charge of terminal equipment installed at public places to help identify Internet service users.-

[1] The Vietnamese version of this article is published on lsvn.vn.

[2] Article 87.1 of the Code.

[3] Article 99 of the Code.

[4] Article 107 of the Code.

back to top