This paper is about defending a person accused of computer crime and computer-related crime in Court. It is intended as a primer for those defence counsel who have no experience in the specific field of criminal trials involving computer, digital assets and the Internet. At the same time, it provides insights to computer experts wanting to enter into the digital forensics sector, because it offers a way to understand how a lawyer thinks, and what are his needs when designing a defence strategy.
The focus is on the practical issues, as emerged from the direct trial experience of the author and of other criminal trial lawyers, therefore the legal theory and the ICT technical aspects are not discussed in detail. Both the legal and the IT professional, though, can find in the discussion enough hints to widen their understanding of the matter and improve the effectiveness of their strategies.
The paper is structured in three part: a criminological profile’s taxonomy of the defendants, the analysis of the digital investigation carried on by the prosecution to build the case, and the trial strategies of the defence counsel.
Finally, a note on the cases discussed in this paper: where possible, references to court decisions are available, but in some cases, for confidentiality reasons, the paper analyses the relevant elements without providing further information.
5. The Investigation
• Victim’s reactions, in order
• Making sense about what happened,
• Damage control,
• Internal (often improper) forensics,
• Legal assessment,
• Law Enforcement Involvement
• Law Enforcement course of action
• Crime Scene: impromptu forensics, hard disk/
computer seizure, logs’ collection, employees’
interview, security policy analysis, prior
convictions database query,
• Carrier/ISP: Traffic Data Request
• Internet Governance Entities: information
request on Domains and IP registrations,
• Suspect: calls, IM, email eavesdropping/
wiretapping, searches and seizures, digital
forensics.
Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)
6. What is a ‘Computer Criminal’?
• The archetype of the ‘computer
criminal’ is the mighty
übermensch called ‘the
hacker’.
• Do ‘hackers’ exist? Are they
‘criminals’? Are there criminals
who are not ‘hackers’?
• Hackers as scapegoats and law
enforcement’s reputation
enhancers.
• Why do these issues matter?
Artwork by Alberto Maderna for Monti&Ambrosini Editori - All Rights Reserved
Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)
7. A Taxonomy of the Defendants
• Knowledge vs Motivation
• Knowledge is Motivation
independent,
• The same technical skills can
be exploited by a hacktivist,
an intelligence operative, an
‘ordinary’ criminal or an
average citizen,
• What matters to the defence
counsel is to position the
defendant in the right part of
the diagram.
Elaboration of a diagram initially published in Winkler, Ira, ‘Corporate Espionage’, 1997 Prima Publishing p. 86 and presented at the lecture
IT捜査と防御権 – イタリアおよびヨーロッパの20年間の司法史 - 2017年6月10日(土)- 慶應義塾大学
Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)