The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR JAMIL: Good evening, everyone. Welcome to the session on open source intelligence, "War Crimes and Gross Human Rights Violations: E-Evidence". I'm the moderator, Zahid Jamil. Giorgi will be helping moderate online. Under Giorgi's leadership and myself we have undertaken an extensive project on behalf of the Council of Europe, the topic of the discussion today which is trying to assist the Ukrainian government assisting the government open source intelligence that could be collected and used as electronic evidence, in particular using the Budapest convention on cybercrime and electronic evidence as one of the mechanisms to take such open source intelligence, electronic evidence obtained and make it admissible before domestic courts and international courts and other forums possibly war crimes tribunals. While we can talk detail about this, today's discussion aims to introduce our honored guests and we should debate on these challenges where open source electronic can be used. I will lead the first segment leading up to a round of introductory remarks by the panelists and hand over to my co-moderator Giorgi to answer questions we may receive from online participants and open it to the floor for comments and questions and possibly come back to the panelists for a second round as well.
If I can introduce our first panelists. We are privileged and honored to have Patrick, head of information society, freedom of expression and freedom of media, internet of governance, artificial intelligence, cybercrime and public and private operatives. Freedom of expression, safety for journalists, sound internet of governance and standards and data protection. Please, the floor is yours.
>> PATRICK PENNINCKX: Thank you. We want the rule of law, in fact what we see in war crimes and especially are these profound human rights violations in which all the actors that take an active role in promoting those basic values have to stand together in order to be able to fight the disinformation about the war, first of all. But those who are in charge. In that infect the instruments of the Council of Europe and you mentioned the different areas and we try to have a particular role to play they come together. This session focuses on the role of investigative journalism, open source information, the use of such open source information in investigations. And bringing those in charge to account. The Budapest Convention is not only a European convention. It is now ratified by 68 countries, a number of countries, 23 more have signed or have been invited to exceed to the Budapest convention and that makes it a worldwide instrument. That's really important. Of course the fact of having the war on the European soil has, of course, meant that we took an extra interest in what was happening from a Council of Europe perspective and in that sense have been engaging quite a bit. Including with the private sector. We are very happy to have Microsoft here around the table. But also with organisations such as Bellingcat.
They are making sure those responsible are taken into account.
The second additional protocol which was opened in May 2022 and hasn't had an immediate success in terms of the number of signatories of the single additional protocol, will of course, help us to fight the proliferation of cybercrime on the one side, but also to fight and make sure the increasing complexity in obtaining electronic evidence which is stored in foreign multiple shifting or unknown jurisdictions and the powers of law enforcement, which are limited, we have to ensure that with that we can combat and provide the legal basis for the disclosure of the domain name registration information and direct cooperation with the service providers. While offering at the same time mutual assistance tools and personal data protection safeguards. I would like to thank you for taking part in this important session. Thank you.
>> MODERATOR JAMIL: Thank you very much. Thank you, Patrick. It's a pleasure to have you, thank you. And of course we will come back to you for more clarification, probably the status of European status, of course we have other panelists from Ukraine with us to also speak about that.
I will now ask my colleague Jayantha Fernando online. If we can switch to him. Jayantha is a lawyer, known digital law practice lawyer from South Asia helped to bring Sri Lanka to the Budapest convention. Committee of the Budapest conconvenient shn of the Member States which negotiated thed second additional protocol and notes to the Budapest convention. I can tell you he has done an excellent job of trying to advocate for the adoption of Budapest convention across the globe in several countries in Asia Pacific and Asia. It gives me pleasure to invite Jayantha. The floor is yours, I don't know if you can hear us, since you are on line. Checking you are there.
>> JAYANTHA FERNANDO: I can hear you. Thank you. It's nice to speak after Patrick. I think in the interest of time, I will be brief with initial intervention.
I think in the context of open source intelligence and modern techniques for gathering electronic evidence, it's clearly stated in the opening address as was mentioned by Patrick and in the context of what we are seeing happening being live streamed from the Middle East as we speak, tragedies what's happening it's being discussed at an opportune moment at IGF. I think it goes without saying that the tools provided through the Budapest convention, including through the second edition protocol are vital in the context of allowing new techniques to be adopted in the investigation of all categories of offenses including human rights violations that you very clearly mentioned a short while ago.
Most notably, it is relevant to note they negotiate the second edition of the call. That provides new and novel methods for investigators to gather and share evidence with other parties, as well as directly laced with international service providers. So we have for the first time, assistance provided for enhanced direct cooperation between countries and providers. Heaps of measures connected with that. There's also a mechanism to give effect to an order made by one country for expedited information of subscriber data as provided article VIII. And we have article IX which provides for expedited disclosure of (?) in an emergency situation. And procedural measures that deals with new techniques for emergency mutual assistance which was never provided in any other treaty. Then of course, there are very practical solutions also in the second additional protocol, most notably article 11 that describes procedures for international cooperation. There are mechanisms available for clarity and positions to be provided through those techniques and joint investigation teams and joint investigations. But most notably, what I would like to emphasize are the additional safeguards that are brought in through the second additional protocol which has not been found in any other international treaty. There are the prohibitions contained in article IV which has got specific data protection safeguards dealing with processing of data that is gathered in the course of an investigation and cross-border evidence gathered through the new techniques gathered. Having said that, ladies and gentlemen, what I want to in conclusion emphasize is another important tool that is available under the Budapest Convention, namely the capacity building measures. All these tools become meaningful and effective only if there is domestic capacity in the country to deal with the problem and quick criminal justice authorities with their ability to investigate, prosecute and determine these matters before new territories. For that to happen Europe convention and Budapest conventions. Tools provide capacity building global action against cybercrime. Which benefited many countries including mine.
An example, we have over the years been able to have expert judges who have been able to replicate and introduce cybercrime module to train judges across the provinces and country that resided in, 323 judges have been trained in the provinces by the 14 expert judges, trained under the Council of Europe programme. A call for global action against cybercrime.
Secondly (?) have been trained who developed the ability to deal with problem and put them with tools to prosecute. And investigators who are the first respondents, in a human rights violation, genocide or any other cybercrime related incident who can gather the essential ingredients necessary, they have been trained under the programme in Europe and I want to flag those benefits as a concrete attest over the years state party of the Budapest convention how we have benefited from those capacity-building tools to develop domestic capability to deal with the range of issues where electronic evidence is required to present them in the various fora, concluding in the context of the topic being discussed today. And the need for such a capacity to be developed over a period of time and maintain in a sustainable manner, so as to create an ecosystem where the modern day threats issues challenges can be dealt with in a manner with international partners. With that, I will toss my intervention at this point and be available for Q&A.
>> MODERATOR JAMIL: Absolutely, thank you, Jayantha. We will come back because we want to hear what has been helpful to your country. But now we will move to John. John Hering who is here in the room to my right. A senior government a fairs manager for digital diplomacy at Microsoft. He analyzes global cybersecurity landscapes and drives engagement to teams and contributes to Microsoft's efforts to promote peace and security through initiatives. He has worked previously with the U.S. government and served as White House defense Fellow with Obama, Office of Secretary for defense for policy. And lead humanitarian aid research in Northeast Nigeria and Danish refugee Council and worked as a math and science teacher also through tech, teach for America.
I know you had a fantastic session this morning, John. Talking about what's happening in the international landscape, but over to you to discuss this important topic and what Microsoft is doing. Thank you.
>> JOHN HERING: Thank you. It's a privilege to be here with all of you. Maybe to begin by saying, to commend the Budapest Convention as the invaluable tool that exists for successfully combating international cybercrime. And just to say that we hope that the current U.N. cybercrime ad hoc wouldn't conflict and hopefully replicate good measures reflected in that to support international cooperation while safeguarding effectively human rights.
I want to pivot to talk about the topic which brings us here today, the potential for war crimes and documentation there. Innovation and conflict has necessitated innovations and collection and documentation and e-evidence. My team at Microsoft is our digital diplomacy team. We are relatively new, with you one way to think of us, response to conflict. We have new understandings of expectations as it relates to responsible state behaviour online. Where there are existing expectations for responsible behaviour online and elsewhere we do what we can to provide accountability to those expectations.
To that end the use of cyber operations in the full scale war in Ukraine that began a little over a year and a half ago has been rather novel in being the first large scale example of hybrid warfare that perhaps the world has seen. There are certainly other examples but not scale we are seeing in Ukraine.
This introduced two challenges. The first is potential for additional war crimes we have seen in the past in other conflicts. And they are as old as time in many ways. The other is potential for cyber enabled or cyber dependent war crimes. And everything in between. This creates new challenges in terms of what our responsibilities as stakeholders in this space. What are our responsibilities as an industry player that has access to information and can help with documentation.
On the cyber based potential war crimes Microsoft has responded to these challenges with greater transparency and increased reporting. In particular out of our analysis threat centre, in addition to work to protect and secure civilian data, Ukrainian data, customer data that might be tied up in the conflict we are also reporting on the breadth of cyber operations we are seeing across the conflict itself. This has been in successive reports includes information on the targets, the different malware types, the actors that are responsible to the degree we can trace it is. And know what the impact of the attacks as well. To hopefully serve as a tool of accountability on its own but valuable source of open source information as well.
And when it comes to more traditional war crimes documentation which digital documentation can prove essential. We have also been exploring how to expedite the collection of evidence or otherwise provide support for the capture of digital evidence under the statute or other provisions. Making sure the national Supreme Court would have the ability to document that in a more meaningful fashion. I might leave it there for discussion, just to tee up how we are seeing the space and how it intersects.
>> MODERATOR JAMIL: Thank you so much. That's very helpful. It gives us an idea of how businesses are trying to tackle and address and trying Ameeror rate the -- pleasure.
The floor is yours.
>> Thank you, Zahid it's a great pleasure. Thank you very much for your support to Ukraine, it's very important for us. I would like to start to say a few words. My trip to Japan took almost three days. Because we don't have no air connections as this war going on in Ukraine. But this trip was worth it because the IGF forum is a very important venue when we can discuss the most important issues of the internet of new technologies of cybersecurity. The first day during the opening panel I was admiring the opening speeches on the first panel.
Everybody were talking about the importance of internet and democratic world, about artificial intelligence and also about threats that these technologies can possess. First of all cyber attacks and disinformation. But to my regret no one mentioned the country who actually invented the mechanisms of this information. Using social media, internet to manipulate public opinion, to manipulate elections in democratic states. Country who was the first country using cyber attacks also as an instrument for special information operations. I'm talking about the Russian Federation. About the terrorist country. Why it's important to remember. Because when we are discussing the future of the internet, the future of cybersecurity and new secure frameworks we need to keep this in mind.
Today we will discuss the war crimes and role of electronic evidence. I should say that since the Russian aggression started our law enforcement already registered more than 90,000 war crimes. Can you imagine this number? Even this is old data. Maybe now it's even bigger.
This is why the question of electronic evidence is important. I'm happy today we will discuss the main issues of this topic. Thank you.
>> MODERATOR JAMIL: Thank you very much. You are absolutely right. I think a lot more attention needs to be paid and heed to the kind of issues you mentioned. Also it's important you mentioned the importance of attribution in attacks et cetera, and with the evidence you collect to be able to attribute it is extremely important.
I move now to our last panellist. We will be having several rounds after this of course. Nick Waters, the head of justice and accountability team at Bellingcat. With background in military and cybersecurity, interests have focused on conflict and availability of open source information as evidence. He will speak to development of open source investigations starting with inception of Bellingcat, development of methodology with global action legal network to enable use of open source to investigate Saudi led strikes in Yemen and invasion in Ukraine. Over to you, Nick, the floor is yours.
>> NICK WATERS: Thank you very much for inviting me. Incredibly privileged to speak to all of you here. What I will show is more granular. In order to do that, I wanted to show you a video which relates to series of executions carried out by Mr. Mafaly. Regarding the execution large numbers of people he accused of being members of the Islamic state but not gone through any kind of judicial process. When we found out about this, we decided we would also try to find out what kind of information you could work out from each one of these videos. I would like to show that to you now.
Just warning, it's the aftermath of an execution, not the execution itself. Those were detainees about to be executed. What we needed to do is try to squeeze as much information from this video as possible. When you watch a video you are only seeing a single still frame at a time. What we did is extracted multiple still frames and blended them to form a panorama, it makes it easier to identify features. In this case we could identify some buildings in the back left with quite distinctive design with gaps in the space. Wall on the right-hand side and fork in the road where the actual execution took place. Finding the general area wasn't too difficult. There's a place called Chinese housing project in Benghazi where fighting had been taking place at the time of these executions which matched the building we could see in the video. And so that's where we started looking.
If you have seen these geo locations or read an article from Bellingcat, when you reach the final product it could sometimes be really clear, seems self-evident the location is correct but typically this could take a long time to achieve. It took us about three weeks with 3-4 people working several hours a day to identify the potential location. But we did eventually identify a potential location.
This location had the properties we were looking for, in terms of a fork in the road. A building and wall in the correct orientation.
However for us that isn't confirmation enough. We wanted to be absolutely certain. So what we did is bought the latest high resolution satellite imagery available and saw the bushes matched exactly what you could see on satellite imagery.
As we were buying this latest satellite imagery we noticed new satellite imagery appeared which had the black spots in the road. It took us a while but when we compare them to the video, they were the blood stains of the people who had been executed.
So we knew we had the location exactly. We could use the people in the video to establish where the sun was in the sky, about 6:30 in the morning. And we were pretty confident about the date because the blood stains appeared between the 15th, 16th and 17th of July.
So we had an exact location. A times within a few minutes and a date accurate to within a few days. And this is the kind of information that we deal with in order to take content like this, images, videos from primarily from conflict zones and verify to conduct more in depth investigations. This information could be important especially when combined with other traditional forms of evidence.
I think that is my time up. I'm very happy to speak about that if anyone has any further questions. Thank you.
>> MODERATOR JAMIL: Nick, that was breathtaking to say the least. Thank you very much. Very helpful. I would like to now go to the remote participants and my co-moderator, Giorgi. But I want to give an opportunity to Nataliya. You have seen what's been shown. Bellingcat, might be changed to bellingbear, you know near Russia. How do you feel about this sort of information, would it be helpful to you in Ukraine and the conflict there?
>> NATALIYA TKACHUK: Of course, this information would be very helpful to Ukraine and actually Bellingcat is helping Ukraine right now. They have a special platform which gathers all the electronic evidence of Russian aggression in Ukraine.
>> MODERATOR JAMIL: Thank you. Obviously hopefully more people from the tech industry will be helping out. We hope that's the case. We would like to take the opportunity and go to my co-moderator Giorgi, maybe he can mention a few comments. I know he has done extensive work in Ukraine. Maybe he can tell us if there is anyone who would like to comment or has questions from the online platform. Over to you.
>> GIORGI JOKHADZE: Thank you.
It's been a pleasure to listen to all of the speakers and to participate in this event, so thank you very much for this opportunity and thank you for all the information shared so far. I will start with the second question at the moment we have about 30 participants online but no particular questions yet or comments related to a speaker. Using this opportunity I can provide a couple of comments as you rightly mentioned, when it comes to the use of open source intelligence or general evidence of war crimes in the context of our assistance to Ukraine. Last few years worked -- covers Ukraine and happened to cover Ukraine on the days when the Russian aggression against Ukraine started in February 2022. We have been quite involved with the Ukrainian authorities with the prosecutor's office from the very early days I would say from our joint action to support Ukraine in the war of aggression. Clarifying the issues where do our standards like the Budapest convention on cybercrime and other protocols stand in support of Ukraine to make a clear case and evidence and in standing either domestically or international investigations or investigation judicial process.
What we tried to focus on is not go that much in depth of the international law because we had the help looking at this extensively. But it was important to identify if the tools we have would be helpful. We have Budapest convention on our side and identified a few rules, article 32 under utilized in daily practice, it still opens up a lot of possibilities to all Member States to the Budapest Convention to also have access to open source intelligence, in the public or private domain. If the owner of the data be the service provider or company or -- expresses to share content. It may sound -- for us it's important to treat as information and switches just a part of the rest of investigative powers and investigative procedures, prosecutors have to use before domestic boards. Last but not least, I think it's very important to note that one of the features of electronic evidence that is it likes to travel beyond borders. This is where the tools of the convention and second edition will come into place. Cross sharing of evidence is not only about international investigations or the tribunals but also in terms of actual acquisition and sharing of the data would be great if it's sort of put in the framework of a process provided by the Budapest Convention, specifically article 32 and the other instruments that are there. Sorry for abusing a bit my position as co-moderator to this meeting but I thought it would be helpful to focus on those tools as well in terms of discussion in this workshop. Thank you.
So far I see there are no other questions at the moment in the chat.
>> MODERATOR JAMIL: Giorgi thank you, appreciate you giving us a primer on how the different provisions of the convention work. That's helpful. Especially article 32.
I will first of all look toward the audience to see if there are questions from the audience. I have a few questions I will pose to Jayantha, just giving him a warning. There's a mic behind you. We are happy to give you mics from here, if you wish. Go there and you will be on camera when you ask the question.
>> Sure, hello, thanks all for coming and thanks to the panelists and moderator for giving me the floor. My name is Steve, I think this framework may seem legal framework war crimes in general, however I think it could be used for punishing criminals Ukrainian based. [reading rapidly]
They convene them to transfer money to account. That's definitely a cybercrime. My question is, is there any chance Ukrainian based criminals will ever be punished with your help? Thank you.
>> MODERATOR JAMIL: Thank you for the question. I will definitely have some comments to that. But over to the panel to anyone who would like to respond?
>> NATALIYA TKACHUK: First of all I would like to commend, there's also a cyber war going on in Ukraine. The Russian Federation started in 2014, it was the first example when Russia attacked our electric power station with black energy. Simultaneously annexing Crimea. Your question about the cyber war crimes. I could say Russians are constantly conducting cyber war crimes against Ukrainian population. They are constantly attacking civil critical infrastructure facilities, electronic grids. And other facilities. It's no matter it's rather difficult to attribute cybercrimes but we managed to do this. I should say Ukraine, together with the United States of America may be the only two countries in the world who really managed to attribute the cybercrimes to a particular people who did this. For example, I should give you an example of Armageddon hacker group, with the Office of General prosecutor in military department managed to investigate the constant cyber attacks of this hacking group. And this hacking group is a part of the Russian contraintelligence, based in Crimea. We had the particular names, phone calls of the people who conducted the cyber attacks. And we can prove this was actually cyber war crimes. And this is very important for international community to support this. Because it's very important issue and I should say this is a new issue. Because it's not the first war but this is the first cyber war that's going on. Thank you.
>> MODERATOR JAMIL: Thank you. What we will do now is basically ask others what does new about this. We will take more questions. Just one response from me, I'm the moderator but I think it's helpful matter of information and neutral comment. These allegations would be by Russian complainants or victims et cetera. It's a very simple answer, Ukraine is member of the Budapest Convention. Russia could be a member but for some reason it chooses not to. If Russia became a member of the Budapest convention it would be able to assert these rights. Maybe the question should be asked of the Russian ministry foreign affairs why don't they join to solve this problem. I want to move to John. What kind of new challenges are you seeing here with respect to war crimes and electronic -- this is one of the first we witness since the new age of cyber. Are there specific cyber sp*e specific war crimes you want to talk about and what does that do to the environment?
>> JOHN HERING: It's not Microsoft's place to decide what constitutes a war crime, but obviously the widespread use of cyber capabilities. Hence why we have been stepping up that degree which we are reporting out on the offensive cyber activities we are seeing in the context of that particular conflict but also more broadly. So I actually would probably direct you to the work of the human rights centre out of Berkeley law school who filed three successive article 15 submissions with the international criminal court that does allege cyber enabled war crimes. Throughout the well documented submissions there's a very well resource set of evidence based on the reporting from not just Microsoft but whole host of technology company that's stepped in the space, saying here is the activity we are seeing, here is the best information we can trace it back to. Here is the type of malware used in this operation. And also to what degree, this is something Microsoft reported on last year, to what degree do we see alignment between military objectives and the kinetic space and cyber operations being aligned. Whether that's missile attacks or other strikes, we are seeing evidence of potential alignment there that could be used in similar filings.
>> MODERATOR JAMIL: Thank you, very helpful. I wanted to turn to Nick, I know we didn't give you enough time and you were able to present the video. Is there anything you want to generally state, in particular to the things you have seen happening with respect to on the ground. The question was just asked it would be helpful to get response about the experience you are having.
>> NICK WATERS: Yes, from our perspective this is less in terms of Budapest convention Convention and more open sourced information. One thing we are careful about attributing responsibility for that.
So the Ukraine civilian home database we run contains all the instance that we could find which is obviously minority what has happened. Where civilians have been harmed or structures have been harmed in Ukraine as a result of the Russian invasion of Ukraine. We have taken several safeguards to make sure we are careful about the kind of information that plays in that. For example, we talked for a couple hours what colour to label the instance, they are not blue, red, green, they are purple. We haven't attributed any of those instance 21, so in theory what you see on that map could have been carried out by any state party.
That is something we have had to be very, very careful of. We cannot make comment who has carried out a particular instant until we have conducted further in depth investigations of that. In terms of the Russian state specifically, firstly, we would find it very difficult to cooperate with the Russian legal system because we don't think it's effective and second as soon as we get off the plane, they would arrest us. Secondly, that same legal system has spent the last several years denigrating the idea this could be used as evidence.
M8-17 as well as in relation to intelligence agencies carrying out poisonings in Europe.
So I don't think this kind of information would successfully be used because they rejected that as a possibility over the previous three years. Thank you.
>> MODERATOR JAMIL: I'm going to ask Jayantha Fernando to share, use for article 32. As I mentioned earlier we would come back to you and see how you think it's unique and provides the ability to combat ordeal with open source intelligence, for instance. I would like to come back to the floor because I believe there's a question from here and we will come back to the earlier participant. Go ahead Jayantha.
>> JAYANTHA FERNANDO: Thank you, Zahid. A couple points I want to emphasize in the context of questions raised. It's important to know the tools available under the Budapest Convention including article 32, is available for state parties to the Budapest Convention and not otherwise.
So I think we need to be very clear about the unique features of the convention, especially the open source framework provided through article 32, which is clarified more clearly on the evidence, article 32. So there's a guidance which was agreed to within state parties to the Budapest Convention. And it is also important to note a particular sentence I would like to quote from the guidance. It is presumed that the parties to a convention, form a community of trust, and that rule of law, human rights principles are respected in line with article 15 of the Budapest Convention. So if that state party who wants to benefit from article 32, and rely on open source material available online, explained by many of our panelists today, it is also important to understand that the concept of this being used within a community of trust and to ensure that rule of law human rights principles are respected in line with article 15.
That said, I want to emphasize that not only on a day-to-day basis, but on a regular basis be in relation to a drug related offense or any other offense. Our law enforcement authorities are using this provision on a regular basis, because they have been trained and not only because they have been trained. They comply with the minimum standards on article 15 and standard operating procedures which they use those tools are also respecting the provisions contained in article 15. Thanks.
>> MODERATOR JAMIL: Thank you. Article 15 for those in the room is basically human rights. It's important that any provision are subject to these. We have a question in the room. Gentleman over to you.
>> Thank, Fernando Garcia. Secretary director of RTD in Mexico. I think no one can deny that access to e-evidence can be crucial to resolve crimes. However I think it's important to also make notice that unfortunately many places in the world law enforcement officials also participate in the commission of war crimes, crimes against humanity, human rights abuses.
I think it's important to say there's unfortunately the satisfaction and frustration to civil society groups lack of safeguards in the protocol of the Budapest Convention and proposed draft in the cybercrime treaty being negotiated in the U.N.
For example, the lack of judicial safeguards being mentioned. In general I think there's a lot of frustration, I think lack of communication, I think. I think my question is, does anyone on the panel recognise that the safeguards in the protocol, or in the draft text of the U.N. cybercrime convention are inadequate and there's much more to do with regard to building effective safeguards that prevent the provisions of the Budapest Convention of being used actually to commit crimes with impunity, many places in the world like the country I come from, happens regularly.
>> MODERATOR JAMIL: Thank you for the question, it's a very good question. I'm happy to give a response but please, Patrick, go ahead.
>> PATRICK PENNINCKX: I think it's indeed better the parties to the Budapest Convention can respond to that, because ultimately they are in charge of committing to the Budapest Convention and using its articles. I just wanted to say two things. We are a panel on war crimes and gross human rights violations. This is not the international criminal court. So let's also refocus and make sure that we focus on the topic of our panel right nowment and maybe also despite the fact we emphasize the usefulness of open source information, as being potential evidence of war crimes, we also however, we need to distinguish between intelligence information and evidence and that not every open source information can be used for trial purposes, we must recognise, it must be obtained in compliance with existing legislation and best practice procedures to be admissible in a trial. That's one thing.
And from the example that Nick has given us, let's also be very clear, we need open source information that is reliable, that is authentic that is complete, and reliable. I think those elements are core components once we have to decide when certain information can be used in trial or not. And that's why the importance of evidence, not manufactured evidence is important. We are in an era of deep fakes and disinformation, systemic disinformation is taking place worldwide but also in short by a number of countries which have a particular interest in that, that we need to ensure this information is in the first place reliable.
>> MODERATOR JAMIL: That's helpful, I want to add a comment and there are more interventions, I believe. The convention under article 15, you may have read it stipulates human rights standards, in fact mentioned several treaties that have to be applicable and it talks about safeguards. Every single investigative power, I teach this constantly every few weeks stipulates there should be judicial oversight. The very much embedded within the crux of the convention. But in addition the capacity building training continually talks about the human rights aspect. I agree with you, it's essential, police, law enforcement don't abuse this. I'm happy to have a conversation where you feel there are gaps but I do think you are right when you look at the U.N. convention, there are various concerns of Civil Society and others absolutely correctly, I think, there are many gaps related to human rights and civil liberty safeguards as it applies to the U.N. draft convention. I should just call it a draft at the moment. Nataliya over to you, then a question to Nick and audience and back again, please.
>> NATALIYA TKACHUK: I would like to add of course the Budapest Convention is very effective instrument in investigation of cybercrimes. But it's not enough simply to become part of this convention. The implementation is a very important next step. And for example, Ukraine is still working on the implementation of the Budapest Convention. Now there is war going on, we have different regime of war times. But before the war, we still had problems with provisions that provide disclosure and preservation of data, of technical data. Because in Ukraine, law enforcement didn't have the possibility to issue some warrants to do this quickly. As it is implied in the Budapest Convention. This is also very important. The effective implementation of this international document.
>> MODERATOR JAMIL: Thank you, Nataliya, John?
>> JOHN HERING: There's been well enough said about the provisions the Budapest Convention but to circle back of the cybercrime ongoing, I think it's still a draft and we still have a fairly significant concerns making sure there are sufficient safeguards in place for things like human rights, particularly as it relates to data access provisions and opportunities for more transparency for when and how long data was requested and making sure that information could be disclosed on a long enough timeline.
>> MODERATOR JAMIL: For instance, article 32 said there have to be certain consents given, we have no such provision in the U.N.
Nick?
I have a question for you regarding what Patrick said. The important whatever data you look at is authentic reliable.
Have you had experience with war crimes tribunals, et cetera? Thank you.
>> NICK WATERS: Okay, yes, so what we have been doing is working with global legal action network, lawyers carrying out litigation in order to assess if this information can be used as evidence. Primarily focused in common law, the law of England and Wales. What we have done is focus on principles of admissible evidence.
What we have created enables the possibility that some of this, these videos, these images could be used as evidence in the future. It's not a guaranty and this is only one way of doing it. Human rights has a protocol, our methodology is consistent with. But those are the principles we thought to apply. When you actually investigate these pieces of content, we talk specifically about A.I.
However, A.I. still haven't really at the point where it can create believable content. At the moment the majority of the problems come from real content that is being repurposed to say it comes from a zichb event. And by some very simple verification steps, placing a piece of paper in space in time you can exclude all that misleading information.
We seek to lead contextual, comparing to the context of the event at the time and cross-reference verification. You can imagine if an instant hub is a large city, airstrike, there will be multiple people taking videos. We will seek out that content, place and space in time to compare with another piece of content. We have been thinking about this from the very -- all the way up to the principles of evidentiary admissibility. If anyone is interested with global legal action network is available online, blook for glan Bellingcat and methodology and you will find it.
>> MODERATOR JAMIL: Thank you, Nick. I hope that addresses concerns how this could be used he is spshlly with respect to prosecution. I will be asking John a question what you have been doing, but before I do that, a gentlemen has been waiting for some time. The floor is yours. Thank you for giving me time, the second time I have a question for Nataliya. Russia and Ukraine have not only classical war but informational war and the citizens of both countries are suffering from that. It's absolutely true. But my question to you was Ukrainian backed criminals, not like Russia. So I feel my question was left unanswered. But my next question is to you and to Nick. Because frankly speaking, I think war crime is war crime. And no matter who did it, who committed it and where. In terms of conventions. At least war crimes cannot be persecuted by this -- sounds strange because there were certain war crimes, Russia is not even a struggling -- let's stand off Ukraine for a while. I see it causes hot atmosphere here. Thank you for letting me continue. My question is to Nick because in the context that I have just given for like last three days, we actually seem like this abnormal events between Israel and Palestine. Like there's plenty of direct electronic evidence of war crimes committed by both, by Palestinians and by Israels. They are clearly war crimes. You don't have to be an expert or lawyer or some kind of specialist to call what it actually is. So what is your attitude or approach to these kind of war crimes and this conflict? Are there any investigations available? And what do you think if any international law or international corporation could be used in such a context.
>> MODERATOR JAMIL: Thank you for your question. First of all let me clarify, what I said earlier you gave examples of cybercrimes not war crimes.
>> I gave to cybercrimes. Sorry to Ukraine again, there was an instance Russia was killing Ukrainian civilians.
>> MODERATOR JAMIL: Thank you. The Budapest Convention provides law basis, we don't have another to do that.
Russia being a party to that would be helpful, if Russia wanted to take advantage of it. For instance, I assume, since the point you are making Russian victims are involved. It would be their responsibility of Russian government to say it wants to be able to defend its people. I would imagine they would want to choose the convention but they have chosen not to. The other question regarding Palestine and Israel etc.. We will go to the panel. We are not here discussing international war crimes generally. The topic of our conversation and I think you said it earlier Patrick, we aren't the war crimes tribunal is to look at electronic evidence and how it can be used in various segments. It could be any conflict, the Palestinian conflict, the Ukraine situation. We are not taking any position per se. It's a question of academic question. Over to the panel. Does anybody else want to answer any of the questions that have been asked? John? Anyone? Nataliya, please.
>> NATALIYA TKACHUK: Thank you for your comment, for your question. And you are totally right. The justice and the rule of law is a common democratic value. This is the value that my country is fighting against the Russian Federation. Every war criminal should be brought to justice, should be accounted for, what he did. That's why there is international mechanisms, international legislation and Budapest Convention as well.
But I disagree with you, that you said that there is information war that Ukrainians are suffering and Russians are suffering. Russians are not suffering from information war from any other country except from their political leaders. They block all the internet, they block all the media. And people who have another point of view they are political leaders, they are simply scared because they simply go to jail. This is the information war in Russia. War from its political leadership. That's what I wanted to convey. Thanks.
>> MODERATOR JAMIL: Patrick?
I know there was a specific question directed to Nick. I hope Nick and John can answer those questions. But unfortunately, Zahid I have to correct you at this point in time.
Because I must say that the Russian Federation at this point in time will not be able to join a cybercrime convention for the simple reason the Russian Federation was expelled from the Council of Europe and lost its status with the Council of Europe. Because of not respecting human rights and the basic values that the Council of Europe stands for and was therefore expelled from the Council of Europe, following the Russian invasion, illegal invasion in Ukraine. So that option is not open at this point in time. It was open in the past as you said, but that's no longer an option right now. That's all I wanted to say, there were some specific questions to the other.
>> MODERATOR JAMIL: This is one of the welcomed times I like your criticism and disagreement with me. Thank you so much for that. Nick, please?
>> NICK WATERS: Sure, in the context of Israel/Palestine. The very first thing you said, we can say war crimes. One thing being very careful about, specifically from my team. We cannot say that, we are not lawyers we work with lawyers but we cannot make those kind of statements. That's one thing we have been careful about doing. In terms of using vocabulary to describe events happening in Israel/Palestine but Russia invasion in Ukraine. We can't say that, we're not lawyers. So in terms of the actual approach. At the moment the amount of content is horrifying. What we have been doing is pretty much what's become a standard for this kind of instance. We have been collecting the evidence and been trying to preserve it. There are some organisations trying to do this, you may be familiar with mnemonic. That's what we are doing at the moment. But in terms of further investigations, I don't know at this point. As I said the amount of stuff going on is absolutely horrific. We are talking about the use of explosives along the Gaza strip. Like widespread killings of civilians killing minors. This is something which is very, very difficult to investigate, simply because there's so much of it. The vast amount of atrocities that we see, simply are never investigated. With that said, our partners are keen to work in the context of Israel/Palestine because they have been working on potential crimes happened or alleged crimes that have happened in the occupied Palestine territories. This is something I would think, hope we would eventually be able to contribute towards. Thank you.
>> MODERATOR JAMIL: Thank you, Nick. We are obviously trying to make sure we are paying attention to the online participation. Giorgi, I believe you have a comment made in the chat. If you could read it to the audience.
>> GIORGI JOKHADZE: Thank you very much. So there was some exchange in the chat and one question came through, which is, I will just read it out directly and let everyone respond to it. How can we ensure having the neutral valid and legitimate evidence system --
>> MODERATOR JAMIL: We are having difficulty understanding if you could read slowly and loudly.
>> GIORGI JOKHADZE: My apologies. The question is how can we ensure having the neutral, valid and legitimate evidence system whether crime is committed against Ukrainian and Palestinian people. In my interpretation that refers to, how is the question of availability of neutral rather than legitimate evidentiary system.
>> MODERATOR JAMIL: I think the question for all of us, how do we in this process looking at electronic evidence ensure there is neutrality and independence and not biased and prejudiced. This is a good question for everybody, because we are all doing different roles. Someone from national security organisation. Others from organisation, private sector. John, would you like to take the first one, please?
>> JOHN HERING: Yeah, it's a good example of just an objective new tool that Microsoft partnered with Accenture to support the national criminal code, the OTP link platform we put together. It's a fairly sophisticated but simple platform created for the recipient of article 15 submissions, from witnesses to potential war crimes either before or after a preliminary discussion, this is regardless which side of a conflict you would find yourselves on. It would serve to unify a disjointed system. Collect and preserve information to hopefully create a tamper-proof record to be further investigated later. Just one example of the type of tool technology companies can help advance.
>> NICK WATERS: (Off microphone)
Hello? Yeah. With regards to neutrality bias. The methodology we worked with has specific section regarding bias. That includes personal bias, what is the bias potential from algorithms for example. That is something we sought to address in that methodology. From my own personal perspective, it's important to mitigate our own biases and recognise them as well. Because once you can recognise biases, you can go onto seek to mitigate them. One thing we sort to do is hire people who have deep local knowledge of context. So it's not just another group of, forgive me, white European people looking at a situation saying this is exactly what is happening. We have sought to actually hire people who have that particular perspective and understand the local issues. Thank you.
>> PATRICK PENNINCKX: If I may. It's clear that right now technological advantages and advancements have enabled individuals, but also states and regimes to easily manipulate data in an electronic form.
So raising questions about credibility and authenticity is fully legitimate and I think that's really important. In order to ensure that Tate ta may be used as an electronic evidence for trial purposes, there must be a number of criteria. Data must be preserved like any data, like any evidence in any court. They must be preserved safely and kept, due to especially the high volatility of these data. They must be safely guarded and protected.
Quite a lot of the data, which are right now specific to the war against Ukraine, but also Palestine and Israel right now, is available also from foreign sources. And some of those sources, and many of those are in foreign jurisdictions. That means that including also in the cloud, obviously.
So we need to be able to authenticate those sources in order to ensure that they are not flawed.
And that goes for any conflict from any side, from any party. Whether that be Israel or Palestine. Whether that be Russian Federation or Ukraine, I think that is really important. The collected information and the courses must be authenticated. Verified and available for review, to be able to demonstrate that the data is not fake, simply. And I think if we can take that as a starting point and it's not for this panel, but it's for the court to decide, whether that is in the end information that could be used in trial or not.
>> MODERATOR JAMIL: Thank you. We will be going to Jayantha because I want to ask him to explain, question was asked earlier about article 15 and human rights and Budapest Convention. Maybe he can shed light. Are there any other questions? Please, you are invited to come to the mic, if you have a question, comment or intervention. Jayantha if you could respond to the question made. You do a lot of this work about the human rights aspects and possible abuse by law enforcement. Powers available in the Butte Budapest Convention and how that is mitigated. If you could help us with that. Thank you.
>> Yeah. If I am to clarify the rule of article 15 the provisions contained in the Budapest Convention starts with article 14. The provisional measures. Every party that is introducing legislative and other procedural measures, provided for under the procedural tools and international cooperation tools in the convention, for their purposes of not only cybercrime investigations, but all other investigations or other criminal investigations have to ensure that there are established safeguards within the scope of article 15 and as you rightly said, the article 15 human rights illustrates this. It refers to international conventions that countries would have to, may consider joining. So as far as some of our countries are concerned some of us have become state bodies to international conventions such as ICCPI and so on and so forth. And that has led to introduction of procedural measures in our domestic system to enable the judicial authorities who exercise their supervision. So that is one way in which I would say that the safeguards are implemented. This is not magic. This is not rocket science. This is just the procedural safeguards and standards that a country following the rule of life human rights safeguards. And as a state body Budapest Convention, standard operating procedures based on inputs to ensure that the methodology for electronic evidence gathering, collection and international cooperation that led to its collection are done in accordance with law instruments available within the scope of the convention. Thank you.
>> MODERATOR JAMIL: Thank you, Jayantha that is helpful. I understand we have another question that's come on line. Giorgi can I move to you to read it.
>> GIORGI JOKHADZE: Thank you. I hope there are no audio problems I will read it slowly. Exactly which provisions of the Budapest Conventions would be applicable to investigate war crimes?
>> MODERATOR JAMIL: Thank you. I'm sure I have something to say about that. But maybe anybody from the panel wants to take that? No. So provisions apply to any investigation. It doesn't matter if it's war crime, article 14 that specifically states any crime where there's electronic evidence involved deconvention, whether war crimes, theft, kidnapping, rape, whatever have you, as long as there is digital evidence involved, the digital evidence. Beyond that, particularly article 32 which allows for transborder access in certain circumstances is an important tool. As mentioned earlier, it's absent from the U.N. draft we are currently seeing. And so the question arises what are the human rights civil liberties that would apply to trance border access, I think that's my answer. Jayantha since you do this a lot with me, would you also like to say something, what are applicable related to the Budapest Convention. Thank you.
>> I think you clearly mentioned the capability of the provisions based on reference to article 14. So I think article 14 is the provision that can be invoked here. But in addition to article 32, I think we need to understand the scope of other prohibitions such as, I would say article 18, the production order provisions that enables domestic authority to obtain evidence from any service provider offering a service to a jurisdiction and then you have prohibitions such as article 26 spontaneous information. Where information gathered from international service providers can be shared by law enforcement authorities.
But we have to understand that all this is available tools for state partis to the Budapest cybercrime. Mention that is something we need to emphasize in the context of other question that was posed. Thank you.
>> MODERATOR JAMIL: Giorgi can you read the question in the chat.
>> GIORGI JOKHADZE: Yes, and remind you of the limit of time.
So basically I will shorten it as well.
>> MODERATOR JAMIL: Please read the whole thing and if you can speak loudly that would help.
>> GIORGI JOKHADZE: Yes, since in relation to the Budapest Convention war crimes were mentioned approach we can expect Budapest protocol to be used for investigation prosecution of, sorry, that's another question. Sorry, I just missed the previous one. My apologies.
>> MODERATOR JAMIL: We are having difficulty hearing you, I will read out if that's all right.
>> GIORGI JOKHADZE: Sorry, Zahid.
>> MODERATOR JAMIL: Not at all. The issue of bias, cross border digital platforms regarding the parties to conflict in maintaining electronic evidence is important. How do you want to maintain it, Meta and Instagram can't be neutral, thanks for your attention. This is the question in the chat. Anyone want to take that? John, Nick?
Go ahead.
>> NICK WATERS: Social media platforms definitely should not be regarded as being neutral. Between them they have different moderation policies and they are very different from country to country. If anyone recalls the moderation changing over 2015 as a result of Islamic state content being posted online, Arabic content is being moderated differently from English-speaking content. We have seen that specifically in the case of Myanmar. Facebook accused of enabling ethnic cleansing. These platforms have tried to distance themselves from responsibilities, deliberately saying they are not publishers so trying to avoid responsibility. However, they are to a certain extent responsible for some posted online, the algorithm decides what information is shown to what people. So should they be regarded as neutral? No, I don't believe they are. You need to try to seek that to mitigate that.
They are an incredible valuable source of information but should not be regarded as neutral in these contexts. Thank you.
>> MODERATOR JAMIL: We are starting to get a lot of questions in the chat. If I may read out the next one we have. And since in relation to the Budapest Convention, war crimes as such were mentioned and meaning comprehensive approach, can we expect the Budapest Convention and its protocol to be used for investigation and prosecution of the U.S. military outrages in Syria, Iraq. There is plenty of e-evidence in those notorious cases. Anyone want to take that?
>> PATRICK PENNINCKX: Zahid you mentioned even though the Budapest Convention covers 68 states it doesn't cover all the countries in the world. And we were hoping and wanting to increase of course the number of states that will join the Budapest Convention, provided that they respect article 15. The Budapest Convention is not a convention that exists in a void, it exists in a specific context, which is the protection of human rights, rule of law and pleuralist democracy. And countries that join the Budapest Convention comply with those principles.
In that respect, of course the 20 or more countries that have now been invited to exceed, unfortunately the countries mentioned there are not part of that list. So I think that's one of the key principles, of course we would like to see all those other countries would join. We know there are a number of differences and did I vergencies when we look at U.N. discussions taking place. We cannot make a convention applicable to those countries that have not joined it. Again, article 15, human rights principles need to be respected.
>> MODERATOR JAMIL: Absolutely right. In addition I would also sort of add that absolutely, the answer to the question that has been raised to the extent that the countries are part of the list, as Patrick mentioned, that could be used for electronic evidence. It's important to be clear. The Budapest Convention role is electronic evidence convention. The only going to tell you, it's evidence, it's admissible, this is how you collect it, this is how you present it, these are the safeguards. From then on the rules of the court, whether ICC or domestic court or any other would take over. The question I think you pose is not about electronic evidence, unfortunately. I wish it was. But about what other courts would do and I think that's a question for them. Patrick thank you for that response. We are absolutely at the last minute. I'm not doing a great job keeping up. If I could ask the panel to give wrap-ups. I will go to my right. I believe Jayantha will not be available. It's only us in the room wrapping up. John over to you.
>> JOHN HERING: Absolutely. That's a great transition to my final thoughts. Open by saying there's new demand of conflict that will require us to innovate appropriately our international systems keeping pace with new threats and challenges including cyber operations in armed conflict. To your point it's important our international institutions are stepping in to play a role to uphold those that exist in the physical and digital domain. It was heartening to hear last month, perhaps it was six weeks ago now, the ICC prosecutor for the first time announced his office will be investigating cyber naval war crimes.
>> Just say this kind of information will allow more atrocities to be investigated. That kind of information will help but it cannot replace traditional evidence and it must fit within the currently-established principles of legal admissibility and hopefully sharing that kind of information will be useful in the future to hold more people to account for their actions. Thank you.
>> NATALIYA TKACHUK: Thank you very mup for this discussion. I think it was very fruitful. Thank you for your support to Ukraine. This war showed the new role of electronic evidence. The new role of open source intelligence. We will learn how to do with this. And we were discussing bias and neutrality of electronic evidence. I agree with you, they may think these are procedures. We need to follow the procedures and understand procedures. I'm thankful to the Council of Europe, it conducts lots of trainings in Ukraine for judges, prosecutors and civil society. In Ukraine collecting evidence of war crime is a task for all civil society. And this is very, very important. Thank you.
>> MODERATOR JAMIL: Thank you. The Budapest Convention, as we said, is a criminal law convention.
>> PATRICK PENNINCKX: The not a war crime convention, we know preservation and exchange of stored information data including from service providers is crucial and reminder of article II of the convention can be used to access open source information across borders and can later on be used in trial, thank you.
>> MODERATOR JAMIL: Absolutely. Thank you for adding that, Patrick. It's my job to give the floor to Giorgi, and I will make some closing remarks. Giorgi over to you for wrap up.
>> GIORGI JOKHADZE: Thank you. --
In the aftermath of the meeting we will but I think that we have covered a lot of ground when it comes to the open source intelligence and being part of the overall picture. -- so we don't apply these in the void or Budapest Convention. We have to make sure open source intelligence that all the data information we are getting from open sources is also part of applicable and clear legal framework that is going to bring perpetrators to justice. That is my own view on the discussions here. But I think we will have to flesh it out a little bit more.
>> MODERATOR JAMIL: Thank you Giorgi. Open source intelligence and use of how this works is very different from something we have seen before. It's open source, it can change hands et cetera. To use this electronic evidence in various things including war crimes and human rights abuses is extremely important. The role of the convention in being able to do that vis-a-vis we don't have that possibility in the U.N. convention or other places. It's helpful to think what we can do to improve that in other structures as well. I just want to say thank you to all the participants who have been here. Thank you for the questions asked. They were helpful, they engaged. Thank you for the questions and online participants and questions, thank you for that. It helped us basically answer and think about new things. And thanks to the organisers, because they provide us a massive room and so, a lot of people, we didn't expect this many people to fill this room. We appreciate everybody coming. Thank you. That's all from us. Bye-bye.