The impact of digital evidence on investigative activity between legal safeguards for the parties and investigative needs: breakthrough and unresolved issues.
Abstract: The acquisition of digital data is the result of an epochal digital revolution that today – in particular – is increasingly affecting the foundations of criminal justice. The acquisition operation, in a procedural-criminal law context, has long been freed to be an atypical means of seeking evidence, the evaluation of which was left to the judge. Over time, first the intervention of case law and then the establishment of organic legislation have necessarily imposed a first change of pace, transforming e-evidence from an extemporaneous element to an essential element in the performance of any investigative activity, not only in a procedural-criminal context but also in a fiscal context, also allowing for faster, more traceable, and more objective investigations, always respecting the guarantees of the parties. In both contexts, the chain of custody, the integrity and reliability of the data, and the repeatability of the procedures used for the identification, storage, acquisition, and documentation of the same are and must remain essential requirements in terms of admissibility, it being understood that, depending on the operational context, sometimes, operators are increasingly struggling to acquire that digital evidence, having to deal with encrypted systems, cloud services, protected devices, and different legal systems that obstruct or make it more difficult to acquire it and, therefore, are increasingly forced to deviate from the traditional “rules” of Digital Forensics, international Best Practices, and ISO/IEC 27037:2012.
Recently, the use of AI has represented another “breakthrough”, imposing a paradigm shift and a new multilevel investigative approach, both in terms of intelligence, enhancing the capacity for aggregation and analysis in terms of operational effectiveness and efficiency in the choice of targets to be monitored or services to be optimized through targeted sampling in inspections, interoperability between public databases, and better documentation/training; personal data protection, and in terms of analysis of acquired big data, allowing greater automation (NLP, artificial vision), making use of predictive/prescriptive and generative models, allowing for a more rapid selection of “living” evidence, even in cloud/IoT environments; creating a new hybrid human-AI governance with explainability, sometimes reaching unexpected and inexplicable results. The investigation is no longer linked only to the output of the AI, but requires a more in-depth analysis, including upstream, in order to understand the conditions that led to that output or that decision. We will try to understand what works today: mature forensic tools, digital chains of custody, extensive data logging, guidelines on preservation/minimization and interoperability of the same; analytics and KYC capable of improving risk scoring, without neglecting the critical issues that have emerged in terms of opacity and intrinsic bias in AI models; the fragility of the evidence extracted in dynamic environments; excessive dependence on suppliers; the repeated and continuous tensions between data minimization for the purposes of its processing and big data, and the numerous issues that are still open and not yet resolved, starting with the use of data in the formation of AI datasets and ending with the issues of legal responsibility.