Title 5 – Real-time collection of computer data

205. Articles 20 and 21 provide for the real-time collection of traffic data and the real-time interception of content data associated with specified communications transmitted by a computer system. The provisions address the real-time collection and real-time interception of such data by competent authorities, as well as their collection or interception by service providers. Obligations of confidentiality are also addressed.

206. Interception of telecommunications usually refers to traditional telecommunications networks. These networks can include cable infrastructures, whether wire or optical cable, as well as inter-connections with wireless networks, including mobile telephone systems and microwave transmission systems. Today, mobile communications are facilitated also by a system of special satellite networks. Computer networks may also consist of an independent fixed cable infrastructure, but are more frequently operated as a virtual network by connections made through telecommunication infrastructures, thus permitting the creation of computer networks or linkages of networks that are global in nature. The distinction between telecommunications and computer communications, and the distinctiveness between their infrastructures, is blurring with the convergence of telecommunication and information technologies. Thus, the definition of ‘computer system’ in article 1 does not restrict the manner by which the devices or group of devices may be inter-connected. Articles 20 and 21, therefore, apply to specified communications transmitted by means of a computer system, which could include transmission of the communication through telecommunication networks before it is received by another computer system.

207. Articles 20 and 21 do not make a distinction between a publicly or a privately owned telecommunication or computer system or to the use of systems and communication services offered to the public or to closed user groups or private parties. The definition of ‘service provider’ in Article 1 refers to public and private entities that provide to users of their services the ability to communicate by means of a computer system.

208. This Title governs the collection of evidence contained in currently generated communications, which are collected at the time of the communication (i.e., ‘real time’). The data are intangible in form (e.g., in the form of transmissions of voice or electronic impulses). The flow of the data is not significantly interfered with by the collection, and the communication reaches its intended recipient. Instead of a physical seizure of the data, a recording (i.e., a copy) is made of the data being communicated. The collection of this evidence takes place during a certain period of time. A legal authority to permit the collection is sought in respect of a future event (i.e., a future transmission of data).

209. The type of data that can be collected is of two types: traffic data and content data. ‘Traffic data’ is defined in Article 1 d to mean any computer data relating to a communication made by means of a computer system, which is generated by the computer system and which formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size and duration or the type of service. ‘Content data’ is not defined in the Convention but refers to the communication content of the communication; i.e., the meaning or purport of the communication, or the message or information being conveyed by the communication (other than traffic data).

210. In many States, a distinction is made between the real-time interception of content data and real-time collection of traffic data in terms of both the legal prerequisites required to authorise such investigative measure and the offences in respect of which this measure can be employed. While recognising that both types of data may have associated privacy interests, many States consider that the privacy interests in respect of content data are greater due to the nature of the communication content or message. Greater limitations may be imposed with respect to the real-time collection of content data than traffic data. To assist in recognising this distinction for these States, the Convention, while operationally acknowledging that the data is collected or recorded in both situations, refers normatively in the titles of the articles to the collection of traffic data as ‘real-time collection’ and the collection of content data as ‘real-time interception’.

211. In some States existing legislation makes no distinction between the collection of traffic data and the interception of content data, either because no distinction has been made in the law regarding differences in privacy interests or the technological collection techniques for both measures are very similar. Thus, the legal prerequisites required to authorise the undertaking of the measures, and the offences in respect of which the measures can be employed, are the same. This situation is also recognised in the Convention by the common operational use of the term ‘collect or record’ in the actual text of both Articles 20 and 21.

212. With respect to the real-time interception of content data, the law often prescribes that the measure is only available in relation to the investigation of serious offences or categories of serious offences. These offences are identified in domestic law as serious for this purpose often by being named in a list of applicable offences or by being included in this category by reference to a certain maximum sentence of incarceration that is applicable to the offence. Therefore, with respect to the interception of content data, Article 21 specifically provides that Parties are only required to establish the measure ‘in relation to a range of serious offences to be determined by domestic law’.

213. Article 20, concerning the collection of traffic data, on the other hand, is not so limited and in principle applies to any criminal offence covered by the Convention. However, Article 14, paragraph 3, provides that a Party may reserve the right to apply the measure only to offences or categories of offences specified in the reservation, provided that the range of offences or categories of offences is not more restricted than the range of offences to which it applies the measure of interception of content data. Nevertheless, where such a reservation is taken, the Party shall consider restricting such reservation so as to enable the broadest range of application of the measure of collection of traffic data.

214. For some States, the offences established in the Convention would normally not be considered serious enough to permit interception of content data or, in some cases, even the collection of traffic data. Nevertheless, such techniques are often crucial for the investigation of some of the offences established in the Convention, such as those involving illegal access to computer systems, and distribution of viruses and child pornography. The source of the intrusion or distribution, for example, cannot be determined in some cases without real-time collection of traffic data. In some cases, the nature of the communication cannot be discovered without real-time interception of content data. These offences, by their nature or the means of transmission, involve the use of computer technologies. The use of technological means should, therefore, be permitted to investigate these offences. However, due to the sensitivities surrounding the issue of interception of content data, the Convention leaves the scope of this measure to be determined by domestic law. As some countries legally assimilate the collection of traffic data with the interception of content data, a reservation possibility is permitted to restrict the applicability of the former measure, but not to an extent greater than a Party restricts the measure of real-time interception of content data. Nevertheless, Parties should consider applying the two measures to the offences established by the Convention in Section 1 of Chapter II, in order to provide an effective means for the investigation of these computer offences and computer-related offences.

215. The conditions and safeguards regarding the powers and procedures related to real-time interception of content data and real-time collection of traffic data are subject to Articles 14 and 15. As interception of content data is a very intrusive measure on private life, stringent safeguards are required to ensure an appropriate balance between the interests of justice and the fundamental rights of the individual. In the area of interception, the present Convention itself does not set out specific safeguards other than limiting authorisation of interception of content data to investigations into serious criminal offences as defined in domestic law. Nevertheless, the following important conditions and safeguards in this area, applied in domestic laws, are: judicial or other independent supervision; specificity as to the communications or persons to be intercepted; necessity, subsidiarity and proportionality (e.g. legal predicates justifying the taking of the measure; other less intrusive measures not effective); limitation on the duration of interception; right of redress. Many of these safeguards reflect the European Convention on Human Rights and its subsequent case-law (see judgements in Klass (5), Kruslin (6), Huvig (7), Malone (8), Halford (9), Lambert (10) cases). Some of these safeguards are applicable also to the collection of traffic data in real-time.