International IT crime; is evidence gathering a poker game?

The World Summit on Information Society (WSIS) 2015 meeting in Geneva recognized that access to and communication in a simplified exchange network among law enforcement agencies and CERTs were important. Computer Emergency Response Teams (CERTs) are worldwide institutions created as a response to cyber threats. The Council of Europe, in collaboration with the US, Japan and others, has created the “Convention on Cybercrime”.

As of summer 2016, 66 countries had or planned to implement this. The convention defines cybercrime, cooperating and data sharing between the countries.  (Choucri, Madnick and Koepke, 2016) The G8-countries have also agreed to focus on collaboration for combatting computer crime. (Ozeren, 2005) Looking at the network of institutions in the image below, it might give us some ideas of various places to try as entry points to get hold of the data:

Image source: (Choucri, Madnick and Koepke, 2016)

The convention is considered an important tool for online crime investigation. It is aimed to be a treaty to allow police in one country to request counterparts in another country to collect evidence for them, arrest the individual and have the responsible person delivered to their country. (Chawki et al., n.d.)

I have a thought for you: while several countries have agreements in place to collaborate about cyber crime, such as my above mentioned World Summit of Information Society – what about the increasing cyber warfare? Will these countries really give collaboration in every aspect or will they keep their cards close to their chest as if playing poker? (Rinear, 2015)

If the USA asked Russia for the email information from a suspect, will the Russian provider just give them full access to the account: or will Russian IT-agents go through the emails first, to make sure no national security issues or other things that could reveal things about Russia, will get through to the US? Will they “wash” the information first?

Also, several network providers funnel traffic through nodes in large cities. This means that during an armed conflict, unless the government has very clear communication lines with detailed information about all hubs and nodes, military communications might be routed through a hostile country. (Rinear, 2015) The way that PRISM picks up all info sent through major connections, they might eaves-drop on many international secrets. Remember: Germany’s Angela Merkel was spied on by the US! (Traynor, 2013)

Let’s take the principle of the “save as draft”-emails: it’s a common trick to hide information from being detected by servers (leaving little trace) by starting a message in for example Hotmail or Gmail, but never sending it. Your fellow conspirator will log in and see the draft and reply that way, in the same draft. If we are just given a copy of the inbox from the government in this other country, valuable information could be lost. For example, the address book could hold very important contact information, the SPAM folder might be of interest, draft and Sent Items of course, too.

What do you think – will there really be a friendly exchange culture with no strings attached? Can we trust that we have been given all information by the other country? Will we be given some information (“here’s a copy of the inbox”, leaving out “Sent”, “Draft” etc.) or will we be able to investigate ourselves?



Chawki, M., Darwish, A., Khan, M. A. and Tyagi, S. Cybercrime, digital forensics and jurisdiction. [electronic book].

Choucri, N., Madnick, S. and Koepke, P. (2016) ‘Institutions for Cyber Security: International Responses and Data Sharing Initiatives’,

Ozeren, S. (2005) Global response to cyberterrorism and cybercrime: A matrix for international cooperation and vulnerability assessment, University of North Texas.

Rinear, M. (2015) ‘Armed with a Keyboard: Presidential Directive 20, Cyber-Warfare, and the International Laws of War’, Capital University Law Review, 43 (3), pp.679-720.

Traynor, I. (2013) ‘Angela Merkel: NSA spying on allies is not on’ The Guardian, October 24, Available from:

Image source:, user: gillnisha. CC0 Licence, public domain.