Preiskava enkriptiranih elektronskih naprav in nosilcev elektronskih podatkov v kazenskem postopku; problem nezmožnosti dostopa do podatkovne vsebine naprave in prisila razkritja šifrirnega gesla
magistrsko delo
Abstract
S tem ko sta se s splošno in profesionalno digitalizacijo modernega življenja izjemno povečala količina in pomen digitalnih dokazov, se je ustrezno povečal pomen in pogostost preiskav elektronskih naprav v kazenskem postopku. Preiskava elektronskih naprav je v slovenski zakonodaji urejena v 219.a členu Zakona o kazenskem postopku in ureja preiskavo elektronskih z njimi povezanih naprav, nosilcev podatkov in preko omrežja povezanih in dosegljivih informacijskih sistemov, kjer so shranjeni podatki. Kritična lastnost vseh treh vrst naprav je njihova sposobnost shranjevanja podatkov v digitalni obliki. Pomembno oviro preiskavi teh naprav predstavlja moderna enkripcija, ki onemogoča dostop do njihove podatkovne vsebine, brez ustreznega šifrirnega gesla. Preiskava elektronske naprave posega v uporabnikovo pravico do komunikacijske zasebnosti, določene v 37. členu Ustave Republike Slovenije. Za zadovoljitev ustavnih pogojev in pogojev 219.a člena Zakona o kazenskem postopku mora preiskava temeljiti na ustreznem pravnem temelju, namreč uporabnikovi privolitvi, odredbi sodišča ali ustni odredbi preiskovalnega sodnika. 219.a člen ZKP poleg pogojev in okvirnega poteka preiskave elektronskih naprav v 6. odstavku določa dolžnosti imetnikov oziroma uporabnikov naprav in sankcijo, če teh dolžnosti ne izpolnijo. Omenjene dolžnosti so omogočiti dostop do elektronske naprave, predložitev šifrirnih ključev in predložitev pojasnil o uporabi naprave. Za neizpolnitev določenih obveznosti ne morejo biti kaznovani osumljenec, obdolženec, oseba, ki ne sme biti zaslišana kot priča, ali oseba, ki se lahko odreče pričevanju. Po zasegu naprave in pred njeno preiskavo je treba opraviti vmesni postopek zavarovanja podatkovne vsebine elektronske naprave. Ta se lahko zavaruje tako, da se ustvari istovetna kopija elektronskih podatkov, da se ustvari istovetna kopija celotnega nosilca podatkov ali tako, da se naprava zapečati. Postopek zavarovanja ne služi zgolj zagotovitvi integritete preiskovanih podatkov, temveč je edini del preiskave elektronske naprave v širšem smislu, pri katerem sta lahko prisotna uporabnik naprave in njegov zagovornik. Preiskavo elektronske naprave opravi strokovno usposobljena oseba in o preiskavi ustvari zapisnik. Preiskava je vsebinsko omejena na iskano vsebino, določeno v odredbi o preiskavi. V primeru, da je preiskava opravljena brez ustrezne pravne podlage ali v nasprotju z odredbo, morajo dokazi, pridobljeni s to preiskavo, biti izključeni. V primeru, da je šifrirno geslo naprave bilo pridobljeno s prisilo v obliki mučenja ali nečloveška in ponižujočega ravnanja, se za legitimacijo dokazov, pridobljenih v tej preiskavi ne more uporabiti doktrina neizbežnega odkritja. Za preiskavo preko omrežja povezanih naprav, morajo te naprave biti v odredbi določene, pri čemer ne ustreza, da so določene zgolj naprave, ki jih je uporabnik uporabil za dostop do njih. Obdolženca pred prisilo predložitve šifrirnih gesel ščiti privilegij zoper samoobtožbo, pri čemer ta zaščita velja enako za šifrirna in biometrična gesla. Obdolženec kljub temu lahko geslo prostovoljno predloži, pri čemer ima lahko sama predložitev zanj obremenilno dokazno vrednost. V kolikor gesla ne predloži, njegovo vzdrževanje pomoči organom pregona ne more služiti kot dokaz njegove krivde. Če obdolženec naklepno predloži nepravilno šifrirno geslo, njegovo ravnanje lahko predstavlja kaznivo dejanje krivega pričanja. Tuje države so z namenom reševanja problema otežene preiskave elektronskih naprav sprejele različne ureditve, med drugim različne stopnje prisile za predložitev šifrirnih gesel in stroge načine regulacije enkripcijskih in enkriptiranih produktov. Pogosta oblika tovrstne regulacije, h kateri stremi tudi Evropska unija je uvedba obveznih s strani proizvajalcev implementiranih »glavnih ključev«, ki organom pregona omogočajo, da zaobidejo enkripcijo in odklenejo enkriptirane naprave, brez uporabe šifrirnih gesel.
Keywords
preiskava digitalnih naprav;kazenski postopek;enkripcija;digitalni dokazi;privilegij zoper samoobtožbo;
Data
| Language: | Slovenian |
|---|---|
| Year of publishing: | 2022 |
| Typology: | 2.09 - Master's Thesis |
| Organization: | UM PF - Faculty of Law |
| Publisher: | [O. Peče] |
| UDC: | 343.14:004.056.53(043.3) |
| COBISS: |
130363395
|
| Views: | 22 |
| Downloads: | 10 |
| Average score: | 0 (0 votes) |
| Metadata: |
|
Other data
| Secondary language: | English |
|---|---|
| Secondary abstract: | As the general and professional digitization of modern life has increased the amount and importance of digital evidence tremendously, the importance and frequency of investigations of electronic devices in criminal proceedings have increased accordingly. In Slovenian legislation, the investigation of electronic devices is regulated in Article 219a of the Criminal Procedure Act which regulates the investigation of electronic devices and their accessories, data carriers, and devices of information systems connected and accessible via the network, in which data is stored. A critical feature of all three types of devices is their ability to store data in digital form. An important obstacle to the investigation of these devices is modern encryption, which prevents access to the data content of these devices without the use of an encryption password. An investigation of electronic devices interferes with the user's right to privacy of communication, as defined in Article 37 of the Slovenian Constitution. To satisfy the constitutional conditions and the conditions of Article 219a of the Criminal Procedure Act, it must be based on an appropriate legal basis, namely the user's consent, a court order, or oral order of the investigating judge. Article 219a of the Criminal Procedure Act, in addition to the conditions and framework for the investigation of electronic devices, in paragraph 6, determines the obligations of the owners or users of the devices and the sanction if they do not fulfill these obligations. They are obliged to enable access to the electronic device, provide encryption keys and provide explanations on the use of the device. Suspects, defendants, as well as persons who may not be heard as a witness, and persons who can refuse to testify must not be punished for failure to fulfill these obligations. After the seizure of the device and before its investigation, it is necessary to carry out an intermediate procedure of securing the data content of the electronic device. The data may be secured by creating an identical copy of the electronic data, by creating an identical copy of the entire data carrier, or by sealing the device. The securing procedure not only serves to ensure the integrity of the investigated data but serves as the only part of the investigation in a wider context, during which the user of the device and his attorney can be present. The examination of the electronic device is carried out by a qualified professional and a record of the examination is created. The content of the investigation is limited by the intended content specified in the order for the investigation order. If the search is conducted without a proper legal basis or contrary to the order, the evidence obtained through this search must be excluded. If the encryption password of the device was obtained by coercion in the form of torture or inhuman and degrading treatment, the doctrine of inevitable discovery cannot be used to legitimize the evidence obtained in this investigation. For the investigation of devices connected via the network, these devices must be specified in the order, and it is not appropriate to specify only the devices that the user used to access them. The defendant is protected from being forced to provide passwords by the privilege against self-incrimination, which applies equally to passwords and biometric passwords. Nevertheless, the accused may submit the password voluntarily, doe submission itself may be incriminating for him. If he does not provide the password, his refusal to help law enforcement should not serve as proof of his guilt. If the defendant intentionally submits a false password, his behavior could potentially constitute the crime of perjury. To solve the problem of difficult investigations of electronic devices, foreign countries have adopted various regulations, including varying degrees of compulsion to submit encryption passwords and strict regulation of encryption and encrypted products. A common form of this type of regulation, to which the European Union also strives, is the introduction of mandatory "master keys" implemented by manufacturers, which enable law enforcement authorities to bypass encryption and thus enter encrypted devices without using encryption passwords. |
| Secondary keywords: | digital device investigation;criminal proceedings;encryption;digital evidence;protection against self-incrimination;Univerzitetna in visokošolska dela; |
| Type (COBISS): | Master's thesis/paper |
| Thesis comment: | Univ. v Mariboru, Pravna fak. |
| Source comment: | Sistemske zahteve: Acrobat reader |
| System comment: | Sistemske zahteve: Acrobat reader |
| Pages: | 1 spletni vir (1 datoteka PDF (89 str.)) |
| ID: | 17150064 |
Recommended works:
Preiskava enkriptiranih elektronskih naprav in nosilcev elektronskih podatkov v kazenskem postopku; problem nezmožnosti dostopa do podatkovne vsebine naprave in prisila razkritja šifrirnega gesla
2022,
magistrsko delo
Digitalni dokazi v kazenskem postopku in privilegij zoper samoobtožbo
2020,
diplomsko delo visokošolskega študijskega programa Varnost in policijsko delo
Privilegij zoper samoobtožbo kot ahilova peta sekcijskega merjenja hitrosti
2020,
no subtitle data available
Odvzem prostosti v kazenskem postopku
2010,
diplomsko delo
Spreminjanje izjav prič v kazenskem postopku
2010,
diplomsko delo