Venice Commission - Report on a rule of law and human rights compliant regulation of spyware
www.venice.coe.int
Disclaimer: this information was gathered by the Secretariat of the Venice Commission on the basis of contributions by the members of the Venice Commission, and complemented with information available from various open sources (academic articles, legal blogs, official information web-sites etc.).
Every effort was made to provide accurate and up-to-date information. For further details please visit our site : https://www.venice.coe.int/
2. Are there specific rules (covering notably the scope ratione materiae, temporis and personae) in place or do the general rules on targeted surveillance (interception of communications) apply (could you please provide us with such specific or general rules)?
See answer to question 1; no regulation in force.
Il n’existe pas de règles spécifiques sur l’utilisation des logiciels espions. Les règles générales se retrouvent «en miroir» dans le cadre judiciaire comme dans le cadre administratif. Dans le premier cas, ces règles seront régies par le Code d’instruction criminelle, dans le second, c’est la Loi du 30 novembre 1998 organique des services de renseignement et de sécurité (L.R&S) qui a été adaptée en ce sens.
As stated in the answer to the previous question, there are no specific rules for using spyware. Law on Criminal Procedure of Bosnia and Herzegovina (hereinafter referred to as the CPC) contains provisions that generally refer to special investigative actions.
Although there are not specific rules regulating the use of spyware, Bulgaria permits their use as part of its special technical measures.
The Canadian legal framework does not use or define the term “spyware”. We interpret “spyware” to refer to software that is installed or deployed on an electronic device and which enables the covert collection of data from that device. In Canada, this investigative technique is more commonly referred to as an on-device investigative tool or implant.
There are no specific rules; therefore, the general rules on targeted surveillance apply. The Croatian Constitution ensures personal data privacy (Article 37) and prohibits the use of illegally obtained evidence in court (Article 29). Laws such as the Criminal Procedure Act, Police Affairs and Powers Act, and Security and Intelligence System Act (SISA) guide surveillance within criminal and intelligence contexts. Croatian law allows police to use spyware-like surveillance for serious criminal cases only if other investigative methods are insufficient. These actions require judicial approval from an investigating judge, with written reasons justifying the need for surveillance. Orders last up to three months, with possible extensions for ongoing investigations. Article 36 § 2 of the Security and Intelligence System Act of the Republic of Croatia allows targeted surveillance in the absence of a prior authorisation, provided that such authorisation is granted by the relevant authorising body within a deadline that varies between 24 hours.
The said provision in Art.791 b of the Administration of Justice Act sets out the conditions for data reading. They are as follows (cumulative):
There are no specific rules for the use of spyware, just the general rules on targeted surveillance are applicable. See Criminal Procedure Code, §§ 126 -126. Methods and means of covert collection of information are provided in regulations adopted by the Minister of Defence and Minister if Interior (Security Authorities Act, § 28). These regulations foresee also the use of interception of communications.
There are no specific rules in place. Instead, the general rules on targeted surveillance
No, there are not. Notwithstanding this, privacy and correspondence are fundamental rights enshrined in the French Constitution (based on the Declaration of the Rights of Man and of the Citizen, 1789) and French courts, including the Constitutional Council, ensure compliance with these rights. Intrusions are permitted only under specific, legally defined conditions necessary for national security, public safety, and crime prevention.
Article 100b of the Code of Criminal Procedure provides a narrower list of crimes (compared to Article 100a) for which the use of spyware is allowed. Moreover, Article 49 § 1 of the Federal Criminal Police Office Act allows the Federal Criminal Police Office to access IT systems only if certain facts justify the assumption that there is a danger to the (i) body, life or liberty of a person or (ii) such public goods, the threat to which affects the foundations or the existence of the federation or a country or the foundations of human existence
In 2022, a spyware network was revealed in Greece, involving, among others, EYP (that is the Greek National Intelligence Agency), which operates under the authority of the Prime Minister’s Office. Among the persons that were found to be under the surveillance of EYP and two other private entities, whose identity has recently been disclosed were several ministers, the head of the army’s joint staff and the leader of an opposition party. After the affair was made public, the leader of EYP as well as the director of the Prime Miniter’s office, who was in charge with the supervision of EYP were dismissed and the Prime Minister himself declared that he was sorry for the relevant interceptions which, although legal, would have never been ordered. It was only then that Parliament voted law 5002 of 2022, which, in addition to the general rules forbidding interceptions and surveillance of Article 370A -370C of the Greek Criminal Code, refers to spyware (see hereunder).
There are two ways of approaching this question: First, electronic surveillance of content (subject matter) and second, monitoring data from electronic communication such as A calling B at a specific time (without accessing the content of communication).
There are no specific rules in place detailing the use of spyware. The use of spyware would
A) Referring to criminal proceedings, the general rule on interception of conversations or communications (Article 266, par. 1 CCP) provides that «telephone conversations or communications and other forms of telecommunication may be intercepted in a proceedings related to offences» identified on the basis of a quantitative criterion (edict penalty) or a qualitative criterion (type of offence). With specific reference to the spyware, it is important to note that, from a theoretical point of view, the trojan horse, as it is known, can carry out several intrusive operations and collecting a variety of data. For example, the malware is capable of intercepting communications between computers and telematic systems (emails, WhatsApp messages, Skype conversations, etc.), activating microphones and/or cameras and GPS, recording everything typed on the keyboard (so-called keylogging function) and everything that appears on the screen (so-called screenshots function). It can also infiltrate the memory of devices where data is stored, thus capturing all data and information contained in or passing through the infected device, as well as modifying any information stored or transmitted. Despite these numerous functions, the Italian Parliament has only expressly regulated the use of that investigative tool to carry out the interception of face-to-face conversation and only on mobile devices. In fact, pursuant to Article 266, paragraph. 2 CCP, the investigating authority may, in the same cases provided for in paragraph 1, intercept communications between persons present in the same place (rectius, interception of face-to-face conversations) by «captatore informatico» on a portable electronic device. However, if these take place in the places referred to in Article 614 of the Criminal Code (i.e. private domicile), the interception with spyware may only be carried out «if there are justified reasons to believe that a criminal activity is occurring there». Moreover, according to the paragraph 2-bis of Article 266 CCP, «the interception of face-to-face conversations through the insertion of a spyware in a portable electronic device is always permitted in proceedings for the offences referred to in Article 51, paragraphs 3-bis and 3-quater, and provided that the reasons justifying its use are stated, also in the cases referred to in Article 614 of the Criminal Code, for offences committed by public officials or persons in charge of a public service against the public administration, for which a maximum penalty of at least five years’ imprisonment is provided for, as determined in accordance with Article 4 CCP». A problematic issue, however, arises regarding the possibility of using spyware to carry out the specific interceptions regulated in Article 266-bis CCP. The provision, entitled «Interception of computer or electronic communications», states that «in proceedings related to the offences referred to in Article 266, as well as the offences committed by using computer or electronic technologies, the interception of communication flows with computer or electronic systems among different systems is allowed». In other words, the flow to which Article 266-bis CCP refers may be represented either by the exchange of e-mails or communications through instant messaging applications, or by sound files and voice communications. Although the provision does not explicitly refer to the possibility of using the trojan horse to carry out this type of interception, the Italian Supreme Court considers that the use of the spyware must be considered as permitted for the execution of interceptions pursuant to Article 266-bis CCP (see, for instance, Italian Court of Cassation, no. 48370/2017). Pursuant to Article 267 CCP (general rule) the Public Prosecutor shall require the Preliminary Investigation Judge to issue an authorization for ordering the activities referred to in Article 266 (i.e. interception of communications and conversations). The authorization shall be given by reasoned decree if there is serious suspicion that an offence has been committed and the interception is absolutely necessary to continue the investigation. Pursuant to Article 267 CCP (specific rule), when, at the request of the Public Prosecutor, the Preliminary Investigations Judge authorizes the interception by spyware, he shall indicate – with an assessment that does not have to slavishly follow the request – the reasons why such modality is necessary for the conduct of the investigation («Il decreto che autorizza l’intercettazione tra presenti mediante inserimento di captatore informatico su dispositivo elettronico portatile espone con autonoma valutazione le specifiche ragioni che rendono necessaria in concreto tale modalità per lo svolgimento delle indagini»); and, when proceeding for offences other than particularly serious ones (i.e. the offences, already mentioned, referred to in Article 51, paragraphs 3-bis and 3-quater CCP) and the most serious offences committed by public officials against the public administration, the places and times in relation to which the microphone may be activated must also be determined, even indirectly. Pursuant to the above-mentioned Article 267 CCP, paragraph 2 (general rule), «in cases of urgency, if there are justified reasons to believe that any delay can seriously hamper the investigation, the Public Prosecutor shall order the interception by reasoned decree, which shall be forwarded immediately and, in any case, within twenty-four hours, to the judge of preliminary investigations. Within forty-eight hours of the delivery of the decision, the judge shall decide on its validation by reasoned decree. If the decree of the Public Prosecutor is not validated within such time limits, the interception shall not be continued, and its results shall not be used». Pursuant to the above-mentioned Article 267 CCP, paragraph 2-bis (specific rule), the interception of face-to-face communications by inserting a spyware on a portable electronic device («mediante l’inserimento di un captatore informatico su un dispositivo elettronico portatile»), may be ordered by the Public Prosecutor only in the case of proceedings for particularly serious offences (i.e. the offences, already mentioned, referred to in Article 51, paragraphs 3-bis and 3-quater CCP, such as, for example, mafia-type criminal association) or for offences committed by public officials against the public administration. Articles 268 e 269 CCP provide for general rules regarding the procedure for interceptions and preservation of documentation. Article 270 CCP regulates the use in other proceedings of the results of interception. As a general rule, the results of interceptions «shall not be used in proceedings other than those for which they have been ordered, unless they are essential for ascertaining offences for which arrest in flagrante delicto is mandatory». Pursuant to Article 270 paragraph 1-bis (specific rule), the results of face-to-face communications interceptions, realized by inserting by inserting a spyware on a portable electronic device («mediante l’inserimento di un captatore informatico su un dispositivo elettronico portatile»), may be used in other proceedings if they are deemed indispensable for ascertaining particularly serious offences (i.e. offences, already mentioned, referred to in Article 51, paragraph 3-bis and 3-quater CCP), and particularly serious offences committed by public officials against the public administration. Lastly, the special rules for the interception of conversations or communications provided for organized crime offences in particular (Article 13 of Legislative Decree No. 152 of 13 May 1991) apply to the use of the computer interceptor as an interception tool.
The privacy of correspondence is protected as a fundamental right under Article 18 of the Constitution of the Republic of Korea. Therefore, regardless of the existence of specific rules governing spyware, it is clear that no citizen’s privacy of correspondence shall be infringed upon by spyware. In addition, the Protection of Communications Secrets Act, enacted as an ordinary law for the protection of communications secrets, ensures that communications secrets are generally preserved, except in specific cases permitted by this law. As such, any collection of personal or sensitive data via spyware is, in principle, regulated by the Protection of Communications Secrets Act.
In the absence of specific rules relating to spyware, the more general rules regulating targeted surveillance, more specifically interception of communications, are the only rules that fill the void and should apply at least until more specific provisions are in place. They are essential to safeguarding the human rights and fundamental freedoms and at the same time serve the most essential purpose of legal certainty.
According to the Law of the Kyrgyz Republic of October 16, 1998 No. 131 “On operational investigative activities”, operational investigative activities are based on the principles of legality, respect for the rights and freedoms of the individual, conspiracy, and a combination of overt and covert methods and means.
As said obove the use of spyware is not allowed in Liechtenstein.
According to the Law on Criminal Intelligence, technical means in criminal intelligence can be used in a general and special order (see Article 2(20)).
Pursuant to Article 88 § 1 of the Code of Criminal procedure spyware can be used in the framework of criminal proceedings only when dealing with serious crimes, including offences against State security (articles 101 to 123 of the Criminal Code), and acts of terrorism and terrorist financing (Articles 135-1 to 135-6, 135-9 and 135-11 to 135-16 of the Criminal Code) In the framework of intelligence investigations spyware could only be used in the presence of a threat or risk of threat to national security. The law specifies at Article 8 § 1(c) of the State Intelligence Service (SRE) the nature of potential threats to national security, which are: espionage and interference, violent extremism, terrorism, proliferation of weapons of mass destruction or defence-related products and technologies, organised crime and cyber-threats, insofar as they are linked to any of the above threats. The law explicitly excludes internal political surveillance from the security service’s remit. The scope of this mission also extends to the security of foreign states and international and supranational organisations with which Luxembourg has signed agreements.
The Malta Security Service (MSS) and law enforcement agencies are the primary entities permitted to employ surveillance tools, including spyware, for national security and criminal investigation purposes. These activities must comply with the Security Services Act and Criminal Code, which outline the conditions under which surveillance can be authorized. Specific regulations also address data protection and privacy compliance under Maltese law.
Rules for targeted surveillance in intelligence investigations - Law no. 59/2012 on the special investigation activity.
The delegation of power from the legislator to the administrative authority may result from the fact that the Finance Act has not been passed by December 31. In this case, the services voted may be approved by sovereign ordinance (art. 73).
L’article 108 alinéa 1 du Code de procédure de pénale prévoit l’interdiction d'intercepter les appels téléphoniques ou les communications effectuées par des moyens de communication à distance, de les enregistrer, d'en prendre des copies ou de les saisir.
In North Macedonia, the general rules for interception of communications define the scope (ratione materiae), duration (ratione temporis), and subjects (ratione personae) of surveillance activities. The Law on Communication Surveillance applies to the interception of all forms of communication, including phone calls, emails, and other electronic communications.
Law enforcement authorities:
The general rules apply.
Current legal framework governing targeted surveillance is noticeable in several laws. Code of Criminal Procedure (Kodeks Postępowania Karnego - KPK) is the primary legal act regulating surveillance activities in criminal investigations. It covers the procedures for obtaining and using evidence, including interceptions and other forms of surveillance. Act on Police (Ustawa o Policji) governs the powers of the police, including surveillance and operational activities for preventing and detecting crime. Act on the Internal Security Agency and Intelligence Agency (Ustawa o Agencji Bezpieczeństwa Wewnętrznego oraz Agencji Wywiadu) regulates surveillance activities by intelligence and security services for purposes related to national security. Act on Counteracting Terrorism (Ustawa o działaniach antyterrorystycznych) provides a framework for surveillance in counterterrorism activities, allowing security agencies to conduct surveillance to prevent terrorist threats.
The rules of criminal procedure (in the Code of Procedure or in separate laws) relating to criminal investigation and to use of specific - or exceptional - means of investigation provide for admissibility conditions relating to the nature and gravity of the crimes (severity of the maximum penalty), with strict authorization procedures, that are within the competence of the investigation judge, and for a maximum period and controls on the duration (articles 187, 188 and 189 of the CPP; article 6 of Law 5/2003; and articles 18 and 19 of the Cybercrime Law).
Romanian legislation permits surveillance under certain conditions in the context of national security and criminal investigations. For instance, the Code of Criminal Procedure (Articles 138–142) outlines various surveillance methods, including wiretapping, accessing computer systems, and video/audio surveillance. Moreover, Law No. 51/1991 on National Security grants Romanian authorities the power to conduct surveillance when national security is at risk. Finally, Law No. 14/1992 and Law No. 1/1998 regulate the organization and operations of the Romanian Intelligence Service (SRI) and the Foreign Intelligence Service (SIE), giving them authority to use surveillance tools within legal boundaries.
There is a lack of both a definition of spyware and a specific discipline dedicated
The Constitution of the Republic of Serbia guarantees the confidentiality of letters and other means of communication. It is prescribed that confidentiality of letters and other means of communication shall be inviolable. Derogation shall be allowed only for a specified period and based on decision of the court if necessary to conduct criminal proceedings or protect the safety of the Republic of Serbia, in a manner stipulated by the law.
There are no specific rules regarding spyware and, indeed, the general rules on targeted surveillance apply. These are contained in two principal pieces of legislation, namely the 2003 Protection Against Interception Act (“PAIA”, annexed in its entirety in English, with only final and transitory provisions left out) and the 2005 Criminal Procedure Code (“CPC”, relevant provisions annexed). Several other laws refer to the PAIA; those provisions are also annexed.
2.1.- Criminal Investigations.
Both specific rules in the Act as well as the more general rules (proportionality etc.) which apply to all special investigative measures apply to the use of spyware. The Act is complicated. One of the reasons for this is that it refers back to the legal regimes applicable for other secret investigative measures, namely metadata interception, telecommunications interception, secret video surveillance and secret audio surveillance, previously introduced into Swedish law. These regimes were introduced during different time periods, with the possibility for secret audio surveillance (bugging) being the most recent. They provide for different thresholds for their use, depending upon how large an interference with personal integrity each of them is perceived as posing, with metadata interception being the least intrusive, and secret audio surveillance being the most intrusive. Moreover, understanding the area is made more difficult because of the frequent cross-referencing which is necessary between the Act and the more general rules, safeguards etc. on surveillance contained in the Code of Judicial Procedure, as well as certain other legislation (e.g. that establishing the oversight body, SIN, see below p.6). Finally, the area is a “moving target” in that new rules are constantly being added.
In addition to the Army Law, there are two specific laws that set out special rules on the use of spyware as a tool of targeted surveillance. Article 269ter and 269quater CPC apply for criminal proceedings. These provisions are part of Chapter 8 (heading: « Covert surveillance measures »), Section 1 (heading: « Surveillance of correspondence by post and telecommunications »), CPC. The CPC provides for a number of covert targeted surveillance measures, including the surveillance of post and telecommunications, which includes the use of spyware.
The Criminal Procedure Code of Ukraine regulates the procedure for conducting Collecting information from electronic communication networks [Chapter 21. Covert investigative (detective) actions], which include:
According to Section 102(5), a targeted thematic equipment interference warrant can only be issued: (i) in the interests of national security, (ii) for the purpose of preventing or detecting serious crimes or (iii) in the interests of the economic well-being of the UK, so far as those interests are also relevant to the interests of national security.
General rules of communication interception apply, as described in the criminal law context in the previous section. The Electronic Communications Privacy Act (1986) is a federal statutory regulation which limits the use of electronic surveillance methods and, in keeping with Fourth Amendment principles, requires most surveillance – such as pen registers and wiretaps – to be warranted by a “court of competent jurisdiction.”
Austria
[For all surveillance methods (information on telecommunication data, monitoring of messages etc.), the Code of Criminal Procedure sets out in detail the specific conditions under which each single method may be conducted (see Section 135 leg.cit.). The provisions repealed in 2019, in particular Section 135a leg.cit., had stipulated the conditions under which installing spy software on a computer system by could be authorised; including (under even more restricted conditions) by intruding into apartments. Naturally, most of these rules would have been stricter than the rules for the other – less invasive – methods. For instance, they would have applied to cases of (suspected) crimes punishable by more than five years' imprisonment (compared to 6 months or one year in case of the other surveillance methods). In part, the consent of the owner of the computer would have been necessary.]
Belgium
Code d’instruction criminelle :
Article 90ter, § 1er Code d’Instruction Crimininelle dispose que le juge d'instruction peut, dans un but secret, intercepter, prendre connaissance, explorer et enregistrer, à l'aide de moyens techniques, des communications non accessibles au public ou des données d'un système informatique ou d'une partie de celui-ci, ou étendre la recherche dans un système informatique ou une partie de celui-ci. Cette mesure ne peut être ordonnée que dans des cas exceptionnels, lorsque les nécessités de l'instruction l'exigent, s'il existe des indices sérieux que cela concerne une infraction visée au paragraphe 2, et si les autres moyens d'investigation ne suffisent pas à la manifestation de la vérité. En vue de permettre cette mesure, le juge d'instruction peut également, à l'insu ou sans le consentement de l'utilisateur, ordonner, à tout moment: - la pénétration dans un système informatique; - la suppression temporaire de toute protection des systèmes informatiques concernés, le cas échéant à l'aide de moyens techniques, de faux signaux, de fausses clés ou de fausses qualités; - l'installation de dispositifs techniques dans les systèmes informatiques concernés en vue du décryptage et du décodage de données stockées, traitées ou transmises par ce système. La mesure visée ne peut être ordonnée que pour rechercher les données qui peuvent servir à la manifestation de la vérité. Elle ne peut être ordonnée qu'à l'égard soit de personnes soupçonnées, sur la base d'indices précis, d'avoir commis l'infraction, soit à l'égard des moyens de communication ou systèmes informatiques régulièrement utilisés par un suspect. Elle peut également être ordonnée à l'égard de personnes présumées, sur la base de faits précis, être en communication régulière avec un suspect." En cas de flagrant délit et tant que la situation de flagrant délit perdure, le procureur du Roi peut ordonner la mesure pour les infractions graves énumérées exhaustivement dans la loi.
Loi du 30 novembre 1998 organique des services de renseignement et de sécurité (L.R&S):
L’article 18/16 de la L.S&R autorise l’intrusion dans un système informatique et la collecte de données. Les interceptions, prises de connaissance et enregistrement des communications sont encadrées par l’article 18/17 L.R&S. Il s’agit de méthodes dites «exceptionnelles» (art. 18/2, § 2). L’article 44, LR&S permet en outre au Service Général du Renseignement et de la Sécurité de rechercher, capter, écouter, prendre connaissance et enregistrer toute forme de communications émises ou reçues à l'étranger, selon les modalités fixées dans la loi. Il faut relever cependant que si la législation sur les services de renseignement encadre le principe de telles méthodes intrusives, elle ne traite nullement des ‘techniques’ de mise en œuvre. Ces questions dites techniques – entre autres, avec quels matériels et logiciels les méthodes sont mises en œuvre - sont laissées à l’appréciation des services, tenant compte des évolutions permanentes et exponentielles des technologies. La L.R&S envisage l’ensemble les méthodes qui peuvent être mises en œuvre par les services de renseignement. Dès lors, il y a lieu de conclure que le cadre légal actuel autorise les services de renseignement belges à faire usage du logiciel PEGASUS.
Bosnia and Herzegovina
Against a person for whom there are grounds for suspicion that he or she participated alone or with other persons or participates in the commission of the criminal offense referred to in Article 117 of the CPC, special investigations may be ordered actions, if evidence cannot be obtained in any other way or obtaining it would be associated with disproportionate difficulties (Article 116, paragraph 1).
The special investigative actions provided for by the CPC are:
a) supervision and technical recording of telecommunications,
b) access to computer systems and computer comparison of data,
c) supervision and technical recording of premises,
d) secret monitoring and technical recording of persons, means of transport and objects standing in relate to them,
e) the use of undercover investigators and the use of informants,
f) simulated and controlled purchase of items and simulated payment of bribes,
g) supervised transportation and delivery of objects of a criminal offense (Article 116, paragraph 2 of the CPC).
Investigative actions from point a. they can also be determined according to the person for whom there are grounds for suspicion to the perpetrator, that is, from the perpetrator of the criminal offense referred to in Article 117 of this law information related to the criminal act, i.e. that the perpetrator uses its means telecommunications. (Article 116, paragraph 3 of the CPC).
Special investigative actions can be determined for the following criminal offenses (Article 117 of the CPC):
- criminal acts against the integrity of Bosnia and Herzegovina,
- against humanity and values protected by international law,
- terrorism
- causing national, racial and religious hatred, discord and intolerance;
- illegal deprivation freedom,
- unauthorized wiretapping and sound or optical recording,
- violation of freedom voter preferences,
- counterfeiting money,
- forgery of securities,
- money laundering,
- tax evasion or fraud,
- smuggling,
- organizing a group of people or an association for smuggling or distribution of customs-free goodscustoms fraud,
- receiving a gift and others forms of use,
- giving gifts and other forms of benefit,
- receiving a prize or other form of benefit for influence peddling,
- providing a reward or other form of benefit for influence peddling
- abuse of position or authority,
- unlawful release of a person deprived of liberty,
- help to the perpetrator after the committed criminal act,
- assistance to a person accused by an international criminal court,
- prevention of proof,
- revealing the identity of a protected witness,
- obstruction of justice,
- association for the purpose of committing criminal acts,
- organized crime,
- other criminal offenses for which a prison sentence of five years or a heavier sentence may be imposed.
Investigative actions from Article 116, paragraph (2) point. from a) to d) and point g) of this law may continue up to a month at most, and if they give results there is a reason to continue with theirs conducted for the purpose of gathering evidence, they can be extended by the reasoned proposal of the prosecutor another month, with the measure from the point from a) to c) can last a maximum of six months in total for criminal offenses punishable by a prison sentence of five years or a heavier sentence, and for other criminal offenses for a maximum of four months. Measures from point d) and g) can last the longest in total three months for criminal offenses punishable by a prison sentence of five years or more penalty, and for other criminal offenses a maximum of two months. Exceptionally in relation to a criminal offense organized crime and criminal acts of terrorism, investigative actions from Article 116, paragraph (2), item from a) to d) and point g) of this law, if they give results and there is a reason to continue by conducting them for the purpose of gathering evidence, they can be based on the reasoned proposal of the prosecutor extend for another three months. Proposal for action from Article 116, paragraph (2), point f) of this law it can only refer to a one-time act, and the request for each subsequent action against the same
persons must contain the reasons justifying its use. (Article 118, paragraph 3 of the CPC).
In accordance with the Law on the Intelligence and Security Agency of Bosnia and Herzegovina (Article 74) during operations, the implementation of which was approved by the Director General of the Agency, the Agency has authority to collect information:
a) from all publicly available sources;
b) from other bodies and institutions in Bosnia and Herzegovina, by direct access to the database except in cases where they are expressly prohibited by law;
c) measures of physical monitoring in public places (i.e. dedicated and systematic
observations with the aim of gathering information on specific issues concerning persons or facilities that are reasonably believed to be involved in any activities or preparations activities that fall within the Agency's scope of responsibility);
d) monitoring measures in places that do not have a public character, provided that the conditions are met determined in art. 77 and 78 of this law;
e) measures of search of movable and immovable property, provided that the established conditions are met Art. 77 and 78 of this law;
f) measures to monitor electronic media, provided that the conditions from Art. 77 and 78 of this year of the law; and
g) using other sources that are believed to be able to provide information that is required by the Agency, provided that the conditions from Article 75 of this law are met.
Bulgaria
Articles 32 and 34 of the Bulgarian Constitution guarantee citizens’ privacy, including protections against unauthorized monitoring, photography, or recording. Any exceptions, such as surveillance, must be legally justified and approved by the judiciary. With regard to surveillance, it is only permitted in cases involving serious crimes that threaten national security.
The Criminal Procedure Code restricts spyware usage to severe intentional crimes, establishing stringent conditions for its application, and requiring judicial approval. Evidence collection includes methods like wiretapping, surveillance, and undercover operations but must meet a proportionality standard, ensuring other methods are infeasible.
Canada
Canada has signed onto the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware.
There is no explicit prohibition on the use of on-device investigative tools or implants in criminal or intelligence investigations. The Canadian legal framework provides for judicial authorizations to conduct targeted investigations through the use of these tools. The collection of personal information by government institutions must also comply with applicable privacy legislation, such as the Privacy Act.
Crotia
Denmark
There must be specific reasons to assume that the information system in question is used by the suspect in connection with planned or already committed criminal activity which a) under the law is punishable by prison of 6 years or more or b) concerns intentional violation of criminal law provisions concerning state security etc.
Data reading must be assumed to be of decisive importance to the investigation of such crime.
Data reading must be proportionate in relation to its purpose, the criminal activity in question and the violation of the right to privacy of the person(s) subjected to data reading.
Estonia
Finland
(interception of communications) apply.
France
Targeted surveillance can occur in the investigation of specific crimes, that are listed in article 706-73 and 706-73-1 of the Code of Criminal Procedure (for example: murder, trafficking (of human being, drugs, firearms and other weapons), theft, terrorism, money laundering).
The Loi relative au renseignement (no 2015-912 of 24 July 2015), introduced in response to several terrorist attacks, regulates the hacking and interception practices of the French intelligence. The law was then complemented by Loi no 2021-998 relative à la prévention d'actes de terrorisme et au renseignement.
Germany
According to Article 100e § 2 of the Code of Criminal Procedure, the time limit for the use of spyware in criminal proceedings is one month. However, after a total period of six months it is the higher regional court which decides on any further extension orders. In the case of intelligence investigations, the time limit is three months (Article 49 § 6(3) of the Federal Criminal Police Office Act). In that case, an extension by no more than three months is allowed.
In Germany third parties who are sufficiently linked to the main target can also be the object of spyware surveillance. Pursuant to Article 100b § 3, the use of spyware is allowed where it is to be assumed, on the basis of certain facts, that: (i) the accused uses the other person’s information technology systems; and (ii) the interference with the accused’s information technology systems alone will not lead to the establishment of the facts or to the determination of the whereabouts of a co-accused. See also Article 49 § 3 of the Federal Criminal Police Office Act (when unavoidable).
Greece
Law 5002 of 2022 added Articles 370E and 370F of the Greek Criminal Code (i.e. law 4619 of 2019). Article 370E provides that any person «acting illegally and using technical means” («όποιος αθέμιτα, με τη χρήση τεχνικών μέσων») “monitors or impresses” («παρακολουθεί ή αποτυπώνει») non-public transmissions of data, for the purpose of getting informed thereof or of using the relevant data, is imprisoned for a period not exceeding ten years. As for Article 370F, it provides for an imprisonment of 2 to 5 years of any person who is producing, selling, importing or exporting or trading in any other way “software or surveillance equipment, which may intercept, record or draw on” («λογισμικά ή συσκευές παρακολούθησης, με δυνατότητα υποκλοπής, καταγραφής και άντλησης») personal data.
The same law 5002 of 2022, however, provides that the use of spyware by State agencies may be permitted, under the terms of a presidential decree which, based on available information, has not been issued to this day (Article 13 of law 5002 of 2022).
Iceland
An electronic communications undertaking in Iceland must comply with police instructions in criminal investigations, provided these instructions are supported by a court order or legal authorization, cf. Article 92 of the Electronic Communication Act No.
70/2022 and the Criminal Code No. 88/2008.
According to the Electronic Communication Act any kind of processing of electronic communications, including storage, listening, recording or interception is unauthorised, unless this is done with informed consent of a user or according to legal authorisation, cf., Article 88, paragraph 1. This applies to the content of electronic communication, i.e. phone calls and SMS texts.
Police authorisation is based on section XI of the Criminal Code: “Telephone tapping and other comparable measures”. The explanatory report of the Criminal Code clarifies that under Article 80 of the Criminal Code, such measures allow access to data on telephone calls and other telecommunication, excluding the content.
On the other hand, Article 81 of the Criminal Code provides that subject to the conditions stated in Article 83 and the first paragraph of Article 84, telecoms may be required, in the interests of an investigation, to permit the tapping or recording of telephone calls or other telecommunications with a specific telephone, computer or other type of telecommunications device, or with a telephone, computer or other type of telecommunications device owned by or at the disposal of a specific person. Furthermore, subject to the same conditions, the police may be permitted to monitor or record telecommunications with equipment designed for this purpose.
It is always mandatory to base a request on court order for listening or recording phone calls, cf., Article 81 and 84 of the Criminal Code. It is however obligatory to grant information on the basis of Article 80 of the Criminal Code if the unequivocal consent of the person in charge, and the actual user of the telephone, computer or other telecommunications device, has been given.
The investigative measures listed in Article 80-82 of the Criminal Code always require a court order. According to Article 83 certain conditions must be fulfilled to be granted permission to carry out such measures: there must be reason to expect that information that may be of great significance for the investigation of a case will be obtained in that way. In addition to what is stated in the first paragraph, a condition that must be met in order to apply measures under Article 81 and the first paragraph of Article 82 is that the investigation must be directed towards an offence that may entail six years’ imprisonment according to law and that it is demanded by substantial public or private interests.
Under Article 84, a court ruling must specify the telephone or other telecommunications device involved, or identify the owner or person in charge of the telecommunications device (cf. Article 80 and 81), or detail the method used to record sound, take visual images, monitor individuals or place tracking devices (cf. Article 82), including the location of these actions. Furthermore, authorisation to take measures is limited to a specified period, not exceeding four weeks per instance.
According to Article 82, paragraph 2, sound recordings or images of people may be taken, and individuals may be monitored in the interests of an investigation, in public places or in places to which the public has access without the conditions of Article 83 and the first paragraph of Article 84 being met. Regarding this, the Electronic Communications Act contains a provision on electronic communications data (Article 89).
Electronic communications undertakings are required to store data for six months and provide it to the police based on a court order or without court order if the unequivocal consent of the person in charge, and the actual user of the telephone, computer or other telecommunications device, has been given, cf., Article 92 of the Electronic Communications Act, and Article 80 and 84 of the Criminal Code. There is hence not an implicit requirement for court order.
The purpose of data storage is to ensure that the electronic communications undertakings can provide information about which customer was using a specific telephone number, IP-address, or user name. This includes details of all user communications, the dates, recipients, and the volume of data transmitted, as well as the telephone number used during a specified period.
It should be noted that the Ministry of Justice plans to revise the procedural rules regarding phone recordings and related measures. The revision will assess the need for amendments in line with the Budapest Convention and updates to domestic laws since its ratification, such as the Electronic Communications Act.
Ireland
likely be governed by general rules on targeted surveillance and the interception of communications. Irish law regulates the following types of state surveillance; the use of tracking and surveillance devices under the Criminal Justice (Surveillance) Act 2009, interception of communications under the Interception of Postal Packets and Telecommunications Messages Act 1993, and access to retained communications data under the Communications (Retention of Data) Act 2011, as amended by the Communications (Retention of Data) (Amendment) Act 2022.
Criminal Justice (Surveillance) Act 2009
This Act covers covert surveillance, including audio and visual recordings, tracking devices and other forms of electronic surveillance. Surveillance is permitted for preventing, detecting, investigating or prosecuting serious offences. Surveillance operations require authorisation and are limited in duration. The initial authorisation can last up to three months, with possible extensions. Authorisation must be granted by a District Court judge. The Act applies to persons suspected of involvement in serious criminal activities. Surveillance is targeted and specific to individuals under investigation.
Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993
The Act regulates the interception of postal packets and telecommunications messages. Interception is permitted for the protection of national security and the prevention, detection, investigation, or prosecution of serious offences. Interception requires a warrant issued by the Minister for Justice which is valid for a specific period, generally up to three months, and can be renewed. Warrants are issued following a formal application by authorised officers. The Act applies to individuals suspected or involved in serious criminal offences.
Communications (Retention of Data) Act 2011, as amended by the Communications (Retention of Data) (Amendment) Act 2022
This law sets out the data retention scheme. Unlike targeted surveillance, which involves the surveillance of a particular person, mass surveillance involves the indiscriminate retention and storage of communications data. Therefore, Irish data retention law does not strictly apply to the legal framework that could be used for spyware. It is worth noting however, as data retained under this Act can be accessed by bodies such as An Garda Síochána when such a body decides that there are grounds for suspecting a person of being involved in unlawful activity relating to the commission of a crime or the security of the state.
Data retention law has changed in Ireland in recent years. The main law in this area is the Communications (Retention of Data) Act 2011 which transposed the Data Retention Directive. The Act regulates access to and retention of information that has been generated by various service providers. Following the judgments in Digital Rights Ireland and Tele2, the Murray report was published which identified the need for reform. The law was challenged following the judgement in GD v Commissioner of An Garda Síochána and others. The judgement in this case confirmed that key elements of the 2011 Act were contrary to EU law and that the general and indiscriminate retention of traffic and location data was not permitted for the purpose of tackling serious crime. The Communications (Retention of Data) (Amendment) Act 2022 was passed and commenced in 2023. It limits the means and purpose for which certain metadata can be retained and accessed. Since June 2023, there are two separate regimes, one for user data and one for Schedule 2 data. There is no longer an obligation on service providers to retain all Schedule 2 data. This data can now only be retained for the purposes of safeguarding state security and only on the foot of a court order. However, the Act also provides for ‘quick freeze’ orders to retain certain types of Schedule 2 data for broader purposes.
The 2011 Act applies only to service providers and does not apply to non-traditional telecommunications providers such as search engines and ‘over-the-top’ communicationsservices. Certain data must be retained for a period of one year, which can be varied by the Minister for Justice.
Other Rules
Apart from interception and data retention, Ireland does not have technology-specific rules and instead relies on the general law regarding search warrants and court orders to produce or give access to information. These powers are spread across a range of statutes and common law rules which can be exercised depending on the crime being investigated. However, in the recent case DPP v Quirke, the Supreme Court identified a distinction between physical spaces and digital spaces regarding authorisation to search and seize potential evidence. The Supreme Court held that the search of digital devices was a serious intrusion on privacy which required judicial analysis of the proportionality of the search.
Italy
B) As mentioned above, the regulation of ante delictum interception is contained in Article 226 implementing provisions CCP. As can be observed from the littera legis of the provision (cfr. supra, question no. 1), there is no explicit reference to the possibility of using spyware in preventive interception. However, the issue is debated among Italian scholars. It can be assumed that the absence of a provision in Article 226 to legitimise the use of spyare with reference to preventive interception excludes its applicability (ubi lex voluit, dixit; ubi noluit, tacuit). However, according to some commentators, the use of trojan horse in the ante delictum phase must be considered permissible for two reasons. On the one side, the explicit reference in Article 226 to the expression «including by telematic means» would recall the establishment of telematic interception in Article 266-bis CCP, in relation to which, as seen above, the Italian Court of Cassation allows the use of spyware. On the other side, since Article 226 refers to the types of interception that can be carried out during the criminal proceedings (Article 266 CCP), the use of spyware must also be allowed in the preventive phase. It follows that, although not expressly provided for in the provision, preventive interception by means of trojan virus would be perfectly legitimate, since it is implicitly included among the possibilities of the provision itself, which extends its scope to all types of judicial interception provided for in the Code of Criminal Procedure. Finally, with regard to the activities other than interception, which have not been expressly regulated by the legislator in the context of criminal proceedings, the Italian doctrine seems to exclude the possibility of using computer interception. In other words, if the only type of “legal” interception device is the one that allows only the interception of communications, it must be affirmed that all other activities carried out by means of Trojans cannot be considered legitimate, both in the repressive and in the preventive phase.
C) As mentioned above, intelligence interception is regulated by Article 4 and 4-bis of Law No. 144 of 27 July 2005. In this case too, as in the case of “interceptions ante delictum”, the law makes no explicit reference to the possibility of using spyware as a means of carrying out intelligence interceptions. However, the question arises as to whether, in the absence of an explicit reference, spyware may nevertheless be used in the course of intelligence interception. In this respect, it is important to note that, prior to the adoption of Law No. 197/2022, Article 4, with regard to the subject matter of intelligence interception, referred only to the provisions of paragraph 1 of Article 226 implementing provisions CCP, i.e. to preventive interception. Currently, on the other hand, the subject of intelligence interception is regulated in a completely autonomous manner, being identified with «the interception of communications or conversations, including by telematic means, as well as the interception of communications or conversations between persons present, even if these take place in the places referred to in article 614 of the Criminal Code» (Article 4). However, the amendment to the law does not change the subject matter of the interception, and therefore the same arguments that we have described above with regard to the admissibility or otherwise of the use of the trojan horse in ante delictum interceptions can be used here. In brief: although the law does not explicitly allow the use of the trojan horse in the intelligence interceptions, some authors, by way of interpretation, allow this possibility.
Korea
CONSTITUTION
Article 18
The privacy of correspondence of all citizens shall not be infringed.
PROTECTION OF COMMUNICATIONS SECRETS ACT
Article 1 (Purpose)
The purpose of this Act is to protect communications secrets and further enhance the freedom of communications by limiting the scope of restrictions with respect to the secrecy and freedom of communications and conversations and making due process of law mandatory.
Article 2 (Definitions)
The terms used in this Act are defined as follows:
3. The term "telecommunications" means transmission or reception of all kinds of sounds, words, symbols or images by wire, wireless, fiber cable or other electromagnetic system, including telephone, e-mail, membership information service, facsimile and radio paging;
Article 3 (Protection of Secrets of Communications and Conversation)
(1) No person shall censor any mail, wiretap any telecommunications, provide communication confirmation data, or record or listen to any conversation between others that is not made public, except as provided for in this Act, the Criminal Procedure Act or the Military Court Act: Provided, That the following cases shall be governed by the relevant statutes:
1. Handling of returned mail, etc.: Where parcel postal items (including any mail similar thereto) suspected of containing such contraband items as explosives are opened, where the mail cannot be delivered to the addressee or is returned to the sender because of the addressee's refusal to accept it, where the mail is opened in order to identify the address and name of the sender of the mail that the addressee refuses to receive because of missing address and name of the sender, or where any unreturnable mail containing valuables is handled, in accordance with Articles 28, 32, 35 and 36 of the Postal Service Act;
2. Inspection of import and export mail: Customs clearance of mail, other than personal correspondence under Articles 256 and 257 of the Customs Act;
3. Communications with persons under detention or in prison: Control of communications with the persons under detention or in prison under Article 91 of the Criminal Procedure Act; Article 131 of the Military Court Act; Articles 41, 43, and 44 of the Administration and Treatment of Correctional Institution Inmates Act; and Articles 42, 44, and 45 of the Act on the Execution of Criminal Penalties in the Armed Forces and the Treatment of the Military Inmates;
4. Communications with persons declared bankrupt: Where a trustee in bankruptcy receives communications addressed to a person declared bankrupt under Article 484 of the Debtor Rehabilitation and Bankruptcy Act;
5. Monitoring radio waves for the elimination of interference, etc.: Where radio waves are monitored in order to maintain order in radio waves by, for example, eliminating interference under Articles 49 through 51 of the Radio Waves Act.
There is another ordinary law aimed at promoting the use of information and communications networks and protecting individuals who use the services thereof. The law stipulates that no one shall intrude upon an information and communications network without a rightful authority for access or beyond a permitted authority for access, nor shall anyone convey or spread a malicious program. Those who violate it may face penalties.
ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION
Article 48 (Prohibition on Intrusive Acts on Information and Communications Networks)
(1) No one shall intrude on an information and communications network without a rightful authority for access or beyond a permitted authority for access.
(2) No one shall mutilate, destroy, alter, or forge an information and communications system, data, program, or similar without good cause, nor shall he or she convey or spread a program that is likely to interrupt operation of such system, data, program, or similar (hereinafter referred to as "malicious program").
(3) No one shall cause a trouble to an information and communications network to interfere with stable operation of the information and communications network by sending a large amount of signals or data, letting the network process an illegitimate order, or doing the similar actions.
(4) No person shall install a program or technical device that enables access to the information and communication network bypassing the normal protection and authentication procedures of the information and communication network without good cause on the information and communication network or the information system related to the information and communication network, or deliver or distribute it.
Article 70-2 (Penalty Provisions)
A person who conveys or spread a malicious program in violation of Article 48 (2) shall be punished by imprisonment with labor for up to seven years or by a fine not exceeding 70 million won.
Article 71 (Penalty Provisions)
(1) Any of the following persons shall be punished by imprisonment with labor for up to five years or by a fine not exceeding 50 million won:
11. A person who intrudes into the information and communication network, in violation of Article 48 (1);
12. A person who causes a trouble to the information and communication network, in violation of Article 48 (3);
13. A person who installs a program, technical device, etc. in the information and communications network or an information system related thereto, or transmits or disseminates it, in violation of Article 48 (4).
In summary, while no specific laws or regulations that directly address spyware exist, its use is in principle prohibited under the Constitution and existing ordinary laws that guarantee the freedom of communications and protect information and communications networks.
Kosovo
The Law on Interception of Electronic Communications is concise in terms of the reasons for which any measure of targeted surveillance can be permitted. There are two exclusive legal grounds that could justify any interceptive measure, namely:
1. Interception for the purpose of criminal procedure; and
2. Interception for the security needs of the Republic of Kosovo and its citizens.
The specific ground notwithstanding, the Law is clear in setting out the core principles that ought to be observed at all times, which is: (1) the respect for human rights and fundamental freedoms recognized and guaranteed by the Constitution and the European Convention on Human Rights and Fundamental Freedoms, including the judicial practice of the European Court of Human Rights, and (2) the prohibition of interception without a lawful order issued by a competent court.
Another set of subsidiary principles are also laid down by law and are mandatory for courts to be taken into account when taking the decision for interception, namely: the essence of rights and freedoms of persons for whom a request for interception has been made; the significance and necessity for interception, and proportionality; the nature, means and the extent of interception; the relationship between the aim to be achieved and the possibility of achieving it through employing other investigative methods; and secrecy and objectivity in the process of interception. Of comparable relevance and legally binding as well, any measure of interception or targeted surveillance is ought to be seen as a means of last resort and be granted only after "other investigative actions for the collection of information have been exhausted."
Kyrgzstan
The grounds for conducting operational investigative activities are:
1) the existence of an initiated criminal case;
2) information that has become known to the bodies carrying out operational investigative activities: on the signs of an unlawful act being prepared, being committed or having been committed, as well as on the persons preparing, committing or having committed it, if there is insufficient information to decide on the initiation of a conditional case; about events or actions that pose a threat to state, military, economic and environmental security; about persons hiding from the bodies of inquiry, investigation and court or evading criminal punishment; about missing persons and the discovery of unidentified corpses;
3) instructions from the inquiry body, investigator, instructions from the prosecutor or decisions of the court on criminal cases under their jurisdiction;
4) requests from other bodies carrying out operational investigative activities, on the grounds specified above;
5) a resolution on the application of security measures in relation to protected persons, carried out by state bodies authorized to do so in the manner
prescribed by law;
6) requests from international law enforcement organizations and law enforcement agencies of foreign states in accordance with treaties (agreements) on legal assistance ratified by the Kyrgyz Republic.
Liechtenstein
Lithuania
The general use of technical means is described as the application of such means in criminal intelligence in accordance with the procedures established by the main authorities of criminal intelligence in cases not listed in paragraph 22 of this Article (see Article 2(21)). However, technical means may also be used in accordance with the general procedure in the cases listed in paragraph 22 of this Article, when they are employed to record information obtained during surveillance in public places or on the initiative of criminal intelligence entities in the premises and vehicles used by them to ensure internal security (see Article 2(21)).
As established in Article 2(23), the use of technical means in a special order refers to the use of technical means in criminal intelligence, authorised by a reasoned court order, for controlling or recording economic and financial transactions, the use of financial and/or payment instruments by a natural or legal person, conversations between persons, other communications or actions, where no participant in a conversation, in a manner that limits, in accordance with the procedure established by law, a person’s right to the inviolability of private life.
Article 10 of the the Law on Criminal Intelligence regulates the use of technical means by special procedures, secret inspection of postal items and their documents, control and collection of postal items, secret control of correspondence and other communications.
This article provides:
“1. The use of technical means by special procedures, the secret inspection of postal items and their documents, the control and taking of postal items, the secret control of correspondence and other communications, and the secret control of correspondence and other communications shall be sanctioned by a reasoned order by the presidents of the district courts or judges authorized by them on the basis of reasoned submissions made by the prosecutors on the basis of data provided by the heads of criminal intelligence entities or their authorized deputy heads, confirming the performance of such actions necessity and factual basis. The control and recording of the content of information of persons transmitted via electronic communications networks, even with the knowledge of such control by one of them, requires a reasoned court order, unless the person requests or agrees to such control or recording without the use of the services and equipment of economic operators providing electronic communications networks and/or services.
2. In urgent cases where there is a danger to human life, health, property, public or State security, the actions referred to in paragraph 1 of this Article shall be permitted in accordance with the order of the public prosecutor. In such a case, the public prosecutor, having made this order, shall, within 24 hours, submit to the judge referred to in paragraph 1 of this Article a petition for confirmation of the legality or validity of the action by means of a reasoned order. If the time limit expires on a day of rest or public holiday, the provision shall be made on the working day following the day of rest or public holiday. If the judge does not confirm the legality or validity of the above actions by a reasoned order, the actions are terminated, and the information obtained during them is immediately destroyed.
3. For the purposes of conspiracy, a reasoned order for the performance of the criminal intelligence measures referred to in paragraph 1 of this Article may be made in any district court.
4. The submission shall include:
(1) the name and position of the official who submitted the application;
(2) available data on objects of criminal intelligence;
(3) the particulars and/or reasons justifying the need to carry out the action referred to in paragraph 1 and the result sought;
(4) the estimated duration of the action referred to in paragraph 1.
5. The use of technical means by special procedures, the secret inspection of postal items and their documents, the control and taking of postal items, the secret control of correspondence and other communications shall be authorised for a period not
exceeding 3 months. The total period may not exceed 12 months, unless the criminal intelligence investigation is carried out in connection with the availability of information about a very serious or serious crime being prepared, committed or committed, or where there are grounds for a criminal intelligence investigation provided for in Article 8(1)(2), (3) and (4) of this Law. In these cases, the use of technical means in a special order, the secret inspection of postal items and their documents, the control and taking of postal items, the secret control of correspondence and other communications for a period of more than 12 months shall be sanctioned by the President of the District Court on the recommendation of the Prosecutor General or the Prosecutor General of the Prosecutor General's Office authorized by him.
6. The continuation of the action provided for in paragraph 5 shall be sanctioned in accordance with the same procedure as the designation of such action. There shall be no limit to the number of extensions, but in each case may be extended for a period not exceeding that laid down in paragraph 5.
7. In the case of a reasoned order on the use of technical means by special procedure, the secret inspection of postal items and their documents, the control and taking of postal items, the secret control of correspondence and other communications, or the extension of these actions, the head of the criminal intelligence entity or the authorized deputy head of the criminal intelligence entity shall take one copy of the order no later than the next working day after receipt of the order sends (transmits) to the Prosecutor General or the prosecutor of the Prosecutor General's Office authorized by him.
8. If the public prosecutor refuses to make a request for the sanctioning of the acts referred to in paragraph 1 of this Article, the head of the criminal intelligence entity or the authorized deputy head shall have the right to appeal to the higher prosecutor controlling the legality of the actions of criminal intelligence entities. The prosecutor's refusal must be motivated in writing. The prosecutor who made the decision to refuse to submit a request to sanction the specified actions shall notify the attorney general or the prosecutor of the Attorney General's Office authorized by him of the refusal of the refusal.
9. If the judge referred to in paragraph 1 of this Article makes a reasoned order refusing to sanction the acts referred to in paragraph 1, the public prosecutor making the application may appeal against the decision to the president of the district court. Where an order refusing to sanction the acts provided for in paragraph 1 of this Article is made by the President of a regional court, this decision may be appealed to the President of the Court of Appeal of Lithuania. The decision of the President of the Court of Appeal of Lithuania shall be final.
10. If the court issues an order and, in urgent cases, the prosecutor issues a decision, the authority authorized by the Government shall notify the economic entity providing electronic communications networks and /or services of the use of technical means in
its network in a special order, indicating the submission number, the date of the order and the date of the order or the date of the prosecutor's decision, the prosecutor who issued it and the duration of the action. The compliance of the content of the notification addressed to an economic operator providing electronic communications networks and/or services with a court order shall be the responsibility of the reporting officer in accordance with the procedure laid down by law. An economic operator providing electronic communications networks and/or services must make it technically possible to carry out controls on information transmitted via electronic communications networks.
11. Technical teams sent to the network of an economic operator providing electronic communications networks and/or services to initiate or terminate interception or other control of information transmitted over electronic communications networks shall be stored in such a way that the sent and received command data cannot be changed by the criminal intelligence entity that sent the team or by the operator who received the team, which provides electronic communications networks and/or services. The
authority authorized by the government must make available to the Attorney General or the prosecutor of the Prosecutor General's Office authorised by him access to the data carrier on which these teams are recorded.
12. The head of the criminal intelligence entity or the deputy head authorized by him shall issue a decision to start secretly controlling the telephone numbers, network terminal equipment, accounts, financial and /or payment instruments used by the person during the period sanctioned by the court. A copy of the adopted decision is sent (transferred) by the head of the criminal intelligence entity or the authorized deputy head of the criminal intelligence entity to the prosecutor who submitted the submission to the court, and if the submission was submitted to the court by the prosecutor of the district prosecutor's office, also to the authorized prosecutor of the Prosecutor General's Office.
The order is sent (transmitted) no later than 24 hours after the secret control and recording of telephone numbers, network terminal equipment, accounts, financial and / or payment instruments has begun by resolution of the head of the criminal intelligence entity or the deputy head authorized by him. If the period expires on a day of rest or holiday, the order is sent (transmitted) no later than the next working day after the day of rest or public holiday.
13. The secret procedure for inspecting postal items and their documents, controlling and picking up postal items shall be established by the Government. The procedure for controlling and recording the economic, financial operations, financial and (or) use of payment instruments of a natural or legal person shall be established by the Government in agreement with the Bank of Lithuania.”
Additionally, it should be noted that Article 15 of the Law on Criminal Intelligence is dedicated to surveillance actions.
This Articles provides:
“1. Surveillance for up to 3 days is allowed to be carried out with the sanction of the head or authorized deputy head of the criminal intelligence entity in accordance with the procedure established by the main authorities of criminal intelligence. If the surveillance is carried out for more than 3 days, but not more than 3 months, then the surveillance can be continued only with the sanction of the prosecutor.
2. Surveillance shall be sanctioned by the public prosecutor on the basis of a reasoned submission by the head or deputy authorized head of the criminal intelligence entity.
3. The submission shall include:
(1) the name and position of the official who submitted the application;
(2) the data and/or reasons justifying the need for tracking and the result sought;
(3) data about the object to which the tracking will be applied;
(4) the estimated duration of the tracking.
4. Surveillance shall be authorised for a period not exceeding 3 months. This period may be extended.
5. The extension of the action provided for in paragraph 4 shall be authorized by the judge, but in each case the extension may be limited to a period not exceeding the period provided for in paragraph 4. This period may be extended, but not more than 12 months.
6. After the surveillance has been sanctioned or extended, the head of the criminal intelligence entity or the authorized deputy head of the criminal intelligence entity shall send (transmit) one copy of the submission to the Prosecutor General or to the prosecutor of the Prosecutor General's Office authorized by him no later than the next working day after the sanction.
7. If the prosecutor refuses to sanction the surveillance, the head of the criminal intelligence entity or his authorized deputy head shall have the right to apply for the sanction of the provision to the higher prosecutor controlling the legality of the actions of the subjects of criminal intelligence. The prosecutor's refusal must be motivated in writing. The prosecutor who made the decision to refuse to sanction the surveillance shall notify the Attorney General or the prosecutor of the Attorney General's Office authorized by him of the refusal.
8. If technical means are used during the surveillance in a special manner, such actions shall be sanctioned in accordance with the procedure laid down in Article 10 of this Law.”
Luxembourg
According to Article 88-2 § 4, the use of spyware in criminal proceedings can last one month - renewable for a maximum total period of one year; spyware usage by the security services is restricted to three months, renewable under rigorous scrutiny by the Special Magistrates Commission and the Ministerial Intelligence Committee.
Surveillance cannot target locations tied to professional secrecy (e.g., lawyers’ offices, journalists’ workspaces), unless the professional is a suspect. Indeed, Article 88-2 § 6(3) of the Code of Criminal Procedure, provides that the installation of the technical device mentioned in paragraphs 2 and 3 of article 88-1 may not, on pain of nullity, be carried out in premises used for professional purposes, the home or its outbuildings within the meaning of articles 479, 480 and 481 of the Criminal Code, or the vehicle of a lawyer, doctor, professional journalist or publisher.
Malta
Surveillance is restricted to cases where there is a significant threat to public safety, such as organized crime, terrorism, and severe criminal activities. The use of spyware or similar technology is monitored to prevent abuse, and only minimal data necessary for the investigation is collected.
Moldova
Ratione materiae - The grounds for ordering special investigative measures as provided by article 19 paras (1) and (3) of the Law no. 59/2012 on the special investigation activity, are:
Para. (1)
(1) strong indications:
a) which denote suspicions of an imminent danger of an attempt against the person, public health, property, public order and public security;
b) jeopardizing the safety of the investigating officer, undercover investigator, confidential collaborator or members of their families, witnesses and other participants in the criminal proceedings;
c) endangering the safety in places of detention;
(2) information, becoming known, concerning:
(a) persons who evade prosecution or trial, hide from the prosecuting body or the court, evade execution of punishment or have escaped from places of detention;
b) persons missing without trace or unidentified bodies;
(3) interpellations to law enforcement bodies of other states, international organizations or institutions/agencies of the European Union, in accordance with international treaties to which the Republic of Moldova is a party.
Para. (3)
Special investigative measures shall be ordered if the following conditions are cumulatively met:
(a) fulfillment of the tasks of this Law is impossible by other means;
b) the action is necessary and proportionate to the restriction of fundamental human rights and freedoms;
c) a legitimate aim is pursued.
Ratione personae – any person for the reasons referred to in Article 19 para. (1) of the Law no. 59/2012 on the special investigation activity.
Ration temporis – The special investigative measure shall be ordered for a period of 30 days, the term starting from the date of authorization, and may be extended, with the same reasons, up to 180 days calculated cumulatively, with the exceptions
established by this law. If the term for which the special investigative measure has been authorized has been extended up to 180 days calculated cumulatively, it is prohibited to authorize the special investigative measure on the same grounds and in respect of the same persons, except in the case of new circumstances, to search for accused/indicted or convicted persons who are hiding from the prosecution body or the court or are evading the execution of the deprivation of liberty, to search for escaped prisoners, to carry out undercover investigations, in which cases it is allowed to authorize the special investigative measure for up to 2 years
cumulatively.
The special investigative measures ordered under Article 19 paragraph (1) item 1) the Law no. 59/2012 on the special investigation activity shall cease to be carried out from the moment when the results of such measures show that a crime is being prepared, committed or has been committed, and shall be carried out in accordance with the provisions of the Criminal Procedure Code.
Rules for targeted surveillance in criminal investigations – Section 5 of the Criminal Proceedings Code - Measures of secret surveillance
The general rules for secret surveillance are:
- Ratione materiae – the criminal proceedings are instituted in respect of the preparation or commission of a serious, particularly
serious or exceptionally serious crime, subject to the exceptions when a particular secret measure can be applied in the case of
several less serious and minor crimes set out in Article 138 – interception and recording of communications and/or images,
Article 138 - Monitoring or control of financial transactions and/or access to financial information; Article 138 - Collection of
information from electronic communications service providers; Article 138 of the Criminal procedure code - access and/or
interception of computer data, Article 138 - Identification of the subscriber or user of an electronic communications network,
Article 138 – Controlling the transmission or receipt of money, services or other material or non-material values demanded, accepted, extorted or offered.
- Ratione personae:
i) Special investigative measures may be carried out in respect of a suspect, accused person or person who there is evidence that he or she either contributes to the preparation or commission of the crime or receives or transmits money, property or information relevant to he criminal case (Article 135 para. (3) of the Criminal Procedure
Code).
o ii) Special investigative measures may also be carried out in respect
of the victim, injured party, civil party, witness or relative of such
persons if there is imminent danger to their life, health or liberty, if
it is necessary to prevent the crime or if there is an obvious risk of
irretrievable loss or distortion of evidence. For the purposes of this
paragraph, special investigative measures shall be ordered in
accordance with the procedure laid down in Article 135 only at the
written request or with the written consent of the persons referred
to in this paragraph. The special investigative measure ordered in
accordance with this paragraph shall be terminated immediately
after the grounds on which it was ordered and authorized have
ceased to exist or at the express request of the person in respect of
whom the special investigative measure was ordered (Article 135
para. (4) of the Criminal Procedure Code).
o iii) Special investigative measures may also be carried out as part
of parallel financial investigations to recover criminal assets
(Article 135 para. (5) of the Criminal Procedure Code).
- Ration temporis - The special investigative measure shall be ordered for a period of 30 days starting from the date of authorization and may be extended for a further period of up to 180 days calculated cumulatively, with the exceptions laid down in this Section, with the same reasons. If the period for which the special investigative measure was authorized has been extended up to 180 days calculated cumulatively, it is prohibited to authorize the special investigative measure for the same reasons and in respect of the same persons, except in the case of new circumstances, for carrying out undercover investigations or investigation of organized crime, corruption and corruption-related offences, offences against state security, terrorist offences, money laundering or terrorist financing, in which cases it is allowed to authorize the special investigative measure for up to 360 days cumulatively (Article 135 paras (7) and (9) of the Criminal Procedure Code).
Monaco
Irrespective of this particular hypothesis, the Supreme Court, in a decision of June 20, 1979, Association syndicale autonome des fonctionnaires, recognized the constitutionality of the practice whereby the legislator empowers the regulatory power to intervene in areas where competence has been exclusively attributed to it by the Constitution. This rule is based on the idea that when the Constitution reserves a matter to the legislator, this does not prevent the latter from empowering the government to take, by means of regulations, the measures it deems necessary to apply the legislative provisions. This is not really a transfer of legislative power to the government in a given matter, but a division made by the legislator, within a matter that falls within its competence, between what it intends to keep for itself and what it considers to fall within the scope of the application of the law. Moreover, this power could probably be exercised without empowerment under the Prince's power to issue the ordinances necessary for the execution of laws (art. 68). This division of powers is supervised by the Supreme Court.
Morocco
Toutefois, le deuxième alinéa autorise le juge d'instruction, si les nécessités de l'enquête l'exigent, ordonner par écrit l'interception des appels téléphoniques et de toutes les communications effectuées par des moyens de communication à distance, leur enregistrement, la prise de copies ou leur saisie.
Bien plus, le troisième alinéa du même article permet au Procureur général du Roi de demander par écrit au premier président de la cour d'appel de rendre une ordonnance autorisant l'interception des appels téléphoniques ou des communications effectuées par des moyens de communication à distance, leur enregistrement, la prise de copies ou leur saisie, si l'enquête porte sur un crime ou concerne des bandes criminelles, un meurtre ou un empoisonnement, une atteinte à la sûreté de l'État, un acte de terrorisme, un enlèvement et une prise d'otages, la contrefaçon ou la falsification de monnaie ou de titres de créance publique, des drogues et substances psychotropes, des armes, munitions et explosifs, ou la protection de la santé. Cependant, en cas d’urgence extrême, le procureur général du Roi peut exceptionnellement ordonner par écrit l'interception des appels téléphoniques ou des communications effectuées par des moyens de communication à distance, leur enregistrement, la prise de copies et leur saisie, si les nécessités de l'enquête exigent une intervention rapide pour éviter la disparition des preuves et si le crime porte atteinte à la sûreté de l'État ou est un acte de terrorisme, ou concerne des drogues et des substances psychotropes, des armes, des munitions et des explosifs, ou un enlèvement ou une prise d'otages. Dans ce cas, le premier président doit être immédiatement informé par le Procureur général du Roi de l'ordre émis.
Le premier président rend alors une décision dans un délai de vingt-quatre heures confirmant, modifiant ou annulant l'ordre du procureur général du roi. Si le premier président annule l'ordre émis par le procureur général du roi, l'interception des appels téléphoniques ou des communications mentionnées ci-dessus est immédiatement arrêtée, et les procédures effectuées en exécution de l'ordre annulé sont considérées comme nulles et non avenues. La décision rendue par le premier président concernant l'ordre du procureur général du roi n'est susceptible d'aucun recours.
North Macedonia
The scope of the interception of communications is defined in the Law on Communication Surveillance and Law on Criminal Procedure.
In Art. 4 of the Law on Communication Surveillance, the terms used in the Law are defined, among which are:
Meaning of Terms
Article 4 of the Law on Communication Surveillance
Certain terms used in this law have the following meanings:
1. "Communication" refers to the provision or exchange of information between people through speech, sounds, light, written text, drawings, images, objects, or gestures, as well as the technical process of sending, transmitting, and receiving any speech, data, sounds, signals, written text, static and moving images, which serve for the exchange of information between people, between people and objects, between objects, or for the management of any object using a telecommunications system, as well as internet protocol, voice over internet protocol, websites, and electronic mail;
2. "Monitoring and recording of telephone and other electronic communications" refers to the secret disclosure of the content of the technical process of sending, transmitting, and receiving any speech, data, sounds, signals, written text, static and moving images, which serve for the exchange of information between people, between people and objects, between objects, or for the management of any object using a telecommunications system, as well as internet protocol, voice over internet protocol, websites, and electronic mail, through access to technical equipment at the operators via OTA (Operational Technical Agency) or using special technical devices and equipment without the mediation of OTA and the operators, and simultaneously creating a technical record of the content of the communication, with the ability to reproduce it;
3. "Monitoring of communications" refers to the secret disclosure of the content of any communication and simultaneously creating a technical record of the content of the communication, with the ability to reproduce it;
4. "Special investigative measure" refers to the monitoring and recording of telephone and other electronic communications;
5. "Measures for monitoring communications" refers to the special investigative measure and the measures for monitoring communications for the protection of the interests of state security and defense: monitoring and recording of telephone and other electronic communications; monitoring and recording inside buildings, enclosed spaces, and objects and entry into those buildings, enclosed spaces, and objects for the purpose of creating conditions for the implementation of the measure; monitoring and visual recording of persons in open spaces and public places; monitoring and audio recording of the content of communications of persons in open spaces and public places.
…..
18. "Mediation device (LEIMD)" refers to intermediary technical equipment and appropriate software support that enables the activation of the measure of monitoring and recording of telephone and other electronic communications;
19. "Information related to monitored communication" refers to data on telecommunications services for the person and/or object that is the target of communication monitoring, particularly data related to the communication, service data, and location data, as well as any other relevant data;
20. "Communication monitoring equipment (LEMF)" refers to tools for monitoring communications to which the content of the monitored communication and information related to the monitored communication are transmitted from the operators' technical equipment via OTA (Operational Technical Agency) to the workstations possessed by the authorized bodies;
21. "Workstation" refers to a personal computer with appropriate software support connected to the communication monitoring equipment (LEMF), which allows access to the content of the monitored communication with the ability to retrieve it, as well as to the information related to the monitored communication.
Art. 252 of Law on Criminal Procedure
Purpose and Types of Special Investigative Measures
(1) When it is likely that data and evidence necessary for the successful conduct of criminal proceedings, which cannot be otherwise collected, will be obtained, the following special investigative measures may be undertaken:
1. Monitoring and recording of telephone and other electronic communications in accordance with procedures established by special law;
2. Monitoring and recording inside a home, enclosed or fenced area belonging to that home or business space designated as private, or inside a vehicle, and entry into those premises to create conditions for communication monitoring;
3. Secret monitoring and recording of individuals and objects using technical means outside the home or business space designated as private;
4. Secret inspection and search of a computer system;
5. Automatic or other methods of searching and comparing personal data;
6. Review of completed telephone and other electronic communications;
7. Etc…..
(2) In cases where the identity of the perpetrator of the criminal offense is not known, the special investigative measures listed in paragraph (1) of this article may also be applied to the object of the criminal offense.
The laws specifie that interception of communications is only permissible for the purpose of preventing or investigating serious criminal offenses, as well as for national security and intelligence purposes.
The Law on Criminal Procedure regulates the cases in which special investigative measures can be used:
Art. 253 of Law on Criminal Procedure
Criminal Offenses for Which Special Investigative Measures May Be Ordered Special investigative measures may be ordered when there are grounds for suspicion of:
1) Criminal offenses for which a prison sentence of at least four years is prescribed and which are prepared, in the process of being committed, or have been committed by an organized group, gang, or other criminal association; or
2) The following criminal offenses: Murder under Article 123; Kidnapping under Article 141; Mediation in prostitution under Article 191, paragraphs (1), (3), and (4); Displaying pornographic materials to a minor under Article 193; Production and distribution of child pornography under Article 193-a; Enticing a minor under 14 years of age to engage in sexual activity under Article 193-b; Unauthorized production and trafficking of narcotic drugs, psychotropic substances, and precursors under Article 215, paragraphs (1) and (3); Damage to and unauthorized access to a computer system under Article 251, paragraphs (4) and (6); Extortion under Article 258; Blackmail under Article 259, paragraph (2); Appropriation of goods under temporary protection, cultural heritage, or natural rarities under Article 265; Export or removal of goods under temporary protection, cultural heritage, or natural rarities under Article 266, paragraph (1); Alienation of cultural heritage of particular importance in state ownership under Article 266-a; Money laundering and other proceeds of crime under Article 273, paragraphs (1), (2), and (3) and paragraphs (5), (6), (8), and (12); Smuggling under Article 278, paragraphs (3) and (5); Customs fraud under Article 278-a; Abuse of office and authority under Article 353; Embezzlement in office under Article 354; Fraud in office under Article 355; Malfeasance
in office under Article 356; Receiving a bribe under Article 357, paragraphs (1), (4), (5), and (6); Giving a bribe under Article 358, paragraphs (1) and (4); Illegal mediation under Article 359, paragraph (6); Illegal influence on witnesses under Article 368-a, paragraph
(3); Criminal association under Article 394, paragraph (3); Terrorist organization under Article 394-a, paragraphs (1), (2), and (3); Terrorism under Article 394-b and financing terrorism under Article 394-v, all from the Criminal Code; or 3) Criminal offenses against the state (Chapter XXVIII) and crimes against humanity and international law (Chapter XXXIV) from the Criminal Code.
Article 255 of the Law on Criminal Procedure Persons Against Whom Special Investigative Measures May Be Ordered
(1) According to the conditions in Article 252, paragraph (1) of this law, the order may apply to a person who:
1. Has committed a criminal offense under Article 253 of this law;
2. Is undertaking actions to commit a criminal offense under Article 253 of this law; or
3. Is preparing to commit a criminal offense under Article 253 of this law when such preparation is punishable according to the provisions of the Criminal Code.
(2) The order may also apply to a person who receives or forwards packages from the suspect or to a suspect who uses their communication device.
(3) If, during the implementation of the measure, communications of persons not covered by the order are monitored and recorded, the public prosecutor is obliged to separate and inform the judge of the preliminary procedure. At the request of the public prosecutor, the judge of the preliminary procedure may order that only the parts of the documentation related to the criminal offense for which the order was issued be retained from the complete documentation of the measure's implementation.
The Law on Communication Surveillance regulates the cases in which interception of communications is used for protection of national security and defense of the country.
Conditions for Issuing an Order
Article 19 of the Law on Communication Surveillance
1. The court may order measures for monitoring communications as specified in Article 18 of this law when there are grounds for suspicion that a criminal offense against the state, the armed forces, or against humanity and international law is being prepared.
2. In addition to the cases mentioned in paragraph (1) of this article, the court may order measures for monitoring communications for preventive action when a violent attack against the Republic of North Macedonia is being prepared, incited, organized, or participated in, or when there is an attempt to incapacitate its security system from performing its functions. Preventive action may also be ordered regarding activities related to criminal offenses in the Criminal Code: terrorist organization (Article 394-a), terrorism (Article 394-b), and financing terrorism (Article 394-v), when information on such activities cannot be otherwise obtained or obtaining such information would involve greater difficulties, in order to prevent the commission of the criminal offense, violent attack, or incapacitation of the security system.
3. If there is a choice between several measures for monitoring communications, the measure that least infringes upon human freedoms and rights as established by the Constitution of the Republic of North Macedonia, the law, and international treaties
ratified in accordance with the Constitution of the Republic of North Macedonia will be applied.
The duration of the interception as investigative measure is regulated in the Art. 11 of the Law on Communication Surveillance, while the duration of the interception for the national security and intelligence purposes is regulated in Art. 24 of the Law on
Communication Surveillance.
Duration and Extension of the Implementation of a Special Investigative Measure
Article 11 of the Law on Communication Surveillance
1. With the order for the special investigative measure, the pre-trial judge will authorize the implementation of the measure for a period that is deemed necessary, but not longer than four months from the date of its issuance.
2. Before the expiration of the period mentioned in paragraph (1) of this article, if the authorized person in the judicial police deems that there is a need to continue the special investigative measure, they are obliged to submit a special report to the competent public prosecutor, outlining the results of the communication monitoring and proposing an extension of the period, with an explanation of the reasons for the extension.
3. If the competent public prosecutor agrees with the proposal from paragraph (2) of this article, or on their own initiative deems that it is necessary to continue the special investigative measure, they must, before the expiration of the period mentioned in
paragraph (1) of this article, inform the pre-trial judge in writing of the results of the implementation of the measure and request an extension of the period, providing a justification for the extension.
4. In cases where the competent public prosecutor submits a request for an extension of the period for the special investigative measure before its expiration, the pre-trial judge may, before the expiration of that period, issue an order to extend the period for no longer than four months from the expiration date of the period whose extension is proposed.
5. The extension of the special investigative measure may also be allowed after the expiration of the period mentioned in paragraph (1) of this article. In that case, the public prosecutor, either on their own initiative or at the suggestion of the authorized person in the judicial police, must submit a written request to the pre-trial judge for the extension of the period for the special investigative measure, specifically explaining the reasons for the extension.
6. In cases where the competent public prosecutor submits a request for the extension of the period for the special investigative measure after the expiration of the period mentioned in paragraph (1) of this article, the pre-trial judge may, within a maximum of three days from the date of submission of the request, issue an order to extend the period for the implementation of the special investigative measure for no longer than four months.
7. For criminal offenses for which a prison sentence of at least four years is prescribed, and where there is reasonable suspicion that they have been committed by an organized group, gang, or other criminal association, the pre-trial judge may extend the period mentioned in paragraph (1) of this article for an additional period of up to six months, upon a written request from the public prosecutor, based on an assessment of the usefulness of the data collected through the measure and a reasonable expectation that the measure can continue to provide data of interest to the procedure.
8. The pre-trial judge may authorize the extension of the period for the special investigative measure for a total duration of up to 14 months, including the time specified in the initial order issued for the special investigative measure.
9. In the event that the pre-trial judge disagrees with the request for an extension of the period for communication monitoring, the procedure outlined in Article 9, paragraph (2) of this law shall apply.
Duration of the Communication Monitoring Measure
Article 24 of the Law on Communication Surveillance
1. With the order for the implementation of the communication monitoring measure, the judge of the Supreme Court of the Republic of Macedonia shall authorize the implementation of the communication monitoring measure for a period that is deemed necessary, but not longer than six months.
2. In accordance with Article 26 of this law, the judge may order an extension of the implementation of the communication monitoring measure for the period required, but not longer than six months, with the possibility of repeated extensions of the measure for six months each time. The communication monitoring measure can be extended for a total duration of up to two years, including the time specified in the initial order issued for the communication monitoring measure.
Netherlands
Yes, there are many, as well as detailed rules in place on ‘targeted surveillance’. The hacking power in Article 126nba DCCP (for regular criminal investigations), Article 126uba (for criminal investigations into organised crime) and Article 126zpa (for investigations into terrorist crimes) refers in 126nba(1)(b) DCCP to ‘targeted surveillance’ through wiretapping (Article 126m DCCP) and ‘direct listening’ (e.g., by activating a microphone) in Article 126t DCCP. The use of this power is restricted to ‘devices in use by suspects’ and limited in scope and duration. Further regulations for ‘Investigations in computers’ (2018) contain rules regarding the crimes for which the investigatory power can be used (e.g., serious crimes, sex crimes, and computer crimes) (Article 2), the expertise of investigating officers (Articles 3-4), the recording of data on the execution of an order in log files (Articles 5-7), technical requirements for a technical tool for conducting investigative actions (Articles 8-13), the inspection of technical tools (Articles 14-20), the execution of the order (Articles 21-28), and provisions for storing data (Article 29). More regulations for use of hacking powers with ‘technical devices’ can also be found in the Regulation of technical devices in criminal procedural law (published on 11 July 2018). Regulations and definitions for the use of ‘targeted surveillance’ (referring to Article 126m DCCP and Article 126l DCCP) can be found in the 'Instructions for use of special investigative powers’ (of 2014). Regulations for wiretapping and obligations for providers of public telecommunication networks and services can be found in Section 13 of the Dutch Telecommunications Act.
Intelligence and security services:
Yes, there are detailed rules available for the use of hacking and its combination with targeted surveillance in the Act on Intelligence and Security Services 2017. The use of hacking in combination with ‘targeted interception’ is specified in Article 45(2)(c) of the Act on intelligence and security services. The use of this investigative power is limited in scope and duration. Intelligence and security an employ the investigative power of hacking when targets (individuals or organisations) pose a threat to the national security or democratic order of the Netherlands (see Article 8(2)(a) and 10(2)(a) of the Act on intelligence and security services). The use of targeted surveillance measures is also regulated in Article 47 of the Act on Intelligence and Security Services 2017. Similar detailed regulations apply regarding the scope, duration, and authorisation, as with the hacking power. Further regulations for wiretapping and obligations for providers of public telecommunication networks and services can also be found in Section 13 of the Dutch Telecommunications Act.
Norway
For the police, in criminal investigation, it is a basic criterion for all coercive measures, which includes surveillance, must have reasonable grounds and be proportionate, see Article 170 a of the 1981 Criminal Procedure Act. This would in effect limit the temporal scope of surveillance, even if the maximum time by the law is not yet reached.
As for material limitations, data reading pursuant to Articles 216 o and p, requires “reasonable grounds” to suspect a crime which carries a penalty of more than 10 years in prison, or which concerns crimes of illegal intelligence activities against state secrets, revelation of state secrets, other illegal intelligence activities, participation in violent associations, influence by foreign intelligence services, incitement and recruitment to terror, travels with the intent of terror, participation in and recruitment to illegal military activity abroad, deprivation of liberty offences, human trafficking, production and dissemination of materials sexualizing children, receiving of stolen goods, money laundering, violations of the law on export control of strategic products, technology etc., and certain violations of the law on immigration.
As for personal limitations, Article 216 o section 4 says that requests for data reading must refer to “specific computer systems or user accounts for network-based communication and storage services that the suspect possesses or can be assumed to want to use”.
As for temporal limitations, Article 216 o section 5 limits a permit to 2 weeks at the time, after which the police must ask the court for a new permit. Regardless of this maximum limit, Article 216 f requires the measure to be used “no longer than strictly necessary”.
For context:
For communication interception, Article 216 a requires “reasonable grounds” and is limited to the same types of crimes as data reading mentioned above, with the exception that communication interception can also be used for drug crimes. Data reading, and thus spyware, was considered too invasive for the use in the investigation of less serious drug crimes.
For communication interception, Article 216 f limits the use of this measure to a maximum of 4 weeks, or 8 weeks if the surveillance concerns suspected crimes against Norway’s independence and fundamental national interests (2005 Criminal Code chapter 17). Regardless of these maximum limits, the provision requires communication interception to be used “no longer than strictly necessary”.
The Intelligence Service cannot use targeted surveillance, or other surveillance, of persons in Norway. There is an explicit ban in Article 4-1 of the 2020 Intelligence Service Act. There are exceptions for foreigners acting on behalf of another state and in case of war (Article 4-2).
For end-point collection, Article 6-10 states that information not intended for communication, can only be collected if “strictly necessary” (in relation to the work of the Intelligence Service).
Poland
Scope Ratione Materiae
The scope of targeted surveillance in Poland includes several key activities. Interception of communications is one of the primary methods, involving the monitoring, recording, and collection of data from telecommunications, internet communications,
and other digital channels. Surveillance also encompasses access to stored communications data, such as metadata, which can be used for investigative purposes. Additionally, operational control activities are permitted, including physical monitoring, audio-visual recording, and tracking of movements, which may involve spyware and other electronic monitoring tools. These surveillance measures are specifically allowed in investigations related to serious crimes, threats to national security, terrorism, organized crime, and other high-risk activities.
Scope Ratione Temporis
Surveillance measures, including the interception of communications, are subject to time-limited authorizations. These measures must be authorized for a specific period, usually a few months, and any continuation requires an extension to be sought from the appropriate authority. Judicial review plays a crucial role in this process, as any extension or continuation of surveillance measures must be reviewed by a judge or other designated authority to ensure the legality and proportionality of the ongoing surveillance.
Scope Ratione Personae
Surveillance is strictly targeted at specific individuals. It can only be conducted against persons who are suspects in criminal investigations, individuals deemed a threat to national security, or those involved in activities such as terrorism or organized crime. There are restrictions on the surveillance of third parties; incidental surveillance of individuals not specified in judicial or administrative authorizations is generally not permitted unless it directly relates to the investigation. Certain groups, such as legal professionals, journalists, and parliamentarians, enjoy additional protections against unlawful surveillance.
Oversight and Authorization:
Most forms of targeted surveillance, including the interception of communications, require prior authorization from a court. This judicial oversight ensures that surveillance measures are justified, necessary, and proportionate to the threat. Intelligence and law enforcement agencies are also subject to parliamentary oversight, internal controls, and monitoring by data protection authorities, which work together to prevent the abuse of surveillance powers. Intelligence and law enforcement agencies are subject to oversight by parliamentary committees, internal controls, and data protection authorities to prevent abuse of
surveillance powers.
Portugal
Criminal procedure law (CPP) allows, among the means of obtaining evidence, the access to, and recording, telephone communications or conversations or communications transmitted by any technical means other than the telephone, namely email communications – articles 187, 188 e 189 of the Code of Criminal Procedure (CPP). Interception and recording of conversations or communications can only be authorized if there are reasons to believe that the diligence is essential to discover the truth, or if that proof would otherwise be impossible or very difficult to obtain.
The law clearly highlights the exceptional nature of the means it allows and the proportionality it must respect; therefore, the competence of the investigating judge and the closeness he must monitor the formalities to get evidence and assess the necessity, duration and quality, or ordering the destruction of collected material that is not of interest to the case.
No interception and recording of telephone conversations or communications between the defendant and his defence counsel is allowed, unless the judge has reasonable grounds to believe that the said conversation or communication is object or a constitutive element of a criminal offence.
The Law 5/2002, of 11 January (in its current wording), establishes measures to combat organized and economic-financial crime and other serious crimes, provides for a special regime in relation to drug trafficking crimes; terrorist offences, offenses relating to a terrorist group, offenses relating to terrorist activities and terrorist financing; arms trafficking; influence trafficking; undue receipt or offer of an advantage; active and passive corruption, including that occurred in public and private sectors and in international trade, as well as in sport activities; embezzlement; economic participation in business; money laundering; criminal association; sports coercion, fraudulent sports betting; child pornography and pimping of minors; counterfeiting, use and acquisition of counterfeit cards or other payment devices and respective preparatory acts, acquisition of cards or other payment devices obtained through computer crime, damage to programs or other computer data and computer sabotage.
The Cybercrime law ( Law 109/2009, of 15 September, as amended by Law 79/2021, of 24 November) expressly allows searches to be carried out in a digital environment (article 15), and, more than expanding the specific regime for interception of communications (articles 188 and 189 of the CPP), the law established its own regime for interception, obtaining and collecting data on computer systems - articles 18 and 19 of the Law.
During a criminal investigation, it allows the interception, collection and storage of data collected in a data transmission, if there is a reason to believe that this is indispensable to discover the truth, or that the evidence would otherwise be impossible or very difficult to obtain. But the law does not contain indications about the means or instruments that can be used “according to the needs of the investigation”.
Organic Law 4/2017, of 25 August, regulates the special procedure for access to telecommunications and Internet data by intelligence officers of the Security Information Service (SIS) and the Strategic Defence Information Service (SIED) – Intelligence Service. Under article 2 of this law, “telecommunications data” means the records or information contained in databases previously stored by providers of electronic communications services relating to the provision of telephone services accessible to the public and the transfer support network, between network terminal points, of voice communications, messaging and multimedia services and other forms of communication; and by “Internet data”, records or information contained in databases previously stored by providers of electronic communications services, relating to transmission systems and switching or routing equipment that allow sending signals or data, when they do not support a concrete communication.
Romania
San Marino
to its use in the investigative field. Therefore, the broader and more general provisions on interceptions laid down in Law no. 98 of 21 July 2009, referred to above, apply mutatis mutandis. On the other hand, the absence of any concrete case prevents further useful information from being provided.
Serbia
One of the fundamental principles of the Serbian Constitution is direct Implementation of guaranteed rights. Article 18 stipulates that human and minority rights guaranteed by the Constitution shall be implemented directly. The Constitution shall guarantee, and as such, directly implement human and minority rights guaranteed by the generally accepted rules of international law, ratified international treaties and laws. Provisions on human and minority rights shall be interpreted to the benefit of promoting values of a democratic society, pursuant to valid international standards in human and minority rights, as well as the practice of international institutions that supervise their implementation. Consequently, the European Convention on Human Rights and its Article 8 that provides a right to respect for one's " private and family life, his home and his correspondence” form an integral part of legal system of the Republic Serbia.
As above mentioned, the Serbian law does not explicitly mention “spayware”, but there are regulations governing surveillance and the use of monitoring tools in both criminal investigations and intelligence operations, in accordance with the Constitution of the Republic of Serbia. There are general rules on targeted surveillance that in practice could be apply on “spyware” as well. According to the Law on Security Information Agency (Article 13) special measures which deviate from inviolability of secrecy of letters and other means of communication are:
1) secret surveillance and recording of communications, regardless of the form and technical means used for it, or surveillance of electronic or any other address;
2) secret surveillance and recording of communications in public places and places with limited access or in premises;
3) statistical electronic surveillance of communications and information systems with aim to obtain data on communication or location of used mobile terminal equipment;
4) computer search of already processed personal and other data and their comparing with data acquired through the application of measures stipulated in points 1) - 3) of this paragraph. Secret surveillance and recording of locations, premises and objects, including devices for automatic data processing and equipment used or potentially used for storing of electronic records, may be approved with special measures from paragraph 1, points 1) and 2) of this Article.
Article 14 of the same Law stipulates that special measures may be prescribed against an individual, group or organization when there are grounds for suspicion that they are conducting or preparing acts directed against the security of the Republic of Serbia, and when the circumstances of the case indicate that those acts could not be otherwise detected, prevented or proved, or that it would cause extreme difficulties or substantial danger. While deliberating on prescribing and duration of special measures, it shall particularly be taken into a consideration whether the same result could be acquired in a manner less restrictive for citizens’ rights, in a volume necessary for fulfilling the purpose of limitation in a democratic society.
The use of “spyware” could be covered also by Special evidentiary actions (measures) defined in the Code of Criminal Procedure.
According to the Article 161 of the Code special evidentiary actions may be ordered against a person for whom there are grounds for suspicion that he/she has committed a criminal offence referred to in Article 162 of this Code, and evidence for criminal prosecution cannot be acquired in another manner, or their gathering would be significantly hampered. Special evidentiary actions may also exceptionally be ordered against a person for whom there are grounds for suspicion that he/she is preparing one of the criminal offences referred to in paragraph 1 of this Article, and the circumstances of the case indicate that the criminal offence could not be detected, prevented or proved in another way, or that it would cause disproportionate difficulties or a substantial danger.
In deciding on ordering and the duration of special evidentiary actions, the authority conducting proceedings shall especially consider whether the same result could be achieved in a manner less restrictive to citizens’ rights.
Slovakia
The PAIA defines “information-technical devices” in Section 2 par. 1 as “electro-technical, radio-technical, photo-technical, optical, mechanical, chemical and other devices” used secretly for purposes therein defined. These include the tracing, opening, examination and evaluation of mail and other transported items, obtaining the contents of messages transmitted over electronic communications networks, including the interception of telephone communications, and making visual, audio, audio-visual or other recordings. The definition contained in Section 10 par. 20 CPC is almost identical.
Several authorities may use those surveillance tools under the PAIA, but the information gathering is carried out either by the Police Corps or by the Slovak Information Service.
Surveillance tools and any data gathered in this way may only be used for the time and to the extent strictly “necessary in a democratic society” for legitimate aims defined by the law and only if it is proven that meeting those aims would be ineffective or severely hindered by other means. The legitimate aims include the protection of the constitutional system, internal order and foreign policy interests of the State, security and defence of the State, the obtaining of information from foreign sources, the prevention and investigation criminal activities, and the “protection of the rights and freedoms of others” (Section 3 PAIA).
Target surveillance must always be authorised by the competent court (see Q5 for details). In urgent matters, however, the Police Corps may carry out surveillance even without a court warrant but must inform the competent judge of the surveillance within one hour and file a written, substantiated application within six hours from the start of the surveillance. If the court does not approve the surveillance within 12 hours, all surveillance must be terminated and any data and recording obtained destroyed and the court informed of the destruction (Section 5 PAIA).
Any recording and data obtained through illegal surveillance must be destroyed before a judge within 24 hours and may not be used as evidence in court proceedings. The results of surveillance that has not produced any information useful for meeting one of the legitimate aims listed above must also be immediately destroyed. (Section 7 PAIA).
The regulation contained in Sections 114 and 115 CPC is in many ways analogous. First, the CPC limits the use of surveillance measures to certain categories of crimes only.
Audio and video recordings may only be used when investigating intentional crimes punishable by a maximum prison term of more than three years, corruption, and intentional crimes that must be prosecuted under an international treaty. If the respective device is to be installed in a household, the list of crimes is even more limited and consists of felonies, corruption, abuse of authority of a public official, money laundering, and intentional crimes that must be prosecuted under an international treaty.
Interception and recording of telecommunications and of “data transferred in real time via a computer system” is only allowed when investigating felonies, corruption, extremism crimes, abuse of authority of a public official, money laundering, and intentional crimes that must be prosecuted under an international treaty, and only if other measures prove to be insufficient.
Spain
The Criminal Procedure Law, in its TITLE VIII (Investigation measures restricting the rights recognised in Article 18 of the Constitution) regulates the issue.
Chapter IV (art.588.bis) establishes the common rules on the ‘interception of telephone and telematic communications, the interception and recording of oral communications through the use of electronic devices, the use of technical devices for tracking, tracing and capturing images, the recording of mass storage devices and the remote recording of data processing equipment’ Art.588.bis.a defines the guiding principles and the rules that the judge must follow to grant authorisation for an interception of this type. This judicial authorisation must be founded in the principles of speciality, adequacy, exceptionality, necessity and proportionality of the measure. These principles are defined in the same Article. Other aspects of the common principles are developed: application for judicial authorisation (Art. 588.bis.b), judicial authorisation (Art. 588.bis.c); secrecy (Art.588.bis.d); time limit (Art.588. .bis.e), request for extension (Art. 588.bis.f), effects on third parties (Art. 588.bis.h), use of
information obtained in other proceedings and accidental discoveries (Art. 588.bis.i), end of the measure (Art. 588.bis.j), deletion of records (Art. 588.bis.k).
Chapter IX (art.588.septies) rules specifically on remote searches on IT equipment. Art.588.septies.a establishes the premises. It only authorises this type of measure for specific offences (committed by criminal organisations, terrorism, offences against minors or persons with disabilities, offences against the constitution, treason or affecting national defence, offences committed through computer tools). It also establishes the content to be specified in the judicial authorisation of the measure (Art. 588.septies.a.2). The chapter also regulates the duty to cooperate (art. 588.septies.b) and the time limit (art. 588 septies, c), which is one month, extendable to a maximum of three months.
2.2.- Intelligence investigations.
As stated in the previous answer, there are not specifical rules for intelligence services.
Therefore, in these cases, the general framework concerning the oversight of intelligence services in Spain should be applied. This framework encompasses:
- Law 9/1968, 5 of April, about official secrets, modified by Law, of 11 October 1978
- Law 11/1995, 11 of May, regulation the use and control over credits of reserved expenses
- Law 11/2002, 6 of May, regulating the National Intelligence Center
- Organic Law 2/2002, 6 of May, regulating the previous judicial control over the National Intelligence Center.
This legal framework establishes both democratic (parliamentary) and judicial oversight over the use of such tools by intelligence services.
Sweden
Generally speaking, secret data reading may only be authorized to investigate an offence which has either already been committed or is ongoing (including criminalized attempts). It may also be authorized to investigate to prevent the commission of an offence under the Act (2007:979) on measures to prevent particularly serious crimes, when, having regard to the circumstances, there is reason to believe that a person will perform such an offence in the future. The 2007 Act is mainly aimed at national security offences (sabotage, arson, terrorist offences etc.), but it has been recently expanded to cover a small number of serious offences (murder, aggravated narcotics distribution etc.) committed within the context of organized crime.
There is also an exception to the requirement for there to be a criminal offence when the Security Police are acting under the Act (2022:700) on Special Control of Aliens, investigating a non-national who is suspected of belonging to a terrorist organization.
For all special investigative methods there is a “least intrusive means” test. This requires the requesting body (usually a prosecutor) to demonstrate to the authorizing body (a court or other independent body) that the information sought in the investigation cannot be obtained by less intrusive means. The use of spyware is still a very resource-intensive process which means that the investigating police or security agency also has a strong interest in effective husbanding of its limited resources.
The first basic conditions for use of spyware are to be found in section 4 of the Act. This makes a distinction between secret data reading involving, and not involving, activating a device’s microphone to record sound. For use not involving activating a microphone, there is a relatively long list of offences, namely those for which communications interception is permitted under Chapter 27 section 18 a of the Code of Judicial Procedure. This in turn refers to:
1. a crime for which a lighter penalty than imprisonment for two years is not prescribed,
2. gross data breach according to ch. 4 Section 9 c, second paragraph of the Criminal Code,
3. gross sexual abuse, sexual exploitation of children, sexual abuse of children, gross sexual abuse of children, exploitation of children for sexual posing, gross exploitation of children for sexual posing, exploitation of children through the purchase of sexual acts, sexual molestation of children or gross sexual harassment against children according to ch. 6 § 2 third paragraph, § 5, § 6, § 8, § 9 or § 10 first or third paragraph of the Criminal Code,
4. contact to meet a child for sexual purposes according to chapter 6. Section 10 a of the Criminal Code, if it can be assumed that the offense does not lead to only fines,
5. gross fraud according to ch. 9 Section 3 of the Criminal Code, if the act has been committed using electronic communication,
6. extortion according to ch. 9 Section 4, first paragraph, of the Criminal Code, if it can be assumed that the penalty value of the crime exceeds imprisonment for three months,
7. sabotage according to ch. 13 Section 4 of the Criminal Code,
8. arson, general destruction, hijacking, maritime or aviation sabotage or airport sabotage according to ch. 13 § 1, § 3 first or second paragraph, § 5 a or § 5 b of the Criminal Code, if the crime includes sabotage according to § 4 of the same chapter,
9. perjury according to ch. 15 Section 1 first paragraph of the Criminal Code, if it can be assumed that the penalty value of the crime exceeds imprisonment for three months,
10. serious child pornography crime or child pornography crime that is not minor according to ch. 16 Section 10 a of the Criminal Code,
11. abuse in legal proceedings or protection of a criminal according to ch. 17 § 10 first or fourth paragraph or § 11 first or second paragraph of the Criminal Code, if it can be assumed that the penalty value of the crime exceeds imprisonment for three months,
12. serious protection of a criminal according to ch. 17 Section 11, third paragraph, Criminal Code,
13. violation of civil liberties according to ch. 18 Section 5 of the Criminal Code,
14. espionage, foreign espionage, unauthorized position with a secret task, gross unauthorized position with a secret task or illegal intelligence activities against Sweden, against a foreign power or against a person according to ch. 19 § 5, 6 a, 7, 8, 10, 10 a or 10 b of the Criminal Code,
15. serious crime of money laundering or commercial money laundering, serious crime, according to section 5 or section 7, second paragraph of the Act (2014:307) on punishment for money laundering offences,
16. serious insider crime according to ch. 2 Section 1, third paragraph of the Act (2016:1307) on penalties for market abuse on the securities market,
17. corporate espionage according to § 26 of the Act (2018:558) on business secrets, if there is reason to assume that the act has been committed on behalf of or has been supported by a foreign power or by someone who has acted on behalf of a foreign power,
18. participation in a terrorist organization, association with a terrorist organization, financing of terrorism or particularly serious crime, public incitement to terrorism or particularly serious crime, recruitment for terrorism or particularly serious crime, training for terrorism or particularly serious crime or travel for terrorism or particularly serious crime according to section 4 a, 5, 6, 7, 8, 9 or 10 of the Terrorist Crimes Act (2022:666),
19. attempt, preparation or incitement to a crime referred to in 1-5, 7, 8, 10 or 12-18, if such an act is punishable,
20. attempt, preparation or commission of a crime referred to in 6, 9 or 11, if such an act is punishable and it can be assumed that the punishment value of the act exceeds imprisonment for three months,
21. another crime, if it can be assumed that the punishment value of the crime exceeds imprisonment for two years, or
22. several offences, if
a) one and the same person is reasonably suspected of all crimes,
b) it can be assumed that the total offense punishable by more than two years imprisonment,
(c) it may be presumed that each of the offenses formed part of a criminal offense which
was carried out in an organized or systematic manner, and
d) imprisonment for one year or more is prescribed for each of the offences
Although the list of offences for which spyware is permitted is long, it should be noted that in Sweden, corporations as such cannot commit crimes (only the representatives of these). In recent years, criminals, especially those involved in drug crime, have used dedicated encrypted mobile phones (e.g., Encrochat). Swedish law does not provide for the possibility to gain backdoor access to these platforms generally, as opposed to secret data reading of a specific criminal’s endpoint device. However, rules on mutual assistance in law enforcement meant that it was possible for Sweden to receive information from law enforcement in other countries (France, Netherlands, USA etc.) where this was legal.
Membership of a terrorist organization is criminalized. Moreover, as already mentioned, there is a special rule regarding foreign nationals suspected of belonging to a terrorist organization.
For secret data reading which involves activation of the device’s microphone to record sound, the list of permitted offences is much shorter, reflecting a higher minimum threshold of seriousness as regards offences. Section 6 of the Act refers to Chapter 27 section 2 d of the Code of Judicial Procedure, which provides for “bugging” for offences punishable by a minimum sentence of four years imprisonment, as well as a small number of security offences (espionage etc.) punishable by a lower minimum sentence. As mentioned, the reason for the higher threshold is that “bugging” (i.e. audio surveillance of a locality) is generally perceived as more intrusive of privacy than interception of the content of telecommunications.
Permission to use secret data reading involving bugging is limited to a place where there is special reason to assume that the suspect will reside. If the location is a permanent residence other than the suspect's, permission for covert data reading may only be granted if there is particular reason to assume that the suspect will reside there. There is however an exception to this requirement, where, if there are special reasons for this, the permission can be linked only to the suspect instead of to the suspect and a specific location. In such circumstances, the secret data reading may then only be used in a place where there is special reason to assume that the suspect will be staying. If the location is a permanent residence other than the suspect's, the secret data reading may only be used if there is special reason to assume that the suspect will reside there.
The second general requirement in all cases (i.e. both under sections 4 and 6 of the Act) is that an identified person must be reasonably suspected for the offence or offences (although see below). This is a basic safeguard applying to all use of special investigative measures. As mentioned, there is, however, an limited exception for preventing certain particularly serious security offences, and certain serious offences committed within the context of organized crime.
The third requirement in sections 4 and 6 of the Act is that the measure must be of particular importance for the investigation.
Another requirement is that the use of spyware is primarily available only for a suspect’s communication device (section 4a). Only if certain (more onerous) requirements are fulfilled is it possible to plant spyware on a device belonging to an identified third party which the suspect is in contact with, i.e. only if there are particularly strong reasons to believe that the suspect will contact the other device.
The requirement that there be someone who is reasonably suspected for the offence is central to Swedish special investigative measures, and is an important safeguard. However, it is modified by an exception. Where the identity of the suspect is not known, but his contacts are known, or a third party (such as a website which the suspects visits) is known, one can permit secret data reading of these contacts, or the third party, but only in order to identify the suspect. Only (stored) historical metadata, not real-time data or communications and not by means of activation of audio or video surveillance functions can be used for this (section 4b).
There are protected categories of people. Under section 11, an authorization for secret data reading may not refer to a readable information system that is normally being used or is specifically intended to be used:
1. in situations where confidentiality applies according to ch. 3. Section 3 of the Freedom of the Press Ordinance or ch. 2 Section 3 of the Freedom of Expression Act, (i.e. protection of journalists’ sources, editors’ offices etc.)
2. in activities conducted by lawyers, doctors, dentists, midwives, nurses, psychologists, psychotherapists or family counselors according to the Social Services Act (2001:453), or
3. by priests within faith communities or by those who have a corresponding position within such communities, in activities for confession or individual pastoral care.
Under section 12 of the Act, an authorization can provide for secret entry to premises to plant spyware physically on an information system (e.g. a stationary computer). If the premises are a dwelling house that is constantly used by someone other than the suspect, then this is only allowed under special circumstances (section 7 first paragraph or section 9 first paragraph)
and only if there is special reason to assume that the information system is there.
Under section 13 of the Act, permission to enter premises cannot be issued for premises belonging to the categories of “protected” professions set out in section 11 (places of worship, mass media, lawyers’ offices etc.).
Swedish law places limits on who can be heard as a witness in certain circumstances (e.g. spouses may not be obliged to witness against each other). Section 27 refers to these limits, prohibiting the use of surveillance data to circumvent this.
Another safeguard is time limits. Sweden provides for a maximum (renewable) period of one month (section 18). However, the Act also provides that if the conditions for the authorization have changed, the surveillance is to cease immediately. Figures from 2023 show that the average period of authorization was 21 days, with the median period 13 days.
In making an application to the court, it is the prosecutor’s duty to set out conditions aimed at minimizing, as far as possible, the interference the measure entails with individuals’ personal integrity (Section 18 first paragraph 4 of the Act). In the preparatory legislative works, these conditions were seen as an important part of justifying the measure. According to the travaux préparatoires, conditions can encompass any circumstances that benefit the protection of the personal integrity. Such conditions are in addition to the duty on the requesting body (police, Security Police, customs) to specify what types of information sought (see p. 3 below on differentiation of the data), which is also a safeguard. The oversight body, SIN (below p. 6) has on occasion criticized prosecutors for not setting conditions – the reason for this apparently being lack of time in the case in question.
Procedurally speaking, the setting of conditions is usually assisted by the fact that a security screened advocate participates in the procedure, and may propose to the court that such conditions are set. A failure to set conditions in a particular case thus means that this safeguard mechanism (not simply the prosecutor) has failed in some way. Those providing electronic communication services are obliged by law to cooperate with the police/security police (section 24). These people have a duty of confidentiality (section 32).
Secret data reading performed remotely involves the exploitation of a vulnerability. This exploitation risks exacerbatin software and hardware vulnerabilities of devices belonging to third parties. Section 25 therefore provides that “When the enforcement is terminated, the executive authority must take the necessary measures to ensure that the information security in the readable information system to which the permit relates must maintain at least the same level as at the beginning of the enforcement.
A technical aid that has been used must be removed, uninstalled or otherwise rendered unusable as soon as practicable after the permit has expired or the permit has been revoked”.
As secret data reading is likely to produce a considerable amount so called “surplus information”, it is important that prohibitions/regulations exist regarding this information.
There are a series of different provisions in the Act providing for whether, and if so, under what circumstances, surplus information can be used (sections 28-31). The basic rule is to require the destruction of this information. However, an exception is permitted where the offence, respectively threat to national security in question, while not part of the basis of the original authorization, is nonetheless of sufficient seriousness, were it known at the time, to have fulfilled the conditions for authorizing hacking in the first place.
Finally, in the changes that were made more recently, it was found necessary to make a statutory requirement to document all decision-making in secret investigative measures. It was no longer regarded as sufficient that such matters be governed only by internal instructions in the prosecutor’s office or police/security police.
Switzerland
In the official French version the provision states the following:
Art. 269ter Utilisation de programmes informatiques spéciaux de surveillance de la correspondance par télécommunication
1 Le ministère public peut ordonner l’introduction de programmes informatiques spéciaux de surveillance de la correspondance par télécommunication dans un système informatique dans le but d’intercepter et de transférer le contenu des communications et les données secondaires de télécommunication sous une forme non cryptée aux conditions suivantes:
a. les conditions fixées à l’art. 269, al. 1 et 3, sont remplies;
b. il s’agit de poursuivre l’une des infractions mentionnées à l’art. 286, al. 2;
c. les mesures de surveillance de la correspondance par télécommunication au sens de l’art. 269 prises jusqu’alors sont restées sans succès ou ces mesures n’auraient aucune chance d’aboutir ou rendraient la surveillance excessivement difficile.
2 Dans son ordre de surveillance, le ministère public indique:
a. le type de données qu’il souhaite obtenir;
b. le local qui n’est pas public dans lequel il est, le cas échéant, nécessaire de pénétrer pour introduiredes programmes informatiques spéciaux de surveillance de la correspondance par télécommunication dans le système informatique considéré.
3 Les données qui ne sont pas visées à l’al. 1 et qui ont été collectées au moyen de tels programmes informatiques doivent être immédiatement détruites. Les informations recueillies au moyen de ces données ne peuvent être exploitées.
4 Le ministère public tient une statistique de ces surveillances. Le Conseil fédéral règle les modalités.
Article 269ter CPC is a special surveillance measure, primarily used to read and listen to end-to-end encrypted communications; it does not require the cooperation of a telecommunications service provider or the Post and Telecommunications Surveillance Service PTSS.
Article 269quater CPC sets out the requirements for the special software that may be introduced in accordance with Article 269ter. The authorities must use software that records surveillance unalterably and without interruption. This record must be part of the case files (paragraph 1). Data must be transferred from the data processing system under surveillance to the relevant criminal justice authority securely (paragraph 2). Finally, the criminal justice authority must ensure that the source code can be checked to verify that the software has only legally permitted functions.
In the official French version, the provision reads as follows:
Article 269quater Exigences posées aux programmes informatiques spéciaux de surveillance de la correspondance par télécommunication
1 Seuls peuvent être utilisés des programmes informatiques spéciaux qui génèrent un procès-verbal complet et inaltérable de la surveillance. Le procès-verbal est joint au dossier de la procédure.
2 Le transfert des données du système informatique surveillé à l’autorité de poursuite pénale compétente est sécurisé.
3 L’autorité de poursuite pénale s’assure que le code source peut être contrôlé, dans le but de vérifier que le programme ne contient que des fonctions admises par la loi.
The provision addresses the concern that the software could change the target system and thus hamper potential evidence. Logging makes such changes recognisable and allows them to be corrected as part of the assessment of evidence. Furthermore, logging allows for the verification of whether the software has accessed unauthorised data outside of telecommunications traffic (paragraph 1). Paragraph 2 is designed to prevent third parties from accessing information from the monitored system using GovWare. Paragraph 3 requires the source code to be verifiable. This ensures transparency about the legally permissible functions of the GovWare in use. The provisions in chapter 8/section 1 (articles 269 to 279) CCP unequivocally apply to the use of GovWare surveillance, unless articles 269ter and 269quater CPC provide for special rules. Article 270 CPC sets out the personal scope of secret surveillance. Article 271 is about respecting professional secrecy. Article 272 deals with the requirement of prior authorisation. Article 273 is about subscriber information, location identification and technical transmission features (access to metadata). Article 274 is about the authorisation procedure. 275 sets out the rules for ending surveillance, 276 covers the use of accessed data not needed for criminal proceedings, 277 explains how data obtained without the required legal authorisation should be used, 278 deals with random finds, and 279 sets out the rules for notifying those under surveillance.
For further targeted surveillance measures see Articles 280 – 289d CPC.
The IntelSA makes a clear distinction between the provisions that apply to devices in Switzerland and those that apply to devices abroad. If the targeted device is in Switzerland, the IntelSA's Article 26, paragraph 1 (d) applies. The requirements for judicial authorisation (Article 29 NDG) and clearance (Article 30 NDG) must be met. Here's the provision in the official French version.
Section 4 Mesures de recherche soumises à autorisation
Art. 26 Types de mesures soumises à autorisation
1 Les mesures suivantes sont soumises à autorisation:
a. faire surveiller la correspondance par poste et la correspondance par télécommunication et exiger les données secondaires issues de la correspondance par poste et télécommunication conformément à la LSCPT (Loi fédérale sur la surveillance de la correspondance par poste et télécommunication)
abis. utiliser des appareils techniques particuliers pour surveiller la correspondance par télécommunication, pour saisir des communications, identifier une personne ou une chose ou encore déterminer leur emplacement, lorsque les mesures de surveillance prévues à la let. a sont restées vaines, n’auraient aucune chance d’aboutir ou seraient excessivement difficiles et que les autorisations nécessaires ressortissant au
droit sur les télécommunications sont disponibles pour lesdits appareils;
b. l’utilisation des appareils de localisation pour déterminer la position et les déplacements de personnes ou d’objets;
c. l’utilisation des appareils de surveillance pour écouter ou enregistrer des propos non publics ou pour observer ou enregistrer des événements se produisant dans des lieux non publics ou dans des lieux qui ne sont pas librement accessibles;
d. l’infiltration dans des systèmes et des réseaux informatiques dans les buts suivants:
1. rechercher les informations qu’ils contiennent ou qui ont été transmises à partir de ces systèmes,
2. perturber, empêcher ou ralentir l’accès à des informations, à condition que ces systèmes et réseaux informatiques soient utilisés dans des attaques visant des infrastructures critiques;
e. les fouilles de locaux, de véhicules ou de conteneurs pour se procurer les objets et les informations qui s’y trouvent ou les informations qui ont été transmises depuis ces endroits.
2 Ces mesures sont exécutées secrètement et à l’insu des personnes concernées.
The principle of subsidiarity applies. This means that the FIS may only take action under Article 26 as a last resort. Any criminal proceedings take precedence. The FIS could only take action if the conditions for criminal proceedings are not (yet) met or such proceedings have no prospect of success in the defence against an actual attack. For specific rules on the use of measures under Article 26 IntelSA, see the following articles: Article 27 on the general requirements, Article 29 on the authorisation procedure, Article 30 on clearance, Article 31 on the authorisation procedure in cases of urgency, Article 32 on the termination of the surveillance measures, and Article 33 on the obligation to notify the target. In particular, the authorisation period is limited to three months, which may be extended for a further three months (repeatedly) (Article 26, paragraph 6, IntelSA). If the target is located abroad, the provisions of section 6 apply. It is important to distinguish between computer network attack (CNA, Article 37 paragraph 1 IntelSA) and computer network exploitation (CNE, Article 37 paragraph 2 IntelSA). The provision in the official French version reads as follows:
Section 6 : Recherche d’informations sur des événements se produisant à l’étranger
Art. 37 Infiltration dans des systèmes et réseaux informatiques
1 Lorsque des systèmes et réseaux informatiques qui se trouvent à l’étranger sont utilisés pour attaquer des infrastructures critiques en Suisse, le SRC peut les infiltrer afin de perturber, empêcher ou ralentir l’accès à des informations. Le Conseil fédéral décide de la mise en œuvre d’une telle mesure.
2 Le SRC peut infiltrer des systèmes et réseaux informatiques étrangers en vue de rechercher les informations qu’ils contiennent ou qui ont été transmises à partir de ces systèmes et réseaux. Le chef du DDPS décide de mettre en œuvre une telle mesure après avoir consulté le chef du DFAE et le chef du DFJP.
In this constellation, the Federal Council (the Swiss government) is the sole authority for deciding on attacks on computer networks (paragraph 1). In the case of computer network exploitation (paragraph 2), the Minister of Defence makes the decision after consulting both the Minister of Foreign Affairs and the Minister of Justice. In both cases, no judicial authorisation is required and there is no individual notification of the intelligence measure.
Ukraine
- Collecting information from electronic communication networks (Article 263)
- Collecting information from electronic information systems (Article 264).
According to Article 246 of the Criminal Procedure Code of Ukraine "Grounds for covert investigative (detective) actions" covert investigative (detective) actions shall mean a type of investigative (detective) actions the information on the fact and methods in which they are conducted may not be disclosed, except as prescribed by this Code (part one).
This article of the Code also states that covert investigative (detective) actions shall be conducted where information on criminal offence and its perpetrator cannot be obtained otherwise. Covert investigative (detective) actions specified, in particular, in Articles 263, 264 shall be conducted exclusively in criminal proceedings in respect of grave or special grave crimes. An investigator
conducting a pre-trial investigation of a criminal offence or, on his behalf, authorised criminal intelligence units of the National Police, security agencies, the National Anti-Corruption Bureau of Ukraine, the State Bureau of Investigations, bodies, penitentiary institutions and pre-trial detention centres of the State Penitentiary Service of Ukraine, bodies of the State Border Guard Service of Ukraine. Upon investigator’s or public prosecutor’s decision, other persons may also be engaged in the conducting of covert investigative (detective) actions.
Other relevant articles of the Code are as follows:
Article 258. General provisions related to interference in private communication
1. Nobody may be subjected to interference in private communication without the investigating judge’s ruling.
2. Public prosecutor or investigator upon approval of the public prosecutor shall be required to apply to the investigating judge for permission to interfere in private communication as prescribed by Articles 246, 248, 249 of this Code, where any investigative (detective) action implies such interference.
3. Communication shall mean the transmission of information in any form from one person to another directly or through any means of communication. Communication shall be deemed private insofar as information is transmitted and stored under such physical or legal conditions where participants to the communication can expect that such information is protected from interference on the part of others.
4. Interference in private communication shall imply access to the contents of communication under conditions when participants to the communication can reasonably expect that their communication is private. The following shall be types of interference in private communication:
1) audio, video monitoring of an individual;
2) arrest, examination and seizure of correspondence;
3) collecting information from electronic communication networks;
4) collecting information from electronic information systems.
5. Interference in private communication of a defence counsel, between clergyman and the suspect, accused, convict or acquitted shall be prohibited.
Article 263. Collecting information from electronic communication networks
1. Collecting information from electronic communication networks (a body of technical means of electronic communications and facilities intended for the provision of electronic communication services) shall mean a variety of interference in private communication conducted without the knowledge of individuals who use telecommunication facility for transmitting information based on the ruling rendered by the investigating judge, where there is possibility to substantiate the facts during its conducting, which have the importance for criminal proceedings.
2. Investigating judge’s ruling to authorise interference in private communication in such a case shall additionally state identification characteristics which will allow to uniquely identify the subscriber under surveillance, electronic communication network, and terminal equipment which can be used for interference in private communication.
3. Collecting information electronic communication networks shall consist in conducting with the use of appropriate technical means of surveillance, selection and recording of the content of information transmitted by a person and important for pre-trial investigation, as well as receiving, converting and recording various types of signals transmitted by communication channels.
4. Collecting information from electronic communication networks shall be effected by authorised units of National Police, National Anti-Corruption Bureau of Ukraine, and State Bureau of Investigation and Security. General managers and employees of electronic communication networks’ operators shall facilitate conducting the actions on collecting information from electronic communication networks, taking required measures in order to not disclose the fact of conducting such actions and the information obtained, and preserve it unchanged.
The following is defined in the joint Order of the General Prosecutor's Office of Ukraine, the Ministry of Internal Affairs of Ukraine, the Security Service of Ukraine, the Administration of the State Border Guard Service of Ukraine, the Ministry of Finance of Ukraine, the Ministry of Justice of Ukraine (dated 16.11.2012) “On the approval of the Instructions on the organization of Covert
investigative (detective) actions and the use of their results in criminal proceedings":
Collecting information from electronic communication networks consists of:
- control over telephone conversations, which consists of covert surveillance, selecting and recording telephone conversations, other information and signals (SMS, MMS, fax, modem, etc.) using special technical means, including those installed in electronic communication networks, which are transmitted by the telephone communication channel, which is controlled;
- collecting information from electronic communication networks, which consists of covert receiving, transforming and fixing with the use of technical means, including various types of signals installed in electronic communication networks, transmitted by communication channels of the Internet and other networks data transmission, which are controlled.
According to Article 264 of the Criminal Procedure Code of Ukraine "Collecting information from electronic information systems" search, detection, and recording information stored in an electronic information system or any part thereof, access to the information system or any part thereof, as well as obtaining such information without knowledge of its owner, holder or keeper
may be made based on the ruling rendered by the investigating judge, where there it is known that such information system or any part thereof contains information of importance for a specific pre-trial investigation. Obtaining information from electronic information systems or parts thereof the access to which is not restricted by the system’s owner, holder or keeper, or is not related to circumventing a system of logical security shall not require permission of the investigating judge.
Investigating judge’s ruling to authorise interference in private communication in such a case shall additionally state identification characteristics of the electronic information system which can be used for interference in private communication.
The following is defined in the joint Order of the General Prosecutor's Office of Ukraine, the Ministry of Internal Affairs of Ukraine, the Security Service of Ukraine, the Administration of the State Border Guard Service of Ukraine, the Ministry of Finance of Ukraine, the Ministry of Justice of Ukraine (dated 16.11.2012) “On the approval of the Instructions on the organization of Covert
investigative (detective) actions and the use of their results in criminal proceedings":
- сollecting information from electronic information systems without knowledge of its owner, holder or keeper (Article 264 of the Criminal Procedure Code of Ukraine) consists in obtaining nformation (including with the use of technical equipment) contained in electronic computing machines (computers), automated systems, computer network.
The Criminal Procedure Code of Ukraine establishes the requirements for conducting investigative (detective) actions (Article 223.8), according to which investigative (detective) actions shall not be conducted upon expiration of time limits of pre-trial investigation, except in cases stipulated by part 3 of Article 333 hereof. Any investigative (detective) actions or covert investigative (detective) actions conducted after expiry of the period of the pre-trial investigation shall be void and the resulting evidence shall be deemed inadmissible.
As for intelligence investigations, the Decree of the President of Ukraine "On streamlining the production, acquisition and use of technical means for collecting information from communication channels" (April 13, 2001) establishes that the Security Service of Ukraine exercises the implementation of the state policy on the development, production, implementation and acquisition special technical means for collecting information from communication channels, other means of covertly obtaining information and ensuring state control and coordination of the activities of state bodies.
The Order of the Security Service of Ukraine dated December 23, 2020 "On approval of the Сompilation of Іnformation Constituting a state secret" defines the special technical means as technical means, equipment, facilities, instruments, devices, software, drugs and other products, intended (specially developed , manufactured, programmed or adapted) to obtain information covertly. Information, in particular, about the nomenclature, actual availability, financing, the need for provision of technical means of intelligence, special technical means or special equipment is a state secret; information that makes it possible to identify a person, place or thing, in relation to which an covert investigative (detective) action is being conducted or is planned, the disclosure of which poses a threat to national interests and security.
In accordance with the Law of Ukraine "On Intelligence", intelligence agencies (under Article 5 of this law they are: the Foreign Intelligence Service of Ukraine; the intelligence agency of the Ministry of Defense of Ukraine; the intelligence agency of the central executive body that implements state policy in the field of state border protection) shall exercise powers, in particular,
to create and use information, information systems, telecommunication systems and database system to ensure intelligence activities; to create, purchase, program, modernize, adapt and use technical means of intelligence, special technical means (Article 12).
The Order of the Security Service of Ukraine dated December 23, 2020 " On approval of the Сompilation of Іnformation Сonstituting a state secret" defines the concept of technical intelligence as unauthorized acquisition of secret information using technical means and its analysis. Means of technical intelligence are, in particular, devices, machines and equipment or
technical systems made with their use, as well as tools and substances intended for: obtaining intelligence information from telecommunications channels, information systems and certain technical means of information processing; covert surveillance of objects of interest to intelligence agencies as a source of intelligence information.
In accordance with the first part of Article 15 of the Law of Ukraine "On Intelligence" "Intelligence measures carried out on the basis of a court decision", intelligence agencies may conduct certain intelligence measures in relation to a person, place or thing located on the territory of Ukraine, which consist, in particular, in:
Collecting information from electronic information systems by selecting and recording the content of relevant information or data that a person transmit or receive;
Collecting information from electronic information systems by searching, selecting and fixing relevant information or data contained in the electronic information system or in the part of it, without knowledge of its owner, holder or keeper.
Such intelligence activities are carried out under conditions they are directly related to the implementation of intelligence activities outside Ukraine or are aimed at obtaining intelligence information originating outside Ukraine, and only on the basis of a court decision.
An intelligence agency may start conducting intelligence activities, provided for in the first part of Article 15, in relation to a person who is in the territory of Ukraine on legal grounds and who was identified during the intelligence activity based on search criteria, solely on the basis of a court decision. In such a case, under the decision of the head of the intelligence agency, the conduct of an intelligence measure, based on the search criteria, may be extended for a period until a court decision is obtained, but not more than 72 hours from the moment of identification of the person.
Article 46 of the Law of Ukraine "On Intelligence" «Information on intelligence agencies and intelligence activities» establishes, in particular, the following:
1. Information on intelligence agencies and intelligence activities is the information on intelligence agencies, information received or created in connection with the execise of tasks and functions by intelligence agencies, provided by this Law.
Access to information on intelligence agencies and intelligence activities may be limited in accordance with the procedure established by law.
2. Information on intelligence activities, intelligence methods, intelligence forces and means, intelligence information, information on providing consumers with intelligence information, on the interaction of intelligence agencies with other subjects of the intelligence community, with state bodies, local self-government bodies, enterprises, institutions, organizations, competent bodies of foreign states, international organizations, belongs to secret information and is subject to classification as an intelligence secret and/or state secret in accordance with the procedure established by law.
Information belonging to intelligence secret is not subject to disclosure and submission to requests in accordance with the Law of Ukraine "On Access to Public Information", as well as to other appeals and requests, except for cases expressly defined by law.
3. Іndividual information or data belonging to intelligence secrets may be transferred or made public under head of the intelligence agency decision in order to carry out the functions assigned to the intelligence agencies, to ensure interaction with other subjects of the intelligence community, as well as to ensure citizens' access to information about the activities of intelligence agencies.
Information or data belonging to an intelligence secret, transferred by an intelligence agency to another subject, may be made public or transferred by such a subject to third parties only with the written permission of the head of the relevant intelligence agency.
4. Requirements for classification, organization and provision of the regime of information belonging to intelligence secrets are determined by the President of Ukraine, including on the basis of proposals of the coordination body on intelligence.
It is also worth noting that in the Law of Ukraine «On the Basic Principles of Cybersecurity» in
Ukraine, October 5, 2017, contains the concept of cyber intelligence – actions carried out by
intelligence agencies in cyberspace or with its use and the concept of cyberespionage – espionage
that takes place in cyberspace or with its use.
According to Article 8 of the Law "National cybersecurity system" the national cybersecurity system is a set of cybersecurity subjects and interrelated measures of a political, scientific and technical, informational, educational, organizational, legal, intelligence, counterintelligence, defense, engineering and technical nature, as well as measures for the cryptographic and technical protection of national information resources and the cyber defense of critical information infrastructure facilities.
The main entities of the national cybersecurity system are the State Service for Special Communication and Information Protection of Ukraine, the National Police of Ukraine, the Security Service of Ukraine, the Ministry of Defense of Ukraine and the General Staff of the Armed Forces of Ukraine, intelligence agencies and the National Bank of Ukraine, which, under the Constitution and the laws of Ukraine, perform the following main tasks in the prescribed manner. The Security Service of Ukraine prevents, detects, suppresses and solves criminal offenses against peace and security of humanity that are committed in cyberspace; carries out counterintelligence and criminal intelligence operation activities aimed at combating cyberterrorism and cyber espionage, and covertly checks the readiness of critical infrastructure facilities for possible cyberattacks and cyber incidents; counteracts cybercrime, the consequences of which may threaten the vital interests of the state; investigates cyber incidents and cyberattacks against state electronic information resources and information, the requirement for protection of which is established by law, and critical information infrastructure; provides a response to cyber incidents in the field of national security.
The Criminal Procedural Code of Ukraine contains provisions (Article 482-2) that regulate the. Specific aspects of the procedure for prosecuting, detaining, choosing a measure of restraint, conducting investigative (detective) and covert investigative (detective) actions against a Member of Parliament of Ukraine, in particular:
1. Information that may testify to the commission of a criminal offence by a Member of Parliament of Ukraine shall be entered into the Unified Register of Pre-trial Investigations by the Prosecutor General (Acting Prosecutor General) in accordance with the procedure established by this Code.
2. Request for permission to apprehend, choose a measure of restraint in the form of detention or house arrest, search, violation of the secrecy of correspondence, telephone conversations, telegraph and other correspondence, as well as the application of other measures, including covert investigative (detective) actions, which in accordance with the law restrict the rights and freedoms of a Member of Parliament of Ukraine, the consideration of which is attributed to the powers of the investigating judge, shall be approved by the Prosecutor General (Acting Prosecutor General).
Such motions, in addition to the use of covert investigative (detective) actions, shall be considered by an investigating judge within whose territorial jurisdiction the pre-trial investigation agency is located, and in the criminal proceedings for crimes within the jurisdiction of the High Anti-Corruption Court they shall be considered by an investigating judge of the High Anti-Corruption
Court.
Such requests shall be considered with the obligatory participation of a Member of Parliament of Ukraine. The investigating judge shall inform a Member of Parliament of Ukraine in advance about the consideration of the said request, except for the request for the use of covert investigative (detective) actions or search.
The body or officials who detained the Member of Parliament of Ukraine, informed him/her of the suspicion or applied a measure of restraint against him/her, or conducted other investigative actions (except for search and covert investigative (detective) actions), shall immediately, but not later than 24 hours from the moment of committing such actions, inform the Chairman of the Verkhovna Rada of Ukraine.
United Kingdom
As specified in Section 101 of the IPA, third parties who are sufficiently linked to the main target can also be the object of spyware surveillance.
Section 116 provides that warrants are valid for six months. Targeted surveillance can be carried in the absence of a prior authorisation, provided that such authorisation is granted by the relevant authorising body within three days (Section 109 § 3).
United States of America
Some states have introduced specific binding rules with respect to surveillance. The California electronic Communications Privacy Act, for instance, requires law enforcement to obtain warrants before attempting to access electronic devices and prohibits the use of spyware and malware without a warrant other than in limited circumstances. The state of Illinois has a similar rule, and other states may follow similar restrictions.
The CFAA is applicable to unauthorized computer access. Such access is unauthorized when it involves “information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954."