In this section, we will study the issue from two perspectives, the subject participating in the proceedings has the need to collect electronic evidence from a third party, the second perspective is the implementation of this issue by individuals and organizations that are third parties with the obligation to provide electronic evidence. At the same time, we also propose solutions to meet the requirements, in both areas, collecting electronic evidence to serve civil lawsuits, criminal cases, but also ensuring the freedom of business and the interests of third parties.
Vietnamese law in the civil field stipulates the responsibility of competent agencies, organizations and individuals to provide documents and evidence 42. Stating the responsibility of state agencies and individuals who are cadres, civil servants and public employees, it does not cover all components of society related to the obligation to provide evidence. Or requesting agencies, organizations and individuals to provide documents and evidence 43. Regulating the rights of parties to request agencies, organizations and individuals to provide documents and evidence. Responsibility of the Court and the Procuracy when parties fail to comply with their requests. At the same time, it also stipulates the responsibility of individuals and organizations requested to provide evidence. The handling of responsibilities of agencies, organizations and individuals who do not provide documents and evidence as stipulated in Clause 3, Article 106 and Article 495 of the 2015 Civil Procedure Code shows inconsistency, duplication and lack of strictness, reflecting the lack of clarity and decisiveness of the law. It does not clearly state the level of administrative penalties and criminal prosecution under which article or clause of the Penal Code. In short, the request for agencies, organizations and individuals to provide documents and evidence is traditionally carried out according to Articles 7, 106 and 495 of the 2015 Civil Procedure Code. However, in practice, implementation still faces many difficulties, because the law does not clearly stipulate the rights of the parties, the guardians, the authorized persons and the representatives of the parties to request to what extent in implementing these provisions. The specific responsibilities and obligations of agencies, organizations and individuals are unclear, and the sanctions for both the requesting and providing subjects are unclear. The request for traditional evidence provision, which has been regulated by law, still faces many difficulties in requesting and providing evidence (Nguyen Thi Thu Suong, 2021). Vietnam's Civil Law does not have regulations on the provision of electronic evidence. In addition to legal requirements, electronic evidence also requires technological assurance, in order to meet data integrity and verifiability, so it is thought that the provision of electronic evidence needs to be concerned by the law to build strict, practical regulations, clear procedures and sequences, thereby making enforcement more effective.
In the criminal field, the law also allows subjects participating in the proceedings to request agencies, organizations and individuals to provide evidence, documents, objects, electronic data, and presentations.
Maybe you are interested!
-
Theoretical and practical issues on the institution of evidence in Vietnamese criminal procedure law - 11 -
Determining the price of residential land for compensation when the State recovers land according to current Vietnamese law - 2 -
Protecting the interests of depositors at commercial banks according to Vietnamese law - 2 -
Vietnamese law on loan contracts in the field of banking credit - 28 -
Protecting the rights of depositors at commercial banks according to Vietnamese law - 13
42 Article 7 of the 2015 Civil Procedure Code.
43 Article 106 of the 2015 Civil Procedure Code.
44. At the same time, administrative enforcement, fines, and criminal prosecution shall be applied for acts of forgery, destruction, false declarations, or provision of false documents; refusal to declare or refusal to provide documents or objects; and false, unbiased expert conclusions . 45. This provision is very general in the case of collecting electronic evidence, and does not reflect the requirements for timeliness, accuracy, and objectivity in criminal proceedings because electronic evidence is easily destroyed without leaving a trace, and is easily modified and cannot be detected. The form of sanction in this case is not specifically stated for electronic evidence, the handling is unclear, and does not have a deterrent or strict nature, forcing organizations, agencies, and individuals to hand over electronic evidence, regardless of who the subject participating in the proceedings is, the subject requesting the handover must also be seriously responsible before the law for his or her request.
The 2018 Law on Cyber Security aims to ensure national security and social order and safety in cyberspace 46 , considering the collection of electronic data related to activities that violate national security, social order and safety, and the legitimate rights and interests of agencies, organizations and individuals in cyberspace as a cyber security measure 47 . Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services in cyberspace in Vietnam are responsible for verifying information when users register for digital accounts, providing user information to the specialized force for cyber security protection under the Ministry of Public Security upon written request to serve the investigation and handling of violations of the law on cyber security 48 . This type of enterprise must store data in Vietnam for the period prescribed by the Government, and must establish a branch or representative office in Vietnam 49 .
The provisions on electronic data collection of the 2018 Law on Cyber Security seem strict and serious, but in fact it is not feasible and unrealistic. Considering electronic data collection as a cybersecurity measure is unnecessary, because this measure is used in civil, criminal and competition proceedings, an unnecessary duplication and not true to the nature of the problem. Because the Law on Cyber Security is a legal tool to promote the confidentiality, integrity, and availability of information, systems, and public and private networks, through the use of forward-looking incentive regulations, with the goal of protecting the rights and privacy of individuals, economic interests, and national security (Kosseff, J., 2017). Authentication of user information when registering an account
44 Clause 1, 2 Article 88 of the 2015 Criminal Procedure Code (amended and supplemented in 2021).
45 Clauses 1, 2, 3, 4, Article 466 of the 2015 Criminal Procedure Code (amended and supplemented in 2021).
46 Cyberspace is a global domain within the information environment that is unique and special in nature and is framed by the use of electronics and the electromagnetic spectrum to create, store, exchange and exploit information through interdependent and interconnected networks using information and communication technologies (Kramer, FD, 2013).
47 Article 5 of the 2018 Law on Cyber Security.
48 Clause 2 Article 26 Law on Cyber Security 2018.
49 Clause 3 Article 26 Law on Cyber Security 2018.
Digital accounts are necessary, but the government must provide the technical infrastructure for this, such as a population database. Data storage needs to specify what type of data is stored, for how long, no company can store all data, doing so is not feasible, causing unreasonable costs, is it necessary to store data in Vietnam, this is not necessary because current technology is borderless, the issue is whether the country has enough technological capacity, human resources to check, monitor the law enforcement of these types of companies or not, there is no need to have a representative office, the issue is that the cooperation documents respect national and international law. What data is stored, how long, how to store is the biggest contradiction in ensuring public security and economic interests of enterprises. However, the provisions of the 2018 Law on Cyber Security do not resolve this contradiction, are incapable of monitoring enforcement, and are wasteful of social economic interests, are not beneficial to business freedom, and do not serve public security well. At the same time, this law also does not have sanctions for not providing electronic data to serve public security.
In collecting electronic evidence, requesting a third party to provide electronic evidence is a necessary and very important task in proving legal events in criminal, civil and other fields. The problem is that legal regulations create equal, fair and feasible conditions for all subjects to exercise the right to request the provision of electronic evidence, while also protecting the freedom of business of enterprises and reasonable costs for providing electronic evidence. To achieve that, the law needs to clearly stipulate the following issues:
Firstly, when enterprises, individuals, or state organizations want to do business or operate in the field of information technology, they must register technological processes and technical standards with state management agencies. In addition to other requirements, it is mandatory to register the content, methods, and technology of creating, copying, storing, processing, and transmitting electronic data of the intended business or implementation. On that basis, state agencies will manage this work. Organizations and individuals are free to choose technology, processes, and implementation methods, respecting the freedom of all citizens and organizations, but must register with the state management agency, and must comply with what has been registered with the relevant agency.
Second, the subject participating in the proceedings has the obligation and responsibility to prove the legal event that occurred in the civil lawsuit or criminal case, and has the right to request competent litigation agencies to allow the implementation of measures requiring a third party to preserve electronic data for a certain period of time, serving the retrieval request when
qualified or provide electronic data (Jarrett, HM, & Bailie, MW, 2003). Upon receipt of the request, the competent procedural authorities shall consider, if the request is reasonable, legal, and the subjects must demonstrate the capacity to perform this work, then issue a decision to allow implementation.
Third , there must be clear and strict sanctions for cases of abuse of the right to request preservation and provision of electronic evidence for personal gain, affecting the legitimate spiritual and material interests of other individuals and organizations. At the same time, there must be clear and strict sanctions for all acts of disclosure, fraud, or irresponsibility in providing electronic evidence by third parties.
Here, only the most general issues are presented for directional suggestions. All of these measures need to be clearly and specifically legalized before they can be implemented. We must also note that, for electronic evidence collection, in addition to legalizing the implementation measures, it is also necessary to legalize the enabling technology and the capacity of the subjects participating in the implementation. Only then can the law be put into practice.
2.3.4 Collecting electronic evidence in the context of globalization
An equally important factor is the context of globalization. On the cyberspace platform, electronic data can be stored anywhere in the world. For example, an author in Vietnam makes an online purchase on a website registered with a company in Singapore. When logging in, the author must declare personal information, then perform other actions to make the purchase. All of that electronic data is recorded by this website and stored in a database that can be located somewhere in the world, not necessarily in Singapore. When the author's online purchase shows signs of violating the law, or infringing on the interests of others, being sued, or the investigating agency needs to collect electronic evidence, among other factors, national sovereignty and technology standards are important factors affecting the collection of electronic evidence in the context of globalization.
2.3.4.1 National sovereignty is an important barrier
Any act of illegal intrusion into cyberspace is considered a hostile act and will be responded to accordingly (Obama, B., 2011). Countries around the world consider cyberspace as a territory where they exercise national sovereignty. This is a new concept, due to the complex and virtual nature of cyberspace, determining national sovereignty to decide on requests for judicial assistance is difficult and complicated (Nguyen Hoang Thanh & Tran Thi Hoa, 2018). Moreover, the nature of business and communication of individuals and organizations is cross-border and multinational. Therefore, when collecting electronic data, national sovereignty must be considered.
In response to the need to combat cybercrime on a global scale, the Convention on Cybercrime (Budapest Convention) was born. With the hope that countries will coordinate to combat cybercrime effectively, effectively addressing the barriers of national sovereignty. The Convention regulates specific cybercrime acts, prescribes procedural rules for members participating in the Convention to implement, serving the fight against crime. Articles 16 and 17 of the Convention also stipulate methods for preserving, storing, and retrieving dynamic data, Article 18 stipulates cooperation in providing electronic data outside the national territory, Article 19 stipulates cooperation in searching and collecting electronic data to serve the requests of member countries participating in the Convention. However, there are still significant challenges that limit international cooperation, such as:
Firstly , the Convention wants to comprehensively regulate all types of crimes in cyberspace, but in reality it is impossible, because crimes originate from society, each region, area, and country has different social and cultural relations, and the requirements and regulations of criminal law of each country are also different. Secondly , each country has different levels and perspectives on the protection of human rights. The collection of personal data also has different perspectives. The way laws regulate the protection of privacy in cyberspace is also different in each country. The management of data flows in cyberspace is also different. Thirdly , although a quarter of the countries in the world have joined the Convention, the majority of the remaining countries have not joined this Convention, because the Convention allows investigators to access computer data, which is a violation of national sovereignty, so it cannot carry out effective global coordination (Clough, J., 2014). Vietnam has not yet joined the Budapest Convention, a new convention being drafted by Russia and China.
In terms of civil matters, there is no international cooperation on collecting electronic evidence. Cooperation on collecting evidence is provided by the Hague Convention (Phan Hoai Nam, 2021). Chapters 1 and 2 of the Convention stipulate two methods of collecting evidence, collecting evidence by sending a written request and collecting evidence by a diplomatic officer, consular officer or an appointed or authorized person. Collecting evidence is only carried out under the jurisdiction of the Court for cases that the Court is handling, and only in the civil or commercial field. The Convention also strictly regulates the request procedure, as well as the implementation of the request. The requesting party must pay the costs to the party implementing the request, if any. However, the Convention is not highly sanctioned, the scope of application in the civil and commercial fields is not specifically regulated in the Convention and the interpretation of what is civil and commercial does not depend on the law of the country.
requests, which depend on the country making the request to collect evidence, can easily lead to conflicts due to different views on this issue (Phan Hoai Nam, 2016).
With the convention on collecting evidence in civil and commercial fields, it is completely possible to apply it to collect electronic evidence in this field, with strict conditions on legal requirements, technological requirements, and capacity requirements of the person directly collecting electronic evidence. The important thing is to create a mechanism to check the legality and meet technological requirements during the use of evidence. In fact, the Hague Convention was also guided by the Hague Conference in 2020 to collect evidence as video witness testimony, a type of electronic evidence but limited to collecting witnesses or expert testimony and depending on the law of the party providing the evidence.
In short, cross-border electronic evidence collection in all areas requires a closer cooperation mechanism, requiring similar national laws, barriers of national sovereignty are difficult to overcome, countries must see that providing electronic evidence is a practical requirement of law enforcement, ensuring fair treatment for all citizens in the world. To achieve effective international cooperation in the context of globalization, to effectively combat cybercrime, and to fairly resolve civil and commercial disputes, countries need to cooperate more closely in the field of collecting and providing electronic evidence. There is no difficulty that humanity cannot overcome, close cooperation still ensures national sovereignty, it must be based on the method of cooperation, requirements on technological capacity, and capacity of law enforcement entities. In addition to building a cooperation mechanism that must go hand in hand with technological standards, other requirements also need to be compromised to achieve international standardization. Only then can cooperation in collecting electronic evidence in the context of globalization hope to succeed.
2.3.4.2 Solutions for collecting electronic evidence in the context of globalization
In addition to overcoming the barrier of national sovereignty to achieve international cooperation in collecting electronic evidence by developing technological capacity in each country; the nature of collecting electronic evidence is reflected in the digital investigation process. Therefore, the international community needs to standardize some issues of digital investigation such as: Standardizing the digital investigation environment including the capacity of participating human resources, processes, and procedures. Standardizing technology and tools used in digital investigation to collect electronic evidence.
a) Standardizing the digital investigation environment
Humans play a decisive role in the success or failure of the digital investigation process, and humans here are the subjects participating in the proceedings who have the right to collect electronic evidence. Standardizing the human factor means standardizing human capacity based on knowledge, skills, and experience. Because science and technology contribute to the formation of electronic evidence, people working in this field, in addition to knowledge and capacity in other fields, are required to have knowledge and skills in information technology at a level appropriate to the role and position they assume.
There are many digital investigation processes, and within a country there can be many different digital investigation processes. However, to cooperate effectively, there must be an international standard process, so that there are no gaps or conflicts when coordinating, in order to achieve high efficiency in the process of collecting electronic evidence.
The procedure for conducting digital investigations, each country has its own procedural order, so it is obvious that the procedure for conducting digital investigations is different. However, in the process of international cooperation, it is entirely possible to reach an agreement to have a unified procedure for collecting electronic evidence to ensure the admissibility, verification, and reliability of electronic evidence.
b) Standardization of technology and digital investigation tools
The need to standardize monitoring and management technology before a system failure requires investigation and collection of electronic evidence. With this standardization, the collection of electronic evidence will be technologically convenient for all member countries, and there will be no technical conflicts. Simply the lack of standardization of data structure technology is also a problem for collection.
Standardize the principles of incident management, technological processes for preparing for incidents, and operational incident response technological processes. Standardize the technological processes after incident response. With such standardization, the process of investigating and collecting electronic evidence will be more favorable. This issue is technologically feasible, similar to building standards and quality in the construction industry.
2.4 Digital forensic process model for electronic evidence collection
2.4.1 Reasons for building a digital investigation process
In Vietnam, in the fields of civil, criminal and computer incident handling, the need to use electronic evidence is increasing, because human communication and activities are conducted on electronic means and information technology. Collecting electronic evidence is a stage of the digital investigation process, on the contrary, the entire digital investigation process reflects the nature of the electronic evidence collection process. Because, through the digital investigation process, the physical reflection of electronic evidence is electronic equipment and electronic data; the digital investigation process
reflects the technology of forming electronic evidence in physical form; the digital investigation process reflects the perception of electronic evidence, because this is the connection between the physical reflection of electronic evidence and the legal events that have occurred, linking the logical explanation of what has happened. An important requirement is to build a digital investigation process to manage the process of collecting electronic evidence of the judicial agency, and at the same time have appropriate measures to suit each stage of collecting electronic evidence. Building a digital investigation process is an objective requirement of the process of collecting electronic evidence, in order to collect complete, objective, honest, verifiable electronic evidence, and to closely monitor and control the collection of electronic evidence . The relationship between digital investigation and electronic evidence collection is shown by the author in Figure 2.2.
Figure 2.2 The relationship between digital forensics and electronic evidence collection
(author)
There are many tasks and measures that need to be implemented in the digital investigation process. At the same time, many subjects are also involved in this process, so the requirement to build a digital investigation process is an inevitable requirement of the digital investigation process itself, to ensure objectivity, comprehensiveness and no duplication of work, making it possible to re-examine collected electronic evidence.
There is no document that is consistent between the two terms digital investigation and digital forensics. However, through studying articles on process models of digital investigation and digital forensics, such as Common phases of computer forensics investigation models (Usoff, Y., & Ismail, R., 2011), or Evaluation of digital forensic process models with respect to digital forensics as a service (Usoff, Y., & Ismail, R., 2011),