Preventing, responding to and investigating cyber incidents relies on time-critical access to relevant data which might be located in countries outside the one conducting the investigation. Operational cooperation between different private and public entities and national law enforcement agencies is one of the prerequisites of a successful investigation. However, given the structure of the internet and in particular the widespread use of cloud computing by citizens, private entities and States, the physical location of data necessary for an investigation is often difficult to determine. This raises several questions regarding the appropriate legal mechanisms to be used in accessing extraterritorially located data in the course of an investigation of a cyber incident. There is a need to analyse alternative and more effective legal tools, and to find a balance with the legal structures intended to protect the data and the privacy of individuals.
This analysis gives a brief overview on the role of criminal procedure and law enforcement entities in investigating cyber incidents, and then moves on to the options for States to access extraterritorially located data. Specifically, the mechanisms of Mutual Legal Assistance (MLA) and other established measures for international cooperation in the fight against cyber crime are discussed. Due to the increasing volume and importance of digital evidence in investigations, the need to access such data quickly will only increase in the foreseeable future. Therefore, the effectiveness of these MLA procedures is highly relevant and should be a priority for States. If alternative measures are to be used or proposed by State entities, these need to be in accordance with both national and international legal frameworks.