Analysing large amounts of data goes to the heart of the challenges confronting intelligence and law enforcement professionals today. Increasingly, this involves Internet data that are ‘open source’ or ‘publicly available’. Projects such as the European FP7 VIRTUOSO are developing platforms for open-source intelligence by law enforcement and public security, which open up opportunities for large-scale, automated data gathering and analysis. However, the mere fact that data are publicly available does not imply an absence of restrictions to researching them. This paper investigates one area of legal constraints, namely criminal-procedure law in relation to open-source data gathering by the police. What is the legal basis for this activity? And under what conditions can domestic and foreign open sources be investigated?
These questions are addressed from the perspectives of European and Dutch law. First, the international legal context for gathering data from openly accessible and semi-open sources is analysed, including the issue of cross-border gathering of data. In particular, article 32 of the Cybercrime Convention and some national implementations are discussed, as well as data protection requirements from European Union law. Next, the paper zooms in on the Dutch legal context for open-source investigations, to illustrate how the issues of a legal basis and other legal requirements are addressed in a specific legal framework.
The paper draws the conclusion that technology-facilitated investigations of open sources by the police often constitute an interference with the right to privacy; hence, they require a legal, statutory basis that is sufficiently clear for citizens to understand what the police are doing. Moreover, open-source investigation tools and practices used must meet general data-protection requirements and forensic reliability standards. The discussion also shows that interpreting existing legal provisions to accommodate open-source investigation tools can lead to convoluted interpretations, suggesting that legal frameworks of investigation powers with a focus on physical-space investigations may need to be revised to accommodate the particularities of open-source Internet investigations.