刑事立案前后电子取证规则衔接问题研究——以电子数据证据过程性为视角
|
摘要
刑事诉讼法及相关司法解释在规定电子数据证据侦查取证规则的同时,对于行政执法阶段以及犯罪初查阶段的证据效力也予以确认,但三阶段在具体取证规则方面存在较大差异。基于电子数据证据效力与证据内容的双重过程性,这种差异不可避免损及电子数据的真实性与完整性,并引发后续刑事司法裁判过程中的审查认定困难。基于信息生命周期理论,通过区分电子数据首次接触行为与后续处理行为,在此基础上明确并协调电子数据在刑事立案前后三阶段的取证、保管与传输规则,有助于弱化取证规则差异对于电子数据证据证明力的负面影响,从而从程序规则层面实现电子取证的不同主体、不同阶段之间的协同运作。
引文
[1]有关“快播案”中电子数据证据取证瑕疵以及由此引发的真实性等争议,参见刘品新:《电子证据的鉴真问题:基于快播案的反思》,《中外法学》2017年第1期,第89-103页。
[2]See SWGDE and IOCE,"Digital Evidence:Standmads and Principles", https://archives.fbi. gov/archives/about-us/lab/forensic-science-communications/fsc/apri12000/swgde. htm, last visited on 28 Februay 2017.
[3]See European Informatics Data Exchange Framework for Courts and Evidence, http://cordis. europa. eu/project/rcn/185514_en. html, last visited on 31 March 2017.
[4]参见吉林省靖宇县人民法院(2015)靖刑初字第73号刑事判决书。
[5]参见江苏省徐州市云龙区人民法院(2016)苏0303刑初第211号刑事判决书。
[6]参见四川省武胜县人民法院(2016)川1622刑初第107号刑事判决书。
[7]Eoghan Casey, Digital Evidence and Computer Crime, 3rd ed.,Elsevier,2011,p. 15.
[8]参见闵春雷:《严格证明与自由证明新探》,《中外法学》2010年第5期,第684-697页。
[9]See Eoghan Casey,supra note[7],p. 25.
[10]David E. Pozen,"The Mosaic Theory,National Security,and the Freedom of Information Act",115 The Yale Law Journal 628(2005).
[11]United States v. Jones, 132 S. Ct. 945(2012).
[12]关于该案的分析,参见初殿清《镶嵌论视野下车载GPS证据的可采性》,《政法论坛》2013年第3期,第164-165页。
[13]有学者在研究过程中直接将“众包”和“人肉搜索”这两个概念等同起来。See LernnonY. C. Chang and Andy K. H.Leung,"An Introduction to Cyber Crowdsourcing(Human Flesh Searching)in the Greater China Region",in Russell G. Smith, et al(eds.),Cybercrime Risks and Respornses:Ea.stern and Western Perspectives, Palgrave, 2015, pp. 240-252.
[14]Wei Li, et al(eds.), Crowdsourcing:Cloud-Based Software Developmernt, Springer, 2015, pp. 30-37.
[15]裴炜:《个人信息大数据与刑事正当程序的冲突及其调和》,《法学研究》2018年第2期,第49页。
[16] See Walter L. Perry, et al, Predictive Policing:The Role of Crime Forecasting in Lauw Enforcement Operations, RAND Corporation2013,pp. xiv-xvii.
[17]这里涉及到《刑事诉讼法》与《监察法》的衔接问题,以及在此基础上对于监察人员资格、行为效力等方面的论证。鉴于当前规定本身尚未明晰,同时《监察法》中涉及刑事案件调查的部分,在规则上与《刑事诉讼法》大致重合,本文在此做简化处理。
[18]参见谢登科:《论行政执法证据在刑事诉讼中的使用——基于典型案例的实证分析》,《华东政法大学学报》2016年第4期,第147-159页;万尚庆《论行政执法证据在刑事诉讼中的使用》,《法学杂志》2015年第5期,第111-119页;顾永忠:《行政执法证据“在刑事诉讼中可以作为证据使用”解析》,《法律适用》2014年第3期,第11-15页。
[19]相关讨论参见前引[18],顾永忠文,第11-15页。
[20]关于言词类证据可否转化的讨论,参见郎胜主编《<中华人民共和国刑事诉讼法>修改与适用》,新华出版社2012年版,第119-120页。
[21]See SWGDE&IOCE, supra note(2).
[22]粟湘、郑建明、吴沛《信息生命周期管理研究》,《情报科学》2006年第5期,第691页。
[23]2009年存储网络产业联盟(Storage Networking Industry Association,简称SNIA)更新了信息生命周期管理的定义并推出了相对成熟的管理模型。See SNIA,"The Information Lifecycle Management:Matturity Model",http://www. snia. org/sites/default/files/SNIA-DMF-_ILM-_Maturity_Model_20090921-Final. pdf, last visited on 21 March 2017.
[24] Gaily M. Hodge"Best Practice for Digital Rrchiving:An Information Liife Cycle Approach", D-Lib Management, 2000:6(1), http://www. dlib. org/dlib/january00/01hodge. html, last visited on 21 March 2017.
[25] See MDEC,"Digital Evidence Guide for First Responders", issued in May 2015, http://www. iacpcy bercenter. org/wp-content/uploads/2015/04/digitalevidence-booklet-051215. pdf, last visited on 21 March 2017.
[26]See NIJ"Electronic Crime Scene Investigation:A Guide for First Responders", 2nd ed., issued in 2001, htttps://www. ncjrs. gov/pdffilesl/nij/219941. pdf, last visited on 21 March 2017.
[27]See US Department of Homeland Security"Best Practices for Seizing Electronic Evidence:A Pocket Guide for First Responders",http://www. crime-scene-investigator. net/SeizingElectronicEvidence. pdf,last visited on 22 March 2017.
[28]See Directive(EU)2016/1148 of the European Parliament and of the Council, adopted on July 6, 2016, http://eurlex. europa. eu/legal-content/EN/TXT/? uri=uriserv:OJ. L_. 2016. 194. 01. 0001. 01. ENG&toc=OJ:L:2016:194:TOC, last visited on 22 March 2017.
[29]See CESG(now a part of the NCSC), et al."10 Steps:Incident Management",issued on January 16,2015,https://www. gov. uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11,last visited on22 March 2017.
[30] See SWGDE&IOCE, supra note(2).
[31]See ACPO,"Good Practice Guide for Digital Evidence", issued in March 2012, http://www. digital-detective. net/digital-forensics-documents/ACPO_Good Practice Guide_for_Digital Evidence_v5. pdf, last visited on 22 March 2017.
[32]See P. Newsom,"Keeping a Chain of Custody for Digital Evidence", issued on December 31, 2005, http://www. pimall. com/nais/nl/n. keepingachain. html, last visited on 22 March 2017.
[33]例如MD5算法在2012年就已经被成功破解,2017年位于荷兰阿姆斯特丹的国家数学和计算机科学研究所(Centrum Wiskunde&Informatica, CWI)更是与谷歌联合宣布其实现了对SHA-1的成功碰撞。See"CWI and Google Announce First Collision for Industry Security Standard SHA-1", https://www. cwi. nl/news/2017/cwi-and-google-announce-first-collision-for-industry-security-standard-sha-1, last visited on 24 March 2017.
[34]See SWGDE"Collection of Digital ad Multimedia Evidence Myths vs Facts", issued on February 21, 2017, https://www. swgde. org/documents/Current%2 0Documents/SWGDE%20Collection%200of%20Digital%20and%20MuItinmedia%20Evidence%20Myths%20vs%20Facts, last visited on 25 March 2017.
[35]Vanstone等人将电子数据的完整性定义为“自数据被有权主体制造、传输、存储之时起,不存在以任何未经授权的方式对该数据进行的更改。” See A. Menezes,et al,Handbook of Applied Cryptography,CPC Press,1997,3-4.
[36] Chet Hosmer,"Proving the Integrity of Digital Evidence with Time",1 International Journal of Digital Evidence 1,5(2002).
[37]See SWGDE"Recommended Guidelines for Validating Testing", issued September 5, 2014, https://www. swgde. org/documents/Curent%20Documents/SWGDE%20Reccommended%20Guidelines%20for%20Validation%20Testing, last visited on 25 March 2017.
[38]例如《电子数据司法鉴定通用实施规范》明确将“可追溯原则”列为电子数据鉴定基本原则之一。
[39]House of Commons Science and Technology Committee, Forensic Science on Trial, http://www. publications. parliament. uk/pa/cm200405/cmselect/cmsctech/96/96i. pdf, last visited on 29 March 2017.
[2]See SWGDE and IOCE,"Digital Evidence:Standmads and Principles", https://archives.fbi. gov/archives/about-us/lab/forensic-science-communications/fsc/apri12000/swgde. htm, last visited on 28 Februay 2017.
[3]See European Informatics Data Exchange Framework for Courts and Evidence, http://cordis. europa. eu/project/rcn/185514_en. html, last visited on 31 March 2017.
[4]参见吉林省靖宇县人民法院(2015)靖刑初字第73号刑事判决书。
[5]参见江苏省徐州市云龙区人民法院(2016)苏0303刑初第211号刑事判决书。
[6]参见四川省武胜县人民法院(2016)川1622刑初第107号刑事判决书。
[7]Eoghan Casey, Digital Evidence and Computer Crime, 3rd ed.,Elsevier,2011,p. 15.
[8]参见闵春雷:《严格证明与自由证明新探》,《中外法学》2010年第5期,第684-697页。
[9]See Eoghan Casey,supra note[7],p. 25.
[10]David E. Pozen,"The Mosaic Theory,National Security,and the Freedom of Information Act",115 The Yale Law Journal 628(2005).
[11]United States v. Jones, 132 S. Ct. 945(2012).
[12]关于该案的分析,参见初殿清《镶嵌论视野下车载GPS证据的可采性》,《政法论坛》2013年第3期,第164-165页。
[13]有学者在研究过程中直接将“众包”和“人肉搜索”这两个概念等同起来。See LernnonY. C. Chang and Andy K. H.Leung,"An Introduction to Cyber Crowdsourcing(Human Flesh Searching)in the Greater China Region",in Russell G. Smith, et al(eds.),Cybercrime Risks and Respornses:Ea.stern and Western Perspectives, Palgrave, 2015, pp. 240-252.
[14]Wei Li, et al(eds.), Crowdsourcing:Cloud-Based Software Developmernt, Springer, 2015, pp. 30-37.
[15]裴炜:《个人信息大数据与刑事正当程序的冲突及其调和》,《法学研究》2018年第2期,第49页。
[16] See Walter L. Perry, et al, Predictive Policing:The Role of Crime Forecasting in Lauw Enforcement Operations, RAND Corporation2013,pp. xiv-xvii.
[17]这里涉及到《刑事诉讼法》与《监察法》的衔接问题,以及在此基础上对于监察人员资格、行为效力等方面的论证。鉴于当前规定本身尚未明晰,同时《监察法》中涉及刑事案件调查的部分,在规则上与《刑事诉讼法》大致重合,本文在此做简化处理。
[18]参见谢登科:《论行政执法证据在刑事诉讼中的使用——基于典型案例的实证分析》,《华东政法大学学报》2016年第4期,第147-159页;万尚庆《论行政执法证据在刑事诉讼中的使用》,《法学杂志》2015年第5期,第111-119页;顾永忠:《行政执法证据“在刑事诉讼中可以作为证据使用”解析》,《法律适用》2014年第3期,第11-15页。
[19]相关讨论参见前引[18],顾永忠文,第11-15页。
[20]关于言词类证据可否转化的讨论,参见郎胜主编《<中华人民共和国刑事诉讼法>修改与适用》,新华出版社2012年版,第119-120页。
[21]See SWGDE&IOCE, supra note(2).
[22]粟湘、郑建明、吴沛《信息生命周期管理研究》,《情报科学》2006年第5期,第691页。
[23]2009年存储网络产业联盟(Storage Networking Industry Association,简称SNIA)更新了信息生命周期管理的定义并推出了相对成熟的管理模型。See SNIA,"The Information Lifecycle Management:Matturity Model",http://www. snia. org/sites/default/files/SNIA-DMF-_ILM-_Maturity_Model_20090921-Final. pdf, last visited on 21 March 2017.
[24] Gaily M. Hodge"Best Practice for Digital Rrchiving:An Information Liife Cycle Approach", D-Lib Management, 2000:6(1), http://www. dlib. org/dlib/january00/01hodge. html, last visited on 21 March 2017.
[25] See MDEC,"Digital Evidence Guide for First Responders", issued in May 2015, http://www. iacpcy bercenter. org/wp-content/uploads/2015/04/digitalevidence-booklet-051215. pdf, last visited on 21 March 2017.
[26]See NIJ"Electronic Crime Scene Investigation:A Guide for First Responders", 2nd ed., issued in 2001, htttps://www. ncjrs. gov/pdffilesl/nij/219941. pdf, last visited on 21 March 2017.
[27]See US Department of Homeland Security"Best Practices for Seizing Electronic Evidence:A Pocket Guide for First Responders",http://www. crime-scene-investigator. net/SeizingElectronicEvidence. pdf,last visited on 22 March 2017.
[28]See Directive(EU)2016/1148 of the European Parliament and of the Council, adopted on July 6, 2016, http://eurlex. europa. eu/legal-content/EN/TXT/? uri=uriserv:OJ. L_. 2016. 194. 01. 0001. 01. ENG&toc=OJ:L:2016:194:TOC, last visited on 22 March 2017.
[29]See CESG(now a part of the NCSC), et al."10 Steps:Incident Management",issued on January 16,2015,https://www. gov. uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11,last visited on22 March 2017.
[30] See SWGDE&IOCE, supra note(2).
[31]See ACPO,"Good Practice Guide for Digital Evidence", issued in March 2012, http://www. digital-detective. net/digital-forensics-documents/ACPO_Good Practice Guide_for_Digital Evidence_v5. pdf, last visited on 22 March 2017.
[32]See P. Newsom,"Keeping a Chain of Custody for Digital Evidence", issued on December 31, 2005, http://www. pimall. com/nais/nl/n. keepingachain. html, last visited on 22 March 2017.
[33]例如MD5算法在2012年就已经被成功破解,2017年位于荷兰阿姆斯特丹的国家数学和计算机科学研究所(Centrum Wiskunde&Informatica, CWI)更是与谷歌联合宣布其实现了对SHA-1的成功碰撞。See"CWI and Google Announce First Collision for Industry Security Standard SHA-1", https://www. cwi. nl/news/2017/cwi-and-google-announce-first-collision-for-industry-security-standard-sha-1, last visited on 24 March 2017.
[34]See SWGDE"Collection of Digital ad Multimedia Evidence Myths vs Facts", issued on February 21, 2017, https://www. swgde. org/documents/Current%2 0Documents/SWGDE%20Collection%200of%20Digital%20and%20MuItinmedia%20Evidence%20Myths%20vs%20Facts, last visited on 25 March 2017.
[35]Vanstone等人将电子数据的完整性定义为“自数据被有权主体制造、传输、存储之时起,不存在以任何未经授权的方式对该数据进行的更改。” See A. Menezes,et al,Handbook of Applied Cryptography,CPC Press,1997,3-4.
[36] Chet Hosmer,"Proving the Integrity of Digital Evidence with Time",1 International Journal of Digital Evidence 1,5(2002).
[37]See SWGDE"Recommended Guidelines for Validating Testing", issued September 5, 2014, https://www. swgde. org/documents/Curent%20Documents/SWGDE%20Reccommended%20Guidelines%20for%20Validation%20Testing, last visited on 25 March 2017.
[38]例如《电子数据司法鉴定通用实施规范》明确将“可追溯原则”列为电子数据鉴定基本原则之一。
[39]House of Commons Science and Technology Committee, Forensic Science on Trial, http://www. publications. parliament. uk/pa/cm200405/cmselect/cmsctech/96/96i. pdf, last visited on 29 March 2017.