Cyberspace, Surveillance and Law: a legal informatics perspective

Cyberspace, Surveillance and Law: a legal informatics perspective

Filippo Novario [1]

Cite as: Novario, F., ' Cyberspace, Surveillance and Law: a legal informatics perspective', European Journal of Law and Technology, Vol. 4, No. 2, 2013

Keywords: Cyberspace, Surveillance, Fundamental rights, Data collection, Data processing, Security


Nowadays, cyberspace is where a large amount of our social life takes place. Its social impact involves the necessity of surveillance, just as much as it is needed in what can be defined as the 'real' world. Surveillance techniques are made up of network monitoring through software that allow the acquisition and analysis of digital elements. These tools can allow a clear vision of the electronic communications that have crossed the cyberspace. These software allow the observation of contents in real time and the storage of data in databases for its examination afterwards. Data is bound to its properties and related information and can be a target for digital forensic acquisition using computer forensic techniques - the discipline for the acquisition, custody and analysis of data for judiciary purposes - so that it can be used as evidence in court.

The impact of this type of technology on cyberspace monitoring is significant. Whoever organizes surveillance activities has all the data from the whole of cyberspace at his disposal, together with their properties, in a database that can be queried and exploited for its filing properties. The impact on web users is also considerable and full of problematic issues. The influence of these technologies on the delicate equilibrium between surveillance needs and fundamental human rights is unavoidably high, particularly regarding online privacy rights. The problematic issues can be analyzed and resolved using legal informatics solutions aimed at balancing technique and law in a way that does not pervert one of the two in favor of the other. The issue must be faced based on the rule of technical experience that 'it's not the software that can be legal or not, it's all about how it's used'. It is a rule that says that these kinds of software cannot and must not be put under accusation: They are developed for a precise purpose that they perfectly fulfill. The technical configuration, influenced by the user's will and purposes, could instead be a topic for discussion. As with any software, these tools also have to be installed and configured, according to the user's needs, in this specific case the police force's needs. The fact that even only some cyberspace areas can be monitored requires decisions that fall into in the technical-juridical field and that have to be taken before the tool's installation. This decision-making moment is the real fulcrum of the informatics law issue: How can cyberspace surveillance be organized so that it can be effective for the police authorities, yet at the same time protect users? The solution to this problem lies in legal informatics: Best Practices need to be developed, with juridical techniques regarding the selection of the best option, transparency and ethics of cyberspace surveillance activities.

1. Cyberspace: Technical fundamentals and juridical impacts

Cyberspace [2] can today be seen as a conceptual space where a large amount of social life takes place. Online banking services, email exchanges, the use of social networks and the spread, albeit partial and arduous, of online culture are its emblems. Occupying a central position in social life, cyberspace - as highlighted by Giovanni Sartor - through the use of new technologies, has resulted in social mutations that have led to different uses of technology, generating new needs, new interests and, as a consequence, new conflicts that require legal protection [3]. The phenomenon refers particularly to digital crimes on the network which can be of many types - from data breaches to distributed denial of service (Ddos) attacks, from damage to reputations to altering or misusing system tools [4] - and have several implications - from harming single social subjects to national security [5]. Protection cannot be purely legal, due to the technical peculiarities of offenses mentioned above and the global method of connection. It also has to be a legal informatics solution, to bind the technical component with the social-legal requirements, through a more specific technical understanding of the target environment.

A technical-legal observation shows how cyberspace is just an agglomeration of computers connected to a network. Global digital space is based on a computer network, made out of parallel or hierarchical nodes, that allows computers all around the world to connect to each other [6]. Information technology networks are made up of computers that transfer their properties to the network [7], and therefore also into cyberspace since it is a digital space borne of the interconnection of computers. Though complex, the structure underpinning computers obeys three 'universal informatics laws' which, if broken, do not allow the technical outcome to be conceived as an informatics output. Digitalism, binary data encoding, Informatics Archive, data storage in memories and Data elaboration, the manipulation of data through algorithms [8]. These three elements are the essence of information technology and, therefore, of cyberspace, imbuing it with fundamental laws that can lead to illegitimate use of the Net. The limited, albeit multiple, ways in which unlawful acts can be performed online influence the protection available, which can be juridical, based on the concept of regulations and sanctions, or technical, rooted in digital technology. Of these, cyberspace surveillance, through software-hardware monitoring tools, leads to issues in legal informatics.

2. Cyberspace surveillance

The technical-informatics infrastructure underpinning cyberspace allows cyber surveillance techniques to be set up through high-performance hardware-software technologies. The Net's structure, which is rooted in multiple channels through which online content can be used [9], allows Net activity and users' cyber behavior to be monitored with the help of certain technical operations. Technical activities are carried out through the monitoring of servers, online content management computers and hubs, infrastructure that allows network traffic [10]. These operations allow the acquisition of technical information, traffic logs or the use of content in a way that activities that have taken place online can be associated to specific subjects and their behavior and digital habits can be reconstructed. This kind of surveillance also allows the geo-location of a user's computer, so that investigating operations can be carried out. Monitoring operating techniques are complex, just like the data obtained and its analysis. The latter is based on the comparative analysis of many and not readily interpretable traces left by technical activities performed by subjects, which are challenging even for high-level experts of this sector [11]. The technical impasse can also be seen as a protection for the user, since it limits the possibility of cyber control. It has been resolved by the latest software developments in the field of network surveillance.

The latest generation of network monitoring software, developed by sector-leading companies - such as Whitebox Security, IBM, AccessData, etc. [12] - aims to automatically process the raw data received from the network, for the purpose of simplifying surveillance activities, providing data which are intelligible and already linked to each other. Software, through network hardware monitoring, like servers or routers [13], allow the acquisition and analysis of digital elements that run through the Net, not only traffic log files, but also single digital packets. Tools, in particular, through automatic identification and processing of raw data, allow us to see 'unencrypted', in real time or later on, electronic communications, and their contents, that pass through, or have passed through, cyberspace. These tools can be used to retrieve communications - via Skype, VoIP, Social networks, email, etc. - or navigation in the internet. The ability to cross-examine raw data allows retrieved digital communications to be associated to their properties: Date, place, user, password, sender, receiver, etc. Retrieved data can be stored in ad hoc databases for the performance of specific queries through digital properties, allowing even lengthy periods of time to be monitored thanks to the automatic storage of data. These technologies can also be associated to Computer Forensics activities, in particular Network Forensics: A discipline that enables the acquisition, analysis and storage of evidence for judicial purposes without altering or manipulating it, so that it can be used as proof in court [14]. The opportunities given by leading tools in monitoring cyberspace can therefore become important, involving the need to properly assess their digital and social effects.

3. The Laplacian effects of the latest cyber surveillance techniques

The impact of the aforementioned surveillance activities can be relevant. Through the set-up of these tools on specific network hardware - servers, hubs and routers - it is possible to gain control and accurately examine digital occurrences in cyberspace. Processed raw data, through its digital properties, kept inalterable, allows the whole digital environment and the activities of users to be examined. The possibilities offered by informatics also allow the creation of statistics on usage, the study and supervision of digital habits and the immediate crystallization of digital evidence, as well as the production of log files from the monitoring tools themselves regarding the cross-examination of the originating network nodes [15]. Lastly, the digital aptitude of surveillance software brings out the essence of the archive at the base of informatics and networks, such as data crystallization in instruments that have digital properties. Digital surveillance therefore allow a global vision of the activities set up online, through the ability for specific analysis of the single digital movements of users, allowing an in vitro observation of the digital dynamics of cyberspace.

The technical-informatics aptitude of surveillance tools affects the general conception of cyberspace. In fact, from a conceptual space for personal interaction, for surveillance needs only, it becomes a closed connective digital environment, since its activities can be stored in databases and analyzed later on. The virtual environment is also based on universal informatics laws - Digitization, Informatics Archive and Data Processing - that, through algorithm analysis, set by users or by connectivity systems, allow a precise and digitally certain reconstruction of digital events. On the surveillance side, cyberspace can be reconsidered according to Pierre Simon La Place's vision as:

An intellect which at a certain moment would know all forces that set nature in motion, and all positions of all items of which nature is composed, if this intellect were also vast enough to submit these data to analysis, it would embrace in a single formula the movements of the greatest bodies of the universe and those of the tiniest atom; for such an intellect nothing would be uncertain and the future just like the past would be present before its eyes. [16]

In fact, just as for the Laplacian intellect, no act carried out in the network is uncertain for the cyberspace surveyor, as the present, past and, under certain aspects, through the constant application of algorithms, even the future, become evident.

4. Legal informatics issues: Security, fundamental rights and computer forensics

Whoever performs cyber surveillance using the aforementioned tools can access raw data, traffic data and transited digital packages from all of cyberspace, associated to their connected properties and immediately intelligible. They can also be acquired in forensic mode, stored in a database and consulted through archive functions even at a future date. The opportunities provided by monitoring tools influence users on the net and imply re-discussion of the balance between national security needs and fundamental rights. The need for an accurate and centralized surveillance of the web is a direct consequence of the distant, in terms of time, yet psychologically ever-present moments of the New York World Trade Center terrorist attack in 2001. The positions adopted by western governments - from the North American Patriot Act to the position taken by the other representative of the common security Foreign Policy of the European Union [17] - have veered towards stricter, preventive surveillance of critical infrastructure, for proper and effective national and international security, which sees the threat of cyber terrorism as an important danger [18]. Government needs are being increasingly shown up as insufficiently funded, ineffective and, when implemented using methods without safeguards, allowing improper use of the retrieved data. These abuses, when combined with the potential of the aforementioned tools, place surveillance personnel in a position of such power regarding information as to provide an opportunity for setting up preventative social control. Enough power to hand those governing the levers, and the survival itself, of the democratic principle and freedom of western nations. This potential cyber-social waywardness is borne out by the latest cyberspace control activities approved by the Russian Federation [19].

In terms of the European Union's founding legal principles, surveillance activities and their recent computer technology developments imply the balancing of two European Convention article for the protection of human rights and fundamental freedoms [20]. Article 5, which establishes the right of every person to freedom and security, explains the specific cases in which the former can suffer limitations. The article must be read in conjunction with article 15, representing the cornerstone principle through which the balancing of the aforementioned principles takes place: In the case of 'public danger', a State can take decisions that break with the Convention. The two articles allow the identification of the core guarantees of the relationship between the right to freedom and the right to security [21], allowing security to prevail over individual rights, but only in the face of 'public danger'. The principle is worthy and socially necessary, but its practical application may not be clear. In fact, when it manifests itself, public danger is often irreversible. This simple assumption grants, unequivocally, a license to pass surveillance acts, even invasive ones, in order to guard against the committing of unlawful acts of national or international significance. The issue must be applied to the digital context of cyberspace, through comparison with the context of the 'real' environment, in order to identify the peculiarities and differences.

5. 'Real' and 'digital' surveillance: Different environments for different attitudes

'Public dangers' can be actions which can lead to effects that damage fundamental rights, at an individual or national level. Once they have occurred, in most cases, these events cannot lead to the previous situation being restored. If they were to be identified as terrorist acts, their influence could reach across vast distances and a huge number of people, some of which may not even be involved [22]. The solution to risk is security, an element which, by compressing the right to freedom, allows attempts to be made to avert danger through the careful control of ordinary situations in order to foresee, where possible avert, unlawful activities of an extraordinary nature [23]. In the world that can be defined as 'real', security activities are the result of effective, yet uncertain, activities which attempt to eliminate society's problems without being able to identify or repair them with any certainty. On the other hand, in the world that can be defined as 'virtual', that is to say cyberspace, the aforementioned uncertainty disappears, in the face of the aforementioned technical activities, through a general understanding of the activities on the Net, which can be immediately punishable if unlawful, but which are always known. The cyber social problem, technically more complex than the same problem in the 'real' environment, can be resolved through legal informatics solutions.

Just as the balance between freedom and security is sought through legal components in the 'real' world, it must be sought through information system components in the 'virtual' world. The latter, in fact, exploiting the technical attributes of computing, manages to obtain, through software programs, information on the users of the net. The programs are the sensitive technical elements for achieving balance between the need of security and the freedom of users. It is easy, though this must not happen, to demonize the tools themselves as the fulcrum of the distorted attitude of modern digital security. It should be remembered that the software cannot, and must not, be considered lawful or unlawful per se, able or unable to offer protection: It is its use which determines this. The aforementioned network monitoring tools must not be stigmatized as being the source of the problem, but must be regarded as elements through whose technical characteristics it is possible to achieve an effective balance between the rights to security and freedom.

6. How to achieve a surveillance of cyberspace that is both effective and safeguarded: Policy and Best Practices

Software is the digital component that, fused with the hardware component, allows users to go from a given input to a given or determinable output. It is developed by programmers according to specifications provided by analysts who try to translate the needs of users along algorithmic schemas into digital, binary language. Programs are developed to address certain issues and, if correctly developed, achieve their objectives [24]. The algorithm technology underlying computer programs does not have a choice: Either it achieves its scope or it doesn't, revealing errors in its design [25]. All software must be installed and configured so that it can achieve its output. Just as the activity of software cannot be subjected to discussion regarding its lawfulness, the terms and objectives professed during the installation and configuration phases can provide the basis for an effective and consistent balance between security activities and the freedom of users. The cyberspace surveillance software must be installed and configured, directly or by the manufacturers of the software, by the surveillance personnel, presumably belonging to law enforcement or government bodies. The installation and configuration activities, which can lead to monitoring some portions of cyberspace and the manner of doing so, are precisely where legal informatics solutions must be implemented. They must necessarily be planned before the installation and configuration activities, which must represent and apply them in practice, a decisive moment which becomes the fulcrum of the informatics law issue.

The issue on how to implement efficient surveillance of cyberspace, for both the authorities and the users, can be managed by drafting clear informatics law policies. These must be conceived and developed, under both the technical and legal aspects, by issues concerning the surveillance of cyberspace, such that they may influence policies, the transparency and the ethics of the activity. Processing must build on the need for a practical attitude, which understands and uses, together, the technological level of the cyber surveillance tools and the essence of cyberspace, so as to allow the joint provision of user rights and the need for secrecy of surveillance operations. From a computer technology standpoint, the 3GPP, ANSI and ETSI organizations have already developed technical standards in the field of digital interceptions [26].These policies, however, are purely technical and imply a necessary regard for discipline, while taking into account the influence of informatics law and the needs of surveillance activities.

7. Legal informatics surveillance policy: Theorization and initial indications

Legal informatics policies must, following legal informatics analysis of technical issues, be centered mainly on the indications for the optimal configuration of the tools by the subjects under surveillance and the technical shortcomings of the tools developed by the software houses. Besides this, the overall attitude of cyberspace implies awareness without national boundaries, at least pan European, in the development of the aforementioned policies, which must be developed in a central and unified manner, to allow the provision of homogenous cyber surveillance techniques within the member states. The type of standardization, also in the face of the high technical level of the digital environment, its global standing and its continuous technical implementation, could be more effective if it took the form of soft law. Thus legal informatics prescriptions could, through technical solutions bound by choices made by governments, achieve a uniformity of protection for optimal performance of cyberspace security. Such balance would not damage the digital and legal essence of cyberspace, but would promote standardization and continuous development, through wide-ranging and effective solutions under a legal informatics aspect.

On the basis of the opportunities provided by new network monitoring tools and the legal attitudes of EU Community standardizations, it is possible to propose, as an indication, three legal informatics policies that are fundamental for cyberspace surveillance. First and foremost, to grant the users guarantees of proper cyber-monitoring activities, the opportunity to obtain proof of the procedures used, using forensic methods to freeze the log files of the monitoring tools for the surveillance activities decreed. Secondly, as far as the harmonization of the security law and the freedom of users are concerned, to allow the latter, upon closure of the investigation or the preventive digital surveillance activity, not only the access to the acquired data [27], but also to let them extract a copy of it and decide whether to permanently cancel it from the surveillance database. Finally, regarding the surveillance software improvement activity by the manufacturers, highlight the need for the tools, during the installation procedure and system configuration, to include options allowing which data and properties to be monitored by the software. Compliance with these three simple policies, in draft form and inevitably in need of detailing and technical substantiation, could allow a technically more effective and legally more sustainable Network management activity, according to the peculiarities and the legal informatics needs of cyberspace itself.

8. Conclusions

The need for security, the new monitoring technologies and the protection of users' rights are not alternatives or dichotomous elements in the surveillance of cyberspace. Through an approach oriented to a legal informatics and forensics culture, the legal-technical attitudes of the digital environment allow shared solutions, both technically effective and respectful of western legal principles. The development of legal informatics policies through the standardization of soft law can grant compulsory powers, at the same time granting the necessary time for the physiological technical innovation of an exponential type, leading to the definition of the balance between online security and the right to freedom. The care on the ability to configure the monitoring tools through legal lenses, in order to achieve both information technology and legal results, can plot a new course for cyber surveillance activities. Through the combined use of tools, legal principles and computer forensics activities it is, in fact, possible to grant safeguard, digital observation and performance characteristics to the activity of digital monitoring. Online security and freedom are not dichotomous concepts, but two sides of the same coin, whose two-way relationship, guaranteed by legal informatics technology policy, gives the human race one of the technological wonders of the 21st Century: The use of cyberspace.


Monographs, essays and articles:

R. Alcaro, La lotta al terrorismo dopo l'11 settembre (The fight against terrorism after September 11th), Rome, International Affairs Service of the Senate, 2005, available at

R. Borruso, S. Russo, C. Tiberi, L'informatica per il giurista (Information technology for lawyers), Milan, Giuffrè, 2009.

J. G. Brookshear, Informatica (Information Systems), Milan, Pearson, 2006.

I. Cameron, National Security and the European Convention on Human Rights, London, Kluwer, 2000.

E. Casey, Digital Evidence and Computer Crime, USA, Academic Press, 2012.

D. E. Comer, Internet e Reti di Calcolatori (Internet and Calculator Networks), Milan, Pearson, 2003.

T. H. Cormen, C. E. Leiserson, R. L. Rivest, C. Stein, Introduzione agli algoritmi e strutturre di dati (Introduction to algorithms), Milan, McGraw-Hill, 2007.

A. Crescentini, A. Sada, L. Giossi (edited by), Elogio della Sicurezza (A Euology to Security), Milan, Vita e pensiero, 2007.

S. Davidoff, J. Ham, Network Forensics: Tracking Hackers Through Cyberspace, USA, Pearson, 2012.

A. De Petris, Libertà informatica e sicurezza digitale: esigenze reali nel contesto virtuale (Information technology freedom and digital security: Real needs in a virtual context) , in E. Pföstl (edited by), 'Sicurezza e libertà fondamentali' (Security and fundamental freedoms), Rome, Apes, 2008, p. 171 ff.

R. E. Kostoris, R. Orlandi (edited by), Contrasto al terrorismo interno e internazionale (Contrasting internal and international terrorism), Turin, Giappichelli, 2006.

P. S. La Place, A Philosophical Essay on Probabilities, New York, Dover Publications, 1951.

G. O. Longo, Homo Technologicus, Rome, Meltemi, 2001

T. Maldonado, Reale e virtuale (Real and virtual), Feltrinelli, Milano 2007.

F. Novario, Computer Forenscis. Tra Giudizio e Business (Computer Forensics. For Judgements and Business), Turin, Libreria Cortina Torino, 2012

S. Rodotà, Il diritto di avere diritti (The right to have rights), Laterza, Roma-Bari 2012.

G. Sartor, Corso di informatica giuridica (Course of legal information technology), Turin, Giappichelli, 2008.

C. Sarzana di Sant'Ippolito, Informatica, internet e diritto penale (Information technology, internet and penal law), Milan, Giuffrè, 2010.

M. Strano, B. Neigre, P. Galdieri, Cyberterrorismo. L'impiego delle reti telematiche da parte del terrorismo internazionale (Cyberterrorism. The use of electronic networks by international terrorism) , Milan, Jackson, 2002.

G. Taddei Elmi, Abilità informatiche per il diritto (Information technology capabilities for the law), Milan, Giuffrè, 2006.

G. Ziccardi, Internet, sicurezza e libertà personali nell'epoca dell'emergenza terrorismo: alcune riflessioni (Internet, personal security and freedom in the age of terrorism emergency: Some considerations) , available at

Site links _16629.html (ok_from_duma_on_the_internet_black_list_16629.html)

[1] Filippo Novario is Coordinator of Computer Forensics and Law Lab, Città Studi Biella S.p.A., Computer Forensics and Law Advisor

[2] T. Maldonado, Reale e virtuale, Feltrinelli, Milano 2007, pp. 54 s.

[3] G. Sartor, Corso di informatica giuridica, Turin, Giappichelli, 2008, p. 12.

[4] C. Sarzana di Sant'Ippolito, Informatica, internet e diritto penale, Milan, Giuffrè, 2010, p. 67 ff.

[5] C. Sarzana di Sant'Ippolito, Informatica, internet e diritto penale, cit, p. 25 ff.

[6] J. G. Brookshear, Informatica, Milan, Pearson, 2006, p. 147 ff; G. Taddei Elmi, Abilità informatiche per il diritto, Milan, Giuffrè, 2006, p. 109 ff.

[7] G.O. Longo, Homo Technologicus, Rome, Meltemi, 2001, p. 142.

[8] F. Novario, Computer Forensics. Tra Giudizio e Business, Turin, Libreria Cortina Torino, p. 141 ff.

[9] G. O. Longo, Homo Technologicus, cit, p. 144.

[10] D. E. Comer, Internet e Reti di Calcolatori, Milan, Pearson, 2003, p. 15 ff.

[11] Davidoff, J. Ham, Network Forensics: Tracking Hackers Through Cyberspace, USA, Pearson, 2012, p. 23 ff. and p. 73 ff.

[13] D. E. Comer, Internet e Reti di Calcolatori , cit, p. 261 ff; J. G. Brookshear, Informatica, cit, p. 148.

[14] E. Casey, Digital Evidence and Computer Crime, USA, Academic Press, 2012, p. 3 ff.

[16] P. S. La Place, A Philosophical Essay on Probabilities, New York, Dover Publications, 1951, p.4.

[17] R. Alcaro (edited by), La lotta al terrorismo dopo l'11 settembre, Rome, International Affairs Service of the Senate, 2005, avaiable at

[18] M. Strano, B. Neigre, P. Galdieri, Cyberterrorismo. L'impiego delle reti telematiche da parte del terrorismo internazionale, Milan, Jackson, 2002.

[20] I. Cameron, National Security and the European Convention on Human Rights, London, Kluwer, 2000, p. 74 ff.

[21] G. Ziccardi, Internet, sicurezza e libertà personali nell'epoca dell'emergenza terrorismo: alcune riflessioni, available at; A. De Petris, Libertà informatica e sicurezza digitale: esigenze reali nel contesto virtuale, in E. Pföstl (edited by), "Sicurezza e libertà fondamentali", Rome, Apes, 2008, p. 171 ff.

[22] R. E. Kostoris, R. Orlandi (edited by), Contrasto al terrorismo interno e internazionale, Turin, Giappichelli, 2006, p. 77 ff.

[23] A. Crescentini, A. Sada, L. Giossi (edited by), Elogio della Sicurezza, Milan, Vita e pensiero, 2007, p. 7 ff.

[24] R. Borruso, S. Russo, C. Tiberi, L'informatica per il giurista, Milan, Giuffrè, 2009, p. 167 ff.

[25] T. H. Cormen, C. E. Leiserson, R. L. Rivest, C. Stein, Introduzione agli algoritmi e strutturre di dati, Milan, McGraw-Hill, p. 5 ff.

[27] S. Rodotà, Il diritto di avere diritti, Laterza, Roma-Bari 2012, pp. 304 s.