The Argentine Security Department approved a protocol on the investigation and collection of evidence on cybercrimes

The Argentine Security Department approved a General Protocol on the Investigation and Collection of Evidence on Cybercrimes for Members of the Police and Security Forces (the “Protocol”) through Resolution No. 234/2016. Its objective is to establish directives for the collection and treatment of evidence on cybercrimes in general, and for the crime of “grooming” stipulated under Section 131 of the Argentine Criminal Code in particular.

The Protocol is mandatory for all members of the Argentine Border Patrol, Naval Prefecture and the Federal and the Airport Security Police. By means of the Protocol, the Security Department undertook to provide training to members of these agencies.

In addition, the Security Department invited the Provinces and the City of Buenos Aires to adhere to the Protocol.  

The general principles established by the Protocol for police and security force intervention are: i) respect for victims of cybercrime, ii) safeguarding of their privacy and maintaining of confidentiality; and iii)  prioritizing of the welfare of any minors involved.

Furthermore, the document states the following specific rules: i) the collection, securing and transport of evidence must not modify the original evidence, ii) digital evidence must only be examined by qualified personnel, iii) all actions taken to collect, transport and store evidence must be documented in a way that can be examined later (chain of custody); and iv) for the prevention of cybercrimes, the police and security forces may use or request the use of the investigation techniques stipulated by the Codes and laws of the corresponding jurisdiction.

Moreover, the Protocol establishes directives to adapt the processes of reception of criminal complaints, search, seizure and extraction of evidence to the specific requirements of cybercrime. These directives emphasize the importance of conserving any evidence provided when a complaint is filed, technically preparation before conducting a search, seizing technological devices correctly, as well as packing, transporting and storing evidence properly. The Protocol also establishes that before working with original evidence a forensic copy must be made, and that  access to data possessed by Internet service providers requires prior judicial authorization.