Berkeley Protocol on Digital Open Source Investigations
Matthew Renshaw and Lauren Chaplin discuss the Berkeley Protocol on Digital Open Source Investigations, which provides guidelines for using open-source intelligence (OSINT) in criminal and human rights investigations, and consider how law firms should adapt to OSINT’s potential. Businessman looking at a tablet
Posted on 22 December 2020
A picture is worth a thousand words, a video even more – but how many of them are admissible in a courtroom? Potentially all of them, if the recommendations of the newly released Berkeley Protocol on Digital Open Source Investigations (the ‘Protocol’) are followed.
Launched at a virtual event on 1 December 2020, and published in all the languages of the UN, the Protocol contains the ‘first global guidelines for using publicly available information online – including photos, videos and other content posted to social media sites – as evidence in international criminal and human rights investigations'.
The culmination of three years of collaboration between the U.N Human Rights Office and Berkeley Law’s Human Rights Centre (‘HRC’), the Protocol addresses the proliferation of public information in the Internet age, and recognises the critical role it can play in evidencing war crimes and other human rights violations. Named ‘OSINT’ (an abbreviation of ‘open-source intelligence’), this encompasses all data gathered from overt, publicly available sources, including material found only on the deep web.
Mindful of the pace of technological development, the Protocol avoids prescriptive, tool-specific rules, and instead proffers a legal, ethical, methodological and security-based framework for those carrying out open-source investigations. It has been described by Alexa Koenig, director of the HRC, as ‘a living document that will help strengthen war crimes investigations using 21st century methods, with the goal of improving justice and accountability worldwide.’ At its core are five principles:
- Accountability: Records of investigations and materials must be kept, and documentation must be clear.
- Competency: Investigators must ‘have proper training and technical skills’.
- Objectivity: Researchers must be aware of their inherent bias, and take steps to mitigate this.
- Legality: Applicable laws, including data protection and privacy rights, must be complied with.
- Security Awareness: Those ‘conducting investigations online should have basic operational security awareness to ensure that they minimise their digital trail and are aware of the potential risks.’
The Protocol is the third framework of its kind, having been preceded by the Minnesota (1991; updated in 2016) and Istanbul (1999; updated in 2004) Protocols, which respectively addressed standards for investigating suspicious deaths, and for recognising and documenting torture.
However, whilst international best practice guidelines have been absent until now, various OSINT initiatives pre-date the Protocol, and will continue to evolve under its tutelage. For example, news platform Bellingcat relies on OSINT for its stories, which centre on politics and conflict, whilst Forensic Architecture, which is run out of Goldsmiths University, London and linked to the Technology Advisory Board of the International Criminal Court (‘ICC’), uses open-source data drawn from media-rich environments to map human rights violations. Its investigations have been presented to national and international legislatures and courtrooms, up to the UN level.
NGOs are also pioneering OSINT projects and will benefit from the clear guidance of the Protocol. In 2016 Amnesty International launched Amnesty Decoders, an inventive platform which allows volunteers to engage in ‘microtasks’, such as reviewing satellite images of buildings in Raqqa, Syria, and recording when they were damaged or destroyed. This data was later used to map civilian casualties killed by the US-led coalition. The platform is supported by Amnesty’s Digital Verification Corps, who are trained in OSINT methods such as reverse image searches, geolocation, and shadow analysis.
Amnesty International also convened an OSINT project looking at oil spill incidents in the Niger Delta between 2011-2017. Whilst the organisation is no stranger to researching environmental violations, having submitted credible evidence to the Bodo community’s legal action, brought by Leigh Day, the NGO’s expertise, used in concert with thousands of hours given by volunteers to review OSINT, raises exciting possibilities for future evidence gathering.
Additionally, the corroborative power of open-source data has been utilised effectively in war crimes trials. At the launch of the Protocol, the United Nations High Commissioner for Human Rights, Michelle Bachelet, gestured towards the role of OSINT in The Gambia v Myanmar (often referred to as the ‘Rohingya genocide case’), where ‘satellite imagery’ has been used ‘to corroborate the accounts of victims’. The case is currently being tried before the International Court of Justice.
Social media footage was pivotal too in the the case of Mahmoud al-Werfalli, a Libyan warlord whose case is pending before the ICC. His arrest warrant was issued shortly after videos ‘documenting his role in the killing of 33 people surfaced online’.
At the national level, co-operation between WITNESS, TRIAL International and eyeWitness to Atrocities – a mobile application which authenticates documentary footage of mass atrocity crimes and stores it on a secure server - allowed for the verification of videos and photographs used to convict two high-ranking Congolese commanders for crimes against humanity, on Friday 21 September 2018. OSINT can also be credited for securing convictions of ISIL members in various countries, including Finland and Germany.
The launch of the Protocol raises the question of how law firms should adapt to OSINT’s potential as excavator of rights-based violations, and a corroborator of traditional testimonies. In recent years, discussion of the relationship between technology and the law has largely focused on the streamlining and automation of processes such as document review and contract production.
AI-assisted outsourcing is often presented as a threat to traditional income streams of law firms, with legal professionals advised to provide increasingly personalised client services to counterbalance this. Yet this framing ignores the need to equip today’s lawyers with a technical skill set spanning internet literacy, technical analysis, coding, and security, so that open-source research can be combined with legal analysis in pursuit of the protection of human rights.