Since the International Criminal Court (ICC) was established in 1998, the way potentially relevant evidence in international criminal law is created, communicated, and shared has changed dramatically. Authenticating new forms of digital evidence is a significant challenge that the ICC is not yet prepared to handle. Digital content generated from conflicts like the war in Ukraine, called “the most documented war” and the flood of disinformation from Gaza and Israel presents a staggering new challenge for international criminal investigators.

While there has not yet been a case in front of the ICC where digital evidence played a prominent role, the Court has demonstrated its willingness to admit and evaluate digital evidence in cases like Al-Mahdi and Al-Werfalli, where arrest warrants were issued based on social media content. Further, new tools like the ICC Office of the Prosecutor’s OTPLink offer anyone the chance to anonymously share information on alleged war crimes, crimes against humanity, genocide and aggression directly with investigators. Digital content including social media posts, mobile phone data, digital videos, photos, audio, satellite and geospatial imagery related to armed conflicts is clearly poised to take center stage in the investigation and prosecution of the world’s worst crimes.

Authentic problems in a digital world

While new technologies and new investigative methods hold great promise for improving avenues for international justice in many ways, authenticating digital evidence is a major challenge. Authentication ensures digital information is what it purports to be—in other words, it has not been altered, manipulated or forged. Authentication is important, as digital evidence is more susceptible to compromise, forgery, manipulation, and deletion than traditional physical, documentary, or testimonial evidence. Unlike other forms of evidence, there is no analog reference for most forms of digital evidence. In addition, social media’s amplification of disinformation in international conflicts has increased the ‘fog of war’, running the risk of entrenching potentially misleading or false information in eyewitnesses, investigators, and judges. Renewed public attention on the potential impacts of generative AI has also led to serious confusion over the authenticity of conflict content. It’s not a stretch to say it’s never been more difficult to distinguish what’s real or fake in modern conflicts.

Despite these challenges, the ICC’s has not changed its authenticity procedures for at least a decade. As I discuss at length in my 2022 article, the ICC requires parties to authenticate digital files using a cryptographic hashing algorithm called MD5 that generates digital signatures. MD5 has been internationally recognized as provably insecure since at least 2004, putting evidence needlessly at risk.

Digital signatures authenticate information by generating a ‘fingerprint’ or hash function that uniquely represents some digital piece of information. However, just like other forms of cryptography, digital signature algorithms can become obsolete and insecure, as cybersecurity researchers and adversaries discover new vulnerabilities and break the cryptography. While once widely used, MD5 fails one of the basic requirements of any cryptographic hash function—that it should be computationally impossible to find two distinct files with the same hash value. This phenomenon, where multiple files have matching hash functions, is known as collision.

In 2012, the collision vulnerabilities in MD5 were exploited on a massive scale with malware called Flame, widely believed to be an Iranian state-sponsored attack on its own people, infecting networks in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt, allowing hackers to record audio, take screenshots, control keystrokes, and open sensitive files. Flame’s attack on MD5’s weak cryptography renewed pleas from researchers to stop using MD5 for authenticating digital signatures for any purpose. The ICC’s failure to update its broken cryptography is akin to putting a broken lock on gates to evidence of the world’s worst crimes. Today, cybersecurity best practice encourages organizations to support a suite of secure digital signatures hashing algorithms and to create policies and procedures to achieve cryptographic agility, or the ability to gracefully retire deprecated algorithms and integrate more secure versions when needed without compromising the interoperability of devices or information systems. Working towards cryptographic agility will be increasingly important and challenging in the coming decades, as future capabilities of quantum computing may threaten the underlying security of many forms of cryptography used today.

More than two decades after the ICC was formed, the Court’s evidentiary procedures and judicial review process are ill-equipped for the coming changes that digital evidence presents.  Modernizing authentication procedures and to take steps towards achieving cryptographic agility will increase the ICC’s credibility and capacity to handle future cases in which digital evidence is guaranteed to play a central role.

Share