수사기관의 역외 전자데이터 수집‒국제법상 집행관할권 행사의 한계와 그에 대한 대응방안‒

In the past, State exercised its enforcement jurisdiction within its territory without any special problems. In particular, most of the criminal investigation, such as collecting evidence and arresting criminals, were carried out within the territory. In order to overcome the territorial limitation of enforcement jurisdiction, extradition and mutual legal assistance system have been developed. However, the development of information and communication technology makes it difficult to apply existing principles of jurisdiction to cyberspace. In particular, as cloud computing services become more common, cloud computing has led to what can be described as loss of location. Data stored in the cloud is divided into small pieces and distributed across multiple servers in multiple jurisdictions. Therefore, it is nearly not able to detect or identify the physical location of data. Law enforcement access to cloud data raises issue of jurisdiction, if the data is stored in another jurisdiction or it is uncertain in which jurisdiction the data is located. Where law enforcement unilaterally seeks to collect data stored in the cloud, it may be questionable whether such law enforcement access to transborder data constitutes an extraterritorial exercise of enforcement jurisdiction. If a state requires the execution of criminal investigations outside its territory, it needs to cooperate transnationally with the state where the data is located and request mutual legal assistance from that state. However, there is still a limitation in that mutual legal assistance process is complex and lengthy. It is not fully settled yet whether the prohibition of extraterritorial enforcement also applies to law enforcement access to transborder data or remote searches on computer networks located abroad. As such, in the absence of international legal framework on law enforcement access to transborder data, states rely on unilateral solutions, either legislatively or practically. In order to enhance legal stability and ensure individual freedom and human rights, it is necessary to clearly establish limitations of international law related to the scope of the exercise of enforcement jurisdiction. In order to find these international legal solutions, it is important to set the right direction for discussion based on the state practices and international debates. Based on comparative legal analysis of various implementations of international organizations and states, this study classifies the methods of law enforcement access to cloud data as direct and indirect collection. In reviewing and discussing international legal framework on law enforcement access to extraterritorial data, the following factors need to be considered. These include the location of data, consent of the person who has legal authority to access to data, nationality or location of the data subject or service provider, methods of data collection, the severity and urgency of the crime, and the possibility of conflict with data protection regulation. Ultimately, the issue of law enforcement access to extraterritorial data must be addressed at the international level through clear legal standards. This international legal effort will address the problem of legal uncertainty, dispel concerns of violation of state sovereignty and enable effective international cooperation in collecting digital evidence and fight against transnational cybercrime.