IGF 2025 - Day 2 - Conference Hall - Open Forum #35 Addressing International Crimes Enabled by Cyber Operations

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> HARRIET MOYNIHAN: Good afternoon, everyone, both to those of you joining us here in the room, and those of you joining us online. Welcome to this session on addressing international crimes enabled by cyber operations.

I'm Harriet Moynihan. I'm head of accountability and international law at the Oxford institute of technology and justice at the school of government University of Oxford. I'm also an social fellow in the international law programme at Chatham House and I'm delighted to be moderating this session.

I'm going to be joined online by Chelsea Smethurst of Microsoft who's going to be helping with online moderation questions once we get into the Q&A.

Today we're going to look at how international criminal law within both national and international judicial settings can help strengthen global cybersecurity and address core international crimes which are committed through cyber means.

And of course by international crimes, we mean war crimes, genocide, aggression, and crimes against humanity.

And this session is going it highlight the forthcoming policy of the International Criminal Court on international crimes committed by cyber means. And that's a significant milestone in investigating and prosecuting such crimes at the international level.

This session is being hosted jointly by the International Criminal Court and by Microsoft, and I'm delighted to say both are represented here today.

In this panel we'll have the opportunity to explore some of the legal, operational, and technical challenges in this area from private sector and to the International Criminal Court on cyber enabled crimes.

And where I've been working we're conducting a research on this issue which seeks to complement the work of the International Criminal Court. And we're publishing a research paper that dives into the broader legal issues around this area. And that will be published in January. Excuse the shameless plug.

Today they'll look at the evolving cyber landscape. Challenges in the collection and attribution of evidence, the need for stronger multi-stakeholder cooperation in this area and how to strengthen it.

We're going to have a moderated panel discussion and then we're going to open it up to Q&A both from you here in the audience and those of you joining us online.

But before that, let me introduce our speakers.

We're joined online by two speakers, first of all Professor Marko Milanovic who amongst many other roles is the special adviser to the International Criminal Court, specifically to the Office of the Prosecutor on cyber-enabled crimes. Welcome, Marko.

Also joining us online we have Michael Karimian who's director of digital diplomacy at Microsoft.

And here in the room we have Kati Reitsak who is from the Republic of Estonia.

We have Chantal Joris who's senior legal officer at Article 19. And last but not least, we have Katitza Rodriguez, policy director of the Global Frontier Foundation.

I'd like to start by turning to Marko. Could you set the scene for us a bit by telling us a bit more about the Office of the Prosecutor's proposed policy in this area, how does it relate to the various initiatives that are going on worldwide in relation to cybercrimes, and what does it mean for the work of the International Criminal Court?

>> MARKO MILANOVIC: Thank you so much, Harriet, and allow me to welcome everyone both online and offline on behalf of the prosecutor and the ICC to this event that we have jointly organized together with Microsoft.

And thank you so much, Harriet, for moderating the panel and to everyone for participating in it.

So the basic messages is simple. The Office of the Prosecutor launched this effort to formulate a policy document which will be used both for its internal purposes, but also for communicating with the public which does several things.

It explains how the [?] of International Criminal Court can be applied to the commission or facilitation of international crimes by cyber means. That's the first thing it does.

It also explains how other than the core international crimes, also the offensives against the administration of justice which interfere with the working of the court as such can also be committed and facilitated by cyber means.

And then it goes on into various practical questions about the investigation, prosecution of these crimes, about the cooperation that the office needs to have with national authorities and the capacities that the office needs to build to essentially be able to investigate these offensives properly.

So that is the point of this policy. The policy has now finished the public consultation phase. We have received many comments from states, from Civil Society, including organization represented at this panel, from academics, from various other stakeholders which we will take on board.

And the policy will be revise and adopted by the Office of the Prosecutor and formally promulgated at the assembly of States Parties later this year.

That is the core idea of this policy. And the message that the Office of the Prosecutor essentially wants to send is that it is ready, it is prepared to prosecute those who use these technologies to commit international crimes.

Here it is really important to emphasize, as Harriet did in her introduction, that we're not talking here about normal, ordinary cybercrime like hacking, you know, unauthorized access to computer system, fraud, the dissemination of imagery of child sexual abuse and so on.

What we're talking about is genocide and war crimes, and AI for example can be used to facilitate attacks against civilians or the civilian population during an armed conflict, which is a war crime.

Online technologies can be used to disseminate humiliating imagery of prisoners of war which can also be a war crime depending on the intensity of the suffering that these individuals are exposed to.

Attacks against critical infrastructure, against airports, against air traffic control can qualify, for example, as murder, as a crime against humanity. Direct and public incitement to genocide can easily be committed by social media and so on.

So that's the core thing that the policy does. It really explains how cyber tools, including AI, can be used to commit these crimes.

It also emphasizes the facilitation aspect. So many of these crimes can be committed and most of them will be committed by traditional kinetic means, but cyber will be used to facilitate them. Everything from, you know, obtaining targets to, you know, conducting monetary transactions using cryptocurrency for example, in a way that facilitates the commission of these crimes.

And the office is, again, it is ready to prosecute these crimes, and that is the key signal that it wishes to send through this policy.

>> HARRIET MOYNIHAN: Thanks, Marko. It's encouraging to hear there's been strong feedback to the consultation. It's also great to hear that the policy will be out by the end of this year. So we're really looking forward to seeing that.

And I think it's also encouraging to hear that international law, in this case international criminal law, is capable of applying to new technologies. That it's resilient and flexible enough to be able to meet the demands of these technologies that are evolving incredibly fast.

And so as you say, Marko, there's a lesson there that the individual perpetrators can be caught by this, whether they be state actors or non-state actors.

Thank you for making the important distinction between ordinary cybercrime and cyber-enabled international crimes, which I'm sure we'll hear more about.

Katitza, if I turn to you now. I gather that your background is in prosecution of organized crime and now you're working on international crimes. It would be interesting to hear the extent to which the issues and the challenges you come across are the same or different, and also perhaps if you can talk about what makes a successful investigation when you're looking at these cross-border-type crimes.

>> KATI REITSAK: Thank you, Harriet. Thank you, everyone, for gathering here today in here and online.

So yeah, it's true, my main experience is more than ten years combating organized crime. And just recently I think maybe four or three years ago I moved on to deal with cases concerning international law and international crimes.

So, but there's so many similarities. If we are talking about core international crimes, there is very often a state actor at play. And if you are thinking about traditional organized crime, they often attempt to function as a state within a state.

It's like a parallel force. It maintains the hierarchy with clearly defined roles and assignments. Organized crime also collects and distributes finances as they see fit. Provides financial assistance to those who need. And enforces its own system of punishment, if someone were to break the rules.

So if we think in these concepts, we see that there are actually very many similarities between one of these states, like organized crime group, traditional one, or really legal state.

So we move -- we then have to assess both the [?] and the factor powers of these persons acting within these systems. And understand how these systems work kind of beneath the surface.

Also I have to say that in -- jurisdiction-wise in Estonia there're also very many similarities. For example, core international crimes, Estonia exercises universal jurisdiction over them. As they are considered as crimes that every state, every civilized state should be interested in prosecuting them.

And the cross-border element is also something that's similar to those too, because like organized crime, also crimes against humanity, they don't know any state borders. And they're not limited by it. They might seek profit all over.

So I think that what is -- what makes a successful investigation both in organized crime and in crime against -- and in international crimes is a judicial framework with your partners. You have to have a very good partnership with all the other state and state actors.

And if we are talking about criminal investigations, I think you all agree that information and evidence sharing is of the essence. And you have to trust the partner that you share your information and the evidence with. Because otherwise you might be putting danger your witnesses and your sources.

So personal contacts that have always been very helpful in combating organized crime which acts -- acts cross-border and I think in international crimes as well, we have to build those personal connections. Because sometimes time is of essence. Especially if we are talking about cyber-enabled international crimes. Just tackling like a network. It needs to be very, very, very swift.

And it is based on personal communication and personal sources.

So it all comes down to willingness of the partners to investigate and get some good results. And of course, as we go on, all the evidence is being very, very heavily contested in courts.

As you see already if you're looking at the media, you see that if there is a news clip already one of the parts of this clip might call it fake news. This is doctored. This is not true.

So in this digital area that we are living in, it's very difficult to know what is the truth, true truth, and what is the doctored.

And therefore, for investigators also it presents a challenge to preserve and collect evidence in a way that it will be fully admissible later on in the court of law.

As I mentioned these personal connections that we use to tackle organized crime with, they're also being formed as international level concerning international crimes. For example, I would just point out the Genocide Network at the moment. And do not be fooled by the name, it's not only limited to genocide, but the members of this network actually share the experiences of investigating both war crimes and crimes against humanity as well.

So I think I will stop here and thank you.

>> HARRIET MOYNIHAN: Thank you, Kati. And thank you for highlighting the importance of partnership and trust and cooperation and giving examples of some of the forums that exist at the moment to try and promote that. And you mentioned the Genocide Network and the great work that they to.

Michael, if I may turn now to you, thank you for joining us online.

The role of the private sector is very important in this space because as we're hearing, by their very nature, cyber-enabled crimes are likely to involve infrastructure that will traditionally be owned by the private sector. It might be social media companies, it might be cloud services, it might be computer networks.

And so it would be really interesting to hear from you about what role you see for the private sector in this space, perhaps particularly in relation to things like collecting evidence. Because obviously some platforms will hold evidence, how do prosecutors go about getting that evidence, they'll have to approach tech companies or have to go through states to do so.

So any thoughts you have on -- in general, but also in relation to evidence would be really interesting to hear.

Over to you.

>> MICHAEL KARIMIAN: Absolutely. And thank you, Harriet, not just for facilitating today's discussion, but also for the important work of yourself and colleagues at Chatham House and the research project that you're undertaking. Thank you to Marko and the office of the prosecutor in developing the policy. It's been a privilege to witness and support that work from the outset and I'm proud to be part of this discussion today.

Evidence in cyber-enabled crimes presents a number of technical, legal, and operational challenges. And I think Microsoft's experience could highlight several critical roles that the private sector can play in effectively addressing these challenges. Roles that are explicitly recognized in the ICC, OTP on cyber-enabled crimes and further supported in Chatham House's research.

First, rapid identification and reservation of digital evidence are crucial, just as Kati was touching upon. Cyber-enabled crimes can leave behind digital traces that are quite ephemeral, easily lost, deleted or altered and a number of companies have developed sophisticated processes of preservation of digital evidence.

For example at Microsoft, our digital crimes unit at DCU, routinely uses advanced threat intelligence, machine learning and sophisticated analytics to identify and preserve relevant evidence from cyber operations swiftly and accurately.

And these capabilities allow companies like Microsoft to secure time-sensitive digit evidence long before traditional law enforcement methods can respond. And that's a critical element which is highlighted in the OTP's draft policy as essential for successful prosecutions.

Second, in terms of attribution which is one of the most complex challenges in prosecuting cyber-enabled international crimes, we bring different qualities. Attribution requires the ability to track and correlate activity across different infrastructures and jurisdictions. Microsoft's global telemetry and network visibility which is detailed quite extensively in our annual digital defense report enables quite granular tracking of cyber actors. And this capability aligns with Chatham House's research for the need for robust partnerships to enhance prosecutorial evidence.

And again, the OTP's draft policy explicitly underscores the importance of such cooperation networks where you see emphasis on the value of private sector expertise in navigating jurisdictional complexity. And Microsoft we have firsthand experience with such cooperation, including partnerships like our recent collaboration with Europol where investigators are being embedded within the European subcrime centre.

Those types of partnerships help to streamline evidence sharing and overcome procedural hurdles which has been identified as Chatham House as a bottleneck in cyber-enabled crimes.

Finally, in terms of ensuring evidence visibility and [?] as we touched on, that requires private sector entities to follow rigorous standards in digital forensics and chain of cut of management. In Microsoft we have practically investing in evidence handing capabilities compliant with international legal standards, recognizing the emphasis of OTP and Chatham House place on this.

I think companies can help to build robust credible cases against perpetrators. Until I guess I'll end by saying that the private sector's role extends far beyond passive cooperation and instead it must really involve quite active partnership in evidence collection, attribution, international coordination, and procedural integrity. And Microsoft's experience seems to be relatively consistent with OTP's policy and Chatham House's comprehensive analysis. All of which demonstrates that strong public-private collaboration is advantageous, but also indispensable for effectively prosecuting cyber-enables international crimes.

>> HARRIET MOYNIHAN: Thanks, Michael. I think what comes out of your remarks there is the fact that the private sector are involved throughout the process from the very beginning of an investigation right through to evidence being submitted to court in a trial.

And it's also that word partnership coming out again, and thank you for the example you gave of the partnership with Europol.

I'd like to turn now to another sector, another actor, Civil Society, and to you, Katitza. You work for the electronic frontier foundation and it would be interesting to how you see the role of Civil Society here, how they can help and what the ICC should learn from Civil Society in this area.

>> KATITZA RODRIGUEZ: Thank you for the very kind invitation.

We are actually really glad to see the prosecutor's draft policy on cyber-enabled crimes, especially because it's explained how technology can be used to commit or facilitate crimes. It sticks to the [?] crimes rather than creating new types of crimes.

This is important because it help guard against the very pitfalls we have witnessed when a state has adopt overly broad cybercrime laws and having used at a domestic level to undermine human rights.

So we submit comments on the OTP policy consultation together with the [?] and we come up with a few recommendations. For time, I will just share a few ones. And I will focus on evidence in this case.

First, evidence in this context must last. We are talking about ten, 20, 30 years. Video recorded today might be courtroom ready like for a long period of time, even went years from now. One mobile phone clip can expose a [?] and be published [?] and algorithm can delete that proof forever.

Second, the [?] statute is crystal clear that every investigation must fulfill or respect international human rights law. Meaning that the court must -- the prosecutor and authorities must gather detailed proof and detailed areas under a framework of necessity, legality proportionality, and of course oversight mechanisms which are embedded in human rights law and standards.

And third, overly broad standards have jailed journalists and silenced dissidents.

We should assure not to rely on evidence gathered from such abuse of surveillance powers and [?] oppression and intentionally undermining its own cases.

It is time for everyone to work together to ensure justice can be delivered. And I think this is a good way of working holistically in these cases.

And why does it matter?

Because if the evidence disappears to be is tainted about -- by abuse of powers, the perpetrator goes free and the chain of custody is broken.

I'm thinking of the national archives, 80 million pieces of paper were discovered in a warehouse. Later, Coronavirus against humanity we had an interview with a data scientist analyst on the human rights view who told us that regime files having sent for the [?] and data analytic evidence in trials of former heads of the state in a couple of countries were herein defined partners in oppressions.

They were convicted of war crimes, crimes against humanity, disappearance and genocide. Without the record and [?] our work -- his work would have been immensely harder. The digital age has not changed that lesson, it's merely changed the evidence from dusty papers to bytes.

So they rely a lot on preservations with the courts for evidence.

For lack of time, I'll focus on just one topic, which is improper [?] to destroy evidence. But there are other topics we'd like to talk, about the retaliatory or joint investigations too.

But on the proper incentives to destroy evidence, we are concerned that sometimes routine platforms functions are threatened with criminal or civil liability and company will have -- and when this happens, companies try to comply, overcomply with the law to avoid fines, stiff fines. This creates an incentive for companies to [?] information content that can be used in litigation. That can be used -- can serve as evidence and in courts.

The result is that the very material prosecutors need in a case is wide. And possibly permanently destroyed before any court can see it.

So -- and this is a case study, we have concerns of this global concerns and own concerns about community standards, platform [?] conflict related materials on a huge scale. And the paper that we wrote a few years back where we recommend how you use new automatic [?] filter that was [?] channels and videos of human rights researchers and journalism recommending Syrian conflict.

So our recommendation to OTP is not only to [?] about free oppression, but also to ensure about the reason of destroying important evidence and that the [?] compelling companies for [?] destroying evidence that can be used in court.

And we ask that -- that much good can come from collaboration and one of the things that could be done, that the OTP should avoid is incentivizing these blanket takedown orders and instead, should encourage platforms in this case to honour public interest [?] so that content which is educational, documentation or worthy information remains -- remains online even if the graph -- even if it's graphic.

So that is some of our concerns. And there are a lot of [?] working with human [?] response and conflict documentations. We should collaborate with [?] because they may hold the evidence and there needs to ensure that for instance, like that's the word you may call it [?] that it's the command these cases and change of command and way of ensuring that the evidence don't get tainted and it still can serve in the court. It can be done with a preservation order who is relying on mass surveillance or abuse of surveillance powers that will end that not only -- that will end that also impacting human rights.

I will stop here because of the five minutes.

>> HARRIET MOYNIHAN: Thank you so much. You've really underlined the importance of Hahm man rights law which is good to here and the importance of Civil Society and preserving evidence which is difficult when these cases can take to long.

Now we have another voice here from Civil Society as well as Chantal, an international lawyer. I know you work for Article 19 on freedom of expression. It would be interesting to hear if you have any thoughts on how that fits into this place.

Also, if you have anything you want to pick up from Katitza and if there are potentially any things that the ICC needs to be bearing in mind when it's prosecuting these cases.

>> CHANTAL JORIS: Thanks. Thanks, everyone, for joining us right after lunchtime.

I want to agree with Katitza, it's a very important initiative together with many other human rights organizations. We have documented extensively the way in which digital rights violations, freedom of expression violations, exacerbate harms for communities impacted by the conflict or prosecution or situations, crimes against humanity, occupation, and so on.

So we -- we have Article 19 being -- calling systematically on accountability mechanisms, also international court of justice as it assesses genocide case. For example in South Africa against Israel, to consider also the role of the human rights violation, free expression violation, even if they may insert instances directly amount to genocide or one of the other substantive crimes on the [?] statute.

But they can play such an important contributing factor it be indirectly carrying out these more, perhaps, kinetic crimes, but also in contributing to culture of impunity, in conceding evidence, and in potentially, you know, prolonging the situation of conflict or prolonging the situation which these atrocities can take place. Good initiative.

It will also be an important contribution, you mentioned, this so many discussions about how international law can apply, does it have responses to these new technologies, evolving technologies. So it's also very important contribution to that general discussion, I think.

I think perhaps to -- three main comments. So we have also recommended that the policy and of course the ICC focus perhaps a bit more on direct impacts. Marko mentioned critical infrastructure and that should include also of course ICT infrastructure. For example, there are extent -- like there's such an increased use now of Internet and through various means, kinetic means, nonkinetic means that have extreme implications in conflict zones and other zones impacted by atrocity crimes.

And those should really also be considered more extensively what impact does it have on civilians as they rely increasingly on digital technologies as well.

Also what impact, you touched upon it, what certain forms of online harms have on journalist, human rights, and those communities specifically.

Very restrictive information environments that we of course often see in those settings that they are in -- that there are key stakeholders to bring the evidence to the prosecutor.

I want to mention, we talked about the role of the private entities, technology companies, and the policy does mention them as an important potential partner. It is a reality at some, you know, they often hold important evidence. They might be able to assist and cooperate in the prosecution and investigation of crimes.

The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address.

So I think that that sort of is a big challenge that we are facing given that we have tech giants that are essentially used by every institution and every [?] actor at the same time. That needs to be spelled out better, I think, in the policy.

And there needs to be a recognition that they don't only rely on them, but puts them on notice of legal risks that are involved with the proliferation of these services.

How to avoid unintended consequences, again, Katitza touched upon it, the responses to cybersecurity threats, cybercrimes, very often fall short of international human rights standards both in terms of the substantive offenses, but also in terms of how they're investigated.

So I think it's very important that there is a clear distinction between the OTP being active in investigating, prosecuting crimes under the Jerome statute but not extending too generous and extending authorities that could go beyond what is really codified by the Rome statute.

And as a last point, I think that just means that it's very important that any human rights consequences are really carefully considered. Are these true engagement, close engagement with Civil Society. We have this Article 21 Paragraph 3 in the Rome statute that says in terms of the substantive crimes, but also in terms of prosecutions human rights need to be considered.

There's much to learn as well from human rights bodies, taking the example of cyber torture, for example, has been quite extensively looked at under human rights standards.

I think those are aspects that also the ICC can learn from and also avoid -- we've talked about this yesterday, any fragmentation of how, for example, a torture concept in the cyber domain is understood as opposed to in the human rights.

>> HARRIET MOYNIHAN: Thank you. Thank you for mentioning the impact on civilians, journalist, and human rights defenders. It's quite easy to have these conversations in the abstract, but victims are and should be [?] to this. You mentioned conflicts of interest and thinking about how to manage those when partnerships are put together, which are very necessary.

I'd like to have a bit of a more relaxed conversation with the panel now just for a short time before I open it up to questions. While I'm doing so, please be thinking of questions that you might like to ask with those of you in the room and those of you online. I think there's a Zoom facility for raising questions. Do have them ready.

Marko, if I may come back to you, it's clear that what we heard there's all sorts of different ways in which cyber-enabled crime can be carried out. For example, a commander using I had phone to send a message to his troops continue to site genocide. But at other end, perhaps a massive cyberattack which uses malware. We've heard about mass surveillance. The ICC's resources finite.

Do you have a sense of which kind of cases might be prioritized? This is to all the panel, but Marko start with you. Some types of cases that would benefit from being prioritized here under the new policy.

>> MARKO MILANOVIC: It's an interesting question and it's one that I can't answer by referencing anything going on right now in terms of what the office is investigating.

I will say two things. First of all, even today, even the most traditional kind of kinetic crime cases will involve digital evidence. So both, you know, all of my predecessors talked about digital evidence as sort of being indispensable to modern investigations. And that's true.

So every kind of investigation, for example, we know was dwelt by the tribunals for Yugoslavia or Rwanda today would involve analysing people's phones, various kinds of cyber operations, digital records, so on.

So in that sense, every single ICC case will have a huge digital aspect.

Our policy, though, does not mainly deal with that. The whole question of digital evidence is so big that our policy only touches upon it. Our main focus is really on how can a person be held responsible for enabling an international crime by cyber means or by committing an international crime by cyber means.

If the question is what's the best first case, my idea would be start small. So Michael talked about attribution being a huge issue in many cyber operations. It will be really difficult to prosecute a case, a first case dealing with, you know, super sophisticated state actors who are very well versed in hiding their tracks. You don't necessarily need to start off that way.

You know, a good way to start would be, for example, Article 70 case. A case about the administration of justice, somebody hacks a court, which is actually happened a few years ago, you know, somebody falsifies evidence before the court uses AI to submit fake evidence to the court. Intimidates witnesses or prosecutors or judges by using online means.

Those are easier cases to deal with and you know, if it was up to me, you know, a first digital or cyber case would be something fairly modest rather than something enormous.

But I think that's a good way of testing various ability and capabilities. But it all depends on the facts. It may all depends on what the prosecutors have before them at any given time.

>> HARRIET MOYNIHAN: Thanks, Marko.

Starting small in this area, which is pretty new and cutting edge, and establishing a good precedent would be good. Opening up to others. What are your thoughts, Katitza.

>> KATITZA RODRIGUEZ: I'm not a prosecutor, but I'll defer that to the experts. An idea that I have that we've been discussing in my office is that investigative use of cross-border malware campaign that are targeted against ethnic groups and against the diaspora community that have induced actually for [?] repression, but we are wondering to what extent understand the scope and the impact of those campaigns against this particular group in order to see whether they may rise to the level of Rome statute crime or not.

They may or may not, but there's so much we don't know about the scope and the scale and the use of malware in this context. So I would try to learn more of those details.

And of course we may find as the policy seems to suggest, that some of these are facets of larger campaigns and persecutions that have both online and offline campaigns.

Tying to the submission when we were talking about cyber, we were saying it would be used to harm people, but in order to identify others from [?] they could be used to look [?] physical persecution, but so we do ambition and we hope that perhaps malware and other mechanisms would turn out to be part of the larger partner, again, we have online and offline elements.

It's not only about the data, but when it comes to attacks against ethnic groups that have led to death, disappearance, and repression.

>> HARRIET MOYNIHAN: And that relates to a question I had, obviously as I said the ICC's resources somewhat limited and the draft policy makes clear that the prosecutor's only going pursuit greatest cases.

And traditional cases that usually does mean death and serious injury. But in the cyber-enabled crimes context, do we need to think about gravity more broadly, differently?

Chantal, did you have any thoughts on that or anything Katitza has said or some of the points that Katitza herself was making?

>> CHANTAL JORIS: Perhaps I would agree with Marko, starting small is a good idea. Prosecuting crime against humanity and recognising the [?] elements and what are indications of a widespread attack on population for a crime against humanity and they're looking at questions around international [?] mass surveillance and so on.

Or looking at a war crime around impeding humanitarian assistance, looking at has this happened also to [?]

So it could be another way to just more emphasize that role in the commission of more ethnic attacks.

I think also what you mentioned around the assessment of harm, assessment of gravities is also very complicated as we have these more sort of connected, physical notions of harm.

I think at least -- I mean, there's so many on the one hand indirect consequences, again, shut down my kill someone because they can't communicate with the hospital or even further down the line they can be -- they can be psychological consequences. Other types of harms, but I also think we should not completely forget any sort of broader society impact, economic impacts. They might not fit under the crimes of the Rome statute, but I do think they need to be considered as well and the ICC should be cognizant of those broader effects of what a mass surveillance campaign can produce within a population and consider those as well.

>> HARRIET MOYNIHAN: Thank you.

Kati, as a prosecutor I can't resist asking you what would be your sort of first kind of case? What would you be -- think would be some of the -- I suppose there's no such thing as an easy case, but perhaps one of the priority cases in this area. Did you have a sense for that?

>> KATI REITSAK: Yeah, I think first as a national prosecutor, what I would -- if I were a national judge, I would really like the ICC to show us the way, whether a war crime or crime against humanity. Because these would give us, kind of -- the ICC, the more broader possibility to say the essence of this new terminology that's being used. Like cyber-enabled and how will it start fitting in ICC's work.

And I also want to say that I think the national courts can look up to ICC as a kind of beacon leading the way and being, maybe, encouraged by the ICC's very systematic approach to cyber-enabled international crimes.

If we're talking of course preferably I would not have any cases with war crimes or crimes against humanity. But in Estonia you would have to take into account the very, very strict in abstentia rules. So I think this is also -- and [?] of course on the state of the rules, but for example, in Estonia, you cannot indite anyone and the person has been present to see the charges and has time to get acquainted with the material, the criminal investigation. And then maybe later on in trial stage in this person leaves, then we can kind of carry on without him or her.

But again, the rules in national courts are even sometimes a bit more stricter than international courts. I would choose a case where I with have suspect, like present. So this is something that I would choose.

Also war crime and a crime against humanity, maybe war crime episode could be more individual. You don't have to have that many aspect -- it doesn't have to be very large scale. If we're talking about genocide, I think that the burden of proof there is much -- much more higher and much more difficult to obtain, for example, than if we're talking it war crimes or crimes against humanity.

It should be smaller steps, but still significant enough to lead the way.

>> HARRIET MOYNIHAN: Thank you, Kati, for thinking about some of the practical and procedural cases that come up. You mentioned about having the jurisdiction obviously in the cyber contexts if these are carried out remotely. That's thinking about a cyberattack. And that can be one of the problems that the suspect refuses to expedite. I can see why you'd like that as a starting point.

Michael, I've been leaving you a long time, thank you for being patient. I had a question for you, it's for all the panel, but to you to start with. Which is really to think about the ICC's policy more broadly. What are the wider benefits? Do we think there are wider benefits? Do you think states will embrace this?

We have heard from Kati that this policy could lead the way, and I think it is ground breaking and significant. You to see it as having impact beyond just the ICC?

>> MICHAEL KARIMIAN: So in had brief answer, yes, Harriet. Firstly I'll just maybe tend to the other questions you were posing to the panel. So in terms of prioritizing cases, absolutely a long term view is essential and the policy has been released we've received dozens of cases in front of the court. But perhaps not so likely up to the option of the prosecutor to decide which cases to prioritize. But one way to think about it would be cases that involve widespread harm, critical infrastructure, Chantal mentioned. But also critical services such as health care, humanitarian organizations or essential utilities.

You know, those are sectors we already see being highly targeted by threat actors anywhere. And there were to reasons for why I think it's beneficial to focus on such cases. One is that these attacks pose substantial risks to human life and well-being. Even if their immediate physical harm might not seem as direct as traditional kinetic violence.

And prioritize on such cases sends a clear international signal about the unacceptable nature that such cyber operations pose when they endanger civilian populations.

And briefly Harriet, on the question of gravity, most traditional definitions focus on physical violence and district casualties. But of course cyber-enabled crimes can lead to severe, widespread, and prolonged disruptions of essential services as well as economic damage and psychological impacts.

I think we should consider how assessments can incorporate not just immediate physical home, but the scale, scope, and duration of those indirect humanitarian consequences that cyber-enabled crimes can cause. That's something we need to expand upon further.

In terms of that question that you mentioned to Harriet, white benefits of ICC's involvement, I'm optimistic that states will embrace the ICC's initiative or cyber-enabled crimes. Because these effect everyone, they transcend borders. However, there will be challenges around sovereignty and jurisdiction.

But despite this, the ICC's involvement can enhance the legitimacy of international efforts to hold cybercriminals accountable and set legal standards and precedence elsewhere.

I think the ICC's focus can simulate more robust national action. Estonia leads the way and we would like to see more countries taking such action. Perhaps we will see that.

Of course other benefits we see might include better cross-border cooperation and encouraging public-private partnerships. All of which I think would ultimately contribute to greater cybersecurity resilience.

>> HARRIET MOYNIHAN: Thank you, Michael for addressing all of those points. I'm thinking through a bit how this policy could have wider benefits.

I'd like to hear from you as well, we start with you, Katitza, about the policy leading the way and having wider impact.

>> KATITZA RODRIGUEZ: I agree with the prosecutor about specific case leading the way. But I want to build up on the last speaker's comments. I think it's clear that every year that computer systems are used in various wise. Like masculines or all kind of [?] under the Rome statute. And I think there will be many, many more cases as technology advance and the prosecutors and that will need time to start investigating those cases.

But at some point, I think when I was reviewing the draft policy, the OTP mentioned various attacks against civilian, including civilian ITC systems and civilian data could be war crimes even without causing tangible physical injury.

We think that this is useful because -- because of just how important the ICT systems are in people's lives. It's not just a hobby, [?] and it's also about organizing themselves when there's a bomb coming and we need to leave the area, maybe we need that make communication to be able to, you know, go to safe place. And being cut off from that is just problematic.

So cyberattacks can [?] communications structure but also against data and things that we'll not allow people to get health information or, you know, information that is crucial to get timing would be really problematic. And that may lead to personal injury but not directly and I think equally important.

>> HARRIET MOYNIHAN: Thank you. Kati and Chantal, I'd be interesting on your thoughts on this, the question about whether states would be interested in this policy, whether they will be leading the way. But there have been some states, I should say, that have prosecuted war crimes which involve cyber means. So for example, fighters in Syria who have been filming pictures of dead bodies or maimed body and putting them online, maybe prosecuted in France and the Netherlands. I think Norway as well actually.

So it will be interesting to hear your thoughts as a state prosecutor.

>> KATI REITSAK: Thank you. As Katitza pointed out that our societies are changing and the values that we kind of tend to take for granted with all this information technology systems, they're totally different than, for example, ten or 20 years ago.

If you think of the judiciary system in many countries, people who work in judiciary, they're, for example, judges, this is a position for life. It means that we might have in the judiciary system very many people who are not, like -- they don't feel comfortable with dealing with this digital era that has dawned upon us, right?

So more and more we have to rely on technical expertise as well. So I think that it's probably same in every country that there always will be people who are willing and wanting to learn and to develop their knowledge. And I think that we should be -- and we will -- should help them and assist them.

And of course private sector's assistance, the trainings, the investigators have to be trained. So from like very practical viewpoint, as you pointed out, yes, there are videos, there is -- it's not that complicated to see whether it's authentic and what's the metadata behind this video or a photograph.

But still, as they are going more complex and complex and as you pointed out these foreign actors might be cross-border, we will never see them. And we will have to tell and explain to the court how exactly a very, very is he 50 indicated digital attack has been committed.

It definitely needs high-level expertise from outside of the investigative authorities.

Just on that point, I would like to point out that, for example, in Estonia, we have a cybercrimes unit in our central criminal police, right. But international crime is being investigated by security service. These are two totally different authorities with totally different kind of not background, but their data and their intelligence and their focus is on different things.

Therefore, if we're talking about very successful investigations, we also have to see that siloing your data and information between investigative authorities is not an answer that you have to also cooperate and exchange the knowledge that one or the other unit actually has in order to have a successful investigation.

>> HARRIET MOYNIHAN: Thank you. So joined up not just in cooperation between the states, but within the state. Chantal.

>> CHANTAL JORIS: I think we can use the policy as well in our advocacy. We have plenty of conversations about the role of taking on conflicts. We have one two days ago at IGF itself. So I think it just helps also sort of the completed picture from different angles and also Kati, you mentioned that it might also be leading in the way in terms of the domestic authorities and that the ICT has so many jurisdictional constraints plus this element of gravity that you mentioned that they may not be able to prosecute that many cases.

I think I find it interesting that they can prosecute in the [?] jurisdiction and we have the policy showing that it is not something totally farfetched and it contains a lot of interesting examples that can be used to think about how we can push [?].

>> HARRIET MOYNIHAN: Thank you so much. Well, we've got lots of food for thought there. Thank you to the panel for setting us up for the Q&A. So now is the chance, if you'd like to raise a question, we have a microphone here. We already have one questioner, that's perfect. Feel free to form a queue, if you'd like to raise a question. And also for those of you joining us online, please do type in your questions to Zoom and Chelsea, my online moderator will help to get those to us.

So I'd like to turn to the first questioner to say your question, please.

>> Yeah. I'm from the Finnish green Party.

Chantal mentioned about crimes against humanity or human rights violations suppression in networks.

One thing that comes to mind and this is the question more I goes Marko, in which, I guess, capacity does this apply to also partial suppression network we've seen recently in the Southeast Asian territories where Internet shutdowns did have been used to push users more towards telecommunications in a traditional way which are more easy to surveil and break that I privacy in that way.

I have a second question about Katitza was mentioning the removal of evidence by social media platforms.

There are known cases of organized crime being perpetrated or conspired through gaming platforms as well. Like the Playstation network or different other services which a lot of them don't even record or monitor the voice chats because it's much cheaper for them to turn it off in the regions where they're forced to or just leave it on and not deal with it at all.

And basically wash their hands in the regions where they're not.

What can be actually done about that?

>> HARRIET MOYNIHAN: Thank you very much for both questions. The first question was about the suppression of networks and Internet shutdowns and thinking about how the proposed policy might be relevant to that.

Marko, perhaps if I turn to you on that one initially.

>> MARKO MILANOVIC: Well thank you. It's an excellent question.

So I have to preface it though by doing this horrible lawyerly thing, which is to make some (lost audio).

>> HARRIET MOYNIHAN: Marko, we've lost the sound. Not sure if you're muted.

It's okay your end, might be our end, just give it a minute.

>> MARKO MILANOVIC: Testing.

>> HARRIET MOYNIHAN: Back. Thank you.

>> MARKO MILANOVIC: Good. The key point I want to make is that most Internet shutdowns are human rights violations. Right? In particular they violate freedom of expression.

I, you know, to date of the examples of various Internet shutdowns that many states have done, it is difficult to find an example of an Internet shutdown that could be justified. Most Internet shutdowns violate human rights in a relatively straightforward way.

However, it is difficult to say, though, that every Internet shutdown is a crime for which individuals accrue responsibility at the international level. For example, a crime against humanity.

A crime against humanity is defined, for instance, as an act which takes place in the context of a widespread or systematic attack against a civilian population. Crimes include things such as murder, extermination. They could include prosecution, which a discriminatory of human rights.

But the vast majority of Internet shutdowns will not be criminal in nature. So that is the sort of point I would make.

Remember our policy is not to put human rights online, it is about international crimes committed by cyber means.

And so only a smaller subset of human rights violations in the digital context will actually accrue criminal responsibility directly under -- under international law.

There might again be some shutdowns that could be justified. You saw, for example, how few days ago Iran shut down the Internet on its territory in order to stop cyberattacks from Israel, right, in the armed conflict.

That is one of those rare situations where you would think of a justified shutdown, maybe. Maybe. Yeah, again. So the fact that most Internet shutdowns violent human rights does not, however, translate to an international crime is the point I would make.

>> HARRIET MOYNIHAN: Thanks, Marko, very clearly explaining the distinction there.

The other question was about the removal of evidence by social media and they mentioned in particular gaming platforms and they don't even monitor voice chats sometimes. There's this problem with having evidence and retaining it.

I don't know if any of you would like to pick up on that question or the question about Internet shutdowns. You had mentioned this issue of Internet shutdowns. Do you have any thoughts on that?

>> KATITZA RODRIGUEZ: No, I wasn't mentioning whether it was rights or not, that was more my question for the prosecutor because we don't -- we are not, like, super experts on all the court case and stuff.

So it was whether or not it could potentially rise. I didn't understand the question on evidence, on platform. What was the question?

>> HARRIET MOYNIHAN: I think you'd been talking preservation of evidence and sometimes social media platforms have been accused of deleting evidence. With gaming platforms that might be a problem because they have less transparency around what they're doing and they may not be recording evidence at all.

>> KATITZA RODRIGUEZ: We don't want redemption. Preservation is for a specific crime for a specific period. It's not mass surveillance. I don't know if he was specifically concerned about, like, what I was saying, if it did exist, it would be lots of [?] access to that data.

Some companies have certain policies that -- about how long they retain certain data.

Now, when we have preservation whether there is like they don't have all the necessary data right now, but they ask authorities to preserve it for a period of time for a specific investigation, then the nuance in the [?] is that this takes 20, 40 years, like it's not crimes that come very fast. They take years and years to change in governments and be able to prosecute someone. And how we preserve the evidence and how that we work, how we do change of custody in a way that, for instance, Civil Society may be more apt today with where evidence and violations happen can learn from the traditional human rights who have been doing this for years, recommending abuses and trying to do it in the [?] age with change of custody and metadata and trying to have these standards.

So whenever is the time to bring the case to justice, the evidence can pass the test that the court set out for admissibility of evidence in the court. And that was my point.

Not to try to establish laws that will -- and I don't know if that was his concern, we'll regard all chat and voice communication on platforms, because that would be disproportionate with what the courts are aiming to do.

>> HARRIET MOYNIHAN: Shan Stahl, do you have any thoughts on this?

>> CHANTAL JORIS: I think there's discussions around the roles of larger and smaller for platforms on how they moderate content and they should have heightened human rights due diligence if their platform is used in conflict settings.

And the task can be a challenging one. You might have inciting language on the platform but if the inciting language comes from someone very high up in the government, there's a clear public interest, understanding whether they incite violence and there's public interest that can violate a policy that prohibits violence content.

That's even on the content moderation level itself, right? There is also the fact that many conflicts or, again, atrocity situations happening in languages and in markets that are unfortunately not of sort of strategic interest of the companies. So there's not a lot of resources invested to really understand and properly tackle these challenging tasks.

And of course there are sometimes also clear geopolitical alliances that also -- or alignments that would also favour one side of the conflict over the other.

And then that's only on the content moderation level. And then of course even if moderation or removal might be -- might be justified, then there's the question around, you know, how do you preserve that sort of evidence, what sort of mechanisms you have in place with accountability mechanisms or certain CSOs or international courts so that those -- so that everything doesn't get lost.

And again we're often talking about extremely restrictive information environments where we have good into exile where the only evidence that you have really comes from those users that simply witness what's happening.

>> HARRIET MOYNIHAN: Thank you. I suppose just one point about Chatham House research, some companies have bigger sophisticated [?] for providing some of that evidence to law enforcement. You mentioned some gaming platforms, but there may be other small companies that aren't set up for this. Their procedures maybe aren't ready and there may be a role for training and cooperation around those issue.

We don't, as far as I'm aware, we don't have any questions online yet, so I'm going to throw it back you to, the in-person audience. Over to you.

>> AARON: Good afternoon. I'm Aaron. I work for the heartland initiative. Thank you for the thought provoking conversation so far.

My question is to Michael, there seems to be a pretty clear tension between most Microsoft’s admirable work and partnership with the ICC and they're now well documented involvement or links to cyber-enabled crimes.

I'm talking in particular about the fact that since the Hamas attack on Israel in October 2023, Microsoft has searched capacity and services to Israeli state entities, including the ministries of defense and the IDF.

So my question, Michael, is Microsoft really in a position to lead private sector efforts to address international crimes enabled by cyber operations when the company itself can be credibly linked to those very crimes?

>> HARRIET MOYNIHAN: Thank you. So Michael, I didn't go to you before on the questions we had earlier, so feel free to pick up on the ones we've had already, including idea of companies cooperating on evidence.

But this question came up potentially about conflicts of interest, how tech companies approach those as we've heard tech companies are important in this space. Their cooperation is vital. But at the same time, it's important that conflicts of interest are managed.

So if you could talk to that.

>> MICHAEL KARIMIAN: Thank you, Harriet, glad to do so. In terms of the question on [?] I really appreciate it, Marko's articulation in the way in which the policy will relate to shutdowns. Just broadly if anyone's interested on this topic, Access Now has done tremendous work in its coalition and campaign in shedding light on the impacts and widespread use of Internet shutdowns. And that's available online at their own web page. Definitely encourage colleagues and interested stakeholders to take a look at that.

In terms of the earlier question as well on online gaming platforms, you know, historically the issues we've seen there more fit into the categories of child sex abuse material online, CSAM, as well as terrorist content. That's not to say we won't see connections to the crimes relevant it this policy, crimes against humanity, and genocide and online game platforms if we take a long-term view as to how actors will engage in those platforms in the long term.

Some stakeholders might now UK Berkeley just submitted evidence to the OTP in relation to the case in Mali, evidence in Mali which really demonstrates the use of multimedia and outrageous upon personal dignity. It's possible to see how you would witness similar uses of multimedia in online gaming platforms to answer this question and retention in some platforms is critical.

And as you touched upon, Harriet, how companies of different sizes can retain such evidence, because we should anticipate that their uses will evolve in years to come.

In terms of the question just now from my colleague from partner institute, it's a really important topic and I appreciate that it has been brought up.

There has been a lot of information in the public domain about this, and Microsoft recently published a blog post in the last month or so which is available online. And of course I encourage anyone interested to please take a moment it read that.

The blog post seeks to provide insights to the way that Microsoft has been doing to better understand issues.

We've hired an external third party to undertake independent assessment to identify the extent to which the allegations that came out in the press in January and February were truthful and as well the company has been undertaking it's own investigations in this space by engaging with Microsoft subsidiary in Israel.

With that, it was found actually there is no direct connection between the provisional Microsoft services and the conflict in Gaza. And there is work now under way to improve how human rights due diligence is applied in these contexts on companies longstanding human rights policies and practices.

To the kind of question that Aaron posed as well about conflict of interest intentions here, and Harriet you picked upon this earlier, this also came up in the discussion so far, that this is a challenge whereby, you know, these large platform companies provide products and services to a wide range of customers around the world and those customers, in turn, can use products and services in harmful ways.

This is a challenge that has existed across our companies, applied the UN guiding principles on business and human rights and the extent to which they can effectively conduct human rights due diligence and have remedies in place.

This is not unique to what we're discuss hearing in the context the ICC's OTP's upcoming policy. But it does demonstrate I think not just the responsibility that companies have. Companies have a responsibility to respect domestic law. They also have a responsibility to respect international law. Including international criminal law.

And when Microsoft's human rights policy was last abated, intentionally the Rome statute was included in the frameworks and individual conventions and frameworks which the company looks to when it seeks to you hold its corporate responsibility to respect human rights.

And so that recognition is there and is this policy will go a long way to assist companies, Microsoft among others are to be better at respecting human rights international law and the way they can help all actors addressing cybercrimes.

>> HARRIET MOYNIHAN: Thank you, Michael. And recommend that blog post as well.

We are also going to have another opportunity go to in-person questions, if there are any questions. There was one over there. Thank you. If you'd like to say where you come from before you say the question, thank you.

>> LINDA: Of course. Also want to remind you that there are two more people that want to ask questions.

Thank you so much for an excellent panel. My name is Linda and as a criminologist, I've spent a lot of time looking at traditional crime versus cybercrime and the differences between them.

And obviously there are some similarities. I would love to hear your thoughts on this when it comes to setting up cybercrimes. What are the tools we have?

>> HARRIET MOYNIHAN: Kati, you're very welcome to touch on all the things that we've heard. Similar to the point in the way that we're talking about organized crime and cybercrime. But if in your experience you're seeing anything that, you know, something unique features that the questioner mentioned and how this can be addressed.

>> KATI REITSAK: Thank you for the question. Yes, it's my -- it might seem and it definitely is that the investigating cybercrime there are so many nuances that one must know in order to get the evidence from the private partners in order to seize the evidence quickly, as I said. It's very, very prone to being deleted.

So this is the cooperation part which in some ways is the same, but the investigators have been training and have had extensive training also on how to, for example, seize digital devices not to compromise the materials that in the digital devices.

We should get the currency, because as organized crime knows itself, there's financial interests moving in these circles also. And in order for the crime not to pay, states also have an obligation to seize possible criminal assets whether they are in physical or crypto form also.

And this needs a specific knowledge and training and we -- our investigators in cybercrime units are trained to do that.

But in the end, sometimes it all comes down to the good old ways of collecting evidence. For example, you have to have [?] covered crimes. You don't necessarily have a victim. If we're talking just about cybercrimes and who could point out the actor. You need intelligence. You need good old fashioned intelligence.

Which is very difficult to get if these actors are not in your own country. And the supports the intelligence agencies and their partnerships are coming to role.

If we are talking about organized crime, cyber-enabled international crime, I wanted to point out this was asked before, and also when Civil Society was talking about communicating with victim and witnesses actually, and collecting evidence themselves, in a matter of trust, it's also important not the partners only to trust each other, but the victims and witnesses to trust the law enforcement in order to turn to us.

Because in many countries, it's not like that. In Estonia, we kind of -- we see that most people -- we trust law enforcement and we don't kind of fear retaliation if we turn to the police, right?

But it's not like that in many countries. So even if we have, for example, citizens of other countries who are on Estonian territory and could be valuable witnesses or victims of international crimes, it's also difficult to gain that trust. Because they're in a foreign country, they don't know what's going on. They don't know the traditions or the background.

So this is also something we have to address as law enforcement representatives.

Also, if we are talking that evidence -- digital evidence might disappear, so can human evidence disappear. Because loss -- judicial systems are very different how we accept a person's testimony.

For example, if we go to trial in Estonia, just this written paper may be pretrial phase, this means nothing. It's nothing. Unless I have to bring the person into court, they have to be cross-examined and then it will be like good evidence.

Otherwise, I will not be able to use this kind of pretrial piece of paper testimony. Maybe only if the person is dead or, yeah. Maybe. But that's about it.

But this is our own national kind of specifics. Every national system has its own.

So we have to think about preserving human evidence as well. Maybe because you are absolutely right, after ten, 20 years, 30 years, these crimes, crimes against -- I'm sorry, these international crimes, they don't have any statute of limitations.

>> HARRIET MOYNIHAN: Thank you. Interesting to hear some of the similarities as well as the differences and unique features.

We haven't got many minutes left, so we're going to have the two questions together. And if you could be brief and the responses will be brief, then we can stick to time. Over to you.

>> CHRISTIAN: Thank you. My name is Christian, I'm a public prosecutor from the Democratic Republic of Congo. And thank you for the insightful presentation and discussion.

So regarding the situation in the DRC, as you know, recently our courthouse has been destroyed. When the M-23 took or the town. So I would like know how can prosecutors prove command responsibility via digital [?] if our forensic labs and government labs are destroyed?

Another one is how can Article 28 of the Rome statute apply for [?] officials enabling Civil War crimes, if not, how do we close these impunity gaps?

Thank you very much.

>> HARRIET MOYNIHAN: Thank you.

>> Hi, my name's Meredith, I'm with the human rights and business centre. Thank you for this panel. My question is for Marko about any updates to the draft policy. Chantal pointed out that the language is very much in favour of cooperation for getting what's needed in order to effectively implement the new policy. But is there a shift now that we can expect in relation to accountability given, as you mentioned, that making sure that individuals are accountable for these crimes as the key ethos behind the document as such. Including tech executives who may be involved in the execution of some of this, whether or not there's explicit instructions coming from a state?

Thank you.

>> HARRIET MOYNIHAN: Thank you very much to both of you.

Given time, we're going to have very quick responses. Marko, I think one of those questions was directed to you, but if you wanted to pick up on any of them, then please do and just have one minute.

>> MARKO MILANOVIC: Sure. On the superior responsibility, I would simply direct you to looking at the draft policy. The draft policy directly addresses questions of liability for -- modes of liability other than direct commission and it includes a discussion of superior responsibility.

So we do think that an individual can be responsible by those means, by Article 28 of the statute, including for cyber-enabled crimes.

I will not talk about specific situations, though.

On the question of corporate actors and accountability, we have had very productive engagement with Civil Society organizations in particular. Those focused on business and human rights. And we took their comments on board and you will see the exact formulations the policy will use when the final text comes out.

But I can assure you that the policy does include language that acknowledges the potential criminal responsibility of corporate executives.

>> HARRIET MOYNIHAN: Thank you, Marko. Thank you for being brief.

I'm sure that we all have further comments, but I'm very conscious of time. I would just like to take this moment to do a bit of summing up before we close.

I think we've heard that the interesting international criminal law is very much fit for purpose and able to deal with cyber-enabled international crimes and we look forward to the proposed policy coming out.

But we've heard a lot about the challenges, a lot of which relate to the cross-border nature of these crimes and the digital evidence and managing that.

We've been reminded about the importance of international human rights law and also conflicts of interest in managing those.

Above all, cooperation networks are vital. And we've heard about the importance of partnerships and given many examples of those and I'm sure there will be more to come as they'll need to be strengthened in order to tackle these kinds of crimes.

So we look forward to not only the policy itself, but the influence it will surely have on different national jurisdictions as they think about how to prosecute cyber-enabled crimes.

I thank you, you in the room for your questions and thank this wonderful panel and those online. If you could join me in thanking.

The panel, please.

(Applause)

And finally, thank you to Microsoft and the International Criminal Court for co-hosting this event and I'll end it there.

Thank you.

(Applause)