Between Technological Regulation and Legal Regulation: The Challenge of Privacy in Criminal Law
Democracy
Human Rights
Regulation
Technology
Rule of Law
To access full paper downloads, participants are encouraged to install the official Event App, available on the App Store.
Abstract
The use of information technologies in criminal investigations has expanded significantly, with growing reliance on communication data from phones and computers, as well as offensive tools such as spyware—often without explicit legal regulation. This study examines how technological advancements have shifted the regulation of law enforcement tools from traditional legal frameworks (“legal regulation”) to technological regulation, a shift with profound implications for governance, accountability, and fundamental rights.
Digital evidence, including metadata and content from electronic devices, is increasingly collected using advanced spyware tools (e.g., NSO and Cellebrite). These technologies enable covert data extraction, remote camera activation, and ambient conversation recording—often without judicial oversight. This raises urgent questions about the compatibility of existing legal frameworks—designed for physical searches—with digital surveillance and law enforcement challenges.
While scholars have explored spyware in criminal law—often framed as “government hacking” (Mayer) or as a challenge to the conceptualization of the computer as “the new castle” (Skorvaneky et al.)—the specific role of technological regulation in criminal law remains underexplored. Existing research on technological regulation has largely focused on privacy, information governance, and copyright law (Grimmelmann, De Filippi, and Samer), yet its impact on criminal justice remains largely unexamined.
This study argues that spyware adoption constitutes a form of technological regulation, shifting decision-making power from legislative oversight to opaque technological processes. However, this model is unsuitable for criminal law, given its lack of transparency, accountability, and fundamental rights protections. Criminal law requires formal legal regulation rooted in primary legislation rather than reliance on technology-driven enforcement.
By framing spyware as a regulatory mechanism, this study offers a normative perspective on its governance. Unlike Mayer’s view of spyware as hacking, I argue that it functions as a distinct regulatory tool, raising critical concerns about state power, digital rights, and democratic accountability.
