Business, organizations, and individuals can largely contribute to a better collective response to botnets. Apart from the power of thwarting attacks as they occur, multistakeholders play a meaningful role in handing over evidence to law enforcement about botnet crimes. Yet, criminal procedure law places significant a threshold on how evidence collected by third parties may be used in a criminal investigation and before court. In this study, I am particularly interested with the so-called category of illegally obtained evidence, in other words, evidence that is amassed in a way that (potentially) violates the standards prescribed by criminal procedural law. This distinction is downright pertinent to the current debate on botnet intelligence that could be disclosed to law enforcement and, more importantly, on whether data gathered in grey zones of the law could be used against cybercriminals.

Traditionally, legal systems have opposed to the doctrine of the fruit of the poisonous tree. Following this stream, evidence gathered via unlawful means suffers from the same spoilage as the original source of the collection. According to this doctrine, illegally obtained evidence is per se illegal and holds no value in the due legal procedure. This remains largely the doctrine adopted by most civil law systems, including many EU Member States. However, pragmatic perspectives of the law have refused to repudiate the nature of the poisonous fruits: the silver platter doctrine has gained space among EU Member States, such as the Netherlands, where illegally obtained evidence handed over to law enforcement, where such unlawful obtaining was not influenced by the authorities, should not be disavowed but brought into play. I intend to investigate whether an adaptation of the silver platter doctrine may be deemed legitimate in the context of cybercrime and justify the sharing of botnet evidence with law enforcement where such data is collected by businesses, organizations, and individuals.

This is an experimental study. It explores and critically analyses the main trends on the use of unlawfully obtained evidence by law enforcement in the U.S. and in select EU Member States (the NL and DE or FR). It builds upon these findings to propose rules that may pave the way for greater use of botnet evidence by law enforcement in a way that is consistent and respectful of the EU framework for fundamental rights: including the limits and opportunities that such a framework may entail.