
Criminal Defence for Algorithmic Expert Evidence
Audit and challenge of expert evidence based on algorithms: facial recognition, predictive models and automated evidence analysis.
Last updated:
Algorithmic expert evidence is that which rests on the result of a computational model —traditionally statistical, today frequently AI— and is submitted to the process as element of judicial conviction. It ranges from facial recognition in security cameras to predictive models of recidivism that have been proposed for parole decisions. Its entry into criminal process requires reinforced technical defense: no algorithm is neutral and none is infallible.
Types of Algorithmic Expert Evidence
Under the common label of algorithmic evidence coexist very different instruments, each with its own weaknesses. Facial recognition compares a captured face with a database and yields a probability of match; its reliability varies with image quality and the model's population bias. Recidivism prediction models score an individual's risk from historical variables, with the danger of turning social correlations into judgments of dangerousness. Automated analysis of image, audio and text tracks patterns across large volumes of evidence (messaging, records, interceptions). And biometric and voice matching systems identify or rule out a person by physical or acoustic traits. Distinguishing which type of model is involved is the first step to challenging it: the strategy against a facial match is not the same as against a recidivism score.
Admissibility Requirements
The new evidentiary paradigm, aligned with the EU AI Regulation 2024/1689 and case law of the Constitutional Court and the ECtHR on employer monitoring of employee communications and derivatives, requires algorithmic evidence to meet: (1) traceability of the model (which algorithm, which version, which training dataset), (2) error metrics documented and published, (3) reproducibility with independent methodology, and (4) significant human supervision, not merely formal. Lacking these guarantees, the evidence does not deserve probative value and the defense may seek its exclusion and the nullity of derivative proceedings under Article 11.1 LOPJ.
Audit of Dataset and Biases
The core of the technical contradiction lies in the data the model learned from. A dataset that is unrepresentative, outdated or built on complaint data (rather than actual crime) passes to the result a structural bias that systematically harms certain profiles. The defense, through an independent expert, examines the origin and composition of the dataset, its balance across population groups, the labeling decisions and the validation criteria. The aim is not abstract: it is to document how that bias affects the specific profile of the accused —age, gender, origin, socioeconomic profile— to show that the result is not a neutral technical truth, but a product conditioned by the data.
Error Metrics and Their Significance
No classifier is always right: every model operates with a rate of false positives and false negatives. What is decisive in criminal proceedings is that those rates be known, documented and evaluated for the case. A facial identification with a high probability in the abstract may have a much lower probative value when the real error rate for low-quality images or for the accused's population group is considered. The defense translates the metrics into their procedural consequence: if the algorithmic evidence was the main basis of the imputation and carries a reasonable doubt, the presumption of innocence operates. A statistical hit by the model does not equal certainty about the specific fact tried.
Contradictory Defense
We structure the contradiction in three moves. First, the demand for traceability: a procedural request for the full documentation of the model (architecture, dataset, metrics, validation date). Second, the independent algorithmic expert report, commissioned from a data scientist with judicial accreditation to reproduce the result —or an equivalent— and issue a report on its reliability and biases. Third, the anticipated contradiction during the instruction phase, before the result consolidates judicial conviction. When the model is owned by a private company, trade secret may be raised, but not absolutely: the Constitutional Court has prioritized the right of defense when the algorithmic evidence is decisive for the conviction.
Lawfulness of obtainment: from the device to the algorithm (Art. 18.3 SC and 588 bis/ter/sexies LECrim)
Before debating whether an automated model is reliable, one must verify how the underlying data was obtained. Algorithmic evidence rarely arises in a vacuum: it feeds on communications traffic, device images or remote logs. The first line of defence is therefore scrutiny of the lawfulness of the intrusion. Secrecy of communications (Art. 18.3 of the Spanish Constitution) requires a reasoned judicial order to intercept messaging, metadata or traffic data, under Arts. 588 bis a) and following and 588 ter LECrim, which impose the principles of specificity, suitability, exceptionality, necessity and proportionality.
Where the analysis bears on a seized phone, computer or storage medium, the search of mass-storage devices is governed by Art. 588 sexies LECrim, which demands a specific, reasoned authorisation even if the device was seized during a home search already ordered. A generic warrant to enter and search does not, by itself, authorise exploring the device's digital content. If the expert evidence starts from access that exceeds the authorised scope or lacks judicial cover, the defence can attack the origin of the data and, with it, the entire opinion built on that basis.
The exclusionary rule and its reflex effect: when the opinion is tainted by its origin (Art. 11.1 LOPJ)
Art. 11.1 of the Organic Law of the Judiciary provides that evidence obtained, directly or indirectly, in breach of fundamental rights and freedoms shall have no effect. This is the exclusionary rule, and its reach is not confined to the initial unlawful step: it can extend to derivative evidence. If the source digital material was captured in violation of the secrecy of communications or of privacy, the expert opinion that processes it may be affected by the unlawfulness link, so that its result cannot be weighed at trial.
The defence strategy is to reconstruct the causal chain from the source of the data to the expert's conclusion, identifying at which link the fundamental right was infringed and whether the unlawfulness link that drags down derivative evidence is present. Not every procedural irregularity rises to a constitutional violation with exclusionary effect; a rigorous defence distinguishes between a mere formal defect, which affects reliability but not necessarily lawfulness, and a genuine breach of a fundamental right, which does trigger Art. 11.1 LOPJ and the consequent removal of the material from the body of evidence.
Authenticity, integrity and chain of custody of digital data
An automated model is only as reliable as the data it ingests. The defence therefore examines the traceability of the digital medium: when and by whom it was obtained, how it was preserved, what hash value was computed to guarantee that the analysed copy is identical to the original, and whether that fingerprint remained unchanged across successive handling. Any break in the chain of custody opens a reasonable doubt about the authenticity and integrity of the evidence.
The chain of custody is not a formality: it is the guarantee that what was examined is what was actually seized and that it has not been altered, contaminated or substituted. An image without hash verification, an undocumented forensic copy, an incomplete log record or an unaccounted custody link are cracks the defence can exploit. Where the integrity of the data is not proven by the prosecution, the court should not cure that gap by presuming regularity: doubt about integrity must be resolved in favour of the accused, consistently with the presumption of innocence.
Transparency, explainability and adversarial testing of the model (Art. 24 SC)
The right to due process and to adversarial defence (Art. 24 of the Spanish Constitution) has a specific projection against algorithmic evidence. It is not enough for a system to output a result; the defence is entitled to know and to challenge the method. This requires transparency about the system's logic, explainability of how the conclusion is reached, access to the parameters and training data where decisive, and the ability to subject the model to independent validation. An opinion resting on an opaque algorithm whose inner workings cannot be audited by the party undermines the adversarial principle.
Contradictory expert evidence is the central tool: the defence may appoint its own expert to review the methodology, the system's error rate, false positives, dataset bias and the model's suitability for the specific case. It is also worth pinning down the substantive limit of any criminal reproach. The debate over an automated system's reliability often intersects with underlying offences such as computer fraud under Art. 249.1.a of the Criminal Code, computer damage under Art. 264 CP, unlawful access to systems under Art. 197 bis CP, or reckless money laundering under Art. 301.3 CP; and, for synthetic intimate images, it must be noted that Art. 197.7 CP was conceived for the dissemination of real images obtained with consent, so its application to fully AI-generated content is contested. The burden of proving every element lies with the prosecution: if the model does not withstand scrutiny, the presumption of innocence must prevail.
Penalties & Consequences: Criminal Defence for Algorithmic Expert Evidence
| Type / Scenario | Criminal Penalty |
|---|---|
| Exclusion of determinant evidence | When algorithmic evidence was the main basis of imputation, its exclusion typically leads to dismissal or acquittal. |
| Nullity of derived actions | If algorithmic evidence permitted other proceedings (searches, interceptions), its nullity drags the derivatives (Art. 11.1 LOPJ). |
| Evidentiary limitation | Even if admitted, algorithmic evidence may see its conviction force greatly reduced after serious technical contradiction. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Defense Strategy: Criminal Defence for Algorithmic Expert Evidence
Anticipated Expert Contradiction
Party expert evidence during instruction before the algorithmic result consolidates judicial conviction.
Specific Bias Analysis
Document how the model's biases affect the specific profile of the accused (race, gender, age, socioeconomic profile).
Request for Independent Audit
Request the court to appoint an independent judicial expert to audit the prosecution's algorithm.
Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide
Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.
Penalty Table: Cybercrime
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Illegal access to systems | Art. 197 bis | Unauthorised access breaching security measures | 6 months – 2 years |
| Interception of data | Art. 197 bis.2 | Intercepting non-public data transmissions | 3 months – 2 years |
| Production/supply of hacking tools | Art. 197 ter | Creating or distributing tools designed for cybercrime | 6 months – 2 years |
| Computer damage (basic) | Art. 264.1 | Deleting, damaging or making data inaccessible | 6 months – 3 years |
| Aggravated damage (critical infrastructure) | Art. 264.2 | Affecting essential services or critical infrastructure | 2 – 5 years prison |
| Cyber fraud (phishing) | Art. 249.1.a | IT manipulation to obtain unlawful transfer of assets | 6 months – 3 years |
Key Defence Strategies
IP Attribution Challenge
An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.
Chain of Digital Custody
Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.
Authorised Security Testing
Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.
Lack of 'Breaching Security Measures'
Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.
Key Case Law
The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.
The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.
In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.