Algorithmic Expert Evidence
Audit and challenge of expert evidence based on algorithms: facial recognition, predictive models and automated evidence analysis.
Last updated:
Algorithmic expert evidence is that which rests on the result of a computational model —traditionally statistical, today frequently AI— and is submitted to the process as element of judicial conviction. It ranges from facial recognition in security cameras to predictive models of recidivism that have been proposed for parole decisions. Its entry into criminal process requires reinforced technical defense: no algorithm is neutral and none is infallible.
Types of Algorithmic Expert Evidence
Under the common label of algorithmic evidence coexist very different instruments, each with its own weaknesses. Facial recognition compares a captured face with a database and yields a probability of match; its reliability varies with image quality and the model's population bias. Recidivism prediction models score an individual's risk from historical variables, with the danger of turning social correlations into judgments of dangerousness. Automated analysis of image, audio and text tracks patterns across large volumes of evidence (messaging, records, interceptions). And biometric and voice matching systems identify or rule out a person by physical or acoustic traits. Distinguishing which type of model is involved is the first step to challenging it: the strategy against a facial match is not the same as against a recidivism score.
Admissibility Requirements
The new evidentiary paradigm, aligned with the EU AI Regulation 2024/1689 and case law of the Constitutional Court and ECtHR (Bărbulescu case and derivatives), requires algorithmic evidence to meet: (1) traceability of the model (which algorithm, which version, which training dataset), (2) error metrics documented and published, (3) reproducibility with independent methodology, and (4) significant human supervision, not merely formal. Lacking these guarantees, the evidence does not deserve probative value and the defense may seek its exclusion and the nullity of derivative proceedings under Article 11.1 LOPJ.
Audit of Dataset and Biases
The core of the technical contradiction lies in the data the model learned from. A dataset that is unrepresentative, outdated or built on complaint data (rather than actual crime) passes to the result a structural bias that systematically harms certain profiles. The defense, through an independent expert, examines the origin and composition of the dataset, its balance across population groups, the labeling decisions and the validation criteria. The aim is not abstract: it is to document how that bias affects the specific profile of the accused —age, gender, origin, socioeconomic profile— to show that the result is not a neutral technical truth, but a product conditioned by the data.
Error Metrics and Their Significance
No classifier is always right: every model operates with a rate of false positives and false negatives. What is decisive in criminal proceedings is that those rates be known, documented and evaluated for the case. A facial identification with a high probability in the abstract may have a much lower probative value when the real error rate for low-quality images or for the accused's population group is considered. The defense translates the metrics into their procedural consequence: if the algorithmic evidence was the main basis of the imputation and carries a reasonable doubt, the presumption of innocence operates. A statistical hit by the model does not equal certainty about the specific fact tried.
Contradictory Defense
We structure the contradiction in three moves. First, the demand for traceability: a procedural request for the full documentation of the model (architecture, dataset, metrics, validation date). Second, the independent algorithmic expert report, commissioned from a data scientist with judicial accreditation to reproduce the result —or an equivalent— and issue a report on its reliability and biases. Third, the anticipated contradiction during the instruction phase, before the result consolidates judicial conviction. When the model is owned by a private company, trade secret may be raised, but not absolutely: the Constitutional Court has prioritized the right of defense when the algorithmic evidence is decisive for the conviction.
Penalty Chart
| Type / Scenario | Criminal Penalty |
|---|---|
| Exclusion of determinant evidence | When algorithmic evidence was the main basis of imputation, its exclusion typically leads to dismissal or acquittal. |
| Nullity of derived actions | If algorithmic evidence permitted other proceedings (searches, interceptions), its nullity drags the derivatives (Art. 11.1 LOPJ). |
| Evidentiary limitation | Even if admitted, algorithmic evidence may see its conviction force greatly reduced after serious technical contradiction. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Our Defense Strategy
Anticipated Expert Contradiction
Party expert evidence during instruction before the algorithmic result consolidates judicial conviction.
Specific Bias Analysis
Document how the model's biases affect the specific profile of the accused (race, gender, age, socioeconomic profile).
Request for Independent Audit
Request the court to appoint an independent judicial expert to audit the prosecution's algorithm.
Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide
Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.
Penalty Table: Cybercrime
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Illegal access to systems | Art. 197 bis | Unauthorised access breaching security measures | 6 months – 2 years |
| Interception of data | Art. 197 bis.2 | Intercepting non-public data transmissions | 3 months – 2 years |
| Production/supply of hacking tools | Art. 197 ter | Creating or distributing tools designed for cybercrime | 6 months – 2 years |
| Computer damage (basic) | Art. 264.1 | Deleting, damaging or making data inaccessible | 6 months – 3 years |
| Aggravated damage (critical infrastructure) | Art. 264.2 | Affecting essential services or critical infrastructure | 2 – 5 years prison |
| Cyber fraud (phishing) | Art. 249.1.a | IT manipulation to obtain unlawful transfer of assets | 6 months – 3 years |
Key Defence Strategies
IP Attribution Challenge
An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.
Chain of Digital Custody
Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.
Authorised Security Testing
Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.
Lack of 'Breaching Security Measures'
Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.
Key Case Law
The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.
The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.
In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.