This presentation by the Portuguese Delegation was made during Break-out session 1: Unannounced Inspections in the Digital Age, of the discussion on “Investigative Powers in Practice” held at the 17th meeting of the OECD Global Forum on Competition on 29 November 2018. More documents and presentations on this topic can be found at oe.cd/invpw.
Investigative powers in practice – PORTUGAL – November 2018 OECD GFC
1. BOS1: Unannounced Inspections
in the Digital Age
AdC dawn raids
A New (Digital) Model
2018 OECD Global Competition Forum
30 November 2018
Nuno Rocha de Carvalho
Member of the Board
2. 1
AdC’s investigative powers
• Comprehensive inspection powers (undertakings, private
homes, vehicles; shareholders, managers, staff)
• Including for digital evidence: “regardless of the respective
storage medium”
• Exceptions:
(i) unread emails
(ii) some mobile phone data (?)
(iii) legal professional privilege (LPP)
• Judicial warrant defines scope (undertakings, infringement,
time limit)
4. 3
2013 dawn raid
• 1 case, 10/15 companies
• 1 day inspection
• 5m documents seized vs 2,000 documents used to prove
infringement
• Strong litigation as regards access to file and
confidentialities
• Long and very difficult data review process
• Circa 3 years before the SO
5. 4
New dawn raid model
• Training / investment in people
• Longer duration of dawn raids (1 to 2 weeks)
• More people involved per team / minimum of 5 people per target
• 1 team leader / real-time communication between team leaders
• Mix of staff (lawyers, economists and IT experts)
• Dedicated team conducting all dawn raids (experience / know-how)
• Strong back office coordination and support
and
Advanced forensic IT software + (longer) on-site preliminary review
6. 5
Why (longer) on-site preliminary review?
• Unread e-mails cannot be seized: must be excluded on site
before review
• LPP data must be excluded too (includes in-house lawyers)
• Judicial warrant with limited scope (seizing data beyond
scope needs validation within 72 hours)
• Strong litigation regarding confidential information and
access to file
7. 6
New “digitized” procedure
• Dawn raid preparation - email systems used, email archiving,
backups, file systems, encryption, selection of targets, etc.
• Dawn raid execution - interview with IT manager, collect files,
index, search, tag, seize
• Internal forensic IT procedures: relevant (digital) data
identification, preservation, collection, processing, review,
seizing
• Document review (forensic IT): threads/clusters (group
items by thread and similarity), metadata (item number,
item origin, job title), filters, tags
8. 7
AdC dawn raids - 2017
Retail / large retail
21 premises
First SO August 2018
Insurance
5 premises
SO in August 2018
River cruises
1 premises
Case closed in 2017
Driving schools
1 premises
SO and infringement
decision in 2017
Railway maintenance
7 premises
SO in September 2018
35 COMPANY PREMISES DAWNRAIDED
9. 8
Statistics 2017
Statistics
Companies dawnraided 44 (35 premises)
Computers/mailboxes searched 439
Data processed (forensic IT) ~40 million documents
Duration Average 9 days per target
(indexing may take 2 days)
Files copied & seized ~40,000
Volume of data collected 13.5 GB
10. 9
Does it work?
Old model
2013 example
New model
2017 example
• 1 case, 10/15 companies 16 cases, 35 company premises
• 1 day inspection 1 or 2 weeks inspection per target
• Five million documents seized ~40,000 relevant documents seized
• Strong litigation as regards access to file
and confidentialities
• Long and very difficult data review
process
Preliminary assessment on-site
Speedier data review after inspection
(4,000 docs per week with forensic IT
software; circa 3 months in total)
• Only 2,000 documents used to prove the
infringement
Low percentage of irrelevant data
• Circa 3 years before the SO SO was issued during the first 12 months
11. 10
Final remarks (1)
Challenges
• Legal: unread emails, LPP, privacy, mobile phones…
• Technical: digital’s fast-pace evolution
• Resources:
• Investment in forensic IT software: high costs vs
speed / efficiency / structural changes
• Capacity building
12. 11
Final remarks (2)
Lessons learned
Investment in high-tech tools is essential, but….
• Staff training is key
• Planning
• Procedures: everything should be documented and
all cases should be “managed” in the same way
• Challenge: strategic decisions today that further
investigations and enhance results in the long term