As cloud computing establishes itself as a core infrastructure for both individuals and businesses, a wide range of activities are being conducted through cloud services.
Consequently, as criminal evidence becomes increasingly concentrated in the clou...
As cloud computing establishes itself as a core infrastructure for both individuals and businesses, a wide range of activities are being conducted through cloud services.
Consequently, as criminal evidence becomes increasingly concentrated in the cloud, there is a growing need to review execution techniques and legal grounds for search and seizure. However, the current Criminal Procedure Act is still designed with physical storage media as a premise, necessitating the application of new legal principles that reflect the technical characteristics of the cloud, such as location uncertainty, distributed storage, and extraterritorial jurisdiction.
This study reviews and analyzes key issues regarding the practical execution techniques of cloud search and seizure, focusing on Supreme Court precedents and current legislation. First, regarding the guarantee of the suspect’s right to participate, this study proposes determining the scope of this right in corporate cloud environments based on the “substantive control and management” relationship with the information subject to seizure. Second, regarding the legality of technical execution means in cases of CSP (Cloud Service Provider) non-cooperation, this study examines the legality of authorized access methods – such as account credentials, auto-login sessions, and official APIs – and concludes the illegality and exceptional nature of exploiting security vulnerabilities. Third, regarding the permissibility of active measures for evidence preservation, the analysis is divided into two perspectives: data freezing and password changes. The newly introduced Electronic Evidence Preservation Request System under Article 215-2 of the Criminal Procedure Act (December 2025) provides a legal basis for preserving cloud data through cooperation requests to CSPs, and in cases where investigative authorities directly employ technical means, the necessity of prior court permission varies depending on the scope of data freezing. Meanwhile, changing account passwords is deemed to exceed the scope of necessary dispositions and is generally impermissible. Fourth, regarding the assurance of authenticity and integrity of digital evidence stored in the cloud, systematic verification methods – including acquisition hash verification, timestamp certification, and metadata management – are derived to secure the admissibility of cloud evidence. This study presents concrete interpretation standards for judging the legality of cloud search and seizure, reflecting recent legislative developments.