As we all know, by means of phishing the perpetrator aims to trick the recipient of an email, a phone call, or a text message into disclosing financial information, banking access credentials, or other sensitive data or into accessing fake web pages or links, thereby making a mistake and in this way obtain a disposition of money in favour of the perpetrator, that would not have otherwise been obtained, causing financial loss for the victim and financial gain for the perpetrator.
The Supreme Court, in various rulings on territorial jurisdiction queries, has determined that the principle of ubiquity has been superseded by the principle of effectiveness in the investigation when dealing with this type of crime committed through electronic or telematic devices. However, the jurisdiction to investigate fraud where no devices are involved continues to be based primarily on the principle of ubiquity.
For instance, in ATS 997/2020, the Court stated that despite its established jurisprudence declaring that the crime of fraud is committed in all jurisdictions where some element of the offense occurs, and thus the judge in any of these jurisdictions who first initiates proceedings will have jurisdiction over the case (in accordance with the Non-Jurisdictional Plenary Agreement of February 3, 2005), the principle of effectiveness in investigation supersedes the theory of ubiquity in computer crimes.
This is because, as noted by the Supreme Court in resolving Query on Jurisdiction No. 73/2020, by resolution dated October 22, in the case of computer fraud, the theory of ubiquity could lead us to a foreign court or the cloud. Thus, the relevant factor may be the intermediary’s place of residence, as it is in this location where the investigation can be effective, including taking statements and examining the suspect’s computer equipment.
This approach has also been upheld in the Supreme Court resolutions on jurisdictional issues, such as No. 20389/19 dated 24/10/2019, and No. 20608/2019 dated 28/11/2019, and earlier cases including 7/2013, 8/5/2013, 16/10/2013 and 28/06/2018.
Thus, the first of these resolutions states that jurisdiction in cases of phishing should be determined by the location where the police investigation can be successful, where elements of the crime have been carried out, where operations can be conducted on the computers, thereby making the investigation effective.
In conclusion, it is essential to prioritize the location where the investigation can be most effective, when electronic or telematic elements are involved.
