Dear Professor Gu, Professor Hao, and各位 experts and colleagues:

Standing here today, it’s clear that we’re not just discussing technological innovation—this is, in fact, a profound transformation that goes to the very heart of criminal defense. Digital and AI technologies are far more than mere tool upgrades; they act like powerful solvents, rapidly eroding the once-relatively distinct barriers between traditional legal domains. As a result, civil, administrative, and criminal legal relationships are now intertwining, permeating—and even merging—in ways never seen before. Meanwhile, the introduction of the "Law on Promoting the Private Economy" reflects the complex, multifaceted risks and challenges faced by both users and businesses in today’s evolving landscape, calling for systematic, comprehensive, and integrated solutions.

The challenges we face aren’t just the sheer volume of case files and the massive amount of big data involved—criminal methods are now increasingly digital and intelligent, forcing us to adopt a big-data-driven approach to defense. At the same time, we’re also confronted with the growing complexity of legal relationships, which manifests in three key areas: the intricate intertwining of the case’s underlying facts, the overlapping and nested nature of legal responsibilities, and the groundbreaking transformation in the forms evidence takes.

First is the complexity of the case's underlying facts.

A case involving the suspected crime of illegally obtaining data from a computer information system may originate from an employee violating the confidentiality clauses in their employment contract (a civil breach of contract), compounded by the company’s failure to implement the classification and grading protection measures required under the Data Security Law (an administrative offense), ultimately triggering criminal risks.

Second, there is an intricate interplay and overlapping of legal responsibilities.

A seemingly simple act of "data scraping"—such as illegally extracting backend data in violation of platform rules, storing it, and then selling it to third parties—constitutes a civil infringement. This not only triggers Article 2 of the Anti-Unfair Competition Law, exposing perpetrators to hefty compensation claims and costly legal defense expenses (e.g., undermining Weibo’s control over its data, thereby increasing the risk of the platform being replaced)—but also violates mandatory provisions under the Data Security Law, the Personal Information Protection Law, and the Anti-Unfair Competition Law, leading to severe administrative penalties like substantial fines or even license revocation. In cases where the offense is particularly serious or pursued with illicit intent, it could escalate into criminal charges such as the crime of infringing on citizens’ personal information, the crime of illegally obtaining data from computer information systems, the crime of disrupting production and business operations, or the crime of infringing on trade secrets.

For instance, a company providing AI face-swapping technology recently faced a civil lawsuit filed by users alleging infringement of their portrait rights and privacy rights. In response, the Cyberspace Administration imposed a hefty fine under the "Provisional Measures for the Administration of Generative AI Services"—a form of administrative penalty. If the circumstances are deemed particularly serious, the case could even escalate to criminal charges. Take, for example, a case from Xiaoshan District in Hangzhou, Zhejiang Province: the defendant, Yu Molong, allegedly collected facial data from over 100 individuals and used this information to create explicit videos featuring face swaps, which he then sold in social media groups. As a result, the local procuratorate not only brought criminal charges against him for profiting from the production and distribution of obscene materials but also initiated a public interest civil lawsuit. The court ordered Yu to immediately cease all infringing activities, delete all personal information related to the case stored in a particular social media group, and pay compensation totaling 60,000 yuan, along with issuing a public apology.

Third, a disruptive transformation in the form of evidence.

When it comes to expert opinions or investigative conclusions based on big data analysis, lacking a deep understanding of relevant technical standards—such as recommended national standards and industry guidelines—and the legality of data sources (which must be assessed in conjunction with administrative regulatory requirements) can lead to superficial challenges that fail to undermine the core evidentiary strength of such evidence. For instance, when evaluating the admissibility of an intelligent contract record in a criminal case, it’s not enough to simply examine the contract’s validity from a civil perspective; one must also grasp its underlying technical principles, verify whether its creation and storage comply with administrative regulations like the "Electronic Signature Law" and the "Regulations on Blockchain Information Service Management (2019)," before finally assessing its legality and authenticity within the context of criminal proceedings.

This means that relying solely on the Criminal Code and the Criminal Procedure Law to tackle the intricate web woven by technology proves insufficient, leaving us scrambling to keep up—and even risking falling into cognitive blind spots like "failing to see the forest for the trees," strategic weaknesses such as treating symptoms rather than addressing root causes, and evidentiary challenges that feel like scratching an itch through your boot. Ultimately, this approach undermines the very foundation of our defense strategy, potentially missing the critical opportunity to strike at the heart of the issue.

Therefore, criminal defense in the digital and intelligent era requires even more To build an integrated civil-criminal thinking approach, here are four suggestions:

First, Consider the case within the legal ecosystem where civil and criminal laws intersect. For instance, consider a case involving the scraping of publicly available data: First, from a civil perspective, examine the legality of the data source and its authorization status—specifically, whether violating the Robots Protocol constitutes an infringement. Next, assess whether the scraping activity itself, as well as any subsequent use of the data, complies with administrative regulations such as the Data Security Law, the Network Data Security Management Regulations, and the Personal Information Protection Law. Only then should the analysis focus on whether the actions meet the legal elements required to establish offenses like illegally obtaining data from computer information systems or infringing upon citizens' personal information. This comprehensive, panoramic approach is essential for mounting a precise defense.

Second, effectively leverage proactive civil liability to defuse or dilute criminal responsibility. The biggest misconception in defending against data-related criminal charges lies in isolating the elements of the criminal offense while overlooking underlying civil ownership disputes and the absence of necessary administrative permits. When these fundamental legal relationships are flawed, the very basis of the criminal prosecution can be significantly weakened—or even completely undermined. For instance, we can argue that the act’s legality under civil law effectively negates its criminal illegality. Similarly, consider a case involving a senior corporate executive: If it can be demonstrated that the critical decision triggering criminal liability stemmed from the company’s failure to comply with mandatory administrative regulations and its inability to establish an effective compliance system, this could help separate individual accountability from organizational responsibility, exposing the multifaceted nature of the risk—and ultimately creating room for the individual to avoid prosecution or receive a lighter sentence.

For instance, the suspect allegedly collected over 10,000 pieces of citizens' personal information—gathered through exchanges at work—and sent them via a "customer service list" to an internal WeChat group shared among company employees, who then used this data to expand their business operations. However, upon further investigation, it was revealed that Zhang and his company had obtained participant information as the event organizer and had clearly disclosed the purpose of data usage on their official public account. Moreover, participants voluntarily provided their information, which constitutes informed consent under civil law. The information-gathering process did not violate the "lawful, legitimate, and necessary" principles stipulated in Article 1035 of the Civil Code. Therefore, if the data is obtained from the fulfillment of contracts (such as user registration agreements) or through informed consent, and is used for legitimate business activities, it is necessary to invoke Articles 111, 1034, and 1035 of the Civil Code to demonstrate how the lawful handling of personal information can effectively preclude criminal liability.

For instance, in a financial data-crawling scenario, if the target of the crawl is customer data from a licensed financial institution that hasn’t yet achieved Level 3 certification under the Network Security Protection Scheme, Article 27 of the Data Security Law stipulates that organizations handling important data must implement the "Security Protection System." In such cases, the legitimacy of the institution’s control over the data could come into question. Under these circumstances, one might invoke Article 21 of the Data Security Law, which addresses data classification and grading, to argue that administrative non-compliance has weakened the organization’s data rights—potentially undermining their position in criminal proceedings. This approach could help reduce the severity of criminal charges, creating room for a more lenient sentencing during the defense phase.

Third, leverage civil and administrative law standards along with similar civil and administrative cases to build a more robust defense and offense system, ultimately achieving effective advocacy.

For instance, in cases involving the infringement of trade secrets, it’s essential not only to apply relevant criminal judicial interpretations but also to study the Provisions on Several Issues Concerning the Application of Law in Civil Cases Involving Infringement of Commercial Secrets. Some key principles derived from civil court rulings—particularly those addressing the determination of non-public knowledge and the assessment of identity—can provide valuable insights that significantly inform defense strategies in criminal cases as well.

For instance, when authenticating the authenticity of electronic evidence, it is essential not only to refer to and apply relevant criminal regulations such as the "Provisions of the Supreme People's Court, Supreme People's Procuratorate, and Ministry of Public Security on Several Issues Concerning the Collection, Extraction, and Examination & Adjudication of Electronic Data in Criminal Cases," but also to draw upon Articles 93 and 94 of the "Several Provisions on Evidence in Civil Litigation (2020)," which provide detailed guidelines specifically tailored for assessing the credibility of electronic evidence, thereby aiding the authentication process.

Fourth, the role of defense lawyers needs to evolve from "putting out fires after they happen" to "providing early warnings." Leveraging integrated thinking to help corporate or individual clients establish comprehensive risk management solutions that cover the entire lifecycle—ranging from civil and commercial contract reviews (such as data licensing agreements) to building administrative compliance frameworks (including data security management systems and algorithmic ethics review mechanisms), as well as identifying and assessing criminal risks.

Facing the challenges of our time, criminal lawyers must step out of their comfort zones—so how can they embrace and implement integrated thinking? Forging a "multi-faceted" knowledge system and an "Technology+" mindset, Break down professional barriers by forming integrated service teams tailored to each case, bringing together experts in civil and commercial law, administrative law, intellectual property, data compliance, and more—collaborating closely with technical specialists should become the new norm. For instance, in the high-profile case involving a corporate group suspected of organized crime that Star Law handled, we assembled a comprehensive legal team specializing in criminal, civil, and commercial compliance during the investigation phase. After four years of intense legal battles, the team thoroughly assessed the group’s operational risks, provided detailed recommendations for improvement, and ultimately succeeded in removing the "black label" associated with the case—as well as addressing four enterprise-related criminal charges—while safeguarding the company’s core assets throughout the process.

In the age of digital technology and AI, criminal defense lawyers must embrace an integrated civil-criminal- administrative mindset—not to blur the boundaries of legal domains, but rather to transcend the barriers between specialized areas of law. This approach will enhance their ability to grasp the unity of the legal system, enabling them to break free from the conventional limits of traditional criminal legal services and advocate more effectively for their clients' rights across a broader legal landscape. Only then can criminal defense truly thrive, unlocking new and even greater vitality in the face of unprecedented challenges posed by today’s evolving legal environment!

Thank you, everyone!