Jump to content

User:Freddie Threepwood/sandbox

From Wikipedia, the free encyclopedia
Evidence
Part of the law series
Types of evidence
Relevance
Authentication
Witnesses
Hearsay and exceptions
Other common law areas

In evidence law, digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.[1] Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required.[1]

The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction logs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or audio files.[2]

Many courts in the United States have applied the Federal Rules of Evidence to digital evidence in a similar way to traditional documents, although important differences such as the lack of established standards and procedures have been noted.[3] In addition, digital evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive, and more readily available. As such, some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule, and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil Procedure requiring the preservation and disclosure of electronically stored evidence. Digital evidence is often attacked for its authenticity due to the ease with which it can be modified, although courts are beginning to reject this argument without proof of tampering.[4]

Admissibility[edit]

Digital evidence is often ruled inadmissible by courts because it was obtained without authorization.[1] In most jurisdictions a warrant is required to seize and investigate digital devices. In a digital investigation this can present problems where, for example, evidence of other crimes are identified while investigating another. During a 1999 investigation into online harassment by Keith Schroeder investigators found pornographic images of children on his computer. A second warrant had to be obtained before the evidence could be used to charge Schroeder.[1][5]

Authentication[edit]

As with any evidence, the proponent of digital evidence must lay the proper foundation. Courts largely concerned themselves with the reliability of such digital evidence.[4] As such, early court decisions required that authentication called "for a more comprehensive foundation." US v. Scholle, 553 F.2d 1109 (8th Cir. 1976). As courts became more familiar with digital documents, they backed away from the higher standard and have since held that "computer data compilations… should be treated as any other record." US v. Vela, 673 F.2d 86, 90 (5th Cir. 1982).

A common attack on digital evidence is that digital media can be easily altered. However, in 2002 a US court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness" (US v. Bonallo, 858 F. 2d 1427 - 1988 - Court of Appeals, 9th).[1][6]

Nevertheless, the "more comprehensive" foundation required by Scholle remains good practice. The American Law Reports lists a number of ways to establish the comprehensive foundation. It suggests that the proponent demonstrate "the reliability of the computer equipment", "the manner in which the basic data was initially entered", "the measures taken to ensure the accuracy of the data as entered", "the method of storing the data and the precautions taken to prevent its loss", "the reliability of the computer programs used to process the data", and "the measures taken to verify the accuracy of the program".[7]

In its turn it gave rise to a breed of commercial software technology solutions designed to preserve digital evidence in its original form and to authenticate it for admissibility in disputes and in court.

UK ACPO guidelines[edit]

In the United Kingdom, examiners usually follow guidelines issued by the Association of Chief Police Officers (ACPO) for the authentication and integrity of evidence.[8][9] They were updated to Version 5 in October 2011 when computer based evidence was replaced with digital evidence reflecting the development of investigating information security incidents in a wider context.[9] The guidelines consist of four principles:

Principle 1: No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court.
Principle 2: In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.

These guidelines are widely accepted in courts of England and Scotland, but they do not constitute a legal requirement and their use is voluntary. It is arguable that whilst voluntary, non adherence is almost certain to lead to the exclusion of evidence that does not comply subject to the provisions of s 78 Police and Criminal Evidence Act 1984 (Power to exclude evidence obtained unfairly)

ADAM Principles[edit]

Building on the ACPO Guidelines with a more generic application outside of law enforcement, a doctoral thesis proposed the following overriding principles to be followed by digital forensic practitioners:[3]

  1. The activities of the digital forensic practitioner should not alter the original data. If the requirements of the work mean that this is not possible then the effect of the practitioner’s actions on the original data should be clearly identified and the process that caused any changes justified.
  2. A complete record of all activities associated with the acquisition and handling of the original data and any copies of the original data must be maintained. This includes compliance with the appropriate rules of evidence, such as maintaining a chain of custody record, and verification processes such as hashing.
  3. The digital forensic practitioner must not undertake any activities which are beyond their ability or knowledge.
  4. The digital forensic practitioner must take into consideration all aspects of personal and equipment safety whilst undertaking their work.
  5. At all times the legal rights of anyone affected by your actions should be considered.
  6. The practitioner must be aware of all organizational policies and procedures relating to their activities
  7. Communication must be maintained as appropriate with the client, legal practitioners, supervisors and other team members

Best evidence rule[edit]

Digital evidence is almost never in a format readable by humans, requiring additional steps to include digital documents as evidence (i.e. printing out the material). It has been argued that this change of format may mean digital evidence does not qualify under the "best evidence rule".[4] However, the "Federal Rules of Evidence" rule 1001(3) states "if data are stored in a computer…, any printout or other output readable by sight, shown to reflect the data accurately, is an ‘original.’"[10]

Commonly courts do not bar printouts under the best evidence rule. In Aguimatang v. California State Lottery, the court gave near per se treatment to the admissibility of digital evidence stating "the computer printout does not violate the best evidence rule, because a computer printout is considered an ‘original.’" 234 Cal. App. 3d 769, 798.

Introduction[edit]

In England and Wales, courts consider computers, as a matter of law, to have been working correctly unless there is evidence to the contrary. Therefore, digital evidence produced by computers is treated as reliable unless other evidence suggests otherwise. This way of handling evidence is known as a ‘rebuttable presumption’. A court will treat a computer as if it is working perfectly unless someone can show why that is not the case.

The Police and Criminal Evidence Act 1984[edit]

Section 69 of the Police and Criminal Evidence Act 1984 (PACE 1984 s69)[11] required the prosecution to prove that a computer was operating properly when it produced evidence that could be used in court. This requirement quickly became burdensome and inconvenient.

The Law Commission therefore proposed in a 1995 consultation paper that PACE 1984 s69 should be repealed without replacement because it served “no useful purpose”.[12]: para 13.23 . The Law Commission considered that the words ‘mechanical instruments’ would extend (by default) to include computers.

“Without section 69, a common law presumption comes into play. In the absence of evidence to the contrary, the courts will presume that mechanical instruments were in order at the material time.”[12]: para 13.13 

PACE 1984 s69 was repealed by the Youth Justice and Criminal Evidence Act 1999.[13] The law now makes the presumption that the Law Commission recommended. This presumption poses a challenge to those who dispute evidence produced by a computer system. In principle there should be a low threshold for rebutting the presumption. In justifying repeal of section 69 the Law Commission emphasised[12]: para 13.7  the argument of Professor Colin Tapper that;

“Most computer error is either immediately detectable or results from error in the data entered into the machine”[14]

The effect of repealing section 69 of PACE[edit]

In practice it has proved extremely difficult to rebut the presumption that computer evidence is reliable. IT academics and experienced practitioners dispute Tapper's assertion that most errors that do not arise from input error are obvious.[15] Probing a complex system for errors requires both expertise and unrestricted access.[16] It is an insurmountable challenge for inexperienced outsiders to rebut the presumption, particularly where a substantial institution operates the system. Evaluating evidence from a complex computer system is difficult. If one is to rely on such evidence one must have confidence in the integrity of a full transaction that will have flowed through many stages, any one of which might have contained an error. Such errors require expertise to detect and evaluate.[17]

The presumption that computer evidence should be regarded as reliable does not take account of the nature of complex software systems. Supporters of the presumption in the legal profession have tended to assume mistakenly that software systems are essentially the same as single function mechanical instruments, and that both can be assumed to operate reliably.[18]

The strongest argument in favour of the presumption is that it is a practical response to the complexity of modern software provided that it is rebuttable in practice. Peter Sommer makes this point, but he argues that the presumption;[19]

"assumes a judge in a pre-trial hearing checking against any reluctance to meet disclosure obligations. It also assumes that a party wishing to test a counter-party’s computer evidence has the financial resources to do so."

The UK Post Office scandal clearly exposed the danger of assuming that providers of computer evidence would comply with their disclosure obligations, and the harm that would result from such a failure.

From 1999, the Post Office prosecuted hundreds of subpostmasters and employees for theft and fraud based on evidence produced by the Horizon computer system showing shortfalls in their branch accounts. In those prosecutions, the Post Office's counsel relied on the presumption that computers were operating correctly, and went even further than Tapper, arguing that all errors were immediately detectable. This, as Ladkin argues,[20] is implausible. It was impossible for the defendants to know what records might show that Horizon evidence was unreliable. However, litigation in 2019 established that Horizon was unreliable.[21]

Proposal for reform[edit]

Paul Marshall and others have produced a proposal[22] that "is simple and can be effective"[23] for a two-stage approach when the reliability of computer evidence is challenged on reasonable grounds and where establishing its reliability is important to deciding the case. This would allow a party to justify why computer evidence can be relied upon, and to support the interests of justice while not imposing an undue or expensive burden on the parties. The first stage would require disclosure of known errors, the relevant security standards that are followed, and the system audits that have been performed. If this disclosure reveals relevant problems or that the system has not been adequately managed the party seeking to rely upon the evidence in question should have to prove that none of the problems or omissions might affect the reliability of the evidence.


The legal rule in England and Wales that computers are working reliably[edit]

In England and Wales, courts consider computers, as a matter of law, to have been working correctly unless there is evidence to the contrary. Therefore, digital evidence produced by computers is treated as reliable unless other evidence suggests otherwise. This way of handling evidence is known as a ‘rebuttable presumption’. A court will treat a computer as if it is working perfectly unless someone can show why that is not the case.

Section 69 of the Police and Criminal Evidence Act 1984 (PACE 1984 s69)[24] required the prosecution to prove that a computer was operating properly when it produced evidence that could be used in court. This requirement quickly became burdensome and inconvenient.

The Law Commission therefore proposed in a 1995 consultation paper that PACE 1984 s69 should be repealed without replacement because it served “no useful purpose”.[12]: para 13.23 . The Law Commission considered that the words ‘mechanical instruments’ would extend (by default) to include computers.

“Without section 69, a common law presumption comes into play. In the absence of evidence to the contrary, the courts will presume that mechanical instruments were in order at the material time.”[12]: para 13.13 

PACE 1984 s69 was repealed by the Youth Justice and Criminal Evidence Act 1999.[25] The law now makes the presumption that the Law Commission recommended. This presumption poses a challenge to those who dispute evidence produced by a computer system. In principle there should be a low threshold for rebutting the presumption. In justifying repeal of section 69 the Law Commission emphasised[12]: para 13.7  the argument of Professor Colin Tapper that;

“Most computer error is either immediately detectable or results from error in the data entered into the machine”[14]

In practice, however, it is extremely difficult to rebut the presumption that computer evidence is reliable. IT academics and experienced practitioners dispute Tapper's assertion that most errors that do not arise from input error are obvious.[15] Probing a complex system for errors requires both expertise and unrestricted access.[16] It is an insurmountable challenge for inexperienced outsiders to rebut the presumption, particularly where a substantial institution operates the system. Evaluating evidence from a complex computer system is difficult. If one is to rely on such evidence one must have confidence in the integrity of a full transaction that will have flowed through many stages, any one of which might have contained an error. Such errors require expertise to detect and evaluate.[17]

The strongest argument in favour of the presumption is that it is a practical response to the complexity of modern software provided that it is rebuttable in practice. Peter Sommer makes this point, but he argues that the presumption;[19]

"assumes a judge in a pre-trial hearing checking against any reluctance to meet disclosure obligations. It also assumes that a party wishing to test a counter-party’s computer evidence has the financial resources to do so."

The UK Post Office scandal clearly exposed this problem and the harm that may result. From 1999, the Post Office prosecuted hundreds of subpostmasters and employees for theft and fraud based on evidence produced by the Horizon computer system showing shortfalls in their branch accounts. In those prosecutions, the Post Office's counsel relied on the presumption that computers were operating correctly, and went even further than Tapper, arguing that all errors were immediately detectable. This, as Ladkin argues,[20] is implausible. It was impossible for the defendants to know what records might show that Horizon evidence was unreliable. However, litigation in 2019 established that Horizon was unreliable.[26]

Paul Marshall and others have produced a proposal[22] that "is simple and can be effective"[23] for a two-stage approach when the reliability of computer evidence is challenged on reasonable grounds and where establishing its reliability is important to deciding the case. This would allow a party to justify why computer evidence can be relied upon, and to support the interests of justice while not imposing an undue or expensive burden on the parties. The first stage would require disclosure of known errors, the relevant security standards that are followed, and the system audits that have been performed. If this disclosure reveals relevant problems or that the system has not been adequately managed the party seeking to rely upon the evidence in question should have to prove that none of the problems or omissions might affect the reliability of the evidence.

Video evidence[edit]

Video evidence is a video clip that may be used in a court case at trial. Examples include:[27]

See also[edit]

References[edit]

  1. ^ a b c d e Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4.
  2. ^ Various (2009). Eoghan Casey (ed.). Handbook of Digital Forensics and Investigation. Academic Press. p. 567. ISBN 978-0-12-374267-4. Retrieved 2 September 2010.
  3. ^ a b Adams, Richard (2012). "'The Advanced Data Acquisition Model (ADAM): A process model for digital forensic practice" (PDF).
  4. ^ "State v. Schroeder, 613 NW 2d 911 - Wis: Court of Appeals 2000". 2000.
  5. ^ "US v. Bonallo". Court of Appeals, 9th Circuit. 1988. Retrieved 1 September 2010.{{cite web}}: CS1 maint: location (link)
  6. ^ Zupanec, Donald (1981-01-01). "Admissibility of Computerized Private Business Records". American law reports. alr 4th. cases and annotations. Vol. 7. pp. 16–19.
  7. ^ Pollitt, MM. "Report on digital evidence" (Document). {{cite document}}: Cite document requires |publisher= (help); Unknown parameter |citeseerx= ignored (help)
  8. ^ a b "ACPO Good Practice Guide for Digital Evidence" (PDF). Retrieved 26 April 2016.
  9. ^ "Federal Rules of Evidence #702". Archived from the original on 19 August 2010. Retrieved 23 August 2010.
  10. ^ Police and Criminal Evidence Act 1984, section 69
  11. ^ a b c d e f Evidence In Criminal Proceedings: Hearsay and Related Topics - a Consultation Paper (PDF). Law Commission (1995) (Report). Retrieved 7 August 2022.
  12. ^ Youth Justice and Criminal Evidence Act 1999, section 60
  13. ^ a b Tapper, Colin (April 1991). "Discovery in Modern Times: A Voyage around the Common Law World". Chicago-Kent Law Review, Vol 67 1991 Pp217-282. Retrieved 11 August 2022.
  14. ^ a b Ladkin, Peter Bernard; Littlewood, Bev; Thimbleby, Harold; Thomas, Martyn (4 March 2020). "The Law Commission presumption concerning the dependability of computer evidence". Digital Evidence and Electronic Signature Law Review, 17 (2020) Pp1-14: 1–14. doi:10.14296/deeslr.v17i0.5143. S2CID 216420193. Retrieved 11 August 2022.
  15. ^ a b Christie, James (2 November 2020). "The Post Office Horizon IT scandal and the presumption of the dependability of computer evidence". Digital Evidence and Electronic Signature Law Review, 17 (2020) Pp49-70: 49–70. doi:10.14296/deeslr.v17i0.5226. S2CID 230644175. Retrieved 10 August 2022.
  16. ^ a b Jackson, Michael (18 November 2021). "An approach to the judicial evaluation of evidence from computers and computer systems". Digital Evidence and Electronic Signature Law Review, 18 (2021) Pp50-55: 50–55. doi:10.14296/deeslr.v18i0.5289. S2CID 236364642. Retrieved 7 September 2022.
  17. ^ Mason, Stephen (2021). Electronic Evidence and Electronic Signatures, 5th Edition. Institute of Advanced Legal Studies for the SAS Humanities Digital Library, School of Advanced Study, University of London. ISBN 9781911507246.
  18. ^ a b Sommer, Peter (20 December 2019). "comment on 'Resolving disputes through computer evidence: lessons from the Post Office Trial'". Bentham's Gaze - Information Security Research & Education, University College London (UCL). Retrieved 2 September 2022.
  19. ^ a b Ladkin, Peter Bernard (18 June 2020). "Robustness of software". Digital Evidence and Electronic Signature Law Review, 17 (2020) Pp15-24: 15–24. doi:10.14296/deeslr.v17i0.5171. S2CID 225683178. Retrieved 2 September 2022.
  20. ^ Bates & Ors v the Post Office Ltd (No 6: Horizon Issues) [2019] EWHC 3408 (QB) at para. 968 (16 December 2019), High Court (England and Wales)
  21. ^ a b Marshall, Paul; Christie, James; Ladkin, Peter Bernard; Littlewood, Bev; Mason, Stephen; Newby, Martin; Rogers, Jonathan; Thimbleby, Harold; Thomas, Martyn (18 November 2021). "Recommendations for the probity of computer evidence". Digital Evidence and Electronic Signature Law Review, 18 (2021) Pp15-24. Retrieved 5 September 2022.
  22. ^ a b Marshall, Paul; Christie, James; Ladkin, Peter Bernard; Littlewood, Bev; Mason, Stephen; Newby, Martin; Rogers, Jonathan; Thimbleby, Harold; Thomas, Martyn (30 June 2022). "The legal rule that computers are presumed to be operating correctly – unforeseen and unjust consequences". Bentham's Gaze - Information Security Research & Education, University College London (UCL). Retrieved 5 September 2022.
  23. ^ Police and Criminal Evidence Act 1984, section 69
  24. ^ Youth Justice and Criminal Evidence Act 1999, section 60
  25. ^ Bates & Ors v the Post Office Ltd (No 6: Horizon Issues) [2019] EWHC 3408 (QB) at para. 968 (16 December 2019), High Court (England and Wales)
  26. ^ "'The Media Doesn't Care What Happens Here'". The New York Times Magazine.

Further reading[edit]

General:

Australia:

  • Allison Stanfield Computer forensics, electronic discovery and electronic evidence

Canada:

  • Daniel M. Scanlan, Digital Evidence in Criminal Law (Thomson Reuters Canada Limited, 2011)

Europe:

United States of America on discovery and evidence:

  • Michael R Arkfeld, Arkfeld on Electronic Discovery and Evidence (3rd edn, Lexis, 2011) Looseleaf
  • Adam I. Cohen and David J. Lender, Electronic Discovery: Law and Practice (2nd end, Aspen Publishers, 2011) Looseleaf
  • Jay E. Grenig, William C. Gleisner, Troy Larson and John L. Carroll, eDiscovery & Digital Evidence (2nd edn, Westlaw, 2011) Looseleaf
  • Michele C.S. Lange and Kristen M. Nimsger, Electronic Evidence and Discovery: What Every Lawyer Should Know (2nd edn, American Bar Association, 2009)
  • George L. Paul, Foundations of Digital Evidence (American Bar Association, 2008)
  • Paul R. Rice, Electronic Evidence - Law and Practice (American Bar Association, 2005)

United States of America on discovery:

  • Brent E. Kidwell, Matthew M. Neumeier and Brian D. Hansen, Electronic Discovery (Law Journal Press) Looseleaf
  • Joan E. Feldman, Essentials of Electronic Discovery: Finding and Using Cyber Evidence (Glasser Legalworks, 2003)
  • Sharon Nelson, Bruce A. Olson and John W. Simek, The Electronic Evidence and Discovery Handbook (American Bar Association, 2006)
  • Ralph C. Losey, e-Discovery: New Ideas, Case Law, Trends and Practices (Westlaw, 2010)

United States of America on visual evidence:

  • Gregory P. Joseph, Modern Visual Evidence (Law Journal Press) Looseleaf

Video evidence:

External links[edit]

Category:Evidence law Category:Computer law Category:Digital forensics

Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Freddie_Threepwood/sandbox&oldid=1118718173"