Electronic evidence: disclosure and admissibility

Digital devices (and thus digital evidence) are ubiquitous, and any lawyer that fails to ask their client for evidence from their laptop, Blackberry, mobile telephone, memory sticks or iPod is risking an action in negligence if such evidence could have been made available and would have been relevant in any legal proceedings but was not forthcoming because of the failure to provide adequate or any advice to the client in respect to this area of evidence.

Evidence in digital format appears in every area of law, and whether you only deal with family matters, or crime, or housing, or legal negligence or wills, you will be expected to advise your client in relation to digital evidence. There is at least one case, if not more, on digital evidence that affects each of these areas.

Different technologies are capable of creating evidence in digital format. The computer was originally perceived to be the source of digital evidence, hence the original term “computer generated evidence” but the vast majority of devices are now computers. What makes the entire process more complex is the ability of hardware devices to make connections to other devices, either over the internet, by wi-fi or Bluetooth.

Key components of a computer system

Here are the key components of a computer system which are important to the lawyer:

Software. Without software, there is no digital evidence. There are two basic types of software: system software and application software. If system software did not exist, most people would not be able to use a computer, because the user would have to specify every operation that was required. This software, which is large and complex, comprises many different components. As can be imagined, the more components there are, the greater the likelihood that something can go wrong. Application software is the user-facing side of a computer. This software enables the user to carry out useful work on the computer. Examples include Microsoft Word, Netscape, Star Office and the wide range of other programs that enable us to use computers and such like. If there is a clash between the system software and the application software, the evidence can be affected. Every reader of this article has experienced such a clash, even if it has only to have noticed that a presentation they may have created on a personal computer is totally different when shown on an Apple Mac.

The clock. All digital devices need at least one clock, and the clock is a star witness in respect of digital evidence. Do not trust the clock on a computer or an ATM! Clocks are generally run with batteries, and batteries run down. This affects the accuracy of the clock. Also, do not imagine that the time recorded on an e-mail (or document) is the time it was sent, received or opened. Consideration must be given to time zones across the globe and whether reference is made to BST or GMT. The case law on this topic demonstrates a lamentable failure of police officers and lawyers to grasp this simple fact.

Storage media and hard disks. These are great depositories of evidence for the digital evidence specialist. Data that has been “deleted” can easily be recovered, sometimes even if the managing director of a company (as has happened) elects to use software to wipe their hard disk, then upload the software and add all the files there were previously on the disk, with the exception of those files that the other side want to get hold of. Lawyers must be aware of this, and discuss this with any digital evidence specialist they employ.

Other types of digital evidence. These include files and logs, system and program files, temporary files and cache files and deleted files. Sources of digital evidence also include networks (the internet, corporate intranets, wireless networking, cellular networks and computer-to-computer (also called peer-to-peer) networking (P2P). Intent is affected by malicious software that, once it is placed on a computer, can make the computer do things that the owner does not authorize (in particular the Trojan horse and viruses).

Testing digital evidence

Documents in digital format have particular characteristics that affect both the test for authenticity (or provenance) should authenticity be in issue, and the way the evidence is secured and handled at the pre-trial stage. In brief:

Digital data requires machinery and software. Thousands of software programmes that were common in the 1990s are now no longer available commercially, and even if application software was available, it might be impossible to load the software on to an up-to-date version of the operating system. An additional problem for older data is that it might be necessary to have a specific machine with specific software loaded in order to read the data. This can cause additional expense to a party where the data must be adduced in evidence.

The technology changes rapidly. As operating systems, application software and hardware change, digital documents may reach a point that they cannot be read, understood or used.

Digital data is subject to the volume and replication rule. Why send one email to one person, when you can send it to 300,000? This sums up the problem – data can be sent anywhere in the world, and to as many people as the sender thinks is necessary. This causes problems when preparing disclosure.

Digital documents are easy to manipulate. They can be copied, altered, updated, deleted (which does not mean expunged) or intercepted, leaving the lawyer with the problem of advising the client as to what is reasonable when searching or requesting documents.

Metadata is often hidden. The term metadata refers to the data about data. In digital documents, metadata tends to be information that is hidden from the text as viewed by on a screen. This can reward the careful lawyer that ensures the metadata is explored sufficiently. For instance, you might be able to prove that the husband did receive a relevant email and also amended it, thus proving culpability.

All the usual things can also occur with digital data – falsifying, destroying and manipulation of evidence. Arguably, and providing the lawyer is aware of the right questions to ask a digital evidence specialist (lawyers do not have to be technically literate) and is alert to the tricks that people can get up to with digital evidence, it is easier to identify whether a digital document is authentic.

Using all this data

The vast range of information that is now available to lawyers can be both helpful and, because of the sheer volume, difficult to manage. In England and Wales, the system of justice is dependent on the assistance given by advocates to the court, and advocates are required to bring relevant authorities to the attention of the court. The members of the Court of Appeal in the case of Copeland v Smith [2000] 1 WLR 1371 had occasion to address this issue when it became apparent that a relevant authority had not been brought to the attention of the court. Research carried out by both instructing solicitors and counsel failed to uncover a relevant authority.

Not only is it not in the interests of the system of justice that a relevant authority is missed, but it cannot be in the interests of the client to miss an authority (or authorities). The comments made by Brooke LJ inferred that the advocate that holds themselves out to practice in a particular field ought to be aware of recent authorities in that field (and by definition, of relevant publications, however new they are). Evidence in electronic format covers all areas of law, and this means that every lawyer should make themselves aware of the nature and complexities of electronic evidence, because it is no longer a specialist area of legal practice, if ever it really was.

Stephen Mason is a barrister and an accredited mediator. He advises on digital evidence generally (the area of law is not relevant), and also helps to locate and brief digital evidence specialists, should such action be necessary. He also edits the journal Digital Evidence and Electronic Signature Law Review (www.deaeslr.org).

Email stephenmason@stephenmason.eu.

For further reading, there is a list of books on this topic on Stephen’s site under “e-evidence”. A good starting point on disclosure is Chris Dale’s website.