Beruflich Dokumente
Kultur Dokumente
BANGALORE
PROJECT ON
ELECTRONIC EVIDENCE
SUBJECT: E-commerce & IT law
TRIMESTER-IV
2013-14
Acknowledgement
I express my deep sense of obligation and gratitude to Prof. S.B.N.Prakash, National Law
School of India University, Bangalore, for his invaluable guidance and persistent
encouragement in the preparation of this project work.
I am deeply indebted to all the Indian and foreign writers and judges whose writings and
decisions have been duly cited in this work and have given me inspiration and light during
preparation of this work.
RESEARCH METHODOLOGY
Aim and Objective
The Aim of the research paper is to determine the scope of Electronic Evidence w.r.t.
modern digital environment.
Research Question
The researcher will address electronic evidence in context with its relevance,
authenticity, hearsay, originality or duplicate documentation, and unfair
prejudice about its admissibility in normal court procedure.
Research Methodology
In this paper the researcher has primarily used descriptive and analytical methodology
of research. The researcher mainly relied upon the secondary sources which include
books, Reports, Journal, magazines, online articles and legal databases.
Scope
The scope of this paper is to find out the legal aspects of electronic evidence
Limitation.
The field study would have been desirable but due to paucity of time this paper is
limited only to the theoretical aspect of electronic evidence which have been gathered
from various sources including books, articles, and journals.
Sources
In this paper various secondary source have used by the research student in the form of
books, article from various journals and also internet sources have been used.
Mode of Citation
A Uniform mode of citation is followed throughout this paper.
TABLE OF CONTENT
S.NO.
PARTICULARS
PAGE NO.
INTRODUCTION
TECHNO-LEGAL
PREREQUISITES
FOR
ELECTRONIC
EVIDENCE
A. Recognition Of Electronic Record
B. Recognition Of Digital Signature
C. Retention Of Electronic Record
ELECTRONIC EVIDENCE : ADMISSIBILITY
12
CLOUD COMPUTING
17
CONCLUSION
19
BIBLIOGRAPHY
20
Introduction
The court proceedings and the judicial system is based on the facts and the evidence
as produced before courts. Even in the era of kings and rulers, when any matter laid
before them each party were insisted to have proceed with facts and evidence they
have to prove their allegations or strategy. Same analogy has been adopted by
Panchayats & courts although with care and caution due to high technological
advancement, with this aspects one has to see the rights of individual, rights of victim,
admissibility of evidence and to support & strengthen the coordination and
cooperation between investigating and prosecution and to prevent miscarriage of
justice. However, with the advent of new technologies, regulatory agencies are
increasingly harnessing the power of digital technologies to meet the informational
demands of rulemaking and to expand public involvement in policymaking.
Governments are increasingly adopting technological means, shifting from walls to
webs.1
With the advancement, evidence although primarily of two types: oral &
documentary with a new form annexed i.e. electronic evidence, court & lawyers has
to adhere caution while dealing with electronic evidence2 due to the intricacy &
technicality involved, which needed a experts to determine the correctness of data.
While the admissibility of electronic evidence is big issue before courts.
With globalisation & internet age, people are sharing resources, google, facebook, to
kindle and different business gadgets etc. knowledge and data are the key business
assets, to be developed and protected and transaction in seconds from one place to
another where everything on paper is not possible, with technology data security is a
crucial issue, electronic data flows from one part of the world to another i.e. cross
borders, passing different law jurisdiction involving different internet and privacy
Thomas Friedman, The Lexus & The Olive Tree: Understanding Globalization 39-58 (1999)
As a general rule, "electronic evidence" can be any information created or stored in digital form
whenever a computer is used to accomplish a task. As this broad definition suggests, electronic
evidence may exist whenever a person enters information into a computer, a computer generates
information in response to a request by an operator, or a computer uses or processes information.
Electronic evidence, therefore, may include information databases, operating systems, applications
programs, "computer-generated models", electronic and voice mail messages and records, and other
information or "instructions residing in computer memory.
2
See, e.g., Susan E. Davis, Elementary Discovery, My Dear Watson, CAL. LAW., Mar. 1996, at 53, 53
(discussing different forms of electronic evidence);
4 Bills v. Kennecott Corp., 108 F.R.D. 459, 462 (D. Utah 1985).
5 See, e.g., Anthony J. Dreyer, Note, When The Postman Beeps Twice: The Admissibility of Electronic
Mail Under The Business Records Exception of The Federal Rules of Evidence, 64 FORDHAM L. REV.
2285, 2289 (1996)
which the legal system says should be disclosed to opponents in civil litigation and to
defendants accused of crimes.
An important question raised is why evidence required at all, mainly due to wide
range of commercial activities going on around the world, for example in disputed
transactions, in allegations of employee misbehaviour, to show compliance with legal
and regulatory rules, to avoid charges of negligence or breach of contract, to assist law
enforcement in criminal and anti-terrorist investigations, to meet disclosure
requirements in civil claims, to support insurance claims after a loss.
Due to the fact that electronic evidence or mainly digital evidence is highly volatile
and easily compromised by poor handling, chances of success in litigation heavily
depends on the weight of the evidence supported by relevant facts.
Effective combating of cybercrimes requires prompt discovery, safe custody and
present in acceptable form in a court, as the number of criminals uses computers,
laptops, network servers and cellular phones in commission of their crimes is
increasing alarmingly.
6
7
http://www.nij.gov/topics/forensics/evidence/digital/digital-glossary.htm
http://www.setecinvestigations.com/resources/faqs.php
Section 84A of the Evidence Act provides for the presumption that a contract has been concluded
where the parties' digital signatures are affixed to an electronic record that purports to be an agreement
9 Section 85B of the Evidence Act provides that where a security procedure has been applied to an
electronic record at a specific time, the record is deemed to be a secure electronic record from such
time until the time of verification. Unless the contrary is proved, the court is to presume that a secure
electronic record has not been altered since obtaining secure status. The provisions relating to a secure
digital signature are set out in Section 15 of the IT Act. A secure digital signature is a digital signature
which, by application of a security procedure agreed by the parties at the time that it was affixed, is:
unique to the subscriber affixing it;
capable of identifying such subscriber; and
created by a means under the exclusive control of the subscriber and linked to the electronic record
to which it relates in such a manner that if the electronic record as altered, the digital signature would
be invalidated.
10 Under the provisions of Section 88A, it is presumed that an electronic message forwarded by a sender
through an electronic mail server to an addressee corresponds with the message fed into the sender's
computer for transmission. However, there is no presumption regarding the person who sent the
message. This provision presumes only the authenticity of the electronic message and not the sender
of the message.
11 Section 65-A, 65-B (Admissibility of Electronic Records)
12 "electronic record" means data, record or data generated, image or sound stored, received or sent in
an electronic form or micro film or computer generated micro fiche
13
Henry D. Gabriel, The Fear Of The Unknown: The Need To Provide Special Procedural Protections
In International Electronic Commerce, 50 LoY. L. REv. 307, 310 (2004).
14
Uniform Electronic Transactions Act Section 7 (Nat'l Conference of Comm'rs on Unif. State Laws
1999) (U.S.) [hereinafter UETA].
15 AIR 2005 Ori 11
by putting the same in the website of the Commission would be a publication of the
draft Regulations within the meaning of Section 23 of the Central General Clauses Act,
1897.
16
The Bureau of Indian Standards Act, ch. VII, 36 (1986) (India) available at
http://www.bis.org.in/bs/bisact.htm
17 Expert Committee on Review of the IT Act 2000, Report of the Expert Committee: Full Text (Proposed
Aug. 29, 2005), available at http://www.mit.gov.in/itact2OOO/ITAct.doc [hereinafter Proposed
Amendments to IT Act 2000].
10
alteration to the Electronic Signature or to the electronic data in relation to which the
signature is affixed made after the time of signing is detectable. The comments to this
sub-section specify that they are being added to define the reliability of Electronic
Signatures and to allow only those technologies which conform to those conditions
in line with UNICITRAL Model Law of Electronic Commerce.
connection with transacting its business or is related to its legal obligations, (b) it is
retained for any period of time, and (c) necessary to be preserved as legal evidence of
the [entity]'s activities or as historical reference18. Records retention is unconcerned
with the genesis of records, but takes up matters after creation. Records retention
principally concerns the retention period: that is, the duration of a record's life.19
Records retention has various objectives which include: (a) maintaining an
institutional policy memory, (b) enhancing the body of knowledge in a factual and
scientific sense, (c) maintaining official records for possible use as evidence in legal
proceedings, (d) promoting efficiency and effectiveness of agency operations, and (d)
increasing the return on investment from information in government records which
has long-term value.20 Governments and business are increasingly relying upon
electronic records. One of the benefits of electronic records is that archiving them is
much more economical than paper. A minimum standard of records retention is
especially important with respect to electronic data since its being intangible
renders it highly susceptible to a partial or complete loss of accessibility, integrity
or/and identification. For example, if data is stored on a Compact Disk Read Only
Memory (CDROM) the reliability and storage life expectancy of the storage media is
secure for at least three to five years, with some estimates reaching as high as twenty
18
11
years. Thus it becomes expedient to have minimum policy standards for the retention
of electronic records. The ITA under section 7 sets forth the basic rules regarding the
retention of electronic records. It applies to the retention of records that originally exist
in electronic form, as well as to the electronic retention of records that originally exist
in paper form or on other tangible media.
The section does not prescribe for any specified period for retention of an electronic
record but provides minimum standards for records retention "when any law
provides that documents, records or information shall be retained for any specific
period". These minimum standards are contained in section 7(1) and relate to:
1. Accessibility - Records retention in archives is ineffective unless the archived
records can be accessed. The technical issues with legal implications relating to
accessibility include ease of alteration and physical deterioration. Thus section 7(1)(a)
provides for making records, "accessible so as to be usable for a subsequent reference".
2.
Format Integrity -The integrity of the format in which the information was
originally generated is important because changes in format can affect the material
characteristics of the record. With several versions of software available for
performing the same task, section 7(1)(b) prescribes that, even if there is a change in
format, the electronic record shall be "in a format which can be demonstrated to
represent accurately the information originally generated, sent or received".
3. Identification - It is imperative that any form of record retention must enable
identification. Thus section 7(1)(c) provides for, "the details which will facilitate the
identification of the origin, destination, date and time of dispatch or receipt of such
electronic record are available in the electronic record."
12
into evidence." The case exposes the less-than-acceptable standard of care that at least
part of the legal community is exercising concerning the admission of electronic
evidence. The question in the case was that the parties wanted the court to answer was
whether the arbitrator exceeded his authority by awarding less than the full amount
of a potentially all or nothing arbitration agreement, as the parties had negotiated
by e-mail. The court, however, dismissed each party's motions and refused to answer
this question because both parties failed to authenticate as electronic evidence the email they submitted with their motions. The Lorraine court first delineated the basic
rules for the admissibility of all types of electronic evidence, explaining that the
evidence must be: 1) relevant; (2) authenticated; (3) allowable under the hearsay
rules; (4) allowable under the original writing (best evidence) rule; and (5) the
probative value of such evidence cannot be outweighed by any unfair prejudice. The
admissibility issues are important to be analysed to understand the scope of electronic
evidence as Relevancy refers to when one fact is said to be relevant to another when
one is connected to another in such a way which has a direct bearing on the fact in
issue in terms of proved or disproved facts of the case in any of the way as provided
in sec-5-55 of evidence act. Relevant thing or fact make the tendency of other things
either so probable or less probable, however question whether evidence is sufficient
to prove a point is different. In case of electronic evidence, material are of high
quantity, gathering lot of information & to set the relevancy about existence or nonexistence of other data, either occur in same transaction or other, what the cause or
effect of other data, facts or information which are necessary to explain other data
which are difficult in case of information gathering of electronic data.
For example: Mr X. is a business man owing mobile which is password protect, get an
email during business transaction, which he replied about not performing the contract
but email was hacked or lost due to any error, while other party uninformed believes
and continue with the terms of contract. In this case other party filed a suit for
compensation for performing their part of contract, but in the court Mr X. submit their
documents related to electronic transaction, in further inquiry they come to know that
email was lost, such information may be relevant, however if the email was lost it is
difficult to track and evidence gathering is impossible.
13
www.justice.gov.za/salrc/ipapers/ip27_pr126_2010.pdf pg 25
14
23
United states v. Salgado, 250 F.3d 438, 452 (6th Circuit 2001)
24 In R. v. Mapara (2005), 251 D.L.R. (4th) 385 at para. 15, [2005] I S.C.R. 358. 349 W.A.C. I.
2009] , the Supreme Court further discussed the principled approach:
The principled approach to the admission of hearsay evidence which has emerged in this Court over
the past two decades attempts to introduce a measure of flexibility into the hearsay rule to avoid
these negative outcomes. Based on the Starr decision, the following framework emerges for
considering the admissibility of hearsay evidence:
(a) Hearsay evidence is presumptively inadmissible unless it falls under an exception to the hearsay
rule. The traditional exceptions to the hearsay rule remain presumptively in place.
(b) A hearsay exception can be challenged to determine whether it is supported by indicia of necessity
and reliability, required by the principled approach. The exception can be modified as necessary to
bring it into compliance.
(c) In "rare cases", evidence falling within an existing exception may be excluded because the indicia
of necessity and reliability are lacking in the particular circumstances of the case.
(d) If hearsay evidence does not fall under a hearsay exception, it may still be admitted if indicia of
reliability and necessity are established on a voir dire.
25 People v. Holowko, 486 N.E. 2d 877, 878-79
15
Judicial decision is varied and mostly depend on case to case basis. In Daubert v.
Merrell Dow Pharmaceuticals, Inc.26 decision describes a four-pronged test to determine
whether science-derived evidence is admissible in U.S. Federal Court. The Daubert
test applies to any scientific procedure used to prepare or uncover evidence and
comprises the following four factors (Daubert, 1993):
Testing: Can and has the scientific procedure been independently tested?
Publication: Has the scientific procedure been published and subject to peer review?
Error rate: Is there a known error rate, or potential to know the error rate, associated
with the use of this scientific procedure?
Acceptance: Is the scientific procedure generally accepted by the relevant scientific
community?
In St. Lukes Cataract & Laser Institute, P.A. v. Sanderson27, where the proponent failed
to authenticate printouts of websites obtained from Internet Archive because affiants
lacked personal knowledge of contents of Internet Archives website and process, and
in Sun Protection Factory, Inc. v. Tender Corp.28, where the proponent failed to
authenticate printouts of websites because affiants statements were hearsay and
websites are not self-authenticating. In Telewizja Polska USA, Inc. v. EchoStar Satellite
Corp.29, in which the Court admitted a website obtained from an Internet Archive
based on affidavit from administrative director for Internet Archive. In State of
Maharashtra v Dr Praful B Desai30 involved the question of whether a witness can be
examined by means of a video conference. The Supreme Court observed that video
conferencing is an advancement of science and technology which permits seeing,
hearing and talking with someone who is not physically present with the same facility
and ease as if they were physically present. The legal requirement for the presence of
the witness does not mean actual physical presence. The court allowed the
examination of a witness through video conferencing and concluded that there is no
reason why the examination of a witness by video conferencing should not be an
essential part of electronic evidence. Admissibility of intercepted telephone calls is
26
16
another issue which court held that if witness is acquainted with the technology then
such a fact is a relevant fact & it is admissible.31
Unfair prejudice, another issue a matter of concern, what if the data is the hand of an
advocate or professional in the professional capacity where data extraction is difficult
due to privileges32 or it may subject to data protection where no professional be
obliged at any time be permitted unless with his client's express consent to disclose
any communication made to him in the course and for the purpose of his employment
as such as attorney , by or on behalf of his client, or to state the contents or condition
of any document with which he has become acquainted in the course and for
the purpose of his professional employment or to disclose any advice given
by him to his client in the course and for the purpose of such employment.
Such privilege communication if any taken place in electronic form, such material
many be relevant to the fact in issue but is inadmissible in the court.
Cloud Computing
With the advent of new and advanced technology, it become difficult for legal system
to recognise the legal issues involved in accessing such technology. Cloud computing
as the name suggest any service provided online and operated by a third party" or
"services that are controlled by third-parties and accessed over the Internet." That
means everything from webmail (Hotmail, Gmail etc.) to online data storage to
software as a service (SaaS), e.g. Salesforce.com33. There are several legal issues
31
State (NCT of Delhi) v Navjot Sandhu AIR 2005 SC 3820 was an appeal against conviction following
the attack on Parliament on December 13 2001, in which five heavily armed persons entered the
Parliament House Complex and killed nine people, including eight security personnel and one gardener,
and injured 16 people, including 13 security men. This case dealt with the proof and admissibility of
mobile telephone call records. While considering the appeal against the accused for attacking
Parliament, a submission was made on behalf of the accused that no reliance could be placed on the
mobile telephone call records, because the prosecution had failed to produce the relevant certificate
under Section 65B(4) of the Evidence Act. The Supreme Court concluded that a cross-examination of
the competent witness acquainted with the functioning of the computer during the relevant time and the
manner in which the printouts of the call records were taken was sufficient to prove the call records
32 Sec 126, 127, 128 Evidence act, 1872 : Professional communication
33 http://www.infolawgroup.com/2010/10/articles/breach-notice/legal-implications-of-cloud-computingpart-five-ethics-or-why-all-lawyers-not-just-technogeek-lawyers-like-me-should-care-about-datasecurity
17
involved in cloud computing service like who owns the data that is collected,
generated & processed by the service, legal requirement for encrypted data,
jurisdictional problem as service may be provided cross border, consumer rights, what
might be the essential disclosure, in relation to admissibility in court how court might
interpret the criteria of standard disclosure, about the integrity & completeness of
documents be proved. As multiple layers of data34 are generated which are managed
by cloud provider & such electronic stored information may not be in possession or
control of litigant. The Williams v. Sprint/United Management Co.35 court held that the
producing party should produce the electronic documents with their metadata
intact. A party may move for a protective order when asked to produce metadata if
it is not reasonably accessible and will result in undue burden and cost.
As common metadata may be readily accessible without undue burden or cost
because it is stored in a common repository, yet its discovery may harm other clients.
However parties has always an opportunity to seek injunction to protect metadata
from disclosure otherwise the discovery will reveal the common metadata disclosing
third parties information which may violate privacy laws.
See Electronic Discovery in the Cloud The data layers may include client-specific data, clientspecific metadata, and metadata common to several clients, which may be unique to an application,
generated by multiple clients, or stored in a shared repository. Common metadata may be maintained
in repositories shared between clients, which makes it a major problem to isolate [that] data and
maintain the security. Therefore, that data may not be in the custody or control of a litigant, and thus
not subject to discovery. Consequently, applying the Rules to a Cloud may create liabilities for clients
of a Cloud and loopholes for litigants possession.
http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr
35 230 F.R.D. 640 (D. Kan. 2005).
34
18
Conclusion
With the rapid growth of computers, influence of information technology & ability to
store information in electronic form, required law to be amended which allows
admissibility of electronic records because of the characteristic of evidence - its
volume, durability, transient nature, and ease of transmission and manipulation by
users-make it a critical source of information. But when you convert an electronic
document to paper, you lose valuable information found within its metadata, the
evidence from its "best evidence" original form into a version that might need
secondary evidence to justify its admission.
19
Bibliography
Statue:
Books:
Law of cyber-crimes and information technology law, S V Joga Rao, First edition, 2004
Legal issues in electronic commerce, T. Ramappa, 2003
Journal:
Susan E. Davis, Elementary Discovery, My Dear Watson, CAL. LAW., Mar. 1996, at 53, 53
Anthony J. Dreyer, Note, When The Postman Beeps Twice: The Admissibility of Electronic
Mail Under The Business Records Exception of The Federal Rules of Evidence, 64
FORDHAM L. REV. 2285, 2289 (1996)
Article:
http://www.infolawgroup.com/2010/10/articles/breach-notice/legal-implications-of-cloudcomputing-part-five-ethics-or-why-all-lawyers-not-just-technogeek-lawyers-like-me-shouldcare-about-data-security
http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr
http://www.nij.gov/topics/forensics/evidence/digital/digital-glossary.htm
http://www.setecinvestigations.com/resources/faqs.php
www.justice.gov.za/salrc/ipapers/ip27_pr126_2010.pdf
Cases:
United states v. Salgado, 250 F.3d 438, 452 (6th Circuit 2001)
Daubert v. Merrell Dow Pharmaceuticals, Inc. 509 U.S. 579 (1993)
People v. Holowko, 486 N.E. 2d 877, 878-79
St. Lukes Cataract & Laser Institute, P.A. v. Sanderson 2006 WL 1320242, at *2 (M.D. Fla.
2006)
R. v. Mapara (2005), 251 D.L.R. (4th) 385
Sun Protection Factory, Inc. v. Tender Corp 2005 WL 2484710, at *6 (M.D. Fla. 2005)
Telewizja Polska USA, Inc. v. EchoStar Satellite Corp 2004 WL 2367740 (N.D. Ill. 2004)
State of Maharashtra v Dr Praful B Desai AIR 2003 SC 2053
State (NCT of Delhi) v Navjot Sandhu AIR 2005 SC
Williams v. Sprint/United Management Co. 230 F.R.D. 640 (D. Kan. 2005).
20