Authenticity and authentication
6.1 Authenticity is the quality of something that is what it purports to be. When referring to documentary materials, most definitions of authenticity refer to the fact that an entity, to be authentic, must have maintained not only its identity but also its integrity: that is, it must not have been corrupted or tampered with during the time between its creation and its use as a source of information or its submission as evidence.1 While this concept, developed in an analogue world, is easily transferable to digital entities, the verification and consequent declaration of authenticity – that is, the authentication of digital entities – has proven to be problematic. This is one of the reasons why an increasing number of standards and scholarly papers discuss ways of ensuring the continuing and verifiable authenticity of digital materials.2 For decades, courts and scholars have wrestled with the concept of authentication of digital evidence across various jurisdictions, and several notable judges have developed particular skills in understanding and applying the rules of evidence to digital evidence.
Luciana Duranti and Allison Stanfield, ‘Authenticating electronic evidence’, in Stephen Mason and Daniel Seng (eds.), Electronic Evidence and Electronic Signatures (5th edn, University of London 2021) 236–278.
1Heather MacNeil, ‘Providing grounds for trust II: the findings of the Authenticity Task Force of InterPARES’ (2002 January) 54 Archivaria 24.
2Heather MacNeil, Trusting Records: Legal, Historical and Diplomatic Perspectives (Kluwer Academic Publishers 2000), xi; Livia Iacovino, Recordkeeping, Ethics and Law (Springer 2006), 41, for further comments about ‘trustworthiness’. The standard of the Canadian Government Standards Board CGSB 74.32-2017, Electronic Records as Documentary Evidence, states that authenticity is the ‘quality of an entity that it is what it purports to be and that is free from tampering or corruption’, thereby adding the idea of integrity to that of identity. The standard of the Association of Records Managers and Administrators, BSR/ARMA 19-2019, Policy Design for Managing Electronic Messages, defines record authenticity as ‘The sum of the qualities of a record that establish the origin, reliability, trustworthiness, and correctness of its content’. The InterPARES research project terminology database, on the basis of a shared understanding of researchers from more than forty countries and six continents, defines authenticity as ‘The trustworthiness of a record as a record; i.e., the quality of a record that is what it purports to be and that is free from tampering or corruption’, and authentication as a ‘declaration of a record’s authenticity at a specific point in time by a juridical person entrusted with the authority to make such a declaration (e.g., public officer, notary, certification authority)’ Retrieved from https://interparestrust.org/terminology/term/authenticity and https://interparestrust.org/terminology/term/authentication.
6.2 Historically, in the classical world authenticity was linked to custody, as opposed to the characteristics of the object.1 For example, in ancient Rome the Tabularium, guarded by the quaestores, had the custody of the records produced by the organs of the state to ensure the messages carried within those records remained intact, and users had access only to copies made by public scribes. The reason for such measures was that those records, mostly written on wax tablets, were as fragile as records in digital form, and as easy to change or delete. Thus, trusting the records involved trusting their custodians.2
1There were exceptions for some public records, such as records exhibited for public consumption in public places, including laws which were written on bronze, and rolls of arms which were written on marble.
2Luciana Duranti, ‘Archives as a place’ (1996) 24(2) Archives & Manuscripts 242.
6.3 In medieval times, with the loss of stable, trustworthy public bodies and the increasing use of media more durable than wax – wood or papyrus in the form of parchment and paper – trust moved from the custodian of the records to the records themselves, which had to be capable of being creditworthy on their own. Their formal characteristics and their status of transmission (i.e. their degree of perfection, from draft to original to copy) were fundamental to establishing their authenticity.1
1Luciana Duranti, ‘Medieval universities and archives’ (1994–95) 38 Archivaria 37.
6.4 It was only in 1681, however, that a science was developed to assess the authenticity and authority of records, that is, to establish that they were what they purported to be, free from tampering or corruption, and capable of producing consequences. The science of diplomatics was developed by Dom Jean Mabillon to determine the identity and integrity of documents claimed to be diplomas of Merovingian kings, and their ability to demonstrate the land rights of the Benedictines of France.1 Thus, diplomatics focused on both documentary form2 and status of transmission, that is, the degree of perfection of a record.3 It defined an original as a document imbued with three qualities: primitiveness, completeness and effectiveness. An original is the first complete document capable of reaching the effects that it intends to reach – the perfect document. Then it defined both a draft and a copy in relation to the original: a draft precedes the original, is made for purposes of correction and is not intended to have consequences, while a copy, which may be of a draft, an original or another copy, is made for purposes of either communication or security. There may be several generations of drafts and several types of copies, with different degrees of authority, as there may be multiple originals.4
1See Luciana Duranti, ‘Diplomatics: new uses for an old science’ (1989) 28 Archivaria 12.
2The form of a document is defined as the ‘whole of the characteristics which can be separated from the determination of the particular subjects, persons, or places it is about’. Duranti, ‘Diplomatics’, 15.
3The status of transmission of a record is shown in ‘Ontology B’: http://www.interpares.org/ip2/display_file.cfm?doc=ip2_ontology.pdf.
4Duranti, ‘Diplomatics’, 18–21.
6.5 The science of diplomatics was the foundation of the law concerning evidence and proof in Europe, and was based on the fundamental assumption that the more authority a record has, the more believable is its content. As a consequence, the original was preferred to any other status of transmission, to the point that an authenticum was defined as ‘an original instrument or writing; the original of a will or other instrument, as distinguished from a copy’.1 If authenticity is by default attributed to the original for being the most authoritative status of transmission, then reliability of content is implied. Thus, the concepts of originality, authenticity and reliability were conflated and the ‘best evidence’ idea came into being. All of this has changed as the world has moved to the digital environment.
1Henry Campbell Black, Black’s Law Dictionary, Revised Fourth edn, 1968, s.v. ‘authentic’ and ‘authentic act’, 168.
6.6 Emails can be stored in a number of different formats, depending upon the software that created them. For evidentiary purposes, it is important to obtain the item in the native format, the unmodified email message file, including its attachments, as this is the only way the identity and integrity of an email can be proven. Some older email repositories stored emails and attachments in a flat file structure which makes it difficult to retrieve and view them without specialist assistance.
6.7 Indeed, emails can be submitted as evidence for a number of purposes. The email, like all correspondence, may be offered to prove that the sender did, or did not,1 communicate with another person or persons, in which case the communication, and not its content, may be called into evidence. It may be tendered to show the sender was at a particular location at a particular time, and this will be evidenced in the metadata showing the IP address of the computer from which the email was sent. If authenticity is still challenged, the sender of the email may have to give evidence of doing so. However, if the sender of the email denies having written it, then the party tendering the email will need to provide a wide array of circumstantial evidence in order to prove the identity of the sender.2 This may be difficult unless the party tendering the email can show, on the balance of probabilities, that the purported sender did send the email.
1See for example, Greene v Associated Newspapers Limited [2004] EWCA Civ 1462, [2005] QB 972, [2005] 3 WLR 281, [2005] 1 All ER 30, [2004] 11 WLUK 165, [2005] EMLR 10, (2004) 101(45) LSG 31, (2004) 148 SJLB 1318, Times, 10 November 2004, Independent, 9 November 2004, [2005] CLY 970.
2By way of example, see Takenaka (UK) Ltd and Corfe v Frankl [2001] EWCA Civ 348, [2001] 3 WLUK 163, [2001] EBLR 40, [2001] CLY 1819 and BSkyB Ltd v HP Enterprise Services UK Ltd (formerly t/a Electronic Data Systems Ltd) [2010] EWHC 86 (TCC), [2010] 1 WLUK 491, [2010] BLR 267, 129 Con LR 147, [2010] 26 Const LJ 289, [2010] CILL 2841, [2010] CLY 3421.
6.8 Although public bodies and private corporations now use record-keeping systems, where records of all types are organized by function and activity, and which are designed according to requirements established by national and international standards, private people and small organizations tend to keep emails stored in the application used by the email client where it was generated or received.1 Similarly, their electronic files, such as draft correspondence, spreadsheets, reports, PowerPoint presentations, drawings and so on, are stored in the applications where they are created, although this is now changing where these documents are saved and stored in cloud-based repositories. Sometimes these files are created using proprietary software, and stored in formats that can only be interpreted by that software, although open source software is increasingly used; however, there are now tools available that can obtain access to the content of proprietary files without the need to obtain the proprietary software.
1For a detailed description of the characteristics of emails as digital entities, see Gianfranco Pontevolpe and Silvio Salza, General Study 05 – Keeping and Preserving Email, http://interpares.org/ip3/display_file.cfm?doc=ip3_italy_gs05a_final_report.pdf. See also Association of Records Managers and Administrators, BSR/ARMA 19-2019, Policy Design for Managing Electronic Messages.
Digital evidence compared to past paradigms
6.9 It is important to take into account the differences between analogue1 and digital evidence when examining how the rules of evidence have been, and should be, applied to digital evidence. Indeed, ‘evidence in digital form is paradigmatically different from pre-digital evidence which generally was inextricably associated with a medium be it paper, film, video, audiotape or some other fixed medium’.2 It is true that, in January 2019, the Council of Europe adopted the ‘Guidelines of the Committee of Ministers of the Council of Europe on electronic evidence3 in civil and administrative proceedings’,4 which provide:
Electronic evidence should be evaluated in the same way as other types of evidence, in particular regarding its admissibility, authenticity, accuracy and integrity.
1Analogue is information written on physical material, such as a paper, parchment, stone, clay, film or certain types of magnetic audiotape and videotape (see CGSB 72.34-2017, 2).
2Judge David Harvey, ‘Digital evidence admissibility: some issues’ (17 December 2019), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505611.
3In the context of this chapter, the expressions ‘electronic evidence’ and ‘digital evidence’ are used interchangeably, although ‘electronic’ refers to the storage and means of transmission of an entity and ‘digital’ to the discrete, binary values constituting it. See for example CGSB 74.34-2017, 3–4 ‘electronic record’ and ‘digital record’.
4Guidelines of the Committee of Ministers of the Council of Europe on electronic evidence in civil and administrative proceedings (Adopted by the Committee of Ministers on 30 January 2019, at the 1335th meeting of the Ministers’ Deputies), 30 January 2019, CM(2018)169-add1final, https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=0900001680902e0c.
6.10 Evaluating electronic evidence in the same way as other types of evidence does not mean that they should be dealt with in the same way. Jokubauskas and Świerczyński1 have, for instance, questioned whether those guidelines already require revision. The authors point out the increasing use of cloud computing, particularly as a cross-border technology, and the increasing popularity of emerging technologies such as blockchain and artificial intelligence tools. This suggests that there are gaps in the way the law deals with electronic evidence and these should be carefully examined by a careful comparison with analogue evidence.
1Remigijus Jokubauskas and Marek Świerczyński, ‘Is revision of the Council of Europe guidelines on electronic evidence already needed?’, (2020) 16(1) Utrecht Law Review 13. DOI: http://doi.org/10.36633/ulr.525.
6.11 In the past, a document was understood as information affixed to an analogue medium1 by means of a writing instrument or an apparatus for fixing data, images or sound, in a form that was both objectified and syntactic.2 In legal proceedings, if a document is admitted into evidence, it generally contains information upon which one party wishes to rely as proof of an alleged fact.
1‘Analogue medium n., Physical material, such as paper, parchment, stone, clay, film or certain types of magnetic audio- and videotape, used for storage of data’, http://www.interpares.org/ip2/display_file.cfm?doc=ip2_glossary.pdf&CFID=22025589&CFTOKEN=86498402.
2Duranti, ‘Diplomatics’, 15. See also R v Daye (Arthur John) [1908] 2 KB 333 (KBD).
6.12 When a ‘document’ is not affixed to an analogue medium, but rather exists in an electronic form, the content, structure and form of a digital ‘document’ are not inextricably linked to one another, as is the case with information in analogue form. A digital document is composed of two parts: the stored entity (the digital component) and its manifested entity such as what appears on a computer screen or in other output form. These entities are vulnerable (easy to destroy, lose, corrupt, tamper with, or may become inaccessible if not protected), yet persistent (forever there, if not purposefully destroyed).1 An electronic document also includes more information than is visible to the eye – the digital components may comprise information such as metadata and data about the structure of the document.
1Luciana Duranti and Kenneth Thibodeau, ‘The concept of record in interactive, experiential and dynamic environments: the view of InterPARES’ (2006) 6(1) Archival Science13, http://www.interpares.org/ip2/display_file.cfm?doc=ip2_book_appendix_02.pdf.
6.13 For example, an email, if printed, looks like a paper document and appears complete because one can see the header lines. If the email is tendered through a witness who is the author of the email, without objection, then the paper version of the email may be perfectly adequate to prove its contents. However, the email as stored by the email client may contain additional information relevant to the issues in legal proceedings. Although there are four types of header lines – identity header lines (including thread headers), transmission header lines, security header lines and format/encoding header lines – only a small part of the header is typically displayed by email clients and is printable. Only if the email is accessed through special settings on the email client is it possible to see all the hidden information.
6.14 Some working groups have defined the main differences between paper (and other analogue media) and electronic documents. Among them, the most prominent is The Sedona Conference Working Group on Best Practices for Electronic Document Retention and Production (the Sedona Conference).1 The Sedona Conference suggests that such differences can be broadly grouped into six categories: (a) metadata, (b) volume and duplicability, (c) persistence, (d) dynamic, changeable content, (e) environment dependence and obsolescence, and (f) dispersion and searchability.
1The Sedona Conference, Electronic Document Retention and Production, Working Group 1 (2002).
Admissibility and authentication
6.15 To be admissible in legal proceedings, the potential evidence needs to be relevant to the facts at issue in the proceedings. If it is not relevant, it is not admissible. After the evidence is admitted, it is open to the opposing party to challenge it by contradicting, undermining or explaining it. The trier of fact then determines how much weight is to be given to the evidence, and makes a decision accordingly.
6.16 This does not prevent both parties and the court from accepting the authenticity of the evidence without proof.1 Alternatively, one party may put the identity or integrity of digital documents in issue. In such a case the party adducing the evidence will also need to meet the requirement to provide suitable evidential foundations. For instance, in civil proceedings in England and Wales a party is deemed to admit the authenticity of a document disclosed under the provisions of the Civil Procedure Rules (CPR) Pt 31 unless notice is served that the party wishes the document to be proved at trial, as provided for by CPR 32.19. Notwithstanding the provisions of the CPR, the authenticity of documents is not, generally, challenged at such an early stage in the proceedings.2 This is because neither party may be aware of the dispute over the authenticity of a document until during the trial, when it may be first raised by a witness during oral testimony.
1For a number of early cases in the US where digital images from satellites were accepted by agreement, see Harald Ginzky, ‘Satellite images as evidence in legal proceedings relating to the environment – a US perspective’ (2000) VXXV(3) Air & Space Law 114, 116.
2Although see Gallaher International Ltd v Tlais Enterprises Ltd (Rev 1) [2008] EWHC 804 (Comm), [2008] 4 WLUK 504, where Gallaher gave notice that it challenged the authenticity of a large number of the documents disclosed by Tlais, and required Tlais to prove them, at [586]. Clarke J considered that some documents were neither proved nor not proved at [630], that some were not proved at [685] and that some were not satisfactorily proved at [862].
6.17 Reported cases appear to indicate that a lawyer will merely assert that the authenticity, reliability or accuracy of the evidence is not to be trusted, and the court will then have to determine a suitable response to the allegation raised,1 or a lawyer may fail to raise any specific objections as to the accuracy of the evidence.2 For example, if an email, a web page, a social media post or any other form of digital evidence is admitted as evidence, the opposing party may challenge its reliability in order to reduce the weight to be given to the evidence by using witness testimony, certifications, forensic evidence and circumstantial evidence to do so.3
1For instance, in Noble Resources SA v Gross [2009] EWHC 1435 (Comm), [2009] 6 WLUK 558, Mr Gross cast doubt over the reliability and (it seems) the authenticity of SMS messages, but the technical evidence demonstrated that it was not possible to alter an SMS message on a BlackBerry once it had been received or sent; note the discussion in relation to the printouts of records of telephone calls made by a mobile telephone in the case of State v Navjot Sandhu (2005) 11 SCC 600, 148–152.
2Olympic Insurance Company v H. D. Harrison, Inc., 418 F.2d 669 (5th Cir. 1969).
3Micheál O’Floinn and David Ormerod, ‘Social networking material as criminal evidence’ [2012] Crim LR 486 for a discussion of the approach taken in the courts in England relating to data from social networking sites.
6.18 The way in which electronic evidence is adduced will affect the challenges as to its authenticity. Generally, evidence is adduced to assert or reinforce a positive position. For instance, it might provide reliable information,1 act to confirm an alibi,2 or where there is evidence from different devices and systems in combination (CCTV, automatic number plate recognition system and the use of mobile telephones3 attributed to a particular person), act to corroborate and reinforce the evidence between the parties.4 An example of the positive use of electronic evidence is the Application Transaction Counter on the chip of a debit card, which increases by one each time a transaction occurs, so that in the event of a disputed transaction, the counter on the card can be tested against the records maintained by the bank.5 Another example of the positive use of electronic evidence can be found in the case of City Park Co-operative Apartments Inc. v David Dubois.6 In this case, Spies J accepted that the code of an apartment entry–exit ‘key’ issued to the defendant contradicted the defendant’s affidavit evidence that he had been denied access to his apartment. The management of the apartment was able to adduce in court evidence to show that this particular entry–exit ‘key’ was used 1,447 times in a six-month period, based on computer records of each entry or exit for the uniquely coded ‘key’ (which the judge questionably described as an ‘electronic signature’). Nonetheless, the judge’s meaning is clear: this was an example of electronic evidence demonstrating that the holder of a token had used the entry–exit ‘key’, thus showing that his affidavit evidence was incompatible with the electronic evidence.
1A (Death of a Baby), Re [2011] EWHC 2754 (Fam), per Jackson J at [168].
2R. v Hallam (Sam) [2012] EWCA Crim 1158, [2012] 5 WLUK 518.
3In R. v Hamilton 2011 ONCA 399 the Ontario Court of Appeal held that evidence regarding cell tower records was factual evidence and not opinion evidence, and the court accepted evidence of three employees rather than experts at [259]; see also R. v Cyr 2012 CarswellOnt 16386, 2012 ONCA 919, [2012] OJ No. 6148, 104 WCB (2d) 1033, 294 CCC (3d) 421, 300 OAC 111; these decisions have been criticized: Ken Chasse, ‘Guilt by mobile phone tracking shouldn’t make “evidence to the contrary” impossible’, http://www.slaw.ca/2016/10/04/guilt-by-mobile-phone-tracking-shouldnt-make-evidence-to-the-contrary-impossible/.
4R. v Fagan (Taariq), R. Fergus (Michael) [2012] EWCA Crim 2248, [2012] 9 WLUK 121. Note the discussion of a case in Switzerland where the absence of evidence that a mobile telephone that was switched on at the relevant time was the topic of a paper in considering probability and graphical probability models: Alex Biedermann and Joëlle Vuille, ‘Digital evidence, “absence” of data and ambiguous patterns of reasoning’ (2016) 16 Digital Investigation S86.
5Jerzy Kosiński, ‘A case of the customer attempting to claim their debit card was cloned’ (2016) 13 Digital Evidence and Electronic Signature Law Review 167.
6[2006] OJ No. 4428 (Sup. Ct.) (QL).
6.19 However, it is possible for digital data to prove a negative position (or perhaps be adduced as evidence of an inconsistent positive), a point made by Professor Tapper.1 An example is a case where a number of customers of a bank report unauthorized ATM withdrawals, which will cause the bank to investigate whether an employee was responsible for the thefts. This happened in the case of United States of America v Bonallo,2 where computer records had demonstrated that cash withdrawals were made when the defendant Bonallo was in the building. It transpired that the employee who assumed Bonallo’s duties after his employment was terminated discovered a ‘fraud program’ in Bonallo’s computer program library. This program was used to provide access to ATM computer files, and to allow him to alter transaction records, although it could have been used for legitimate purposes as well. This case not only illustrates the possibility of adducing evidence of an inconsistent positive, but also the care with which judges should approach assertions about ‘reliable’ computer systems and whether the business records exception ought to apply.
1Colin Tapper, ‘Evanescent evidence’ (1993) 1(1) Intl J L & Info Tech35, 44–45; Beryl A. Howell and Brian M. Heberlig, ‘The Lamar Owens case: how electronic evidence contributed to an acquittal in an explosive rape case’ (2007) 24(12) The Computer & Internet Lawyer 1; Alfano v LC Main, LLC, 38 Misc.3d 1233(A) (2013) 969 N.Y.S.2d 801 (Table), 2013 WL 1111969 (N.Y.Sup.), 2013 N.Y. Slip Op. 50373(U) (a forensic computer examiner performed a forensic analysis of the metadata associated with the plaintiffs’ photographs, concluding that the photographs were taken 12 days after the accident); Kashmir Hill, ‘Fitbit data just undermined a woman’s rape claim’, Splinter (29 June 2015), https://splinternews.com/fitbit-data-just-undermined-a-womans-rape-claim-1793848735.
2858 F.2d 1427 (9th Cir. 1988).
6.20 Although some jurisdictions deal with the issue of admissibility and authentication somewhat differently, it is clear that admissibility is a question of law for the judge and authenticity is a question of fact for the jury, or the judge alone if there is no jury.
6.21 For instance, in Australia, for evidence to be admissible, it must be relevant.1 Authenticity is not a ground of admissibility pursuant to the Uniform Evidence Acts, so the issue does not arise when the court is considering objections to evidence.2 When considering evidence such as social media screenshots or printouts, the judge will first determine whether, as a question of law, the evidence is relevant, and if it is, it will be admitted into evidence. The trier of fact will then determine whether the evidence is authentic. How the evidence is authenticated will depend upon the method of authentication used.3 For example, Estcourt J posits that a proponent only has to ‘prove’ a document such as a screenshot or a photograph or printout of social media.4 Estcourt J was referring to the decision of Perram J in Australian Competition and Consumer Commission v Air New Zealand Ltd (No 1)5 in relation to business records. However, the judge was of the view that this approach applies equally to Facebook evidence. Estcourt J stated:6
In a nutshell, when you tender a Facebook screenshot or printout no question of its authenticity arises as a threshold question. The only question at this stage is relevance. At no time does the judge as the judge of law determine that the document is or is not authentic because that is not a question for him or her. The question for the judge as the judge of law is only relevance. The question of authenticity is for him or her, after the document has been admitted into evidence, and that is for him or her as the judge of fact.
1Australian Competition and Consumer Commission v Air New Zealand Ltd (No 1) [2012] FCA 1355 per Perram J at [92].
2Australian Competition and Consumer Commission v Air New Zealand Ltd (No 1) [2012] FCA 1355 per Perram J at [92].
3The Hon. Justice Stephen Estcourt AM, ‘Social media as evidence’, speech presented to New Technology and Trial Practice Workshop, Port Moresby, 18–20 March 2019, https://www.supremecourt.tas.gov.au/publications/speeches-articles/social-media-as-evidence/, at 8.
4Estcourt, ‘Social media as evidence’.
5[2012] FCA 1355, (2012) 207 FCR 448.
6This text, and the further text cited, is towards the end of Estcourt, ‘Social media as evidence’.
6.22 Estcourt J goes on to say:
As to the ultimate question of fact, if a person in his or her evidence denies that the post is his or hers, or claims that it is not genuine, then the issue will play out like any other disputed issue of fact. If the person denies he or she posted it, then that claim will be tested by cross-examination. ‘Who had access to your account? How was your account hacked? Who knew your password? When was it hacked? What about the posts either side of that post?’ If the tribunal is a judge alone, then he or she will decide the question of authenticity and the weight to be given to it.
6.23 In England and Wales, s 8 of the Civil Evidence Act 1995 provides that, where a statement contained in a document is admissible in civil proceedings, it may be ‘authenticated in such manner as the court may approve’. As for criminal proceedings, the current position is now governed by s 133 of the Criminal Justice Act 2003, which provides as follows:
133 Proof of statements in documents
Where a statement in a document is admissible as evidence in criminal proceedings, the statement may be proved by producing either–
(a) the document, or
(b) (whether or not the document exists) a copy of the document or of the material part of it, authenticated in whatever way the court may approve.
6.24 The Explanatory Notes to the Act states that s 133 ‘corresponds to the position under section 27 of the Criminal Justice Act 1988, whereby a statement in a document can be proved by producing either the original document or an authenticated copy’ and continues: ‘It is intended to cover all forms of copying including the use of imaging technology.’1 Interestingly, the document must be an original or an authentic copy, which illustrates the need to pay careful attention to the means by which a document in digital form is authenticated before the court.2 The use of imaging technology is also a mechanism for obtaining a copy of the original data, although the actual technology that is used to obtain an image of data may be challenged. The number of removes a copy may be from the original is dealt with indirectly by reference to the meaning of ‘copy’, which ‘in relation to a document, means anything on to which information recorded in the document has been copied, by whatever means and whether directly or indirectly.’3 This requires the trial judge to determine how a digital document is authenticated, which is why guidance on the mechanisms by which authenticity is tested after evidence is seized can be so important.4 In essence, the move has been towards assessing the weight to be given to electronic evidence.
1At paragraph 436.
2O’Floinn and Ormerod, ‘Social networking material as criminal evidence’.
3Criminal Justice Act 2003, s 134(1) Interpretation of Chapter 2.
4For which see article 4 of the Draft Convention on Electronic Evidence, which proposes five tests respecting evidence seized and subsequently submitted as evidence in legal proceedings: (2016) 13 Digital Evidence and Electronic Signature Law Review S1–S11, https://journals.sas.ac.uk/deeslr/article/view/2321.
6.25 The Court of Appeal’s stance in R. v O’Connor (Damien)1 has wider implications on the admissibility of electronic evidence beyond its own facts. The appellant and several others were accused of conspiring to import heroin and cocaine into the UK from Belgium. O’Connor was living in Belgium at the time. The prosecution relied upon telephone records provided by the Belgian police in relation to a mobile telephone used by the leader of the conspiracy, but there was no accompanying statement from the Belgian telephone provider. The court concluded that it was arguable that the records, which were produced by the Belgian authorities and handed to the prosecution, were not in fact statements made by a person. Hooper LJ went on to say, at [16]:
and one concentrates on the person who interrogated the Belgium provider computer and obtained the data for the [alleged appellant’s] phone, and if one assumes that in that respect a person is making a representation for the purposes of section 115 [of the Criminal Justice Act 2003], then the issue has to be whether it is admissible under section 117 [of the same Act as a business record exception to the hearsay rule]. The judge held that it was.
1[2010] EWCA Crim 2287, [2010] 6 WLUK 467, Times, 19 July 2010, [2011] CLY 608.
6.26 In Canada, the Uniform Law Conference of Canada adopted in 1997 the text of a Uniform Electronic Evidence Act (Canada) that proposed a reform of the traditional common law evidentiary requirements in light of the characteristics of electronic materials submitted for admissibility as evidence.1 The Uniform Electronic Evidence Act (Canada) subsequently became uniform law in Canada in the Canada Evidence Act (CEA) 1995, thereby prevailing in criminal proceedings anywhere in Canada.2 Section 31.5 Canada Evidence Act provides:
For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document.
1See https://www.ulcc.ca/en/ and http://www.slaw.ca/2018/09/11/electronic-documents-in-civil-and-administrative-proceedings-uniform-rules/.
6.27 Further, s 41.2 of the Act states that it does ‘not modify any common law or statutory rule relating to the admissibility of records, except the rules relating to authentication and best evidence’. Section 41.3 goes on to provide that a ‘person seeking to introduce an electronic record as evidence has the burden of proving its authenticity by evidence capable of supporting a finding that the electronic record is what the person claims it to be’. If evidence which is ‘capable of demonstrating authenticity is adduced and not rebutted’, it is still ultimately up to the trier of fact to determine whether or not the evidence is authentic, and to decide what weight, if any, is to be placed on that evidence.1
1David Outerbridge and Ezra Siller, ‘The admissibility of electronic evidence’, https://www.lawinsider.com/documents/, at 10.
6.28 In summary, if a judge is satisfied, as a question of law, that evidence is admissible, it is then up to the trier of fact (judge or jury) to determine whether the evidence is authentic and what weight, if any, is to be given to the evidence. The judicial approach to authentication of digital data in legal proceedings is considered on a case-by-case basis. There are no judicial guidelines about the attributes or characteristics of digital data, and some commentators have provided guidance through the application of relevant case law in relation to different types of digital data, such as emails, websites, instant messages, text messages and photography.1 Judges have to make judgments about the qualifications of the witnesses who appear before them, and interpret the nature of digital data in accordance with the evidence presented.
1Steven Goode, ‘The admissibility of electronic evidence’ (2009) 29(1) Review of Litigation 1; Breanne M. Democko, ‘Social media and the rules on authentication’ (2012) 43 U Tol L Rev 367; Kenneth N. Rashbaum, Matthew F. Knouff and Dominique Murray, ‘Admissibility of non-U.S. electronic evidence’ (2012) XVIII Rich J J & Tech 9; Paul W. Grimm, Lisa Yurwit Bergstrom and Melissa M. O’Toole-Loureiro, ‘Authentication of social media evidence’ (2013) 36(3) American Journal of Trial Advocacy 433.
6.29 Two cases from the US and one from England and Wales serve to illustrate this point. In State of New Jersey v Swed,1 the defendant was convicted of obtaining electricity without payment, and part of the evidence comprised computer printouts identifying the defendant as a customer with a registered address. The defendant contended that there was insufficient foundation for the admission of the printouts. In reaching its decision, the Appellate Division of the Superior Court of New Jersey applied the six foundational requirements set out in Monarch Federal Savings & Loan Association v Gesner:2 personal knowledge on the part of the witness as to the act or event recorded was not necessary; the person called as a witness should be able to testify as to the type of computer used, the permanent nature of the record storage and how daily transactions were customarily recorded; the computer records were made in the ordinary course of business; the entries were made within a reasonable time after the transaction occurred; proof of the validity of the source of the information from which the entry was made was required; and the validity of the method used in obtaining the computer printout must be established. In each of these instances, the prosecution provided suitable evidence.
6.30 In the criminal case of R v Cochrane,1 McCowan LJ, Waterhouse and Brooke JJ set out the following guidance in relation to electronic evidence from mainframe computers:
it was necessary that appropriate authoritative evidence should be called to describe the function and operation of the mainframe computer, including the extent to which it brought to bear information stored within it in order to validate a transaction and to enable an appropriate record to be made on the till roll. None of those matters were covered by any of the witnesses, and the judge had had to grapple with inadequate, and possibly, incorrect information … The Crown had failed to adduce adequate evidence to enable the court to properly rule that the till rolls were admissible evidence; and in the absence of the till rolls the Crown’s case could not be proved.
1[1992] 6 WLUK 63, [1993] Crim LR 48 (CA), [1993] CLY 366.
6.31 In the context of the US, George L. Paul has indicated that ‘the Federal Rules of Evidence do not contain a rule requiring informational records or other objects to be authentic. The requirement appears to be assumed’,1 and he indicates that authenticity is a prerequisite, because evidence must also be relevant. This observation must be considered to be accurate for most jurisdictions. In this part of the chapter, consideration is given to a number of jurisdictions and how judges have approached the authentication of digital data, to illustrate that comprehensive tests to demonstrate the authenticity of digital data are not necessary for every conceivable set of facts – an observation made by Erdmann J in United States v Lubich before the US Court of Appeals for the Armed Forces, in which he said ‘There are numerous scenarios in which this issue will arise and we see no benefit in attempting to craft a “standard” test to analyze all computer data situations’.2
1George L. Paul, Foundations of Digital Evidence (American Bar Association 2008), 39; George L. Paul, ‘Systems of evidence in the age of complexity’ (2014) 12(2) Ave Maria L Rev 173; for an earlier comment, see Rudolph J. Peritz, ‘Computer data and reliability: a call for authentication of business records under the Federal Rules of Evidence’ (1986) 80(4) Northwestern University Law Review 965.
272 M.J. 170 (2013) at 175 – the attorney for the appellant argued that the prosecution had failed to provide for the continuity of the evidence.
6.32 In order to circumvent forgery, the common law ‘best evidence rule’ established that original material be used whenever possible. This requires ‘the party who claims to put the contents of a writing in evidence [to] produce [the original], or account for its absence’.1 Each original must be attested by witnesses ‘that it was sealed and delivered’2 and it must be ‘the best that the nature of the case will allow’.3 The rule is traceable to the ancient method of trial by charter, where there could be no trial without the charter, and ultimately led to the requirement that original documents be produced in court.4 The best evidence rule was thus based on the premise that no evidence other than the original was admissible unless secondary evidence, or proof other than the original, was admissible as an exception to this rule.
1R v Richard John Frankland (1863) Le. & Ca. 276, 169 ER 1394.
2Doctor Leyfield’s Case (1572) 10 Co Rep 88, 77 ER 1057 at 9.
3Steyner v The Burgesses of Droitwich (1700) Holt KB 290, 90 ER 1059; Omychund v Barker (1745) 1 Atk 21, 49, 26 ER 15 at 33.
4Edmund M. Morgan, ‘The jury and the exclusionary rules of evidence’ (1937) 4 U Chi L Rev 247.
6.33 In the electronic environment, as originals do not exist other than for ‘a nanosecond’ when they are being made or received, the best evidence rule appears to be inapplicable. However, one can abide by the spirit of the law, rather than by its letter, by focusing on the primitiveness of the document, and on its completeness and effectiveness.
6.34 When a digital document is saved upon its creation or receipt, it is taken apart and separated into its digital components. When it is subsequently retrieved, and each time it is viewed, a copy is generated which, though not easily distinguishable from the original, is never identical to it, at least in regard to metadata, as the actions of closing, opening and navigating attach additional information to the document. Thus, although an original is generated when a document is first composed or received, upon closure it disappears and, as a consequence, there are no originals in the digital environment. As a further consequence, it is impossible to preserve digital entities: we can only preserve the ability to reproduce them from their digital components, or, in a database, regenerate them from content data, form data and composition data.1
1Duranti and Thibodeau, ‘The concept of record in interactive, experiential and dynamic environments’.
6.35 The fact that digital entities are capable of being reproduced in an almost identical fashion (at least to the human eye) poses the question of whether the original document rule is now redundant. Although this rule was abolished in the Uniform Evidence Acts in Australia, it still exists in some jurisdictions, such as Canada, and, without legislative acknowledgement of the true nature of digital evidence, courts may not be alerted to the need to consider that electronic documents that have the same formal presentation of the original can indeed be considered as having the same authority.1
1In the digital environment it is important to distinguish formal presentation (that is what one sees on a screen and can print out) from technological presentation (the format of the document). Thus, a Word document and a PDF/A look the same on the screen (they have the same formal presentation) but their stored components are different. One important difference is that a Word document is changeable, but has metadata that can be examined, while a PDF/A is immutable, but has no metadata.
6.36 The absence of an original as the first complete and effective instantiation of a digital document does not mean that there is no one such instantiation capable of acting as an original, of having the authority and the force of an original, due to its degree of completeness: in the digital world, we refer to this as integrity. Likewise, the fact that every time a digital entity is recalled a new one is generated does not imply that the outcome cannot be what it purports to be, and that its content cannot be presumed reliable and accurate. This requires us to consider how the digital environment has separated the fundamental components of documentary trustworthiness that had flowed together in the seventeenth century: reliability, accuracy and authenticity.
6.37 Documentary authenticity in the digital environment is defined as the trustworthiness of a document – it is what it purports to be, untampered with and uncorrupted. Authenticity is based on the identity and integrity of a document.1 The identity of a document refers to the attributes that uniquely characterize it and distinguish it from other documents. They include the names of the persons concurring in its creation (author, addressee, writer, originator, creator), its date(s) of creation (making, receipt, filing) and transmission, the matter or action in which it participates, the expression of its contextual relationships with other documents (classification code) and an indication of any attachment(s).
1Heather MacNeil, ‘Providing grounds for trust: developing conceptual requirements for the long-term preservation of authentic electronic records’ (2000) 50 Archivaria 52; MacNeil, ‘Providing grounds for trust II’.
6.38 Integrity refers to the quality of being complete and unaltered in all essential respects. We have never been fussy about it – consider a document that had holes, was burned on a side or where the ink passed through to the verso of it. In the analogue environment, the same definition of integrity was used with respect to data, documents, records and record systems. In the digital environment, integrity might refer to different things. It might refer to bitwise integrity, often identified with data integrity, which means that the data in the document are not modified either intentionally or accidentally, and that the original bits are in a complete and unaltered state from the time of capture, in that they have the exact and same order and value. In a digital entity, a small change in bits means a very different value is presented on the screen or action taken by a program or database (by way of example, 101 is a 5, 110 is 6 and 011 is a 3 – same bits, different order). Compromised bitwise integrity is revealed by digital signatures and emerging technologies such as blockchain.1 Integrity might also refer to duplication. When we intentionally duplicate digital entities (rather than doing so in the act of accessing them), we either make a copy or take a forensic image. A copy is a selective duplicate in that you can only copy what you see. It rarely includes confirmation of completeness and provides an incomplete picture of the digital environment. A forensic image is a bit-for-bit copy of a storage medium and its content, including ambient data (such as snapshots of each open file), swap space (virtual memory, with passwords and encryption keys) and slack space (the unused space which contains deleted material).2
1See the section on technological authentication below.
2Ambient data refers to the data saved through the process of auto-save functions included with office productivity programs, which write temporary snapshots of an open file to the disk at set intervals. Swap space is the portion of the hard disk that the system uses as extension of its RAM during operation. It is termed as virtual memory in the Windows world. Forensic investigators recover significant ephemeral data such as password and encryption keys from swap space. Slack space refers to the space available on a cluster even after an active file is stored in some part of that cluster. This arises from the fact that space is allocated in fixed cluster sizes even if the file size is less than the cluster size. The data present in the remaining area of the cluster is not overwritten and reflects data about a past file that was using the cluster, and is called slack.
6.39 When digital material is duplicated either for forensic purposes or to be submitted as evidence, two principles must be respected: the Principle of Non-interference, which means that the method used to reproduce or recreate digital entities does not change them, and the Principle of Identifiable Interference, which means that, if the method used does alter the entities, the changes are identified and identifiable and that information is provided about who and what introduced the changes so that witnesses can testify as to them.
6.40 These conceptual changes affect authentication of digital entities. In the digital environment, we regard authentication as a declaration of authenticity at one point in time, based on either direct knowledge, material proof, inference or deduction.1 Fundamentally, the conceptual basis for the authentication of digital material remains the same as for analogue material: a chain of legitimate custody for inferring authenticity; a digital continuity of evidence (also called chain of custody) to preserve information about the material and its changes, to show that specific data was in a particular state at a given date and time; a declaration of the author or a witness; and the affidavit of a digital evidence professional who bases his or her testimony on the trustworthiness of the system hosting the digital material, and on the procedures and processes controlling its maintenance and use. The latter is becoming increasingly relevant in some jurisdictions, such as Canada, where the idea was formally introduced in the late 1990s.2
1Government of Canada Standards Board 72.34-2017, Electronic Records as Documentary Evidence, 3.
2Luciana Duranti, Corinne Rogers and Anthony Sheppard, ‘Electronic records and the law of evidence in Canada: the Uniform Electronic Evidence Act twelve years later’ (2010) 70 Archivaria 95.
6.41 Thus, when considering digital evidence, an ‘original’ electronic document can no longer be equated with an ‘authentic’ electronic document.1 Where a law such as the Uniform Electronic Evidence Act (Canada) shifts the focus from the best evidence rule, which is concerned with document integrity, to the authentication rule, which is concerned with its primitiveness, this is primarily due to the fact that computer-generated or computer-stored information may lack stability of form and content. Furthermore, there may be instances where, to assure its continued accessibility, a digital object is purposely migrated from one system to another and converted from one format to another to deal with technological obsolescence. It follows, therefore, that the ability to prove the authenticity of a digital object is not equal to proving that an ‘original’ exists. The issue is about trustworthiness, or the lack of it. Proving the authenticity of a digital object means providing sufficient evidence to convince an adjudicator that the object that has been retrieved is a faithful representation of what is claimed was the ‘original’, or a reliable representation of the object that was made by the originator or relied upon by the recipient and the user, or only the user.
1Paul, Foundations of Digital Evidence, 48–49; Steven W. Teppler, ‘Digital data as hearsay’ (2009) 6 Digital Evidence and Electronic Signature Law Review 7, 9 n 18; Stephen Mason, ‘Electronic evidence and the meaning of “original”’ (2009) 79 Amicus Curiae 26, http://sas-space.sas.ac.uk/2565/; Luciana Duranti and Corinne Rogers, ‘Trust in digital records: an increasingly cloudy legal area’ (2012) 28(5) Computer Law and Security Review 522, 527 with further references.
6.42 Documentary reliability is defined as the trustworthiness of the content of a document as fact. Inferences can be drawn from factors such as competence (the authority and capacity) of the author, the completeness of the form and the control over the process of production of the document. On these bases, all public documents are considered reliable and so are all business records, which constitute an exception to the hearsay rule because of why they are generated and the process through which they are generated.1 Reliability, however, does not imply accuracy.
1Luciana Duranti, ‘The concepts of reliability and authenticity and their implications’ (1995) 39 Archivaria 5–10.
6.43 Documentary accuracy is defined as the correctness and precision of the data in the digital entity, based on the competence of the author and the controls on content recording and transmission. During transmission the data in a reliable document may change and the document may become inaccurate.1
1See Ontology C, http://www.interpares.org/ip2/display_file.cfm?doc=ip2_ontology.pdf.
6.44 The concepts of integrity and reliability are also closely linked. For instance, in Canada, s 31.5 of the Canada Evidence Act provides as follows:
For the purposes of subsection 31.2(1), in the absence of evidence to the contrary, the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (a) by evidence capable of supporting a finding that at all material times the computer system or other similar device used by the electronic documents system was operating properly or, if it was not, the fact of its not operating properly did not affect the integrity of the electronic document and there are no other reasonable grounds to doubt the integrity of the electronic documents system.
6.45 The introduction of the Uniform Electronic Evidence Act (UEEA) provides that the integrity of the digital material submitted for admissibility could be inferred from the integrity of the electronic system in which the material is stored. Therefore, if a litigant offering an electronic record as evidence can show that the system producing or storing it operates in the way it is expected to, the output satisfies the evidentiary requirements, regardless of its form.
6.46 The Uniform Law Conference of Canada commentary for the UEEA states:
This Act focuses on replacing the search for originality, proving the reliability of systems instead of that of individual records, and using standards to show systems reliability.
6.47 As a factor in determining the reliability of a system, s 6 of the Uniform Electronic Evidence Act (Canada) replaced the traditional identification of individual records by a witness, or other foundation evidence, with proof of compliance of the system with recognized records management standards, procedures, usages or practices.1 Section 6 of the UEEA (Canada) provides:
For the purpose of determining under any rule of law whether an electronic record is admissible, evidence may be presented [in any legal proceeding] in respect of any standard, procedure, usage or practice on how electronic records are to be recorded or stored, having regard to the type of business or endeavour that used, recorded or stored the electronic record and the nature and purpose of the electronic record.
1Duranti and others, ‘Electronic records and the law of evidence in Canada’, 105.
6.48 Section 6 does not apply to data generated by computers without human intervention, which are not considered hearsay and are admissible as real evidence – the UEEA provides guidance on the authentication of such evidence by a witness qualified to explain how the device operates, which is all that is required for admissibility.1 It only specifically applies to digital materials admissible as exceptions to the hearsay rule that need to be authenticated, or that are shown to constitute best evidence. Section 6 places great reliance on standards such as the Government of Canada Standard Board (CGSB) 72.34-2017, Electronic Records as Documentary Evidence, which specifies the characteristics of a system that operates in the way it is expected to and whose output will satisfy the evidentiary requirements, regardless of its form.2 It is worth examining this standard in some detail.
1Duranti and others, ‘Electronic records and the law of evidence in Canada’, 109.
2Government of Canada Standard Board (CGSB) 72.34, 2017, Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017, 14–24, https://s3.amazonaws.com/tld-documents.llnassets.com/0014000/14461/chasse2.pdf.
6.49 In its introduction, the CGSB 72:34-2017 standard refers to s 6 of the UEEA as embedded in the Canada Evidence Act, as well as in most provincial and territorial Evidence Acts, encouraging the use of standards.1 It states:
0.3 Use of this standard in legal proceedings
In legal proceedings, this standard could inform the development of arguments about the definitions of the key phrases of the rules of admissibility for electronic records. These phrases are ‘IT system integrity’ and ‘record integrity’, as used in the electronic record provisions of the Evidence Acts, and records ‘made in the usual and ordinary course of business’ as used in the CEA.2
1Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017, s2:iv.
2Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017, s3:iv.
6.50 The standard defines an IT system as a ‘set of one or more computers, associated software, peripherals, terminals, human operations, physical processes, information transfer means, that form an autonomous whole, capable of performing information processing and/or information transfer’, and IT system integrity as ‘proven capability of an IT system to perform its intended functions in an unimpaired manner, free from unauthorized manipulation, whether intentional or accidental, and the fact that it did so when the recorded information was generated and used’. It is important to know that this standard, like the legislation, focuses on the integrity of the system when discussing authentication, rather than on its reliability. The standard does consider reliability and defines it as the ‘quality of a system that has been tested, subjected to peer review or publication, accepted within the relevant scientific community and whose known or potential error rate is acceptable’, but only in relation to its recommendations on how organizations should manage their records.1
1These definitions are in Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017 at ss 3.36, 3.37 and 3.38, 5.
6.51 In s 5.2.2 the Standard states that ‘the law of evidence provides that the best evidence rule can be satisfied by proof of the integrity of the records system, as in subs. 31.2(1)(a) of the CEA’, and that ‘such integrity is proven, in the absence of proof to the contrary, by evidence that: (a) the electronic records system was at all material times operating properly or, if it was not, the fact of its not operating properly did not affect the integrity of the electronic record, and there are no other reasonable grounds to doubt the integrity of the system. (e.g. subs. 31.3(a) of the CEA)’.1
1Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017, s 5.2.2, 10.
6.52 In s 5.2.4 the Standard identifies the factors that can be used to prove the integrity of an organization’s electronic records system. They include:
(a) sources: the origin of the data in its electronic records is known;
(b) contemporaneous recording: the electronic records are made or received or stored within a reasonable time after the events to which they relate, or stored within a reasonable time after they are received;
(c) routine business data: the data within a record is of a type regularly supplied to the originating organisation, or created by it during its regular activities;
(d) data entry: the data entry procedures are part of the usual and ordinary course of business of the organisation, and are carried out in compliance with the RM manual and IT system management guide (see 6.4 and 6.5);
(e) standards: the organisation complies with applicable electronic records management standards (as per 6.3.2. b);
(f) decision making: the organisation, when making decisions, relies upon the electronic records in its electronic records system;
(g) software: the organisation’s software reliably operates the electronic records system and processes its data;
(h) system changes: a record of record system changes and alterations is kept;
(i) privacy: the use of the data in the organisation’s electronic records complies with the relevant Canadian, provincial and territorial privacy statutes governing the collection, use or disclosure of personal information, confidential commercial information, trade secrets, privileges or other confidential information; and
(j) security: security procedures, such as protection against unauthorized access and disaster recovery plans, are used to guarantee the integrity of the electronic records system. 1
1Electronic Records as Documentary Evidence. CAN/CGSB-72.34-2017, 10–11.
6.53 Proof of these factors has to be provided by the organization’s records management manual (s 6.4 of the Standard, 16–20) and the IT system management guide (s 6.5 of the Standard, 20–24). From the number of inferences that need to be made to establish authenticity and the requirements for system management, it is clear that system security is vital to authentication of the digital entities stored in the system.1
1See Denco Limited v Joinson [1991] 1 WLR 330, [1992] 1 All ER 413, [1990] 11 WLUK 224, [1991] ICR 172, [1991] IRLR 63, Times, 22 November 1990, [1991] CLY 1679 where Wood J observed that the members of the industrial tribunal were ‘extremely critical of the security arrangements made by the employers in connection with the use of the computer’ ([1991] ICR 172 at 178).
6.54 The Canadian legislation recognizes that the authenticity of the digital evidence as created and stored within a computer system is tied to the integrity of the system. If there is evidence of the integrity of the computer system, which can be provided by a witness who has knowledge of such system and can attest that it was operating properly at the time the digital evidence was created or stored in it, the evidence can be authenticated. However, the evidence of system integrity can still be rebutted. If the party challenging the evidence convinces the judge that they have good reason for doing so, it will then be for the party adducing the digital evidence to demonstrate that such evidence is authentic and can be trusted.
6.55 While the rebuttable presumption works for a great number of cases, because it means that evidence can be admitted without challenge where required, reducing hearing time and, therefore, expense as a result, serious problems have followed when systems have been presumed – as opposed to proven, or declared by a knowledgeable witness – to be operating correctly (as has been the case in England1). Mason is of the view that the presumption of ‘reliability’ of computer evidence should be questioned, particularly in relation to software which is, and will continue to be, unreliable.2 Mason points out that software is inherently complex and subject to change, whether in regard to the code, to the operating system or other components and other vulnerabilities, including being subject to ‘hacking’. Likewise, Ladkin, Littlewood, Thimbleby and Thomas CBE3 argue that it is a practical impossibility to develop such a system ‘so that the correctness of every software operation is provable to the relevant standard in legal proceedings’.4 The authors point out that most software contains defects at the rate of between 1 and 100 defects per 1,000 lines of source code.5 As a result, software can be inherently unreliable; yet the presumption is quite the opposite. Although this presumption can be rebutted, this puts the onus, and, therefore, the expense, on the party who wishes to rebut the presumption. This fact has been highlighted in England by the case of Bates v Post Office Ltd (No 6: Horizon Issues) Rev 16 (the Horizon Software case), where a number of sub-postmasters and sub-postmistresses were prosecuted on the basis of the ‘robustness’ of the Horizon computer system, with some being imprisoned and others losing their life savings.
1For which see the Post Office Horizon scandal in England and Wales, discussed in Chapter 5.
3Peter Bernard Ladkin, Bev Littlewood, Harold Thimbleby and Martyn Thomas CBE, ‘The Law Commission presumption concerning the dependability of computer evidence’ (2020) 17 Digital Evidence and Electronic Signature Law Review 1.
4Ladkin and others, ‘The Law Commission presumption’, 1.
5Ladkin and others, ‘The Law Commission presumption’, 2.
6[2019] EWHC 3408 (QB), [2019] 12 WLUK 208.
6.56 In reviewing the presumption, Ladkin and others opined that inaccuracies in electronic evidence are as likely to result from errors in the computer software as from errors in the data.1 They conclude there are three propositions that a court should consider when evaluating digital evidence:
1. A presumption that any particular computer system failure is not caused by software is not justified, even for software that has previously been shown to be very reliable.
2. Evidence of previous computer failure undermines a presumption of current proper function.
3. The fact that a class of failures has not happened before is not a reason for assuming it cannot occur.2
1Ladkin and others, ‘The Law Commission presumption’, 4.
2Ladkin and others, ‘The Law Commission presumption’, 9.
6.57 In R v Cahill, R v Pugh1 two nurses in the UK National Health System (NHS) were charged with falsification of readings taken with blood glucometers which they operated to monitor patients’ blood glucose levels. As a result of the incorrect glucose readings, a number of patients died. The glucometers had automatically taken a reading and uploaded them to a central database; police investigations showed that the manual readings taken by the nurses and written on paper did not correspond to any readings on the glucometers or on the database. The prosecution argued there were no problems with the equipment the nurses had used, and advanced the case that the nurses’ manual records were fabricated. It turned out that the manual readings were taken by the nurses as workarounds to accommodate issues with the glucometer system. Nurses also used their staff ID because the glucometer software had difficulties reading the patients’ ID. Such workarounds were accepted by the software, and meant a correct glucose reading was still obtained. However, the backend system had been configured to reject the data collected using the workarounds and store it separately for later ‘fixing’: these were subsequently ignored rather than being processed. Professor Thimbleby2 was called as an expert witness to examine this evidence of the glucometer readings and database provided by the prosecution. He discovered ‘that over 20 per cent of the database entries had an “error flag” set’, which raised his suspicions and led him to conclude that the matter became ‘a more complex story than the prosecution painted’.3 The professor concluded that this indicated that ‘nobody was paying much attention to the management of the database’.4 He also criticized the way in which police had inexplicably converted the data from the database into Excel spreadsheets and copied them onto USB (Universal Serial Bus) drives rather than taking a forensic copy of the original database. Consequently, the court excluded the evidence relied on by the prosecution on the basis that it was unreliable and acquitted the nurses.5 Professor Thimbleby summarized his experience by saying that ‘the big picture is that nobody seems to be fully aware of the complexity and risks of IT. This results in lax legislation, lax regulation and lax procurement.’6
114 October 2014, Crown Court at Cardiff, T20141094 and T20141061 before HHJ Crowther QC, (2017) 14 Digital Evidence and Electronic Signature Law Review 67.
2Harold Thimbleby, ‘Misunderstanding IT: hospital cybersecurity and IT problems reach the courts’ (2018) 15 Digital Evidence and Electronic Signatures Law Review 11.
3Thimbleby, ‘Misunderstanding IT’,16.
4Thimbleby, ‘Misunderstanding IT’,16–17.
514 October 2014, Crown Court at Cardiff, T20141094 and T20141061 before HHJ Crowther QC, (2017) 14 Digital Evidence and Electronic Signature Law Review 67.
6Thimbleby, Misunderstanding IT’, 23.
6.58 Reliability goes to the heart of authentication. Caruso and others sum up the problem as follows:
Electronic evidence is typically authenticated by methods which are limited to analysis of computer coding to determine if the machine functions according to its code. Putting aside issues regarding the accessibility of that code,1 and assuming the code is verifiable, the examples we have given earlier indicate that the proper functioning of the technology can be an incomplete answer to the authenticity of the electronic evidence produced.2
1See Edward J. Imwinkelried, ‘Computer source code: a source of the growing controversy over the reliability of automated forensic techniques’ (2017) 66 DePaul Law Review 97; Professor Imwinkelried’s suggestions are considered in Chapter 5.
2David Caruso, Michael Legg and Jordan Phoustanis, ‘The automation paradox in litigation: the inadequacy of procedure and evidence law to manage electronic evidence generated by the “Internet of Things” in civil disputes’ (2019) 19 Macquarie Law Journal 157, 181.
6.59 This comment does make the point that the ‘proper functioning of the technology’, or reliability of the computer system as it is sometimes referred to, does not automatically prove that the evidence is authentic. Further, as demonstrated by the cases outlined above, it is not always easy to rebut the presumption of reliability.
6.60 Since the concept of an ‘original’ is no longer useful when dealing with digital evidence, a digital object has to be authenticated by verifying the claims associated with it, such as:
1. The organizational criteria demonstrating the provenance of the digital object, including the documentation pertaining to the continuity of custody (and the extent to which this documentation can be trusted), and the extent to which the custodians can be trusted.
2. When the object is examined forensically, its characteristics and content are consistent with the claims made about it and the record of its provenance (although the methods used may also be subject to challenge – for instance, how a computer is tested for reliability or consistency of output).
3. The forensic imaging techniques are appropriate when relying on the evidence from a personal computer.
4. Any signatures, seals and time stamps that may be attached to the object to help test the claims about consistency and provenance.
6.61 Self-authentication allows a document to be authenticated without the need for external evidence and is proof of the particulars stated within. Self-authenticating evidence includes certified public or official records1 such as certified copies of birth, marriage and death certificates. Some jurisdictions would go further and provide that such evidence fall within the exception to the rule against hearsay. If public or official records were to be admitted only through a witness who could attest to the document’s creation and its authenticity, trials would take much longer and be more expensive. Many jurisdictions provide for rules of evidence to establish the authenticity of public documents.2
1Irish Society v Bishop of Derry & Raphoe (1846) 12 Cl. & Fin. 641, 8 ER 1561.
2For Australia, see s 155 of the Commonwealth Evidence Act 1995; for England and Wales, see s 9 of the Civil Evidence Act 1995; for Canada, see ss 24–26 the Canada Evidence Act 1995; for the USA, see the Federal Rules of Evidence, s 902(1), (2) – note that Rule 902(11) also provides that business records as ‘records of a regularly conducted activity’ may be self-certified as authentic. This rule has faced some criticism, for which see Paul W. Grimm, Daniel J. Capra and Gregory J. Joseph, ‘Authenticating digital evidence’ (2017) 69 Baylor L Rev 1, 40.
6.62 Most public and private organizations keep their digital material in Electronic Documents and Records Management Systems (EDRMS). These systems are regulated by national and international standards, which are essential for assessing the reliability and integrity of the systems through which electronic evidence is created, stored and managed, as well as to determine whether such electronic evidence falls under the business records exception to the hearsay rule.1 These standards share some fundamental requirements:
1. The system software should be able to present old materials as they originally appeared (backward compatible), and allow the sharing of materials easily with other systems (interoperable).
2. The software should have undergone theoretical or empirical testing and peer review; its error rate should be known; and it should have gained general acceptance within the scientific community (Daubert standard).2
3. The formats used should be non-proprietary, platform independent and uncompressed,3 with freely available specifications (open format) and software whose source code is made (freely) available and can be modified (open source).
4. The results produced by using the system should be repeatable, objective and verifiable.
5. The specifications of the software must be maintained and available.
6. If the software is customized, the changes must be documented (including comments in the software code).
7. The construction of the whole system must be documented.
1The established record-keeping standards are: in Europe, the Model requirements (Moreq) series of standards, https://moreq.info/; in the US, the Department of Defense 5015.2-2007 standard: https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/501502std.pdf; in Canada, the CGSB 72.34-2017 standard: https://www.scc.ca/en/standardsdb/standards/28933; and internationally the International Council on Archives Requirements, ICA-Req standards: https://www.ica.org/en/ica-req (requires a username and password).
2Daubert v Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579, 113 S.Ct. 2786. The Daubert rules are a generally accepted standard for records systems in the US: https://www.law.cornell.edu/wex/daubert_standard.
3Note that the Moreq standard and Department of Defense 5015.2-2007 standard recognize the use of compression for archiving.
6.63 The integrity of any system, not only EDRMS, should be inferred from sufficient security measures1 to prevent unauthorized or untracked access to the computers, networks, devices or storage; and stable physical devices that will ensure the values they were provided with should be maintained until changed with authorization. These devices include user names and permissions, passwords, firewalls and logs. While the first three are self-explanatory, the logs deserve a more detailed discussion, because they are an important part of the authentication of the system and the digital material stored in it. Logs are sets of files automatically created to track the actions taken, services run, or files accessed or modified, and the time, identity of the person undertaking the action and their location. They can be separated into:
1. Web logs (Client IP Address, Request Date/Time, Page Requested, HTTP Code, Bytes Sent, Browser Type, etc.).
2. Access logs (User account ID, User IP address, File Descriptor, Actions taken upon record, Unbind record, Closed connection).
3. Transaction logs (History of actions taken on a system to ensure Atomicity, Consistency, Isolation, Durability (ACID)2); Sequence number; Link to previous log; Transaction ID; Type; Updates, commits, aborts, completes).
4. Auditing Logs. They are increasing required by law to demonstrate the integrity of the system. If properly configured, and if their access is restricted, they can provide checks and balances, determine effective security policies, catch errors that occur, provide instantaneous notification of events, monitor many systems and devices through ‘dashboards’, help determine accountability of people, provide the necessary snapshot for post-event reconstruction (‘black-box’), and, if retained for a long enough time, have the capability to answer the Who-What-Where-When questions.
1From a practical point of view, when organizations and individuals entrust their data, documents or records to cloud providers, it is not possible to verify the integrity of the data centres where the digital material is stored. Thus, it is only possible to examine the security measures agreed upon in the contract between provider and user, and make an inference of authenticity from these criteria. Contrary to common belief, security is usually higher in the cloud than in anyone’s in-house repository, if the user is willing to pay for it. In fact, cloud providers have the ability to offer more complex and expensive technologies and centralized controls than would be available at any single organization. This means it is arguable that, in the cloud environment, security can be considered the equivalent of authenticity.
2ACID (atomicity, consistency, isolation and durability) is an acronym and mnemonic device for learning and remembering the four primary attributes ensured to any transaction by a transaction manager (which is also called a transaction monitor). Atomicity: in a transaction involving two or more discrete pieces of information, either all of the pieces are committed or none are. Consistency: a transaction either creates a new and valid state of data, or, if any failure occurs, returns all data to its state before the transaction was started. Isolation: a transaction in process and not yet committed must remain isolated from any other transaction. Durability: committed data is saved by the system in such a way that, even in the event of a failure and system restart, the data is available in its correct state.
6.64 While any system can be authenticated on the basis of a thorough examination by an expert of the security measures mentioned above, EDRMS must be shown to protect documents from accidental loss or corruption as well as hardware and software obsolescence. This has more to do with management of the system and its contents than with technology. Thus, a witness who is knowledgeable of procedures and processes in the organization should be able to attest that the system is backed up at least once a day, using the best backup technique for the circumstances and ensuring that the backup system includes an audit trail. It should be noted that the purpose of the backup is to recover the system in case of failure, and backups are destroyed on a regular basis. Ideally, duplicates of documents should be maintained on additional hard drives. If they are stored on tapes or discs, it is necessary to refresh and upgrade them periodically. Considering that the integrity of the electronic system guarantees the trustworthiness of the documents stored in them, at least in Canada (and de facto also in the United States), it is important for organizations to eliminate dependence on specific hardware by transferring all its functionalities to the software (this is where IT departments can help); to plan for regular technology upgrades (keeping in mind the need for backward compatibility); to consider external storage for infrequently used documents; and, if documents are removed from the live system, to associate with it the system documentation and all the necessary information about the material to be able to maintain accessibility and to understand the content of the material itself.1
1For the characteristics of EDRMS that ensure the trustworthiness of the records created and/or stored in them, see InterPARES 2 Project, Creator Guidelines, http://www.interpares.org/ip2/display_file.cfm?doc=ip2(pub)creator_guidelines_booklet.pdf.
6.65 Digital certification may be a way of proving the authenticity of evidence. However, such certification can only be as reliable as the method used to generate digital certificates, for example in a public key infrastructure where the certification authority, being the holder of the public key, is truly independent and capable of being verified.1 The most significant issue with the authenticity certificates issued by certifying authorities is that they are usually valid for no longer than five years.2
1See Chapter 7, ‘Electronic signatures’ for a detailed explanation of digital signatures.
2See Hrvoje Stančić, ‘Authentication’, in Luciana Duranti and Corinne Rogers, (eds) Trusting Records in the Cloud (Facet Publishers and the Society of American Archivists 2019), 131–154. For a detailed technical explanation and how such systems fail, see Chapter 7, ‘Electronic signatures’.
6.66 Other forms of digital certification include the use of checksums or of ‘hash algorithms’, such as MD5 or SHA-1, which, once generated, can be compared with those generated on later versions of the digital document to ascertain whether any changes have occurred to the document. These methods prove the bitwise integrity of the digital documents, and are one way to demonstrate the continuity of evidence and that the document has not been tampered with, if the metadata showing it is part of the checksum or the hash.
6.67 If the evidence is collected in such a way that the continuity of evidence is not preserved from the time of collection until its presentation at trial, this may affect its admissibility or, if admitted, the weight that the court may attach to it. To obviate this challenge, a specialist ‘science’ known as computer forensics or digital forensics has evolved to assist the court. Digital forensics encompasses four elements: identification, preservation, analysis and presentation. Safeguards and methodologies used by digital evidence professionals must preserve evidence in a way that will withstand both judicial scrutiny and challenges raised by an opposing party, should the matter go to trial.1
1This topic is discussed in detail in Chapter 9. See also Luciana Duranti, ‘From digital diplomatics to digital records forensics’ (2009) 68 Archivaria 39; Luciana Duranti and Barbara Endicott-Popovsky, ‘Digital records forensics: a new science and academic program for forensic readiness’ (2010) 5.2 Journal of Digital Forensics, Security and Law 45; and Luciana Duranti and Corinne Rogers, ‘Memory forensics: integrating digital forensics with archival science for trusting records and data’, eForensics Magazine (October 2013).
Extrinsic and circumstantial evidence
6.68 Circumstantial evidence is evidence of a fact from which the existence of the fact in issue may be inferred. Circumstantial evidence can be differentiated from direct evidence, which is evidence that directly supports an assertion. For example, circumstantial evidence would include testimony of a witness who saw a person leaving a murder scene carrying a blood-stained knife, but who did not actually see the person killing the deceased. With respect to digital evidence, circumstantial evidence can be necessary to prove, for example, that a person wrote a particular email, or placed a particular post on a social media site. Circumstantial evidence can be important, since some judges are reluctant to accept testimony from the recipient of messages as a sufficient basis for authentication.1
1Elizabeth A. Flanagan, ‘#Guilty? Sublet v. State and the authentication of social media evidence in criminal proceedings’ (2016) 61 Vill L R 287, 298.
6.69 Circumstantial evidence is particularly important when attempting to authenticate digital evidence, such as social media posts. The central issue with social media is that anyone can create a profile using a false name, and someone else might obtain access to another person’s profile if they gain access to their username and password.1
1Flanagan, ‘#Guilty? ’, 301.
6.70 Grimm, Capra and Joseph note that the ‘standard for establishing authenticity of digital evidence is the same mild standard as for traditional forms of evidence’.1 For example, if the sender of an email denies having written the email, then the party tendering the email will need to provide a wide array of evidence to prove the identity of the sender. This may be difficult, unless the party tendering the email has circumstantial evidence to show the sender was at a particular place at a particular time and the balance of probabilities (for civil matters) is that she did send the email.
1Paul W. Grimm, Daniel J. Capra and Gregory J. Joseph, ‘Authenticating digital evidence’, 5.
6.71 Judicial notice may be taken of evidence where the facts are so notorious or well known that they cannot reasonably be doubted. Such evidence does not need to be admitted through a witness and can be admitted at the request of one party. Wigmore sums up the rule as follows:
The object of this rule is to save time, labor, and expense in securing and introducing evidence on matters which are not ordinarily capable of dispute and are actually not bona fide disputed, and the tenor of which can safely be assumed from the tribunal’s general knowledge or from slight research on its part ... It thus becomes a useful expedient for speeding trials and curing informalities.1
1John Henry Wigmore, A Pocket Code of the Rules of Evidence in Trials at Law (Little, Brown & Co 1910), 2120.
6.72 The common law ‘notorious instrument’ presumption allows courts to presume that readings from scientific instruments are accurate. The courts, however, tend to be slow to recognize any newly developed scientific devices.1 Once judicial notice has been taken of a fact, arguably no evidence in rebuttal is admissible.2 However, some judges have been critical of judicial notice being taken of facts based on incorrect assumptions. Judge Harvey refers to the following passage made by Fogarty J in Senior v Police:
The Court takes judicial notice that persons who use Facebook are very aware that the contents of Facebook are often communicated to persons beyond the ‘friends’ who use Facebook. When information is put on a Facebook page, to which hundreds of people have access, the persons putting the information on the page know that that information will likely extend way beyond the defined class of ‘friends’. Very strong personal abuse directed at a former partner, placed on Facebook, read by a large number of friends, some of whom will inevitably have contact in the natural social network with the person being abused, is at the very least highly reckless.3
1Harvey, ‘Digital evidence admissibility: some issues’; this topic is dealt with more extensively in Chapter 5.
2J. D. Heydon, Cross on Evidence (12th edn, LexisNexis 2020), 229.
3[2013] NZHC 357.
6.73 Judge Harvey criticized this passage on the basis it relied on an incorrect assumption: it wrongly assumes that ‘a person who posts to a network of friends is aware that publication is being made to the world’, or that a posting will come to the attention of a particular person.1 Judge Harvey says that, in his view, ‘that cannot be assumed and should be the subject of proof’ and that ‘the sweeping assumption by Fogarty J couched in the concept of judicial notice, cannot be sustained and should be treated with extreme caution’. Further, given the lack of discussion and analysis of the facts or evidence that led to the assumption, Judge Harvey stated that ‘in some respects, it creates a reversal of the burden of proof’. Importantly, Judge Harvey goes on to say:
Working on the assumption that posting material on a Facebook page is automatically intended to be communicated to the 2 billion per month Facebook subscribers, a defendant then has the burden of proving that in fact this was not the case and evidence would have to be led that the various settings on the particular Facebook account did not permit this to take place. In reality the burden should be on the prosecution to exclude such a possibility.2
1Harvey, ‘Digital evidence admissibility: some issues’, 13.
2Harvey, ‘Digital evidence admissibility: some issues’, 13.
6.74 The fact recognized by judicial notice in Senior v Police was adopted in the later case of S v S,1 where, in Judge Harvey’s view, the incorrect generalization was extended to all social media platforms. Judge Harvey sums up the position as follows:
The utilisation of digital technologies and the way that they are treated by lawyers and the Courts requires a rigorous approach and a journey into unfamiliar territory by both lawyers and judges.2
6.75 In our view, Judge Harvey correctly sums up the position with respect to the assumptions made by courts and digital technology.
Digital evidence in archival systems
6.76 When the documentary material submitted as documentary evidence is in the custody of an archival institution, archival description (that is, inventories) acquires a primary authentication function. The authentication function of archival description is a collective attestation of the authenticity of the documents or records in an archival fonds (the Canadian expression ‘archival fonds’ is equivalent to ‘archive’ in British usage, and ‘archives’ in Australian and American usage) as well as of all their interrelationships; in other words, authenticity in their documentary context. Archival description provides a historical view of the records and of their transformations while maintaining the bond of their common provenance and destination. Archival description of permanent digital records relies on metadata as evidence about a record’s identity and integrity, which is discussed in more detail below.
6.77 The authenticity of the documentary material of an organization can be presumed if such organization or the archival institution to which it transfers its records has a trusted digital repository. ‘A trusted digital repository is one whose mission is to provide reliable, long-term access to managed digital resources to its designated community, now and in the future.’1 Trusted Digital Repositories (TDR) are expensive and require professionals with specific and costly qualifications to operate them. There are few ‘trusted’ repositories that are ‘trustworthy’. Regardless of certification, TDRs appear to be trusted only when they are in a trusted ‘place of preservation’ such as archives or a library.2
1RLG-OCLC report Trusted Digital Repositories: Attributes and Responsibilities, 5, https://www.oclc.org/content/dam/research/activities/trustedrep/repositories.pdf.
2Devan Ray Donaldson and Paul Conway, ‘User conceptions of trustworthiness for digital archival documents’ (2015) 66(12) Journal of the Association for Information Science and Technology 2427.
6.78 The two exemplary models of TDRs both come from research activities. The first was the Open Archival Information System (OAIS), created by the National Aeronautics and Space Administration (NASA), which became an ISO standard in 2003, revised in 2012 as ISO 14721:2012 and as Trusted Third Party Repository ISO 17068: 2012 and 2017.1 The second was the Chain of Preservation Model generated by the InterPARES research project.2
1Consultative Committee for Space Data System, Reference Model for an Open Archival Information System (OAIS), (June 2021), https://public.ccsds.org/pubs/650x0m2.pdf.
2Chain of Preservation Model: http://www.interpares.org/display_file.cfm?doc=ip2_COP_diagrams(complete).pdf.
6.79 The OAIS model was not developed by archival specialists, neither was it intended for archival institutions. Rather, it was conceived as a preservation system internal to an organization, such as NASA. It offers a conceptual framework for digital preservation that describes, in a technologically neutral manner, the activities and the information that are necessary for trustworthy preservation. Effectively, it has defined the universe of discourse for digital preservation in a variety of contexts around the world. It details the authorized custody services of a Trusted Third Party Repository (TTPR) in order to ensure provable authenticity of the clients’ digital records and serve as a source of reliable evidence. It describes the services and processes to be provided by a TTPR for the clients’ digital records during the retention period to ensure trust. It also details the criteria of ‘trustworthiness’ and the particular requirements of TTPR services, hardware and software systems, and management. Its limitation is that the authorized custody of the stored material is by way of an agreement between only the third party and the client.
6.80 The InterPARES project recognized that digital preservation requires a Chain of Preservation (COP) that ensures that digital records survive uncorrupted from creation through their migration from one system to another. The phrase ‘Chain of Preservation’ was chosen to indicate that all the activities to manage records throughout their existence are linked, as in a chain, and are interdependent. If a link in the chain fails, the chain cannot do its job. If certain actions are not undertaken on documentary evidence, its trustworthiness and preservation are imperilled. Any break in how digital information has been preserved could make it impossible to assert that what remains is what it should be.
6.81 The COP is realized by implementing controls that ensure that the requirements for preservation are satisfied throughout the life of the records. The COP is reflected, after the fact, in data that demonstrate that these requirements have been satisfied. These are identity and integrity metadata. Identity metadata include, but are not limited to:
(1) Names of the persons concurring in the creation of the digital entity (e.g. author, writer, addressee, originator, creator, etc.);
(2) Date(s) and time(s) of issuing, transmission and receipt;
(3) The matter or action in which the entity participates;
(4) The expression of its relationship to other entities (e.g. classification code);
(5) Documentary form (e.g. report);
(6) Digital presentation (e.g. pdf);
(7) The indication of any attachment(s);
(8) Possible presence of digital signature; and
(9) Name of the person responsible for the business matter.
6.82 Integrity metadata include, but are not limited to:
(1) Name(s) of handling persons/offices over time;
(2) Name of person/office responsible for keeping the entity;
(3) Indication of annotations;
(4) Indication of technical changes;
(5) Indication of presence or removal of digital signature;
(6) Checksum;
(7) Time of planned removal from the system (migration);
(8) Time of transfer to a custodian (archives program or institution);
(9) Time of planned deletion; and
(10) Existence and location of duplicates outside the system.
6.83 Given the nature of digital material, the integrity of the digital environment is of greater concern than that of the identity metadata. If the server is stable, it is possible to be confident that the creator’s records are what they purport to be, and therefore for all intents and purposes they can be presumed authentic.
6.84 By scrutinizing the digital records preservation practice in the context of the authenticity metadata listed above, it is possible to say that digital records authentication can be broken down into at least two tiers. The first, and most important, tier for the presumption of authenticity is to audit the integrity of the preservation system in which records are kept.1 To date there are a number of ways metadata are included in this tier: the use of checksums, the conduct of visual inspection and the comparison with duplicated material in a parallel system. The checksum can be easily verified, whereas the comparison often goes undocumented. The second tier for the presumption of authenticity moves from audit of integrity to the verification of identity. Identity metadata are provided during the process of making, transmitting, receiving and storing the digital entity. The identity metadata rely on how the creator’s system (for instance, an EDRMS) works to encapsulate the entirety of the state of the digital evidence as used by the creator in the ordinary course of business. Thus, to authenticate material that has been preserved in a system other than the one in which it was generated and/or received, it is necessary to authenticate all digital systems used over time to store such material and focus on the sum total of what can be said about the evidence from its creation to its preservation (and subsequent retrieval and use).
1This is of course independent of the trustworthiness of the preserver. If the material submitted as evidence is preserved in a digital preservation system by a public archival institution, presumption of authenticity, until proof to the contrary, is a given.
6.85 The most common form of technological authentication for records is the secure digital signature. Such a signature acts to protect bitwise integrity, verifies a record’s origin (part of its identity) and makes a record indisputable and incontestable (non-repudiation1). The digital signature has been given legal value mainly by legislative acts,2 is enabled through complex and costly public-key infrastructures (PKI) and ensures authenticity of information across space (transmission from a person to another), though not through time. This is because it is subject to obsolescence, it compounds the problem of preservation, as it cannot be migrated with the record it is attached to, and the certificates linked to it have an expiry date. Archival science tells us that a digital signature has the function of a seal, in that it is attached to a document that is complete without it, rather than that of a signature, which is an essential part of a record, so it can be removed and substituted with metadata attesting to its presence at the time of transmission and receipt. This is largely the position taken by evidence law in common law countries. A detailed discussion of digital signatures and the challenges they present when the documents to which they are attached must be maintained for longer than 2–5 years can be found in Chapter 7.
1For the meaning of ‘non-repudiation’ and its limits, see Chapter 7, Electronic signatures.
2For a list, see ‘World electronic signature legislation’ (2019) 16 Digital Evidence and Electronic Signature Law Review 135, https://journals.sas.ac.uk/deeslr/article/view/5092.
6.86 The blockchain is a type of Distributed Ledger Technology (DLT), a concept referring to the maintenance of a decentralized data repository geographically spread across multiple sites, multiple countries and multiple organizations. The blockchain is the underlying technology that enables the virtual currency Bitcoin. It is a ledger – an information store that keeps a final and definitive (immutable) trace of transactions (their hash codes1). To operate, it relies upon a distributed network, given that all nodes and servers are equal, and on decentralized consensus, with no centre(s) and no single point of control or attack. The confirmed and validated sets of transactions are held in blocks, which are linked (chained) in a chain that is tamper-resistant and append-only. A blockchain starts with the genesis block, and each block contains, in addition to the hash of a predetermined number of documents, a hash of the prior block in the chain (referred to as the Merkle tree).
1A hash code is computed from the base number using an algorithm. It is nearly impossible to derive without original data. It typically uses 128bit or greater algorithms, so 2128. The hash code compresses bits of a message into a fixed-size value; thus, it is extremely difficult to come up with original records based on hash values. The common Hash functions are SHA-1 160 bit, RIPEMD-160 160bit and MD5 128 bit.
6.87 A blockchain can be used to confirm the integrity of a record kept elsewhere, in that a record existed or was created at a certain point in time, although not after it has been time-stamped and registered in the blockchain, and the sequence of records leading to it. It is not a system that records business records. It holds the hash of records, not the records themselves. Smart contracts, which are agreements between parties directly written into lines of code on a blockchain, are not yet recognized as records. The records must still be stored and managed off chain. This is good, because if they were in the blockchain, they would be immutable.
6.88 Immutability is the attraction of a blockchain: it is what ensures integrity, as nothing can be changed in a blockchain block or removed from a block. At the same time, this is the central problem of blockchain. In fact, with current records, that is records used in the present and active course of current business, any updating or correction of the wrong data, any form of privacy protection, any exercise of the right to be forgotten, any disposition of records that are no longer needed, any system upgrade, and in short any change in the record, would invalidate the blockchain. Where records are kept or identified for continuing and possibly long-term preservation, any transfer, migration or addition to the records of a preservation system would invalidate the blockchain.
6.89 The blockchain therefore presents a problem for authentication that goes beyond bit-wise integrity, in that any form of indirect or circumstantial authentication is not possible, because the hash on the blockchain does not allow for links to the hash of related records or the hash of metadata. If the metadata were embedded in each record at creation, the hash of such record would not allow for additions or changes, which is always necessary when carrying out any usual and ordinary business.
6.90 Further, handling the decentralized (and thus trans-jurisdictional) nature of the blockchain is complicated. At any given time, determining the author of a record, the owner and what law applies is difficult, especially when dealing with code in a situation where different participants in different jurisdictions control the necessary components of the transaction. An additional issue is presented by smart contracts, which lack both the equivalent of a signature and the date of the completion of an agreement. Thus, decentralization, the attractive aspect of blockchain that takes away central control and democratizes it, is a problem for authentication of data in digital form. This is because information processing happens on a complex technological stack in which different technical components may be in the custody of, and operated by, very different participants. Some components may be under the control of a single organization, others under the control of business partners who are members of a blockchain consortium, and still others under the control of unknown third-party contributors. An organization’s records could be in the custody of thousands of independent legal entities or individuals over which the creators of the records exercise little or no control. The consensus mechanism, and other protocols or standards that determine how the blockchain operates, may not be within the decision-making purview of the creator (or the creator’s designated records professional). These may be decided by remote (and even unknown) third party developers. In many cases, these protocols and standards are still unstable, and thus the reliability of the upload of organizational records to the blockchain could be very difficult to establish with any certainty.
Challenges to the authenticity of evidence in digital form
6.91 Blanchette states that cloud computing has become a ‘certain kind of meta-infrastructure’ capable of unprecedented sustainable growth, where infrastructure is defined as ‘the elements of the computing ecosystem that provide services to applications, in contrast to the applications that provide services to users’.1 Countries are beginning to look at the cloud as a critical infrastructure, that is, an infrastructure that is vital to the functioning of their economy and society. It is therefore logical to expect that, in the future, IT systems, including record-keeping and preservation systems, will be more often than not in the cloud.
1Jean-François Blanchette, ‘Introduction’ in Christopher S. Yoo and Jean-François Blanchette (eds) Regulating the Cloud. Policy for Computing Infrastructure (MIT Press 2015), 3, emphasis added.
6.92 When a user entrusts its data, documents or records to a cloud provider, and uses the provider’s platform and application to generate additional data, the provider will create metadata related to the user’s actions about data processing, management, and such like. While the user who creates content and stores that in the cloud owns that content, they do not own the metadata created by the provider. This means that as the user needs them to authenticate its material by demonstrating its integrity, the provisions of the contractual agreements between users and cloud providers will determine whether the user has the right to obtain access to and use the provider’s metadata. Usually such agreements do not discuss ownership of metadata generated by providers and, as a consequence, authentication of material stored in a cloud environment cannot be easily supported with evidence of its integrity or the integrity of the system.1
1For a discussion of contractual agreements for cloud services see Jessica Bushey, Marie Demoulin and Robert McLelland, ‘Cloud service contracts: an issue of trust’ (2015 June) 39(2) The Canadian Journal of Information and Library Science 128.
6.93 Cloud providers claim certain standards for the availability of services, such as retrieval and access to data. This involves making available the stored material and also implies the availability of the infrastructure, which facilitates the retrieval and readability of the data. But technical difficulties might slow discovery, access and authentication processes; these difficulties might create an issue when, for example, there are deadlines imposed by a judge. Could providers also claim certain standards for the reliability of their services? Reliability is the characteristic of behaving consistently with expectations. Data stored in the cloud has the characteristic of being redundant, which means that multiple copies exist in multiple places; thus, the issue arises as to consistency and accuracy of access: whether people obtaining access to different copies see the same thing. However, compliance is difficult to verify. The continuing transfer of data by the cloud provider from one data centre to another for retention purposes might involve the loss of authenticity. Where and how the data are stored and maintained may affect the quality of the documents and their ability to serve as evidence, especially in jurisdictions where the authenticity of the document is an inference made from the integrity of the system where the data reside. In a cloud environment, the data are constantly moved, and the provider’s metadata, which reveals where the data were at any given time, may not be accessible, as mentioned above.
6.94 Contractual agreements with cloud providers do not generally specify how data, documents or records are maintained across changing technologies and data formats. They generally provide that users are responsible for backing up their data, including maintenance procedures such as proper storage, care, custody and data control as ‘backup procedures’. Thus, it cannot be known how the data centres protect data from unauthorized access, use, alteration or destruction. And these issues have to be resolved before issues as to the authentication of cloud data can be addressed.
6.95 In a world where the integrity of a system is an inference made from its security, and the integrity of the data, documents or records is an inference one makes from the integrity of the system, security is the new authenticity, and authentication itself becomes an inference based on an assessment of security levels. Organizations enforce security with something they know (e.g. passwords), they own (e.g. tokens), or things which belong to the user (e.g., biometric measurements of eyes or fingerprints; private keys in a PKI environment). Cloud providers enforce security by means of encryption of data, in storage and during transmission, and should be in a position to produce audit trails and access logs, and capture, maintain and make available metadata associated with access, retrieval, use and management of the data, in addition to those linked to the data themselves. Unless a contract explicitly states so, comprehensive security measures may not be in place; but even if they are, security still relates directly to the matter of data location and cross-border data flow.
6.96 The cloud is the platform of choice for mobile applications and the data generated using them, as well as those created for use on smart devices. Records can be stored in data centres anywhere in the world and the location of the records is a criterion in determining the law that applies in case of litigation. But providers may not always know where the records are at any given time and they can subcontract some of their services to other providers in different countries.
6.97 If the material to be submitted as evidence has been retained for a long time, these issues are compounded. The same hardware and software will not remain in service for as long as the records must be preserved, and it is doubtful that the technologies replacing them will be compatible with the earlier ones. Providers may claim to follow the standards for preservation formats, but it is not possible to control compliance. Furthermore, if the provider ceases to exist, becomes insolvent or terminates one or more of its services (for breach, inactivity or convenience), the records will be deleted or inaccessible. This is the case with free services, since these do not have an established duration and providers may close users accounts unilaterally, require users to delete software and applications, and prevent them from obtaining access to the remaining data. When the data are given back to the user, it is not certain that it will be in a usable and interoperable format.
6.98 This all means that the authentication of data, documents or records created and stored in the cloud has to rely on circumstantial evidence, on testimony of witnesses, or on the existence of copies elsewhere. Otherwise, it has to rely on what is known about the security measures used by the provider and a presumption of authenticity, unless there is proof to the contrary.1
1For an in-depth discussion of business records created and/or stored in the cloud environment, see Duranti and Rogers, Trusting Records in the Cloud.
6.99 Caruso and others1 identify issues with authentication of Internet of Things (IoT) derived electronic evidence. Compared with traditional methods of authentication, they note that for IoT-derived evidence, there is ‘the absence of human input in the ordinary functioning of the device’.2 IoT is generating electronic evidence without human input and thus creating additional challenges for authentication. As the authors note:
The absence of human input removes the IoT-derived evidence from the purview of the hearsay rule because the automation of recording eliminates the potential human foibles and infractions against which hearsay guards. The paradox is that this pathway to admissible use relies on the very divorce of the IoT from human input, monitoring or awareness that derogates from the capacity of the human-centric trial to authenticate IoT-derived electronic evidence. This derogation is likely to become more significant as future waves of autonomous technology decreasingly rely on human input; whilst humans increasingly rely on these technologies.3
1Caruso and others, ‘The automation paradox in litigation’; see also Anne Toomey McKenna, Amy C. Gaudion and Jenni L. Evans, ‘The role of satellites and smart devices: data surprises and security, privacy, and regulatory challenges’, (2019) 123 Penn St L Rev 591, and Marie-Helen Maras and Adam Scott Wandt, ‘State of Ohio v Ross Compton: internet-enabled medical device data introduced as evidence of arson and insurance fraud’, (2020) 24(3) E & P 321.
2Caruso and others, ‘The automation paradox in litigation’, 176.
3Caruso and others, ‘The automation paradox in litigation’, 177.
6.100 The Internet of Things comprises data collected by devices, which transmit such data to other devices including storage platforms. Such devices might include devices located in residences such as refrigerators, where the data generated are collected in a database for a variety of purposes, including garnering the ‘lifestyle conditions and habits of the occupants of the residence’.1 Such data collected without human input may be used in evidence, for example, to show the condition of the refrigerator where food poisoning is suspected or to monitor a patient’s medication needs.2 Likewise, wearable devices such as Fitbits collect all sorts of data that have been used in litigation as circumstantial evidence to prove the location of a person at a particular point in time.3
1Caruso and others, ‘The automation paradox in litigation’, 159.
2Caruso and others, ‘The automation paradox in litigation’, 164.
3Nicole Chauriye, ‘Wearable devices as admissible evidence: technology is killing our opportunity to lie’ (2016) Cath U J L & Tech 495.
6.101 The preservation of digital material is a continuous process that begins before data or documents or records1 are created and the purpose of which is to transmit trustworthy (that is reliable, accurate and authentic) digital entities through time and across space.2 Digital materials of a documentary nature (documents and records) consist of ‘formal elements’ that are shown on their face (address, date, salutation), metadata or attributes that demonstrate their identity and integrity, and digital components, that is, stored digital entities that require a specific preservation measure. Furthermore, they must have fixed form and stable content.
1When discussing digital preservation, it is essential to keep in mind the difference among records (documents made or received in the course of activity as an instrument and by-product of it, and kept for the purposes of such activity), documents (information recorded on a medium, where information is a message meant for communication) and data (the smallest meaningful piece of information). When data is stored over the long term, we usually speak of curation, the cleaning of and adding value to data, rather than preservation. Digital preservation refers to documentary material, which includes documents and records (all records are documents, though not all documents are records, and not all records are ‘business records’). In addition to the CGSB 74.34-2017, see Duranti and Thibodeau, ‘The concept of record in interactive, experiential and dynamic environments’.
2Luciana Duranti (ed), The Long-term Preservation of Authentic Electronic Records: Findings of the InterPARES Project (Archilab 2005); Luciana Duranti and Randy Preston (eds), InterPARES 2: Interactive, Dynamic and Experiential Records (ANAI 2008); Duranti and Rogers, ‘Trust in digital records’.
6.102 Thus, when discussing preservation of digital documentary evidence, it is necessary to consider both the ‘stored record’ and the ‘manifested record’. The stored record is composed of the digital component(s) used in re-producing it. This comprises the data to be processed in order to manifest the record (content data and form data) and the rules for processing the data, including those enabling variations (composition data – that is, data enabling any kind of structural change in the record). The manifested record is the visualization or instantiation of the record in a form suitable for presentation to a person or a system. Sometimes it does not have a corresponding stored record, but it is recreated from fixed content data when a user’s action associates them with specific form data and composition data (for instance, a record produced from a relational database).
6.103 A documentary entity has a fixed form if its binary content is stored so that the message it conveys can be rendered with the same documentary presentation (or manifestation) it had on the screen when first saved (though it might have changed its stored presentation from, say, a MS Word document to pdf format). A documentary entity also has fixed form if the same content can be presented on the screen in several different manifestations but in a limited number of ways: in this case there would be a different documentary presentation of the same stored record with a fixed form (for instance, statistical data viewed as a pie chart, a bar chart or a table).
6.104 A documentary entity has stable content if the data and the message it conveys are unchanged and unchangeable, meaning that data cannot be overwritten, altered, deleted or added to. In the digital environment, the concept of ‘bounded variability’ is present when changes to the documentary presentation of a determined stable content are limited and controlled by fixed rules, so that the same query or interaction always generates the same result, and there are different views of different subsets of the same content, as required by the author or as a result of different operating systems or applications.
6.105 Digital documentary materials may be static, in that they do not provide possibilities for changing their content or form beyond opening, closing and navigating them (email, reports, sound recordings, motion video, snapshots of web pages), or interactive, in that they present variable content, form, or both, and the rules governing the content and form of presentation may be either fixed or variable.
6.106 Further, digital documentary evidence can be non-dynamic, in that the rules governing the presentation of content and form do not vary, and the content presented each time is selected from a fixed store of data (interactive web pages, online catalogues or inventories, records enabling performances – they are documents or records), or dynamic, in that the rules governing the presentation of content and form may vary (this is the case with, for instance, Geographic Information Systems or GIS, which contain only data1).
1An example of a GIS is the VanMap of the City of Vancouver, which is used by all the city staff in order to make decisions. The data often does not exist anywhere else, especially in the correlated form shown on the GIS layers, and are consistently overwritten by new data flowing in from a variety of databases, without being saved, https://maps.vancouver.ca/portal/apps/sites/#/vanmap/.
6.107 Traditional preservation is defined as the whole of the principles, policies and strategies that control the activities designed to ensure the physical and technological stabilization and protection of intellectual content in materials (data, documents or records). Considering all the characteristics of digital material mentioned above, ‘digital preservation’ is defined as the process of maintaining digital materials during and across different generations of technology over time, irrespective of where they are stored.1 This is because it is not possible to preserve digital material. It is only possible to preserve the ability to reproduce it in a reliable, accurate and authentic way. This means that, when obtaining access to digital documentary evidence that has been maintained for a period longer than the life of the system in which it exists at the time of submission, it is not sufficient to look at the integrity of such system, but it is also essential to assess the entire preservation plan from the creation of the documentary material in the original system through its entire cycle of maintenance and preservation across systems, keeping in mind the continuity of evidence through time.
1InterPARES Trust, Terminology Database, https://interparestrust.org/terminology/term/digital%20preservation.
6.108 Thus, any organization, public or private, that intends to maintain its digital material in such a way that one day it can be used as documentary evidence and be authenticated, needs to develop plans for transfer to a trusted custodian (which can be an archives program within the organization or an external body with archival functions), enforce standardized procedures for implementing it, keep the oldest available logical format of any document that is moved to another IT system, eliminate duplicates while ensuring redundancy (all materials should be duplicated in a separate digital repository in another location), document all processing, and ensure that all transferred materials are authentic copies of the previous ones by keeping audit and transaction logs, in addition to the identity and integrity metadata.
6.109 When it comes to authentication of evidence preserved for the long term, judges and lawyers need to be aware of what activities are routinely carried out by the preserving organization to ensure the continuing integrity of the records, as well as the ability to verify them. Appropriately qualified witnesses should be able to attest that the organization has implemented the following:
1. A controlled process of migration of the records to the archives’ technological environment (always keeping the records in the format in which they were acquired);
2. The accurate documentation of any change that the records undergo during such process and every time that the archives’ technological environment is upgraded;
3. Privileges concerning the access, use and reproduction of the records within the archives; and
4. Procedures to prevent, discover and correct loss or corruption of records; to guarantee the continuing identity and integrity of the records against media deterioration and across technological changes though continuing conversion and migration; to assign responsibility for and means of authentication of individual records, when required; and to ensure redundancy, internally and remotely.
6.110 One of the major authentication challenges relates to formats and migration. Consideration should be given to verifying that the organization has selected preservation formats using accepted criteria, such as widespread adoption, non-proprietary origin, published specifications, interoperability (platform independence), and lack of compression or lossless compression. The most accepted standards for documentary evidence are PDF 1.4, which became PDF/A ISO 19005-1:2005; PDF 1.7, which became ISO 32000-1: 2008; PDF/A-2, which became ISO 19005-2:2011; and PDF/A-3, which became ISO 19005-3:2012.1
1PDF/A disallows audio/video content, JavaScript, compression and encryption. It requires that all fonts be embedded, and uses XMP metadata rules with the ability to supply new metadata schema if needed. PDF/A-2 includes better PDF tagging, which improves accessibility for smaller file sizes. It permits the use of JPEG2000 image compression, and allows the attachment of other PDF/A files. PDF/A-3 has exactly the same functionalities as PDF/A-2 but with one major difference: instead of being able to only embed other PDF/A files, it can embed any kind of data stream. The ‘hybrid archiving’ approach of PDF/A-3 could provide the best of both worlds from an evidence and archival perspective. The static visual elements of the main display document present the record content with fixity. Any concern about integrity can be addressed with the embedding of the original bitstream of the source record itself. This format provides a faithful representation of the record, is similar to that of a printout and offers the option of comparing the best format to the native one. Other standards that are valid for evidentiary purposes are: for audio, WAVE (LPCM); for email, MBOX; for Raster Images, TIFF; and for video, FFV1/LPCM in MKV. See Archivematica Preservation Formats, https://www.archivematica.org/en/docs/archivematica-1.11/user-manual/preservation/preservation-planning/.
6.111 In consideration of the fact that migration of documentary material from an obsolescent system to a current or emerging technology always entails some degree of risk, expert witnesses should show that the required functionalities of the old format were maintained through migration to a new format. Useful tools to verify a migration that has respected professional standards are the Conversions Software Registry (NCSA – National Center for Supercomputing Applications, ‘Conversions Software Registry – Query Conversions’) and the PRONOM’s DROID (from The National Archives of the United Kingdom). It is important, when authenticating material older than the system in which it is stored, to gather all information about its migration history.1
The business records exception to the rule against hearsay
The business records exception
6.112 Several exceptions to the rule against hearsay have been developed over time for documentary evidence, most notably for business records. The rule against hearsay ensures that out-of-court statements do not make their way into evidence as truth of the assertions made in such statements. In other words, for a statement to be relied upon, it must be tendered in evidence through the witness who made the statement. This rule was introduced in England in the 1500s;1 however, it was not fully developed until the early 1700s.
1John H. Wigmore, ‘The history of the hearsay rule’ (1904) 7 Harvard Law Review 437.
6.113 The rationale behind this exception has its origins in the bankers’ books rule1 where records entered into log books by bank employees could be relied upon as a record made at that point in time. This exception to the rule against hearsay is an important one when considering authentication of evidence, because the basis on which the law developed over centuries was that employees would literally enter records on paper within the binding of a book. The business records exception to the rule against hearsay essentially provides that, providing the record was generated in the ordinary course of business, someone with knowledge of the records, typically a senior member of the business, can give evidence which leads to the admission of the documents into evidence. This rule developed as a common-sense approach where employees leave businesses, only to have records tendered after their departure. In a matter involving documents over a lengthy period of time, it makes practical sense to have a person with knowledge of the business tender all documents, rather than several different people, many of whom may no longer work for the business.
1This rule has its origins in the Bankers’ Books Evidence Act 1879 (UK), which provided in s 3: ‘Subject to the provisions of this Act, a copy of an entry in a banker’s book shall in all legal proceedings be received as prima facie evidence of such entry, and of the matters, transactions, and accounts therein recorded.’
6.114 While not articulating the underlying rationale, Lord Phillips illustrated this assumption in R v Horncastle (Michael Christopher):
Business records are made admissible (by s.117 or, where a machine is involved, s.129) because, in the ordinary way, they are compiled by persons who are disinterested and, in the ordinary course of events, such statements are likely to be accurate; they are therefore admissible as evidence because prima facie they are reliable.1
1[2009] UKSC 14 at [35].
6.115 The exclusionary rules of the common law were relaxed by the Bankers’ Books Evidence Act 1879. This Act provided that copies of entries in bankers’ books – that is, ledgers, day books, cash books, account books and all other books kept in the ordinary business of the bank – are considered prima facie evidence of the matters recorded,1 subject to a number of requirements before they can be admitted into evidence. As Professor Tapper remarked, the primary purpose was to prevent the business from being disrupted by the need to produce the original books in court.2 In 1938, the case of a prosecution at a Metropolitan Police Court was commented upon in the Journal of Criminal Law.3 A bank clerk gave evidence, and produced a photograph of the document. The representative of the accused did not object to the way the evidence was presented, but the commentator on the case raised a number of issues of relevance, the first of which was that the photograph was secondary evidence of the original, which is correct. The commentator then proceeded to consider the rules by which evidence is admitted under the provisions of the Act. First, the provisions of s 5 were noted. Section 5 provides as follows:
Verification of copy.
A copy of an entry in a banker’s book shall not be received in evidence under this Act unless it be further proved that the copy has been examined with the original entry and is correct.
Such proof shall be given by some person who has examined the copy with the original entry, and may be given either orally or by an affidavit sworn before any commissioner or person authorised to take affidavits.
1In Job v Halifax PLC (2009, unreported), Inglis J accepted printouts of records cut and pasted from log files as evidence of the matters recorded; the trial was held on 30 April 2009 in Nottingham County Court and judgment was delivered on 4 June 2009. The full transcript of the judgment is available, with a commentary by Alistair Kelman, in (2009) 6 Digital Evidence and Electronic Signature Law Review 235.
2Colin Tapper, Computer Law (4th edn, Longman 1989), 407.
3‘Admissibility of a photograph of a banking account’ (1938) 2(7) The Journal of Criminal Law 357.
6.116 It was pointed out that no such evidence was tendered in this case, and it was suggested that the photograph was admitted on the basis that ‘the camera cannot lie’ – which does not follow. Second, citing the comments by Smith LJ in Hindson v Ashby,1 the bank clerk did not give evidence that he took the photograph that was produced, which meant that the image was no more than hearsay. The commentator distinguished the decision in R v Tolson2 because the purpose of the photograph in Tolson was to identify the husband, who was accused of bigamy. In the case of the photograph of the bank account, it was claimed that a witness could not say whether the photograph was correct in every detail of that particular account. A further problem with admitting the photograph arose in the light of the provisions of s 4, which reads:
Proof that book is a banker’s book.
A copy of an entry in a banker’s book shall not be received in evidence under this Act unless it be first proved that the book was at the time of the making of the entry one of the ordinary books of the bank, and that the entry was made in the usual and ordinary course of business, and that the book is in the custody or control of the bank.
Such proof may be given by a partner or officer of the bank, and may be given orally or by an affidavit sworn before any commissioner or person authorised to take affidavits.
6.117 The commentator suggested that the photograph could not be admitted unless the photographer was an officer of the bank with the necessary knowledge about the books of the bank. Finally, the commentator offered the opinion that there would be no requirement for the photograph to be proved where the bank officer producing it had first checked it against the account to which it related, because the Act does not require the person who made the copy to be called as a witness.
6.118 The technology used by banks altered considerably during the twentieth century, but this did not prevent judges from providing a wide construction to the statute, as in the (criminal) case of Barker v Wilson.1 The Divisional Court was requested to provide an opinion by way of case stated from North Yorkshire Justices sitting at York. The question was whether the justices reached the correct decision that microfilm was included within the definition of ‘bankers’ books’ in accordance with s 9 of the Act. Bridge LJJ and Caulfield J were both of the opinion that this was correct. Caulfield J said:
The justices came to the conclusion – and they put their conclusions in these terms: that they adopted some robust common sense – that section 9 does include microfilm, which is a modern process of producing banker’s records. It is probable that no modern bank in this country now maintains the old-fashioned books which were maintained at the time of the passing of the 1879 Act and possibly maintained for many years after 1879.2
1[1980] 1 WLR 884, [1980] 2 All ER 81, [1980] 2 WLUK 2, (1980) 70 Cr App R 283 (DC), [1980] Crim LR 373, (1980) 124 SJ 326, [1980] CLY 469.
2(1980) 70 Cr App R 283 at 286.
6.119 Bridge LJ reinforced the point:
The Bankers’ Books Evidence Act 1879 was enacted with the practice of bankers in 1879 in mind. It must be construed in 1980 in relation to the practice of bankers as we now understand it. So construing the definition of ‘bankers’ book’ it seems to me that clearly both phrases are apt to include any form of permanent record kept by the bank of transactions relating to the banks’ business, made by any of the methods which modern technology makes available, including, in particular, microfilm.1
1(1980) 70 Cr App R 283 at 287.
6.120 Professor Tapper commended the flexibility of the judiciary to amend a statutory rule in such circumstances.1 Section 9 has been amended by various enactments, and the relevant section, s 9(2), now reads as follows:
(2) Expressions in this Act relating to ‘bankers’ books’ include ledgers, day books, cash books, account books and other records used in the ordinary business of the bank, whether those records are in written form or are kept on microfilm, magnetic tape or any other form of mechanical or electronic data retrieval mechanism.
1Tapper, Computer Law, 408. See also the decision in Victor Chandler International v Customs and Excise Commissioners [2000] 1 WLR 1296, [2000] 2 All ER 315, [2000] 2 WLUK 990, [2001] LLR 401, (2000) 97(11) LSG 36 (2000), 150 NLJ 341, (2000) 144 SJLB 127, Times, 8 March 2000, Independent, 10 March 2000, [2000] CLY 414, in which the Court of Appeal adopted an ‘always speaking’ construction to a statute, taking into account developments that had taken place since the provision was first enacted, even though it created a criminal offence.
6.121 Other statutory exceptions to the hearsay rule are covered in the standard practitioner texts on the subject.
6.122 Generally, business records should be accurate records, which are indeed more reliable than memory. However, business records in digital form are subject to manipulation from any number of sources and it is important to ascertain that the record-keeping system had a reasonable level of security around it before admitting them into evidence.
Authentication of digital business records
6.123 Documents in digital form can be forged as easily as, if not more easily than, documents in paper or other analogue form. The authenticity of digital data in legal proceedings has been considered on a case-by-case basis.1 Email is one example of electronic documents that can be forged; however, this does not mean that every email needs to undergo an extensive authentication process to prove it is not a forgery.2 In R v Mawji (Rizwan),3 evidence of a threat to kill included an email sent to the victim, which included the words ‘I’m going to kill you’. The Court of Appeal rejected submissions that it was necessary to authenticate the email by showing the audit trail of where the email originated, because there was sufficient evidence to show that the email was written and sent by the appellant. The court said that the content of the email demonstrated its authenticity on the face of the totality of the evidence. If the email had been fabricated, why would somebody go to the length of forging the content of an email that was so obviously linked to the other evidence produced at the trial, the court asked.
1For example, in R v Cochrane [1992] 6 WLUK 63, [1993] Crim LR 48 (CA), [1993] CLY 366, McCowan LJ, Waterhouse and Brooke JJ said that it was necessary for appropriate authoritative evidence to be called to describe the function and operation of a mainframe computer.
2They were forged in R. v Debnath (Anita) [2005] EWCA Crim 3472, [2005] 12 WLUK 64, [2006] 2 Cr App R (S) 25, [2006] Crim LR 451, [2006] CLY 855; see also Masood v Zahoor [2008] EWHC 1034 (Ch), [2008] 5 WLUK 282; on appeal Zahoor v Masood [2009] EWCA Civ 650, [2010] 1 WLR 746, [2010] 1 All ER 888, [2009] 7 WLUK 101, [2009] CP Rep 44, [2010] Bus LR D12, [2010] CLY 424 where the trial judge reached the conclusion that both parties committed forgery and perjury.
3[2003] EWCA Crim 3067, [2003] 10 WLUK 438.
6.124 At the hearing, it may be relevant to produce the analysis of the metadata of an email to show where it originated. The email header can prove that the email was sent and received and show it was not a forgery.1 Use of IP addresses within emails, however, has limited utility as they cannot identify the person who drafted the email, but can only identify the person ‘who has the contract with their ISP to have Internet access’.2 Authenticating pages from the Internet can also be difficult because they alter frequently.3
1Greene v Associated Newspapers Ltd [2004] EWCA Civ 1462, [2005] QB 972, [2005] 3 WLR 281, [2005] 1 All ER 30, [2004] 11 WLUK 165, [2005] EMLR 10, (2004) 101(45) LSG 31, (2004) 148 SJLB 1318, Times, 10 November 2004, Independent, 9 November 2004, [2005] CLY 970.
2Media CAT Limited v Adams [2011] EWPCC 6, [2011] 2 WLUK 291, [2011] FSR 28, [2011] CLY 1945 ([2011] FSR 28 at [28] (Birss QCJ)).
3R. v Skinner (Philip) [2005] EWCA Crim 1439, [2005] 5 WLUK 506, [2006] Crim LR 56.
6.125 Circumstantial evidence can be used to authenticate a document in digital format, and such circumstantial evidence includes a range of factors including, but not limited to, appearance and the contents of the document, the subject matter, witness testimony, and any distinctive features that indicate a nexus.
6.126 There have been a number of authorities in Australia that have considered the authentication of business records, and some confusion arose as to whether authenticity was a precondition to admissibility. Bryson J, in National Australia Bank Ltd v Rusu,1 stated that documents would be relevant if they were shown to be authentic. In this case, the judge decided that the evidence of authenticity was lacking in the case before him. Bryson J’s reasoning in National Australia Bank Ltd v Rusu was criticized by Stephen Odgers SC.2 Odgers inferred that on Bryson J’s approach, the court may not draw reasonable inferences from a document as to its authenticity. In Lee v Minister for Immigration & Multicultural & Indigenous Affairs,3 Madgwick J took up Odgers’ criticism. One of the arguments advanced by the applicant in that case was that the note was inadmissible as a business record, having regard to National Australia Bank Ltd v Rusu. Madgwick J described National Australia Bank Ltd v Rusu at [25] as a ‘controversial NSW authority’:
In Rusu, his Honour may have meant no more than that there may be cases in which, as a matter of fact, no inference as to authenticity of a document may be properly drawn from the document itself. If he meant to say more than that, it is by no means clear to me that the way is open for a court to read some unexpressed limitation into a grant of power to courts: such grants are generally very liberally construed.
1[1999] NSWSC 539, (1999) 47 NSWLR 309.
2Stephen Odgers, Uniform Evidence Law (6th edn, Thomson Reuters 2004) 183.
3[2002] FCAFC 305.
6.127 In ASIC v Rich Austin J examined the decision in Rusu. Austin J stated that:
In the case of a business record, its authenticity may be proved, at the simplest, by the evidence of a person who satisfies two conditions: namely, first, that he or she participates in the conduct of the business; and secondly, that he or she compiled the document, or found it among the records of the business, or can recognise it as one of the records of the business.1
1(2005) 216 ALR 320 at [99].
6.128 In referring to Bryson J’s decision in NAB v Rusu, Austin J said that the judge did not have in mind proof of the authenticity of the business record ‘by the evidence of a person unconnected with the business who has found the document among the records of the business or can recognise it as a business record’.
6.129 After reviewing the authorities,1 Austin J considered authentication cannot be achieved solely by drawing inferences from the face of the document where there is no other evidence to indicate provenance. In his opinion, the other cases do not deny these propositions:
for that would ‘put the court entirely in the hands of whatever a document which a party chose to tender purported to be, subject to whatever opportunity another party had of overcoming its apparent effect’. On the other hand, it is important not to set the bar too high for the authentication of documents, because if too much is demanded, the authentication requirement will fight against the policy underlying the business records provisions which, as Hope JA remarked in Albrighton (at 548), is ‘of great importance in the search for truth’. That policy recognises that any significant organisation depends for its efficiency upon the keeping of proper records, to be used and relied upon in the everyday carrying on of the activities of the business and therefore likely to be accurate, and ‘likely to be a far more reliable source of truth than memory’ (Albrighton, at 548–549 per Hope JA; see also Australian Law Reform Commission, Interim Report on Evidence (Report No 26, vol 1), at [709]). It is reflected in the terms of s 69, which makes hearsay representations in business records admissible without requiring evidence from their authors.2
1See also O’Meara v Dominican Fathers [2003] ACTCA 24, Albrighton v Royal Prince Alfred Hospital (1980) 2 NSWLR 542.
2(2005) 216 ALR 320 at [116].
6.130 In Australian Competition and Consumer Commission v Air New Zealand Limited (No 1),1 the court stated that if there is an issue regarding the authenticity of a document, it may still be admissible if it is relevant or arguably so. This is so, provided there is material from which its authenticity may reasonably be inferred. That material will include what may reasonably be inferred from the document itself. The process of determining whether or not documents are relevant is integral to the discovery process.
1[2012] FCA 1355, (2012) 207 FCR 448, this decision was approved in Federal Commissioner of Taxation v Cassaniti [2018] FCAFC 212 and Gregg v R [2020] NSWCCA 245.
6.131 Authentication is about proving that something is what it purports to be. When seeking to prove the authenticity of digital material submitted as evidence, the traditional methods of authenticating paper and other forms of analogue evidence do not apply, because digital technology is a new and evolving paradigm and its products have characteristics quite different from those of evidence affixed to an analogue medium. Although traditional means of authentication, such as proof of the continuity of evidence and trustworthiness of the preserver, still have a role in assessing that an entity is what it claims to be, these criteria on their own are insufficient to demonstrate the authenticity of digital evidence. Even the term ‘demonstrating’ is at issue in the digital environment because, at most, authenticity may be ‘inferred’ from several factors rather than shown, due to the fact that digital material is perpetually being reproduced in the process of maintenance and use, and the entity under consideration is always new. The significant differences between authentication of analogue material and that of electronic evidence lie in three fundamental concepts: best evidence, system integrity and security, and the significant properties of the evidence.
6.132 The best evidence rule rose out of a concern that, when multiple instantiations of the same document exist, the most trustworthy and authoritative among them be submitted as evidence. In the analogue environment, this is the original, that is, the first complete document capable of reaching the purposes for which it was generated. Thus, the best evidence rule has been interpreted through time as a requirement to submit original documents when they existed, and to provide a rational explanation for their absence when only drafts or copies were available. In the digital environment, originals come into being when first received by an addressee or first saved to a system by an author, but in both cases, when the document is closed, it breaks into its digital components, and when it is opened a copy is generated. These copies that come into being every time digital documents are opened, navigated or, if interactive, reproduced from content data, form data and composition data, are never identical to the original or to each other, even when they may look so, because at the very minimum their metadata have changed. This does not mean that the best evidence rule is no longer applicable. It simply means that, rather than referring to the original document, it has to refer to the degree of integrity of the document, as proven either by technological authentication, the integrity of the system(s) where the document was created (made, received and managed) or stored over time, or the fixity and stability of the format in which it was created or preserved.
6.133 System integrity and security come into play in jurisdictions, such as Canada, where authentication is based on an inference made from the technological environment in which the potential evidence exists. Because of the vulnerability of digital material and the difficulty of establishing authenticity by examining the digital entity itself, its identity and integrity can be deduced from the system’s requirements on access, use, management and such like. This implies that strict policies and procedures are in place for controlling not only all the documents in the system, but also any interaction with them within the system and from outside. Records management manuals and information technology guides are fundamental to establishing the integrity of a system. However, they exist only in public institutions and private organizations that have their own information and preservation systems subject to mandated standards of practice. When organizations and individuals entrust their data, documents or records to cloud providers, it is not possible to verify the integrity of servers in the data centres where the digital material is stored. Thus, it is only possible to examine the security measures agreed upon in the contract between provider and user and make an inference of authenticity from them.
6.134 The most significant properties of any item of electronic evidence are the attributes necessary to establish its identity and integrity through time. Some of these data are produced when a digital entity is generated (they contribute to establishing its identity), some during its use and management (they help to establish its integrity) and others are added after the entity is selected for permanent preservation in an archive to ensure that its authenticity remains verifiable over time. Some of these properties are metadata while others are logs, and several of them are not visible on the face of the document. These are attributes having different functions, the most significant of which for evidentiary purposes are: specifying the date a document is made or received and filed; identifying the names of the persons interacting with the document (author(s), addressee(s), other recipients, handling office); naming the form of the document (report, memo) and the action involved (contract, sentence, patent, application); indicating the format and other technological characteristics of the entity; naming the title of the document, its subject matter, or the action it embodies; indicating the relationships of the document to other documents (registry number, classification code, identification number); specifying whether the document was received with a digital seal or digital signature, or was encrypted; providing information about the technical context of the entity or the migration to a new system; describing rights and obligations such as copyright, usage and security restrictions; describing activities carried out on the entity over time and across technological changes, such as conversion or reproduction to ensure redundancy; documenting the structural relationships between or within digital entities, such as the linkage between pages in a website; and identifying the users of the entity (social tags, access logs, user search logs).
6.135 In conclusion, the fundamental difference between the authentication of analogue and electronic evidence is in the fact that, while analogue material can be authenticated on its face and only exceptionally is circumstantial or extrinsic evidence necessary, the authentication of digital material is always an inference based on extrinsic elements such as significant properties, and it relies on circumstantial evidence such as the integrity of the system hosting it, the policies and procedures controlling it, and the technology encrypting or securing the access to it.