Email Evidence
Download
Report
Transcript Email Evidence
Email as Evidence
JOHN D. GREGORY
DANIEL J. MICHALUK
June 11, 2009
Email as Evidence
2
Outline
Definitions
Relevance
Access
Production
Admissibility and Weight
Case studies
Definitions
3
Email and e-messages
1970s
Classic email (SMTP)
1980s
Bulletin boards, MUD
1990s
Web mail, ICQ, computer-generated or –received faxes
2000s
IM, Social networks, Twitter
Remix of all of the above
VOIP? (Skype = voice + image + IM)
Multiplication of carriers : e-messages in the cloud
Relevance
4
Why focus on email issues?
It’s still the killer app
Everybody uses email and (more or less) understands it
Can be particularly potent evidence – Gates, Black, Poindexter
Information in transit: special issues
Multiplicity of repositories
Jurisdiction
Communications/speech issues with content
Impermanence
Paradigm case
Raises many issues in strong ways that appear elsewhere
Evolves quickly – the answers keep changing
Access
Law
The traditional “no expectation of privacy” view
The balancing of interests approach
The beyond control approach
And practice
What employers should do
Access
No expectation of privacy view
Notification does count
The employer owns the medium and has lots of good reasons
to look
E-mail communication is too insecure to expect privacy
Access
The balancing of interests view
Lethbridge Community College (2007)
MS Hotmail e-mails retrieved through forensic analysis
First case to impose a reasonable grounds requirement for
investigation
Access
The beyond control view
Who controls non-work related records?
Beyond control view
Johnson v. Bell Canada (September 2008)
University of Ottawa (December 2008)
Back
to reality
MO-2048, City of Ottawa (April 2009)
Access
Practical options for employers
Do something!
Option #1 – Try harder to control expectations despite
personal use
But how far will notice take you?
Option
#2 – Give in, and implement privacy controls
Proportional audit/surveillance framework
Investigation standards (reasonable suspicion)
Access
10
Emerging challenges
Email may be overtaken by other means of communication
So…how are you going to deal with employees who conduct
business in the “cloud”
Businesses should set policy to ensure business is done on
business systems only
Production
11
E-mail retention
Volume and spread of email is both practical and legal
challenge
So: retention policies = destruction policies
Email is often on a ‘short’ list for retention
At least pressure to move off server, sometimes auto-delete
unless actively saved
Maybe some relevance test applied as well
Limit: reasonably likely to need it in litigation
This can be an e-discovery issue or a trial issue
Remington case (1998) – is retention policy reasonable?
Broccoli v Echostar (2005) – 21-day retention of emails
Production
12
Privilege waiver – the internal counsel problem
Generally one does not produce privileged
information.
What is privileged, in-house?
If you copy counsel on all internal emails, all the emails do
not become privileged.
Separate
business advice from legal advice
There is no deemed undertaking rule for evidence led
at trial.
Production
13
Privilege waiver – employee emails on employer
systems
A practical problem for employer counsel among others
Case law on privilege is different from case law on
investigations, audits and surveillance
What must you do to shield yourself from a “poisoned
client”?
Admissibility and Weight
14
Proving a digital object is different
Vulnerability of information composed of presence
or absence of electric current
What happens when the power goes off? When the system
crashes?
Malleability of information
Easy to change undetectably
Presentation in the courtroom
Mobility multiplies the issues
Admissibility and Weight
15
The elements of documentary evidence: dealing with the differences
Authentication
Is this record what it purports to me?
Admissibility if foundation laid to support that conclusion
The cutting edge of e-evidence including email evidence today
Best evidence rule
What is an original electronic document?
Hearsay
Does the medium matter?
Exceptions wide (reliability) or focused (business records?)
It’s not always hearsay (e.g. mechanical evidence)
Admissibility and Weight
16
The Uniform Electronic Evidence Act (where enacted)
“Solutions” to electronic application of these rules
Authentication: codify
Count on the witness under oath (not saying who)
Challenge is in responding to challenges (expertise, availability
of foundation evidence)
Best evidence: system not document
Presumptions in aid: it matters whose system it is
Standards in aid
Hearsay: do nothing
Possible spillover effect of other rules
Case law
17
Not much of interest on UEEA
R. v. Bellingham (AB) needed evidence of what printouts were
Leoppky v Meston (AB) – demonstrates several things:
Court looks behind computer to actual sender
A series of emails can satisfy Statute of Frauds
Still had missing link i.e. legal rules still apply
Nad Business Solutions (ON) – email as course of conduct
Singapore vs England: email headers OK or not OK as
evidence capable of supporting Statute of Frauds
Lorraine v Markel (NJ) – extreme demands (all obiter)
Prove lots about system, manner of production, etc
An extreme case?
18
“The focus is not on the … creation of the record, but
rather on the … preservation of the record during the
time it is in the file”
“The entity’s policies and procedures for the use of
the equipment, database and programs are
important. How access to the … database [and to the
specific program are] controlled is important. How
changes in the database are logged, as well as the
structure and implementation of backup systems and
audit procedures for assuring the continued integrity
of the database, are pertinent.”
• In re Vee Vinhee, US appeal court, 2005.
CGSB Standard
19
Canadian General Standards Board: Standard on
electronic records as documentary evidence
The key rule of the Standard: think about it!
In other words:
Make a policy about how e-records are managed
Communicate the policy
Implement the policy
Monitor compliance with the policy
Adjust the policy as required by circumstances
Have a policy manual that you can point to.
Have someone responsible (CRO) (+ witness)
New e-messages: Challenges
20
Webmail, Facebook/MySpace, Twitter
As you go into the cloud, it is harder to:
Authenticate (go to ISP not ASP)
Figure out and prove the ‘system’ whose reliability one would like to
count on (or at least appreciate)
No standardization – every application is different (not like SMTP)
Consumer oriented – so less rigorous than business systems
Proprietary – so codes etc are not readily available
Are clouds third party providers in ordinary course of business, i.e.
should they be considered reliable?
Admissibility and Weight
21
Email problem #1 – You didn’t send that
Employee alleges termination on basis of pregnancy
Email pre-dates her pregnancy by two months showing bona
fide intent to terminate
Proponent can testify
Admissibility and Weight
22
Email problem #2 – I didn’t send that
Agreement to arbitrate executed through employer’s intranet
Execution by entering SSN or employee ID number plus
password
Supervisors could reset passwords
Supervisor resets password to help employee get access
Email confirmation sent to employee
Employee claims supervisor executed agreement and denies
reading confirmation email
Email as Evidence
JOHN D. GREGORY
DANIEL J. MICHALUK