Transcript Email Evidence

Email as Evidence
JOHN D. GREGORY
DANIEL J. MICHALUK
June 11, 2009
Email as Evidence
2
Outline
 Definitions
 Relevance
 Access
 Production
 Admissibility and Weight
 Case studies
Definitions
3
Email and e-messages
 1970s

Classic email (SMTP)
 1980s
 Bulletin boards, MUD
 1990s
 Web mail, ICQ, computer-generated or –received faxes
 2000s
 IM, Social networks, Twitter
 Remix of all of the above
 VOIP? (Skype = voice + image + IM)
 Multiplication of carriers : e-messages in the cloud
Relevance
4
Why focus on email issues?
 It’s still the killer app
 Everybody uses email and (more or less) understands it
 Can be particularly potent evidence – Gates, Black, Poindexter
 Information in transit: special issues
 Multiplicity of repositories
 Jurisdiction
 Communications/speech issues with content
 Impermanence
 Paradigm case
 Raises many issues in strong ways that appear elsewhere
 Evolves quickly – the answers keep changing
Access
 Law
 The traditional “no expectation of privacy” view
 The balancing of interests approach
 The beyond control approach
 And practice
 What employers should do
Access
 No expectation of privacy view
 Notification does count
 The employer owns the medium and has lots of good reasons
to look
 E-mail communication is too insecure to expect privacy
Access
 The balancing of interests view
 Lethbridge Community College (2007)
 MS Hotmail e-mails retrieved through forensic analysis
 First case to impose a reasonable grounds requirement for
investigation
Access
 The beyond control view
 Who controls non-work related records?
 Beyond control view
Johnson v. Bell Canada (September 2008)
 University of Ottawa (December 2008)

 Back

to reality
MO-2048, City of Ottawa (April 2009)
Access
 Practical options for employers
 Do something!
 Option #1 – Try harder to control expectations despite
personal use

But how far will notice take you?
 Option
#2 – Give in, and implement privacy controls
Proportional audit/surveillance framework
 Investigation standards (reasonable suspicion)

Access
10
 Emerging challenges
 Email may be overtaken by other means of communication
 So…how are you going to deal with employees who conduct
business in the “cloud”
 Businesses should set policy to ensure business is done on
business systems only
Production
11
E-mail retention
 Volume and spread of email is both practical and legal
challenge
 So: retention policies = destruction policies


Email is often on a ‘short’ list for retention
At least pressure to move off server, sometimes auto-delete
unless actively saved


Maybe some relevance test applied as well
Limit: reasonably likely to need it in litigation
 This can be an e-discovery issue or a trial issue
 Remington case (1998) – is retention policy reasonable?
 Broccoli v Echostar (2005) – 21-day retention of emails
Production
12
Privilege waiver – the internal counsel problem
 Generally one does not produce privileged
information.


What is privileged, in-house?
If you copy counsel on all internal emails, all the emails do
not become privileged.
 Separate

business advice from legal advice
There is no deemed undertaking rule for evidence led
at trial.
Production
13
 Privilege waiver – employee emails on employer
systems



A practical problem for employer counsel among others
Case law on privilege is different from case law on
investigations, audits and surveillance
What must you do to shield yourself from a “poisoned
client”?
Admissibility and Weight
14
Proving a digital object is different
 Vulnerability of information composed of presence
or absence of electric current

What happens when the power goes off? When the system
crashes?
 Malleability of information
 Easy to change undetectably
 Presentation in the courtroom
 Mobility multiplies the issues
Admissibility and Weight
15
The elements of documentary evidence: dealing with the differences
 Authentication



Is this record what it purports to me?
Admissibility if foundation laid to support that conclusion
The cutting edge of e-evidence including email evidence today
 Best evidence rule

What is an original electronic document?
 Hearsay



Does the medium matter?
Exceptions wide (reliability) or focused (business records?)
It’s not always hearsay (e.g. mechanical evidence)
Admissibility and Weight
16
The Uniform Electronic Evidence Act (where enacted)
 “Solutions” to electronic application of these rules
 Authentication: codify


Count on the witness under oath (not saying who)
Challenge is in responding to challenges (expertise, availability
of foundation evidence)
 Best evidence: system not document
 Presumptions in aid: it matters whose system it is
 Standards in aid
 Hearsay: do nothing
 Possible spillover effect of other rules
Case law
17
 Not much of interest on UEEA
 R. v. Bellingham (AB) needed evidence of what printouts were
 Leoppky v Meston (AB) – demonstrates several things:
 Court looks behind computer to actual sender
 A series of emails can satisfy Statute of Frauds
 Still had missing link i.e. legal rules still apply
 Nad Business Solutions (ON) – email as course of conduct
 Singapore vs England: email headers OK or not OK as
evidence capable of supporting Statute of Frauds
 Lorraine v Markel (NJ) – extreme demands (all obiter)

Prove lots about system, manner of production, etc
An extreme case?
18
 “The focus is not on the … creation of the record, but
rather on the … preservation of the record during the
time it is in the file”
 “The entity’s policies and procedures for the use of
the equipment, database and programs are
important. How access to the … database [and to the
specific program are] controlled is important. How
changes in the database are logged, as well as the
structure and implementation of backup systems and
audit procedures for assuring the continued integrity
of the database, are pertinent.”
• In re Vee Vinhee, US appeal court, 2005.
CGSB Standard
19
Canadian General Standards Board: Standard on
electronic records as documentary evidence
 The key rule of the Standard: think about it!
 In other words:
 Make a policy about how e-records are managed
 Communicate the policy
 Implement the policy
 Monitor compliance with the policy
 Adjust the policy as required by circumstances
 Have a policy manual that you can point to.
 Have someone responsible (CRO) (+ witness)
New e-messages: Challenges
20
Webmail, Facebook/MySpace, Twitter
 As you go into the cloud, it is harder to:


Authenticate (go to ISP not ASP)
Figure out and prove the ‘system’ whose reliability one would like to
count on (or at least appreciate)




No standardization – every application is different (not like SMTP)
Consumer oriented – so less rigorous than business systems
Proprietary – so codes etc are not readily available
Are clouds third party providers in ordinary course of business, i.e.
should they be considered reliable?
Admissibility and Weight
21
 Email problem #1 – You didn’t send that



Employee alleges termination on basis of pregnancy
Email pre-dates her pregnancy by two months showing bona
fide intent to terminate
Proponent can testify
Admissibility and Weight
22
 Email problem #2 – I didn’t send that






Agreement to arbitrate executed through employer’s intranet
Execution by entering SSN or employee ID number plus
password
Supervisors could reset passwords
Supervisor resets password to help employee get access
Email confirmation sent to employee
Employee claims supervisor executed agreement and denies
reading confirmation email
Email as Evidence
JOHN D. GREGORY
DANIEL J. MICHALUK