1 / 23

Email as Evidence

Email as Evidence. JOHN D. GREGORY DANIEL J. MICHALUK June 11, 2009. Email as Evidence. Outline Definitions Relevance Access Production Admissibility and Weight Case studies. Definitions. Email and e-messages 1970s Classic email (SMTP) 1980s Bulletin boards, MUD 1990s

paul
Download Presentation

Email as Evidence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email as Evidence JOHN D. GREGORY DANIEL J. MICHALUK June 11, 2009

  2. Email as Evidence Outline • Definitions • Relevance • Access • Production • Admissibility and Weight • Case studies

  3. Definitions Email and e-messages 1970s Classic email (SMTP) 1980s Bulletin boards, MUD 1990s Web mail, ICQ, computer-generated or –received faxes 2000s IM, Social networks, Twitter Remix of all of the above VOIP? (Skype = voice + image + IM) Multiplication of carriers : e-messages in the cloud

  4. Relevance Why focus on email issues? • It’s still the killer app • Everybody uses email and (more or less) understands it • Can be particularly potent evidence – Gates, Black, Poindexter • Information in transit: special issues • Multiplicity of repositories • Jurisdiction • Communications/speech issues with content • Impermanence • Paradigm case • Raises many issues in strong ways that appear elsewhere • Evolves quickly – the answers keep changing

  5. Access Law The traditional “no expectation of privacy” view The balancing of interests approach The beyond control approach And practice What employers should do

  6. Access No expectation of privacy view Notification does count The employer owns the medium and has lots of good reasons to look E-mail communication is too insecure to expect privacy

  7. Access The balancing of interests view Lethbridge Community College (2007) MS Hotmail e-mails retrieved through forensic analysis First case to impose a reasonable grounds requirement for investigation

  8. Access The beyond control view Who controls non-work related records? Beyond control view Johnson v. Bell Canada (September 2008) University of Ottawa (December 2008) Back to reality MO-2048, City of Ottawa (April 2009)

  9. Access Practical options for employers Do something! Option #1 – Try harder to control expectations despite personal use But how far will notice take you? Option #2 – Give in, and implement privacy controls Proportional audit/surveillance framework Investigation standards (reasonable suspicion)

  10. Access • Emerging challenges • Email may be overtaken by other means of communication • So…how are you going to deal with employees who conduct business in the “cloud” • Businesses should set policy to ensure business is done on business systems only

  11. Production E-mail retention • Volume and spread of email is both practical and legal challenge • So: retention policies = destruction policies • Email is often on a ‘short’ list for retention • At least pressure to move off server, sometimes auto-delete unless actively saved • Maybe some relevance test applied as well • Limit: reasonably likely to need it in litigation • This can be an e-discovery issue or a trial issue • Remington case (1998) – is retention policy reasonable? • Broccoli v Echostar (2005) – 21-day retention of emails

  12. Production Privilege waiver – the internal counsel problem • Generally one does not produce privileged information. • What is privileged, in-house? • If you copy counsel on all internal emails, all the emails do not become privileged. • Separate business advice from legal advice • There is no deemed undertaking rule for evidence led at trial.

  13. Production • Privilege waiver – employee emails on employer systems • A practical problem for employer counsel among others • Case law on privilege is different from case law on investigations, audits and surveillance • What must you do to shield yourself from a “poisoned client”?

  14. Admissibility and Weight Proving a digital object is different Vulnerability of information composed of presence or absence of electric current What happens when the power goes off? When the system crashes? Malleability of information Easy to change undetectably Presentation in the courtroom Mobility multiplies the issues

  15. Admissibility and Weight The elements of documentary evidence: dealing with the differences Authentication Is this record what it purports to me? Admissibility if foundation laid to support that conclusion The cutting edge of e-evidence including email evidence today Best evidence rule What is an original electronic document? Hearsay Does the medium matter? Exceptions wide (reliability) or focused (business records?) It’s not always hearsay (e.g. mechanical evidence)

  16. Admissibility and Weight The Uniform Electronic Evidence Act (where enacted) “Solutions” to electronic application of these rules Authentication: codify Count on the witness under oath (not saying who) Challenge is in responding to challenges (expertise, availability of foundation evidence) Best evidence: system not document Presumptions in aid: it matters whose system it is Standards in aid Hearsay: do nothing Possible spillover effect of other rules

  17. Case law Not much of interest on UEEA R. v. Bellingham (AB) needed evidence of what printouts were Leoppky v Meston (AB) – demonstrates several things: Court looks behind computer to actual sender A series of emails can satisfy Statute of Frauds Still had missing link i.e. legal rules still apply Nad Business Solutions (ON) – email as course of conduct Singapore vs England: email headers OK or not OK as evidence capable of supporting Statute of Frauds Lorraine v Markel (NJ) – extreme demands (all obiter) Prove lots about system, manner of production, etc

  18. An extreme case? “The focus is not on the … creation of the record, but rather on the … preservation of the record during the time it is in the file” “The entity’s policies and procedures for the use of the equipment, database and programs are important. How access to the … database [and to the specific program are] controlled is important. How changes in the database are logged, as well as the structure and implementation of backup systems and audit procedures for assuring the continued integrity of the database, are pertinent.” In re Vee Vinhee, US appeal court, 2005.

  19. CGSB Standard Canadian General Standards Board: Standard on electronic records as documentary evidence The key rule of the Standard: think about it!  In other words: Make a policy about how e-records are managed Communicate the policy Implement the policy Monitor compliance with the policy Adjust the policy as required by circumstances Have a policy manual that you can point to. Have someone responsible (CRO) (+ witness)

  20. New e-messages: Challenges Webmail, Facebook/MySpace, Twitter As you go into the cloud, it is harder to: Authenticate (go to ISP not ASP) Figure out and prove the ‘system’ whose reliability one would like to count on (or at least appreciate) No standardization – every application is different (not like SMTP) Consumer oriented – so less rigorous than business systems Proprietary – so codes etc are not readily available Are clouds third party providers in ordinary course of business, i.e. should they be considered reliable?

  21. Admissibility and Weight Email problem #1 – You didn’t send that Employee alleges termination on basis of pregnancy Email pre-dates her pregnancy by two months showing bona fide intent to terminate Proponent can testify

  22. Admissibility and Weight Email problem #2 – I didn’t send that Agreement to arbitrate executed through employer’s intranet Execution by entering SSN or employee ID number plus password Supervisors could reset passwords Supervisor resets password to help employee get access Email confirmation sent to employee Employee claims supervisor executed agreement and denies reading confirmation email

  23. Email as Evidence JOHN D. GREGORY DANIEL J. MICHALUK

More Related