National Law Week concludes today:

Law of Evidence relating to IT and Forensic Issues

The Information Technology revolution has introduced the Computer and it has entered into almost all aspects of our lives during past few decades. Any Computer on the internet can access another computer on any network, ATMs withdrawal of money from an account from any place in the world.

With the development of Mobile Phone technology m-Commerce has been improved, eg. Mobile banking, reservation of Air Tickets through mobile phone etc. All Computer related systems are vulnerable to intrusion and destruction. Perhaps, interruption of such system could lead to a total disruption of the daily life. Eg. Hospitals, Transport etc.

Trends are developing to shift the nature of crimes from traditional to Hi-Tech with the development of Hi-Tech Technology. Computer may be used as a storage container or a tool to commit a crime. It is estimated that in near future, almost all the crimes in the world will be Computer related crimes; documents will be Computer based documents.

Therefore, application of new methodology to investigate and seizure of data in Computer hardware, software, communication devices, computer peripherals in any other form and storing of them are essential. Its forensic issues and introduction of new laws relating to Computer evidence play a vital role in forwarding Evidence before Courts of Law.

Electronic Evidence

A considerable number of institutions in the world stores their documentation in digital form in computers. They keep communication through e-mail, electronic voice mail systems etc. using Computers. As a result burden of proof of such evidence before Courts can also be complicated, eg. Reconstructing, restoring, and searching data.

Discovery of evidence is the most essential part to prove a case and various jurisdictions have faced common and different types of difficulties unique to relevant legal systems due to its own nature (of laws), procedures etc.

When the subject matter is discussed with 'electronic evidence', it will be a more complicated issue compared to discovery of non electronic evidence. With development of technology, evidence takes a new form and e-mail, chat room transcripts, databases, spreadsheets, web browser history files, information through system backup tapes have been replacing conventional paper documents.

Computer evidence may be stored in hidden files as there is a great deal of left over data stored in their disk drives of a computer. Some institutions may store their data at a distant server, different website etc.

Digital discovery tends to be voluminous, as electronic data are cheaper and easier to copy, archive and distribute. Electronic data, unlike their conventional counterparts, do not disappear easily and difficult to delete (or destroy) of an electronic document.

Unlike a paper document, the digital document has increased the number of locations where potentially discoverable documents may be found. Cost factor relating to digital discovery is a serious problem due to its nature eg. Sattar vs. Motorola, Inc. 138 F.3d 1164 (7th Cir. 1998). National Union Electric Corp. vs. Matsushita Electric Industrial Co. 494F. Supp.1257 (ED 1980).

Privacy issues

Privacy issues will be another aspect under Digital discovery since courts can allow access to email, records of Web sites visited, transcripts of chat room discussions etc. to discover such evidence.

In general, opposing party is allowed to request relevant material from the proposed party to produce such evidence. However, one cannot apply rules relating to traditional discovery methods as it is for discovery of electronic evidence due to its nature.

Standard of knowledge and competence of investigators and their ability to explain the relevance of electronic forensic analysing tools used for discovery of electronic evidence also might open doors for different level of acceptability of such evidence in Court trials. It is the duty of the Forensic experts to ensure that nothing has been added to or deleted from electronic evidence recovered from the scene of crime/place.

Prior to the introduction of Evidence Special Provisions Act in Sri Lanka, there was no provision under Law of Evidence to admit Computer Evidence. In Benwell vs. Republic of Sri Lanka, (1978-79) Sri Lanka Law Reports Vol.2 Page 194 it was held that, Computer evidence is in a category of its own.

It is neither original evidence nor derivative evidence. Under the law of Sri Lanka, computer evidence is not admissible under Section 34 of the Evidence Ordinance or under any other section of the Evidence Ordinance.

Provisions Act

Act No. 27 of 2003 and Electronic Transactions Act in 2006 have introduced extending support to admit IT Related Evidence in Sri Lanka.

Recently, Electronic Transactions Act No. 19 of 2006 introduced to recognise and facilitate the formation of contracts, the creation and exchange of data message, Electronic documents, Electronic Records and other Communication in Electronic form in Sri Lanka.

Sections 21 and 22 are the governing sections Rules Governing Evidence under the Act. Section 21 of the Act states - Notwithstanding anything to the contrary in the Evidence Ordinance or any other written law, the provisions of the section shall be applicable for the purpose of the same Act'.

Section 22 - Notwithstanding contained in the Evidence (Special Provisions) Act No. 14 of 1995 shall apply to and in relation to any data message, electronic, document, electronic record or other document on which the provisions of this Act applies'.

Evidence Special Provisions Act No. 14 of 1995 has been introduced to manage computer based evidence efficiently and legally (Subject to Section 22 of the said e-Transactions Act).

On the other hand, when there is no provision to handle law relating to evidence in Sri Lanka, the UK law is applicable under Section 100 of the Evidence Ordinance. Further, any other law is applicable in Sri Lanka under Section 3 of the Evidence Special Provisions Act when there is no provision to handle law relating to evidence under the same Act or Evidence Ordinance. Therefore, Sri Lankan Law will be benefited with the development of IT related Evidence in other countries.

Evidence Special Provisions Act - Section 2 of the Act -

Provisions of this Act shall be applicable in respect of any matter provided in the Act notwithstanding anything contained to the contrary (i) in the Evidence Ordinance or (ii) any other written Law.

Section 3 (1) of the Act - When this Act does not provide provisions,

(a) Evidence Ordinance,

(b) Any other law shall be adopted and applied, where appropriate and with suitable adaptations as the justice of the case may require.

Section 3(2) of the Act - When this Act does not provide for the determination in the case of a recording, reproduction, statement or other evidence under this Act

(a) provisions relating to documents or governing like matter in the Evidence Ordinance or

(b) such other law, shall with suitable adaptations as the justice of the case may require be adopted and applied.

It is clear that provisions under Chapter V (Sections 61-90) and Section 165 of the Evidence Ordinance shall be applicable when there is no provision under the Evidence Special Provisions Act to deal with evidence relating to Information Technology in Sri Lanka and when there is no provisions under the said Act and the Evidence Ordinance for same, the UK law is applicable under Section 100 of the same Ordinance as usual.

Further the sub-Sections 3(1) and 3(2) of the Evidence Special Provisions Act have accommodated to apply Law of Evidence relating to Information Technology in other countries also in Sri Lanka. Therefore, the Law of Evidence in Sri Lanka relating to Information Technology will be benefited with the development of the same subject in other countries.

It is also clear that the legislature has adopted flexible attitude for accepting and adopting of evidence relating to Information Technology compared to other evidence before Courts under Section 3(3) of the Act.

'Computer Evidence' has been recognised in Sri Lanka under Section 5 of the Evidence Special Provisions Act and in any proceedings where direct oral evidence of a fact would be admissible, any information contained in any statement produced by a computer and tending to establish that fact shall be admissible as evidence of that fact with the satisfaction of the conditions explained in the same Section.

Section 7 provides provisions regarding Notices to have access to inspect evidence sought to be produced, machine, device or computer, any records relating to the production of the evidence or the system used in such production, and the steps to be taken by the other party and Section 8 explains about Admissions and Section 9 provides presumptions.

As far as the Evidence Special Provisions Act is concerned it is clear that the legislature has considered Computer generated documents and related evidence. However, it is doubtful whether the legislature has focused their mind on Computer related evidence adequately. Eg. evidence discovered from network.

IT Related Evidence

Some countries like Sri Lanka do not have Computer Crimes Act or Data Protection Act at the moment. Under these circumstances there is no way to deal with Computer Crimes and e-Commerce transactions properly by the authorities.

Different countries have adopted different policies on IT related evidence. Due to the nature of this type of evidence, any particular country cannot apply restricted laws and rules relevant only to their territories.

The United Kingdom introduced Criminal Justice (International Co-operation) Act 1990 to overcome this situation providing provisions to extend the power of search and seizure to materials relevant to an overseas investigation or proceedings.

Some risks relevant to Forensic issues of Computer Evidence are offenders attack Computers and networks remotely and anonymously, action and motives not self-defining, involvement of multiple jurisdictions, Digital footprints and other evidence are ephemeral, difficulty to identify offenders. See Cyber crimes issues.

Electronic data always flow freely crossing borders of the States. Management methods of documents in digital form may be different from one country to another. E.g. - value of evidence relating to storing of data can be different from one country to another unless we consider the entire world as one jurisdiction.

Some Constitutions have safeguarded privacy of persons and the parameter of privacy policies can be different from one country to another. e.g. EU Data Protection Directive 95/46/EC has given a set of privacy policies relevant to member countries.

Most of the Asian Countries don't have such strong policies adopted. However, they also have imposed some kind of privacy policies for their respective citizens. Law enforcement needs some kind of permission exceeding the limits of protection of such privacy policies for surveillance and seizure of electronic evidence.

Sometimes, available procedural laws might not be enough to discover electronic evidence. In Davis vs. Gracey 10th circuit has decided that an additional warrant would have been required for the officers to gain access or read the seized email. See Northwest Airlines, Inc., vs. LOCAL 2000. International Brotherhood of Tamesters, et al. 163 L. R. R. M. (BNA) 2460 (USDC Minn. 1999).

Law enforcement is provided permission to discover electronic evidence protected under privacy policies.

Another practical aspect is how long any person could protect electronic data and on whose account such data should be protected? eg. Thomes F. Linnen, et al vs. A. H. Robins Co. Inc. et 163 L. R. R. M. (BNA) 2460, (USDC Minn. 1999).

These matters were discussed in a number of International Conferences and the International Community is still struggling to remove uncertainty regarding same. It is clear that the new approach must be introduced globally to maintain uniformity among all nations to minimise the said practical problems on this subject.

'Safe Harbour' principles (a set of principles that US companies would sign up to on a voluntary basis, but to which they would then be bound, and which the Commission would find "adequate" under Article 25.6 of the data protection Directive) adopted by US/EU bridging the different approaches to data protection are a good example to the rest of the world.

(The writer holds Dip in Forensic Medicine Science and Toxicology (Colombo), and is an Attorney-at-Law, Secretary, Bar Association of Sri Lanka, Chairman, IT Committee, BASL)