Slashdot Mirror
Regarding the Use of Digital Data in Court?
iChuckles asks: "Is there a way to make electronic data admissible in court? Can electronic data be used as an alibi? I want to keep an electronic journal, on my work, that is date and time stamped. This journal could be used to prove I came up with an idea on a certain date based upon an entry. Is there a database, or method of recording this data, in electronic form, that will stand up in court? Is there a database that once a record is entered with an accompanying time and date stamp, cannot be altered?"
the entries would have to be kept with a trusted 3rd party as there is no such system that guarantees the data will not be changed. I guess it could be sort of like security certificate companies, holding the data in trust for everyone and their sole duty is to ensure that it is correct.
As far as I am concerned - nothing you manage locally or hold entirely on your own hardware would be acceptable, you cannot provide a strong enough guarantee of the integrity.
It's not that I'm Anti-American - I'm Pro-Freedom
http://www.itconsult.co.uk/stamper.htm -- really, there comes a point where a trusted authority is just required. I know scientists just keep hand-written logbooks, and date each entry and keep it in pen. Nice and old-fashioned, the courts like it. Alternativly, if we don't want to go old-fashioned, you could sign your mails with the above service (but how do you prove that service can be trusted?)
Trust is a really nasty recursive problem. I'd just keep a paper logbook, and other records. It should work well enough.
A public time-stamping service is what we need. How do we get this set up?
I'd like to hear about the ones you know that are already in place, but something more universally trusted would be ideal. (Not that our government is universally trusted, but for in-court use, we'd need something not just a private person or corporation has set up.)
For an individual user like yourself, I'd suggest the following.
This should allow you to prove you had a file that produced THIS signature on a certain date. You can then recalculate the MD5 of the file you have (and if you haven't modified it) it should produce the same hash - which would lead one to believe that this IS the same file. This should be fairly compelling evidence.
Yes, it is *possible* to get another file to produce the same MD5, but it is unlikely.
Another option would be to print out the journal entry and have it notarized. This would be much easier to fake than the MD5 method - but courts have accepted notarized documents for ages.
- vin
Is there a database, or method of recording this data, in electronic form, that will stand up in court?
...Maybe some of that infamous write only memory would solve your problems?
Or rather: Is there a reliable web service (a "trusted authority") that provides unique time stamps?
Is there a database that once a record is entered with an accompanying time and date stamp, cannot be altered?
And don't forget: Is there a way to prevent records being inserted in between older journals, at a later time?
Or
--
The human brain is a wonderful thing: It starts working the moment you are born, and never stops until you stand up to speak in public -- Sir George Jessel
The only way I can think of is to have someone sign it with their OpenPGP key.
A couple of interesting starting points: US Department of Justice's Search and Seizure Guide and The International Journal of Digital Evidence. These aren't direct answers to your question of course but they give a feel for how the field is developing.
Step 1: Get a PGP Key
Step 2: Sign a journal entry that contains the date of the journal entry (can't really be forged, can it?)
Someone else mentioned an MD5 sum, and that's good too, but this is much much better. With the MD5 idea, I could just fake an entry quite easily and re-create the md5 signature. With pgp, information is stored in the signature about _when_ I signed the message.
Computer data is considered heresay in court.
If you are serious, record your notes in a written journal (in pen), and take the journal to a subject matter notary once a week (or month) to have them notarized (each page). You may wish to contract this service (it should be cheaper that way than one-offs). This is how intellectual property research can be protected.
The do-it-yourself method (I don't know how this stands up in court) is to snail-mail copies of your journal pages (say weekly) in tamper-evident envelopes to yourself. Don't open them. They are post-marked by the USPS for date. I suppose you could put your data on a CD weekly or monthly and do the same thing, but the computer-data-as-heresay issue comes up again.
I know of at least one private firm already working on such a device. A friend of mine from college is working there. Sadly I can't remember the name of the firm, but I was told they have several development contracts in place already. They are currently based out of Mobile, Alabama, I think.
Mail it to yourself, registered mail style.
While you're at it, mail yourself some empty unsealed envelopes, "just in case"...
I learned in music school that the old fashioned trick of mailing yourself something and leaving it sealed does stand up in court.
Take whatever it is you want to timestamp, put it in a sealed envelope, and mail it to yourself.
If you ever have to go to court, have the judge open the postal service stamped envelope and examine the contents.
It would take a damn good lawyer to make a jury think you are somehow in cahoots with the postal service and had them back date the stamp.
On the loganalysis mailing list.
It's covered everything from requirements for logs to be admitted, to the validity of using checksums.
It's also been archived on the log analysis website.
even better, we've had several lawyers in on the conversation who site actual case law.
for once the conversation doesn't need the standard IANAL.
Here's a link to the start of the thread
[Log] Log Archival
or for those who prefer a top down view:
Index of threads for december
oh, and here's a website by the ever excellent Tina Bird of counterpayne, as well as Marcus Ranum
Log Analysis
you can find all the info you need in the library off this site.
The same reasons why video is in-admissable in court apply here. And heck while were at it, its also the same reason why lie-detectors are not trsuted in court either. The reason is that technology is the devil's fiddle.
Rather than keep the entire entry at the 3rd party, you'd encrypt it with your public key and allow the 3rd party to datestamp it and cryptographically sign it.
Then you keep the signature and datestamp yourself and the 3rd party never actually knows what the plain text was that it's just datestamped.
Not saying it hasn't been done, but I can't imagine why any jury would allow the mail trick to hold up in court.
... then down the line, just drop something into the envelope and seal it.
I can easily mail an unsealed empty envelope to myself (with enough postage to cover additional non-existent weight)
It'll have a postmark from 4 years ago - be sealed - but have content I created yesterday.
Failing that, unless it is an envelope that cannot be opened without destroying it, either steaming it or freezing it will likely let me open it, change the contents, and re-seal it.
--
Since most individuals don't need protection granular to a single day, I'd suggest saving up a week/months worth at a time and doing the newspaper thing.
Or, if you have that high of volume, and need daily granularity - I'd suggest a corporate solution. If you're that worried about your IP, it must be valuable enough to not play games with it.
If you can find your journal on one of the internet public archieves, that should be trusted enough.
puts ("Python r0cks\n");
Is there a database, or method of recording this data, in electronic form, that will stand up in court?
Ask a lawyer!!!! The only way to know if something will stand up in court is if it alreay has stood up in court, and even then it's tricky. Unless you're up to researching the possible cases where these types of documentation were scrutinized by the court, then a lawyer is your only hope.
For these reasons, use a regular notebook which will stand up in court. If you need to attach documenation, tape it in to the notebook. If it really has to stand up in court, use a notary public.
Notary publics can also date/time stamp sealed envelopes, and under contract it can probably be less than registered mail. If you work in a large company (which you don't, otherwise you wouldn't be asking these questions) then they probably have one person on staff who is certified as a notary public.
Print out your journal once a week (two copies, one in envelope, one out) and have the notary sign and seal the sealed copy, and notarize the external copy. Keep both together in another envelope (with good record keeping) and make notes in the journal database about whaty entries are in the envelope for future reference.
The reality is that if you are defending a claim, you must prove that you came up with the idea first. They may well attack any sort of credibility you have if anything you make to track it can be modified in any way by you, such as an onsite database. You need to have third party impartial involvement.
-Adam
Certified mail is thoroughly sealed with special tape at every envelope seam by the Post Office before it is accepted. Or at least my mail was.
The best you could hope for with digital data is to burn it to CD-R (not CD-RW) and mail it to yourself. Doing this once a month should be sufficient. leave the envelopes sealed, as that's the only timestamp you'll have that will stand up in court.
The problem is that it's so easy to alter digital data. If it's stored on a medium that's writable, it can be changed. CD-R is in theory not writable, but you can alter the date that's burned on the CD fairly easily, making it quite simple to falsify, and therefore creating the need to verify the date the CD was burned. The USPS is the cheapest and easiest way to do this.
If I were a judge, I would never accept a digital timestamp as proof. If I were a lawyer opposing you, the first thing I'd do is bring in someone to explain to the court all the reasons digital data can't be trusted.
If this is actually important to you, you don't want to be the test case for this type of timestamp.
Under capitalism man exploits man. Under communism it's the other way around.
I can easily mail an unsealed empty envelope to myself (with enough postage to cover additional non-existent weight) ... then down the line, just drop something into the envelope and seal it.
That's why you use certified mail. It costs more, but it's sealed by the post office to provide proof of mailing. They also have a new service where you can e-mail them a document and they'll mail it for you. You don't even have to go to the post office.
http://www.usps.com/netpost/certifiedmail_faq.htm
Email each journal entry to yourself. Use an email provider that isn't connected with your business if you feel that gives you an added level of trustability. Email is admissable.
meh.
I am currently involved with the development of a middleware system called Scientific Annotation Middleware - SAM. One of the services that we are in the process of implementing is a Notorization Service that can be used by a 3rd party for signing document hashes. We use the XML signiture spec./infrastructure.
In particular we'll be developing Notebook services and a SAM electronic-notebook that will use the notorization service for exactly the purpose you seek.
Unfortunately, it won't be viable/released for end-user use for at least a couple more years.
There are other e-notebooks that have been developed (by us and other parties), but none of them have legally acceptable notorization capabilities to date.
/..sig file not found - permission denied.
VeriSign offers a timestamping product. Basically, you upload your doc, or a hash of it (can't remember exactly) and VeriSign signs it using their private key and appends a timestamp to it and stores the sig for later retrieval.
If you want to verify a document existed at a certain time you can re-upload it, they can validate the signature and verify the doc existed at the time of the stamp.
Since most of us already trust VeriSign for SSL certs, why not timestamping?
This post cannot be rebroadcast without the express written constent of Major League Baseball.
The prior poster is only partially correct. Such records are completely admissible in court, under exceptions to the hearsay rule for both 1) business records and 2) regular recording practice. The written journals are also complete hearsay, and are admissible under the exact same exceptions.
You have to establish a foundation from the records custodian of the veracity, authenticity, and accuracy of the records. If you are that person, the opposing party will attack your credibility, and it will be up to a jury as fact finder to evaluate the credibility of you, and your records.
An interesting thing happened many years ago with the patent office. This was related to me by a senior chemist here who was in charge of all our patent submissions, is I believe it to be trustworthy - or at least instructive. A BIG research institution (think AT&T Labs) submitted printouts from their electronic lab data collection systems. First time the PTO had seen such a submission - they always received coppies of coffee-stained, ratty lab notebooks as backup for the patent app. Initially disallowed the app. because the documetns looked too neat, and smacked of fabrication after the fact.
Now of course LIMS (Laboratory Information Management Systems) are in use everywhere, adn their printouts are absolutely critical (and admitted in court) in patent suits.
If it was me, I'd keep the electronic records, and periodically print them out, have each page of the printouts notarized and stored. That will be no different than what we do with the carbon copies of the lab notebook pages used now.... when a page is filled up, white copy stays in the lab, yellow to be notarized and archived, pink to the office.
Burn Two Copies of a write-once disc. Seal one copy in an appropriately sized tamper-proof envelope and mail it to yourself. While not a complete solution, This is equivalent to having a Notary verify that the data did exist on the postmarked date as it is on the disc. The second disk is used as part of a reference catalog to see what you have legally dated. The dated, provably unmodified data in the envelope is kept in a safe place.
PGP Digital Timestamping Service
Signatures are available through the website, on a mailing list they run, and weekly to the usenet group comp.security.pgp.announce. Make sure any company you use does some sort of public announcement like this, or if they go out of business you're screwed.
Just get it copyrighted. The day the US Copyright office receives your work is when their protection starts, and is provable.
Non Sequitur \Non seq"ui*tur\ [L., it does not follow]
n 1: a reply that has no relevance to what preceded it
AutoGoogle
AutoSlashBack
AutoEverything
Who?
In drug or child pr0n cases, digital data is often used as evidence against the defendant(s).
Give me my freedom, and I'll take care of my own security, thank you.
Archive onto CD/DVD and mail that disk in a well sealed envelope to your self.
The Postmark is a trusted 3rd party that verifies date and location for you.
Put your money where your mouth is -
There's a number of posts which claim that mailing yourself a sealed copy of whatever you want to timestamp is valid, will hold up in court, bla bla bla.
Can anyone cite a court case in which such evidence was either accepted, rejected, or challenged?
"Sounds good to me" is not the way courts work. They work first on law, secondly on precedent, and thirdly on whether or not the question is valid or can be compromised. If the law does not explicitly say that a sealed, postmarked envelope is a valid timestamp, then it is up to the courts to decide if it is or not; once decided, that decision stands until a higher court overturns it.
Cite precedent or law and I'll believe it.
P.S. -- You can probably mail yourself an UNSEALED envelope, then when you need to, you can "backdate" something. Anyone know how the USPS handles unsealed mail?
Give me my freedom, and I'll take care of my own security, thank you.
- Envelope can be opened, contents replaced, re-sealed (steam kettle, anyone?)
- Post office isn't required to keep tracking info on registered letters into perpetuity
- If you're going to need a j.p. anyway, why not get them to witness and stamp the original sheets?
- A little sleight-of-hand and what seems like you removing the original contents, isn't. Ask any magician how they "seem" to get stuff out of sealed envelopes.
- The original seal can be faked.
- etc....
Only documents that can be "testified to" as to their contents, by a witness, are admissable as evidence. This is why, for example, in drunk-driving cases or speeding cases, the police tech who did the breathalyzer test, or operated the radar gun, has to testify to the contents of his/her report. The report cannot speak for itself in a court of law.It's already been stated that the post office seals registered mail. (We're not talking about stock white Grand & Toy envelopes here)
Doesn't have to. Their seal and mark is a known trusted symbol.
It becomes very expensive, time consuming, and aggravating to have someone authenticate potentially hundreds or thousands of sheets on a continuous basis.
So hand it to the judge or bailiff or attourney or ...
If you're going to go to the lengths to fake a registered letter, you might as well fake testimony from a witness. Perjury is far easier than forgery.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Unsealed mail is sent OK. Look at Christmas cards. Unsealed can even be cheaper.
Which doesn't answer the main point: All documents need to be testified to. If e 2 people testifyi one way, and you have an unsupported document stating the opposite, you lose.
Post office. Seal. End of story.
While I'm not a lawyer, but atleast I have a rudimentary understanding of the law. Re-read my post and contact a professional.
Fin.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
- Re point 1: It's easy to fake the post office seal. Just as it's easy to fake certified cheques, holograms on credit cards, currency, etc. End of story. In addition, it's easy to open envelopes at other than the top 'seal' and re-seal them. Any 'Post Office Seal' remains intact.
- Re: point 2: Rudimentary is right. Unsupported documents are heresay, and must be rejected, esp. when contradicted by sworn testimony.
People have been thinking that they can get some sort of pseudo-intellectual-property by sending themselves a copy of their idea in an envelope etc.... It's who files first who wins. Check out their web site for more details.Thanks for the name check, Blaise. My favorite place to send people for information about how to make computer data admissable in court is a paper by Orin Kerr, former Dept. of Justice attorney and now a prof at George Washington, specializing in technology issues. He wrote a great summary of >>current>caselawevidencecould have been tampered with.
This of course makes life a lot easier for your sys admin in the trenches, who doesn't have time to set up an encrypted write once file system...