Slashdot Mirror
Regarding the Use of Digital Data in Court?
iChuckles asks: "Is there a way to make electronic data admissible in court? Can electronic data be used as an alibi? I want to keep an electronic journal, on my work, that is date and time stamped. This journal could be used to prove I came up with an idea on a certain date based upon an entry. Is there a database, or method of recording this data, in electronic form, that will stand up in court? Is there a database that once a record is entered with an accompanying time and date stamp, cannot be altered?"
the entries would have to be kept with a trusted 3rd party as there is no such system that guarantees the data will not be changed. I guess it could be sort of like security certificate companies, holding the data in trust for everyone and their sole duty is to ensure that it is correct.
As far as I am concerned - nothing you manage locally or hold entirely on your own hardware would be acceptable, you cannot provide a strong enough guarantee of the integrity.
It's not that I'm Anti-American - I'm Pro-Freedom
http://www.itconsult.co.uk/stamper.htm -- really, there comes a point where a trusted authority is just required. I know scientists just keep hand-written logbooks, and date each entry and keep it in pen. Nice and old-fashioned, the courts like it. Alternativly, if we don't want to go old-fashioned, you could sign your mails with the above service (but how do you prove that service can be trusted?)
Trust is a really nasty recursive problem. I'd just keep a paper logbook, and other records. It should work well enough.
A public time-stamping service is what we need. How do we get this set up?
I'd like to hear about the ones you know that are already in place, but something more universally trusted would be ideal. (Not that our government is universally trusted, but for in-court use, we'd need something not just a private person or corporation has set up.)
For an individual user like yourself, I'd suggest the following.
This should allow you to prove you had a file that produced THIS signature on a certain date. You can then recalculate the MD5 of the file you have (and if you haven't modified it) it should produce the same hash - which would lead one to believe that this IS the same file. This should be fairly compelling evidence.
Yes, it is *possible* to get another file to produce the same MD5, but it is unlikely.
Another option would be to print out the journal entry and have it notarized. This would be much easier to fake than the MD5 method - but courts have accepted notarized documents for ages.
- vin
Computer data is considered heresay in court.
If you are serious, record your notes in a written journal (in pen), and take the journal to a subject matter notary once a week (or month) to have them notarized (each page). You may wish to contract this service (it should be cheaper that way than one-offs). This is how intellectual property research can be protected.
The do-it-yourself method (I don't know how this stands up in court) is to snail-mail copies of your journal pages (say weekly) in tamper-evident envelopes to yourself. Don't open them. They are post-marked by the USPS for date. I suppose you could put your data on a CD weekly or monthly and do the same thing, but the computer-data-as-heresay issue comes up again.
Mail it to yourself, registered mail style.
While you're at it, mail yourself some empty unsealed envelopes, "just in case"...
With pgp, information is stored in the signature about _when_ I signed the message.
at best, you get info about the reading of the system clock at the time. and how do you convince a judge that you didn't use your own version of PGP that takes the purported current time as an argument?
Everything should be made as simple as possible, but not simpler. -- A.E.
On the loganalysis mailing list.
It's covered everything from requirements for logs to be admitted, to the validity of using checksums.
It's also been archived on the log analysis website.
even better, we've had several lawyers in on the conversation who site actual case law.
for once the conversation doesn't need the standard IANAL.
Here's a link to the start of the thread
[Log] Log Archival
or for those who prefer a top down view:
Index of threads for december
oh, and here's a website by the ever excellent Tina Bird of counterpayne, as well as Marcus Ranum
Log Analysis
you can find all the info you need in the library off this site.
Rather than keep the entire entry at the 3rd party, you'd encrypt it with your public key and allow the 3rd party to datestamp it and cryptographically sign it.
Then you keep the signature and datestamp yourself and the 3rd party never actually knows what the plain text was that it's just datestamped.
Not saying it hasn't been done, but I can't imagine why any jury would allow the mail trick to hold up in court.
... then down the line, just drop something into the envelope and seal it.
I can easily mail an unsealed empty envelope to myself (with enough postage to cover additional non-existent weight)
It'll have a postmark from 4 years ago - be sealed - but have content I created yesterday.
Failing that, unless it is an envelope that cannot be opened without destroying it, either steaming it or freezing it will likely let me open it, change the contents, and re-seal it.
--
Since most individuals don't need protection granular to a single day, I'd suggest saving up a week/months worth at a time and doing the newspaper thing.
Or, if you have that high of volume, and need daily granularity - I'd suggest a corporate solution. If you're that worried about your IP, it must be valuable enough to not play games with it.
You telling me that all those Caught On Tape shows on FOX are wrong when they end a clip by saying something along the lines of, "and the video evidence was enough to convince a judge to convict him"?
Method of processing duck feet
Is there a database, or method of recording this data, in electronic form, that will stand up in court?
Ask a lawyer!!!! The only way to know if something will stand up in court is if it alreay has stood up in court, and even then it's tricky. Unless you're up to researching the possible cases where these types of documentation were scrutinized by the court, then a lawyer is your only hope.
For these reasons, use a regular notebook which will stand up in court. If you need to attach documenation, tape it in to the notebook. If it really has to stand up in court, use a notary public.
Notary publics can also date/time stamp sealed envelopes, and under contract it can probably be less than registered mail. If you work in a large company (which you don't, otherwise you wouldn't be asking these questions) then they probably have one person on staff who is certified as a notary public.
Print out your journal once a week (two copies, one in envelope, one out) and have the notary sign and seal the sealed copy, and notarize the external copy. Keep both together in another envelope (with good record keeping) and make notes in the journal database about whaty entries are in the envelope for future reference.
The reality is that if you are defending a claim, you must prove that you came up with the idea first. They may well attack any sort of credibility you have if anything you make to track it can be modified in any way by you, such as an onsite database. You need to have third party impartial involvement.
-Adam
The best you could hope for with digital data is to burn it to CD-R (not CD-RW) and mail it to yourself. Doing this once a month should be sufficient. leave the envelopes sealed, as that's the only timestamp you'll have that will stand up in court.
The problem is that it's so easy to alter digital data. If it's stored on a medium that's writable, it can be changed. CD-R is in theory not writable, but you can alter the date that's burned on the CD fairly easily, making it quite simple to falsify, and therefore creating the need to verify the date the CD was burned. The USPS is the cheapest and easiest way to do this.
If I were a judge, I would never accept a digital timestamp as proof. If I were a lawyer opposing you, the first thing I'd do is bring in someone to explain to the court all the reasons digital data can't be trusted.
If this is actually important to you, you don't want to be the test case for this type of timestamp.
Under capitalism man exploits man. Under communism it's the other way around.
One would create a detached signature of the document and mail it to the server (or perhaps the whole signed/encrypted document). The server would sign whatever you sent, then send that back to you.
You could then verify that you signed the document (possibly implying that you wrote it), and then verify the date in which you did so.
I don't know what happend to the service, but there's a for-pay service which is similar. Check out this place.
Method of processing duck feet
I can easily mail an unsealed empty envelope to myself (with enough postage to cover additional non-existent weight) ... then down the line, just drop something into the envelope and seal it.
That's why you use certified mail. It costs more, but it's sealed by the post office to provide proof of mailing. They also have a new service where you can e-mail them a document and they'll mail it for you. You don't even have to go to the post office.
http://www.usps.com/netpost/certifiedmail_faq.htm
Email each journal entry to yourself. Use an email provider that isn't connected with your business if you feel that gives you an added level of trustability. Email is admissable.
meh.
Just get it copyrighted. The day the US Copyright office receives your work is when their protection starts, and is provable.
In drug or child pr0n cases, digital data is often used as evidence against the defendant(s).
Give me my freedom, and I'll take care of my own security, thank you.
There's a number of posts which claim that mailing yourself a sealed copy of whatever you want to timestamp is valid, will hold up in court, bla bla bla.
Can anyone cite a court case in which such evidence was either accepted, rejected, or challenged?
"Sounds good to me" is not the way courts work. They work first on law, secondly on precedent, and thirdly on whether or not the question is valid or can be compromised. If the law does not explicitly say that a sealed, postmarked envelope is a valid timestamp, then it is up to the courts to decide if it is or not; once decided, that decision stands until a higher court overturns it.
Cite precedent or law and I'll believe it.
P.S. -- You can probably mail yourself an UNSEALED envelope, then when you need to, you can "backdate" something. Anyone know how the USPS handles unsealed mail?
Give me my freedom, and I'll take care of my own security, thank you.
It is trivial to remove a piece of paper from an ordinary sealed envelope, modify it or replace it, and put it back in the envelope. Intelligence agencies have been doing it for centuries.
Mea navis aericumbens anguillis abundat
- Envelope can be opened, contents replaced, re-sealed (steam kettle, anyone?)
- Post office isn't required to keep tracking info on registered letters into perpetuity
- If you're going to need a j.p. anyway, why not get them to witness and stamp the original sheets?
- A little sleight-of-hand and what seems like you removing the original contents, isn't. Ask any magician how they "seem" to get stuff out of sealed envelopes.
- The original seal can be faked.
- etc....
Only documents that can be "testified to" as to their contents, by a witness, are admissable as evidence. This is why, for example, in drunk-driving cases or speeding cases, the police tech who did the breathalyzer test, or operated the radar gun, has to testify to the contents of his/her report. The report cannot speak for itself in a court of law.It's already been stated that the post office seals registered mail. (We're not talking about stock white Grand & Toy envelopes here)
Doesn't have to. Their seal and mark is a known trusted symbol.
It becomes very expensive, time consuming, and aggravating to have someone authenticate potentially hundreds or thousands of sheets on a continuous basis.
So hand it to the judge or bailiff or attourney or ...
If you're going to go to the lengths to fake a registered letter, you might as well fake testimony from a witness. Perjury is far easier than forgery.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Unsealed mail is sent OK. Look at Christmas cards. Unsealed can even be cheaper.
Which doesn't answer the main point: All documents need to be testified to. If e 2 people testifyi one way, and you have an unsupported document stating the opposite, you lose.
- Re point 1: It's easy to fake the post office seal. Just as it's easy to fake certified cheques, holograms on credit cards, currency, etc. End of story. In addition, it's easy to open envelopes at other than the top 'seal' and re-seal them. Any 'Post Office Seal' remains intact.
- Re: point 2: Rudimentary is right. Unsupported documents are heresay, and must be rejected, esp. when contradicted by sworn testimony.
People have been thinking that they can get some sort of pseudo-intellectual-property by sending themselves a copy of their idea in an envelope etc.... It's who files first who wins. Check out their web site for more details.