Slashdot Mirror
New Rules Proposed on Electronic Evidence
davidtspf writes "The committee that makes the rules of procedure for U.S. federal courts is now considering new rules governing electronic evidence, how much litigants need to produce at trial, and under what circumstances. Civil rights attorneys are arguing that the rules will make it harder to find smoking guns, while a number of corporations, including Microsoft have submitted comments arguing for further limits. LawMeme has an article with more background, comparing the process to debates over IP law that occur in a vacuum of empirical data, and encouraging techies to submit requests to extend the public comment period, which ended today."
No evidence should be submitted in pdf format.
My take would be MS wants more restrictions to so it's own leaked memos can't be used against it so easily.
Just my two cents.
I used to have a good sig...
Would stricter rules not force the RIAA (and their ilk) to produce stronger evidence against defendants in copyright violation lawsuits?
Socialism: A feeling of discontent and resentment caused by a desire for the possessions or qualities of another.
Long gone are the days of Ollie North and "Shredder Gate"...
"Nature bats last..."
Of course they do, otherwise their emails will continue to show in court that they are guilty as hell. There should be no different standard applied to electronic communcations over written notes. If you write a note its admissable, if its electronic it should be equally admissable (and easier to get hold of).
An Eye for an Eye will make the whole world blind - Gandhi
So wait this can be good or bad, either you will no longer be able submit digital pictures and financial records as evidence of XYZ Corp.'s illegal under the table dealings with Senator Cock-Nose allowing them to kill babies, dump nuclear waste and go tax free, or it can make it impossible for the RIAA/MPAA/DMCARCALSVPT to subpoena you with a print-out of your ISP's traffic log for stealing Britney Spears record sales or talking about breaking encryption schemes.
This comment does not represent the views or opinions of the user.
If you beleive that electronic data can't be forged to fit what ever you want then I have a big bridge to sell you too.
Now, we can hope that punishment for computer-related crimes is brought down to reasonable levels. As much as I hate the fear of identity thieves and hackers, I think it's ridiculous that someone can get less time in jail for committing murder than for hacking into a corporate network.
And we've all heard of "consultants" who were jailed by a company because the consultant tested the company's network security, but the company didn't like it. Penalties and jail-time were harsh, even though no bad intentions were evident.
I don't see any reason to convict Microsoft of having some invested interest in this. The rules being discussed suck and a lot of people can see that.
I'm thinking that this is a good thing. I like how the proposed amendment to 37(f) leaves things nice and open by saying, "...should not be subject to sanctions when information is destroyed 'because of the routine operation of the party's electronic information system.'"
Could we see a new ISP springing up that 'routinely' wipes out logs every week? Might it provide better security and anonymity for its customers?
Of course there's the downside of better protecting true criminals, but I think in today's Big Brother-esque, PATRIOT act society, a little more protection from overreaching laws is a good thing.
Don't buy WoW Gold! Make it yourself!
To take one example, the proposed amendment to Rule 37(f) says that responding parties should not be subject to sanctions when information is destroyed "because of the routine operation of the party's electronic information system." This rule would encourage strategic actors to design or purchase systems that routinely destroy data they might otherwise save if not for the potential litigation costs of preserving incriminating documents.
:-)
That would certainly work to the advantage of those not eager to be confronted with old memos
see a Text Widget
Is a readable hard drive with incriminating data required for a conviction? If so, one could do whatever they want (illegally) in a vmware session with the virtual disk stored in a ramdisk. Then, when the police come and unplug the machine for evidence, all the evidence is erased.
--
Dogs are annoying. Go ECFA.
Would stricter rules not force the RIAA (and their ilk) to produce stronger evidence against defendants in copyright violation lawsuits?
I doubt it. Rules for whistleblowing will have one standard, rules corporations can use against individuals will have another.
It won't be phrased that blatently. Instead it will be one set of rules for submitting confidential data (internal memos, emails, chatroom logs) and another, much laxer set of rules, for accusations of copyright infringement.
Be assured, the end result will almost certainly mean less corporate accountability, and less protection of individuals against corporate whichhunts.
The Future of Human Evolution: Autonomy
I kind of mess around with 3d apps for work and play, also browse the net looking for ideas... Anyway, I have noticed a lot of these online galleries post things like car crashes of 'luxury sports cars' that are clearly fake - fake flames, fake shadows, fake... Totally obvious to me, though after showing examples to family and friends, they would swear they were 'real'...
I guess 'they' might consider hiring a few ex image analysts from the military or other government agencies.
I think what I'm trying to say is that while it's not 'impossible' to make a foolproof 'fake' - it is extremely difficult.
Of course all this only relates to digital photography...
Actually... I'm really not very sure what my point is or why I even posted this...
I think it will help end the more trivial law suits and still let the serious ones work. A main problem is that some companies choose to settle rather than fight because the settlement is cheaper than the cost of retrieving the information off of old unsupported media or computer systems.
hack a day
With all the zombies out there and the ease of altering digital documents, it's near impossible to really verify the source of most things floating around nowadays.
This is related to the Banes-Oxley act which mandated that all email conversations (as well as other electronic documentation) must be backed up regularly and for a fixed period of time.
IANAL but it appears that a side effect of this is that it elevates this form of business communication as more legally binding above and beyond normal paper document communications. IE Official business memos are legally required to be stored but simple interperonsal memo communication between officers is not. But if it IS kept and found, it's legally admissable.
The law change (to help prevent another Enron) elevates all communication to a stored status. From the consumer side this is "good" because smoking guns are easier to find. But from the business side this is "bad" because a lot of ideas get thrown around when trying to develop business plans. Ideas that may be quasi-legal to begin with, but not recognizable as such until they bounce the plan off one of the legal team and he quashes it. End of story right? Not if that communication is part of the official record because it was emailed. Now it becomes a smoking gun as part of a "pattern of intent to do illegal buisness practices".
My first reaction was to say that corporate e-mails should be PGP (or similar) encrypted, but private keys would be subject to subpoena, wouldn't they?
500GB of disk, 5TB of transfer, $5.95/mo
It's already pretty common practice to limit the size of corporate email to about 3 months worth of emails... anything beyond that is deleted. Ostensibly, this is a disk quota, but the push is from legal departments that are slammed with hundreds of fishing expeditions into corporate emails every month.
The time and effort required to pull and organize all of the data from a request to search all electronic records for any mention of "Product Frobozz" is not trivial. Doing it several times per day for different requests is costing millions.
Policies are put in place to prevent people from maintaining their own archives, off the corporate servers, so that everything can be searched using automated tools.
Every document, electronic or paper, has an "expiration date". After that, it's to be destroyed. Only a very few records that need to be kept for legal or regulatory compliance are kept in a secure, indexed corporate archive.
This is not about being "confronted with old memos". It's about containing the costs of complying with legal fishing expeditions. Just be a business with money in the bank, and the lawyers will file papers to see what they can shake loose. The cost of complying with all the requests is often enough to push small businesses to settle because they don't have the resources to run all the queries.
I may not have gone where I intended to go, but I think I have ended up where I needed to be.
After reading the LawMeme article, I understood this to be mostly focusing on how cooporate electronic information would be handled, though if it is applied to corp info then it will likely later be applied to personal info. It does seem that it would open up more than a few loop holes that would allow big corporations to get away with things while the common user would not, for example a large company could easily decide to copy all possibly incriminating back-ups to a less accessable media, but how many home userts are going to deliberately store their info on a something "less accessable".
Also the note at the bottom of the article, asking that techies request that the date for public comments be extended, was up yesterday so posting this today may not be helpful.
Of course Microsoft is going to want more evidence. I would say by now they are kind of tired of getting caught.
Back in the past I did a lot of work as a computer forensic expert on behalf of most of the UK police forces, Crown Prosecution Service, etc.
Always there would be attempts by the defence to get some of the evidence struck off as inadmissable before the session got underway before the Jury.
I remember one case - the evidence was a print-out showing the log of an investigator connecting to a BBS and downloading something illegal (AT&T calling card numbers or similar).
The defence pointed to a line 2/3 down the page and said there's a letter missing from the start of one of the lines. It said 'ogin' instead of 'Login'. Therefore the printer wasn't working correctly, and if we couldn't trust that the evidence shouldn't be admitted.
So, I take the stand and pick up the evidence bundle, and point out to the judge, with no small amount of amusement, that the original page had been hole-punched (not obvious in the photocopies) and the L had been punched out. The judges are not stupid, they know when the defence are 'trying it on'. All the evidence in that trial was allowed to stand, and as soon as the trial got underway the defendent changed his plea to guilty!
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
The post says that the comment period ended today. That does not mean that comments cannot still be submitted. Informed helpful comments submitted after the deadline can be considered. I myself have no position on the proposed rule changes, but as someone who has participated in rule-making procedures I thought I'd point that out.
Discovery is better, because they produce documents which are presumed authentic. Smoking guns are most frequently found in discovery material. If I had an outside source, I'd look through the discovery mountain to confirm it. IANAL
When someone tries to deny evidence, things get stickier. You'd have to find a different witness "Yes, I got that and we talked about it". Or show that the message has authentic [looking] headers, and was found/delivered from the expected place. Then the denyier has to explain how the forgery got there, and who would have access to do such a thing. Vanishingly few.
More interesting is the scope & medium of discovery. How much can someone ask for? Should they get it machine-readable, or printed on 8.5x11 floppies? :) What are the obligations of confidentiality on material not introduced into evidence? Should there be a "fruit of the poisoned vine" analogous doctrine?
Well, I got better...
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
God forbid that there be protections that don't expose a company's entire operation to public scrutiny. Look at the companies they listed and tell me which one really gipped the public. None of them. If you're a smoker then you have only yourself to blame for your health problems, especially if you are under 30 years old. If you are too cheap to buy a Mac or learn Linux then your usage of Windows is your own damn problem. I remember when BeOS was around, you could buy the upgrades for what, $25.00 yet how many of these professional whiners supported Be? They'd rather force Microsoft to behave like Be than actually support Be.
What I am personally sick of are the professional litigator-activists who lose in the court of public opinion so they then take out their failure on the democratic process by going to the courts.
Click here or a puppy gets stomped!
Reading through the comments, I see several people misinterpreting the nature of the rule changes.
The proposed changes are to the Federal Rules of CIVIL Procedure. This affects CIVIL lawsuits, and does not (directly) impact criminal prosecutions (for "hacking" or otherwise). The rule changes also don't have much to do with the admissibility or authentication of evidence.
Among other things, if adopted, the rule changes would do things like require electronic production of electronic records (i.e., don't bother trying to print out that database). Also, the proposed Rule 37(f) safe harbor for failure to preserve doesn't protect parties from sanctions for intentional or reckless failure to preserve information.
IAAL. So, there.
My thought is that, if a double standard will come into play here, it will be more blatant than you're thinking. The rules will not be laxer for accusations of copyright infringement. Rather, they could simply be different for natural persons than they are for corporate entities. It'd be very hard to argue, however, that corporations should have less of a burden of document production than individuals, when corporations will almost invariably have better retention as a matter of both corporate policy and technology budget.
It is, however, perfectly possible that the amended Federal Rules of Civil Procedure (note to other posters using terms such as "guilty": these rules do not apply to criminal trials, only to civil lawsuits) will not be biased one way or the other.
IANALY and I haven't read the PDF, but it seems to me from what I have read that the proposed amendments relate mostly to discovery. Discovery under the Federal Rules of Civil Procedure (those being the rules to be amended here) is multi-facted.
As I see it, the big one here is the discovery device of document requests. You (a lawyer for party A) send a request for production of documents to party B, for instance "All sales records for the period from January 1, 1999 through January 1, 2002." And they have to comply, as long as the documents meet certain requirements (none of which is admissibility; rather, the general rule on discovery is that the request must be "reasonably calculated to lead to admissible evidence").
The problem is that it might be unreasonably burdensome to say "I want a copy of every internal e-mail for the years 1999-2001." These amendments probably address situations like that, and the controversy is where to draw the line.
On one side are corporations who want neither to retain every internal e-mail for a year (do you want to work in an IT department that retains terabytes of mundane "Lunch at Baja Fresh?" e-mails every year?) nor to give their internal e-mails to the guys on the other side of the "v." in a civil lawsuit. On the other side are people who don't want corporations destroying all sorts of critical evidence and getting away with it just because it's not on paper.
These rules only cover "standards", if you will, for how evidence is collected in the discovery process; how it is traded back and forth (produced) between plaintiff and defendent counsel; rules for deposing witnesses; and most importantly, in this case, standards for how the production materials are formatted. That is what is being addressed here.
Currently the Rules of Civil (and Criminal for that matter) Procedure are designed to govern how cases are litigated in a paper world. Electronic evidence (and a virtual lack of standards for it) have created a host of problems for this antiquated process that is by orders of magnitude more difficult to deal with than was ever previously enountered in the paper world. Whereas before, when someone got sued their paper files would get taken. The files were static objects. Maybe a few people would get a copy of a particular document and it was much easier to determine who the recipients were. Now that more material is traded back and forth through e-mail and other means, this happens on a much faster pace, it's much easier to spray copies around to a variety of recipients and much harder to keep track of who had what and when they had it.
Also, electronic communications will keep several revisions of a document which may have been through away and not retained in the paper world. This frequently happens without the custodian's knowledge more often than not, unless a very deliberate attempt to implement, maintain and enforce a document management and retention policy. Indeed, the electronic communications revolution has made the proverbial smoking guns much more numerous than in the past by it's very nature.
Volume and velocity of communication is only one part of the problem. File formats are just as big a piece of the puzzle. Word vs. Word Perfect documents being an example. If electronic documents are not properly handled you can easily be accused of spoliation of evidence, with or without any malintent. By simply converting a WordPerfect document to Word format, it can change pagination, formatting, and destroy metadata that the recipient wasn't even aware existed. Having "exact" copies, traceable back to their source (chain of custody) of a document as it was produced to you "in the normal course of business (to use the vernacular)" is extremely important if you intend to use all or part of it as evidence. This is (on of) a lawyer's worst nightmares.
These are just a few of the problems relating to the federal rules and electronic documents. Outside of the Sedona Conference, these have largely been unaddressed up until very recently. It looks like the Rules of Civil Procedure are going to standardize on production of documents in native format. One school of thought has been to take the native documents and print them to a static format for production purposes (such as tiff, pdf, jpg). Looks like their shying away from that approach and leaning toward the "native format" position both have their advantages and potential pitfalls, some of which I outlined above.
Anyway, in response to your post and in summary, you shouldn't read so much into Microsoft having an opinion here. Their opinion on the matter isn't out of line with most other businesses in this regard, nor is it necessarily bad for the little guy either. This is a double edged sword and it is as sharp on one side as it is on the other. If anyone will "win" out of this, it will be trial lawyers, in the sense that you will need to make sure you have counsel that is accutely aware of the electronic discovery universe and how to take advantage of it while making sure you don't get cut.
This is simply a badly needed revision of the rules that will make it more fair for plaintiffs and defendants alike. I wouldn't anything more into it than that.
If you never make mistakes, it's probably because you're not doing anything.
Anyone using their PC for criminal activity shouldn't have any writable media on their system.
They should also lock out intruders at the network level and at the console.
While they are at it, they should be inside an underground lead-lined bunker with no connection to the outside world except a faraday-caged ventallation shaft. What about the AC power line? They should run everything off of batteries or fuel cells.
Anyone need a spare laptop to go with their fallout shelter?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
For some companies operating on the edge of the law, particularly ones at one physical location, paper memos and informal meetings without official minutes make make a comeback.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
allllllll GOOOOOOOOOOOOOOd
o m/
http://www.djtouvan.com/
http://www.djtouvan.c
http://www.djtouvan.com/
The problem is that it might be unreasonably burdensome to say "I want a copy of every internal e-mail for the years 1999-2001."
See SCO v. IBM, for details of just such a burdensome fishing expedition that was granted.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
See SCO v. IBM, for details of just such a burdensome fishing expedition that was granted.
The Fed.R.Civ.P.'s discovery procedures are supposed to be about a fishing expedition. The burdensome stuff is more like "Give me every document you, IBM, have ever created."
Yep. Discovery is about both sides knowing the whole story, so that you don't end up two months into the actual trial when you figure out you have no claim against the defendant. SCO v. IBM is an exception, where the plaintiff knew they had no claim before they started discovery, but went digging for one anyhow. I don't think we should judge the federal court system based in any part on SCO v. IBM.
I don't think he did anything malicious, but he admitted he did things that anybody competent in security work or system administration at the time would have told you are a bad idea (moving password files from one system to another, gaining unauthorized access to internal systems and moving password data off them, etc.)
He did not, in fact, go to jail (except for the time he was held during booking). He was sentenced to restitution, appealed, and the restitution order was sent back to the lower court. Ultimately he did community service and paid a fine.
-- Old Man Kensey
There's a great scene in Cryptonomicon where Randy is explaining to Eberhard the reason that they have not been privy to the development of a major shift in corporate strategy until it is officially announced to everyone. He takes him aside for a two-person conversation, in which he explains the occasional desirability of making major business decisions as a series of two-person conversations rather than a single large bull session with everyone involved.
-- Old Man Kensey
It's refreshing to see someone actually consider the *issue*, rather than the typical /. habit of immediately claiming M$ is teh EviL!
Side note to all you MS conspiracists - just how freakin powerful do you think MS is, anyway?
Emails for example are incredibally dificult to convincing forge.
Slashdot posts for example are incredibally dificult to spelling correct.