Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Rules Proposed on Electronic Evidence

Posted by Zonk on from the your-money-or-your-files dept.

davidtspf writes "The committee that makes the rules of procedure for U.S. federal courts is now considering new rules governing electronic evidence, how much litigants need to produce at trial, and under what circumstances. Civil rights attorneys are arguing that the rules will make it harder to find smoking guns, while a number of corporations, including Microsoft have submitted comments arguing for further limits. LawMeme has an article with more background, comparing the process to debates over IP law that occur in a vacuum of empirical data, and encouraging techies to submit requests to extend the public comment period, which ended today."

4 of 129 comments (clear)

  1. Re:1 step forward, 1 step back? by Beryllium+Sphere(tm) · · Score: 2, Informative

    >Could we see a new ISP springing up that 'routinely' wipes out logs every week? Might it provide better security and anonymity for its customers?

    Anonymizer.com claims they don't retain logs. Ziplip used to advertise that they didn't keep any record of a message after it was sent, but today their sales pitch is that they retain the records for you for compliance with HIPAA, Sarbanes-Oxley, GLBA or whatever.

  2. Re:Platter dust by MathFox · · Score: 4, Informative
    When you're talking about admissible evidence for criminal proscecution, the data in RAM certainly is admissible. It is a practical forensic problem to store the data on a non-volatile medium without destroying its value as evidence. People have been convicted on the basis of the contents of their swap partition.

    When a computer forencist is involved in a raid, he knows what evidence he has to look for. He has a plan of attack. That could include forcing a crashdump of the RAM on a Unix server to analyse the processes that are running. A lot of incriminating information is found in the space that was taken up by deleted files.

    Another way of obtaining incriminating information is from "third party" logfiles, network taps, etc. Doing as much investigation without the suspect knowing it.

    I am not a computer forencist, but I applied for the job.

    --
    extern warranty;
    main()
    {
    (void)warranty;
    }
  3. Re:Fool by gurps_npc · · Score: 3, Informative
    You are pretty foolish.

    I work in this field.

    While it is true that anything can be forged, in any major company it is INCREDIBALLY easy to detect forgery of electronic documents. Yes it can be done, but it would be FAR more expensive than forging paper documents.

    Why? COPIES. BACKUP. EMAIL SERVERS Emails for example are incredibally dificult to convincing forge. When I send an email to you, it does NOT just go to your computer. It goes all over the company network, getting backed up, tarred, zipped, etc. In order to convincingly forge an email from IBM to say Microsoft, I would have to:

    1. Find all those files in IBM's computer. Good luck. Hope you don't miss one.

    2. Edit all those files, being sure to use correct permissions and reset things like Last modified date.

    3. See steps 1 and 2? Repeat for Microsoft's computers.

    In general, it is FAR easier to forge a hand letter to Microsoft from IBM than an electronic email

    --
    excitingthingstodo.blogspot.com
  4. WRONG by zymurgyboy · · Score: 4, Informative
    Wistleblowing and copyright infrigement are not issues specifically covered by the Federal Rules of Civil Procedure.

    These rules only cover "standards", if you will, for how evidence is collected in the discovery process; how it is traded back and forth (produced) between plaintiff and defendent counsel; rules for deposing witnesses; and most importantly, in this case, standards for how the production materials are formatted. That is what is being addressed here.

    Currently the Rules of Civil (and Criminal for that matter) Procedure are designed to govern how cases are litigated in a paper world. Electronic evidence (and a virtual lack of standards for it) have created a host of problems for this antiquated process that is by orders of magnitude more difficult to deal with than was ever previously enountered in the paper world. Whereas before, when someone got sued their paper files would get taken. The files were static objects. Maybe a few people would get a copy of a particular document and it was much easier to determine who the recipients were. Now that more material is traded back and forth through e-mail and other means, this happens on a much faster pace, it's much easier to spray copies around to a variety of recipients and much harder to keep track of who had what and when they had it.

    Also, electronic communications will keep several revisions of a document which may have been through away and not retained in the paper world. This frequently happens without the custodian's knowledge more often than not, unless a very deliberate attempt to implement, maintain and enforce a document management and retention policy. Indeed, the electronic communications revolution has made the proverbial smoking guns much more numerous than in the past by it's very nature.

    Volume and velocity of communication is only one part of the problem. File formats are just as big a piece of the puzzle. Word vs. Word Perfect documents being an example. If electronic documents are not properly handled you can easily be accused of spoliation of evidence, with or without any malintent. By simply converting a WordPerfect document to Word format, it can change pagination, formatting, and destroy metadata that the recipient wasn't even aware existed. Having "exact" copies, traceable back to their source (chain of custody) of a document as it was produced to you "in the normal course of business (to use the vernacular)" is extremely important if you intend to use all or part of it as evidence. This is (on of) a lawyer's worst nightmares.

    These are just a few of the problems relating to the federal rules and electronic documents. Outside of the Sedona Conference, these have largely been unaddressed up until very recently. It looks like the Rules of Civil Procedure are going to standardize on production of documents in native format. One school of thought has been to take the native documents and print them to a static format for production purposes (such as tiff, pdf, jpg). Looks like their shying away from that approach and leaning toward the "native format" position both have their advantages and potential pitfalls, some of which I outlined above.

    Anyway, in response to your post and in summary, you shouldn't read so much into Microsoft having an opinion here. Their opinion on the matter isn't out of line with most other businesses in this regard, nor is it necessarily bad for the little guy either. This is a double edged sword and it is as sharp on one side as it is on the other. If anyone will "win" out of this, it will be trial lawyers, in the sense that you will need to make sure you have counsel that is accutely aware of the electronic discovery universe and how to take advantage of it while making sure you don't get cut.

    This is simply a badly needed revision of the rules that will make it more fair for plaintiffs and defendants alike. I wouldn't anything more into it than that.

    --
    If you never make mistakes, it's probably because you're not doing anything.