Slashdot Mirror
New Rules Proposed on Electronic Evidence
davidtspf writes "The committee that makes the rules of procedure for U.S. federal courts is now considering new rules governing electronic evidence, how much litigants need to produce at trial, and under what circumstances. Civil rights attorneys are arguing that the rules will make it harder to find smoking guns, while a number of corporations, including Microsoft have submitted comments arguing for further limits. LawMeme has an article with more background, comparing the process to debates over IP law that occur in a vacuum of empirical data, and encouraging techies to submit requests to extend the public comment period, which ended today."
Would stricter rules not force the RIAA (and their ilk) to produce stronger evidence against defendants in copyright violation lawsuits?
Socialism: A feeling of discontent and resentment caused by a desire for the possessions or qualities of another.
Of course they do, otherwise their emails will continue to show in court that they are guilty as hell. There should be no different standard applied to electronic communcations over written notes. If you write a note its admissable, if its electronic it should be equally admissable (and easier to get hold of).
An Eye for an Eye will make the whole world blind - Gandhi
So wait this can be good or bad, either you will no longer be able submit digital pictures and financial records as evidence of XYZ Corp.'s illegal under the table dealings with Senator Cock-Nose allowing them to kill babies, dump nuclear waste and go tax free, or it can make it impossible for the RIAA/MPAA/DMCARCALSVPT to subpoena you with a print-out of your ISP's traffic log for stealing Britney Spears record sales or talking about breaking encryption schemes.
This comment does not represent the views or opinions of the user.
If you beleive that electronic data can't be forged to fit what ever you want then I have a big bridge to sell you too.
Now, we can hope that punishment for computer-related crimes is brought down to reasonable levels. As much as I hate the fear of identity thieves and hackers, I think it's ridiculous that someone can get less time in jail for committing murder than for hacking into a corporate network.
And we've all heard of "consultants" who were jailed by a company because the consultant tested the company's network security, but the company didn't like it. Penalties and jail-time were harsh, even though no bad intentions were evident.
I'm thinking that this is a good thing. I like how the proposed amendment to 37(f) leaves things nice and open by saying, "...should not be subject to sanctions when information is destroyed 'because of the routine operation of the party's electronic information system.'"
Could we see a new ISP springing up that 'routinely' wipes out logs every week? Might it provide better security and anonymity for its customers?
Of course there's the downside of better protecting true criminals, but I think in today's Big Brother-esque, PATRIOT act society, a little more protection from overreaching laws is a good thing.
Don't buy WoW Gold! Make it yourself!
Would stricter rules not force the RIAA (and their ilk) to produce stronger evidence against defendants in copyright violation lawsuits?
I doubt it. Rules for whistleblowing will have one standard, rules corporations can use against individuals will have another.
It won't be phrased that blatently. Instead it will be one set of rules for submitting confidential data (internal memos, emails, chatroom logs) and another, much laxer set of rules, for accusations of copyright infringement.
Be assured, the end result will almost certainly mean less corporate accountability, and less protection of individuals against corporate whichhunts.
The Future of Human Evolution: Autonomy
This is related to the Banes-Oxley act which mandated that all email conversations (as well as other electronic documentation) must be backed up regularly and for a fixed period of time.
IANAL but it appears that a side effect of this is that it elevates this form of business communication as more legally binding above and beyond normal paper document communications. IE Official business memos are legally required to be stored but simple interperonsal memo communication between officers is not. But if it IS kept and found, it's legally admissable.
The law change (to help prevent another Enron) elevates all communication to a stored status. From the consumer side this is "good" because smoking guns are easier to find. But from the business side this is "bad" because a lot of ideas get thrown around when trying to develop business plans. Ideas that may be quasi-legal to begin with, but not recognizable as such until they bounce the plan off one of the legal team and he quashes it. End of story right? Not if that communication is part of the official record because it was emailed. Now it becomes a smoking gun as part of a "pattern of intent to do illegal buisness practices".
Back in the past I did a lot of work as a computer forensic expert on behalf of most of the UK police forces, Crown Prosecution Service, etc.
Always there would be attempts by the defence to get some of the evidence struck off as inadmissable before the session got underway before the Jury.
I remember one case - the evidence was a print-out showing the log of an investigator connecting to a BBS and downloading something illegal (AT&T calling card numbers or similar).
The defence pointed to a line 2/3 down the page and said there's a letter missing from the start of one of the lines. It said 'ogin' instead of 'Login'. Therefore the printer wasn't working correctly, and if we couldn't trust that the evidence shouldn't be admitted.
So, I take the stand and pick up the evidence bundle, and point out to the judge, with no small amount of amusement, that the original page had been hole-punched (not obvious in the photocopies) and the L had been punched out. The judges are not stupid, they know when the defence are 'trying it on'. All the evidence in that trial was allowed to stand, and as soon as the trial got underway the defendent changed his plea to guilty!
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
When a computer forencist is involved in a raid, he knows what evidence he has to look for. He has a plan of attack. That could include forcing a crashdump of the RAM on a Unix server to analyse the processes that are running. A lot of incriminating information is found in the space that was taken up by deleted files.
Another way of obtaining incriminating information is from "third party" logfiles, network taps, etc. Doing as much investigation without the suspect knowing it.
I am not a computer forencist, but I applied for the job.
extern warranty;
main()
{
(void)warranty;
}
Reading through the comments, I see several people misinterpreting the nature of the rule changes.
The proposed changes are to the Federal Rules of CIVIL Procedure. This affects CIVIL lawsuits, and does not (directly) impact criminal prosecutions (for "hacking" or otherwise). The rule changes also don't have much to do with the admissibility or authentication of evidence.
Among other things, if adopted, the rule changes would do things like require electronic production of electronic records (i.e., don't bother trying to print out that database). Also, the proposed Rule 37(f) safe harbor for failure to preserve doesn't protect parties from sanctions for intentional or reckless failure to preserve information.
IAAL. So, there.
These rules only cover "standards", if you will, for how evidence is collected in the discovery process; how it is traded back and forth (produced) between plaintiff and defendent counsel; rules for deposing witnesses; and most importantly, in this case, standards for how the production materials are formatted. That is what is being addressed here.
Currently the Rules of Civil (and Criminal for that matter) Procedure are designed to govern how cases are litigated in a paper world. Electronic evidence (and a virtual lack of standards for it) have created a host of problems for this antiquated process that is by orders of magnitude more difficult to deal with than was ever previously enountered in the paper world. Whereas before, when someone got sued their paper files would get taken. The files were static objects. Maybe a few people would get a copy of a particular document and it was much easier to determine who the recipients were. Now that more material is traded back and forth through e-mail and other means, this happens on a much faster pace, it's much easier to spray copies around to a variety of recipients and much harder to keep track of who had what and when they had it.
Also, electronic communications will keep several revisions of a document which may have been through away and not retained in the paper world. This frequently happens without the custodian's knowledge more often than not, unless a very deliberate attempt to implement, maintain and enforce a document management and retention policy. Indeed, the electronic communications revolution has made the proverbial smoking guns much more numerous than in the past by it's very nature.
Volume and velocity of communication is only one part of the problem. File formats are just as big a piece of the puzzle. Word vs. Word Perfect documents being an example. If electronic documents are not properly handled you can easily be accused of spoliation of evidence, with or without any malintent. By simply converting a WordPerfect document to Word format, it can change pagination, formatting, and destroy metadata that the recipient wasn't even aware existed. Having "exact" copies, traceable back to their source (chain of custody) of a document as it was produced to you "in the normal course of business (to use the vernacular)" is extremely important if you intend to use all or part of it as evidence. This is (on of) a lawyer's worst nightmares.
These are just a few of the problems relating to the federal rules and electronic documents. Outside of the Sedona Conference, these have largely been unaddressed up until very recently. It looks like the Rules of Civil Procedure are going to standardize on production of documents in native format. One school of thought has been to take the native documents and print them to a static format for production purposes (such as tiff, pdf, jpg). Looks like their shying away from that approach and leaning toward the "native format" position both have their advantages and potential pitfalls, some of which I outlined above.
Anyway, in response to your post and in summary, you shouldn't read so much into Microsoft having an opinion here. Their opinion on the matter isn't out of line with most other businesses in this regard, nor is it necessarily bad for the little guy either. This is a double edged sword and it is as sharp on one side as it is on the other. If anyone will "win" out of this, it will be trial lawyers, in the sense that you will need to make sure you have counsel that is accutely aware of the electronic discovery universe and how to take advantage of it while making sure you don't get cut.
This is simply a badly needed revision of the rules that will make it more fair for plaintiffs and defendants alike. I wouldn't anything more into it than that.
If you never make mistakes, it's probably because you're not doing anything.