Court Recognition of Computer Evidence

Return->

The SAKEM procedure enhances the determinism in the case of hostile examination by expert witnesses.

While court precedents related to the legal recognition of computer evidence can be extensively discussed, we risk the following analysis.

In practice, when some evidence supported by a computer security system is challenged in court, there would be two paths which might be followed by the court: 1) the technical issues are ignored or avoided, or 2) the security system will be examined in detail by a hostile expert witness.

Various reasons might cause the technical issues to be ignored or avoided (these reasons were gathered from [1] and [2]):

• The evidence gathered by technical means is indirectly supported by other forms of evidence, and is acknowledged by the incriminated party.
• The party incriminated by the technical evidence may not have the knowledge, financial resources, and contacts needed to bring expert witnesses to the courtroom.
• Most judges were educated in the humanities and are more technophobic than the average person.
• When faced with contrary expert opinions, courts tend to ignore both and decide the case on other issues.
• The legal precedents from different technological contexts may be carried forward with little attention to the differences (the early precedents endorsing the legal notices sent by telegraph might have been carried forward to the fax despite the loss of the telegraph company transmission records in the conversion to fax).

Upon occurence of court decision based on the above rationales, the layman view might be that courts have blind faith in some technologies, irrespective of their technical merits. According to a legal commentator, the enactment of some digital signature statutes may conform with this view ([3]).

Alternatively, the security system will be examined in details by hostile expert witnesses. When this happens, one should expect to discover blunders in the system design and lax operations, often leading to public embarassment for the overseeing organization. (see notably [1]). A legal precedent which uncover the true limitations of a technology sometimes signals the end of this technology life-cycle (e.g. after a successful challenge to court by a wealthy person charged with excessive driving speed infraction, it's time for local police forces to upgrade to the next generation of radars). Vendor reputation, standards compliance, and other confidence raising features are of little use when the true nature of a technology is brought by experts to the courtroom.

In the advent of an hostile examination, the SAKEM procedure is believed to fate relatively well. It has been designed with care and dedication to security issues. More importantly, the SAKEM procedure relates to the daily business practices which are quickly put into question when the reliability of computer evidence is investigated. An implementation of the SAKEM implied security model may prevent insiders from tampering with the end-users' authentication keys, an issue which was also raised in court.

Return->

References

[1] Anderson, Ross J., Liability and Computer Security: Nine Principles, in Computer Security - Esorics '94, Third European Symposium on Research in Computer Security, November 1994, LNCS (Lecture Notes in Computer Science) 875, Springer Verlag, pp 231-245

[2] Me Lambert, Jean, Le télécopieur, un merveilleux cauchamard juridique ou Les aspects juridiques de l'utilisation du télécopieur en droit québécois, ("The fax machine, a marvellous legal nightmare or The legal aspects of fax usage under the Québec law") Cours de perfectionnement du notariat, 1992, no. 2, Chambre des notaires du Québec, SOQUIJ (also published in spanish in revue internationale du notariat latin)

[3] Biddle, C. Bradford, Legislating Market Winners: Digital Signature Laws and the Electronic Commerce Marketplace, San Diego Law Review, Vol 34 (1997), issue 3, pp 1225-1246