A foundation for proving that records submitted as evidence are reliable, usable and have integrity is built with policies and procedures based on standards, best practices and documentation that shows they have been followed.  Proving the authenticity of records initially concerned the integrity of paper-based records, but today it includes records in digital format.  Several factors must be taken into account when laying the evidential foundations for submitting evidence in digital format into U.S. courts.

1.  Method of Preservation.  Several methods are used to preserve electronic data, including technology preservation, technology emulation and data refreshing.  There is a risk to whichever method is used, and it is important to ensure that whatever method is employed can be defended should the authenticity of a digital document be the subject of a legal challenge.

2.  Identity.  The identity of the document will need to be established, such as the name of the purported author, the date it was created, the place of origin and the subject matter.  This information forms part of the reliability of the document; if it can be identified correctly and there is a degree of certainty about the document, it can be relied upon.

3.  Integrity.  As discussed in the U.K. National Archives' Generic Requirements for Sustaining Electronic Information over Time:  1 Defining the Characteristics for Authentic Records, integrity refers to the "wholeness and soundness" of the document.  This, in turn, is related to whether the document can be considered to be complete and uncorrupted "… in all its essential respects during the course of its existence."  The international records management standard, ISO 15489:  2001 Information and Documentation – Records Management – Part I – General, provides that integrity refers to the record being complete and unaltered.

While these definitions of integrity relate to the ability to verify that the content of a document has not been changed since it was written, finished and adopted by the author, it might be necessary to consider other matters, including:

• Whether a time stamp was used and, if it was, whether it can be considered to be accurate and, if in doubt, what standards were observed with the particular type of time stamp used
• Whether it is a partially written document
• Whether the test for integrity of the document should apply only to the original version or whether any tracking regarding the document's subsequent circulation is necessary.  Following from this, the integrity of the circulation metadata may be required.
• Whether the metadata can be accepted as reliable and meaningful

The concept of integrity will be closely related to the organization's control over the preservation of a document.  Underlying the integrity of a document will be the use of digital signatures to provide evidence of verification that the document has not been altered.

4.  Usability.  The term usability is meant to cover the practical issues relating to retrieving, presenting and interpreting the data correctly.

5.  Attributes of Storage.  A range of issues arise from this perspective, mainly, but not exclusively, around technical obsolescence, which affects:

The media upon which data are stored

The application software used to create, process and display data

Software is replaced frequently, and some types of system software and middleware that are required by an application in order to work also change.  This issue will affect older digital documents that were generated using software and machines that no longer exist.  To read this text will require using different tools.  The next question will be whether the application of a different tool affects a digital document in some way.

The architecture of hardware changes

As discussed by Stefanie Fischer-Dieskau and Daniel Wilke in an article in Digital Evidence and Electronic Signature Law Review, the architecture of hardware changes because machines are replaced, which means some types of software will no longer be available, supported or maintained.  In this respect, digital signature systems may be a problem.  The digital signature software may still be available, but the digital signature might have been applied using a version of the software compatible with Windows 98 but not Windows XP, or the signature software tool may have been overtaken by something better.  So the question then is whether the digital signature ought to be migrated, for instance, by using a further digital signature to provide for the integrity of the version that is migrated.

6.  Procedural Controls.  Where policies and procedures are followed, a degree of trust is created that reinforces the probability that a document can be trusted.  However, the assumption of integrity cannot be sustained where the procedures are tested in a court and found wanting.  This is why the following are relevant:

• The controls in place to prevent modifying or editing the record
• Evidence of the controls to support the document is authentic by the production of credible metadata, audit trails and relevant reports
• The procedures in place to assess and maintain the authenticity of the document over the period of time it has been preserved
• Evidence available to demonstrate policies were properly created and that procedures were subsequently adopted and followed to ensure the policies were correctly implemented

Practical Advice for Building a Solid Foundation
The answer to the difficult question of how digital records should be preserved is somewhat of a moving target because of the nature of the technology that determines the answer.  But a solid foundation can be built using the following advice:

Let standards and best practices be the guide.  Begin by using accepted standards and best practices, and document everything that is done to preserve data.  It will be for lawyers to argue and the adjudicator to determine later, should the admissibility or authenticity of the electronic evidence become an issue, whether the data were secured by adhering to the best practice that was generally accepted at the time they were preserved.

Document policies and procedure.  Even if the actual process is not accepted in the future, it is probable - providing the process has been scrupulously well-documented - that it will more readily withstand scrutiny in a court.

Following the guidance offered by national and international organizations on this topic can offer evidence that preservation duties were undertaken in accordance with the best standards available at the time the data were preserved.

Develop and document decision-making criteria.  It is necessary to ensure that criteria are agreed to and documented when making decisions relating to digital documents.  Appraisal methodologies for approaching digital records also should be developed and maintained.  Failure to have criteria in place and to implement decisions in relation to the criteria will undermine the authenticity of the evidence.  Where the evidence is in dispute, these factors will be the subject of extensive cross-examination.  Where it can be demonstrated that there were no or little criteria and the documentation relating to the criteria either does not exist or is poorly documented, such a gap will completely undermine the value of the evidence and may prevent it from being adduced into the proceedings.

Turn rhetoric into reality.  The central issue is to ensure there is no difference between the claim that a policy existed and documents relating to it were properly drawn up and the practice of abiding by the policy.  If there is a difference between the rhetoric and the reality, the opposing lawyers will mercilessly expose the gap if the organization's own lawyers do not do it before the action begins.

About our author :: :: ::

Stephen Mason is a barrister in England and Wales, Visiting Research Fellow, Digital Evidence Research at the British Institute of International and Comparative Law, and the author and general editor of Electronic Evidence: Disclosure, Discovery & Admissibility and International Electronic Evidence, the author of Electronic Signatures in Law and E-Mail, Networks and the Internet: A Concise Guide to Compliance with the Law, and the general editor of the Digital Evidence and Electronic Signature Law Review.  He can be reached at stephenmason@stephenmason.eu.

References
Fischer-Dieskau, Stefanie and Daniel Wilke.  "Electronically Signed Documents: Legal Requirements and Measures for their Long-Term Conservation."  Digital Evidence and Electronic Signature Law Review, vol.3, 2006.

Imwinkelried, Edward J.  Evidentiary Foundations, 6 ed. Newark, N.J: Lexis-Nexis/Matthew Bender, 2005.

ISO 15489:  2001 Information and Documentation – Records Management – Part I – General.  Geneva: International Organization for Standardization, 2001.

Mason, Stephen.  Proof of the Authenticity of a Document in Electronic Format Introduced as Evidence.  Pittsburgh:  ARMA International Educational Foundation, 2006.

United Kingdom National Archives.  Generic Requirements for Sustaining Electronic Information over Time:  1 Defining the Characteristics for Authentic Records. Kew, Surrey: National Archives, 2002.

Editor's Note:  This article is excerpted from a feature article that originally appeared in the September/ October 2007 issue of the Information Management Journal.  It is based on the author's research project for the ARMA International Educational Foundation, Proof of the Authenticity of a Document in Electronic Format Introduced as Evidence, which may be downloaded free at www.armaedfoundation.org.