Intro to Legal Aspects
Duane Aslett
Introduction
• News24 report: World grapples with rise in cybercrime
• London - International law enforcement agencies say the recent
$45m ATM heist is just one of many scams they're fighting in an
unprecedented wave of sophisticated cyberattacks.
• Old-school robberies by masked criminals are being eclipsed by
stealth multimillion dollar cybercrime operations which are catching
companies and investigators by surprise.
Introduction
•
.
Introduction
•
.
Introduction
• News24 report: World grapples with rise in cybercrime
• "We are seeing an unprecedented number of cyberscams that
include phishing for financial data, viruses, credit card fraud and
others," Marcin Skowronek, an investigator at Europol's European
Cybercrime Center in The Hague.
Introduction
• Much debate exists whether:
– Traditional organised crime groups have entered the world of
cybercrime; or
– Whether cybercriminals have simply become organised.
• Clear that traditional organised crime groups do make use of
“malware and/or botnet operators to acquire pertinent personal
information”.
Multi-disciplinary approach
The Bill of Rights - Privacy
Section 14: Privacy
•
Everyone has the right to privacy, which includes the right not to
have –
(a) their person or home searched;
(b) their property searched;
(c) their possessions seized; or
(d) the privacy of their communications infringed.
•
a)
b)
Two parts:
Guarantees general right to privacy
Protects specific infringements of privacy, namely searches and
seizures and infringements of the privacy of communications
The Bill of Rights - Privacy
•
a)
b)
c)
d)
e)
f)
•
Some examples of breach of privacy as given by Ackerman J in
Bernstein v Bester which amounts to a breach of privacy:
Entry into a private residence
Reading of private documents
Listening to private communications
Shadowing of a person
Disclosure of private facts acquired by wrongful act of intrusion
Disclosure of private facts in breach of a relationship of
confidentiality
However, not always clear cut case. Court has to look at the
particular circumstances of each case and assess whether the
invasion was unlawful.
The Bill of Rights – Limitation of Rights
Section 36: Limitation of Rights
•
Most rights are of necessity restricted by the inherent duty which
should be perceived as the inextricable counterpart of a
corresponding right to respect the rights of others
•
i.e. freedom of speech does not allow one person to defame
another.
The Bill of Rights – Limitation of Rights
•
When can your rights be limited?
- in terms of law of general application
- limitation must be reasonable and justifiable in an open and
democratic society based on human dignity, equality and freedom
- taking into account:
+ nature of the right;
+ importance of the purpose of the limitation;
+ nature and extent of the limitation;
+ relation between the limitation and its purpose; and
+ less restrictive means to achieve the purpose
The Bill of Rights – Limitation of Rights
•
2 stage approach:
–
Whether a right in the Bill of Rights has been infringed by
law or conduct of the respondent
–
Whether the infringement can be justified as a permissible
limitation of the right.
•
General application means that the law must be sufficiently clear,
accessible and precise to those who are affected by it. The law
must apply impersonally, equally to all and not arbitrary in its
application.
The Bill of Rights - Privacy
Search and seizures:
•
General:
a)
Conducted in terms of legislation clearly defining the power to
search and seize.
b)
Only permissible to achieve compelling public objectives.
c)
Endorsed as necessary by an independent authority before they
may be conducted
d)
Therefore – authorized by warrant
The Bill of Rights - Privacy
Admissibility of Evidence obtained:
•
Section 35(5): “Evidence obtained in a manner that violates any
right in the Bill of Rights must be excluded if the admission of that
evidence would render the trial unfair or otherwise be detrimental
to the administration of justice.”
Introduction: Relevance
•
Relevance = basic criterion of admissibility
•
Sec 210 CPA - Irrelevant evidence inadmissible:
"No evidence as to any fact, matter or thing shall be admissible
which is irrelevant or immaterial and which cannot conduce to
prove or disprove any point or fact at issue in criminal
proceedings."
•
Sec 2 CPEA - Evidence as to irrelevant matters:
"No evidence as to any fact, matter or thing which is irrelevant
or immaterial and cannot conduce to prove or disprove any
point or fact in issue shall be admissible."
Positive/Negative formulation
• Can be formulated positively - relevant evidence is admissible (R v
Trupedo)
• Or negatively - irrelevant evidence is inadmissible (Legislation).
Meaning of Relevance
Meaning of Relevance:
•
Essentially a matter of reason and common sense
•
“based upon a blend of logic and experience lying outside the
law”
•
“any facts are relevant if from their existence inferences may
properly be drawn as to the existence of the fact in issue”
•
Relevance is a matter of degree and its determination cannot take
place in a vacuum
•
Law must draw a line between those facts it regards as sufficiently
relevant to be admissible and those which it considers too remote
(i.e. cases could go on forever) – decided on grounds of fairness
and convenience
Meaning of Relevance
•
When decided as irrelevant based on either:
-
Common sense
-
Practical disadvantages of receiving it outweigh its probative
value
-
More accurate terms to use: “practically acceptable” & “practically
unacceptable” in stead of “relevance”
•
“the trial courts should make strenuous efforts to put a check on
evidence whose reception would cause time to be wasted and
money spent on what it not legitimate and which would lead to the
accumulation of a mass of material which is so far from assisting
the judge and renders his task more difficult, because he has to
sift the grain from an unnecessary amount of chaff”
•
NB FORENSIC REPORT WRITING
Documentary Evidence
• Documents are an important class of evidence
• ‘Document’ includes everything that contains the written or pictorial
proof of something
• Sec 33 of Civil Proceedings Evidence Act defines document as
including any book, map, plan, drawing or photograph
• Section 221 of CPA defines document to include any device by
means of which information is stored or recorded (includes a
computer print-out in certain circumstances, but not a computer
where the operations carried out by the computer are more than
mere storage, or recording of information)
Documentary Evidence
Party that wishes to rely on statements contained in a document must
comply with the following:
1)
Subject to various exceptions, the contents of a document may be
proved only by production of the original
2)
Evidence is normally required to satisfy the court of a document’s
authenticity
Documentary Evidence
1.
Production of the original
• General rule:
-
No evidence is ordinarily admissible to prove the contents of a
document except the original document itself
-
Thought to have been a remnant of the best evidence rule
-
Preserved in sec 252 of Criminal Procedure Act and sec 42 of
Civil Proceedings Evidence Act
Documentary Evidence
-
Number of cases where appeals succeeded because prosecution
needed to prove the terms of a document but omitted to produce
the original
-
R v Pelunsky: accused charged with conspiring to defraud Jhb
municipality by falsifying tickets. To prove the entry on the tickets,
prosecution tendered the counterfoils, which had been filled in at
the same time as the tickets themselves. AD held that in absence
of any explanation why original tickets would not be produced, the
secondary evidence provided by the counterfoil should have been
excluded
Documentary Evidence
• Meaning of “original document”
-
Original if, according to the substantive law and the issues raised
in the trial, it is the document whose contents have to be proved
-
Telegram – the form completed at the Post Office is the original
document, and telegram actually delivered is secondary evidence
-
Multiple originals - carbon copies accepted as originals
-
Copies initialed by the writer has been accepted as original
Documentary Evidence
• Exception for admissions
-
The admission of the contents of a document by a party to
litigation is considered to be primary evidence against him
-
Such an admission may be made in or out of court, and orally or
by conduct, but it now appears to be settled that failure to object
to secondary evidence of a document does not amount to an
admission of its contents in a criminal prosecution
Documentary Evidence
• When secondary evidence is admissible
-
General rule that there are no degrees of secondary evidence - if
failure to produce the original is excused, the document may be
proved by copies of any kind or the oral evidence of someone
who can remember its contents
Documentary Evidence
i)
Document in possession of opposing party
-
Party may adduce secondary evidence of a document in the
possession of his opponent if the latter has failed to produce it
after having been given notice to do so
-
No formal notice required
-
Reasonable time
Documentary Evidence
ii)
Document in possession of a third party
-
Correct procedure for obtaining production of a document in the
possession of a third party is to serve him with a subpoena duces
tecum specifying the document in question
-
Secondary evidence of its contents may be given if the person in
possession refuse to disclose the document on the ground of
some recognised privilege
-
Secondary evidence also admissible if the document is in the
possession of a person residing outside the jurisdiction and not
amenable to the process of the court, but there must be evidence
that some effort was made to persuade him to produce it
Documentary Evidence
iii)
Document lost or destroyed
-
Contents of a document may be proved by secondary evidence if
it is shown to have been destroyed, or there is evidence that after
a proper search it could not be found – has to be thorough
search, not enough to merely say document is gone altogether
-
When it has been destroyed, a copy cannot be proved by a party
who destroyed it in contemplation of litigation, with a possible
fraudulent intention
-
Copy can be accepted when destruction has been effected in the
ordinary course of business by a party
Documentary Evidence
iv)
Production of original impossible or inconvenient
-
General rule that secondary evidence may be given when
production of the original writing would be impossible, unlawful, or
even inconvenient
-
E.g. oral evidence received to prove the contents of a notice
affixed to a wall
Documentary Evidence
v)
Public documents
-
Sec 233 of CPA provides that the contents of a book or document
which is of such public nature as to be admissible upon its mere
production, may be proved by means of an examined copy or
extract, or what purports to be signed and certified as a true copy
or extract by the office to whose custody the original is entrusted
-
Similar provisions exists for civil actions
Documentary Evidence
vi)
Official documents
-
Official documents are protected from production in court
because their removal would hinder and delay their official use,
would make it impossible for others to consult them, and would
subject them to the risk of loss and damage
Documentary Evidence
vii)
Bankers’ books
-
In criminal proceedings entries in accounting records of a bank
are prima facie proof of their contents upon the mere production
of an affidavit which alleges that it has been sworn to by a person
in the service of the bank, that the accounting records are the
ordinary records or documents of the bank, that the entries were
made in the usual and ordinary course of business of the bank
and that the accounting records or documents are in the custody
of the bank
Documentary Evidence
2.
Proof of Authenticity
• General rule
-
Party that tenders document required to adduce evidence to
satisfy the court of its authenticity
-
Usually means proving that the document was written or
executed by the person who it purports to have done so
-
How? Call the writer to identify the document, tender the
evidence of someone else saw him sign or write it, or who can
identify his handwriting
-
Comparison of handwriting may be resorted to if the author or
any other identifying witness not available to testify
Hearsay
•
Sec 3 of the Law of Evidence Amendment Act 45 of 1988 defines
hearsay as follows:
•
Means evidence, whether oral or in writing, the probative value
of which depends upon the credibility of any person other than the
person giving such evidence
Hearsay
•
Sec 3: subject to the provisions of any other law, hearsay
evidence shall not be admitted as evidence at criminal or civil
proceedings, unless
a)
each party against whom the evidence is to be adduced agrees to
the admission thereof as evidence at such proceedings;
b)
the person upon whose credibility the probative value of such
evidence depends, himself testifies at such proceedings; or
Hearsay
c)
the court, having regard to:
–
–
–
–
–
–
–
the nature of the proceedings;
the nature of the evidence;
the purpose for which the evidence is tendered;
the probative value of the evidence;
the reason why the evidence is not given by the person upon
whose credibility the probative value of such evidence
depends;
any prejudice to a party which the admission of such evidence
might entail; and
any other factor which should in the opinion of the court be
taken into account,
is of the opinion that such evidence should be admitted in the
interests of justice
Hearsay
•
In Metedad-case court held that a presiding officer:
•
“should hesitate long in admitting or relying on hearsay evidence
which plays a decisive role or even significant part in convicting
an accused, unless there are compelling justifications for doing
so”
Chain of Custody/Evidence
• Transfer of evidence from one party to another should be carefully
documented.
• Each person who handles or takes control of evidence must be
recorded.
• This creates a “chain of custody” or “chain of evidence”.
• This document identifies (at minimum) each custodian, when (s)he
received it, and to whom transferred.
• The chain of evidence must not be broken – no gaps during which
evidence was unaccounted for or out of the control of a custodian of
record.
Chain of Custody/Evidence
• Chain of evidence which is broken exposes it to challenge and
jeopardizes the admissibility of evidence.
• Sloppy handling of evidence exposes both investigator and
evidence to credibility challenges.
• Claims of evidence tampering, alteration, or contamination are
possible when evidence is mishandled.
Chain of Custody/Evidence
• Investigators should not handle or use originals during their
investigation.
• If possible, use copies, photographs or models in lieu of the
originals.
• NEVER place an original piece of evidence in the hands of the
suspect.
ECT Act
• e-commerce lures both enterprise and cyber criminals.
• In order to avoid the lengthy process of developing common-law
crimes the Act provides for so-called ‘cyber crimes’ pertaining to
unauthorised access to and tampering with data messages, and
further to computer-related extortion, fraud and forgery.
• The Act also provides for cyber inspectors, who are granted
reasonably extensive powers in the monitoring of electronic
transactions.
• In so doing the Act places power, normally reserved for the police
services, who are quite incapable of policing the online environment,
in the hands of those better able to monitor e-commerce.
ECT Act
A cyber inspector:
• may monitor and inspect any web site or activity on an information
system in the public domain and report any unlawful activity to the
appropriate authority;
• may investigate the activities of a cryptography service provider or
authentication service providers; and
• in respect of the protection of personal information, may monitor the
compliance of the service provider with the provisions of the Act, etc.
ECT Act
In performing their functions, cyber inspectors may at any reasonable
time and without prior notice, on the authority of a warrant,
• enter any premises or access any information system that has a
bearing on an investigation and search those premises or
information system;
• search any person on those premises if there are reasonable
grounds for believing that the person has personal possession of an
article, document or record that has a bearing on the investigation;
• take extracts from or make copies of any book, document or record
that is on the premises or the information system that has a bearing
on the investigation; and
• demand production of and inspect relevant licences, etc.
ECT Act
• In order to execute these duties the Act provides that any court may,
on a request from a cyber inspector but subject to the provisions of s
25 of the Criminal Procedure Act 51 of 1977, issue a warrant
required by that cyber inspector.
ECT Act
• The enactment of this legislation covered substantial ground as far
as information technology was concerned.
• Section 11(1) of the Act provides that information is not without legal
force and effect merely on the grounds that it is wholly or partly in
the form of a ‘data message’.
• In essence, this shows legal recognition for information in its
electronic form as opposed to the traditional ‘document’.
• The requirement that the document must be in writing is met if the
document is in the form of a data message and accessible in a
manner usable for subsequent reference (see s 12).
• Thus courts have held that SMS was valid mode of acceptance of
an offer or resignation from employment.
Differences: Electronic vs Paper
• Volume and duplicability
– More copies can be created
– Easier to duplicate and move
– May reside in more than one location
• Persistence
– Durable and more difficult to dispose of (mere deletion does not
mean irretrievable)
• Dynamic and changeable content
– Content changed more easily
– Even without human intervention
Differences: Electronic vs Paper
• Metadata
– Information about the document that is recorded by the computer
to assist with storing and retrieval
– Used to describe how, when and by whom the electronically
stored information (ESI) was collected, created, accessed,
modified and how it was formatted.
• Environment-dependence and obsolescence
– ESI, removed from its environment, is unreadable without the
appropriate software.
– May also be difficult to access – obsolete system (even ne
technology)
Differences: Electronic vs Paper
• Dispersion and searchability
– Reside in many locations, not just one filing cabinet
– Not easy to search for what is relevant
ECT Act
• In s 1, ‘data message’ is defined as ‘data generated, sent, received
or stored by electronic means’.
• Section 14(2) provides that a data message would be admissible if
the integrity of the data or information is unaffected and
information can be produced or displayed.
• Section 15(1) provides for the admissibility of data messages in any
legal proceedings, including criminal cases.
• Thus a data message is admissible even if it is not in its original
form provided that it is the best evidence that the person adducing it
could reasonably be expected to obtain.
ECT Act
• Does not imply that all data messages are automatically admissible.
• In accordance with ECT Act, data messages are functional
equivalents of documents.
• Therefore ordinary common law requirements for admissibility of
documents apply (except where Act specifically provides for
exceptions).
• Ndlovu v Minister of Correctional Services the court held three
common law requirements:
– Statements in document must be relevant and admissible
– Original document must be produced
– authentication
Private electronic documents
• How is this achieved in the case of private electronic documents.
• A person wanting to rely on electronic evidence must comply with
the following:
– Production in court
– Presentation of original form
– Authenticity
Production - Section 17 (1)
• Subject to section 28 (e-government services), where a law requires
a person to produce a document or information, that requirement is
met if the person produces, by means of a data message, an
electronic form of that document or information, and if-
– considering all the relevant circumstances at the time that the
data message was sent, the method of generating the
electronic form of that document provided a reliable means of
assuring the maintenance of the integrity of the information
contained in that document; and
– at the time the data message was sent, it was reasonable to
expect that the information contained therein would be readily
accessible so as to be usable for subsequent reference.
Production - Section 17 (2)
• For the purposes of subsection (1), the integrity of the information
contained in a document is maintained if the information has
remained complete and unaltered, except for– the addition of any endorsement; or
– any immaterial change, which arises in the normal course of
communication, storage or display.
Original form - Section 14 (1)
• Where a law requires information to be presented or retained in its
original form, that requirement is met by a data message if– the integrity of the information from the time when it was first
generated in its final form as a data message or otherwise has
passed assessment in terms of subsection (2); and
– that information is capable of being displayed or produced to
the person to whom it is to be presented.
Original form - Section 14 (2)
• For the purposes of subsection 1, the integrity must be assessed– by considering whether the information has remained complete
and unaltered, except for the addition of any endorsement and
any change which arises in the normal course of communication,
storage and display;
– in the light of the purpose for which the information was
generated; and
– having regard to all other relevant circumstances.
Original form - Section 14
• Proponents can establish a chain of custody by, for instance:
– Demonstrating established company policies regarding
electronic storage and restricted access;
– The use of devices that limit access through passwords and
encoding; and
– Entry logs indicating when and by whom documents have been
accessed or changed.
Authenticity
• Different types of data messages make it difficult to formulate
prerequisites for authentication which would apply to all possible
types.
• Thus the ECT Act does not specify criteria which should be applied
• Authenticity is preserved by techniques preventing data from being
manipulated, altered or falsified.
Authenticity
• Irish Law Commission formulated following six guidelines to assist
court in determining authenticity:
– Whether computer was working properly;
– Whether program in use with regard to evidence was faulty;
– Whether secondary media (discs, USB keys) upon which info
was stored have been damaged or interfered with;
– Whether proper record management procedures in operation;
– Whether error checking mechanisms existed with respect ti
original creation of the program; or
– Whether proper security procedures were in place to prevent
alteration of info prior to printout.
Section 15 (1) and (2)
• In any legal proceedings, the rules of evidence must not be applied
so as to deny the admissibility of a data message, in evidence– on the mere grounds that it is constituted by a data message; or
– if it is the best evidence that the person adducing it could
reasonably be expected to obtain, on the grounds that it is not in
its original form.
• Information in the form of a data message must be given due
evidential weight.
Section 15 (3)
• In assessing the evidential weight of a data message, regard must
be had to– the reliability of the manner in which the data message was
generated, stored or communicated;
– the reliability of the manner in which the integrity of the data
message was maintained;
– the manner in which its originator was identified; and
– any other relevant factor.
Conclusion
• Section 15(2) provides that information in the form of a data
message must be given due evidential weight.
• Papadopoulos, S and Snail, S (eds.) Cyberlaw@SA III: The Law of
the Internet in South Africa 3rd ed (Van Schaik Pretoria 2012)
• "In assessing the weight of electronic evidence, computer experts
and computer forensics investigators will play an increasingly
important role" (p 327).
Questions and
Comments