Leveraging On Electronic Evidence In The Digital Age 28.08.14 Prepared for Security Industry Conference 2014 Presentation by Lionel Tan Designation Partner Contact details (+65) 6232 0752, lionel.tan@rajahtann.com Overview of Rajah & Tann Singapore Not to be reproduced or disseminated without permisson. Overview of Rajah & Tann Singapore Largest law firm in Singapore and Southeast Asia Full service firm with the largest regional footprint Highly regarded for its leading lawyers and practices Not to be reproduced or disseminated without permisson. Practice Areas Admiralty & Shipping Energy & Resources Appeals & Issues Entertainment & Media, International Arbitration Banking & Finance Family, Probate & Trusts Medical Law Business Finance & Insolvency Financial Institutions Mergers & Acquisitions Capital Markets Commercial Litigation Funds and Investment Management Private Client Hospitality Project Finance Insurance & Reinsurance Tax Construction & Projects Integrated Regulatory Corporate Real Estate Intellectual Property, Sports and Gaming Technology, Media & Telecommunications Competition & Antitrust and Trade Law Employment & Executive Compensation Not to be reproduced or disseminated without permisson. White Collar Crime Overview of Rajah & Tann Asia Regional Offices Affiliate/ Associate Firms Regional Desks Not to be reproduced or disseminated without permisson. Overview Background to the Evidence Act Evidence (Amendment) Bill 2012 Not to be reproduced or disseminated without permisson. Key Changes to the Evidence Act Implications The Evidence Act Not to be reproduced or disseminated without permisson. Background to the Evidence Act Contains Singapore’s rules of admitting evidence in civil proceedings Outdated Largely derived from the Indian Evidence Act enacted in 1872 Not to be reproduced or disseminated without permisson. Last amendment to the Evidence Act was in 2003 Background to the Evidence Act Two main purposes To get all the relevant evidence before a judge so that the judge can make the best possible decision Allows a permissive view of evidence; to allow as much evidence in as possible. Not to be reproduced or disseminated without permisson. To protect the interest of parties involved to ensure that only relevant evidence is permitted against them To exclude prejudicial information such hearsay evidence. Evidence (Amendment) Bill 2012 Represents the first major reform of substantive areas of evidence law in many years Read for the first time in Parliament on 16 January 2012 Passed on 14 February 2012, likely to come into force this year Proposed changes to the Evidence Act were put forward by Minister for Law, Mr K. Shanmugan Members of Parliament who commented on the proposed changes: Hri Kumar Nair, Sylvia Lim, Vikram Nair, Desmond Lee, Lina Chiam Not to be reproduced or disseminated without permisson. Admissibility of Electronic Evidence Not to be reproduced or disseminated without permisson. Pre-amendment • Section 35 EA: Computer output is admissible if it is relevant and falls under any of the three modes of admissibility: Express agreement between the parties In reality, if the evidence is against that party, he would not consent to its admission • Proof of proper operation of the computer and the corresponding accuracy of the computer printout Output is produced in an approved process Audit process is costly; viable only if parties have the resources Difficult to identify or find a qualified party to verify the accuracy of the computer or the print-out Section 36 EA: Supplements section 35 EA Not to be reproduced or disseminated without permisson. Post-amendment Sections 35 and 36 are deleted No distinction in the treatment of electronic evidence from evidence that is not in electronic form Existing rules on relevance and admissibility apply to electronic evidence Eg. rules on hearsay, best evidence rules and rules on authentication Not to be reproduced or disseminated without permisson. Post-amendment Section 116A: Introduces presumptions facilitating the admission of electronic records Section 116A(1): Where the device is one that ordinarily produces or accurately communicates an electronic record, it will be presumed that the said electronic record was accurately communicated by the device Illustration: A seeks to adduce evidence in the form of an electronic record or document produced by an electronic device or process. A proves that the electronic device or process in question is one that, or is of a kind that, if properly used, ordinarily produces that electronic record or document. This is a relevant fact for the court to presume that in producing the electronic record or document on the occasion in question, the electronic device or process produced the electronic record or document which A seeks to adduce. Not to be reproduced or disseminated without permisson. Post-amendment Section 116A: Introduces presumptions facilitating the admission of electronic records Section 116A(2): Presumption of authenticity where the computer record was produced in the ordinary course of business by a person who is not party to the proceedings and where the proponent of the record did not control the making of the record. Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic record was generated, recorded or stored in the usual and ordinary course of business by C, a neutral third party, is a relevant fact for the court to presume that the electronic record is authentic. Not to be reproduced or disseminated without permisson. Post-amendment Section 116A: Introduces presumptions facilitating the admission of electronic records Section 116A(3): Presumption of authenticity where the computer record was obtained from the opposing party and is to be used against that party. Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic record was generated, recorded or stored by B, who opposes the relevance of the evidence, is a relevant fact for the court to presume that the electronic record is authentic. Not to be reproduced or disseminated without permisson. Implications • All types of electronic evidence are now admissible under the Evidence Act subject to Section 116A and the normal rules of admissibility. • Businesses should maintain proper electronic records and establish processes to ensure that electronic records are well kept and easily retrievable in case they are needed as electronic evidence in any dispute the company is involved in. Not to be reproduced or disseminated without permisson. Practical Implications For Businesses Not to be reproduced or disseminated without permisson. Implications • What businesses can do to ensure that the electronic records fall within the section 116A presumption : Maintain a proper system of preserving documents and correspondence Establish a proper protocol of deleting documents Engage professionals to set up and maintain the company’s computer systems Conduct regular checks on computer systems and databases to ensure that it is functioning smoothly and is free from viruses Not to be reproduced or disseminated without permisson. Implications • What businesses should do if there is an incident : Recognise possible electronic documents which may be relevant as evidence Ensure that the documents are not tampered with post-incident Engage professionals to recover any deleted documents which may be relevant Ensure a proper record of the chain of custody of any evidence is maintained Not to be reproduced or disseminated without permisson. Practices That Pose Potential Risks Inadequate security software installed Sending unauthorized e-mails from office computers Taking work laptops out of the office Using personal storage devices to access and retain data (eg flash drives) Downloading and installing suspicious software Not to be reproduced or disseminated without permisson. Case Study Not to be reproduced or disseminated without permisson. Case Studies • Case Study A : A security SME, ABC, has noticed anomalies in its accounting and product records. ABC also noticed in its system log files that there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. ABC have also recently received a number of customer complaints saying that there is often a strange message displayed on their website, and there are often unauthorised advertisements popping up. • Case Study B : An employee of the security SME, DEF, had recently left the company to join a competitor. DEF now notices that a number of its clients have moved to the competitor and suspects that the ex-employee had stolen their client list when he left. • What can these companies do? Not to be reproduced or disseminated without permisson. Case Study A : Discussion • Case Study A: - Restrict access and permissions to the server/system to prevent tampering of the system log files - Create a backup copy of the system log files to preserve the evidence - An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. - If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach Not to be reproduced or disseminated without permisson. Case Study B : Discussion • Case Study B: - Check the system logs of the ex-employee’s computer to determine what data was transferred and how it was transferred - Create a backup copy of the system log files to preserve the evidence - An audit trail or other record of all processes applied to computerbased electronic evidence should be created and preserved. - If necessary, get a court order to conduct forensic investigation on the ex-employee’s personal devices which may have been used at work - If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach Not to be reproduced or disseminated without permisson. Discussion • In both case studies, the companies and its lawyers took steps to : - Identify, gather, and preserve any electronic records that could be admissible in court as evidence - Ensure that these electronic records were not tampered with - Created and preserved a record of all processes applied to computerbased electronic evidence - Where necessary, leave of the court was obtained to compel the other party to cooperate with the gathering of electronic evidence - Where the company’s IT department had insufficient expertise hiring third party professionals to conduct digital forensics and investigate the source of the breach was considered Not to be reproduced or disseminated without permisson. Questions? Not to be reproduced or disseminated without permisson. Disclaimer The material in this presentation is prepared for general information only and is not intended to be a full analysis of the points discussed. This presentation is also not intended to constitute, and should not be taken as, legal, tax or financial advice by Rajah & Tann LLP. The structures, transactions and illustrations which form the subject of this presentation may not be applicable or suitable for your specific circumstances or needs and you should seek separate advice for your specific situation. Any reference to any specific local law or practice has been compiled or arrived at from sources believed to be reliable and Rajah & Tann LLP does not make any representation as to the accuracy, reliability or completeness of such information. Not to be reproduced or disseminated without permisson. Not to be reproduced or disseminated without permisson.