Click here to - Security Industry Conference

advertisement
Leveraging On Electronic Evidence In
The Digital Age
28.08.14
Prepared for Security Industry Conference 2014
Presentation by Lionel Tan
Designation
Partner
Contact details (+65) 6232 0752, lionel.tan@rajahtann.com
Overview of
Rajah & Tann
Singapore
Not to be reproduced or disseminated without permisson.
Overview of Rajah & Tann Singapore
Largest law firm in Singapore and
Southeast Asia
Full service firm with the largest
regional footprint
Highly regarded for its
leading lawyers and practices
Not to be reproduced or disseminated without permisson.
Practice Areas
Admiralty & Shipping
Energy & Resources
Appeals & Issues
Entertainment & Media,
International
Arbitration
Banking & Finance
Family, Probate & Trusts
Medical Law
Business Finance &
Insolvency
Financial Institutions
Mergers &
Acquisitions
Capital Markets
Commercial Litigation
Funds and Investment
Management
Private Client
Hospitality
Project Finance
Insurance & Reinsurance
Tax
Construction & Projects
Integrated Regulatory
Corporate Real Estate
Intellectual Property,
Sports and Gaming
Technology, Media &
Telecommunications
Competition & Antitrust
and Trade Law
Employment & Executive
Compensation
Not to be reproduced or disseminated without permisson.
White Collar Crime
Overview of Rajah & Tann Asia
Regional Offices
Affiliate/ Associate Firms
Regional Desks
Not to be reproduced or disseminated without permisson.
Overview
Background to
the Evidence
Act
Evidence
(Amendment)
Bill 2012
Not to be reproduced or disseminated without permisson.
Key Changes
to the
Evidence Act
Implications
The
Evidence Act
Not to be reproduced or disseminated without permisson.
Background to the Evidence Act
Contains Singapore’s rules of
admitting evidence in civil proceedings
Outdated
Largely derived from the Indian
Evidence Act enacted in 1872
Not to be reproduced or disseminated without permisson.
Last amendment to the
Evidence Act was in 2003
Background to the Evidence Act
Two main purposes
To get all the relevant
evidence before a judge
so that the judge can
make the best possible
decision
Allows a permissive view
of evidence; to allow as
much evidence in as
possible.
Not to be reproduced or disseminated without permisson.
To protect the interest
of parties involved to
ensure that only
relevant evidence is
permitted against them
To exclude prejudicial
information such
hearsay evidence.
Evidence (Amendment) Bill 2012
Represents the first major reform of substantive areas of evidence law
in many years
Read for the first time in Parliament on 16 January 2012
Passed on 14 February 2012, likely to come into force this year
Proposed changes to the Evidence Act were put forward by Minister for
Law, Mr K. Shanmugan
Members of Parliament who commented on the proposed changes:
Hri Kumar Nair, Sylvia Lim, Vikram Nair, Desmond Lee, Lina Chiam
Not to be reproduced or disseminated without permisson.
Admissibility of
Electronic
Evidence
Not to be reproduced or disseminated without permisson.
Pre-amendment
•
Section 35 EA: Computer output is admissible if it is relevant
and falls under any of the three modes of admissibility:
Express
agreement between
the parties
In reality, if the
evidence is against that
party, he would not
consent to its admission
•
Proof of proper
operation of the
computer and the
corresponding
accuracy of the
computer printout
Output is produced in
an approved
process
Audit process is costly;
viable only if parties
have the resources
Difficult to identify or
find a qualified party
to verify the accuracy of
the computer or the
print-out
Section 36 EA: Supplements section 35 EA
Not to be reproduced or disseminated without permisson.
Post-amendment
Sections 35 and 36
are deleted
No distinction
in the treatment of
electronic
evidence from
evidence that is
not in electronic
form
Existing rules on
relevance and
admissibility
apply to electronic
evidence
Eg. rules on hearsay,
best evidence rules and
rules on authentication
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the
admission of electronic records
Section 116A(1): Where the device is one that ordinarily produces or
accurately communicates an electronic record, it will be presumed
that the said electronic record was accurately communicated by the device
Illustration: A seeks to adduce evidence in the form of an electronic record or
document produced by an electronic device or process. A proves that the electronic
device or process in question is one that, or is of a kind that, if properly used,
ordinarily produces that electronic record or document. This is a relevant fact for the
court to presume that in producing the electronic record or document on the
occasion in question, the electronic device or process produced the electronic record
or document which A seeks to adduce.
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the
admission of electronic records
Section 116A(2): Presumption of authenticity where the computer record
was produced in the ordinary course of business by a person who is
not party to the proceedings and where the proponent of the
record did not control the making of the record.
Illustration: A seeks to adduce evidence against B in the form of an
electronic record. The fact that the electronic record was generated,
recorded or stored in the usual and ordinary course of business by C, a
neutral third party, is a relevant fact for the court to presume that the
electronic record is authentic.
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the
admission of electronic records
Section 116A(3): Presumption of authenticity where the computer record
was obtained from the opposing party and is to be used against
that party.
Illustration: A seeks to adduce evidence against B in the form of an
electronic record. The fact that the electronic record was generated,
recorded or stored by B, who opposes the relevance of the evidence, is
a relevant fact for the court to presume that the electronic record is
authentic.
Not to be reproduced or disseminated without permisson.
Implications
•
All types of electronic evidence are now admissible under the
Evidence Act subject to Section 116A and the normal rules of
admissibility.
•
Businesses should maintain proper electronic records and
establish processes to ensure that electronic records are well
kept and easily retrievable in case they are needed as electronic
evidence in any dispute the company is involved in.
Not to be reproduced or disseminated without permisson.
Practical
Implications
For
Businesses
Not to be reproduced or disseminated without permisson.
Implications
•
What businesses can do to ensure that the electronic
records fall within the section 116A presumption :
Maintain a proper system of preserving documents and
correspondence
Establish a proper protocol of deleting documents
Engage professionals to set up and maintain the company’s
computer systems
Conduct regular checks on computer systems and databases to
ensure that it is functioning smoothly and is free from viruses
Not to be reproduced or disseminated without permisson.
Implications
•
What businesses should do if there is an incident :
Recognise possible electronic documents which may
be relevant as evidence
Ensure that the documents are not tampered with
post-incident
Engage professionals to recover any deleted
documents which may be relevant
Ensure a proper record of the chain of custody of
any evidence is maintained
Not to be reproduced or disseminated without permisson.
Practices That Pose Potential Risks
Inadequate security software installed
Sending unauthorized e-mails from office
computers
Taking work laptops out of the office
Using personal storage devices to access and
retain data (eg flash drives)
Downloading and installing suspicious software
Not to be reproduced or disseminated without permisson.
Case Study
Not to be reproduced or disseminated without permisson.
Case Studies
•
Case Study A :
A security SME, ABC, has noticed anomalies in its accounting and
product records. ABC also noticed in its system log files that there are a
number of suspicious entries and IP addresses with a large amount of
data being sent outside the company firewall. ABC have also recently
received a number of customer complaints saying that there is often a
strange message displayed on their website, and there are often
unauthorised advertisements popping up.
•
Case Study B :
An employee of the security SME, DEF, had recently left the company to
join a competitor. DEF now notices that a number of its clients have
moved to the competitor and suspects that the ex-employee had stolen
their client list when he left.
•
What can these companies do?
Not to be reproduced or disseminated without permisson.
Case Study A : Discussion
•
Case Study A:
- Restrict access and permissions to the server/system to prevent
tampering of the system log files
- Create a backup copy of the system log files to preserve the
evidence
- An audit trail or other record of all processes applied to
computer-based electronic evidence should be created and
preserved.
- If the internal IT department has insufficient expertise, consider
hiring third party professionals to conduct digital forensics and
investigate the source of the breach
Not to be reproduced or disseminated without permisson.
Case Study B : Discussion
•
Case Study B:
- Check the system logs of the ex-employee’s computer to
determine what data was transferred and how it was transferred
- Create a backup copy of the system log files to preserve the
evidence
- An audit trail or other record of all processes applied to computerbased electronic evidence should be created and preserved.
- If necessary, get a court order to conduct forensic investigation on
the ex-employee’s personal devices which may have been used
at work
- If the internal IT department has insufficient expertise, consider
hiring third party professionals to conduct digital forensics and
investigate the source of the breach
Not to be reproduced or disseminated without permisson.
Discussion
•
In both case studies, the companies and its lawyers took steps to :
- Identify, gather, and preserve any electronic records that could be
admissible in court as evidence
- Ensure that these electronic records were not tampered with
- Created and preserved a record of all processes applied to computerbased electronic evidence
- Where necessary, leave of the court was obtained to compel the other
party to cooperate with the gathering of electronic evidence
- Where the company’s IT department had insufficient expertise hiring
third party professionals to conduct digital forensics and investigate
the source of the breach was considered
Not to be reproduced or disseminated without permisson.
Questions?
Not to be reproduced or disseminated without permisson.
Disclaimer
The material in this presentation is prepared for general information only
and is not intended to be a full analysis of the points discussed. This
presentation is also not intended to constitute, and should not be taken as,
legal, tax or financial advice by Rajah & Tann LLP. The structures,
transactions and illustrations which form the subject of this presentation
may not be applicable or suitable for your specific circumstances or needs
and you should seek separate advice for your specific situation. Any
reference to any specific local law or practice has been compiled or arrived
at from sources believed to be reliable and Rajah & Tann LLP does not make
any representation as to the accuracy, reliability or completeness of such
information.
Not to be reproduced or disseminated without permisson.
Not to be reproduced or disseminated without permisson.
Download