Tuesday, January 17, 2017
Posted by: Mary Mack
A new amendment will go into effect December 1, 2017, allowing self-authentication of electronic evidence under two scenarios. This is a codification of best practice of advanced practitioners of the electronic discovery arts to offer affidavits or declarations regarding data collection rather than more expensive and risky testimony. As with other Rule amendments, the Supreme Court is expected to approve and Congress is expected to do nothing to impede its effective date.
The first provision would allow self-authentication of machine-generated information, upon a submission of a certification prepared by a qualified person. The second proposal would provide a similar certification procedure for a copy of data taken from an electronic device, medium or file.
The drafters were careful to note that other Rules of Evidence were not being changed. “These new amendments do not change the standards for authentication of electronic evidence. Rather, they change the manner in which the proponent’s submission on authenticity can be made. Instead of calling a witness, the proponent can provide a certificate prepared by the witness of the submission that he would have made if required to testify. Of course, if that submission would be insufficient if he had testified, these new amendments will be of no use.”
This amendment to the Federal Rules of Evidence will create demand for automated, forensically sound collection with robust, court consumable reporting features and for qualified personnel to certify the results of the automated collection process. In addition, for data collected by copying, the proposed amendments allow for a qualified person to certify that the copy complies with the existing Rules of Evidence (subsections (11) and (12)).
For both amendments, there is a notice requirement to the receiving party, who may then challenge the authenticity. Without a challenge, the evidence will be authenticated.
The complex interplay of admissibility and authenticity is laid out in the Honorable Judge Paul Grimm’s signature hornbook style in an appendix to the US Court’s Agenda Book on Evidence
Starting at page 275, Judge Grimm does not disappoint. He lays out forensic, social media, civil, criminal, GPS and other scenarios and explains how the evidence would need to be admitted and authenticated prior to the amendments and after the amendments, carefully reminding us of the notice requirement in each example.
Judge Grimm lists chapter and verse about the many ways in which data can be authenticated, including use of emoji’s and the Wayback Machine.
Quotes from Experts about Impact on Forensic Business and Corporate Practice:
John Patzakis, an attorney and Executive Chairman of X1 wrote in an article for Forensic Focus, that “Notably, the accompanying official Advisory Committee notes specifically reference the importance of both generating “hash values” and verifying them post-collection as a means to meet this standard for self-authentication. This digital identification and verification process can only be achieved with purpose-built computer forensics or eDiscovery collection and preservation tools.”
Further, Patzakis feels the rule provides the “nail in the coffin” for custodian self-collection and screen print of social media and websites.
“The proposed rule changes on evidence and the recent rule changes to civil procedures do not eliminate the need for forensics. To the contrary, these changes to the rules actually integrate forensics methods and best practices at an earlier point in the process. Organizations that understand and embrace all of these changes will be able to eliminate unnecessary costs and save valuable time in the unfortunate event of litigation. Organizations will see a major impact not only to internal HR investigations, but cyber security incident response and all e-Discovery requests or subpoenas for information.?"
-Calvin Weeks, EnCE, CEDS, CRISC, CISSP, CISM Computer Forensics Manager * Forensic & Valuation Eide Bailly LLP
These amendments will help provide much needed clarity on how to collect ESI. Attorneys should take heed that the foundation of these amendments still rely on having a qualified testifying forensic expert.
The notes specify that the certification of authenticity contains information that would be provided by a witness at trial if contested. The safest way for a proponent to establish authenticity under these amendments is to have the certification made by the actual expert that would testify. In addition, the notes mention the possible need for forensic technical experts to testify to the technical information about the system or process at issue in order to ensure that the opponent has a fair opportunity to challenge the evidence.
Ultimately these amendments make it clear that both the collection tools and the expertise of those using those tools are important. While there may be fewer hearings on the authenticity of evidence, when they do occur, attorneys still need to be ready with an expert they can put on the stand.
-David Sun, Founder and CEO of SunBlock Systems, Inc.
The amendments are to the Federal Rules of Evidence 902,
Proposed Additions to Rule 902, Projected Effective Date December 1, 2017:
(13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11).
(14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
Click here to read the package submitted to the Supreme Court
Read John Patzakis’ article here