28.08.14 prepared for presentation by designation contact details leveraging on electronic evidence...
TRANSCRIPT
28.08.14Prepared forPresentation by DesignationContact details
Leveraging On Electronic Evidence In The Digital Age
Security Industry Conference 2014 Lionel Tan
Partner(+65) 6232 0752, [email protected]
Not to be reproduced or disseminated without permisson.
Overview of Rajah & Tann
Singapore
Not to be reproduced or disseminated without permisson.
Overview of Rajah & Tann Singapore
Full service firm with the largest regional footprint
Highly regarded for its leading lawyers and practices
Largest law firm in Singapore and Southeast Asia
Not to be reproduced or disseminated without permisson.
Admiralty & Shipping
Appeals & Issues
Banking & Finance
Business Finance & Insolvency
Capital Markets
Commercial Litigation
Competition & Antitrust and Trade Law
Construction & Projects
Corporate Real Estate
Employment & Executive Compensation
Energy & Resources
Entertainment & Media,
Family, Probate & Trusts
Financial Institutions
Funds and Investment Management
Hospitality
Insurance & Reinsurance
Integrated Regulatory
Intellectual Property, Sports and Gaming
International Arbitration
Medical Law
Mergers & Acquisitions
Private Client
Project Finance
Tax
Technology, Media & Telecommunications
White Collar Crime
Practice Areas
Not to be reproduced or disseminated without permisson.
SingaporeRegional Offices
Regional Desks
Vietnam
ThailandLao PDR
China
Japan
South Asia
Indonesia
Malaysia
Middle East
Cambodia
Affiliate/ Associate Firms
Myanmar
Overview of Rajah & Tann Asia
Not to be reproduced or disseminated without permisson.
Overview
Background to the Evidence Act
Evidence
(Amendment) Bill 2012
Key Changes to the
Evidence Act
Implications
Not to be reproduced or disseminated without permisson.
The Evidence
Act
Not to be reproduced or disseminated without permisson.
Background to the Evidence Act
Outdated
Largely derived from the Indian Evidence Act enacted in 1872
Last amendment to the Evidence Act was in 2003
Not to be reproduced or disseminated without permisson.
Background to the Evidence Act Two main purposes
To get all the relevan
t evidence before a
judge so that
the judge can make the bes
t possible
decision
To protect the interest of parties
involved to ensure that
only relevant evidence is permitted
against them
Allows a permissive view of evidence; to allow as much evidence in as possible.
To exclude prejudicial
information such hearsay evidence.
Not to be reproduced or disseminated without permisson.
Evidence (Amendment) Bill 2012
Represents the first major reform of substantive areas of evidence law in many years
Read for the first time in Parliament on 16 January 2012
Passed on 14 February 2012, likely to come into force this year
Proposed changes to the Evidence Act were put forward by Minister for Law, Mr K. Shanmugan
Members of Parliament who commented on the proposed changes: Hri Kumar Nair, Sylvia Lim, Vikram Nair, Desmond Lee, Lina Chiam
Not to be reproduced or disseminated without permisson.
Admissibility of Electronic Evidence
Not to be reproduced or disseminated without permisson.
Pre-amendment• Section 35 EA: Computer output is admissible if it is relevant and falls under any of the three modes of admissibility:
• Section 36 EA: Supplements section 35 EA
Express agreement between the parties
Output is produced in an approved process
Proof of proper operation of the computer and the
corresponding accuracy of the computer printout
In reality, if the evidence is against that party, he would
not consent to its admission
Audit process is costly; viable only if
parties have the resources
Difficult to identify or find a qualified party to verify the
accuracy of the computer or the
print-out
Not to be reproduced or disseminated without permisson.
Post-amendment
Sections 35
and 36 are
deleted
No distinction in the treatment of electronic
evidence from evidence that
is not in electronic
form
Existing rules on
relevance and
admissibility apply
to electronic evidence
Eg. rules on hearsay, best evidence rules and rules on authentication
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the admission of electronic records
Section 116A(1): Where the device is one that ordinarily produces or accurately communicates
an electronic record, it will be presumed that the said electronic record was accurately communicated
by the device
Illustration: A seeks to adduce evidence in the form of an electronic record or document produced by an electronic device or process. A proves that the electronic device or process in question is one that, or is of a kind that, if
properly used, ordinarily produces that electronic record or document. This is a relevant fact for the court to presume that in producing the electronic record
or document on the occasion in question, the electronic device or process produced the electronic record or document which A seeks to adduce.
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the admission of electronic records
Section 116A(2): Presumption of authenticity where the computer record was produced in the ordinary course of business by a person who is
not party to the proceedings and where the proponent of the record did not control the
making of the record.
Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic record was
generated, recorded or stored in the usual and ordinary course of business by C, a neutral third party, is a relevant fact for the
court to presume that the electronic record is authentic.
Not to be reproduced or disseminated without permisson.
Post-amendment
Section 116A: Introduces presumptions facilitating the admission of electronic records
Section 116A(3): Presumption of authenticity where the computer record was obtained from the
opposing party and is to be used against that party.
Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic
record was generated, recorded or stored by B, who opposes the relevance of the evidence, is a relevant fact for the court to presume that the electronic record is authentic.
Not to be reproduced or disseminated without permisson.
Implications
• All types of electronic evidence are now admissible under the Evidence Act subject to Section 116A
and the normal rules of admissibility.
• Businesses should maintain proper electronic records and establish processes to ensure that electronic
records are well kept and easily retrievable in case they are needed as electronic evidence in any
dispute the company is involved in.
Not to be reproduced or disseminated without permisson.
Practical Implication
s For Businesses
Not to be reproduced or disseminated without permisson.
Implications
• What businesses can do to ensure that the electronic records fall within the section 116A presumption :
Maintain a proper system of preserving documents and correspondence
Establish a proper protocol of deleting documents
Engage professionals to set up and maintain the company’s computer systems
Conduct regular checks on computer systems and databases to ensure that it is functioning smoothly and is free from viruses
Not to be reproduced or disseminated without permisson.
Implications
• What businesses should do if there is an incident :
Recognise possible electronic documents which may be relevant as evidence
Ensure that the documents are not tampered with post-incident
Engage professionals to recover any deleted documents which may be relevant
Ensure a proper record of the chain of custody of any evidence is maintained
Not to be reproduced or disseminated without permisson.
Practices That Pose Potential Risks
Inadequate security software installed
Sending unauthorized e-mails from office computers
Taking work laptops out of the office
Using personal storage devices to access and retain data (eg flash drives)
Downloading and installing suspicious software
Not to be reproduced or disseminated without permisson.
Case Study
Not to be reproduced or disseminated without permisson.
Case Studies• Case Study A :
A security SME, ABC, has noticed anomalies in its accounting and product records. ABC also noticed in its system log files that there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. ABC have also recently received a number of customer complaints saying that there is often a strange message displayed on their website, and there are often unauthorised advertisements popping up.
• Case Study B :
An employee of the security SME, DEF, had recently left the company to join a competitor. DEF now notices that a number of its clients have moved to the competitor and suspects that the ex-employee had stolen their client list when he left.
• What can these companies do?
Not to be reproduced or disseminated without permisson.
Case Study A : Discussion• Case Study A:
- Restrict access and permissions to the server/system to prevent tampering of the system log files
- Create a backup copy of the system log files to preserve the evidence
- An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved.
- If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach
Not to be reproduced or disseminated without permisson.
Case Study B : Discussion
• Case Study B:
- Check the system logs of the ex-employee’s computer to determine what data was transferred and how it was
transferred
- Create a backup copy of the system log files to preserve the evidence
- An audit trail or other record of all processes applied to computer- based electronic evidence should be created and preserved.
- If necessary, get a court order to conduct forensic investigation on the ex-employee’s personal devices which may have been used
at work
- If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach
Not to be reproduced or disseminated without permisson.
Discussion
• In both case studies, the companies and its lawyers took steps to :
- Identify, gather, and preserve any electronic records that could be admissible in court as evidence
- Ensure that these electronic records were not tampered with
- Created and preserved a record of all processes applied to computer- based electronic evidence
- Where necessary, leave of the court was obtained to compel the other party to cooperate with the gathering of electronic evidence
- Where the company’s IT department had insufficient expertise hiring third party professionals to conduct digital forensics and investigate the source of the breach was considered
Not to be reproduced or disseminated without permisson.
Questions?
Not to be reproduced or disseminated without permisson.
Disclaimer
The material in this presentation is prepared for general information only and is not intended to be a full analysis of the points discussed. This presentation is also not intended to constitute, and should not be taken as, legal, tax or financial advice by Rajah & Tann LLP. The structures, transactions and illustrations which form the subject of this presentation may not be applicable or suitable for your specific circumstances or needs and you should seek separate advice for your specific situation. Any reference to any specific local law or practice has been compiled or arrived at from sources believed to be reliable and Rajah & Tann LLP does not make any representation as to the accuracy, reliability or completeness of such information.
Not to be reproduced or disseminated without permisson.
Thank You
Not to be reproduced or disseminated without permisson.