28.08.14 prepared for presentation by designation contact details leveraging on electronic evidence...

28.08.14Prepared forPresentation by DesignationContact details

Leveraging On Electronic Evidence In The Digital Age

Security Industry Conference 2014 Lionel Tan

Partner(+65) 6232 0752, [email protected]

Not to be reproduced or disseminated without permisson.

Overview of Rajah & Tann

Singapore


Overview of Rajah & Tann Singapore

Full service firm with the largest regional footprint

Highly regarded for its leading lawyers and practices

Largest law firm in Singapore and Southeast Asia


Admiralty & Shipping

Appeals & Issues

Banking & Finance

Business Finance & Insolvency

Capital Markets

Commercial Litigation

Competition & Antitrust and Trade Law

Construction & Projects

Corporate Real Estate

Employment & Executive Compensation

Energy & Resources

Entertainment & Media,

Family, Probate & Trusts

Financial Institutions

Funds and Investment Management

Hospitality

Insurance & Reinsurance

Integrated Regulatory

Intellectual Property, Sports and Gaming

International Arbitration

Medical Law

Mergers & Acquisitions

Private Client

Project Finance

Tax

Technology, Media & Telecommunications

White Collar Crime

Practice Areas


SingaporeRegional Offices

Regional Desks

Vietnam

ThailandLao PDR

China

Japan

South Asia

Indonesia

Malaysia

Middle East

Cambodia

Affiliate/ Associate Firms

Myanmar

Overview of Rajah & Tann Asia


Overview

Background to the Evidence Act

Evidence

(Amendment) Bill 2012

Key Changes to the

Evidence Act

Implications


The Evidence

Act


Background to the Evidence Act

Outdated

Largely derived from the Indian Evidence Act enacted in 1872

Last amendment to the Evidence Act was in 2003


Background to the Evidence Act Two main purposes

To get all the relevan

t evidence before a

judge so that

the judge can make the bes

t possible

decision

To protect the interest of parties

involved to ensure that

only relevant evidence is permitted

against them

Allows a permissive view of evidence; to allow as much evidence in as possible.

To exclude prejudicial

information such hearsay evidence.


Evidence (Amendment) Bill 2012

Represents the first major reform of substantive areas of evidence law in many years

Read for the first time in Parliament on 16 January 2012

Passed on 14 February 2012, likely to come into force this year

Proposed changes to the Evidence Act were put forward by Minister for Law, Mr K. Shanmugan

Members of Parliament who commented on the proposed changes: Hri Kumar Nair, Sylvia Lim, Vikram Nair, Desmond Lee, Lina Chiam


Admissibility of Electronic Evidence


Pre-amendment• Section 35 EA: Computer output is admissible if it is relevant and falls under any of the three modes of admissibility:

• Section 36 EA: Supplements section 35 EA

Express agreement between the parties

Output is produced in an approved process

Proof of proper operation of the computer and the

corresponding accuracy of the computer printout

In reality, if the evidence is against that party, he would

not consent to its admission

Audit process is costly; viable only if

parties have the resources

Difficult to identify or find a qualified party to verify the

accuracy of the computer or the

print-out


Post-amendment

Sections 35

and 36 are

deleted

No distinction in the treatment of electronic

evidence from evidence that

is not in electronic

form

Existing rules on

relevance and

admissibility apply

to electronic evidence

Eg. rules on hearsay, best evidence rules and rules on authentication


Post-amendment

Section 116A: Introduces presumptions facilitating the admission of electronic records

Section 116A(1): Where the device is one that ordinarily produces or accurately communicates

an electronic record, it will be presumed that the said electronic record was accurately communicated

by the device

Illustration: A seeks to adduce evidence in the form of an electronic record or document produced by an electronic device or process. A proves that the electronic device or process in question is one that, or is of a kind that, if

properly used, ordinarily produces that electronic record or document. This is a relevant fact for the court to presume that in producing the electronic record

or document on the occasion in question, the electronic device or process produced the electronic record or document which A seeks to adduce.


Post-amendment


Section 116A(2): Presumption of authenticity where the computer record was produced in the ordinary course of business by a person who is

not party to the proceedings and where the proponent of the record did not control the

making of the record.

Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic record was

generated, recorded or stored in the usual and ordinary course of business by C, a neutral third party, is a relevant fact for the

court to presume that the electronic record is authentic.


Post-amendment


Section 116A(3): Presumption of authenticity where the computer record was obtained from the

opposing party and is to be used against that party.

Illustration: A seeks to adduce evidence against B in the form of an electronic record. The fact that the electronic

record was generated, recorded or stored by B, who opposes the relevance of the evidence, is a relevant fact for the court to presume that the electronic record is authentic.


Implications

• All types of electronic evidence are now admissible under the Evidence Act subject to Section 116A

and the normal rules of admissibility.

• Businesses should maintain proper electronic records and establish processes to ensure that electronic

records are well kept and easily retrievable in case they are needed as electronic evidence in any

dispute the company is involved in.


Practical Implication

s For Businesses


Implications

• What businesses can do to ensure that the electronic records fall within the section 116A presumption :

Maintain a proper system of preserving documents and correspondence

Establish a proper protocol of deleting documents

Engage professionals to set up and maintain the company’s computer systems

Conduct regular checks on computer systems and databases to ensure that it is functioning smoothly and is free from viruses


Implications

• What businesses should do if there is an incident :

Recognise possible electronic documents which may be relevant as evidence

Ensure that the documents are not tampered with post-incident

Engage professionals to recover any deleted documents which may be relevant

Ensure a proper record of the chain of custody of any evidence is maintained


Practices That Pose Potential Risks

Inadequate security software installed

Sending unauthorized e-mails from office computers

Taking work laptops out of the office

Using personal storage devices to access and retain data (eg flash drives)

Downloading and installing suspicious software


Case Study


Case Studies• Case Study A :

A security SME, ABC, has noticed anomalies in its accounting and product records. ABC also noticed in its system log files that there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. ABC have also recently received a number of customer complaints saying that there is often a strange message displayed on their website, and there are often unauthorised advertisements popping up.

• Case Study B :

An employee of the security SME, DEF, had recently left the company to join a competitor. DEF now notices that a number of its clients have moved to the competitor and suspects that the ex-employee had stolen their client list when he left.

• What can these companies do?


Case Study A : Discussion• Case Study A:

- Restrict access and permissions to the server/system to prevent tampering of the system log files

- Create a backup copy of the system log files to preserve the evidence

- An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved.

- If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach


Case Study B : Discussion

• Case Study B:

- Check the system logs of the ex-employee’s computer to determine what data was transferred and how it was

transferred

- Create a backup copy of the system log files to preserve the evidence

- An audit trail or other record of all processes applied to computer- based electronic evidence should be created and preserved.

- If necessary, get a court order to conduct forensic investigation on the ex-employee’s personal devices which may have been used

at work

- If the internal IT department has insufficient expertise, consider hiring third party professionals to conduct digital forensics and investigate the source of the breach


Discussion

• In both case studies, the companies and its lawyers took steps to :

- Identify, gather, and preserve any electronic records that could be admissible in court as evidence

- Ensure that these electronic records were not tampered with

- Created and preserved a record of all processes applied to computer- based electronic evidence

- Where necessary, leave of the court was obtained to compel the other party to cooperate with the gathering of electronic evidence

- Where the company’s IT department had insufficient expertise hiring third party professionals to conduct digital forensics and investigate the source of the breach was considered


Questions?


Disclaimer

The material in this presentation is prepared for general information only and is not intended to be a full analysis of the points discussed. This presentation is also not intended to constitute, and should not be taken as, legal, tax or financial advice by Rajah & Tann LLP. The structures, transactions and illustrations which form the subject of this presentation may not be applicable or suitable for your specific circumstances or needs and you should seek separate advice for your specific situation. Any reference to any specific local law or practice has been compiled or arrived at from sources believed to be reliable and Rajah & Tann LLP does not make any representation as to the accuracy, reliability or completeness of such information.


Thank You


28.08.14 prepared for presentation by designation contact details leveraging on electronic evidence...

Documents

relevant evidence

hearsay evidence

indian evidence act

evidence amendment bill

permissive view of evidence

southeast asia slide

lina chiam slide

overview background