evidence and enforcement

This page considers evidential aspects of electronic messaging systems.

It covers -

• introduction
• email and webmail
• SMS and IM
• fax
• voice
• studies

    introduction

One fin de siecle manners book advised its readers that they should restrict their correspondence to text that would be suitable for publication in the society pages of the New York Times or that would not produce a blush if quoted as headlines in a tabloid. We live in different times, with different expectations about managing correspondence and about how communications might be surveiled, misused or presented as part of litigation.

There are, however, substantial continuities. Contemporary US lawyer and politician Eliot Spitzer, in talking about political survival, thus quipped

Never talk when you can nod, never write when you can talk, never ever put it in an email

That advice might confuse some readers, who assume that -

• SMS messages are not stored by recipients or telecommunication networks
• chat is not archived and IM disappears immediately into the aether
• email similarly vanishes forever with a touch of the 'delete' key
• email and webmail indeed come from the purported author
• voicemail can only be accessed by the intended recipient, rather than for example by a pretexter or by a law enforcement officer
• fax and other communications are correctly addressed, and not for example sent to the wrong number or wrong email address

and that more broadly Australian and overseas courts have little regard for communications that are not presented on paper and with a handwritten signature.

In practice courts give substantial recognition to electronic communications, with restrictions often concerning records that have been illegally obtained rather than the particular transmission or storage mechanism.

It is clear that some messages simply go astray, for example someone sends a fax or SMS to an incorrect number ("disaster is just a digit away") or the wrong person has access to messages sent to the correct number (a thief has stolen a laptop or mobile phone and can thus access the intended recipient's messages; a partner or parent makes an unwelcome discovery by borrowing someone's device).

Some messages are forwarded, much to the embarrassment of people who typed in anger or the cad who sent the email before reflecting that the recipient might provide a copy to her 10,000 closest friends (whether by mail or through publication on the web).

Some messages are temporarily preserved by ISPs, telcos or corporate network managers and may be susceptible to formal discovery by lawyers or scrutiny by corporate supervisors or law enforcement personnel.

Message senders and recipients sometimes assume that there are no intermediaries between their devices, although in fact there may be a cascade of email, webmail, IM or SMS servers (some potentially located in another jurisdiction). Civil and criminal litigation has on occasion featured access to information from those devices, sufficient to support claims in court or to confirm an alleged identity (eg cases highlighted here).

Expectations about the ease and finality of erasure of information on personal computers may also be misplaced. Although CSI-style dramas understate the difficulty of computer forensics, physical destruction of hard drives and other memories - rather than reliance on software to 'wipe' messages and attachments - is encouraged by many experts.

    email

Since the late 1990s a variety of vendors have promoted 'self-destructing' email services, typically claimed as without legal problems and allowing a sender to 'retrieve' unread messages or prevent the recipient from copying/forwarding a message (the text of which vanishes within a specified time after opening).

Those services have not found much favour among consumers, network administrators or the technical community. Typically they rely on a message's author sending that message via the mail service's server, with the recipient (on opening of the email) seeing html or an image hosted on that server. 'Disappearance' involves deletion from the server after the set period - activated by a bug when the message is first opened - and when the recipient seeks to print or forward the text.

'Disappearance' has been subverted by recipients taking a picture of the screen (using screenshot software on their personal computer or a digital camera) or even dragging the image onto the desktop. Some system administrators have blocked messages that emanate from the server. Others have said that the services are predicated on recipients having web access, and that the services would appear unlikely to suit disabled users.

Others have noted that although the content of the message may disappear from the recipient's machine, the sender cannot erase the recipient's receipt of the message (ie it will be clear an email was received), with Australian and other courts likely to take a dour view of what could be persuasively portrayed as an effort to evade evidential requirements.

    SMS and IM

What about SMS and IM/MMS?

Anxieties about Echelon, in particular claims that governments read and make sense of every SMS and every voice call, are questioned elsewhere on this site. However, it is useful to recognise that text and instant message are delivered via servers. The period during which that content remains on the particular server (or chain of servers, given that some messages transit across two or more networks) varies. The content of messages is not necessarily deleted immediately and service providers often retain basic traffic information (eg that an SMS was sent from a particular number to another number at a specific time) for more than a few days. That information may be susceptible to discovery.

Recipients of messages may store incoming/outgoing messages, with courts and investigators on occasion examing the content or drawing inferences where some content is unavailable. That has proved painful for alleged offenders who assumed that communications automatically disappeared, would not be stored by a recipient, would not be shown by a recipient to a third party, forwarded to a third party or held by a service provide/corporate network administrator. One example was the fall of US congressman Mark Foley, accused of exchanging sexually explicit messages with young males.

    fax

As with email, the 'header' information on a fax (eg time and author) can be forged. What appears to be a legitimate letterhead, annotation or signature may not be authentic, much to the distress of recipients or third parties who assume that if it's on paper it must be true. As with voice messages, a communication can be sent by 'borrowing' the use of someone else's machine.

Telecommunication networks do not archive the content of all facsimile messages and do not retain traffic logs (eg that a call was initiated from a particular number/network at a certain time and lasted for a specific duration). However, it may be possible to determine that a transmission took place, with law enforcement personnel and lawyers debating whether the alleged content of the message can be matched to that communication. In some instances that matching is assisted by sender/recipient reliance on fax-to-PC or PC-to-fax systems, with an electronic copy of the fax being retained on a corporate server or on an individual personal computer.

    voice

In popular culture - formed by feature films, television dramas and noir novels rather than direct experience - voice calls using landline and mobile phones have come to embody notions of electronic surveillance and evidence. Those notions centre on the wiretap or the bug, ie covert recording by the authorities or non-government entities (in particular private investigators) on a legal or illegal basis.

Reality is now somewhat more complex. Some organisations systematically record all or selected incoming or outgoing calls, eg for 'quality control' purposes at call centres or to meet compliance requirements regarding dealing in financial securities. Those records may be discoverable in civil litigation or a criminal investigation. Many consumers use voicemail services offered by network operators (eg 'messagebank' services for landline and mobile customers in Australia); organisations often have voicemail for calls to/between their employees, with management of that service sometimes provided by another party. Other consumers rely on standalone recording devices for missed calls or for capturing what is said during a conversation (with or without the knowledge of the other person).

It is clear from incidents highlighted in the discussion of pretexting elsewhere on this site that journalists and private investigators (acting for individuals, for leading law firms and for major information brokers) have gained access to voicemail records at Buckingham Palace, publishers and major corporations.

It is also clear that pretexters (along with law enforcement officers using court orders) have identified whether calls took place (what time, from where and to whom) by accessing billing information about landline and mobile calls.

Criminals and savvy journalists (along with people fearing exposure, such as whistleblowers) have responded by using disposable phones - for example one purchased using another individual's identity - or stolen phones, public phones or simply a borrowed phone.

    studies

Points of entry to literature and case law regarding Australian evidence regimes are Uniform Evidence Law (Sydney: Thomson 2006) by Stephen Odgers, Uniform Evidence Law: Text and essential cases (Leichhardt: Federation Press 2003) by Peter Bayne, the Australian Law Reform Commission 2005 Uniform Evidence Law Report, John Dyson Heydon's Cross on Evidence (Sydney: Butterworths 2004) and Expert Evidence: Law, Practice, Procedure & Advocacy (Pyrmont: Lawbook Co 2005) by Ian Freckleton & Hugh Selby

   next page  (disclaimers)