Current Data Authentication Methods are Insufficient
Businesses are at risk, their electronic files may not be accepted by courts.
Businesses must trust system administrators to implement security controls, manage clocks, and protect logs; however, the courts are asked to trust this elaectronic data.
Will courts of the future simply trust, or also verify?
Businesses are not doing enough to ensure their records can be authenticated for use in litigation. Current methods are contingent on the trustworthiness of system administrators, a fact already recognized by courts:
[M]any network computer systems usually provide for a selected network administrators[sic] to override an individual password identification number to gain access when necessary. (Memorandum Opinion of Paul W. Grimm on Lorraine v. Markel Insurance , 2007)
Some believe that logging and other methods used by administrators provide sufficient defense against such violations or accusations; however:
The testimony of the records custodian at trial regarding the computer equipment used by American Express was vague, conclusory, and, in light of the assertion that “[t]here’s no way that the computer changes numbers,” unpersuasive. (Re: American Express Travel Related Services Company, Inc. v. VeeVinhnee, 2005)
That same court specifically refused to admit electronically held records on the basis of:
[W]hat has, or may have, happened to the record in the interval between the time when it was placed in the files and the time of trial. In other words, the record being proffered must be shown to be an accurate representation of the record that was originally created. (Re: American Express Travel Related Services Company, Inc. v. Vee Vinhnee, 2005)
The solution is inexpensive; maybe not all judges demand this yet, but why not add the protection of digital timestamps to avoid the risk? For pennies?
[S]ome courts will require the proponent of electronic business records or e-mail evidence to make an enhanced showing in addition to meeting each element of the business records exception. These courts are concerned that the information generated for use in litigation may have been altered, changed or manipulated after its initial input, or that the programs and procedures used to create and maintain the records are not reliable or accurate. Others will be content to view electronic business records in the same light as traditional ‘hard copy’ records, and require only a rudimentary foundation. Unless counsel knows what level of scrutiny will be required, it would be prudent to analyze electronic business records that are essential to his or her case by the most demanding standard. (Lorraine v. Markel American Insurance Co, 2007)
DigiStamp and the people at DigiStamp are not lawyers and cannot provide legal counsel. We provide an affordable solution as a third-party witness by an audited system in conformance with US & EU standards.
Lorraine v. Markel American Insurance Co, 241 F.R.D. 534 (United States District Court for the District of Maryland May 4, 2007).
Memorandum Opinion of Paul W. Grimm on Lorraine v. Markel Insurance , PWG-06-1893 (United States District Court for the District of Maryland May 4, 2007).
Re: American Express Travel Related Services Company, Inc. v. Vee Vinhnee, CC-04-1284-KMoP (United Sates Bankruptcy Appelate Panel of the Ninth Circuit December 16, 2005). Retrieved from US Courts.gov: http://www.caeb.uscourts.gov/documents/Judges/Opinions/Published/vinhnee-04-1284.pdf