Let’s talk about electronic evidence (“E-Evidence”) and electronic forensics (“E-Forensics”) in this article.
Section 3 of the EA defines evidence as (a) all statements which the court permits or requires to be made before it by witnesses in relation to matters of fact under inquiry (i.e. oral evidence), and (b) all documents produced for the inspection by the court (i.e. documentary evidence).
Information technology has caused a paradigm shift in the way individuals and organizations create, collect, share and store data and information. These data and information are stored electronically and may become important “evidence” in the event of a dispute.
E-Evidence (which includes digital evidence) is any probative information stored or transmitted in digital form that a party to a court case may use at trial. The question then is whether such E-Evidence is legally recognized under Malaysian laws. The short answer to that is, yes, it is legally recognized
E-Evidence by nature is very fragile and is easily manipulated, altered, forged, damaged or destroyed. It is prone to damage or alteration as well as destruction if it is not properly handled. Therefore, it is technically challenging in establishing the authenticity and reliability of such evidence.
Section 90A provides that a document is admissible if it was produced by the computer in the course of its ordinary use. There are 2 methods to satisfy this condition. The first method is by getting the person in charge of the operation of the computer or the conduct of the activities for which that computer was used to give a piece of oral evidence that the document was produced by the computer in the course of its ordinary use.
The second method is used in a situation where there is no way to bring a witness to the court to give oral evidence. In this case, the person who wants to bring up such evidence must produce a certificate signed by a person who is in charge of the operation of the computer or the conduct of the activities for which that computer was used to prove that the document was produced by the computer in the course of its ordinary use.
Once the certificate is produced, there is a presumption that the computer referred to in the certificate was in good working order and was operating properly in all respects throughout the material part of the period during which the document was produced. The evidential burden of disapproving it would be on the party challenging its credibility.
This has been recognized since 1993 when the law was amended to accept this type of E-Evidence. However, technology has changed so much that there is now a new emerging sub-category of E-Evidence called digital evidence, which refers to evidence is available in digital form or binary form. Some of the examples include chat-room and web-browsing histories, ISP records, digital photographs, video and audio files, cloud data storage facility, GPS tracks, computer hard-drives as well as local and virtual databases.
In certain countries, their courts recognize the use of certain software to obtain and secure digital evidence and accept testimonials given by digital forensics experts.
Section 90B says that the court may draw any reasonable inference from circumstances relating to the document or the statement, including the manner and purpose of its creation, or its accuracy, in assessing whether the evidence is authentic and reliable. This would be essentially a question of fact and the parties would need to bring in circumstantial evidence to strengthen such evidence.
The court recognizes that although the oral testimony and certificate are two means of authenticating E-Evidence, they are not sufficient to ensure the originality and genuineness of E-Evidence. The court will also examine the collection, preservation and discovery of the E-Evidence to ensure that the contents of the E-Evidence are authentic.
These experts are trained and skilled in investigating and preserving E-Evidence to ensure that the chain of custody of such evidence is preserved in its original and authentic form up to the time when the evidence is produced in court. While there is no specific provision under the EA that provides for the admissibility of digital forensics evidence, our courts have accepted digital forensics findings as expert opinions provided the experts follow the procedures when giving the evidence.
These experts have the necessary tools and expertise in retrieving the lost data. Recognising the need for the development of digital forensics expertise in Malaysia, the Ministry of Science, Technology & Innovation has set up an agency under its control to deal with digital forensics matters. The agency is known as CyberSecurity Malaysia (“CSM”).
The services offered by CSM include digital forensics, data recovery, data sanitization, expert witness as well as training and certification. CSM works with law enforcement agencies, regulatory bodies as well as public and private companies. CSM’s experts have assisted in a number of digital forensics cases, including high-profile cases such as the Altantuya Shaariibuu murder case, the V.K. Lingam Video Clip, DSAI China Doll video clip case, DSAI Liwat 2 case, insult Sultan Perak case, insult Sultan Johor case, illegal online soccer gambling during World Cup 2010, illegal Ponzi scheme Dana futures, Maldives credit card fraud case and many more including cases in Intellectual Property Court. Reports and testimonials from CSM’s experts have been accepted by our courts.
These experts are equipped with specific knowledge and skills and have the ability to present the evidence and assist the parties and the judges in understanding the digital evidence tendered at trials.