Litigation often turns on the documentary evidence produced by parties. Judges like the certainty of documents. But, of course, evidence is more likely than ever to be in electronic form with reliance placed on emails, spreadsheets, instant messages and electronic signatures. All these are more susceptible to alteration than physical documents. The level of sophistication with which it is now possible to alter electronic documents means parties need to know much about how they may have been created or falsified. It may be that being able to prove/disprove the authenticity of electronic evidence can tip the balance of a dispute one way or the other.
This article considers issues that commonly arise in disputes about electronic documents, and some practical considerations to keep in mind. CPR 32.19 provides that ‘a party shall be deemed to admit the authenticity of a document disclosed to him… unless he serve notice that he wishes the document to be proved at trial’. Thus, documents are deemed authentic unless the challenging party serves a Notice to Prove Documents at Trial (Form N268).
Once documents are challenged, what happens next? The rules are light and much is left to the parties. The burden of proof remains on the disclosing party to prove the documents they have disclosed are authentic. If the disclosing party fails to prove the authenticity of a document, it will not be given any evidential weight at trial, undermining their case. This does not mean the party who serves the Notice to Prove can let the other side do all the work. A challenge to authenticity will necessitate directions for expert evidence. If it is alleged that a document has intentionally been falsified, the challenging party will also need to plead dishonesty in the pleadings.
The fundamental nature of electronic documents makes it more complicated to specify what is (and what is not) in scope of the Notice to Prove. What, precisely, is being questioned as inauthentic by the challenging party, and what is the disclosing party required to prove at trial? These questions can be more contentious than expected and give rise to serious questions as to precisely what documents are in issue.
Chat messages are a useful illustration of some of the more common complications. Messages are notoriously fiddly to disclose. Often, the simplest way to disclose these messages is to disclose screenshots collected by the disclosing party. Screenshots are an unreliable source, however, and easily manipulated. As a result, messages are often disclosed as short message format files. However, neither screenshots nor SMFs are ‘originals’ and both formats are used to render messages in a user-friendly way. In reality, messages are usually a part of a bigger archive.
This raises the question: should the Notice to Prove refer to the database or the document as disclosed? The answer will depend on different factors, including what the challenging party suspects has been done to tamper with the messages. In many cases, the underlying database must be analysed to prove authenticity of SMFs/screenshots. This can present a whole range of issues, requiring the parties to engage to ensure work undertaken is reasonable and proportionate, and to preserve confidence/privilege in the wider database.
In our experience, any Notice to Prove that refers to SMF files must be taken as implicitly referring to the underlying database. However, such an interpretation cannot be guaranteed. Out of an abundance of caution, the challenging party should strive to be clear and comprehensive when preparing its Notice to Prove; and to keep it updated by way of amendments throughout the proceedings.
The parties then need to consider how to go about proving or disproving authenticity.
The disclosing party can prove a document’s authenticity in any number of ways, which will often be deployed in combination. Their witnesses of fact may give testimony about how and why the document was created; they may disclose other contemporaneous documents in corroboration; and/or they may instruct an expert to analyse the document forensically.
While it is up to the disclosing party to decide what evidence to adduce, challenging parties will often make demands about what they consider necessary to prove authenticity. This may include evidence of a document’s chain of custody, or access to its evidential sources (that is, the device from which the document was collected).
Forensic analysis can be undertaken with varying degrees of precision. At its most basic level, experts can check a document’s metadata to say when it was created or modified. They may be able to identify digital footprints indicating whether metadata has been manipulated. It is also possible to analyse a device’s activity logs to show what has been done to the document, including when and by whom.
The more in-depth the analysis, the more costly and time-consuming. Whether expert forensic analysis is appropriate will depend on the specific facts of each case. If a forensic expert is instructed, it is important to keep the scope of that analysis focused and based on a clear understanding of what is actually needed to prove a document’s authenticity. Without a defined threshold of what needs to be proved, there is a risk of ever-moving goalposts, leading to inconclusive evidence and spiralling costs.
Electronic disclosure now dominates modern litigation. Proving authenticity gives rise to complex forensic issues that are challenging to explain in a way that can be understood. Finding the right way to present evidence on authenticity is essential to help the trial judge navigate through this highly complex and technical field.
Getting to grips with these issues early on in proceedings, supported by a thorough technical understanding of the forensic issues involved, helps clients make informed and strategic decisions, while ensuring costs are managed effectively. Put simply, getting it right ensures avoiding disappearing down a time-consuming, distracting and costly rabbit hole.
John Bramhall, a committee member of the London Solicitors Litigation Association, is a partner and Alexander Bradley-Sitch an associate at DAC Beachcroft LLP
No comments yet