Finding a better approach for the courts handling computer-based evidence is nothing new. The Horizon system scandal is the most recent and extreme example of computer misuse and failure. It is potentially within the wide scope of the Post Office Inquiry for recommendations to be made for law reform in both criminal and civil cases. It remains to be seen whether evidential rules will be left as they are.
This article considers a little of the history of the rules about computer evidence and makes some suggestions for change – should the new government have the appetite for it.
Before 1984, the common law presumption treated computers the same way as other mechanical devices (for example, a simple stopwatch), so it was presumed that evidence produced by mechanical means was correct, albeit that presumption could be rebutted. With the enactment of the Police and Criminal Evidence Act 1984, a greater evidential burden was placed upon the prosecuting authority. Under section 69, it became necessary to prove that a computer was operating correctly before evidence from it could be admitted. At that time computers were (by modern standards) simple devices, produced for more straightforward applications and usually without significant interaction with other computers. After all, the internet had not yet appeared and mobile telecommunications was in its infancy.
By 1999, the Law Commission called for change, citing that the rules were cumbersome and that the law already applied evidential presumptions for certain devices, for example traffic lights. The commission pointed out that between 15 and 20 hours of a five-week trial were spent satisfying section 69. Computer expert Professor Tapper expressed the view that ‘most computer error is either immediately detectable or results from error in the data entered into the machine’. The commission offered only the two choices of either maintaining or repealing section 69. Removing that rule met with government approval.
Computers have changed considerably since 1999, so it is easy to say that the binary options referred to above both offer significant disadvantages. It is common that software is ‘buggy’ and IT contracts will seek to exclude liability for them. Software is improved and fixed as it is used, which ought to provide a helpful record of what the bugs are (or were), though it can be seen from the Horizon cases that IT companies are not usually forthcoming about them and certainly without an order would not easily volunteer that information. In some instances, they are wise to be shy, as hackers will explore computer updates for vulnerabilities that they can exploit via the dark web.
As a personal anecdote, I recently encountered a law firm which failed to effect a software update within 24 hours and was subjected to a horribly invasive cyber-attack one Saturday morning. So there is a careful balance to strike between openness and computer safety.
Artificial intelligence technology will bring significant new challenges, including error repetition and training bias. If quantum computers enter a wider market, computers will no longer operate purely on the basis of mechanical or logical switches. They will operate on probability, so will only be ‘correct’ most of the time. As the law stands, a quantum computer can be presumed correct under section 69, as it is by definition still a computer, though a court would find some difficulty if the atomic process employed within it is explained to a judge or jury. I have a degree in mathematics and do not regard silicon spin qubits – the essential element of a quantum computer – as an easy concept. As a lawyer, I would feel very uncomfortable about trusting evidence reliant upon probability without expert evidence supporting it.
A challenge that appeared in the Horizon case was the use (and misuse) of ‘administrator rights’. For any computer network to function effectively, the corporate company user, typically via its IT department, will be able to make changes to the system. This facility is vital in making safe software updates and a host of other things. Those rights are shared with IT suppliers as part of a continual process of making changes, installing updates and fixing bugs. All of those processes are regarded as irrelevant to adducing computer evidence and so remain completely obscure to the court and parties. This was the case for Horizon, until a successful challenge by Alan Bates. It is important for lawyers and courts to appreciate that the data they are looking at is not only produced by individual users but can also be manipulated by an administrator operating in a Big Brother capacity.
It is not only the Horizon system that has been proved faulty in recent years. The Department for Energy Security and Net Zero has reported that some 4.31 million smart meters in the UK are faulty, leading to a high level of consumer debt, in money retained by energy companies. As it stands, a consumer has no realistic prospect of making a worthwhile challenge, and the law is arguably doing nothing as it stands to meet the needs of society. Some high-profile cases have been resolved without apparent court involvement. The Energy Ombudsman has jurisdiction to award compensation of up to £10,000. These numbers do highlight challenges should a system in wide public use be found to be unreliable.
New thinking is clearly required. Here are some principles and suggestions for further consideration:
1. Repeal section 69 as it is no longer ‘fit for purpose’;
2. The court should require IT and computer systems to be proved to be reliable. That process should involve both the IT company manufacturing it and the user to give full and frank disclosure about bugs and fixes (with the presumption that evidence is public unless national security is at stake);
3. Within the evidence given above, records should be made available to confirm what ‘administrator rights’ exist and in practice how they have been used;
4. To avoid clogging up the court system, once a system has been proved reliable, that evidence should be applied to other cases, with the ability to update evidence as newer versions and updates appear; and
5. The court system is better trained to handle technology and IT concepts.
On a more encouraging note, I have been impressed since the Covid pandemic with how well the legal profession handles technology. Advances such as CE filing, electronic bundles and video conference hearings have brought tangible benefits. A new approach to evidence should be embraced by litigants and the court. If the repeal of section 69 is posited, consultation about that and its implementation will be of huge value. One clear message of the Horizon scandal is that the legal and IT industries should work together to find a resilient solution.
Given the pace of digital innovation, more versatile change is now required. New computer systems will appear and, as the robot C-3PO once said, to his cyber friend R2-D2, in Star Wars (The Empire Strikes Back): ‘You know better than to trust a strange computer!’
Oliver Price is head of dispute resolution at Wansbroughs LLP, Devizes