Let’s talk about electronic evidence (“E-Evidence”) and electronic forensics (“E-Forensics”) in this article.
In Malaysia, the Evidence Act 1950 (“EA”) is the main legislation governing the forms of evidence, how evidence is to be proved and tendered to the court, its relevancy as well as its effects.
Section 3 of the EA defines evidence as (a) all statements which the court permits or requires to be made before it by witnesses in relation to matters of fact under inquiry (i.e. oral evidence), and (b) all documents produced for the inspection by the court (i.e. documentary evidence).
“Document” is defined to mean any matter expressed, described or howsoever represented, upon any substance, material, thing or article. As such, documentary evidence would include all forms of written, printed and electronic evidence.
Information technology has caused a paradigm shift in the way individuals and organizations create, collect, share and store data and information. These data and information are stored electronically and may become important “evidence” in the event of a dispute.
E-Evidence (which includes digital evidence) is any probative information stored or transmitted in digital form that a party to a court case may use at trial. The question then is whether such E-Evidence is legally recognized under Malaysian laws. The short answer to that is, yes, it is legally recognized
Admissibility of E-Evidence
A document produced by a computer and a statement contained therein is admissible as documentary evidence under Sections 90A, 90B and 90C of the EA. The court will determine if the evidence is relevant, reliable and authentic.
E-Evidence by nature is very fragile and is easily manipulated, altered, forged, damaged or destroyed. It is prone to damage or alteration as well as destruction if it is not properly handled. Therefore, it is technically challenging in establishing the authenticity and reliability of such evidence.
Section 90A provides that a document is admissible if it was produced by the computer in the course of its ordinary use. There are 2 methods to satisfy this condition. The first method is by getting the person in charge of the operation of the computer or the conduct of the activities for which that computer was used to give a piece of oral evidence that the document was produced by the computer in the course of its ordinary use.
An example is shown in the case of Gnanasegaran a/l Perarajasingam v Public Prosecutor where a bank officer who was in charge of all the operations of the bank branch gave an oral testimony that the bank statements were produced by a computer at his branch.
The second method is used in a situation where there is no way to bring a witness to the court to give oral evidence. In this case, the person who wants to bring up such evidence must produce a certificate signed by a person who is in charge of the operation of the computer or the conduct of the activities for which that computer was used to prove that the document was produced by the computer in the course of its ordinary use.
Once the certificate is produced, there is a presumption that the computer referred to in the certificate was in good working order and was operating properly in all respects throughout the material part of the period during which the document was produced. The evidential burden of disapproving it would be on the party challenging its credibility.
Other Types of E-Evidence
E-Evidence includes computer generated/produced documents, computer printouts, computer outputs, computer-based/related evidence, electronic data and electronic documents.
This has been recognized since 1993 when the law was amended to accept this type of E-Evidence. However, technology has changed so much that there is now a new emerging sub-category of E-Evidence called digital evidence, which refers to evidence is available in digital form or binary form. Some of the examples include chat-room and web-browsing histories, ISP records, digital photographs, video and audio files, cloud data storage facility, GPS tracks, computer hard-drives as well as local and virtual databases.
Some digital evidence cannot be printed out. How would the court treat this type of evidence?
In certain countries, their courts recognize the use of certain software to obtain and secure digital evidence and accept testimonials given by digital forensics experts.
Authenticity of E-Evidence
Once the document is admissible as a piece of evidence, the court will then need to assess the authenticity and relevancy of such evidence.
Section 90B says that the court may draw any reasonable inference from circumstances relating to the document or the statement, including the manner and purpose of its creation, or its accuracy, in assessing whether the evidence is authentic and reliable. This would be essentially a question of fact and the parties would need to bring in circumstantial evidence to strengthen such evidence.
The court recognizes that although the oral testimony and certificate are two means of authenticating E-Evidence, they are not sufficient to ensure the originality and genuineness of E-Evidence. The court will also examine the collection, preservation and discovery of the E-Evidence to ensure that the contents of the E-Evidence are authentic.
Other than calling the maker or witness to the court, another authentication method is by getting an expert opinion from the digital forensics experts (Section 45 of the EA).
These experts are trained and skilled in investigating and preserving E-Evidence to ensure that the chain of custody of such evidence is preserved in its original and authentic form up to the time when the evidence is produced in court. While there is no specific provision under the EA that provides for the admissibility of digital forensics evidence, our courts have accepted digital forensics findings as expert opinions provided the experts follow the procedures when giving the evidence.
Getting help from the digital forensics experts is important especially in cases where the electronic data is deleted or destroyed.
These experts have the necessary tools and expertise in retrieving the lost data. Recognising the need for the development of digital forensics expertise in Malaysia, the Ministry of Science, Technology & Innovation has set up an agency under its control to deal with digital forensics matters. The agency is known as CyberSecurity Malaysia (“CSM”).
Since its establishment, CSM has been the focal point in digital forensics in Malaysia.
The services offered by CSM include digital forensics, data recovery, data sanitization, expert witness as well as training and certification. CSM works with law enforcement agencies, regulatory bodies as well as public and private companies. CSM’s experts have assisted in a number of digital forensics cases, including high-profile cases such as the Altantuya Shaariibuu murder case, the V.K. Lingam Video Clip, DSAI China Doll video clip case, DSAI Liwat 2 case, insult Sultan Perak case, insult Sultan Johor case, illegal online soccer gambling during World Cup 2010, illegal Ponzi scheme Dana futures, Maldives credit card fraud case and many more including cases in Intellectual Property Court. Reports and testimonials from CSM’s experts have been accepted by our courts.
Digital evidence requires special handling skills and precise tools and this is where the digital forensics experts come in handy.
These experts are equipped with specific knowledge and skills and have the ability to present the evidence and assist the parties and the judges in understanding the digital evidence tendered at trials.