peshkova - Fotolia


For reliable digital evidence, information governance strategy required

Computers are increasingly called as witnesses in court cases, forcing companies to ensure information governance processes are able to produce reliable digital evidence.

In late 2014, the U.S. Department of Justice indicted a Chinese citizen living in Canada for hacking into Boeing's computers to steal valued, intellectual-property information about military aircraft and weapons. The charges included counts of unauthorized computer access, trade-secret theft and illegal exporting. The allegations suggest the defendant was trying to sell stolen records to Chinese conspirators, but likely never entered the United States, or any Boeing offices or facilities. There remains a question that has lurked behind the headlines for nearly a year: How will evidence be presented during the criminal trial to obtain a conviction?

The only strategy that will work is to present the computer, and likely several computers, as witnesses to the crimes. This opens up an entirely new set of challenges for information governance strategy: Computers have become no different than any other witness during court cases, and, therefore, must be prepared to testify with the truth.

In the Boeing case, one can only imagine the types of digital records that have been collected and organized to support the prosecution: Web server access logs, firewall logs, proxy server logs, intrusion detection systems, application logs, electronic mail, instant messages, chat sessions, dark-network logs -- all of these electronically stored information (ESI) sources are recording events, actions and communications automatically. In the process, they are creating machine-generated "testimony" that could prove to be invaluable digital evidence during a court case. 

How does an information governance executive take on the challenges? The key is to realize that admissibility of any machine-generated records requires a custodian be able to testify to the authenticity of the ESI and the systems from which those records were obtained. Here are some ideas to help prepare an information governance strategy to develop the computer as a reliable witness.

Prepare documentation. IT professionals loathe the burden of documenting their systems, design plans and application requirements using blueprints similar to those used in constructing buildings and homes. The information governance team must preserve those records, however, and demand that they are of utmost quality. These records are important to building the foundation for admissibility of machine-generated data as evidence. They will be proof of the integrity and security of the data systems -- in the design stage, at least.

Prep the digital evidence. Building architects have two sets of drawings, the second of which are known as the "as-built" drawings. These show how the actual building was completed, which can be very different than any drawings approved by the owner or building authorities. It is similar for IT systems, because of the extraordinary work that goes into documenting how a system, a device or a specific application works as designed. Many apps require dozens of test runs to validate proper functioning. When these records are missing, it creates inherent doubt in the integrity of the related systems -- as well as the information assets the systems create.

Understand the records. Many IT developers and systems administrators create and use numerous logs, systems checks and other reporting tools to measure how well data assets perform assigned tasks. All of these logs are exactly the kind of new digital evidence that the prosecutors must rely upon to prove misconduct. These records will continue to become vital for a company to defend its own conduct or identify operational misconduct at the earliest possible stage.

In the early years of e-discovery, metadata was usually considered irrelevant when searching for data of evidentiary value during a court case. Today, of course, all data is viewed as important, including operating logs detailing corporate IT assets. Machine-generated data that is secured against unauthorized alterations even has the ability to document events with integrity superior to any human witness.

But for those records to have that value, a fully formed information governance strategy must be applied and enforced. These records are no different than servers that automatically archive emails upon transmission or receipt. They can be instrumental in proving what did and did not occur with regards to the data. Retention schedules, preservation controls and access rules are all vital to proper governance of machine-generated data. After all, any malicious actor will know the value of these processes and, given the chance, will target those records for deletion or alteration just as often as substantive content, such as an email.

Prep the human witness. A landmark e-discovery case involved the failure of a major credit card company to convince the court of the authenticity of their own records. The company's human witness simply did not understand how the systems or authenticity controls operated, or the ability to verify the accuracy of the records to the court. Any company that is not prepared to provide such testimony is exposed to potential legal adversities in the digital age.

It simply is not enough to expect trial counsel to show up, possibly years after a data-related incident occurred, and try to prep human witnesses. Information governance executives should be making sure there is always a human witness capable of describing the integrity of machine-generated records and to testify to the reliability of related systems' design. Working with HR, procedures should be developed to make sure the institutional history is preserved during any transition in duties or turnover.

In the Boeing case, the government will rely heavily on the company's own ESI to prove the crime. It is likely the defense counsel will attack the machines as witnesses. There will likely be similar cases in the near future, so do the right thing: Start preparing your computers to be effective, credible witnesses before it's too late.

Next Steps

Learn how Microsoft is targeting legal compliance pain points with SharePoint 2016, and how privacy laws are complicating cloud e-discovery.

Dig Deeper on Data retention and compliance software