Why the CSO/CISO Should Care About eDiscovery Part -7-


Posted on

Part -7- The  Federal Rules of Evidence

The Federal Rules of  Evidence (FRE) provide a Court with rules about whether and upon what  circumstances evidence may be considered admissible at trial. These rules were  written in the era of the non-electronic, paper-and-ink, or physical evidence  world, at a time when when paper records were the norm, and when such paper  records constituted the most commonly proffered specie of evidence. The FRE is  discussed here because it also pertains to evidence that is generated by a  computer. This evidence is commonly referred to as "digital evidence." Keep in  mind that discovery efforts aimed at obtaining "digital evidence" seeks  electronically stored information, or "ESI." Keep in mind that ESI does not  necessarily pass muster as admissibile digital evidence. All evidence, including  digital evidence, must first (with Information Security related elements  indicated in red) be demonstrated to pass numerous admissibility tests  (including the legal requirement of "authentication" before a Court will  consider admitting this eviednce at trial. Reference is made to the FRE where  necessary for outlining the decisional logic used in determining whether ESI  should be considered admissible in general and specifically as the FRE relates  to Information Security issues. It is important to understand that ESI deemed  admissible does not necessarily mean it will be admitted into evidence,  as other determining factors (not relevant to this discussion, such as  prejudice) are involved in that decision. For purposes of this analysis,  therefore, the FRE will be discussed as it relates to the interplay of ESI, with  the admissibility decisional logic, and dependencies with Information Technology  and Information Security. 

The Markel  American decision holds that the FRE sets out a 

"collection of evidence rules that present themselves like a series of hurdles to be cleared by the proponent of the  evidence. Failure to clear any of these evidentiary hurdles means that  the evidence will not be  admissible." 

The "series of  hurdles" or evidence rules as it relates to determining the admissibility of ESI  may generally be set forth in the following paragraphs. Admissibility decision  logic is not obvious and therefore a visual representation of the decisional  logic an attorney must demonstrate (and upon which a judge must decide) appears  below, and uses as an example the admissibility of a digital image of a paper  record: 

So, let's travel  down the digital evidence admissibility logic tree.

  • 1. Is the ESI relevant as defined  under Rule 401? Does the ESI make a material fact more or less probable than  it would otherwise be? If it is deemed relevant, it must pass additional  hurdles. If it is not deemed relevant, the ESI is  inadmissible. 

  • 2. The next hurdle is whether the  ESI is deemed authenticated under Rule 901 and 902. The General Provision  of Article 9 states: "The requirement of authentication or identification as a  condition precedent to admissibility is satisfied by evidence sufficient to  support a finding that the matter in question is what its proponent claims."  That is, can the proponent of the evidence show to a reasonable level of  satisfaction that the ESI is what it purports to be - at the time the  assertion was made? If they can, additional hurdles must be passed. If it is  not, the ESI is inadmissible.

  • 3. The next hurdle is whether the  ESI is offered for its substantive truth or is it considered hearsay under  Rule 801 and 802, and if so does it fall under an exception (Rule 803 and 807)  that would allow it to be admissible? Hearsay is generally not admissible as  the "declarant" is typically a person (or the writing of a person, or record of  an organization) not available for cross examination at trial. Hearsay, however,  may be deemed admissible if it falls under specifically enumerated rules  generally referred to as "hearsay exceptions." 

  • 4. The first hearsay exception is the  case where the availability of the declarant is immaterial under a Rule  803exception?
    • a. First is a business record  exception under Rule 803(6) - Records of regularly conducted activity. If  not a business record exception, then the ESI may fall under a Rule 807 Residual  exception - go to 5. If a business record, it needs to pass the following  additional hurdle.
    • b. Was the business record made at  or near the time the assertion was made? If no, as before the ESI may fall  under a Rule 807 Residual exception - go to 5. If yes, it needs to pass the  following additional hurdle.
    • c. Does the source (computer or  person) of information indicate lack of trustworthiness? If yes, as before  the ESI may fall under a Rule 807 Residual exception - go to 5. If trustworthy,  it needs to pass the following additional hurdle.
    • d. Does themethod of preparation  indicate lack of trustworthiness?If yes, as before the ESI may fall under a  Rule 807 Residual exception - go to 5. If trustworthy, the ESI is  admissible. 
  • 5. The second hearsay exception is the  case where the admissibility of the ESI falls under the Rule 807 Residual  exception, meaning all other hearsay.
    • a. The first hurdle under this  exception is in part identical to hurdles defined by the Rule 803 exception.  That is, does the hearsay(in the form of ESI) have equivalent  circumstantial guarantees of trustworthiness as defined under 803 4b, 4c and  4d? If - the hearsay was made near or at the time of the assertion (yes under  4b), and the source of the information does not indicate a lack of  trustworthiness (no under 4c), and the method of preparation also does  not indicate a lack of trustworthiness (no under 4d); then the following  additional hurdles must be passed. However, if the following is true (if any of  - no under 4b, or yes under 4c, oryes under 4d), then the ESI is  inadmissible.
    • b. The second hurdle under this  exception is whether the statement is offered as evidence of a material  fact? If no, the ESI is inadmissible. However, if yes the following  additional hurdle must be passed.
    • c. Does the probative value on the  point for which the ESI is offered outweigh the danger of unfair prejudice under  Rule 403? The probative value vs. prejudicial impact of any evidence, not  only ESI, is an extrinsic analysis taken by a court and is not pertinent to the  current discussion. That said, generally, if the answer to that question is  "no," the ESI is inadmissible. However, if the answer is "yes" one additional  hurdle must be passed, and it must be shown that no other Rule 403 factor is  present to the extent that it would require the exclusion of relevant evidence,  otherwise admissible (including ESI).
    • d. Will the general purposes of the  FRE and the interests of justice best be served by admission of statement into evidence? If yes, the ESI is admissible. If no, the ESI is  inadmissible 

As can be seen, the process is  intricate, but is designed to ensure the authenticity of evidence sought to be  used by a party at trial 

Next:  The  Expanding Role of the CSO/CISO.

cloud security risk management law legislation

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs