August 1999

Electronic Evidence: Durability of Records and the Preservation of Trees

It was a cold dark night. Winter of 1976. I was programming an application for a credit collection agency when it dawned on me that in a short 24 years, the year 2000 would be upon us and a whole bunch of software was going to stop working. Something had to be done to prevent the end of the world as we know it. No sooner had the thought flickered across my mind than the answer came to me. I immediately set to work and, within a few short days, had succeeded in developing a program that would not only recognize an arising Y2K problem, but would proceed to correct it (including dynamically fixing the program that was experiencing the problem so that the problem would not recur). I must admit, with all due modesty, that it was simply pure genius. Contentedly, I thought to myself, "Myself… you're good!"

Secure in the knowledge that I was, once again, years ahead of my time, I dutifully copied the program to a diskette and stored it in my vault for production some 20 years hence. This was my retirement. Crowds would throng to sing my praises. Major international corporations would pay obscene amounts of money to me to ensure their survival. Governments would seek my counsel. I would appear on the cover of Rolling Stone! I sure wish that I had printed out the source code.

Diskettes in 1976 were eight inches in diameter and held 128k of data. Today, I can't find a single operational diskette drive into which I can fit my diskette without cutting several inches off the outside. Even then, no diskette drive today can read the media. Sadly, the years have taken their toll. My retention is not what it once was. Don't take me wrong; I remember what I did. I just don't remember how I did it. I hate when that happens….

Electronic storage of critical business records is rapidly becoming a norm. Business transaction records and communications frequently exist only as collections of ones-and-zeroes, and it is not uncommon for these records to never objectify as ink to paper. Electronic commerce ("e-commerce") is gaining such popularity and viability that today, one could conceivably never leave one's home and still be afforded the necessities and luxuries of life by simply logging onto the Internet and ordering anything from groceries (for home delivery) to the latest books and movies (delivered in either tangible or electronic form). Most banks offer some form of electronic access to accounts, along with bill-paying services and investment capabilities. Similarly, traditional investment brokerages have expanded to the Internet, allowing real-time quotes and trading services. Many businesses have embraced Electronic Data Interchange (EDI), allowing orders for goods, acceptances of those orders, and payment for the goods, all to transpire in electronic forms. As with the more traditional transaction forms of paper and signatures, however, conflicts arise and, ultimately, parties end up in court to resolve their differences.

Historically, new means of commerce have dictated changes in the way in which courts view the admissibility of evidence. As new means were utilized, the courts and legislatures adapted to those changes and the affected rules of evidence were modified, or new rules created, to accommodate those changes. The advent, growth, and use of electronic commerce, however, has outstripped the ability of the judiciary and legislature to adapt in a timely fashion. As new technologies emerge, the profound ramifications of integration of the new capabilities have relegated the more traditional printed forms of records to a quick second position, with the gap widening at a phenomenal pace. Arguably (at least I'll argue it), this is a good thing. Any efficiency in business commerce ultimately results in reduced costs of goods and services to consumers. The evolution of evidentiary rules for traditional records established predictability in the admissibility (or lack thereof) of those records in the adjudication of conflicts. Businesses implemented policies and procedures for ensuring the completeness and storage of their records in the assurance of their use in legal arenas. If the form of those records did not satisfy the rules for completeness (originality, content, execution), and if missing parts could not be supplied by other rules (e.g., UCC 2), it would come as no surprise that the records would not be admissible.

But the evidentiary rules presupposed many things. As recently as 20 years ago, paper documents were the status quo. The rules that evolved provided specific, well-defined elements that assumed paper media as a prerequisite. On that paper, content became durable and persistent. Where the paper existed, application of the rules generally became a rote process. More than one claim failed for the sole reason that the paper didn't exist. Even with the increased popularity of Telex-like systems, content was evidenced on a paper printout. Now, e-commerce is rapidly changing the form. And the courts and legislatures are scrambling to adapt.

Perhaps the most critical issue in the admissibility of electronic records as evidence is reliability. When a paper document is executed, it becomes fixed in form and content. Subsequent changes to the document are, to one degree or another, identifiable as a byproduct of the media (i.e., erasure, redaction and alteration). Electronic media is not so readily "fixed," and changes can be made that are indistinguishable from the original content. Consequently, to ensure durability and consistency of content, methods of recording and storage must be utilized that meet the rigorous standards properly imposed by evidentiary rules. Today, no formalized method yet exists for these safeguards.

To qualify as "records" in the evidentiary sense, electronic data must, at a minimum, be:

• Compliant. Information-keeping must adhere to local jurisdictional requirements for admissibility as "business records."

• Responsible. Written policies and procedures for record storage and maintenance are established and maintained.

• Implemented. The written policies and procedures are employed at all times.

• Consistent. Record-maintenance systems assures that records stored and maintained are managed in a uniform fashion to ensure credibility.

• Comprehensive. All business records

are stored and maintained.

• Identifiable. All business records for a discrete transaction are readily identifiable and accessible.

• Complete. Stored records preserve the content and structure of the business transaction creating them to ensure accuracy and understandability.

• Authorized. All maintained records must have been stored under the auspices of an authorized creator.

• Preserved. Records must be inviolate to preserve their original content. No records may be altered without a concise audit trail that preserves relevant information of the original content.

• Removable. Records may be removed from storage only with the consent of an authorized entity. All removals must be evidenced by an audit trail that preserves the content of the record being removed.

• Usable. The information in the stored records must be accessible for general business purposes, for exportation to reporting functions, and for redaction when necessary. Any and all accesses (even simple reading) must create an audit trail.

Description information ("metadata") must accompany each record. This meta-data allows for persistent explanation of the record stored in order that the origination, content and context of the record may be ascertained 10 months or 10 years later.

Recognizing that a need for durability and preservation exists, several efforts have been and are being made to meet the need. To address many of the authenticity issues, several states, including Washington, have enacted digital-signature laws of one form or another, and more are being added to the list. Similarly, the National Conference of Commissioners on Uniform State Laws (NCCUSL) is drafting a proposed Uniform Electronic Transactions Act which, if enacted by states, would by definition be in compliance with the Millennium Digital Commerce Act of 1999. Each of these proposals contains content-neutral standards for electronic authentication of records and documents, motivated by the need to avoid invalidation of contracts, etc., merely because they were entered into by electronic means. With the proliferation of sales via the Internet, the NCCUSL and Congress are making attempts to address these issues in uniform manners.

Along a similar vein, care should be given to media on which records are to be stored. Prudence on my part would have required me to continually copy my super-program to contemporary media while the old media format was still being used and the newer media became concurrently available. Good records maintenance procedures will give this task a high and ongoing priority.

Although the dust hasn't yet settled on how regulation will be effected, prudent counsel to clients would be to review the above bulleted items and start taking steps to conform to the proposed requirements. If you or your client intends to preserve important business records in electronic format, make persistent backups of the records (tape, CD, diskette) and accompany the backups with some information indicating the original source and date of the records storage. When possible, make duplicate copies and seal and date one copy of the original. On the surface, this may seem a bit onerous. Should the need arise to establish the authenticity of an electronic document, however, these simple steps could well be the deciding factor in the admissibility of the records.

Next month we'll explore current efforts in the electronic submission and management of pleadings and the use of Extensible Markup Language (XML) in authentication of documents.

Back to table of contents >>