Intro to Legal Aspects Duane Aslett Introduction News

  • Slides: 62
Download presentation
Intro to Legal Aspects Duane Aslett

Intro to Legal Aspects Duane Aslett

Introduction • News 24 report: World grapples with rise in cybercrime • London -

Introduction • News 24 report: World grapples with rise in cybercrime • London - International law enforcement agencies say the recent $45 m ATM heist is just one of many scams they're fighting in an unprecedented wave of sophisticated cyberattacks. • Old-school robberies by masked criminals are being eclipsed by stealth multimillion dollar cybercrime operations which are catching companies and investigators by surprise.

Introduction • .

Introduction • .

Introduction • .

Introduction • .

Introduction • News 24 report: World grapples with rise in cybercrime • "We are

Introduction • News 24 report: World grapples with rise in cybercrime • "We are seeing an unprecedented number of cyberscams that include phishing for financial data, viruses, credit card fraud and others, " Marcin Skowronek, an investigator at Europol's European Cybercrime Center in The Hague.

Introduction • Much debate exists whether: – Traditional organised crime groups have entered the

Introduction • Much debate exists whether: – Traditional organised crime groups have entered the world of cybercrime; or – Whether cybercriminals have simply become organised. • Clear that traditional organised crime groups do make use of “malware and/or botnet operators to acquire pertinent personal information”.

Multi-disciplinary approach

Multi-disciplinary approach

The Bill of Rights - Privacy Section 14: Privacy • Everyone has the right

The Bill of Rights - Privacy Section 14: Privacy • Everyone has the right to privacy, which includes the right not to have – (a) their person or home searched; (b) their property searched; (c) their possessions seized; or (d) the privacy of their communications infringed. • a) b) Two parts: Guarantees general right to privacy Protects specific infringements of privacy, namely searches and seizures and infringements of the privacy of communications

The Bill of Rights - Privacy • a) b) c) d) e) f) •

The Bill of Rights - Privacy • a) b) c) d) e) f) • Some examples of breach of privacy as given by Ackerman J in Bernstein v Bester which amounts to a breach of privacy: Entry into a private residence Reading of private documents Listening to private communications Shadowing of a person Disclosure of private facts acquired by wrongful act of intrusion Disclosure of private facts in breach of a relationship of confidentiality However, not always clear cut case. Court has to look at the particular circumstances of each case and assess whether the invasion was unlawful.

The Bill of Rights – Limitation of Rights Section 36: Limitation of Rights •

The Bill of Rights – Limitation of Rights Section 36: Limitation of Rights • Most rights are of necessity restricted by the inherent duty which should be perceived as the inextricable counterpart of a corresponding right to respect the rights of others • i. e. freedom of speech does not allow one person to defame another.

The Bill of Rights – Limitation of Rights • When can your rights be

The Bill of Rights – Limitation of Rights • When can your rights be limited? - in terms of law of general application - limitation must be reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom - taking into account: + nature of the right; + importance of the purpose of the limitation; + nature and extent of the limitation; + relation between the limitation and its purpose; and + less restrictive means to achieve the purpose

The Bill of Rights – Limitation of Rights • 2 stage approach: – Whether

The Bill of Rights – Limitation of Rights • 2 stage approach: – Whether a right in the Bill of Rights has been infringed by law or conduct of the respondent – Whether the infringement can be justified as a permissible limitation of the right. • General application means that the law must be sufficiently clear, accessible and precise to those who are affected by it. The law must apply impersonally, equally to all and not arbitrary in its application.

The Bill of Rights - Privacy Search and seizures: • General: a) Conducted in

The Bill of Rights - Privacy Search and seizures: • General: a) Conducted in terms of legislation clearly defining the power to search and seize. b) Only permissible to achieve compelling public objectives. c) Endorsed as necessary by an independent authority before they may be conducted d) Therefore – authorized by warrant

The Bill of Rights - Privacy Admissibility of Evidence obtained: • Section 35(5): “Evidence

The Bill of Rights - Privacy Admissibility of Evidence obtained: • Section 35(5): “Evidence obtained in a manner that violates any right in the Bill of Rights must be excluded if the admission of that evidence would render the trial unfair or otherwise be detrimental to the administration of justice. ”

Introduction: Relevance • Relevance = basic criterion of admissibility • Sec 210 CPA -

Introduction: Relevance • Relevance = basic criterion of admissibility • Sec 210 CPA - Irrelevant evidence inadmissible: "No evidence as to any fact, matter or thing shall be admissible which is irrelevant or immaterial and which cannot conduce to prove or disprove any point or fact at issue in criminal proceedings. " • Sec 2 CPEA - Evidence as to irrelevant matters: "No evidence as to any fact, matter or thing which is irrelevant or immaterial and cannot conduce to prove or disprove any point or fact in issue shall be admissible. "

Positive/Negative formulation • Can be formulated positively - relevant evidence is admissible (R v

Positive/Negative formulation • Can be formulated positively - relevant evidence is admissible (R v Trupedo) • Or negatively - irrelevant evidence is inadmissible (Legislation).

Meaning of Relevance: • Essentially a matter of reason and common sense • “based

Meaning of Relevance: • Essentially a matter of reason and common sense • “based upon a blend of logic and experience lying outside the law” • “any facts are relevant if from their existence inferences may properly be drawn as to the existence of the fact in issue” • Relevance is a matter of degree and its determination cannot take place in a vacuum • Law must draw a line between those facts it regards as sufficiently relevant to be admissible and those which it considers too remote (i. e. cases could go on forever) – decided on grounds of fairness and convenience

Meaning of Relevance • When decided as irrelevant based on either: - Common sense

Meaning of Relevance • When decided as irrelevant based on either: - Common sense - Practical disadvantages of receiving it outweigh its probative value - More accurate terms to use: “practically acceptable” & “practically unacceptable” in stead of “relevance” • “the trial courts should make strenuous efforts to put a check on evidence whose reception would cause time to be wasted and money spent on what it not legitimate and which would lead to the accumulation of a mass of material which is so far from assisting the judge and renders his task more difficult, because he has to sift the grain from an unnecessary amount of chaff” • NB FORENSIC REPORT WRITING

Documentary Evidence • Documents are an important class of evidence • ‘Document’ includes everything

Documentary Evidence • Documents are an important class of evidence • ‘Document’ includes everything that contains the written or pictorial proof of something • Sec 33 of Civil Proceedings Evidence Act defines document as including any book, map, plan, drawing or photograph • Section 221 of CPA defines document to include any device by means of which information is stored or recorded (includes a computer print-out in certain circumstances, but not a computer where the operations carried out by the computer are more than mere storage, or recording of information)

Documentary Evidence Party that wishes to rely on statements contained in a document must

Documentary Evidence Party that wishes to rely on statements contained in a document must comply with the following: 1) Subject to various exceptions, the contents of a document may be proved only by production of the original 2) Evidence is normally required to satisfy the court of a document’s authenticity

Documentary Evidence 1. Production of the original • General rule: - No evidence is

Documentary Evidence 1. Production of the original • General rule: - No evidence is ordinarily admissible to prove the contents of a document except the original document itself - Thought to have been a remnant of the best evidence rule - Preserved in sec 252 of Criminal Procedure Act and sec 42 of Civil Proceedings Evidence Act

Documentary Evidence - Number of cases where appeals succeeded because prosecution needed to prove

Documentary Evidence - Number of cases where appeals succeeded because prosecution needed to prove the terms of a document but omitted to produce the original - R v Pelunsky: accused charged with conspiring to defraud Jhb municipality by falsifying tickets. To prove the entry on the tickets, prosecution tendered the counterfoils, which had been filled in at the same time as the tickets themselves. AD held that in absence of any explanation why original tickets would not be produced, the secondary evidence provided by the counterfoil should have been excluded

Documentary Evidence • Meaning of “original document” - Original if, according to the substantive

Documentary Evidence • Meaning of “original document” - Original if, according to the substantive law and the issues raised in the trial, it is the document whose contents have to be proved - Telegram – the form completed at the Post Office is the original document, and telegram actually delivered is secondary evidence - Multiple originals - carbon copies accepted as originals - Copies initialed by the writer has been accepted as original

Documentary Evidence • Exception for admissions - The admission of the contents of a

Documentary Evidence • Exception for admissions - The admission of the contents of a document by a party to litigation is considered to be primary evidence against him - Such an admission may be made in or out of court, and orally or by conduct, but it now appears to be settled that failure to object to secondary evidence of a document does not amount to an admission of its contents in a criminal prosecution

Documentary Evidence • When secondary evidence is admissible - General rule that there are

Documentary Evidence • When secondary evidence is admissible - General rule that there are no degrees of secondary evidence - if failure to produce the original is excused, the document may be proved by copies of any kind or the oral evidence of someone who can remember its contents

Documentary Evidence i) Document in possession of opposing party - Party may adduce secondary

Documentary Evidence i) Document in possession of opposing party - Party may adduce secondary evidence of a document in the possession of his opponent if the latter has failed to produce it after having been given notice to do so - No formal notice required - Reasonable time

Documentary Evidence ii) Document in possession of a third party - Correct procedure for

Documentary Evidence ii) Document in possession of a third party - Correct procedure for obtaining production of a document in the possession of a third party is to serve him with a subpoena duces tecum specifying the document in question - Secondary evidence of its contents may be given if the person in possession refuse to disclose the document on the ground of some recognised privilege - Secondary evidence also admissible if the document is in the possession of a person residing outside the jurisdiction and not amenable to the process of the court, but there must be evidence that some effort was made to persuade him to produce it

Documentary Evidence iii) Document lost or destroyed - Contents of a document may be

Documentary Evidence iii) Document lost or destroyed - Contents of a document may be proved by secondary evidence if it is shown to have been destroyed, or there is evidence that after a proper search it could not be found – has to be thorough search, not enough to merely say document is gone altogether - When it has been destroyed, a copy cannot be proved by a party who destroyed it in contemplation of litigation, with a possible fraudulent intention - Copy can be accepted when destruction has been effected in the ordinary course of business by a party

Documentary Evidence iv) Production of original impossible or inconvenient - General rule that secondary

Documentary Evidence iv) Production of original impossible or inconvenient - General rule that secondary evidence may be given when production of the original writing would be impossible, unlawful, or even inconvenient - E. g. oral evidence received to prove the contents of a notice affixed to a wall

Documentary Evidence v) Public documents - Sec 233 of CPA provides that the contents

Documentary Evidence v) Public documents - Sec 233 of CPA provides that the contents of a book or document which is of such public nature as to be admissible upon its mere production, may be proved by means of an examined copy or extract, or what purports to be signed and certified as a true copy or extract by the office to whose custody the original is entrusted - Similar provisions exists for civil actions

Documentary Evidence vi) Official documents - Official documents are protected from production in court

Documentary Evidence vi) Official documents - Official documents are protected from production in court because their removal would hinder and delay their official use, would make it impossible for others to consult them, and would subject them to the risk of loss and damage

Documentary Evidence vii) Bankers’ books - In criminal proceedings entries in accounting records of

Documentary Evidence vii) Bankers’ books - In criminal proceedings entries in accounting records of a bank are prima facie proof of their contents upon the mere production of an affidavit which alleges that it has been sworn to by a person in the service of the bank, that the accounting records are the ordinary records or documents of the bank, that the entries were made in the usual and ordinary course of business of the bank and that the accounting records or documents are in the custody of the bank

Documentary Evidence 2. Proof of Authenticity • General rule - Party that tenders document

Documentary Evidence 2. Proof of Authenticity • General rule - Party that tenders document required to adduce evidence to satisfy the court of its authenticity - Usually means proving that the document was written or executed by the person who it purports to have done so - How? Call the writer to identify the document, tender the evidence of someone else saw him sign or write it, or who can identify his handwriting - Comparison of handwriting may be resorted to if the author or any other identifying witness not available to testify

Hearsay • Sec 3 of the Law of Evidence Amendment Act 45 of 1988

Hearsay • Sec 3 of the Law of Evidence Amendment Act 45 of 1988 defines hearsay as follows: • Means evidence, whether oral or in writing, the probative value of which depends upon the credibility of any person other than the person giving such evidence

Hearsay • Sec 3: subject to the provisions of any other law, hearsay evidence

Hearsay • Sec 3: subject to the provisions of any other law, hearsay evidence shall not be admitted as evidence at criminal or civil proceedings, unless a) each party against whom the evidence is to be adduced agrees to the admission thereof as evidence at such proceedings; b) the person upon whose credibility the probative value of such evidence depends, himself testifies at such proceedings; or

Hearsay c) the court, having regard to: – – – – the nature of

Hearsay c) the court, having regard to: – – – – the nature of the proceedings; the nature of the evidence; the purpose for which the evidence is tendered; the probative value of the evidence; the reason why the evidence is not given by the person upon whose credibility the probative value of such evidence depends; any prejudice to a party which the admission of such evidence might entail; and any other factor which should in the opinion of the court be taken into account, is of the opinion that such evidence should be admitted in the interests of justice

Hearsay • In Metedad-case court held that a presiding officer: • “should hesitate long

Hearsay • In Metedad-case court held that a presiding officer: • “should hesitate long in admitting or relying on hearsay evidence which plays a decisive role or even significant part in convicting an accused, unless there are compelling justifications for doing so”

Chain of Custody/Evidence • Transfer of evidence from one party to another should be

Chain of Custody/Evidence • Transfer of evidence from one party to another should be carefully documented. • Each person who handles or takes control of evidence must be recorded. • This creates a “chain of custody” or “chain of evidence”. • This document identifies (at minimum) each custodian, when (s)he received it, and to whom transferred. • The chain of evidence must not be broken – no gaps during which evidence was unaccounted for or out of the control of a custodian of record.

Chain of Custody/Evidence • Chain of evidence which is broken exposes it to challenge

Chain of Custody/Evidence • Chain of evidence which is broken exposes it to challenge and jeopardizes the admissibility of evidence. • Sloppy handling of evidence exposes both investigator and evidence to credibility challenges. • Claims of evidence tampering, alteration, or contamination are possible when evidence is mishandled.

Chain of Custody/Evidence • Investigators should not handle or use originals during their investigation.

Chain of Custody/Evidence • Investigators should not handle or use originals during their investigation. • If possible, use copies, photographs or models in lieu of the originals. • NEVER place an original piece of evidence in the hands of the suspect.

ECT Act • e-commerce lures both enterprise and cyber criminals. • In order to

ECT Act • e-commerce lures both enterprise and cyber criminals. • In order to avoid the lengthy process of developing common-law crimes the Act provides for so-called ‘cyber crimes’ pertaining to unauthorised access to and tampering with data messages, and further to computer-related extortion, fraud and forgery. • The Act also provides for cyber inspectors, who are granted reasonably extensive powers in the monitoring of electronic transactions. • In so doing the Act places power, normally reserved for the police services, who are quite incapable of policing the online environment, in the hands of those better able to monitor e-commerce.

ECT Act A cyber inspector: • may monitor and inspect any web site or

ECT Act A cyber inspector: • may monitor and inspect any web site or activity on an information system in the public domain and report any unlawful activity to the appropriate authority; • may investigate the activities of a cryptography service provider or authentication service providers; and • in respect of the protection of personal information, may monitor the compliance of the service provider with the provisions of the Act, etc.

ECT Act In performing their functions, cyber inspectors may at any reasonable time and

ECT Act In performing their functions, cyber inspectors may at any reasonable time and without prior notice, on the authority of a warrant, • enter any premises or access any information system that has a bearing on an investigation and search those premises or information system; • search any person on those premises if there are reasonable grounds for believing that the person has personal possession of an article, document or record that has a bearing on the investigation; • take extracts from or make copies of any book, document or record that is on the premises or the information system that has a bearing on the investigation; and • demand production of and inspect relevant licences, etc.

ECT Act • In order to execute these duties the Act provides that any

ECT Act • In order to execute these duties the Act provides that any court may, on a request from a cyber inspector but subject to the provisions of s 25 of the Criminal Procedure Act 51 of 1977, issue a warrant required by that cyber inspector.

ECT Act • The enactment of this legislation covered substantial ground as far as

ECT Act • The enactment of this legislation covered substantial ground as far as information technology was concerned. • Section 11(1) of the Act provides that information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a ‘data message’. • In essence, this shows legal recognition for information in its electronic form as opposed to the traditional ‘document’. • The requirement that the document must be in writing is met if the document is in the form of a data message and accessible in a manner usable for subsequent reference (see s 12). • Thus courts have held that SMS was valid mode of acceptance of an offer or resignation from employment.

Differences: Electronic vs Paper • Volume and duplicability – More copies can be created

Differences: Electronic vs Paper • Volume and duplicability – More copies can be created – Easier to duplicate and move – May reside in more than one location • Persistence – Durable and more difficult to dispose of (mere deletion does not mean irretrievable) • Dynamic and changeable content – Content changed more easily – Even without human intervention

Differences: Electronic vs Paper • Metadata – Information about the document that is recorded

Differences: Electronic vs Paper • Metadata – Information about the document that is recorded by the computer to assist with storing and retrieval – Used to describe how, when and by whom the electronically stored information (ESI) was collected, created, accessed, modified and how it was formatted. • Environment-dependence and obsolescence – ESI, removed from its environment, is unreadable without the appropriate software. – May also be difficult to access – obsolete system (even ne technology)

Differences: Electronic vs Paper • Dispersion and searchability – Reside in many locations, not

Differences: Electronic vs Paper • Dispersion and searchability – Reside in many locations, not just one filing cabinet – Not easy to search for what is relevant

ECT Act • In s 1, ‘data message’ is defined as ‘data generated, sent,

ECT Act • In s 1, ‘data message’ is defined as ‘data generated, sent, received or stored by electronic means’. • Section 14(2) provides that a data message would be admissible if the integrity of the data or information is unaffected and information can be produced or displayed. • Section 15(1) provides for the admissibility of data messages in any legal proceedings, including criminal cases. • Thus a data message is admissible even if it is not in its original form provided that it is the best evidence that the person adducing it could reasonably be expected to obtain.

ECT Act • Does not imply that all data messages are automatically admissible. •

ECT Act • Does not imply that all data messages are automatically admissible. • In accordance with ECT Act, data messages are functional equivalents of documents. • Therefore ordinary common law requirements for admissibility of documents apply (except where Act specifically provides for exceptions). • Ndlovu v Minister of Correctional Services the court held three common law requirements: – Statements in document must be relevant and admissible – Original document must be produced – authentication

Private electronic documents • How is this achieved in the case of private electronic

Private electronic documents • How is this achieved in the case of private electronic documents. • A person wanting to rely on electronic evidence must comply with the following: – Production in court – Presentation of original form – Authenticity

Production - Section 17 (1) • Subject to section 28 (e-government services), where a

Production - Section 17 (1) • Subject to section 28 (e-government services), where a law requires a person to produce a document or information, that requirement is met if the person produces, by means of a data message, an electronic form of that document or information, and if– considering all the relevant circumstances at the time that the data message was sent, the method of generating the electronic form of that document provided a reliable means of assuring the maintenance of the integrity of the information contained in that document; and – at the time the data message was sent, it was reasonable to expect that the information contained therein would be readily accessible so as to be usable for subsequent reference.

Production - Section 17 (2) • For the purposes of subsection (1), the integrity

Production - Section 17 (2) • For the purposes of subsection (1), the integrity of the information contained in a document is maintained if the information has remained complete and unaltered, except for – the addition of any endorsement; or – any immaterial change, which arises in the normal course of communication, storage or display.

Original form - Section 14 (1) • Where a law requires information to be

Original form - Section 14 (1) • Where a law requires information to be presented or retained in its original form, that requirement is met by a data message if – the integrity of the information from the time when it was first generated in its final form as a data message or otherwise has passed assessment in terms of subsection (2); and – that information is capable of being displayed or produced to the person to whom it is to be presented.

Original form - Section 14 (2) • For the purposes of subsection 1, the

Original form - Section 14 (2) • For the purposes of subsection 1, the integrity must be assessed – by considering whether the information has remained complete and unaltered, except for the addition of any endorsement and any change which arises in the normal course of communication, storage and display; – in the light of the purpose for which the information was generated; and – having regard to all other relevant circumstances.

Original form - Section 14 • Proponents can establish a chain of custody by,

Original form - Section 14 • Proponents can establish a chain of custody by, for instance: – Demonstrating established company policies regarding electronic storage and restricted access; – The use of devices that limit access through passwords and encoding; and – Entry logs indicating when and by whom documents have been accessed or changed.

Authenticity • Different types of data messages make it difficult to formulate prerequisites for

Authenticity • Different types of data messages make it difficult to formulate prerequisites for authentication which would apply to all possible types. • Thus the ECT Act does not specify criteria which should be applied • Authenticity is preserved by techniques preventing data from being manipulated, altered or falsified.

Authenticity • Irish Law Commission formulated following six guidelines to assist court in determining

Authenticity • Irish Law Commission formulated following six guidelines to assist court in determining authenticity: – Whether computer was working properly; – Whether program in use with regard to evidence was faulty; – Whether secondary media (discs, USB keys) upon which info was stored have been damaged or interfered with; – Whether proper record management procedures in operation; – Whether error checking mechanisms existed with respect ti original creation of the program; or – Whether proper security procedures were in place to prevent alteration of info prior to printout.

Section 15 (1) and (2) • In any legal proceedings, the rules of evidence

Section 15 (1) and (2) • In any legal proceedings, the rules of evidence must not be applied so as to deny the admissibility of a data message, in evidence– on the mere grounds that it is constituted by a data message; or – if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form. • Information in the form of a data message must be given due evidential weight.

Section 15 (3) • In assessing the evidential weight of a data message, regard

Section 15 (3) • In assessing the evidential weight of a data message, regard must be had to– the reliability of the manner in which the data message was generated, stored or communicated; – the reliability of the manner in which the integrity of the data message was maintained; – the manner in which its originator was identified; and – any other relevant factor.

Conclusion • Section 15(2) provides that information in the form of a data message

Conclusion • Section 15(2) provides that information in the form of a data message must be given due evidential weight. • Papadopoulos, S and Snail, S (eds. ) Cyberlaw@SA III: The Law of the Internet in South Africa 3 rd ed (Van Schaik Pretoria 2012) • "In assessing the weight of electronic evidence, computer experts and computer forensics investigators will play an increasingly important role" (p 327).

Questions and Comments

Questions and Comments