Regarding the Use of Digital Data in Court? 65
iChuckles asks: "Is there a way to make electronic data admissible in court? Can electronic data be used as an alibi? I want to keep an electronic journal, on my work, that is date and time stamped. This journal could be used to prove I came up with an idea on a certain date based upon an entry. Is there a database, or method of recording this data, in electronic form, that will stand up in court? Is there a database that once a record is entered with an accompanying time and date stamp, cannot be altered?"
Trusted Authority (Score:2)
As far as I am concerned - nothing you manage locally or hold entirely on your own hardware would be acceptable, you cannot provide a strong enough guarantee of the integrity.
Re:Trusted Authority (Score:2)
Re:Trusted Authority (Score:1)
This won't work. I could time-stamp a blank sheet of paper and print whatever I wanted to on it at a later date. Same thing goes with those people who say "mail a registered letter to yourself". So I mailed myself an empty envelope and filled it later....
Re:Trusted Authority (Score:2)
This sounds reasonable, but ...
The original seal on that envelope is what matters. You file the sealed document away in a safe until the time arises when you might require it, then open it in the presence of a Justice of the Peace and witness(es).
I know a few people who still have a few sealed registered letters kicking around. Much of it is useless by now, but they keep it anyways.
Re:Registered letters (Score:2)
Re:Registered letters (Score:2)
It's already been stated that the post office seals registered mail. (We're not talking about stock white Grand & Toy envelopes here)
Doesn't have to. Their seal and mark is a known trusted symbol.
It becomes very expensive, time consuming, and aggravating to have someone authenticate potentially hundreds or thousands of sheets on a continuous basis.
So hand it to the judge or bailiff or attourney or ...
If you're going to go to the lengths to fake a registered letter, you might as well fake testimony from a witness. Perjury is far easier than forgery.
Re:Registered letters (Score:2)
Which doesn't answer the main point: All documents need to be testified to. If e 2 people testifyi one way, and you have an unsupported document stating the opposite, you lose.
Re:Registered letters (Score:1)
Post office. Seal. End of story.
While I'm not a lawyer, but atleast I have a rudimentary understanding of the law. Re-read my post and contact a professional.
Fin.
Re:Registered letters (Score:2)
Re:Trusted Authority (Score:2)
What the hell do you do for a living?
Quite useful when a passenger said he bailed out of the car before the driver opened fire on our officers, when the passenger was, in reality, reloading the weapon for the driver to use.
Re:Trusted Authority (Score:1)
And thus, after re-reading, i determined they work for the 911 people or something like that, and they record what the police officer is saying over the radio
For instance:
Cop:they are shooting @ us
Cop:the passenger jumped out of the car!
the data is in order and timestamped
@ least this is how i guessed it to be
Trusted Authority + Cryptography (Score:3, Informative)
Then you keep the signature and datestamp yourself and the 3rd party never actually knows what the plain text was that it's just datestamped.
Re:Trusted Authority + Cryptography (Score:1)
External authorities (Score:2, Informative)
Trust is a really nasty recursive problem. I'd just keep a paper logbook, and other records. It should work well enough.
Our government could provide this service (Score:2)
A public time-stamping service is what we need. How do we get this set up?
I'd like to hear about the ones you know that are already in place, but something more universally trusted would be ideal. (Not that our government is universally trusted, but for in-court use, we'd need something not just a private person or corporation has set up.)
Re:Our government could provide this service (Score:1)
Just mail yourself a copy of the disk and leave it sealed.
You can't prove the dates on the disk are correct, but at least the court will know nothing was made later than the stamp on the envelope.
Systems DO exist (Score:4, Insightful)
For an individual user like yourself, I'd suggest the following.
This should allow you to prove you had a file that produced THIS signature on a certain date. You can then recalculate the MD5 of the file you have (and if you haven't modified it) it should produce the same hash - which would lead one to believe that this IS the same file. This should be fairly compelling evidence.
Yes, it is *possible* to get another file to produce the same MD5, but it is unlikely.
Another option would be to print out the journal entry and have it notarized. This would be much easier to fake than the MD5 method - but courts have accepted notarized documents for ages.
- vin
Re:Systems DO exist (Score:1)
This works, but the poster should bear in mind that at some point he may have to convince a judge and jury that it works. Make your lawyer aware that you're doing this, and make sure s/he's familiar enough with the method to be able to validate it in court.
Re:Systems DO exist (Score:2)
It would probably help to discuss all of this with a lawyer before deciding on anything.
Re:Systems DO exist (Score:3, Insightful)
Cheaper and more reliable is certified mail. Mail the hash to yourself, and you'll have a trusted timestamp that is tested and valid in court. Just don't open the envelope when it arrives.
Better yet, mail a CD with all the data on it to yourself. Then you don't have to explain MD5 to the judge.
Re: mailing it to yourself? (Score:2)
I can easily mail an unsealed empty envelope to myself (with enough postage to cover additional non-existent weight)
It'll have a postmark from 4 years ago - be sealed - but have content I created yesterday.
Failing that, unless it is an envelope that cannot be opened without destroying it, either steaming it or freezing it will likely let me open it, change the contents, and re-seal it.
--
Since most individuals don't need protection granular to a single day, I'd suggest saving up a week/months worth at a time and doing the newspaper thing.
Or, if you have that high of volume, and need daily granularity - I'd suggest a corporate solution. If you're that worried about your IP, it must be valuable enough to not play games with it.
Re: mailing it to yourself? (Score:1)
Re: mailing it to yourself? (Score:2)
That's why you use certified mail. It costs more, but it's sealed by the post office to provide proof of mailing. They also have a new service where you can e-mail them a document and they'll mail it for you. You don't even have to go to the post office.
http://www.usps.com/netpost/certifiedmail_faq.htm [usps.com]
Write Only Memory? (Score:1)
Or rather: Is there a reliable web service (a "trusted authority") that provides unique time stamps?
Is there a database that once a record is entered with an accompanying time and date stamp, cannot be altered?
And don't forget: Is there a way to prevent records being inserted in between older journals, at a later time?
Or
--
The human brain is a wonderful thing: It starts working the moment you are born, and never stops until you stand up to speak in public -- Sir George Jessel
PGP sign? (Score:1)
Re:PGP sign? (Score:2)
One would create a detached signature of the document and mail it to the server (or perhaps the whole signed/encrypted document). The server would sign whatever you sent, then send that back to you.
You could then verify that you signed the document (possibly implying that you wrote it), and then verify the date in which you did so.
I don't know what happend to the service, but there's a for-pay service which is similar. Check out this place [readnotify.com].
Re:PGP Keys (Score:2)
at best, you get info about the reading of the system clock at the time. and how do you convince a judge that you didn't use your own version of PGP that takes the purported current time as an argument?
It's Heresay (Score:2, Insightful)
If you are serious, record your notes in a written journal (in pen), and take the journal to a subject matter notary once a week (or month) to have them notarized (each page). You may wish to contract this service (it should be cheaper that way than one-offs). This is how intellectual property research can be protected.
The do-it-yourself method (I don't know how this stands up in court) is to snail-mail copies of your journal pages (say weekly) in tamper-evident envelopes to yourself. Don't open them. They are post-marked by the USPS for date. I suppose you could put your data on a CD weekly or monthly and do the same thing, but the computer-data-as-heresay issue comes up again.
Re:It's Heresay (Score:1, Informative)
Not necessarily. Business records are specifically not considered hearsay, if they are generated in the "normal course of business" and not in anticipation of litigation. In the United States, anyway.
Re:It's Heresay (Score:2)
Welcome to one of the 37 exceptions [cornell.edu] to the hearsay rule.
Of course, that does not guarantee they are admissible; you need to worry about the Best Evidence Rule, for one thing, though I don't think that should be a problem.
Re:It's Heresay (Score:2)
The "Authenticity Crisis" In Real Evidence [lewisandroca.com]
Scientific Evidence Review
10.1.2001
You might also be interested in the KODAK Picture Authentication Module [kodak.com] which uses PKI in a camera.
Re:It's Heresay (Score:2)
In the case of notaries, what kind of docs do they keep? That is, I could have a stack of paper with "My great of idea of this week is" and have it notarized, to later fill it in. Doesn't matter, pen or print.
Too bad there's not an MD5-like hash for physical documents that could be stamped by the notary.
Re:It's Heresay (Score:2)
I'm not too familiar with how the notary public system works; but couldn't said notary be fired, fined, have their notary status revoked, etc. for such an act?
Mail! (Score:3, Funny)
While you're at it, mail yourself some empty unsealed envelopes, "just in case"...
Mail (Score:1)
Take whatever it is you want to timestamp, put it in a sealed envelope, and mail it to yourself.
If you ever have to go to court, have the judge open the postal service stamped envelope and examine the contents.
It would take a damn good lawyer to make a jury think you are somehow in cahoots with the postal service and had them back date the stamp.
Re:Mail (Score:2)
There's actually been a great thread... (Score:2, Informative)
It's covered everything from requirements for logs to be admitted, to the validity of using checksums.
It's also been archived on the log analysis website.
even better, we've had several lawyers in on the conversation who site actual case law.
for once the conversation doesn't need the standard IANAL.
Here's a link to the start of the thread
[Log] Log Archival [shmoo.com]
or for those who prefer a top down view:
Index of threads for december [shmoo.com]
oh, and here's a website by the ever excellent Tina Bird of counterpayne, as well as Marcus Ranum
Log Analysis [loganalysis.org]
you can find all the info you need in the library off this site.
won't ever work (Score:1)
Re:won't ever work (Score:2)
You telling me that all those Caught On Tape shows on FOX are wrong when they end a clip by saying something along the lines of, "and the video evidence was enough to convince a judge to convict him"?
Re:won't ever work (Score:1)
Caches... (Score:1)
IANAL, but I play one on slashdot... (Score:2)
Ask a lawyer!!!! The only way to know if something will stand up in court is if it alreay has stood up in court, and even then it's tricky. Unless you're up to researching the possible cases where these types of documentation were scrutinized by the court, then a lawyer is your only hope.
For these reasons, use a regular notebook which will stand up in court. If you need to attach documenation, tape it in to the notebook. If it really has to stand up in court, use a notary public.
Notary publics can also date/time stamp sealed envelopes, and under contract it can probably be less than registered mail. If you work in a large company (which you don't, otherwise you wouldn't be asking these questions) then they probably have one person on staff who is certified as a notary public.
Print out your journal once a week (two copies, one in envelope, one out) and have the notary sign and seal the sealed copy, and notarize the external copy. Keep both together in another envelope (with good record keeping) and make notes in the journal database about whaty entries are in the envelope for future reference.
The reality is that if you are defending a claim, you must prove that you came up with the idea first. They may well attack any sort of credibility you have if anything you make to track it can be modified in any way by you, such as an onsite database. You need to have third party impartial involvement.
-Adam
Nope, sorry (Score:2)
The problem is that it's so easy to alter digital data. If it's stored on a medium that's writable, it can be changed. CD-R is in theory not writable, but you can alter the date that's burned on the CD fairly easily, making it quite simple to falsify, and therefore creating the need to verify the date the CD was burned. The USPS is the cheapest and easiest way to do this.
If I were a judge, I would never accept a digital timestamp as proof. If I were a lawyer opposing you, the first thing I'd do is bring in someone to explain to the court all the reasons digital data can't be trusted.
If this is actually important to you, you don't want to be the test case for this type of timestamp.
Email (Score:2)
Re:Email (Score:2)
Its called a Notorization Service (Score:1)
I am currently involved with the development of a middleware system called Scientific Annotation Middleware [pnl.gov] - SAM. One of the services that we are in the process of implementing is a Notorization Service that can be used by a 3rd party for signing document hashes. We use the XML signiture spec./infrastructure.
In particular we'll be developing Notebook services and a SAM electronic-notebook that will use the notorization service for exactly the purpose you seek.
Unfortunately, it won't be viable/released for end-user use for at least a couple more years.
There are other e-notebooks that have been developed (by us and other parties), but none of them have legally acceptable notorization capabilities to date.
VeriSign Timestamp (Score:1)
If you want to verify a document existed at a certain time you can re-upload it, they can validate the signature and verify the doc existed at the time of the stamp.
Since most of us already trust VeriSign for SSL certs, why not timestamping?
Partial Solution Through Traditional Means (Score:1)
PGP Timestamping service (free) (Score:1)
PGP Digital Timestamping Service [itconsult.co.uk]
Signatures are available through the website, on a mailing list they run, and weekly to the usenet group comp.security.pgp.announce. Make sure any company you use does some sort of public announcement like this, or if they go out of business you're screwed.
Copyright (Score:2)
Only when it's used against you (Score:3, Informative)
37 Cent Solution (Score:1)
The Postmark is a trusted 3rd party that verifies date and location for you.
I'm gonna sit me down, and write myself a letter (Score:2)
Can anyone cite a court case in which such evidence was either accepted, rejected, or challenged?
"Sounds good to me" is not the way courts work. They work first on law, secondly on precedent, and thirdly on whether or not the question is valid or can be compromised. If the law does not explicitly say that a sealed, postmarked envelope is a valid timestamp, then it is up to the courts to decide if it is or not; once decided, that decision stands until a higher court overturns it.
Cite precedent or law and I'll believe it.
P.S. -- You can probably mail yourself an UNSEALED envelope, then when you need to, you can "backdate" something. Anyone know how the USPS handles unsealed mail?
Re:I'm gonna sit me down, and write myself a lette (Score:2)
case law regarding computer data in court (Score:1)
This of course makes life a lot easier for your sys admin in the trenches, who doesn't have time to set up an encrypted write once file system...
Re:case law regarding computer data in court (Score:1)