ESI faces some unique and unusual authentication hurdles. Unlike paper financial statements and other documents, ESI is typically a collection of computer-generated information that can potentially be edited without leaving any trail or record of prior versions. Authentication, therefore, requires sufficient evidence to establish that the ESI hasn’t been changed since its creation, or as of a specific relevant date. Qualified experts rely on the use of several methods to ensure that this type of evidence can ultimately become admissible for trial.
The federal and state rules of evidence generally allow a proponent of evidence to authenticate it through its “appearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.” These rules could cover several types of ESI authentication, including:
Hashing. Every electronic file is assigned a “hash value,” or unique numerical Identifier. One judge has described hashing as “a digital equivalent of the Bates stamp used in paper document production.” A new hash value is created each time a file is modified, so hashing can be used to guarantee the authenticity of an original data set and, in turn, establish that another file is an exact duplicate.
Metadata. System metadata are created by the operating systems that run computers, servers and other devices. All electronic files include metadata that convey information, such as the dates a file was created, last modified and last accessed. Metadata, however, are vulnerable to undetectable manipulation and can also be deleted with access to the source file. Metadata also change each time a file is opened, which can compromise the usefulness of the information for authentication.
Digital signatures. A digital signature requires the signer to have a certificate-based digital ID. Digital certificates, which are issued by a “trusted authority” or “certificate authority,” are the critical component in Public Key Infrastructure (PKI) and are used in the digital signature process in a way that can provide authentication.
But the presence of a digital signature indicates only that someone with access to the ID has signed the document. The proponent of the ESI must link it to the specific individual. What’s more, it’s impossible to establish when the digital signature was created. For these reasons, digital signatures are best used in conjunction with other authentication methods.
The rules of evidence generally recognize several methods of self-authentication. Trusted time stamping may allow for the self-authentication of ESI if it can verifiably establish an accurate and non-alterable time for the evidence.
According to the rules of evidence, another permissible method of self-authentication for ESI is by inscriptions, signs, tags or labels purporting to have been affixed in the course of business and indicating ownership, control or origin. For example, corporate e-mails frequently identify the origin of the transmission in addition to the company from which it originates.
Expert Witness Testimony
Experts with relevant knowledge can offer testimony that establishes the integrity of ESI by showing that it hasn’t been modified since its creation. Experts don’t need to have personal knowledge of a particular piece of ESI as long as they can testify to applicable safeguards and the process by which it was created and preserved, from a technological standpoint. Experts can also authenticate ESI on the witness stand. For example, an expert witness might compare it with other pieces of ESI that have already been authenticated.
Each type of ESI comes with specific challenges. Work with your forensic accounting and computer experts to determine the relevant authentication requirements—as well as to anticipate your opponent’s likely attacks on the evidence.
Questions? Contact Rich Gordon, Lindquist LLP’s Director of Forensic Services, at (925) 277-9100 or email@example.com. Connect with Rich on LinkedIn: http://https/www.linkedin.com/in/gordonforensics.
Richard Gordon, CPA/CFF, CFE, CGMA, joined Lindquist LLP in 2014 as the Director of Forensic Services in the firm’s San Ramon office. In addition to being licensed as a CPA in both California and Illinois, Rich is a Certified Fraud Examiner (CFE) and is Certified in Financial Forensics (CFF) through the American Institute of Certified Public Accountants (AICPA). He is a member of the AICPA’s Forensic & Valuation Services section, the Association of Certified Fraud Examiners, and the California Society of Certified Public Accountants’ (CalCPA) Forensic Services Section. Rich possesses vast forensic experience in the areas of family law, financial statement and tax fraud, contract disputes, economic damages, bankruptcy fraud and embezzlement cases, in which he has successfully represented both prosecution and defense. Rich graduated from Eastern Illinois University with a bachelor’s degree in Accounting. Contact him at (925) 277-9100 or firstname.lastname@example.org with questions.