Computer Crime and e-Evidence

Trends are developing to shift the nature of crimes from traditional to Hi-Tech and it is impossible to prevent people from misusing technology to commit crimes. Computer or networks may be used as a tool or a storage medium to commit crimes. In the meantime, we must keep in mind that all computers related systems are vulnerable to destruction and intrusion. As a result some authors classify computer crimes under three areas such as :

  1. Computer related offences – the accused uses the computer/network as tool/s to commit offences.
  2. Computer integrated offences – the accused commits offences through Computer/system/programme e.g. modification by virus, Trojan horse etc.
  3. Contents related offences – the accused changes/destroys data e.g. offences relating to intellectual property.

Under these circumstances, application of new methodology to investigate and seizure of data stored in Computer hardware, software, communication devices, or any other forms, its forensic issues will play a vital role relating to Computer Crimes.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

What is the legal position on Computer Crimes in Sri Lanka?

The Parliament of Sri Lanka has enacted the long awaited Computer Crime Act and that was gazetted on the 13th July 2007. However, there is no implementation of the Act up to date due to various shortcomings of the Administration of the country such as public unawareness of the existence of the Act, shortage of experts, trained Police officers to investigate offences under the Act, non-availability of computer forensic laboratories.

What are the major Offences under the Computer Crime Act?

Part I of the Act explains the offences relating to cyber crimes. These offences are common offences (subject to some variations) identified and recognised internationally.

What is Computer hacking ?

Section 3 of the Act deals with ‘unauthorised access’ to any computer or information held in any computer. This offence is called computer hacking in general.

What is Computer cracking?

Section 4 of the Act has introduced the offence of unauthorised access with an intention to commit an offence. The prosecution has to prove that the accused had the intention of committing an offence under this Act or any other law for the time being in force in addition to the aforesaid items (a) to (d) under Section 3 of the Act for the accused to be found guilty. This offence is called computer cracking in general.

These two sections have covered a wide range of possible illegal actions in which the computer hackers and computer crackers are involved. Explanation to section 3 and 4 states that the mere turning on of a computer is sufficient to fulfill access to any computer and it is not necessary to have unauthorised access directed at any particular programme, data or computer, to access information held in any computer. e.g. Sniffing and Phishing.

What is Unauthorised Modification under the Act?

Section 5 of the Act has introduced the offence of causing a computer to perform a function without the lawful authority.

Prosecution has to prove;

  • Accused has caused a computer to perform any function,
  • He has done so intentionally and without the lawful authority,
  • He has done so with the knowledge or having reason to believe that such function will result in:
    • unauthorised modification or damage or potential damage:
    • to any computer, computer system or computer programme.

Illustrations given under this section have given a broad view of the offence.

Explanation states ‘for the purposes of paragraphs (a) to (d) above, it is immaterial whether the consequences referred to therein were of a temporary or permanent nature.’

Transmitting of viruses (a malicious programme) from a computer to another or computer system to perform a function of such computer or computer system accidentally or negligently and cause that to function in a different way than the normal functions without the authority may be an offence under this section.

What are the other major offences under Computer Crimes Act?

Section 6 deals with offences committed against national security, the national economy, or public order by causing a computer to perform a function. Section 7 has introduced the offence of obtaining information without lawful authority from a computer or a storage medium of a computer. The prosecution has to prove that the accused has done any act under this section knowing or having reason to believe that any other person has obtained information from a computer or a storage medium of a computer without lawful authority.

What is Computer related IP Rights violation?

Under Section 178(3) of the Intellectual Property Act No.36 of 2003, any person knowing or having reason to believe that he is in possession or has access to a computer programme infringing the rights of another person, and willfully makes use of such programme for commercial gain, shall be guilty of an offence and be liable on conviction by a Magistrate to a fine not exceeding Rs.500,000/= or to imprisonment for a term not exceeding six months or to both such fine and imprisonment.

If a person downloads a pirated copy of a computer program from the internet knowing or having reason to believe that such information has been obtained illegally, and subsequently sells the same to another person at a price, such person commits an offence under the definition of both the section 7 of the Computer Crime Act and section 178(3) of the Intellectual Property Act.

What are the other offences?

Section 8 explains the offence of illegal interception of data.

A Service Provider of a mobile phone connection who intercepts any transmission between such Mobile phone and another connection illegitimately, such person commits an offence under this section.

Section 9 of the Computer Crime Act deals with the offence of using of illegal devices.

Section 10 of the Act has introduced unauthorised disclosure of information enabling access to a service as an offence.

A person who attempts to commit the aforesaid offences under sections 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 and 14 of the Act or who causes such an offence to be committed, shall be guilty of an offence. Abetment and conspiracy to commit a computer crime are offences and explained under sections 12 and 13 of the Act. Section 14 of the Act deals with awarding of compensation to any person or institution for loss or damage caused to him/institution (victims of crimes) as a result of the committing of an offence under the Computer Crime Act.

How to investigate these offences?

Part 2 of the Computer Crime Act makes provisions for investigations in connection with offences under the Act. All offences are cognizable under this Act and shall be investigated, tried or otherwise dealt with according to the provisions of the Code of Criminal Procedure Act No.19 of 1979 unless otherwise provided under Computer Crime Act.

The Act specifically states that appointed experts called upon to assist any police officer shall have power to enter upon any premises along with a police officer not below the rank of a sub-inspector, access any information system, computer or computer system or any programme, data or information held in such computer, perform any function or do any such other thing, require any person to disclose any traffic data, oral examination of any person, do such other things as may be reasonably required for the purpose of the same Act.

These procedural provisions are important to accelerate investigations due to nature of computer evidence.

Part 3 of the Act provides miscellaneous provisions relating to the Act and the High Court has jurisdiction to hear, try, and determine all offences under this Act.

What are the other Computer based offences?

Publication of an obscene article electronically will be a criminal offence under amended section 2 of the Obscene Publication Ordinance, No.22 of 1983. However, it is time to bring new amendments to the law to avoid certain unnecessary disputes that could arise over interpretation of creation of pseudo-photographs under the Ordinance.

Section 286B of the Penal Code (Amendment Act No.16 of 2006) introduced the offence as it is a duty of person providing service by computer to prevent sexual abuse of a child. A person who contravenes the same shall be guilty of an offence. Further, storing or distribution of child phonographs by e-mail and the Internet will be an offence under section 286(c) of the Penal Code Amendment No.22 of 1995 read with provisions in the Electronic Transactions Act No.19 of 2006.

Mens rea for the offence is essential for such distribution to be treated as an offence.

Under Intellectual Property Act

Chapter XXXVIII of the Intellectual Property Act No.36 of 2003 defines the Offences and Penalties against violation of Intellectual Property Rights.

Development of Legislature on IT related Evidence.

Information Technology related evidence may be computer generated or computer related evidence and could be even without human intervention. Some countries tried to interpret computer evidence as Documentary Evidence or Real Evidence.

Real Evidence concept is not acceptable in India and UK. However, countries like US and Sri Lanka have accepted it under law of evidence. According to Phipson[1], real evidence interpreted as `material objects, other than documents, produced for the inspection of the court and scope of real evidence as,

a) evidence from things as distinct from persons

b) material objects produced for the inspection of the court

c) perception by the court (or its result) as distinct from the facts perceived’.

See The “Authenticity Crisis” In Real Evidence by George L. Paul.

In Grant v. Southwestern and County Properties Ltd[2], Walton J. held that a tape recording is a document. However, the information is not capable of being inspected.

Vinelott J in Derby & Co. Ltd v. Weldon[3] held that information in a computer database capable of being retrieved and converted into readable form is a document.

If computer evidence is interpreted as `documentary evidence’ it should be governed under Rules of Primary and Secondary evidence. This shows that computer evidence is not easy to consider as `documentary evidence’ under the provisions of the Evidence Ordinance.

International Recognition of Computer Evidence

United States Federal Rules of Civil Procedure regarding Digital Discovery applicable in Federal Courts.

Rules 26-37 govern process of investigating and developing facts prior to trial and Rules 26 and 34 are the governing Rules for discovery of electronic information. Rule 26 governs disclosure of copy of, or description by category and location of, all documents, data compilations, and tangible things in possession, custody, or control of the party that are relevant to disputed facts alleged with particularity in the pleadings and parties may obtain discovery regarding any matter, not privileged, which is relevant to the subject matter involved in the pending action including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and allows a court of law to authorise to protect a party from annoyance, embarrassment, oppression, or undue burden or expense.

Rule 34 states `any party may serve on any other party a request to produce, designated documents (applies to electronic evidence under 1970 amendment) by the respondent through detection devices into reasonably usable form.’ Under present system, judges have discretion to order and limit such discovery. Recent case Law also makes clear that electronic discovery is controlled by the traditional discovery rules (Federal Rules 26 and 34). See Anti-Monopoly, Inc.vs.Hasbro, Inc.[4] and Crown Life Insurance Co.vs.Craig.[5]

Most of the state courts in US have adopted civil procedure rules following federal rules. The decision of the United States District Court for the Southern District of New York in the case of Laura Zubulake vs. UBS Warburg LLC (2003), shows how the US Courts are expecting to balance the competing needs of broad discovery of electronic data and its manageable costs.

Unlike in US without waiting for a request for a document from the opposing party, under rule 31 of Civil Procedure Rules in UK, the matter has to be searched, determined as to what documents are relevant and make a disclosure of their existence by the party who brings the matter before Courts. Then the opposing party has the right to search and make copies of such disclosed documents. Under US procedure, on demand of the opposing party, the proposing party of such evidence has to disclose same. Further, discovery in the United Kingdom is limited to document-based information.

Position in the United Kingdom

Civil Evidence Act 1968 and 1972 in the UK governed the evidence in civil cases while evidence in criminal cases governed under Police and Criminal Evidence Act 1965 and 1984. Police and Criminal Evidence Act of 1965 restricted the proof of documents in the course of trade and business calling by witnesses who had personal knowledge with the information. In R vs.Pettigrew[6], the main issue was whether a printout made by a machine was admissible as evidence or not. The computer operator gave evidence to prove that the printout made by the machine and the Court of Criminal Justice held that the computer operator could never said to have personal knowledge of the information related to the case. Later, this position was changed. See R vs.Ewing[7]. Roskill Committee recommendations brought more liberal views on admissibility of documentary evidence and extended the scope of documents to other documents than in the trade and business.

Later, evidence produced by computers in criminal cases was started to govern by section 24 of the Criminal Justice Act 1988 subject to section 69 of the Police and Criminal Evidence Act (PCEA) 1984.

According to Section 69 of PCEA, all computer evidence has to comply with the section and a statement in a document produced by a computer shall not be admissible as evidence of any fact stated therein unless there are no reasonable grounds for believing that the statement is inaccurate because of improper use of the computer and that at all material times the computer was operating properly or if not, that out of operation was not affected to the production of the document or the accuracy of its contents.

In the judgement of Deputy Public Prosecutor vs. MaKeown and Jones[8], the prosecution brought an intoximeter used to analyse the alcohol percentage in the accused’s breath to prove that he was under influence of liquor at the time he was driving. However, a digital clock fixed to the same meter was not functioning accurately and the defence brought to the notice of the court that the instrument was not reliable and challenged the reliability of data obtained from the same instrument. However, the House of Lords did not accept this argument stating that a malfunction is relevant if it affects the way in which the computer processes, stores or retrieves the information used to generate the statement tendered in evidence.

Other malfunctions do not matter. In another case, Connolly vs. Lancashire County Council[9] the prosecution brought audit records to establish the correct operation of a computerised weighing bridge. However, the prosecution failed to prove that whether the weighing machine was functioning properly at the time of obtaining relevant reading. It is clear that the proposing party of the evidence had to show that any system from which evidence is derived was functioning appropriately at the time the evidence was generated.

Under Section 69(1), it was necessary to obtain either a signed statement or oral testimony from a person who occupies a responsible position in relation to the operation of the computer system[10].

Civil Evidence Act 1995 has introduced provisions in respect of admissibility of computer evidence in civil cases. Section 60 of Youth Justice and Criminal Evidence Act 1999 ceased the effect of section 69 of the PCEA 1984 and allowed Computer related evidence in criminal cases relaxing restrictions imposed earlier. Further, repeal of the said section 69 came into force in April 2000 and accordingly, the `presumption’ effectively shifts the burden of proof with respect to the reliability of computer evidence from the party submitting the evidence to the party opposing same.