Sedona Conference® Commentary on ESI Evidence & Admissibility
Last month, the Electronic Document Retention and Production working group within The Sedona Conference, a popular and well-regarded think tank made up of judges, lawyers and academics who discuss issues of complex litigation, published a Commentary on ESI Evidence & Admissibility. From The Sedona Conference:
- During the last decade, the legal community has expended significant energy and focus on electronic data. A main focus has been on whether and under what circumstances a litigant must provide such data – known more formally as electronically stored information or “ESI” – to an adverse party. But as succinctly noted by a federal magistrate judge in a recent landmark decision, “it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted.” Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D. Md. 2007). The legal community is beginning to grapple with whether and how ESI, once produced, can actually be authenticated and used as evidence at trial or in motion practice.
The Commentary includes a brief survey of the applicability and application of existing evidentiary rules and case law, addresses looming issues and projected pitfalls related to ESI, and provides practical guidance on the use of ESI in depositions and in court.
Because authentication is a central theme throughout the Commentary, we found the entire publication to be a worthwhile read. That said, a few specific points related to hashing caught our eye:
- o “The reliability of hashing depends on a trustworthy reference, so either the subject file or the copy (or its hash value) must be preserved in a way that assures that there has been no tampering with the reference.”
o “The main risks or threats to this [hashing] process are unauthorized access, trusted insider behavior and/or collusion. In particular, a trusted insider, such as an administrator with significant authority to modify a system and its security settings, could make critical changes leaving barely a trace in her wake or none at all.”
We talk a lot about Surety’s patented hash-chain-linking method of time stamping for AbsoluteProof because it is a major differentiator for us, so it is probably worth a brief discussion here about why secure hashing is so essential to document integrity. Secure hashing algorithms are used in many applications to prove data integrity. Surety uses two hashing algorithms (SHA-256 and RIPEMD-160) in our process to provide added security and protection to electronic documents. Every document time-stamped with AbsoluteProof generates a unique “fingerprint” of the file, which we call a Seal. The Seal is a unique number calculated from the file’s contents, and if the file’s contents were to change by even one character, a different number would be calculated. We chose to base AbsoluteProof solely on independently verifiable secure cryptographic hashing algorithms rather than trust-based cryptographic keys that are susceptible to compromise and key life issues.
We’re pleased to see The Sedona Conference recognize the value of hashing in the authentication of ESI. They raise concerns about malicious insider behavior and/or collusion, but it is important to note that third party time stamps prove that people within your organization and outside of your corporate perimeter did not alter nor backdate your electronic data. For example, your system administrators under duress from a corrupt corporate executive cannot tamper with secure time stamps; nor can an external auditor.
Read The Sedona Conference’s Commentary on ESI Evidence and Admissibility. If you walk away with any questions related to authentication, let us know.