Wait, digital evidence?
A brief intro to its unclear evidentiary value and admissibility before the courts
Thanks to those who reached out following the previous email. I think this issue will address your feedback, which was to backtrack a bit and define a few key concepts. Keep sending feedback to email@example.com 🙏
It would be difficult to explain our ambitions for the Digital Evidence Toolkit without first defining ‘digital evidence,’ a term used to describe any information stored in a digital format that is related to any future or ongoing litigation. This evidence may be stored on physical devices (such as smartphones, computers, or hard drives), or transmitted on the internet.
Advocacy groups have noted that the storage and preservation of digital evidence, whether it be online or on a device, both come with their own unique set of problems – see for example this IBA panel moderated by EyeWitness director Wendy Betts.
Physical devices on the one hand are subject to damage within areas of conflict or harsh environments, and even when properly cared for, devices may be seized by authorities at military checkpoints or border crossings; resulting in evidence lost.
Online, there are a multitude of challenges presented when trying to preserve digital evidence. Major ones are the automated flagging and deletions systems on platforms such as YouTube, Facebook, Twitter. Due to the often violent and graphic nature of pictures and videos uploaded from regions facing human-caused atrocities, original material containing potentially pertinent evidence may be automatically deleted, especially if the content is flagged.
Content distributed online is also victim of targeted censorship, and link rot – the phenomenon associated with how the web decays over time as hyperlinks fail to point to their intended target and as remote resources become unresponsive.
Admissibility of a piece of evidence is not always a given
Ultimately, what distinguishes 'digital' evidence from any other form of evidence is that at its finest granularity it is composed of 'digits' — arrangements of ones and zeros. Despite the seemingly unbiased method of recording digital information as either True or False (either “1” or “0”), when presented in legal settings digital information is not guaranteed to be admissible evidence.
With the large volume of disinformation present online and the inherent ‘plasticity’ of digital information — that is, its ability to be altered, rewritten, or deleted — it is unsurprising that digital evidence is subject to great scrutiny during juridical processes. Needless to say, just because a picture or video depicts something does not guarantee it is authentic and any alternative to this thinking could give weight to potentially falsified evidence.
The key to establishing the evidentiary value of a piece of evidence is respecting its ‘chain of custody’. In a two-part blog post by Wendy Betts and Raquel Vazquez Llorente (the Director and Senior Legal Advisor of eyeWitness to Atrocities, respectively) elaborate on the importance of the chain of custody in legal proceedings, stating “the key to chain of custody is proving that the footage remains unchanged from the time it was captured. While this might not be always possible for human rights defenders, the metadata collected by a documentation app can help demonstrate chain of custody, but it needs to meet some conditions. The key concepts here are when was the metadata captured, and who potentially had the ability to alter it.”
In Betts and Vazquez Llorente’s post, they touch on two critical points related to digital evidence preservation. The first is that establishing chain of custody serves to authenticate evidence by establishing its original source, digital-pathway of movement and the absence of opportunities for this information to be altered — effectively, acting similarly to an ‘alibi’. The second is the importance of preserving the necessary metadata, which ties the now authenticated evidence to a time and place, thus giving the material its necessary contextual and legal relevance as evidence.
(For context, EyeWitness' lead product, a documentation app handles this problem at the source by offering a camera mode, thus starting the chain of custody claim from the moment of capture – whereas the Digital Evidence Toolkit deals with research material collected after-the-fact)
An early example of digital evidence preservation which is helpful in conceptualising digital ‘chain of custody’ was the process of procuring evidence during the International Criminal Tribunal for the Former Yugoslavia (ICTY), where digital information whether it be data from a computer hard drive or digital photography was treated as if it were analog to ensure the proper handling of evidence. In Susan Schuppli’s ‘Material Witness’, she writes “a series of images taken or produced with a digital camera by an OTP (Office of the Prosecutor) investigator in the aftermath of a war crime would be burned to disk, the CD carrying these images photographed and labeled, the image of this CD carrying the images taken at the crime scene filed with the Tribunals’ Registry and given a unique number.” While this method of evidence procurement was more suited to the period, in principle the same process can be applied to digital evidence today where a unique number is assigned to the evidence once its chain of custody is established and the evidence is in an immutable state.
Where in the past a burned-CD labelled with a unique number would suffice, nowadays the sheer volume of data coming out of mass atrocity crimes in some places makes this particular solution, er, unpractical. To say the least.
These risks are a problem, and I think there’s space for another solution to this issue. The software I’m putting together will offer a best-in-class cryptographic solution to preserve researchers’ work with adversarial chain of custody requirements in mind.
The project is currently in development and frankly there is so much to read and know that we'd love to hear from you. Please reach out to firstname.lastname@example.org 👋
(or join this newsletter for more)