In a collaborative webinar hosted by Kenya Cyber Security & Forensics Association (KCSFA) & Kenya Magistrates & Judges Association (KMJA) on the 28th of May 2020 the legal & technical aspects of Email Security was ably addressed by Hon Justice Fred Ochieng & Mr Silvanus Sewe. The session was moderated by KMJA President Hon Justice Jacqueline Kamau & KCSFA Chairperson Mr Keniz Agira. You can view the recorded session here.
What legal statutes guide the presentation of emails as digital evidence?
Emails fall under the larger group of documentary evidence referred to as Digital evidence. The various principles that determine the admissibility of this type of evidence are laid out in various sections & sub-sections of the Evidence Act, namely S78A & S106B of the act.
Section 78A goes on to set out that Electronic Evidence shall be admissible before a court of law & it need not be in it’s original form. In addition to this, it sets out that in addition to being admissible, the weight attached to that evidence shall be dependent upon certain factors i.e.
|(a)||the reliability of the manner in which the electronic and digital evidence was generated, stored or communicated;|
|(b)||the reliability of the manner in which the integrity of the electronic and digital evidence was maintained;|
|(c)||the manner in which the originator of the electronic and digital evidence was identified; and|
|(d)||any other relevant factor.|
Further, it states that this electronic evidence is admissible during any civil, criminal, administrative or disciplinary proceedings.
Section 106B then proceeds to state the conditions for admissibility of electronic evidence i.e.
1. Doesn’t have to be in its original form.
2. The electronic evidence was produced by the computer which during the period of the alleged incident was known to store that particular kind of evidence by someone who had lawful control over that particular device(computer)
3. That the computer during that period of interest was working properly & if not working properly, that it’s ‘deficiency’ did not affect the particular electronic evidence of interest
In addition to this S106B(4) prescribes that a certificate shall be provided which contains:
|(a)||identifying the electronic record containing the statement and describing the manner in which it was produced;|
|(b)||giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer;|
|(c)||dealing with any matters to which conditions mentioned in subsection (2) relate; and|
|(d)||purporting to be signed by a person occupying a responsible position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate)|
These can be classified into two: Internal emails & Internet emails. Internal emails are organization-specific i.e. email@example.com while internet emails are available to general pubic use i.e. firstname.lastname@example.org etc.
As far as the presentation of emails as electronic evidence is concerned, they have to adhere to the dictates of the aforementioned sections of the Evidence Act. In particular, the presentation of a certificate which requires the signature of someone who was occupying a responsible position in relation to the operation of the relevant device.
In the case of Internal Emails , the IT officer in that organization responsible for the maintenance of the mail servers or any duty that includes email management should be the person “…occupying a responsible position..”
In the case of Internet emails, this could be the email service provider if the request to obtain email contents went through them. However in some cases, internet email data is stored locally on disk & there is no need to contact the email provider. The individual in this case who handles the extraction of this data & analyzes it will be considered the person “…occupying a responsible position..”
In addition to the signature of the individual “…occupying a responsible position..” , the other aspects of the certificate must be included as well as set out in S160B(4).