The Inadequacy of Analysis of Electronic Records Management for Evidence and Discovery-法搜-中国法律信息搜索网

　　Since 1977, I have had a unique experience in working with experts in records management. As a result, the interdependence between the use of records as evidence and for electronic discovery and their records management, is now the foundation of my practice of law.[13]

　　2.　　Electronic Records are the Single Most Comprehensive Body of Evidence of Legal Rights, Freedoms, and Obligations

　　All electronic communications and submissions produce records. Therefore records are potentially relevant to a wide range and volume of legal proceedings, procedures, and negotiations. Adequate and timely proof of the contents of those communications requires good records management in compliance with established national and international standards of electronic records management. It follows that all legislation dependent upon proof of electronic communications requires good records management, e.g., legislation concerning, evidence, electronic commerce, electronic discovery, privacy and personal information, securities, taxation, property laws, and all of the services that affect our quality of life. Laws were also dependent upon paper and microfilm records in the pre-electronic past, but now electronic records are transmitted, stored, processed, transformed, secured, and made vulnerable in many new ways and done so everywhere and made available to all places. Therefore electronic records and good records management are the single most comprehensive body of evidence of our legal rights, freedoms, and obligations. Therefore after-the-fact investigations of all types, and the resulting disclosure and discovery, should require proof of the state and quality of records management applied to the records generated by those communications. Otherwise, there can be no assurance that those investigations and the disclosure and discovery they generate are sufficiently accurate, precise, comprehensive, fair, timely, and able to be conducted at reasonable cost.[14]

　　3.　　Electronic Records Management is Fundamentally Different from “Paper” Records Management

　　Electronic records, and electronic records management are fundamentally different from traditional, pre-electronic “paper” records and paper records management. The former is not merely a faster version of the latter. The difference is one of kind, not merely one of degree. For example, bicycles, motor vehicles, and airplanes are all methods of transportation, but the impact of each upon our lives and laws is very different. Each is a different thing and not merely a variation of the same thing. This progression in transportation has required more than just better traffic laws. Similarly, because of the differences between electronic and paper records, and the resulting differences between electronic and paper records management, the electronic record provisions of the Evidence Acts in Canada require proof of the “system integrity” of the electronic records system in which any electronic record, adduced as evidence, is recorded or stored.[15] Proof of the integrity of a record requires proof of the integrity of its records system.[16] In contrast, the older “business record” provisions of the Evidence Acts contain no reference to record systems.[17] They require proof of the history of the adduced record, i.e., proof that the record was made “in the usual and ordinary course of business” (or a similar “business activity” wording).[18] Similar changes will have to be made to the laws in other countries concerning the use of electronic records as evidence.

　　4.　　 “Systems” Concepts versus “Records” Concepts in the Electronic Records and Business Record Provisions in the Evidence Acts

　　The “system integrity” test is an objective test, based upon established, authoritative standards such as the National Standards of Canada for electronic records management.[19] In turn, these standards are based upon the international standards of the International Organization for Standardization (“ISO”) in Geneva, Switzerland.[20] Canada’s national standards have been approved and certified by the Standards Council of Canada as national standards. Therefore they have been recognized as authoritative standards by ISO. Therefore the “system integrity” test is to be applied by determining the state of compliance of an adduced record’s electronic record system with those National Standards of Canada. They state the basic, minimal requirements of adequate electronic records management. At present, there is no other authoritative source that can give the “system integrity” test meaning and content—e.g., with which to answer questions such as: (1) what is the scope of a records management “system”; can it be a division or a branch office of an organization’s records management operations; and, (2) what are the requirements for proving the “integrity” of an electronic records system?

　　In contrast, the “usual and ordinary course of business” test of the older business record provisions is a completely subjective test—each business determines its own “usual and ordinary” state of records management. If very inadequate, unreliable records management is the product of an organization’s “usual and ordinary course of business,” its records must be accepted as evidence once proved to have been so made.[21]

　　5.　The Complexity and Vulnerability of Electronic Records Management

　　Electronic records management and its records are many times more complex and vulnerable than traditional “paper” records management and its records. Therefore the business record provisions in Canada’s Evidence Acts are very inadequate for determining the admissibility and “weight” (credibility; probative value) of electronic business records. An electronic records system is the product of many expert opinions, and therefore so is any printout from it. Expert opinions and choices are made to produce its many software programs, storage and communications devices, and the principles and practices by which it operates. But there is no procedure for determining the reliability of a printout as there is for determining the reliability of expert evidence given by a witness. Printouts should be challenged as to their reliability, but so challenged as an issue as to whether they should be accepted as evidence. In fact, they are not being challenged in regard to the technology and records management principles and procedures that underlie the creation, handling, storage, and retrieval of the information in them.

　　All of the various pieces of software of an electronic records system have known “error rates” determined during their manufacture, as do its storage devices, and all of its other electronic components. In comparison, a breathalyzer-type machine used in impaired driving cases is a very simple device. But its software “source code,” being the primary code by which software is developed, is made up of approximately 54,000 lines of code. The industry average for error rates is 25 software defects for every 1,000 lines of code, which means there are 1,350 potential defects operative during every breathalyzer test.[22]

　　Traditional “paper” record systems are "stand alone units," meaning that they cannot be corrupted without having physical access to them. But electronic record systems are connected to the world of the Internet, therefore everything can get to them. Their security should be challenged before their printouts are admitted into evidence.