By John Ahearne, Forensic Analyst When data is is needed for use as evidence, it…
Legal Email Collection
When collecting email evidence for use in litigation, whether it’s criminal or civil in nature, it is imperative that emails be obtained in a lawful, repeatable and defensible manner. If they are not, they may not be admissible in court.
Obtaining Emails for Criminal Investigations
There are three legal methods routinely used for obtaining emails for use as evidence in a criminal investigation.
- Subpoena for Non-party Records
- Signed Consent/Authorization
A warrant is a document obtained from a judge by law enforcement that authorizes law enforcement to conduct a search for possible evidence in a criminal investigation. When requesting a warrant, law enforcement must show probable cause to believe that an item, in this case email, may be evidence of a crime.
A proper warrant must be specific about what location(s) may be searched and what item(s) may be seized or obtained. Law enforcement is required to stay within these parameters when conducting a search and seizing possible evidence, including obtaining emails. In the case of electronic evidence, the warrant issued may specifically note the phone, computer or other data storage device that is subject to data collection, and also specify the type of data to be collected—in this case, email. The device is collected by law enforcement and may also be brought to a third party, such as DriveSavers, to collect the email evidence.
Example: John Smith is under investigation. There is probable cause indicating that there is evidence for the case located in his email. It is suspected that email from John Smith’s account is downloaded into Outlook on an HP laptop computer used by his entire family. Law enforcement goes through the proper channels to obtain a signed warrant from a judge that allows them to search only that single laptop and obtain only email from John Smith’s email account. If the specified email account exists in a program on the specified computer, then the email data may be collected.
Subpoena for Non-party Records
A subpoena duces tecum, in the case of evidence collection for criminal investigation, is a formal demand for the production of documents from a non-party. A non-party is an individual, company or other party that is not directly involved with the investigation but may hold ownership or access to related evidence. In the case of email, a non-party would be an email provider such as Gmail or Yahoo.
Where a warrant allows law enforcement to directly conduct collection themselves, a subpoena duces tecum requires the non-party that hosts the email, such as Gmail or Yahoo, to produce the email data and provide it to the requesting attorney, District Attorney’s office and/or the court for review.
If the owner of the email agrees to voluntarily provide email messages or direct access to the account, the requesting party should obtain a signed consent/authorization.
Obtaining Emails for Civil Litigation
The most common methods for obtaining emails for use as evidence in civil litigation are:
- Demand for Production
- Subpoena for Non-party Records
- Court Order
Demand for Production
A Demand for Production of Documents, including electronically stored information (ESI), is part of the formal discovery process prescribed by a jurisdiction’s rules of civil procedure.
Although discovery rules in different jurisdictions may be similar, subtle differences and recent amendments may affect how to best demand emails and in what format that the emails will be produced. The producing party is then obligated to collect the email in a defensible manner in order to avoid expensive discovery disputes.
In most cases, the discovery process is the most expensive part of civil litigation. Employing a credible eDiscovery company like DriveSavers can help to mitigate costs by ensuring that emails and other ESI are produced using methods and formats that will be accepted by both parties and the court.
In order to reduce discovery cost, attorneys from both sides of a civil dispute may stipulate, or agree, to allow collection of their client’s email.
Stipulations most often include a protocol, specifying the allowable access to email accounts. A neutral eDiscovery/forensic company, such as DriveSavers, is used to collect the email data in a defensible and repeatable manner.
In most instances, when a neutral company is used to collect email, the protocol requires that the data first be reviewed by the attorney for the email owner prior to handing it over to the opposing party attorney. Privileged data and data that is not relevant to the case will be excluded from what is produced to the opposing attorney.
Similar to criminal matters, a subpoena duces tecum used in civil litigation is a formal demand for the production of documents (email) from a non-party. In the case of email, a subpoena requires the individual or company that owns or hosts the email to produce the email data and provide it to the parties for review. The email data may be collected and produced using a third party such as DriveSavers.
If the parties fail to agree or there was an irregularity in an initial email production, the matter may wind up in front of a judge. After hearing argument from counsel, the court may order a collection procedure similar to a stipulated protocol. The Court may also appoint its own expert to collect or evaluate a party’s original collection.
Consequences of Obtaining Emails Incorrectly
Using a third party digital forensic or eDiscovery company like DriveSavers can make or break a case. It is the business of such companies to know how to collect, produce and present digital evidence.
In both civil litigation and criminal investigation, there are consequences if emails are not obtained properly.
- Inadmissible Evidence
- Spoliation Penalties
If evidence is not obtained properly, then it may be ruled inadmissible. It is, therefore, imperative that proper procedure be followed in every detail from the beginning.
If email evidence is collected or obtained incorrectly and any data is intentionally deleted or otherwise altered in the process, spoliation monetary penalties may be imposed. Always use a reputable company that will obtain emails and other electronic evidence in a defensible, repeatable and court-validated manner.
Checklist for Properly Obtaining Email Evidence
- Go through appropriate legal channels: Obtain a warrant or court order from a judge, a subpoena, stipulation from an attorney or written consent from the owner of the email.
- Device collection: Digital evidence collection requires careful attention, as described in this article.
- Do your research: Use a reputable digital forensic or eDiscovery company such as DriveSavers. If email evidence is extracted improperly, the data may accidentally be changed or deleted in the process, and metadata such as time and date stamps may inadvertently be altered.
- Review: Once email data is extracted by a reputable company, the data may be provided to the attorney representing the email owner for review. Privileged and non-relevant data will be excluded from what is produced.
If you need assistance with legally and correctly obtaining emails or other electronic evidence, or have any questions regarding a digital forensic or eDiscovery issue, please call DriveSavers at 800.440.1904 for a consultation.