In the last decade, electronic records have taken over the business world. Just as e-mail has become the preferred method of business communication for nearly everyone, financial records, legal documents and work assignments are now kept primarily—and sometimes solely—in electronic form. Electronic records and e-mails are widely accepted for many important business communications that previously required physical signatures or paper documentation and the proliferation of electronic records in the business world is reflected in recent statistics on e-mail usage. According to research from the University of California at Berkeley’s School of Information Management and Systems, more than 93 percent of all corporate data is created electronically and e-mail is accepted as written confirmation of approvals or orders in nearly 80 percent of organizations.

The proliferation of electronic records was one of the catalysts behind the December 2006 e-discovery amendments to the Federal Rules of Civil Procedure (FRCP) that require companies to know where electronically stored information (ESI) including e-mails, spreadsheets, Word documents, image files and more are kept and make that information available to the other party if reasonably accessible. In addition, the Rules set new requirements for the parties to meet and discuss what ESI will be considered during the trial.

The amendments seek to clarify the e-discovery process but these changes present one of the biggest challenges for companies looking to comply with the new rules because while the convenience and speed of electronic records are highly touted, the security and authenticity aspects are often overlooked. Whereas signatures and other paper documents can be examined in court for possible tampering, electronic records like e-mails, instant message logs and Excel spreadsheets can easily be altered without raising red flags. Anyone with minimal tech savvy and access to a company’s computer systems can significantly alter electronic records, potentially changing their meaning and altering the outcome of a critical business deal.

This frightening thought is compounded by research that has shown that more than 80 percent of all security breaches and electronic records tampering occur inside an organization’s perimeter. That means the vast majority of data tampering is done by employees, contractors and other partners who already have access to an organization’s computer network. Data alteration—whether intentional or not—could be happening in your organization everyday without your knowledge. Even though the issue may seem to be one for your legal team, many lawyers are looking to their IT departments to counsel them on best practices for e-discovery. Attorneys are expecting IT professionals to provide recommendations on the best ways in which to securely archive and authenticate records.

As the e-discovery amendments to the Federal Rules of Civil Procedure demonstrate, courts are becoming increasingly savvy about electronic records. Whereas there previously were no consistent guidelines on electronic data archiving and retrieval, the Federal Rules have shown that courts recognize the importance and staying power of electronic records and thus, e-discovery. As lawyers and judges around the country debate the exact requirements of e-discovery and their reasonableness, one concept has emerged as a problem area for many: proving the authenticity of electronic records.

The Verdict is In: Authentication is Critical

Decisions from courts nationwide are raising questions about the admissibility of electronic evidence that has not been authenticated or, more simply, proven to be what it purports to be. Whereas paper records have signatures or other identifying marks to demonstrate authenticity, there is nothing about a typical e-mail or electronic record that can help a witness or fact finder tell if the record has not been altered.

In his landmark decision in Lorraine v. Markel, United States Magistrate Judge Paul W. Grimm would not allow electronic evidence from either party to be admitted because it has not been properly authenticated prior to trial. Grimm’s outlined in his opinion some of the steps necessary for having ESI admitted into evidence, noting that ESI must meet the same criteria as traditional evidence. In order to be admitted, ESI must: be relevant to the issue at hand; be authentic (the evidence is what it purports to be); not be hearsay or if hearsay, able to meet the requirements for an exception; be the original or duplicate of the evidence or able to meet an exception to that rule; and not be unfairly prejudicial to either party in relation to the evidence’s probative value.

Of these five requirements, the one that causes IT departments the most headaches is the ability to prove the authenticity of records. Grimm stated, "the inability to get evidence admitted because of a failure to authenticate it almost always is a self-inflicted injury which can be avoided by thoughtful advance preparation…If it is critical to the success of your case to admit into evidence computer stored records, it would be prudent to plan to authenticate the record by the most rigorous standard that may be applied." Without these electronic records admitted into evidence, the court was unable to issue a ruling in the case and the parties were left to pursue further costly and time-consuming litigation.

Grimm is not the only judge concerned about the authenticity of electronic records. A recent decision from Delaware’s Chancery Court emphasized the importance of data authentication with respect to the metadata, or data about data, associated with documents from the defendants in the stock option backdating case of Ryan, et al. v. Gifford, et al. Chancellor William B. Chandler, III, ruled that defendants must produce requested documents in native file format as “metadata may be especially relevant in a case such as this where the integrity of dates entered facially on documents authorizing the award of stock options is at the heart of the dispute.”

The IT Answer: Data-Level Security Controls

The challenge for data storage and management professionals is to implement a solution that provides easy and irrefutable proof of the authenticity of all electronic records. There are several data-level authenticity controls that seek to help IT professionals meet this challenge. Digital signatures provide the “who” aspect of electronic records but lack the necessary “when” aspect to show that a record has not been altered since a specific point in time. Secure hashing provides a means to determine if a record has been altered but is very susceptible to tampering or alteration by anyone with access to the hash value. Similarly, PKI-based timestamps bind a time value to a record by hashing the record but there are several drawbacks that make this method susceptible to legal questioning. The binding is dependent on the privacy of the key as well as the expiration date of the key, both of which could easily render the key and its associated documents invalid.

The only solution to adequately address authenticity while remaining independent for any bias or compromise is digital time-stamping using the hash-chain-link method. Digital time-stamping, a concept that has been around for several years and has recently emerged as an important tool in e-discovery, provides data professionals with the means necessary to authenticate electronic records A trusted digital time-stamping solution works seamlessly in the background of an organization’s IT environment to seal electronic records, making them impervious to later tampering or alterations. The result is a collection of electronic records that can stand up to even the most exacting legal scrutiny. When using such a solution, both an organization’s IT and legal team can rest assured that electronic records are stored in their original condition, free from any changes that could affect a legal outcome.

Top of the line digital time-stamping solutions use a hash-chain-linking method to affix a file-agnostic hash value and secure timestamp to a digital record and then combine the hash, timestamp and other traceable information to create a timestamp token. This token is then affixed to the record and securely archived on a third-party server to ensure that the token is removed from any potential bias or internal force. To add another layer of security and independence, the token of each electronic record is linked to a hash chain created from an unbroken chain of electronic files. For easy referral and confirmation of integrity, the hash chain is then widely published to guarantee that any third party, such as a judge or jury member, can validate the authenticity of the token and, thus, the associated electronic record. By publishing the hash chain, the timestamp gives still further assurance of data authenticity and proves that not even those with access to the tokens have altered the hash chain.

Another important aspect to selecting digital timestamps is finding a solution that meets applicable standards for trusted timestamps. Regulatory bodies like the American National Standards Institute (ANSI) set out standards for digital time-stamping. For example, ANSI X9.95 states “the minimum security requirements for the effective use of timestamps” for use in certain environments and specifies that an independent third party must be able to audit and validate the timestamp process. The regulation also spells out proper techniques for coding, encapsulating, transmitting and storing time-stamped data. The ANSI standard is an important one to read for anyone who is evaluating digital time-stamping solutions for use in e-discovery.

The advanced technology and third-party independence provided by digital time-stamping make such solutions ideal for anyone looking to fully comply with the e-discovery amendments to the Federal Rules of Civil Procedure. As judges become more concerned with the authenticity of electronic records introduced as evidence, organizations that have implemented trusted time-stamping to prove the validity of electronic records hold a significant competitive advantage over others. With trusted time-stamping, a company eliminates the costly and sometimes lengthy process of proving authenticity and ensures that necessary evidence from their side will be admitted into trial. There’s no doubt that e-discovery has changed the rules for many but solutions like digital time-stamping can help an organization stay ahead of the curve.

Tom Klaff is the CEO of Surety, LLC.