This document discusses the need for businesses to prove the authenticity and integrity of electronic documents given increased scrutiny from courts. It provides examples of court cases where electronic documents were rejected as evidence due to inability to prove authenticity. The document then discusses benefits of using a service called Digiprove that can digitally fingerprint and timestamp documents to prove their provenance and authenticity in court. It explains how Digiprove works to automatically protect documents and provide independent verification of their existence and timestamps without storing the actual content.

1. Introduction
The need to prove the provenance, integrity and authenticity of an electronic document has become
an area of increasing interest over the last few years. This includes the ability to prove times and
dates of the creation and any modification of the documents. But is all this really necessary? Do
businesses need to have this sort of functionality in place? Until recently, electronic records were
treated much like their paper counterparts, at least in terms of their admissibility as evidence in a
court of law. But this seems to be changing and quickly. In several landmark rulings, electronic
business records that earlier would have been routinely admitted into evidence have been excluded
because of questions as to their authenticity.
The December 2006 amendments to the Federal Rules of Civil Procedure have caused corporate IT
departments to spend huge sums building systems to respond to eDiscovery requests. But if the
authenticity of the documents so produced is challenged, that might be money down the drain. As a
result, authenticity challenges around electronic records are emerging as a serious problem for
attorneys. They can also represent an opportunity, once counsel begins to understand the new
litigation tactics that can be used to win cases or drive settlements.
There are a few key areas in which a solution that performs these key authenticity functions is
useful. They are:
 Compliance
 Copyright
 Intellectual property protection
 Protection of your legal position
Even from this short list it appears that there are an abundance of reasons as to why you should
invest in a solution which reduces the burden of compliance, and which acts as a proof of ownership
and copyright. But what is the flipside? Are there any reasons not to introduce a solution for this
purpose?
We’ve compiled a list of 10 reasons why you shouldn’t digitally fingerprint and protect your
documents:
You don’t foresee an event where you will have to prove a document’s
integrity.
And why would you? Nobody ever expects things like this to happen to them.
However, you may just be looking at this from the wrong perspective. For example, ask yourself this
question: “Why have I got motor insurance?” Most people think that they will never have a car
crash. So why do they insure their cars? Ok we hear you, it’s the law and it could cost you a fortune

2. not to have it in place. Proving a document’s integrity is similar however. You don’t realise you have
to have a solution in place until it’s too late. Should a situation arise (e.g. a court case) where you
must prove the authenticity and integrity of a particular document having a solution in place could
save your organisation a fortune in legal fees, fines and compensation payments for example.
You like going to court.
Everybody likes a day off work and a trip to a courtroom can be quite fun on occasion. Whether
you’re the plaintiff or the defendant, your day out of the office will be far less enjoyable if you don’t
have the ability to prove the integrity of a document which is being used as evidence. If this
document is the smoking gun your case is built on, you’re in serious trouble as it will probably be
thrown out of court. Whether or not spoliation has occurred it is your ability to prove the
document’s integrity that matters. The risk to you personally as an employee can be quite high
especially if this is a document which should have been protected by you or your department (e.g.
an employment contract if you are a HR manager, financial reports if you are a CFO). Not only could
this potentially cost your organisation millions you are probably going to lose your job. On the bright
side, a few more days off work. But if this is not what you want, you have to ask yourself, “Have I
covered all the bases?”
You enjoy falling foul of compliance regulations
It’s almost as good as being a teenager rebelling against your parents again. The only issue is that it’s
a little more risky. Failing to comply with regulations such as Sarbanes-Oxley (SOX) or the Federal
Rules of Civil Procedure (FRCP) can land a company in hot water leading to penalties including fines
and jail time depending on the situation. There are so many different compliance regulations, across
virtually every industry, that it has become extremely difficult to make sure you are compliant with
them all. By being able to prove the integrity and authenticity of a document you are ensuring you
are able to prove your compliance around many regulations concerned with spoliation, falsification
of documents, ownership and much more.
You like to risk major financial penalties
“Our company is doing well we can afford legal fees, a few fines and compensation payments.” And
maybe you can. But wouldn’t it be better to avoid the situation altogether and invest a
comparatively small amount in protecting your legal position with the ability to prove the
authenticity of your documents.
You don’t have the cash flow.
Ok fair enough. In the current economic climate businesses need to make savings wherever possible.
But you really have to think long and hard about what you can afford not to have and what is
essential. Think about our last point. Can you afford a financial penalty down the road from not
being able to prove the authenticity and integrity of your document? It’s unlikely, cash is the life

3. blood of business, without it your business could go under and even if it doesn’t your cash flow will
not be in a healthy position.
You are not worried who tampers with your digital content
Do you even have a reason to worry? You probably don’t think you do. The problem with digital
documents is the ease which they can be changed and the fact that these changes are often
undetectable. There’s little that you can do to stop a document being altered once somebody else is
in control of it. However, if you know it has been changed, as well as what has been changed and
when it has been changed, it can allow you to take the appropriate action to rectify the situation.
The only way to do this is introduce a solution which digitally fingerprints, time stamps, verifies and
authenticates the document’s integrity highlighting when a change has occurred to your document.
Whether it’s your web site content, your blog, your images or critical data your organisation and 3rd
parties like customers or regulators make decisions on you want to know its valid content.
You like other people taking credit for your work
Some people are just modest in nature. If you produce any piece of work such as website content,
reports, articles, music and photos to name but a few, the last thing you want is another person to
pass it off as their own original work. You can’t stop this happening but with digital fingerprint
technology you can make sure you can prove ownership and copyright of your work and get the
credit and financial rewards you are entitled to or simply prevent the person or organisation for
using your work without permission.
You don’t want to make financial gains from your intellectual
property
There could be many people in the world like you who just are not interested in making money. But
if you are sitting on a gold mine and really want to make the most of your idea or invention you need
to be able to prove the copyright of your intellectual property. Although you own the copyright as
soon as the idea is recorded if you cannot prove when and in what form the idea was recorded, you
are leaving yourself open to the risk of somebody stealing it and using it themselves. Ever heard of
Antonio Meucci? Most people haven’t. He is the man who invented the telephone. However, he was
unable to pay the patent caveat for the telephone (it was $10 at the time) and a worker in the
patent office decided that this telephone wasn’t such a bad idea. Of course we all know who is
credited with being the “inventor” of the telephone, Alexander Graham Bell. For years, the two
fought out legal battles (including some on their behalf posthumously) about who had invented the
telephone, a situation that could have been avoided had the technology of digitally fingerprinting
documents been around back in them days. Had this been the case Antonio Meucci and Alexander
Graham Bell would have been able to comprehensively prove who had invented the telephone first.

4. You are not worried whether others trust you or your content
Maybe your digital content has no value in your eyes and is not intended to inform, advise, protect
or cause action. But if it is, then you want the users of the content to be confident in and trust the
integrity of you digital content. As digital content is so easily manipulated, often in an undetectable
way, you also need to have confidence in the content you produce, knowing that you can reliably
prove its provenance, authenticity and integrity.
You don’t rate your competition
If you are an SDK developer you want to have every possible advantage over your competitors. If
your product is in a sphere where being able to prove the integrity, authenticity and provenance
could be important, adding a function that digitally fingerprints your electronic documents could
give you the competitive advantage you need. However, if you don’t rate your competitors you
probably don’t have to worry, unless of course they add the function to their SDK.
Cases
Amex v. Vinhnee, December 2005
In this case, American Express claimed that Mr.Vinhnee had not paid his credit card bills,
and took legal action in order to recuperate the money. However, the judge decided that
American Express had failed to authenticate the electronic records being used as evidence,
and that therefore Amex’s business records were inadmissible as evidence.
American Express tried to have the records admitted as evidence a second time and they
were yet again told the records were inadmissible on the grounds that they failed to
sufficiently establish a foundation of authenticity for the records offered into evidence.
Finally, American Express appealed this judgement and lost a third time. Interestingly, the
defendant didn’t show up for the court date, and wasn’t even represented by counsel.
This decision is considered significant because it said, in effect, that electronic records are
not automatically presumed to be admissible (in court) unless you can prove that the
electronic document submitted is identical to the original record. The decision also meant
that courts and counsel would require parties submitting digital documents as evidence to
show some way of testing and proving the authenticity of those electronic documents.
In this case, the judges made it clear that the digital records presented by Amex were “too
vague” to be admissible as evidence, in essence, asking the court to accept so-called
“inferred authenticity” which was judged to be insufficient.
The judge pointed out that, “... the focus is not on the circumstances of the creation of the
record, but rather on the circumstances of the preservation of the record … so as to assure
that the document being proffered is the same as the document that originally was

5. created…. Ultimately, however, it all boils down to the same question of assurance that the
record is what it purports to be.”
Lorraine v. Markel, May 2007
In this case, a couple took their insurance company to court in a dispute over the cause and
amount of damage to their yacht which had been struck by lightning. Both parties
petitioned the court for summary judgment, and Judge Paul Grimm dismissed both of these
motions, because the digital documents at the center of the case could not be authenticate
and therefore were inadmissible as evidence.
In his opinion, Judge Grimm wrote, “The primary authenticity issue in the context of business
records is on what has, or may have, happened to the record in the interval between when it
was placed in the files and the time of trial. In other words, the record being proffered must
be shown to continue to be an accurate representation of the record that originally was
created.”
There has been a major rise in the amount of federal judges that are concerned that
electronic documents have been manipulated or altered before being produced for use in
litigation or that the programs and procedures used to create and maintain these digital
documents cannot be relied upon to protect these documents from manipulation by
corporate insiders.
This ruling makes it clear that while some courts will continue to view electronic business
records much as paper documents (which are rarely challenged on grounds of authenticity),
attorneys should be prepared to face more frequent challenges to e-records in the coming
years. Judge Grimm wrote, “Unless counsel knows what level of scrutiny will be required, it
would be prudent to analyze electronic business records that are essential to his or her case
by the most demanding standard. The cases further suggest that during pre-trial discovery
counsel should determine whether opposing counsel will object to admissibility of critical
documents.”
“The logical questions extend beyond the identification of the particular computer
equipment and programs used,” the judge wrote. “The entity’s policies and procedures for
the use of the equipment, database, and programs are important… how changes in the
database are logged or recorded, as well as the structure and implementation of backup
systems and audit procedures for assuring the continuing integrity of the database, are
pertinent to the question of whether records have been changed since their creation.”
He concluded, “Further, although ‘it may be better to be lucky than good,’ as the saying
goes, counsel would be wise not to test their luck unnecessarily. If it is critical to the success
of your case to admit into evidence computer stored records, it would be prudent to plan to
authenticate the record by the most rigorous standard that may be applied.”

6. About Digiprove
How it works?
Digiprove is a service that supplies independent time-stamped proof of digital content (without the
need to send or store the content with us thus maintaining full confidentiality). Think of it as a Digital
Notary. It automatically takes the digital fingerprint of all content submitted to it and provides
certification of its existence.
It does this by encoding and time-stamping the relevant digital content and issuing a digitally signed
certificate referencing this content. The service is based on a patented process and the proof is
indisputable.
Auto-Protect uses the proven core technology of Digiprove and is designed to be deployed within
organisations as a background process that just runs automatically without manual intervention. All
you need to do is record your digital data according to the folder structure you have chosen (you are
probably already doing this).
Note that although the Digiprove service itself is SaaS (Software as a Service), it co-exists with your
existing office automation and business software and hardware – you do not have to discard your
existing investment in software and hardware in fact you can point autoprotect to your current
application data and it will also be automatically protected
The beauty about the way this has been set up is that there is the absolute minimum amount of
dependence on you or your staff to run backups or do housekeeping tasks. The main task that
requires manual intervention is the process of indexing all newly created or amended documents
(incoming and outgoing). To make all this work, you will need to adopt a standardised folder
structure and file naming conventions.
Independent Expert Opinion
The Digiprove service has been independently examined and tested by Georgia Tech who are one of
the foremost world experts in digital security, and they had this to say:
“… the process described in the patent does indeed provide a tamper-proof way to show that digital
data has not changed since its timestamp. The process also provides a provision to validate any
alteration made after it has been time stamped… the software does faithfully implement the
patented 'Digiprove' process providing an authenticated method for establishing proof of existence
and possession of digital content of any kind.”
For more information
Email info@digiprove.com