Paper case studies admissibility of digital records as legal evidence in malaysia
1. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
1
CASE STUDIES:
ADMISSIBILITY OF DIGITAL RECORDS AS LEGAL EVIDENCE IN MALAYSIA
By
Nurainolmardhiah Binti Abdul Halim
Setra Ginsim
Siti Khadijah Binti Baharuddin
National Archives of Malaysia
ABSTRACT
This paper presents the general concept of digital records and what enable digital records to
be used as legal evidence. This paper also highlights the characteristics of digital records
that must be present as required by with ISO 15489. This paper presents the case studies
that show the acceptance of digital records as legal evidences in Malaysia. Other than that,
brief explanation of Subsection 90A(2) and 90A(6) of the Evidence Act 1950 (Amendment
2012) which enables the admissibility of digital evidence in Malaysian court.
Keywords: Digital evidence, Digital records, ISO 15489
INTRODUCTION
The creation and storage of documents have, over the decades, has been drastically
changing with the advent of digital revolution. Electronic commerce and the use of digital
medium as an alternative to the physical tangible ‘world’ have given rise to an urgent need to
render admissible and enforceable evidence in the form of electronic records and data (Kim,
C. S., 2015).1
Nowadays, digital records being created almost each second per day
compared to paper-based records and contribute to the proliferation of information in the
digital environment. It is impossible to ignore that nowadays the preferred means of
communication in all aspects of business and even social interaction is done digitally. Thus,
the proper management of digital records is crucial in order to ensure that the digital
information created can be used as evidence of business transactions in court cases.
Many countries in the world have begun using digital evidence including Malaysia. Section 3
of the Evidence Act 1950 (Amendment 2012) defines evidence as: (a) all statements which
the court permits or requires to be made before it by witnesses in relation to matters of fact
1
Chua Siak Kim. “Electronic Evidence Singapore Approach”
2. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
2
under inquiry, such statements are called oral evidence; (b) all documents produced for the
inspection of court, such documents are called documentary evidence. However, the
meaning of the word evidence in the section goes beyond the narrow statutory meaning
explicitly set out. The amendment to the Evidence Act 1950 (Amendment 2012) Subsection
90A, 90B and 90C in 1993 has provided for the admissibility of ‘computer-generated
documents’ in both civil and criminal proceedings.
THE CONCEPT OF DIGITAL RECORDS
Good management of records and information is the key that enables digital records to be
used as irrefutable evidence. “Records technically can be defined as any information
created, received and maintained as evidence and information by an organization or person,
in pursuance of legal obligations or in the transaction of business”.2
The creation and
storage of records have, over the decades, been dramatically altered with the advent of
digital evolution. In one study made by Julian Gillespie, Patrick Fair, Adrian Lawrence and
David Vaile reported that over 90 per cent of the documents or records produced in many
organizations today originate in digital format, of which 70 per cent are never printed.3
From
our perusal of multitude materials, a vast new array of digital evidence, which would have
been unheard of years ago, has surfaced in courtrooms in recent years such as electronic
account statement, electronic bus ticket and computer-generated document.
As with records in other formats, digital records must be managed through their entire
lifecycle from creation, when the records are created or received; through their active life,
when the records are accessed frequently (at least once a month); through their inactive life,
when the records are no longer active but have to be retained for a period of time for legal,
fiscal, administrative or historical reasons; until their final disposition which could be
destruction or preservation as a permanent records. In compliance with ISO 16175-2:2012,
records management frameworks, policies and tools must ensure records can be
appropriately managed. In order to know what digital records must be managed, agencies
should create an inventory or other means of identifying and locating all their records,
regardless of format and hence ensure that all records are included in approved retention
schedules. In fact, the designation of information technology system played an important role
2
ISO 15489 Information and documentation – Records Management
3
Julian Gillespie, Patrick Fair, Adrian Lawrence, David Vaile, “Copying when everything is digital? Digital
documents and issues in document retention” (2004) Baker and McKenzie Cyberspace Law and Policy Centre
White Paper, at p 4.
3. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
3
to ensure that digital records are controlled from the beginning of the records life cycle and
extend the usability of information for future references.
Digital records are admissible if it is authentic and unaltered. Questions related to
admissibility must be considered in light of the fact that digital data may be falsely created,
changed or falsified without detection. It can be forged by a hacker, developer or a lay
person. When forwarding an e-mail, the sender can edit the e-mail. Such alterations are
often not detectible by the recipient. It will be necessary to show that the digital records
management system was correctly designed, configured such as in terms of firewall, audit
trails and logging as well as maintained. The chain of custody of each piece of evidence
must be carefully documented. To ensure we are able to present original and authentic
digital records, a good digital records management system that used to create and store the
digital records should comply with the standard at the first place.
A good digital records management system has to comply with MS ISO 16175-2:2012, Part
2: Guidelines and functional requirements for digital records management systems which
describe requirements for software systems used to manage records. According to MS ISO
16175-2:2012, Part 2, digital records management systems should have the following
attributes that seek to ensure that key records characteristics are maintained:
a) creating and capturing records in context
b) managing and maintaining records control
c) maintaining records for as long as they required
d) implementing records disposition
e) the management of records management metadata
Digital records management systems shall capture the content, structure and context of
records to ensure they are reliable and authentic representations of the business activities or
transactions in which they were created or transmitted. This is known as ‘point of capture’
metadata and should in itself be captured as records; it should not be possible to alter any of
these metadata features without changes being tracked and auditable. To be meaningful as
evidence of a business process, records shall be linked to the context of their creation and
use. In order to do this, the records shall be associated with metadata about the business
context in which it was created and its point of capture into the system. The digital records
management systems should allow only authorized users to access each record and internal
integrity should be maintained at all times regardless of the maintenance activities, other
user actions and failure of system components.
4. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
4
As well as acting as evidence of the transaction been made, digital records contained on
information technology system should be able to demonstrate exactly who made what
changes and when it happen. This could be in order to provide proof of who was involved in
a process and evidence of their authority to do so or simply to enable the author of a
particular version of a record to be identified and contacted to provide clarification over a
point of details. Essential records management capabilities include assigning unique
identifiers to individual records, providing safeguards against unauthorized changes being
made to those records and creating an unbreakable audit trail for reasons of accountability
and e-discovery of digital records. Nowadays, many information technology systems
designed built-in with audit trail characteristic to enable the tracking of the information used
within the system. An audit trail is a chronological log of access to a system and a record of
additions, changes, and deletions to that system, most often listing the person accessing the
system and the time of the access or action (Cohen, E., 2012). The log is meant to be
inalterable. Audit trail can also be referred as records series that consists of system tracking
events relating to records in information system used for routine agencies administrative
activities. Audit trails are linked to specific records in a system and track such information as
the user, date and time of event and also type of event, such as data added, modified or
even deleted.
Unfortunately, not all of the digital records management systems are within system
compliance with ISO 16175. However, as long as the system has access control and audit
trail for instance, the digital records can be presented and used in the court of law.
DIGITAL RECORDS AS LEGAL EVIDENCE
Nowadays, the evolution of cyber and computer technology has changed the way people live
and communicate. Information technology has caused a paradigm shift in the way
individuals and organizations create, collect, share and store data and information.
Advanced technology ranging from mobile devices to satellites is providing sophisticated
ways to document daily events, resulting in expansive collection of invaluable records.4
Millions of people are now creating information that may become ‘evidence’ in court cases
around the world. In court proceedings, traditional eyewitness testimony can be greatly
enhanced and corroborated by introducing digital evidence.
4
“Mobile Devices, New Challenges for Admissibility of Electronic Evidence.” by Lucy L. Thomson.
5. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
5
Digital evidence is regarded as documentary evidence as defined in Section 3 Interpretation
of the Evidence Act 1950 (Amendment 2012), ‘document’ means any matter expressed,
described, or howsoever represented, upon any substance, material, thing or article. Thus,
many kind of digital information play an important and useful role in various civil and criminal
court cases.
In Malaysia, digital evidence is admissible as documentary evidence and primary evidence.
The admissibility of digital output is established under sections 90A, 90B and 90C of the
Evidence Act 1950 (amendment 2012). Digital evidence is any probative information stored
or transmitted in digital form that a party to a court case may use during trials. The court will
determine if the digital evidence is relevant, authentic and original. In Malaysia, we have
Cyber Security to take care of the digital evidence derived from digital sources. Cyber
Security is an agency under the Ministry of Science, Technology and Innovation and one of
the specific services under Cyber Security that can provides digital evidence in the court of
law is Cyber Forensics. To date, Cyber Forensics has contributed in solving numerous
forensics cases including high profile cases such as the Altantuya Shaariibuu murder case,
the V.K. Lingam Video Clip, DSAI China Doll video clip case, insult Sultan Perak case, insult
Sultan Johor case, illegal online soccer gambling during World Cup 2010, illegal Ponzi
scheme Dana futures, Maldives credit card fraud case and many more including cases in
Intellectual Property Court.5
All reports and testimonials from Cyber Forensics analysts are
acceptable by the Malaysia Court of Law. There are several services provided by the
Malaysia’s Cyber Forensics in order to analyze and provide digital records as evidence in
the legal court. These services are digital forensics which includes computer, mobile phone,
audio and video forensics and data recovery which is the process of salvaging data from
damaged, failed, corrupted or inaccessible digital storage media and making it readable
using computer applications.
Digital evidence is also very fragile and could easily be altered. Therefore the issues of
authenticity and reliability are of paramount importance for digital records. In these cases,
computer evidence is admissible under section 90A of the Evidence Act. For civil cases such
as internet defamation, breach of online contract or succession (will and probate) the
process of collecting evidence and filing a civil suit are based on the court rule, Practice
Direction and relevant statutes.
5
http://www.cybersecurity.my/en/our_services/digital_forensics
6. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
6
On reading through Evidence Act 1950, section 90A which has seven subsections should
not be read disjointedly. They should be read together as they form one whole provision for
the admissibility of documents produced by computers. Section 90A was added to the Act in
1993 in order to provide for the admission of computer produced documents and statements
as in this case. Under section 90A (1), the law allows the production of such computer-
generated documents or statements if there is evidence, firstly, that they were produced by a
computer. Secondly, it is necessary also to prove that the computer is in the course of its
ordinary use. A close examination of section 90A(2) and (6) reveals that these two
subsections are incompatible with and contradictory to each other. If section 90A(6) is to
function as a substitute for the certificate, it will render nugatory section 90A(2). The effect of
section 90A(6) is to remove the important and only condition in section 90A(1) required to
show a document to be one produced in the course of a computer’s ordinary use.
All documents produced by a computer will then be admissible by virtue of the deeming
provision of section 90A(6) irrespective of whether or not they were in fact produced in the
ordinary course of computer’s use. The interpretation is far-fetched and was never intended
by the clear words in section 90A(1) or the Parliament when legislating section 90A. That a
computer document is produced by a computer in the course of its ordinary use is the sole
condition in section 90A(1) for its admissibility; this must be given effect to either by a
certificate or oral evidence. It is respectfully submitted that such strict compliance cannot be
easily dispensed with by the application of the deeming provision of section 90A(6).
CASE STUDIES
Digital evidence has been used in the Malaysian courts since 1990’s. We studied many court
cases in Malaysia which had used digital records. However, for the purpose of this paper, we
are going to present four case studies which are RHB Bank Berhad v Lee Kai Shin & Anor,
Gnanasegaran a/l Perarajasingam v Public Prosecutor, Hanafi bin Mat Hassan v Public
Prosecutor and Ahmad Najib v Public Prosecutor.
Case Study 1: Unsettled Balance under Hire Purchase Agreement
(RHB Bank Berhad v Lee Kai Shin & Anor)
In RHB Bank Berhad v Lee Kai Shin & Anor, the plaintiff (RHB Bank Berhad) claimed
against the defendants (Lee Kai Shin & Anor) the balance outstanding under the Hire
Purchase Agreement, which was at RM162,186.06 with interest at 8% per annum from 13th
January, 2006 until full settlement and cost. In this case, the plaintiff’s counsel (RHB Bank
7. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
7
Berhad) submitted to the court the bank statement to prove the balance in defendant’s
account was outstanding. During trial, the defendants (Lee Kai Shin & Anor) argued on the
admissibility of the evidence tendered by the plaintiff. The defendant contended that, the
bank statement is digital evidence and must comply with section 90A(2) of Evidence Act
1950. According to the submission, the digital evidence was inadmissible because no
certificate was produced by the plaintiff.
In deciding this case, the learned Session Court Judge decided that the account statement
tendered by RHB Bank Berhad was documentary evidence and had complied with section
90A(2) of the Evidence Act. The judge further decided that, although there is no certificate
produced by RHB Bank Berhad, the oral evidence by the RHB witness was sufficient to
consider the reliability and admissibility of the digital evidence. In other words, the digital
evidence was accepted in this case. Therefore, the amount claimed by RHB Bank Berhad
was a valid amount. Lee Kai Shin and Anor then had to pay the balance outstanding until full
settlement and cost.
Case Study 2: Defendant Charged with Criminal Breach of Trust
(Gnanasegaran a/l Perarajasingam v Public Prosecutor)
In criminal cases, the procedures for collecting evidence is governed either by the Criminal
Procedure Code or the relevant statute such as the Computer Crimes Act 1997 (CCA) and
the Penal Code. In such cases, the prosecutor or the Attorney General must prove the crime
beyond any reasonable doubt and he must also be able to prove that the suspect or the
accused has intended (mens rea)6
to commit the crime.
In Gnanasegaran a/l Perarajasingam v Public Prosecutor, the accused was charged with
criminal breach of trust7
. The appellant, while acting as the complainants’ solicitor, was
entrusted with dominion over two separate sums of money belongs to the complainants,
namely RM6576.16 and RM133,000. The appellant later deposited these sums of money
into his office and client’s accounts respectively. Evidence was presented by PW10
(‘Zainal’), the Bank officer in charge of the two accounts, that as of 27 May 1988, when the
Bank decided to close the accounts, the respective credit balance of the accounts stood at
RM401.02 and RM39.69 respectively. The appellant had not by then paid any payment to
6
A legal phrase used to describe the mental state a person must be in while committing a crime for it to be
intentional. It can refer to a general intent to break the law or a specific, premeditated plan to commit a
particular offense.
7
Malaysian Penal Code, Section 405 defined it as a person is entrusted in any manner over property or
dominion over property and the person dishonestly convert to his own use or dishonestly uses or disposes the
property in violation of any direction of law or any legal contract or willfully suffers any other person.
8. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
8
the complainants, and the Court held that criminal breach of trust in the circumstances had
been proved against the appellant.
The prosecution used evidence, both documentary and oral, to show the opening of bank
accounts and the movements of money therein. Oral evidence was provided by one Zainal,
the officer in charge of the operations of the current accounts of the bank to testify at the
said digital record (bank accounts). Documents relied upon included computerized records
generated by the bank’s computer. The appellant appealed and argued that the learned
Judge was wrong in admitting and acting on Zainal’s evidence. The defense lawyer argued
that Zainal’s evidence was not admissible because s 90A(2) requires a certificate to be
produced to authenticate the records. The appellant argued, however, that subsection (1)
apart, it was still compulsory on Zainal to produce a certificate under subsection (2) of
section 90A certifying that the documents were in fact produced by a computer. And since
no such certificate was produced, Zainal’s evidence, so the appellant opposed, ought to be
rejected.
The court of appeal held that since Zainal was the officer in charge of all the operations of
the branch, he was therefore responsible for the conduct of the activities of the branch for
which created the records. If he desired, he could have issued a certificate as required by
section 90A(2) and without his actual presence, all the computer generated documents
would have been admitted in evidence as provided by section 90A(1). The presence of
Zainal in the court giving evidence however was far better than the certificate issued by him.
It would be unnecessary for Zainal to issue a certificate under section 90A(2) when first hand
evidence was given by him in person in court.
The decision of the Court of Appeal in Gnanasegaran a/l Perarajasingam v Public
Prosecutor sets the proposition of law that section 90A should be read as a whole for the
admissibility of documents produced by computers. It should not be read disjunctively. When
section 90A(2) applies, a certificate need only be tendered if an officer is not called to testify
that the statements were produced by a computer. Then the certificate becomes relevant to
establish that the document was produced by a computer in the course of its ordinary use. If
the bank officer who is called to court to give evidence testified that the statement of
accounts was a computer printout, then section 90A(6) would deem such documents as
produced by the computer in the course of its ordinary use. Section 90A(6) operates to
support the oral evidence. It is submitted that section 90A(6) cannot operate in isolation to
negate section 90A(2). Section 90A(6) has been constructed only as an alternative mode of
proof to the use of a certificate in the case of oral evidence being used. Section 90A(6) was
9. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
9
never intended to be read on its own. Therefore, Gnanasegaran a/l Perarajasingam was
proved guilty by using the digital bank accounts as evidence.
Case Study 3: Rape and Murder Case
(Hanafi bin Mat Hassan v Public Prosecutor)
In Hanafi bin Mat Hassan v Public Prosecutor, the accused (Hanafi bin Mat Hassan) was
charged in the High Court with rape and murder of a women age 24 and worked as
computer engineer on 7 October 2000. It was alleged that Hanafi bin Mat Hassan raped and
murdered the deceased while she was travelling in the bus driven by Hanafi bin Mat Hassan.
To prove that the deceased was in the bus, the prosecution presented the bus ticket as the
evidence but the learned counsel for Hanafi bin Mat Hassan submitted that the evidence
presented by the prosecution was inadmissible. This is because the bus ticket produced by
the a ticket machine which is digital record shall be inadmissible for the failure of the
prosecution to tender a certificate pursuant to section 90A(2) of the Evidence Act 1950 and
summary of the DNA profiling result of the semen found which is also a digital record was
also inadmissible for non-compliance with section 90A.
However, in deciding the case, the judge had dispensed with the need to tender in evidence
the certificate required by section 90A(2) as there was evidence to show that the ticket
machine was a computer and that the ticket was produced in the ordinary course of business
of the ticket machine. Therefore, the presumption in section 90A(6) was sufficient to
establish the latter element even in the absence of evidence from the witness to show that
the ticket was produced by the machine in the ordinary course. In this case, both of the
digital evidences submitted by the prosecution were accepted. The bus ticket and DNA
profiling result which were digital records proved that Hanafi bin Mat Hassan committed the
rape and murdered the victim.
Case Study 4: Rape and Murder Case
(Ahmad Najib v Public Prosecutor)
In Ahmad Najib v Public Prosecutor, the appellant was convicted of rape and murder in the
High Court. The significant issue in this case concerned the admissibility of documents
produced by a computer (digital record) pursuant to section 90A of the Evidence Act 1950. In
this case, the prosecutor submitted DNA profiling result as evidence to prove that the
accused was the rapist and the murderer. The content of the chemist report linked the
appellant to the crime of murder and rape of the deceased. Firstly, a pair of Jack Blue
Classic Jeans was found in the appellant’s room at his house in Kg. Kerinchi, Pantai Dalam,
Kuala Lumpur. It had blood stains and the DNA tests confirmed that it was the deceased’s
10. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
10
blood. Secondly, the DNA test of the vaginal swap from the deceased proved that it was the
appellant’s semen. Thirdly, blood stains on the back seat and driver’s seat of the car in
which the rape and murder took place was confirmed to be that of the deceased. Fourthly,
DNA test on strands of the hair found in the car, were also confirmed to be that of the
deceased. All the DNA profiling results were computer generated. The defense counsel
contended that the digital evidence submitted by the prosecution is inadmissible due to
failure of the prosecution to tender a certificate pursuant to section 90A(2) of the Evidence
Act 1950.
However, the court held that a certificate under section 90A(2) of the evidence Act is not the
only method to prove that a document was produced by a computer ‘in the course of its
ordinary use’ under section 90A(1). The fact that a document was produced by a computer
in the course of its ordinary use may be proved by the tendering in evidence of a certificate
under section 90A(2) or by way of oral evidence. Such oral evidence must consist not only of
a statement that the document was produced by a computer in the course of its ordinary use
but also of the matters presumed under section 90A(4)8
.
CONCLUSION
As a nutshell, digital records must be authentic to be used as evidence in Malaysia court of
law. If organizations that possess digital records management systems ensure that their
system complies with ISO 16175, there will be no issue in presenting needed digital records
in the court. Other than that, it is necessary to know that the law may be outdated and
reliance will be on the case law. The technology develops very fast but the law needs time
for review and updates. However, this does not mean there must be a new law in every new
technology. Traditional law can still be used but with some modifications and updates.
Technology can change the method of proving digital records as evidence. Therefore, the
laws should be able to cope with the technological changes. In future, there may be more
complicated cases and tracing the digital evidence will be more challenging. The fear is the
suspect can just escape from any liability due to inadequacy in the laws and lack of
technological advancement. Hence, setting up a precedent from cases is very important in
order to provide a good reference for future cases. In Malaysia practice, in order to accept
information processed by the computer software and the printout, strict compliance with
section 90A is required, which is either the adducing of a certificate or the giving of oral
evidence by the relevant authorized personnel. All records created digitally can be used as
8
11. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
11
evidence in court as shown by the court cases. From a records management perspective, all
records must follow the requirement in ISO 15489 and ISO 16175 to be used as irrefutable
evidence. Evidence Act 1950 (amendment 2012) should also takes ISO 15489 and ISO
16175 into consideration and perhaps future changes can be done accordingly. Since digital
records are vital to be used as evidence in legal court, therefore records should be
preserved well.
REFERENCES
Mohamed, D., Ramlee, Z. (2014). Cases of electronic evidence in Malaysian Courts: The
Civil and Syariah Perspective. ICSSR e-Journal of Social Science Research, 1 (2).
http://worldconferences.net
Meissonier, A., Banat-Berger, F. (2014, July 18). French legal framework of digital evidence.
Records Management Journal, 25 (1), 96-106. Retrieved from
www.emeraldinsight.com/0956-5698.htm
Mohamed, D. (2011). Computer evidence: Issues and challenges in the present and in the
present and in the future. Penang: International Legal Conference (ILL). Retrieved
May 21, 2015 from
http://irep.iium.edu.my/8122/2/full_paper_submitted_for_6th_UUM_ILC_2011_Dr_Du
ryana_Mohamed_29th_July_2011.pdf
Radhakrishna, G., Zan, M., & Khong, W. K. (2013). Computer evidence in Malaysia: Where
are we. Malaysian Law Journal, (3). http://ssrn.com/abstract=2208973
Allinson, C. (2001). Information systems audit trails in legal proceedings as evidence.
Computer & Security, 2 (5), 409-421.
http://www.sciencedirect.com/science/article/pii/S0167404801005132
Lucy L. Thomson. (2013). Mobile Devices, New Challenges for Admissibility of Electronic
Evidence. American Bar Association, 9(3), 1-5.
Cyber Security Malaysia. (2015). Digital Forensics. Retrieved June 1, 2015, from
http://www.cybersecurity.my/en/our_services/digital_forensics/main/detail/2326/index
.html
Department of Standards Malaysia. (2012). Information and documentation – Principles and
functional requirements for records in electronic office environments – Part 2:
Guidelines and functional requirements for digital records management systems (ISO
16175-2:2011, IDT). SIRIM Berhad.
12. Admissibility of Digital Records as Evidence in Malaysia Court of Law 2015
12
Department of Standards Malaysia. (2009). Information and documentation – Records
Management – Part 2: Guidelines (ISO/TR 154895-2:2001, IDT). SIRIM Berhad.