Home » Data Protection » Malware/Cybercrime

Electronic Evidence: You Can't Fool the Ref

Judges are getting more sophisticated in handling attempts to destroy electronic evidence

March 01, 2007 — CSO — If you want to tick off a judge, destroy evidence. Lawyers say this tactic comes up more often than ever because so much evidence is now electronic, and people think they can delete it or plead

ignorance over how technology works as a defense once the evidence is destroyed.

Be warned: Judges aren't buying it. In a ruling on Easton v. Warrior Lacrosse, Judge Donald A. Scheer wrote, "Destruction of evidence is prejudicial to an opposing party, and undermines the litigation process." In other words, Not in my house. A few other recent cases:

Anderson v. Crossroads Capital Partners, LLC In this sexual harassment case, after

a "protracted discovery battle" the plaintiff was compelled to give the defendant her computer without deleting anything. Specifically the defense was looking for an October 2001 document. But forensics discovered 1) data-wiping software called CyberScrub had been installed (see The Rise of Anti-Forensics for more about these types of tools) and 2) the hard drive had been manufactured in August 2002—indicating that the original drive with relevant documents on it had been swapped out. The plaintiff claimed she didn't destroy evidence with the wiping software, she used the software only to protect files. As for the new hard drive, she told the judge that in her view it was the same computer throughout the litigation despite the swap. The plaintiff's "exceedingly tedious and disingenuous claim of naïveté regarding her failure to produce the requested discovery...defies the bounds of reason," the judge noted. An adverse inference instruction was given to the jury, because the plaintiff "destroyed evidence and attempted to suppress the truth."

Kucala Enterprises Ltd. v. Auto Wax Co. In this complex patent infringement case, the plaintiff, Kucala, was found to have installed a program called Evidence Eliminator on two of his computers and run it on one of them the night before discovery was scheduled to take place. The forensics investigator discovered that 12,212 files had been deleted and overwritten that night and an additional 2,968 had been eliminated three days earlier. Kucala's attorney argued that there was no proof he deleted anything but personal files. The court wrote: "Any reasonable person can deduce, if not from the name of the product itself, then by reading the website, that Evidence Eliminator is a product used to circumvent discovery." The judge ruled the "specious" deletion of files "gross negligence." In summary: "Kucala has engaged in egregious conduct by his flagrant disregard of a court order requiring him to allow inspection of his computer and his utter lack of respect for the litigation process." The judge recommended dismissal and payment of court costs. However, the district judge allowed the case to continue but upheld the payment of court costs related to discovery, which were $93,125.74.