Various recent court decisions show judges and parties wrestling—mostly successfully—with faked and misused electronic evidence
As far back as the Uniform Law Conference of Canada’s 1998 Uniform Electronic Evidence Act—which formed the basis for the provisions in the Canada Evidence Act and various provincial acts dealing with the admissibility of electronic data—courts have been concerned about the provenance of electronic data when it is led as evidence. Specifically, there has always been concern that due to the inherent manipulability of digital data, electronic evidence could be fabricated by dishonest litigating parties and used to undermine the truth-seeking function of the trial process. Anecdotally this is something that happens often but, in our experience, rulings about it seldom show up in reported decisions. However, very recent case law indicates that, where parties and judges are properly attuned to these kinds of problems, they can be prevented and exposed, and the dishonest parties will reap the consequences.
The trial judge in Lenihan v. Shankarwas adjudicating upon a hotly-contested custody, access and mobility dispute in a family law case, which (the judge held) featured remarkable amounts of subterfuge by the mother. Justice McGee decided in favour of the father, and provided written reasons for potential appellate review but that were also “to draw attention to the evidentiary challenges of spoofed communications and postings created to damage a parent’s credibility and tendered to gain litigation advantage.” Among the various evidentiary issues were arguments by the mother, both that emails and texts adduced in evidence by the father were fake, and that emails and other messages that the mother adduced in evidence were genuine.
Justice McGee first reviewed the provisions of the Ontario Evidence Act relating to the admissibility of “electronic records,” noting that s. 34.1(4) simply codified the “low threshold test at common law” for authentication at the admissibility stage, namely that the adducing party simply provide “some evidence” that the record is what it purports to be; final determination of authenticity is left for fact-finding. The primary focus at the admissibility stage, she held, is the integrity of the electronic record itself, which under s. 34.1(5.1) can established by “evidence of the integrity of the electronic records system by or in which the data was recorded or stored, or by evidence that reliable encryption techniques were used to support the integrity of the electronic record.” She noted that these provisions, intended to satisfy “best evidence” concerns,
…work to ensure that an electronic document accurately reflects the original information that was inputted or recorded on the device. With electronic documents, the focus shifts to the information contained in the document, rather than the document itself. The threshold for admissibility is low and at this stage, concerns are generally limited to the completeness and accuracy of the record.
Here, the father had adduced in evidence a series of text messages between the parties over a 5-month period, which he “had exported…from his phone into a printable format using an application called ‘GIIApps SMSShare 2’.” The mother argued that the texts were all fake and created to “make her look bad,” but the judge rejected this on a number of bases. The mother had refused to produce her own version of the text exchanges; the texts contained pictures that she had taken of herself which she claimed were downloaded from her Facebook page, but there was no evidence that these pictures were ever on her Facebook page; in an earlier Notice to Admit she had admitted to sending a number of the texts she now claimed were fake; and while she claimed that the phone number identified in the texts as hers was also falsified, it appeared as her number in her own Exhibit Brief. The mother also argued that some emails from her to the father which had been adduced had also been faked “to make her look bad,” but the judge noted that the mother only ever used the originating email account, and that despite her claims that someone (probably the father) had been accessing her account to send the emails, she had made no effort to “change the account, change her password or set up a new account, any one of which would be the natural next step were her email to have been “hacked” or used inappropriately.”
The mother also adduced a particular set of emails purportedly from the father, but Justice McGee held that these were fake on the basis that: the father testified that the sending email address was not his; the emails reflected the mother’s writing style and not the father’s, “inclusive of content, word choice and spelling”; the emails repeated false claims that had been earlier made by the mother and would have made no sense if attributed to the father; the emails indicated knowledge in the sender which the father would not have had at the relevant time; and the email had markers indicating they had been printed from the mother’s known account. Although they were not authentic, the judge admitted them as evidence of the mother’s “extensive efforts to damage [the father]’s character, particularly in the eyes of their daughter’s service providers and the Court.” Other emails were similarly held to be bogus, in one case due to their clearly having been “copied and then pasted into a Word or other word processing document.”
The mother also adduced in evidence communication logs from a co-parenting and custody app called “Our Family Wizard” which contained messages purportedly between the parties; however, the communications had numerous inconsistencies and ordering flaws, and the judge concluded that the mother had generated two accounts (one in the father’s name) and simply generated “messages that could be used as evidence.”
Having found for the father on all matters, McGee J. concluded the judgment with some “final thoughts” on the subject of electronic evidence:
247. As our court transitions to a fully digital platform, this trial was a stark reminder of the potential for the manipulation and misuse of electronic evidence.
248. The most common internet definition of a spoofed email is when the email address in the “From” field is not that of the sender. It is easy to spoof an email, and not always so easy to detect. For sophisticated senders – such as actors who are “phishing” for information of commercial value – the origins of a spoofed email may never be detected.
249. Spoofing originates from the idea of a hoax or a parody, and in the early days of the internet, it was a legitimate tool for managing communications so that a user believed that an email came from one source, when it actually came from another.
250. Spoofing first arose as a term in family law (more commonly referred to in the U.S.A. as divorce law) to describe cell phone users hiding their identity and/or location for nefarious purposes. As a result of advances in mobile apps, websites, forwarding services and other technologies, callers are now able to change how their voice sounds, to evade a blocked number or to pretend to be a person or institution with whom their target was familiar. Targets can be tricked into disclosing sensitive information, harassed, stalked and frightened.
251. Any electronic medium can be spoofed: texts, emails, postings to social media, and even messaging through a reputable software program specifically designed to provide secure communications between sparring parents.
252. What stood out in this case was the purpose of the spoofed communications. Instead of tricking or scaring the target, electronic communications were spoofed to deliberately damage the other parent’s credibility and to gain litigation advantage.
253. In R. v. C. B., the Ontario Court of Appeal foreshadowed the relevance of inauthentic electronic evidence. “[T]endered as bogus” is a critical catch that is not always apparent. A party’s lament that “it wasn’t me” may appear credible at one stage of the proceeding but may no longer be credible at a later stage. An email or text that on first reading appears authentic might later be found to be inauthentic when examined within the evidence as a whole.
254. Fake electronic evidence has the potential to open up a whole new battleground in high conflict family law litigation, and it poses specific challenges for Courts. Generally, email and social media protocols have no internal mechanism for authentication, and the low threshold in the Evidence Act that requires only some evidence: direct and/or circumstantial that the thing “is what it appears to be;” can make determinations highly contextual.
255. In a digital landscape, spoofing is the new “catch-me-if-you-can” game of credibility.
256. I urge lawyers, family service providers and institutions to be on guard, and to be part of a better way forward. Courts cannot do this work alone, and the work must be done well. High conflict litigation not only damages kids and diminishes parents; it weakens society as a whole, for generations to come.
In R. v. Aslami, the Ontario Court of Appeal reversed the appellant’s conviction on multiple charges related to the firebombing of a home. The crux of the Crown’s case at trial had been various messages sent via Facebook, SMS text and a texting app called “TextNow.” The Court of Appeal accepted the appellant’s argument that the trial judge had failed to take into account issues with the authenticity/integrity of the messages, and that these issues tended to support the defence theory that the complainant’s ex-wife and her new boyfriend had been attempting to frame the appellant for the firebombing. Each group of messages, the Court wrote, “has its own particular frailties.”
The SMS messages originated from a sender whom the ex-wife had identified in her own phone as the appellant, under the name “Sumal Jan” which she claimed was a name he was called by some in their home country. However, “[a] police detective gave evidence that there were several entries on the appellant’s ex-wife’s cellphone for the name ‘Sumal Jan’ that had different phone numbers associated to them.” The TextNow messages had been retrieved via screenshots of the ex-wife’s phone, but the timestamps had been uncertain, and the Crown had not led “any expert evidence regarding the functioning of the TextNow app, or its reliability, or any ability to manipulate the date, number, name of the sender, or any other details as to the operation of the app.” The trial judge had engaged in a speculative evaluation of this evidence, comparing spelling, phrasing and substantive content between the SMS texts and the TextNow messages, which had the effect of assuming that the appellant had sent them without there being reliable evidence to this effect. The Facebook messages had been exchanged between the ex-wife’s boyfriend and someone using the name “Trustnoone Mob,” and the only evidence linking the latter identity to the accused was the boyfriend’s testimony that he believed he was communicating with the accused.
In allowing the appeal, Nordheimer J.A. commented:
 As I said at the outset, trial judges need to be very careful in how they deal with electronic evidence of this type. There are entirely too many ways for an individual, who is of a mind to do so, to make electronic evidence appear to be something other than what it is. Trial judges need to be rigorous in their evaluation of such evidence, when it is presented, both in terms of its reliability and its probative value. The trial judge did not engage in that rigorous analysis in this case. In fairness, the trial judge was not assisted by the prosecution in this task. The prosecution ought to have called expert evidence to address the issues that the evidence posed, but they did not.
Another case of interest is R. v. H.S.S., where Judge Chen of the British Columbia Provincial Court presided over the prosecution of a young person for the alleged sexual assault of another young person (both were 16 years old at the time of the incident). The complainant alleged that during a school day, her friends were using her phone to exchange Instagram messages with the accused, and told her that the accused wished to meet with her in the school’s “handicapped bathroom to talk.” She went to the meeting, not reviewing any of the messages her friends had exchanged with the accused, and he assaulted her by touching her sexually. It transpired, she said, that her friends and her sister had been exchanging Instagram messages with the accused for several days; she selected the “relevant” ones to give to the police upon reporting the alleged assault, and deleted the rest.
In his defence the accused adduced all of the Instagram messages between himself and the complainant, which amounted to hundreds sent between the two over several days, and which disclosed that they had agreed to have a sexual encounter in the bathroom. He testified that she was a willing participant in the kissing and heavy petting that constituted the alleged assault. In cross-examination the complainant tried to explain away the many inconsistences in her evidence by saying that her sister and friends (none of whom were called as witnesses) must have been using her phone to communicate with the accused, but the judge found her explanations unconvincing in light of both her proven conduct, implausible explanations and the numerous credibility problems her various stories presented.
In the end Judge Chen held that “even the evidence of the Complainant leads to the inescapable conclusion that the Accused was indeed ‘set up’.” The judge ruled that the complainant and her sister had carried out a campaign of “cruel and callous” sexualized teasing of the accused, who was infatuated with the complainant, and that the Crown could not prove lack of consent to the activity in the bathroom. The accused was acquitted.