Does eEvidence have legal support?

Posted on August 25, 2014 • 5 min read • 986 words

My biggest concern, when using your service to certify my emails, is to ensure that the service and the evidence you build are both recognized by third parties. Is eEvidence backed by regulatory frameworks?

eEvidence acts as a third party to provide electronic evidence of any email communication, based on electronic signatures. Most countries around the world now regulate and acknowledge the use of electronic signatures.

European Union

eEvidence is an electronic registered delivery service in compliance with the Regulation (EU) No 910/2014 on electronic identification and trust services ("eIDAS").

In July 1st, 2016, the Regulation (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services ("eIDAS") came into force. Amongst its goals, to set a common regulatory framework in the definition and identification of trusted services for electronic transactions. Under the Regulation, eEvidence is defined as an "electronic registered delivery service":

«a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations.» (Article 3.36).

to add that:

«Data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic registered delivery service.» (Article 43.1).

Under the eIDAS Regulation, eEvidence is regarded as a trust service whose goal is to provide electronic evidences of the contents and delivery of email messages. To achieve this, we validate the sender's address ownership and we use electronic signatures and qualified time stamps to guarantee the integrity of the evidence receipt.

United States of America

The United States has two laws that regulate the legal admission of electronic signatures:

  • Uniform Electronic Transactions Act ("UETA") released by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 1999.
  • Electronic Signatures in Global and National Commerce Act ("ESIGN", 2000).

These two frameworks give electronic signatures the same validity and legal effects as to traditional mediums such as paper contracts with handwritten signatures.

Rest of the World

There are different organizations that have set up guidelines to the international use of electronic signatures, including the OCDE, the United Nations Commission on International Trade Law (UNCITRAL) and the International Chamber of Commerce (ICC).

In line with how this has been approached in the European Union and in the United States, Argentina, Australia, Canada, Chile, China, Colombia, Costa Rica, Dominican Republic, Ecuador, Guatemala, Honduras, Hong Kong, India, Japan, Mexico, Nicaragua, New Zeeland, Paraguay, Peru, Philippines, Russia, Singapore, South Africa, South Korea, Switzerland, Turkey, United Arab Emirates, Uruguay and Venezuela fully validate electronic signatures or acknowledge its use.

What makes an electronic evidence?

According to the Wikipedia:

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required. (Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition).

Applied to the eEvidence email evidence:

  • Is it relevant? The relevance of an email as evidence will be determined by the court, prior we even enter the scene. It the email is considered relevant, our evidence will then become strong proof of its contents and delivery.
  • Is it authentic? We take the necessary measures to confirm our users identity and their right to use their registered email address. Based on this, any email we receive from them is undoubtedly authentic.
  • Is it hearsay? Again, it is not for us to say. An email may be a key element of a court case, or an irrelevant piece of information. If it is considered not hearsay, but true, it will then be our turn.
  • Is there an original required? The PDF evidence we provide doesn't only contain a full copy of the original email, as an attachment to the PDF, but also the date in which the PDF was created, by the means of a digital timestamp. Besides dating the PDF evidence and its contents, including the original email attached to the PDF, the timestamp also grants that the PDF and its contents haven't changed since: no other copy of the original email can be more reliable than the one we provide.

What does questioning eEvidence imply

You will find it hard to obtain any other electronic evidence for your emails and files, simpler, stronger and altogether more convincing than an eEvid.

  • Questioning the curent legal framework. eEvidence is an electronic registered delivery service under the eIDAS Regulation, which rules that data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form.
  • Questioning the way we deal with emails. If we were to request our users to send their emails from a proprietary platform of our own, that could possible raise some questions. However, this is not the case. We deal with your emails in the same way that any other email provider would.
  • Questioning the registration process itself. Would anyone question the standards currently being used by banks to secure customer data, digital time-stamps issued by a worldwide recognized Time Stamp Authority or public cryptographic hash functions used globally and that nobody has yet been able to crack?
  • Questioning our role. In addition to being acknowledged as a trusted service provider, we are an independent company, with no interest whatsoever in what you are asking us to register. All we do is provide a technical service.

The eEvidence method is the result of seamlessly combining several technology standards in force worldwide: Internet communication protocols, digital signature schemes and cryptography hash functions, all assembled together. None one can question the method without questioning the standards in which it is based.