CHAPTER 3 DIGITAL IMAGES |
3.1 We decided that
our study should be centred on photographic-like images and was
bounded on one side by documents and on the other by closed circuit
television (CCTV) and video. We have discussed the background
to current law in Chapter 2. In this chapter we examine some of
the issues which go towards proving the accuracy of an image and
assessing its weight. We look also at some suggestions for establishing
requirements for the use of images in court, any need to provide
information or warnings to those who use them, and we make recommendations.
Proving the accuracy
and assessing the weight of evidence
is the process of convincing the court that a document (which
would include a digital image) is what it purports to be: of proving
the origin of the image and that it has not subsequently been
altered (or, where alteration has occurred, proving the nature
of the alteration). Even though an image has been authenticated,
however, the court will still need to determine its weight as
evidence, its probative value. This depends both on the degree
of authentication and the extent to which the image provides evidence
of the fact in question. For example:
An image which appeared to show the
defendant in the act of committing a crime, but for which there
was no explanation as to its origin or other authentication, would
have a very low probative value.
Conversely, an identical image originating from a police CCTV
camera for which a detailed audit trail could be produced would
have a much higher probative value. The greater degree of authentication
of the second image increases its weight as evidence.
However, if the image were so blurred
as to be unrecognisable, or if the court were not convinced that
any enhancement processes which purported to reveal the identity
of the defendant were reliable, it would give little or no weight
to the image as evidence, irrespective of how well it was authenticated.
A factor which would clearly increase an image's weight as evidence
is compliance with relevant standards, such as the BSI standard
for image storage in computer memory of the "Write Once Read
Many Times" (WORM) type
(See Box 4).
3.3 The fact that a
document is a copy may reduce its weight as evidence, unless there
is sufficient authentication evidence to convince the court that
it is an accurate copy. This authentication evidence would normally
be in the form of an audit trail connecting the original image
with the computer record which is to be adduced in evidence and
recording what has occurred to that record in the interim (eg
Mr Sommer, Q 115). As with paper records, the necessary degree
of authentication may be proved through oral and circumstantial
evidence, if available, or via technological features of the system
or the record (see Box 4). Oral evidence will concentrate largely
on the management and operational procedures applied to the computer
record. Ideally these should be assessed by the lawyer in advance
to ensure that a satisfactory audit trail can be produced. Circumstantial
evidence will cover a wide variety of matters, including the record's
consistency with other documents which make up a linked transaction.
Technical evidence might come from system logs, particularly if
they are designed specifically with this end in mind, or through
embedded features of the record itself such as watermarks and
digital signatures; although these are only of any real use for
authentication if the encryption key is outside the control of
the person adducing the evidence.
|Box 4: Image authentication
|The digital processing of images, the potential for image modification and the problem of defining what is an original make it difficult to establish with ease that an image is authentic. This is a critical step if an image is to be used as evidence. There are two elements to establish authenticity: to have an 'audit trail' which records everything that happens to the image from capture to its presentation in court; and/or to have a technological solution which brands or 'watermarks' the image at the time of capture and can subsequently show it is authentic.
|Audit trail methodology is already used with other forms of evidence to ensure that it has been treated fairly, that any processing it has undergone (eg in a forensic laboratory) is well documented, that its location is always known and that all those who have had contact with it have the necessary authorisation. This is all common sense and similar controls would be expected for digital images. If an image is generated by a system dedicated to the enforcement of law then it is possible to start the audit trail at the moment of image capture, but if an image is from elsewhere, for example a photograph from a member of the public or even a CCTV video from a private surveillance system operator, then the audit trail may only start once the image is presented (or seized) by which time it may have already been modified. The courts deal with such problems with all evidence, but the ease with which digital images can be modified, the availability of the technology and the skills to do this, and the low awareness of the potential problem, should raise extra concerns.
|Most CCTV systems and enforcement cameras make a recording onto video tape in either real time or a limited number of frames per second basis. The video recorders and tapes can be kept in physically secured areas with limited access to reduce the possibility of tampering. Further security can be achieved if a second recording is also made onto a WORM ('write once read many times') memory device at the same time. A WORM memory is something to which computer data can be written only once. An indelible recording is made which cannot be overwritten with other data. The data can, however, be read as many times as wished. The most easily recognisable WORM memory is a CD or CD ROM: a plastic disc coated in reflective material into which pits have been etched physically. The laser in a CD player will read the information stored in this etching, but cannot change or delete the etchings.
|Recording on to a WORM will provide an image for comparative purposes which cannot be altered. However, the expense of such systems, the extra storage capacity required, the non-reusable nature of the WORM storage media, and the need to ensure that only certain people get access to the secure copy (eg the police when an investigation is started) means that such systems are probably inappropriate for wider use.
|In itself, a recording on a WORM is also no guarantee that an image is free of modifications: the data could be copied to a computer, altered, and then copied back to a second identical device leaving no evidence of impropriety unless there was some other way of distinguishing the first WORM from the second.
3.4 A number of cases
where the authentication of computer records was at issue have
come before the courts, and where there has been no suggestion
that the records might have been altered deliberately or accidentally,
the authentication requirements have been met by evidence from
those responsible for operating the computer system in question.
In R v. Spiby
the English Court of Appeal was prepared to presume that a computer
was recording evidence accurately when its operator (a hotel manager)
testified that he was unaware of any problems in operation, in
the absence of any evidence from the defendant that there was
any question of malfunction, and in R v. Shepherd
a store manager's testimony was held by the House of Lords to
be sufficient for the same reasons.
3.5 This evidence will
not be necessary in civil proceedings if the authenticity of the
image is admitted during discovery under Rules of the Supreme
Court, Order 27 rule 4(1) which provides that where lists of documents
are exchanged a document which is asserted on the list to be a
copy is presumed to be a true copy unless its authenticity is
specifically disputed by the other party. If the document is disputed,
however, oral evidence as to authenticity will be required.
3.6 Of considerable
interest to us was that no defence teams in the United Kingdom
had, as yet, ever requested an audit trail be produced in any
case where video images were being used by the prosecution (eg
Liberty Q 4). This may change as defendants and their lawyers
become more familiar with the technology.
for handling digital images
3.7 Modern offices
employ sophisticated data processing technology for document handling.
If a form is sent off to a building society, bank or insurance
company, it may be imaged and thereafter handled by networked
computers. This is done for reasons of business efficiency (eg
to speed up processing and to reduce the need for file storage
space in the office). Any document can be available instantaneously
throughout the organisation and it does not get lost (eg Abbey
National system Q 320). When text is examined, be it on hammered
vellum or a computer screen, certain fundamentals have to be in
place. Put simply, it has to be verified that it is what it purports
to be. Traditionally, verification has been through the use of
an authenticating mark or signature. In the digital age, something
rather more complex is often required: for documents this can
be a digital signature which incorporates encryption, making the
signature unique to the specific document and its originator;
and for other images an electronic watermark may be used (various
authenticating technologies are discussed in Box 4).
3.8 Some witnesses,
including the Association of Chief Police Officers in Scotland
(p 154) and the Crown Prosecution Service (p 165) were
in favour of images incorporating some form of watermark or other
authentication (added at the time of image capture) to increase
their utility in
|Watermarks provide an extra level of security to an image in addition to an audit trail if they are added at source as the image is being captured by the camera. With a conventional image the watermark (eg an identifying code or logo) would need to be visible in the scene and may thus obscure other vital information. In a digital image it is possible to hide the watermark within the image data with a form of encryption: although the watermark can be present in all parts of theimage (down to pixel scale), the image looks normal and the watermark can be viewed only with the appropriate decryption key. It would also be possible to encrypt the whole image so that it is meaningless to anyone viewing it without the appropriate equipment and decryption key.
|Two types of invisible watermark are envisaged and are being developed by companies including CRL IBM, NEC and others (see IBM evidence for detailed description of watermarking technology). The first (a permanent watermark or 'tattoo') will help copyright owners monitor the use of their material. The watermark is hidden within the image and will remain with the image (or image segment) if it is copied, modified or otherwise processed (ie the watermark is almost impossible to destroy or remove from the image no matter what is done to it). For evidential use this would allow copyrighted materials to be identified, and it might also be useful for identifying the source of images which have undergone significant modification. The second type of watermark is the fragile watermark which is destroyed by any processing or modification attempt other than just viewing the image. This could have significant potential for authenticating images used in evidence: an image which should have a watermark but does not, or has a damaged one, would have low evidential value without other corroboration.
|The main limitation of all watermarks is that ideally they should be applied by the camera and thus the camera manufacturers have to install software which will do this. Only if watermarking becomes the norm for cameras where images might be used for evidential purposes, or if there is overwhelming demand from customers, are manufacturers likely to adopt such technology. There are also problems with the export/import and use of certain levels of encryption technology which might be used to generate watermarks.
|Digital signatures can be used for authenticating messages and documents sent electronically and, equally, could be adapted for authenticating images. The American Bar Association (Digital Signature Guidelines: http://www.abanet.org/scitech/ec/isc) describes digital signatures as using public key cryptography and a 'hash function' derived from the message itself. The hash function is an algorithm created from enough of the message data to ensure that it could only be created from those data. The message and the hash function are then encrypted with the sender's private encryption key to make a digital signature which is unique. The receiver decodes the message with a related version of the encryption key previously given to the intended recipient by the sender (or held by a trusted third party). The message is verified by computing the hash function again and comparing it with the original.
evidence. However many other witnesses
(eg the Home Office and Forensic Science Service (p 128),
Mr Castell (p 160), Justice (p 3) and the Chartered
Institute of Arbitrators (p 156) held the view that all such
technologies were fallible and were thus of limited use. Even
if complex watermarking or high levels of encryption are used
then, eventually, someone may crack the code and either remove
a digital signature or re-instate a fragile watermark after making
modifications to the image. Authenticating technologies must therefore
keep ahead of possible abusers in order for them to remain of
3.9 The costs both
in the initial capital for the equipment and running costs of
these modern office systems are substantial. We heard from witnesses
(eg Abbey National QQ 321-325) of unease over the acceptability
of digital technology in the courts, their concern that a large
and growing data processing investment may be at risk from litigation
and that large legal costs might be incurred before the matter
was resolved. There was also an inability to take full advantage
of the technology by, for example, destroying original paper copies
until doubts were resolved; for example Abbey National said it
had "no experience of using digitised images as evidence
in any court of law and will not be content to rely on them until
their legal status has been confirmed" (Abbey National p 109).
We therefore looked further at the difficulties, real and imagined,
over the use of digital images in court.
15 And it would probably not be admitted as evidence
under the rule in R v. Robson & Harris (1972) 1 WLR
The British Standards Institution Code of Practice for the Legal
Admissibility of Information on Electronic Document Management
Systems (DISC PD 0008, February 1996) sets out procedures and
documentation required for the audit of systems producing documents
or other images that may be used as evidence in a court of law.
The Standard focuses on procedures rather than technology and
thus continues to be relevant. It does, however, specify optical
storage (CD ROM) as the standard WORM device for storing data
as this was the only technology available at the time (BSI QQ
206-207, and ST/97/DI/38). The BSI told us that this would be
updated and that a new code was being written to cover authentication
(Q 211). Back
However, encryption for security reasons might also have an authentication
function if it could be used to show that the number of persons
with power to alter the record was limited, and that those persons
had no motive or opportunity for alteration. These points are,
of course, only relevant if the image's status as an authentic
copy of the original is questioned. Back
will be presumed if:
(a) the user can produce a human witness
to testify that the system was operating properly at the relevant
(b) the other party to the litigation is
unable to adduce evidence to counter this presumption.
Because the image will necessarily be a copy
there is thus a need to prove that each is an authentic copy of
the image that was first captured. The obvious way of so doing
is to give oral evidence about the procedures for storing documents
and the controls which are in place as part of the system. Failure
to give such evidence in relation to a copy will render the
copy inadmissible under English law. Kajala v Noble (1982)
75 Cr App Rep 149. Back
R v. Spiby (1990) 91 Cr. App. R
R v. Shepherd (1993) 1 All ER 225. Back
may be a significant cost saving in storing electronically rather
than on paper: a 70 per cent reduction in cost was suggested to
us (BSI, Q 219). However one must also be aware of the need to
store not only the data, but also the machines capable of reading
and interpreting that data. Back