Friday, October 24, 2014

Discovery of encrypted documents

Today's Irish Times has a story arising out of the Quinn litigation against the state which raises important issues around access to encrypted documents:
The family of Seán Quinn is demanding access to three letters sent between former minister for finance Brian Lenihan and then chairman of Anglo Irish Bank Donal O’Connor as part its €2.34 billion claim against the state.  This correspondence relates to late January 2009 and early February 2009, just after the state took the decision to nationalise Anglo as it tottered on the brink of collapse. The family also wants efforts to be made to crack a password-protected email sent by the bank’s chief executive David Drumm to Matt Moran, a close lieutenant, in the midst of the financial crisis in April 2008, according to documents filed in relation to their legal battle...

Legal advisers to the liquidators of IBRC, who are now in charge of Anglo, are refusing to release about 168 documents which they claim are legally privileged, with the exception of the email from Mr Drumm to Mr Moran which they cannot access... [The Quinns] have asked the liquidators of IBRC to instruct IT experts to crack the encoded email or give it to the family so that they can try to do so.

I've already looked at the encrypted Anglo files from a criminal law perspective, considering when police can demand that files be decrypted or that individuals hand over passwords. This case presents parallel civil law issues - when can a party in litigation demand that potentially relevant files be decrypted as part of the discovery process, when the other party does not have the relevant passwords?

This will be the first time this is considered by the Irish courts. There doesn't appear to be any case law on the topic, and it's not explicitly addressed in the Rules of the Superior Courts. It's also not considered in the Law Reform Commission's (rather disappointing) 2009 Consultation Paper on Documentary and Electronic Evidence. The closest Irish material is the 2013 Good Practice Guide to Electronic Discovery in Ireland which suggests that parties making discovery should if necessary attempt to break the protection on encrypted or password protected files (PDF, p.23).

I look forward to seeing the decision on this point.

No comments:

Post a Comment