Are ICQ logs admissible in court?

Whether information derived from logs of electronic chats can be used in court--even if they may reveal possible illegal activity--is an unsettled legal question.

3 min read
Click here to Play

Protecting IM from probing eyes
Andre Durand, founder, Jabber.com
The posting of thousands of instant messages between a CEO and his executives has created a cottage industry for people looking for evidence of possible illegal activity. But whether information derived from the logs could be used in court is an unsettled legal question.

Hundreds of pages of ICQ instant messaging logs were posted on the Web and copied onto various sites last week. The logs, apparently snatched by a hacker from a computer used by Sam Jain, CEO of eFront, have prompted a personal nightmare and crippled his company.

Judging from the messages posted on various Web sites, hundreds of people have been scanning the files, looking for everything from gossip to evidence of nefarious activities.

The logs, which include discussions regarding business partners, employees and affiliated Web sites, could lead to possible legal troubles.

Jain says the logs are legitimate but have been "doctored." Several sources whose correspondence or confidential information was included in the logs have confirmed their general authenticity with CNET News.com.

While embarrassing to the company, legal sources said any evidence culled from such logs may not be admissible in court.

Matt Yarbrough, a former U.S. attorney and current head of the cyberlaw group at Fish & Richardson, said that although breaking into a computer violates federal laws against hacking, that doesn't necessarily mean the chats are inadmissible.

"It's always up to the judge," he said. "Ultimately, the judge can let anything he wants into evidence, and illegally obtained information can still be legally admitted."

see story: ICQ logs spark corporate nightmare Yarbrough said the information contained in the logs would have to go to the heart of the case to pass muster with a judge. It would also have to be authenticated, to make sure that the messages were actually typed by eFront's founder.

In the end, Yarbrough said, both parties may face punishment--the alleged hacker for breaking into the computer, and the company if it is determined that it practiced illegal activities. "This is a perfect case of two wrongs don't make a right," he said. "There may be liability on both sides."

Yarbrough said that during his years as a prosecutor he was surprised at how many people incriminate themselves by typing damaging messages they would never write with a pen and paper.

"It's just amazing what people will put in writing when a computer is involved," Yarbrough said.

Jennifer Granick, a defense attorney and clinical director of Stanford's Center for the Internet and Society, said that unless the hacker is acting on behalf of the government, or is already involved in a suit against the company, the chat logs would probably be admissible.

"They'll be able to use it, and they won't be stopped by the fact that the person obtained it illegally," she said.

Most often, electronic messages are entered into evidence after being legally obtained through subpoenas and other means, as Microsoft found out when presented with inflammatory internal e-mails during its antitrust trial. Granick said cases involving illegally obtained electronic messages are rarer.

"It's pretty unusual," she said. "I haven't heard of disgruntled employees breaking into computers to get evidence. It appears this guy knew what he was looking for."

The eFront case could also heighten demand for more secure messaging products.

"The industry is still in its infancy, and as a result, security has not gotten a lot of attention to date," said Andre Durand, founder of Jabber.com, which is backing an open-source IM development project. "I don't think that has to do with the inherent limits within IM or the architecture of IM, but it has a lot to do with the lack of demand. Security will only become required when people realize that IM isn't a toy."

Durand said that the security requirements are the same for instant messaging and e-mail. Scrambling messages with encryption technology is the best method for blocking eavesdroppers during a live chat and for protecting open files stored on a hard drive, he said.

Even for e-mail, however, where such security features do exist, adoption has been relatively low. As a result, Durand warned, self-censorship has become the de facto security standard for digital communication.

"With e-mail, savvy people have generally gotten more cautious in terms of what they are willing to put in writing," Durand said. "But with IM, people aren't taking the same precautions because the conversations seem so ephemeral. There is still a lot of education that needs to take place."