Select Committee on Science and Technology Fifth Report


  3.1     We decided that our study should be centred on photographic-like images and was bounded on one side by documents and on the other by closed circuit television (CCTV) and video. We have discussed the background to current law in Chapter 2. In this chapter we examine some of the issues which go towards proving the accuracy of an image and assessing its weight. We look also at some suggestions for establishing requirements for the use of images in court, any need to provide information or warnings to those who use them, and we make recommendations.

Proving the accuracy and assessing the weight of evidence

  3.2     Authentication is the process of convincing the court that a document (which would include a digital image) is what it purports to be: of proving the origin of the image and that it has not subsequently been altered (or, where alteration has occurred, proving the nature of the alteration). Even though an image has been authenticated, however, the court will still need to determine its weight as evidence, its probative value. This depends both on the degree of authentication and the extent to which the image provides evidence of the fact in question. For example:

An image which appeared to show the defendant in the act of committing a crime, but for which there was no explanation as to its origin or other authentication, would have a very low probative value[15]. Conversely, an identical image originating from a police CCTV camera for which a detailed audit trail could be produced would have a much higher probative value. The greater degree of authentication of the second image increases its weight as evidence.

However, if the image were so blurred as to be unrecognisable, or if the court were not convinced that any enhancement processes which purported to reveal the identity of the defendant were reliable, it would give little or no weight to the image as evidence, irrespective of how well it was authenticated. A factor which would clearly increase an image's weight as evidence is compliance with relevant standards, such as the BSI standard for image storage in computer memory of the "Write Once Read Many Times" (WORM) type[16] (See Box 4).

  3.3     The fact that a document is a copy may reduce its weight as evidence, unless there is sufficient authentication evidence to convince the court that it is an accurate copy. This authentication evidence would normally be in the form of an audit trail connecting the original image with the computer record which is to be adduced in evidence and recording what has occurred to that record in the interim (eg Mr Sommer, Q 115). As with paper records, the necessary degree of authentication may be proved through oral and circumstantial evidence, if available, or via technological features of the system or the record (see Box 4). Oral evidence will concentrate largely on the management and operational procedures applied to the computer record. Ideally these should be assessed by the lawyer in advance to ensure that a satisfactory audit trail can be produced. Circumstantial evidence will cover a wide variety of matters, including the record's consistency with other documents which make up a linked transaction. Technical evidence might come from system logs, particularly if they are designed specifically with this end in mind, or through embedded features of the record itself such as watermarks and digital signatures; although these are only of any real use for authentication if the encryption key is outside the control of the person adducing the evidence[17].

Box 4: Image authentication
The digital processing of images, the potential for image modification and the problem of defining what is an original make it difficult to establish with ease that an image is authentic. This is a critical step if an image is to be used as evidence. There are two elements to establish authenticity: to have an 'audit trail' which records everything that happens to the image from capture to its presentation in court; and/or to have a technological solution which brands or 'watermarks' the image at the time of capture and can subsequently show it is authentic.
Audit trail
Audit trail methodology is already used with other forms of evidence to ensure that it has been treated fairly, that any processing it has undergone (eg in a forensic laboratory) is well documented, that its location is always known and that all those who have had contact with it have the necessary authorisation. This is all common sense and similar controls would be expected for digital images. If an image is generated by a system dedicated to the enforcement of law then it is possible to start the audit trail at the moment of image capture, but if an image is from elsewhere, for example a photograph from a member of the public or even a CCTV video from a private surveillance system operator, then the audit trail may only start once the image is presented (or seized) by which time it may have already been modified. The courts deal with such problems with all evidence, but the ease with which digital images can be modified, the availability of the technology and the skills to do this, and the low awareness of the potential problem, should raise extra concerns.
WORM memory
Most CCTV systems and enforcement cameras make a recording onto video tape in either real time or a limited number of frames per second basis. The video recorders and tapes can be kept in physically secured areas with limited access to reduce the possibility of tampering. Further security can be achieved if a second recording is also made onto a WORM ('write once read many times') memory device at the same time. A WORM memory is something to which computer data can be written only once. An indelible recording is made which cannot be overwritten with other data. The data can, however, be read as many times as wished. The most easily recognisable WORM memory is a CD or CD ROM: a plastic disc coated in reflective material into which pits have been etched physically. The laser in a CD player will read the information stored in this etching, but cannot change or delete the etchings.
Recording on to a WORM will provide an image for comparative purposes which cannot be altered. However, the expense of such systems, the extra storage capacity required, the non-reusable nature of the WORM storage media, and the need to ensure that only certain people get access to the secure copy (eg the police when an investigation is started) means that such systems are probably inappropriate for wider use.
In itself, a recording on a WORM is also no guarantee that an image is free of modifications: the data could be copied to a computer, altered, and then copied back to a second identical device leaving no evidence of impropriety unless there was some other way of distinguishing the first WORM from the second.

  3.4     A number of cases where the authentication of computer records was at issue have come before the courts, and where there has been no suggestion that the records might have been altered deliberately or accidentally, the authentication requirements have been met by evidence from those responsible for operating the computer system in question[18]. In R v. Spiby[19] the English Court of Appeal was prepared to presume that a computer was recording evidence accurately when its operator (a hotel manager) testified that he was unaware of any problems in operation, in the absence of any evidence from the defendant that there was any question of malfunction, and in R v. Shepherd[20] a store manager's testimony was held by the House of Lords to be sufficient for the same reasons.

  3.5     This evidence will not be necessary in civil proceedings if the authenticity of the image is admitted during discovery under Rules of the Supreme Court, Order 27 rule 4(1) which provides that where lists of documents are exchanged a document which is asserted on the list to be a copy is presumed to be a true copy unless its authenticity is specifically disputed by the other party. If the document is disputed, however, oral evidence as to authenticity will be required.

  3.6     Of considerable interest to us was that no defence teams in the United Kingdom had, as yet, ever requested an audit trail be produced in any case where video images were being used by the prosecution (eg Liberty Q 4). This may change as defendants and their lawyers become more familiar with the technology.

Some implications for handling digital images

  3.7     Modern offices employ sophisticated data processing technology for document handling. If a form is sent off to a building society, bank or insurance company, it may be imaged and thereafter handled by networked computers. This is done for reasons of business efficiency (eg to speed up processing and to reduce the need for file storage space in the office). Any document can be available instantaneously throughout the organisation and it does not get lost (eg Abbey National system Q 320). When text is examined, be it on hammered vellum or a computer screen, certain fundamentals have to be in place. Put simply, it has to be verified that it is what it purports to be. Traditionally, verification has been through the use of an authenticating mark or signature. In the digital age, something rather more complex is often required: for documents this can be a digital signature which incorporates encryption, making the signature unique to the specific document and its originator; and for other images an electronic watermark may be used (various authenticating technologies are discussed in Box 4).

  3.8     Some witnesses, including the Association of Chief Police Officers in Scotland (p 154) and the Crown Prosecution Service (p 165) were in favour of images incorporating some form of watermark or other authentication (added at the time of image capture) to increase their utility in

Watermarks provide an extra level of security to an image in addition to an audit trail if they are added at source as the image is being captured by the camera. With a conventional image the watermark (eg an identifying code or logo) would need to be visible in the scene and may thus obscure other vital information. In a digital image it is possible to hide the watermark within the image data with a form of encryption: although the watermark can be present in all parts of theimage (down to pixel scale), the image looks normal and the watermark can be viewed only with the appropriate decryption key. It would also be possible to encrypt the whole image so that it is meaningless to anyone viewing it without the appropriate equipment and decryption key.
Two types of invisible watermark are envisaged and are being developed by companies including CRL IBM, NEC and others (see IBM evidence for detailed description of watermarking technology). The first (a permanent watermark or 'tattoo') will help copyright owners monitor the use of their material. The watermark is hidden within the image and will remain with the image (or image segment) if it is copied, modified or otherwise processed (ie the watermark is almost impossible to destroy or remove from the image no matter what is done to it). For evidential use this would allow copyrighted materials to be identified, and it might also be useful for identifying the source of images which have undergone significant modification. The second type of watermark is the fragile watermark which is destroyed by any processing or modification attempt other than just viewing the image. This could have significant potential for authenticating images used in evidence: an image which should have a watermark but does not, or has a damaged one, would have low evidential value without other corroboration.
The main limitation of all watermarks is that ideally they should be applied by the camera and thus the camera manufacturers have to install software which will do this. Only if watermarking becomes the norm for cameras where images might be used for evidential purposes, or if there is overwhelming demand from customers, are manufacturers likely to adopt such technology. There are also problems with the export/import and use of certain levels of encryption technology which might be used to generate watermarks.
Digital signature
Digital signatures can be used for authenticating messages and documents sent electronically and, equally, could be adapted for authenticating images. The American Bar Association (Digital Signature Guidelines: describes digital signatures as using public key cryptography and a 'hash function' derived from the message itself. The hash function is an algorithm created from enough of the message data to ensure that it could only be created from those data. The message and the hash function are then encrypted with the sender's private encryption key to make a digital signature which is unique. The receiver decodes the message with a related version of the encryption key previously given to the intended recipient by the sender (or held by a trusted third party). The message is verified by computing the hash function again and comparing it with the original.

evidence. However many other witnesses (eg the Home Office and Forensic Science Service (p 128), Mr Castell (p 160), Justice (p 3) and the Chartered Institute of Arbitrators (p 156) held the view that all such technologies were fallible and were thus of limited use. Even if complex watermarking or high levels of encryption are used then, eventually, someone may crack the code and either remove a digital signature or re-instate a fragile watermark after making modifications to the image. Authenticating technologies must therefore keep ahead of possible abusers in order for them to remain of value.

  3.9     The costs both in the initial capital for the equipment and running costs of these modern office systems are substantial. We heard from witnesses (eg Abbey National QQ 321-325) of unease over the acceptability of digital technology in the courts, their concern that a large and growing data processing investment may be at risk from litigation and that large legal costs might be incurred before the matter was resolved. There was also an inability to take full advantage of the technology by, for example, destroying original paper copies[21] until doubts were resolved; for example Abbey National said it had "no experience of using digitised images as evidence in any court of law and will not be content to rely on them until their legal status has been confirmed" (Abbey National p 109). We therefore looked further at the difficulties, real and imagined, over the use of digital images in court.

15   And it would probably not be admitted as evidence under the rule in R v. Robson & Harris (1972) 1 WLR 651. Back

16   The British Standards Institution Code of Practice for the Legal Admissibility of Information on Electronic Document Management Systems (DISC PD 0008, February 1996) sets out procedures and documentation required for the audit of systems producing documents or other images that may be used as evidence in a court of law. The Standard focuses on procedures rather than technology and thus continues to be relevant. It does, however, specify optical storage (CD ROM) as the standard WORM device for storing data as this was the only technology available at the time (BSI QQ 206-207, and ST/97/DI/38). The BSI told us that this would be updated and that a new code was being written to cover authentication (Q 211).  Back

17   However, encryption for security reasons might also have an authentication function if it could be used to show that the number of persons with power to alter the record was limited, and that those persons had no motive or opportunity for alteration. These points are, of course, only relevant if the image's status as an authentic copy of the original is questioned. Back

18   Authenticity will be presumed if:

(a) the user can produce a human witness to testify that the system was operating properly at the relevant time; and

(b) the other party to the litigation is unable to adduce evidence to counter this presumption.

Because the image will necessarily be a copy there is thus a need to prove that each is an authentic copy of the image that was first captured. The obvious way of so doing is to give oral evidence about the procedures for storing documents and the controls which are in place as part of the system. Failure to give such evidence in relation to a copy will render the copy inadmissible under English law. Kajala v Noble (1982) 75 Cr App Rep 149. Back

19   R v. Spiby (1990) 91 Cr. App. R 186. Back

20   R v. Shepherd (1993) 1 All ER 225. Back

21   There may be a significant cost saving in storing electronically rather than on paper: a 70 per cent reduction in cost was suggested to us (BSI, Q 219). However one must also be aware of the need to store not only the data, but also the machines capable of reading and interpreting that data.  Back

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries

© Parliamentary copyright 1998