When can hacked email evidence be admitted at trial?
Insight
In a recent judgment on 12 March 2021, the English Court of Appeal has considered whether evidence obtained by the hacking of email accounts is admissible at trial (Ras Al Khaimah Investment Authority -v- Farhad Azima [2021] EWCA Civ 349).
The Court of Appeal concluded that the Judge was right to admit the hacked material in evidence at the trial, even in circumstances where the claimant may have been responsible for the hacking. However, this is not a green light to claimants to act unlawfully (committing criminal offences in the process) in obtaining evidence. The Court of Appeal emphasised the balancing act which must be applied when considering these questions.
Background
The Clamant (RAKIA) is the state investment entity of Ras Al Khaimah, one of the UAE emirates. Mr Azima had dealings with RAKIA. RAKIA brought proceedings against him for fraudulent misrepresentation and conspiracy in relation to a commission paid to Mr Azima by RAKIA of US$1.5m and a settlement agreement with him and his company under which RAKIA paid a further US$2.6m. Mr Azima was also accused of bribing a Dr Massaad, a former employee of RAKIA. Mr Azima denied all of the claims, asserting that they were politically motivated and part of a campaign to recover US$2bn from Dr Massaad.
For our purposes, the more interesting part of the claim was that Mr Azima alleged RAKIA had unlawfully hacked his email accounts and were relying at trial on confidential emails it had obtained in this way. Mr Azima said that the emails should be excluded from the evidence at trial and the claims against him should be struck out. Mr Azima also counterclaimed for breaches of the UK Data Protection Act 1998 (the relevant data protection legislation at the time), breach of statutory duty under the UK Computer Misuse Act 1990, breach of US Federal Law, breach of confidence, misuse of private information, invasion of privacy, and conspiracy to injure by unlawful means.
The trial judge held against Mr Azima in relation to the primary claims brought by RAKIA for fraudulent misrepresentation and conspiracy. The content of the confidential emails were critical to the findings made by the trial judge and it was not contested by RAKIA that they had been obtained through the hacking of Mr Azima's email accounts. The trial judge rejected RAKIA’s explanation that it had been alerted to the existence of the emails on an internet site where it said they had been placed by anonymous hackers, but also held that Mr Azima had not proved his allegation that RAKIA had been responsible for the hacking. Mr Azima’s counterclaim was therefore dismissed.
The appeal
The appeal by Mr Azima did not primarily focus on the findings made by the trial judge in relation to the allegations made against Mr Azima. Instead, Mr Azima sought to question the trial judge’s decision that RAKIA was not responsible for the hacking which, in turn he alleged, meant that RAKIA’s claim should have been struck out as an abuse of process and the counterclaim accepted. In doing so, Mr Azima sought to rely on fresh evidence and, if necessary, have the matter re-tried.
Should the hacked evidence be excluded?
The Court of Appeal focussed first on whether, if RAKIA was responsible for the hacking, the evidence obtained ought to have been excluded at trial or RAKIA’s claims struck out. The Court of Appeal proceeded on the assumption that RAKIA was responsible for the hacking and that its underlying claims would have failed without reliance on the hacked material.
The Court of Appeal said that, absent evidence obtained by torture, based on existing case law, the starting point in the English courts is that evidence is admissible in a civil trial if it is relevant to the matters in issue and that extends to evidence which has been stolen. However, a court still has a discretion to exclude evidence. How the court exercises that discretion has been the subject of earlier decisions (eg Jones -v- University of Warwick – the surreptitious filming of the claimant, showing that an injury was fictitious, was not excluded as the conduct in obtaining the film was not sufficiently outrageous when balanced against its importance at trial). Importantly, the Court of Appeal noted that, at trial, the hacked emails would have had to have been produced by Mr Azima anyway under an order for standard disclosure. And, in addition, the emails revealed fraud on the part of Mr Azima that weighed heavily in the balance in allowing them to be put in evidence.
Accordingly, the Court of Appeal decided that had Mr Azima applied for an order before trial requiring that the hacked emails be returned to him then it would not have succeeded. It followed that there was no reason to come to a different view at trial or thereafter on an appeal. The Court of Appeal agreed with the trial judge’s view that even if he had found that RAKIA had engaged in hacking, the court would still have admitted the evidence at trial, given that it was essential to proving the fraud by Mr Azima. To find otherwise, and to strike out the claim, would leave Mr Azima with the benefit of his fraud.
Re-trial of the counterclaim
Whilst the Court of Appeal therefore affirmed the findings of fraud against Mr Azima and they stand, the Court of Appeal accepted that Mr Azima could adduce fresh evidence relating to the hacking. Therefore, Mr Azima’s counterclaim, based on whether RAKIA was responsible for the hacking, was remitted to the High Court for a full re-hearing.
Conclusions
Some will find this decision surprising. It appears to condone unlawful activity by a claimant (assuming this is proved at the re-trial of the counterclaim against RAKIA) or find that a claimant can benefit from the criminality of others. However, the Court of Appeal pointed out that what weighed heavily in the balance was the centrality of the hacked material to a finding of fraud against the defendant, a fraud he would otherwise have continued to benefit from. In other cases, the balance could easily tip the other way. Also relevant was the finding that the material would have been required to be produced on disclosure in any event. However, this should not be taken as an endorsement of a self-help culture in relation to disclosure. Other cases, such as the Court of Appeal decision in Imerman -v- Tchenguiz [2010] EWCA Civ 908 (a case where the writer acted for the successful Claimant), have emphasised that a self-help approach to disclosure is not acceptable, particularly in advance of those disclosure obligations arising where there is no evidence that a party will not comply with them. RAKIA also now face a re-trial on the counterclaim which could have serious implications for them, including the possibility that criminal offences may have been committed in obtaining the hacked material in breach of the Computer Misuse Act. Therefore, please do not take this decision as a green light for hacking in furtherance of litigation claims. There remain very serious consequences for all concerned who are involved in such activity.
The full judgment can be viewed here.
If you require further information about anything covered in this briefing, please contact Ian De Freitas, or your usual contact at the firm on +44 (0)20 3375 7000.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, April 2021