Divorce Research Center Search
SearchManage AccountSign Off

© 2001 National Legal Research Group, Inc.


Now that vast collections of information are stored electronically, and often nowhere else, it's important to think about the discovery and use of electronic evidence in our cases. We can apply the journalist's standard Five Ws to this task: Who, What, When, Where and Why.


Who has or may have the electronic information? The spouse is the obvious first candidate, but there may also be important information with these sources:
The first task is to think about where the useful data might live. I recently saw a request to get records from E-Bay, the online auction house, because a spouse did a large volume of transactions there. For online sites, you will likely run up against privacy policies that prohibit release of the information and you will probably need either a release or a court order to obtain the information.


Almost everything now lives on a computer file. So the search comes down to what kind of files do we want? Here are some examples:

The when question entails what time period do you look at and when do you attempt to get the information. With cheap, massive hard drives the rule, most computers hold an incomprehensible amount of data. In addition to focusing on what type of files you want to look for, it makes sense to set out a reasonable and limited time period. Otherwise, you may quickly find yourself drowning in a sea of irrelevant and outdated data. Since the computer operating system conveniently date stamps each file every time it is modified, it's easy to sort and select files by date.

In a case involving an alleged illegal work slowdown, Northwest Airlines got a judge to give them access to the home computers of some union members. The plan was for review by a third party to extract any relevant information. It turned out that the job was impossible to do in a reasonable period of time due to the sheer volume of data. It's important to think about how to pare things down to manageable bites or else get swept away in the flood of information.

Because computer files are inherently ethereal, and easy to modify and delete (with exceptions noted below), it's important to move as quickly as possible to obtain important data while it still exists in its original form.


Where is the data? It may be on the hard drive in the user's machine, on a floppy disk, optical disk, network storage, remote Internet storage, handheld device or a backup device. Think about all the possible locations so that your request will be broad enough to hit all the potential systems and devices.

Bear in mind that the sloppy and paranoid may have material where you would be least likely to look for it. A key document might be hidden in an operating system folder with thousands of other files.

A common technique is to run a search for the extension used by a particular program—doc for Word files or xls for Excel. However, a clever user may change the extension to a common one like dli or to nonsense not used by any program. It can take some creative exploration to figure out exactly where the jewels may be hidden.

Some files routinely do not appear in the list of files. Such hidden files can be revealed by changing operating system settings.

Check to see if the computer has a slot for a removable hard drive. If the slot is there, the implication is that one or more removable drives exist somewhere.


Why go after electronic evidence?

Electronic evidence isn't inherently different from other evidence. You need to authenticate it and find a hearsay exception to get it admitted. The highly malleable nature of computer files, however, may cause greater skepticism by the trier of fact so some precautions may be in order.

If you suspect there is valuable electronic evidence that will be important to the case, it will be worthwhile to hire a professional to document the existence and form of the evidence and to preserve it for trial. This helps to avoid an argument that the files have been modified from their original form. (Even though the operating system tracks each modification by date, that tool can be defeated by as simple an expedient as resetting the system clock to the original file date before changing the file. A more advanced user can simply use a low-level disk tool to edit the file and change the date—or anything else—at a level below the operating system.)

In an extensive search, one need not be limited to the files that the operating system knows about. When a file is deleted, the operating system simply deletes the reference to the data in the master index for the disk. The data itself remains intact until overwritten by new data. Software tools can search the disk for remaining fragments of the deleted file. This is best done by a professional who can handle the task without accidentally overwriting the remaining data and will be available to testify as to the method used in restoring the data. Keep in mind that a savvy data destroyer will use a special program that not only deletes the file but immediately writes over the data multiple times to attempt to obliterate every trace.

Another resource to check is back-up copies. Because of the risk of destruction of valuable data through hardware failure, software corruption, user error or viruses, most businesses keep back-up copies of all important data. These may be on tape, optical drive or another hard drive. Because of the nature of possible failures, good back-up procedure calls for frequent back-ups (usually overnight) but also long-term back-ups that go back weeks or months. The interesting thing is that while the copy on the hard drive may be gone, the back-ups may lay around for a long time.

A professional will also take steps to document and preserve the exact state of the files when retrieved. This might be done by copying the files to an optical disk that can be written to but not modified, or by making a byte-by-byte copy of the original disk and certifying the exact size of the disk image.

Encryption programs are becoming quite common. Windows 2000 even has built-in encryption capability. Getting the data on the disk will do you no good unless you also get the password and any certificates or other authentication information necessary to gain access to the encrypted data. The Hollywood scenario of breaking the password with a computer program is wildly overstated. There has been a great debate between computer professionals and law enforcement because good encryption with well-designed passwords is extremely difficult. For your own use, create passwords that are at least 8 to 10 characters long and use letters and numbers and punctuation characters. That way, the processing required by a password-guessing program is increased by orders of magnitude because it must try 60 possibilities for each character in the password as opposed to only 26 for a password using only the alphabet.


As mentioned above, electronic data and communications, particularly e-mail, are potentially fertile ground for the discovery of powerful and damaging information. The misperception that e-mail disappears into the ether once sent or deleted is a potentially hazardous assumption. Supposedly deleted items may be recoverable with the help of a computer professional, and, in other cases, the sender and/or recipient of the e-mail may not have taken any steps to delete or otherwise conceal electronic communications. Additionally, the often informal nature of e-mail may result in the inclusion of thoughts and ideas that do not appear in official records or other finalized documents. E-mail and other computer records may also provide evidence of a spouse's online gift purchases and travel expenditures, as well as reveal websites that the computer user has visited.

Once the electronic data are discovered and reviewed, counsel must then determine the appropriate means of admitting such evidence. Introducing an e-mail into evidence will present counsel with familiar issues regarding admissibility. The evidentiary issues related to the admissibility of an e-mail will be uniform to some extent, but will also depend on the source of the information and the actual contents of the e-mail. The following are general issues that may arise in attempting to admit e-mail communications into evidence. In addition to the general overview that follows, attorneys should also carefully review state law for the existence of statutes that specifically address evidentiary issues related to electronic communications. For example, Georgia law contains specific provisions related to computer privacy. Additionally, Georgia law defines what constitutes an electronic record and specifically provides that electronic records qualify as writings for purposes of satisfying any rule of law that requires a writing. See O.C.G.A. §§ 16-9-90 to 16-9-94, §§ 10-12-1 to 10-12-5.


The first step in the authentication process is to identify the document. This may be accomplished at trial through the testimony of:

1. The recipient of the e-mail;
2. The sender of the e-mail;
3. A party who witnessed the sender transmit the e-mail.

Additionally, identification of an e-mail document may be resolved during pre-trial discovery through requests for admissions or during deposition.

Once the document is identified, further foundation is required to address the reliability and accuracy of the e-mail. In most instances, the recipient or sender of the e-mail should be able to testify to the reliability and accuracy of the contents of the printed e-mail in relation to the contents of the e-mail as it exists on the computer. In some instances, the governing rules of evidence may consider the print-out to be an original document, and other circumstances may require the proponent of the evidence to establish why the original is unavailable (i.e., the original is stored electronically on the computer system), and that the print-out is a fair and accurate representation of the electronically stored version of the evidence. Additionally, if deleted or otherwise concealed communications are discovered through the use of a computer expert, then a court may require additional foundational testimony to establish the reliability of the retrieval process. Even if the court does not require the additional foundation, as a strategic matter, counsel may desire to present such evidence in order to bolster the reliability and credibility of the evidence in the eyes of the jury, as well as to emphasize what may have been an attempt to destroy or conceal information.

Although the technology behind the transmission of electronic communications may theoretically present some issues that counsel may attempt to exploit, it does not appear that such issues, at least as related to e-mail transmissions, have generated great concern among the courts or between opposing parties. For instance, the technological explanation of the manner and form in which the contents of the electronic records are transmitted and stored may provide some basis for challenging the accuracy and reliability of the evidence. To dispute the admissibility or evidentiary weight of electronic evidence, the attorney in opposition to the evidence may object by challenging the integrity of the system on which the information was stored prior to retrieval, the manner in which it was retrieved, or the manner in which the discovering party stored the information. Arguably, information stored on a computer disk or hard drive is somewhat fungible in that it can be manipulated, replaced, and/or spoiled in such a way that is not readily apparent. As such, the opponent of the evidence may petition the court to require the proponent of the evidence to establish a sufficient chain of custody in order to authenticate the information.

Regardless of the requirements that a court may impose on the admission of electronic evidence, it is probably beneficial to provide an explanation of the steps taken to safeguard the information from tampering, and thus bolster the credibility of the evidence, as well as preempt attacks upon the evidence by the opposing party. Ultimately, this is more likely to be an issue in relation to large databases that no one person can account for, other than to establish a "business record" foundation, and not in relation to individual e-mail messages. If the sender and recipient both acknowledge that the printed e-mail is a fair and accurate representation of the electronically stored information, then the science and technology that make the communication possible are largely irrelevant.

Accessibility to a computer or computer system by multiple parties may also raise concerns of tampering and of the possible existence of fraudulent information. If both spouses have access to the same computer, the possibility does exist that one spouse may claim that the other created self-serving, bogus e-mails, or that the other spouse improperly altered an existing e-mail or other electronically stored information. Ultimately, such claims will affect the weight and not the admissibility of evidence. The ability to prove such misconduct would be a serious blow to the opponent's case and illustrates the need to conduct thorough discovery of all potential sources of electronic information.


Introducing an e-mail message into evidence at trial will in many instances raise hearsay concerns. The manner in which hearsay issues are addressed will depend upon the nature of the contents of the message and the identity of the sender, as well as, but not limited to, the availability of the witness or witnesses needed to authenticate the document and provide the necessary foundational elements for particular hearsay exceptions.

The contents of the e-mail may present several potential hearsay problems for the proponent of the evidence. If, for example, an e-mail contains information that the sender obtained from some other source, then double hearsay issues may arise allowing the opponent of the information to prevent its admission into evidence. Information that qualifies for admission under the business record exception may also contain additional inadmissible hearsay and opinions. As such, any e-mail or electronic record tendered into evidence should be carefully reviewed to determine if it contains implicit hearsay or inadmissible opinion testimony.

Potential hearsay issues arising from e-mails generated by one of the parties can be handled through pre-trial discovery or during testimony at trial. E-mails from a third party may present greater difficulties. If a third-party sender of an e-mail is available as a witness, then hearsay concerns related to an e-mail message, depending upon the governing rules of evidence, can likely be handled directly through the witness at trial or through pre-trial discovery. If a third-party witness is not available, then counsel will have to rely on some other hearsay exception in order to have the evidence admitted.

E-mail sent from workplace or home computers, to which more than one person has access, will raise concerns regarding both authentication and hearsay. If the proponent of the evidence cannot establish the identity of the sender, then counsel will likely be unable to establish whether the communication is authentic and, if so, whether any hearsay exception applies.

The following is a partial list of possible ways to address evidentiary concerns regarding the admissibility of e-mail:

1. Requests for Admissions
2. Admissions obtained during deposition
3. Adoptive admission imputed to the recipient of the e-mail
4. Admissions by a party opponent
5. Contents of the electronic record constitute a Business Record
6. Contents of the electronic record constitute a Present Sense Impression
7. Contents of the electronic record constitute an Excited Utterance
8. Contents of the electronic record constitute a Statement Against Interest
9. Necessity Exception to the rule against hearsay
10. Contents of the electronic record are relevant to explain conduct
11. Contents of the electronic record are relevant to establish the declarant's intent.

Remember, always be sure to familiarize yourself with your state and federal laws on electronic privacy and wiretapping before obtaining or using any electronic evidence.



Federal statutes, collectively referred to as the Electronic Communications Privacy Act (hereinafter referred to as the "Act"), provide for both criminal and civil penalties for the unlawful interception of electronic communications while such communications are in transit or are stored in a temporary or intermediate system that is incident to the transmission. A brief summary of relevant code sections is as follows.

1. 18 U.S.C.A § 2511 prohibits the interception of certain electronic communications, as well as the disclosure of such illegally obtained information.

2. 18 U.S.C.A. § 2511(4) provides criminal penalties for violations under the statute, including fines and/or imprisonment for up to 5 years.

3. 18 U.S.C.A. § 2520 authorizes the victim of an unlawful interception of an electronic communication to recover civil damages against the person or entity that violated the law.

4. 18 U.S.C.A. § 2515 prohibits the use of any unlawfully intercepted wire or oral communication, or evidence derived therefrom, as evidence in any court, including state courts, if the disclosure of such evidence would be in violation of the Act. The Electronic Communications Privacy Act of 2000 seeks to remedy the failure of the section to exclude unlawfully intercepted electronic communications, but this legislation is still pending.

The above-referenced statutes raise several con-cerns for the family law practitioner. If the client appears to have violated the Electronic Communications Privacy Act, can counsel then seek to obtain the information through legitimate discovery procedures? Arguably, if a party could have lawfully obtained the information through discovery, then the court should not exclude it. By way of comparison, the Doctrine of Inevitable Discovery allows evidence seized in violation of the Fourth Amendment to be admitted into evidence if the state can establish that it would have discovered the evidence by legal means. Additionally, counsel should consider whether requesting such evidence through discovery would alert the opposing party to a possible violation of the law, thus potentially subjecting the client to criminal prosecution and/or civil liability.


Family law practitioners should also familiarize themselves with state laws concerning computer privacy. A spouse that accesses the other spouse's computer without authority may run afoul of the law and be subject to criminal prosecution. Computer privacy laws will vary among jurisdictions, and while an in-depth comparison of state laws is beyond the scope of this discussion, attorneys should take care to advise clients of the potential pitfalls of making unauthorized forays into private computer data related to the spouse or others.


Computers and electronically stored data represent a vast terrain in which to conduct discovery. The effort to do so may uncover powerful and damaging evidence that counsel can use to impeach a witness or to obtain a favorable settlement agreement. While the potential sources of electronic evidence are many, a wide-ranging search is likely cost prohibitive. As a result, counsel will need to consult carefully with the client to determine the appropriate course of action. Familiarity with federal and state laws related to computer privacy and wiretapping is also a must, and the client should be advised regarding the implications of violating such laws. Finally, once the information is obtained, counsel should formulate a plan for successfully admitting it into evidence, taking into consideration the evidentiary rules of the jurisdiction, any potential objections from the opposing party, and any prohibitions against the admissibility of illegally obtained electronic evidence.


The preceding article was written by Stephen Harhai, one of the leading commentators nationwide on computers and their role in the practice of family law. It discusses in some detail the possibilities for obtaining and using evidence removed from one of the parties' computers. This article will elaborate in a bit more detail upon several points covered in Mr. Harhai's article.

Statutory Provisions

The main federal statutes cited in the previous article are the federal statutes applicable to wiretaps and similar interceptions of communications. These statutes apply only when a transmission of data is intercepted en route from the sender to the recipient.

In the great majority of all situations involving e-mail, however, the transmission is not intercepted en route. Instead, what normally happens is that both the sender's and the receiver's computers store a copy of the message. Then, at some point after the message is sent, one party's spouse discovers the copy and reads it. Where transmission has already occurred, merely reading a copy of the message is not an "interception." Steve Jackson Games, Inc. v. United States Department of Justice, 36 F.3d 457 (5th Cir. 1994). Moreover, what is being intercepted is technically not the message, but rather a copy of the message. As a result, most recovery of e-mail is not barred by the wiretap statutes.

There are two additional federal statutes which are more applicable to uses of e-mail. First, 18 U.S.C.A. § 1030 is a specific provision dealing with unauthorized computer usage. In general terms, it applies to three types of computers: (1) computers owned by the United States; (2) computers storing certain types of sensitive information; and (3) any "protected computer." Sensitive information includes information relevant to national defense or foreign policy, records of financial institutions, or consumer credit information. Id. § 1030(a)(1), ( 2).

In domestic relations situations, the only applicable type of computer will be the third type, a "protected computer." A protected computer is any computer (1) which is used by the United States or any financial institution, if "the offense affects that use," id. § 1030(e)(2)(A); or (2) "which is used in interstate or foreign commerce or communication." Since almost every computer is used at some time to send a communication to someone in another state, the definition of a protected computer appears to be quite broad.

With regard to a protected computer, the statute prohibits essentially three types of actions. The first type of action occurs when someone "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication." Id. § 1030(a)(2)(C). This type of action is somewhat narrow, as the information obtained must specifically be an interstate communication. The second type of action occurs when someone "knowingly, and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud." Id. § 1030(a)(4). Since this type of action requires proof of fraudulent intent, it arguably does not apply when the using spouse seeks only relevant evidence regarding marital finances or marital misconduct. The third type of conduct occurs when someone "intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage." Id. § 1030(a)(4)(C). "Damage" is defined narrowly to mean damage to the computer or to the data stored upon it. Id. § 1030(e)(8). Where information is merely copied, this type of conduct is not involved. The statute grants an express civil cause of action to any injured party. Id. § 1030(g). There is, however, no express provision stating that information obtained in violation of the statute is inadmissible.

For domestic relations purposes, the key concept in § 1030 is use "without authorization." The key phrase "without authorization" also tends to occur in state computer crime statutes. E.g., The Virginia Computer Crimes Act, Va. Code Ann. §§ 18.2-152.1 et seq. Most definitions of this term assume that authorization to use a computer must originate from the owner.

In the domestic relations context, however, the term "owner" is critically ambiguous. Unlike real estate and automobiles, computers do not have formal documents of title. Some person will choose to register the computer with the company that made it, but registration is often done in the name of the spouse with more interest in or ability in dealing with computers. There is no legal requirement that the person registering the computer be the only owner, or even the owner at all. When a computer is acquired with marital funds, stored in the marital home, and accessible to both parties, there is a powerful argument that the computer is jointly owned. If so, any use of the computer by either spouse would be "authorized."

It is unclear what effect the presence of password protection has upon ownership. The statutes tend to assume that the owner of the computer owns all of the information upon it. If a person who does not own legal title to the computer stores information upon a computer, and protects that information with a password, is the owner "authorized" to break the password (or hire a third person to break the password) and use the information? The answer may depend upon the precise definition of "authorized." Most of the express definitions seen by the author seem to assume that the owner of the computer owns everything stored upon it. But none of the definitions anticipate the possibility that a non-owner might store password-protected information upon a computer.

Second, another specific federal statute governs use of material on a "remote computing service"— an Internet service provider or other network which offers e-mail services to its clients. 18 U.S.C.A. §§ 2701 et seq. In most domestic relations situations, information will be taken off of a local computer which uses such a service, and not off of the service itself. But the author has heard of at least one case in which one spouse was able to obtain unauthorized access to the other's web-based e-mail service—an e-mail service which is accessed by means of a normal web browser. In any situation where e-mail is downloaded directly from a provider, the additional protections of § 2701 may come into play.

Case Law

Only one reported family law decision nationwide directly considers the admissibility of evidence obtained from a computer. Byrne v. Byrne, 168 Misc. 2d 321, 650 N.Y.S.2d 499 (Sup. Ct. 1996). The Supreme Court is New York's trial court of general jurisdiction, so Byrne is only a trial court case.

In Byrne, the husband's employer provided him with a laptop computer. The computer was provided for business purposes, but the employer did not restrict its use. The husband allowed the parties' children to use the computer for homework, and the wife alleged that the husband used it to store personal financial information. Upon separation, the wife removed the computer from the marital home and gave it to her attorney, in the belief that financial information stored upon it was relevant to the divorce case. The husband and the employer both filed motions seeking to have the computer returned, and to prohibit the wife from using any of the information contained in the computer's memory.

The court initially considered whether the wife's removal of the computer was wrongful. While the computer was used and controlled by the husband, its unquestioned use for the children's homework showed that it was not solely the husband's computer. "Thus, it cannot be said that the [wife] acted illegally by removing the ‘family' computer from the marital residence and presenting it to her attorney." 650 N.Y.S.2d at 500.

The court then considered who should have access to the computer's memory. The court held that a computer is analogous to a file cabinet:

The computer memory is akin to a file cabinet. Clearly, plaintiff [wife] could have access to the contents of a file cabinet left in the marital residence. In the same fashion she should have access to the contents of the computer. Plaintiff seeks access to the computer memory on the grounds that defendant stored information concerning his finances and personal business records in it. Such material is obviously subject to discovery. Therefore, it is determined that plaintiff did nothing wrong by obtaining physical custody of the notebook computer.

Id. The court drafted a specific order providing that the parties and their computer experts should gather at an agreed-upon location. The wife should bring the computer, and the memory of the computer should be copied, presumably onto a series of disks or CDs. The court clearly anticipated that the parties would copy all files, whether or not password-protected. "Obviously, if defendant furnishes his passwords the process [of making the copy] will be expedited. (The Court noted that this process is very similar to the commonly undertaken inventory of a safe deposit box.)" Id. The original copy of the computer's memory was to be deposited with the court. Each party would then receive a list of the files copied. The husband would have 10 days after receipt of the list to assert any claim of attorney-client privilege. If no such claim was made within 10 days, the original copy would be turned over to the wife's counsel. Once the files were copied, the computer itself was to be returned to the employer.

There is no available appellate decision in Byrne, and the case has not been cited by any other decision.

It is significant to note that Byrne relied only upon the common law of evidence, and did not rely expressly upon federal or state statutes imposing criminal or civil penalties for unauthorized computer usage. As a general rule, the fact that evidence is obtained illegally is generally not a sufficient reason to exclude it from admission. For example, in Lee v. Lee, 967 S.W.2d 82 (Mo. Ct. App. 1998), the husband stood on top of a building and videotaped the wife and her paramour. No specific statute or Rule of Evidence made the videotape inadmissible. The wife argued that the tape was inadmissible, however, because it was obtained through the husband's illegal trespass on the building and his illegal invasion of her privacy. The court held:

We find it unnecessary to decide whether the tape was illegally made because in civil cases, the manner in which evidence is obtained is irrelevant to the issue of admissibility. . . . Even evidence obtained fraudulently, wrongfully or illegally is admissible.

Id. at 85; see also County of Henrico v. Ehlers, 237 Va. 594, 379 S.E.2d 457, 459 (1989) (evidence obtained in clear violation of Miranda rights is still admissible in civil action; rejecting an argument that "judicial integrity" prohibits admission of illegally obtained evidence); Sackler v. Sackler, 15 N.Y.2d 40, 203 N.E.2d 481 (1964) (admitting evidence of adultery that husband obtained through illegal entry into wife's home); Del Presto v. Del Presto, 97 N.J. Super. 446, 235 A.2d 240 (App. Div. 1967) (same); Rogers v. Williams, 633 A.2d 747 (Del. Fam. Ct. 1993) (admitting videotape made during illegal entry into mother's home). Unless and until computer usage statutes expressly provide that evidence obtained in violation of their provisions is not admissible in civil actions, there is a powerful argument that these statutes have no effect upon the law of evidence.

Ethical Issues

Finally, an attorney considering use of computer evidence should consider not only the law of evidence but also the law of attorney ethics. Some states have held that an attorney may commit an ethical violation by using certain types of wiretap evidence, even if that evidence is admissible at law. See, e.g., Formal Opinion 337 of the American Bar Association's Committee on Ethics and Professional Responsibility (1974); Gunter v. Virginia State Bar, 238 Va. 617, 385 S.E.2d 597 (1989); S.C. Advisory Ethics Opinion 83-1 (reaching a similar result (citing Gunter)). To the author's knowledge, no case or ethics opinion expands this theory into the computer usage situation. Still, it is absolutely foreseeable that an attorney's use of computer evidence could pose ethical issues, and the fact that that use is permitted by the law of evidence does not necessarily mean that such use is ethical. Thus, before using questionable computer evidence, an attorney should make certain to consider ethical as well as evidentiary issues.

Go to: Discovery Category
Go to: Cases of Interest by Category
Go to: Previous Page

About Us | Monthly Newsletter | Terms & Conditions | Privacy Statement | Contact Us | Advertising

The information contained on this page is not to be considered legal advice. A lawyer should always be consulted in regards to any legal matters. Divorce Source, Inc. is also not a referral service and does not endorse or recommend any third party individuals, companies, and/or services. Divorce Source, Inc. has made no judgment as to the qualifications, expertise or credentials of any participating professionals. Read our Terms & Conditions.

© 1996 - 2012 Divorce Source, Inc. All Rights Reserved.