Part 1: How the Blockchain Could Transform the Process of Documenting Electronic Chain of Custody
The blockchain is most commonly associated with cryptocurrencies like bitcoin. However, it has potential uses in the legal space too – specifically, as a way to automatically tamper-proof documentation of access to evidence to establish a fully electronic chain of custody. In this two-part series, we’ll explore how the blockchain can accomplish this goal.
We are all familiar with different forms of physical evidence: a weapon used in a crime, a fingerprint, a fiber, DNA, footprints, tire prints, etc. Electronic evidence, however, is different. It consists of digital data – Microsoft Office documents, emails, VOIP or SMSOIP communications, browser cookies, temporary files and logs, as well as metadata revealing information such as file ownership or last access.
Chain of custody for legal purposes is defined by Wikipedia as “the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.” In effect, the moment a piece of evidence is collected, any and all transfer of evidence from person to person must be documented in order for that evidence to be admissible. It must further be provable that at no point in the chain of custody could anyone else have accessed the evidence without detection. Failure to do so can create legal vulnerabilities which defense litigators can exploit.
For example, if it can be proven that there is a discrepancy in the chain of custody, then it is possible that evidence has been contaminated or tampered with. At that point, the chain of custody is considered broken and the evidence in question is very likely to be declared inadmissible.
In today’s digital world, electronic evidence plays a crucial role in many legal matters and comes with its own unique challenges related to chain of custody. For those with the right technical skills, it is quite possible to modify electronic evidence. Fortunately, there are some methods to counter those efforts.
First, any single piece or a large set of electronic evidence can have an integrity check by simply calculating a checksum – a small-size datum from a block of digital data calculated for the purpose of detecting errors which may have been introduced during its transmission or storage. There are many methods to calculate checksums, but the better ones employ cryptographic calculations to arrive at a unique identifier associated with the data.
We should note it is theoretically possible to have different input data arrive at an identical checksum value. For example, with the CRC32 algorithm – which is a 32-bit cryptographic function that outputs a 10-digit checksum (hash) – inputting the word “plumless” results in a hash of “0x4ddb0c25”. The input word “buckaroo” will also result in a hash of “0x4dd0c25”. This type of match is called a “collision.”
In reality, however, the ability to modify parts of large data sets while forcing a collision is virtually impossible. The odds of any collision occurring once you have more than 1,000 different possible hashes are very, very remote. For the standard SHA-1 algorithm which is 160-bit, even having 1.71 x 1017 possible hash values yields a collision probability on par with having a meteor strike your house (1 in 100 trillion).
Second, electronic evidence that has been “checksummed” can be copied and easily stored in multiple locations and on multiple media, thus making access for nefarious purposes much more difficult.
Third, in addition to being subject to integrity checking via checksum, electronic evidence can be encrypted for additional privacy and security. Encryption makes it even more difficult to contaminate evidence without detection.
We have established so far that electronic evidence can be copied without loss or distortion, undergo integrity checks via checksum calculations, and be further secured via encryption and multiple copies. The last missing piece is the chronological tracking of electronic evidence as opposed to the existing paper trail-based chain of custody. We’ll take up that topic in Part 2 of this series.