Do two wrongs ever make a right when it comes to evidence obtained by hacking or even torture?

Do two wrongs ever make a right when it comes to evidence obtained by hacking or even torture?

With the civil courts confirming they are content to allow parties to deploy as evidence the results of unlawful computer hacking, Michael Drury, Caroline Mair and Andrew Watson consider the issues including for similarly obtained evidence in the criminal courts.

Hacking and theft

In Ras Al Khaimah Investment Authority v Azima [2021] EWCA Civ 349(‘RAKIA’) the civil division of the Court of Appeal confirmed the long-standing rule that relevance of evidence is key to its admissibility, not whether it was obtained lawfully. As a result, evidence of fraud on the part of Mr Azima, which was said to have been obtained by unlawful ‘hacking’ of his computer, could nonetheless be deployed. The court took the view that refusing to admit the evidence or striking out the claim as an abuse of process would have left Mr Azima with the benefit of his fraudulent conduct. In weighing up the public policy considerations of needing to be seen to provide justice whilst at the same time ensuring that members of the public abide by the law, the court has continued to favour the former, well established by the time of the seminal judgment in  Jones v University of Warwick [2003] EWCA Civ 151. But what bearing does this decision have on the admissibility of illegally obtained evidence in criminal proceedings, especially if sought to be deployed by a defendant? And does this case in any way erode the well-established rule that illegally obtained evidence obtained through torture, will not, under any circumstances, be admitted in evidence?

In principle in criminal proceedings the same rule applies: provided that admitting evidence will not have an adverse effect on the fairness of proceedings, and it is relevant to matters in issue, it will be admissible. IndeedKurama v R [1995] AC 197, which is the leading authority from (relatively) modern times, was a criminal prosecution from Kenya where the search leading to the evidence was plainly unlawful. As the court reiterated there, quoting from an 1861 judgment (in another criminal case): “It matters not how you get it; if you steal it even, it would be admissible”.

Nonetheless it is hard to imagine that deliberate breaches of the criminal law by the authorities would not lead to exclusion of such evidence given the fairness requirement embodied in the Police and Criminal Evidence Act 1984 and its extensive subsequent case law or, in the world of surveillance, by the Investigatory Powers Act 2016 (‘IPA’ – for technical surveillance) and the Police Act 1997 and Part II of the Regulation of Investigatory Powers Act 2000 (for physical surveillance and associated actions), which provide state actors with comprehensive processes and codes to ensure they act compatibly with the criminal law and the Human Rights Act 1998. In short, there can be little excuse for a state actor not acting lawfully.

These issues were well illustrated in the recent Court of Appeal (Criminal Division) judgment in A,B,D,C v R [2021] EWCA Crim 128 concerning the use of evidence thought by suspects to be protected by the ‘EncroChat’ encryption system, and hailed as one of the greatest evidential breakthroughs against serious and organised crime. The underlying point was the need to assert that not only was the material outside the prohibition on the use of intercepted material but that, if the prohibition did not apply, the actions were taken with lawful authority where the acquiring agency (here the NCA) had a relevant Targeted Equipment Interference Warrant under the IPA. The need for compliance with the IPA was a given throughout the proceedings, on what was effectively a premise that compliance guaranteed admissibility (if this was not interception which the Court of Appeal concluded it was not). Significantly, subject to other arguments about admissibility/abuse of process – which the Court of Appeal strongly hinted would not carry any weight but seem to the authors to present substantive challenges (as is the case in proving all hacking activity) – such evidence can be relied upon by the prosecution.

Whilst the historical and ethical bases for restraining state power are obvious, there is an argument that the same bases do not readily apply to an individual. Of course, it is not for the accused to present anything by way of evidence in their defence, instead that task lies squarely with the prosecuting authority. But to what extent, for example, is a defendant, wishing to use illegally obtained evidence in support of their defence, at liberty to use that material?

Self-apparently a defendant exposes himself to the risk of further investigation and prosecution should they engage in criminal activity such as hacking (or theft) even if the purpose was to secure evidence to support innocence. But to that extent the individual is in no different position to the civil litigant in terms of the consequences of their actions although with the obvious practical difference that law enforcement bodies will already be party to the case and the defendant’s actions (or the actions of those associated with them) will be much more readily apparent to those who might be minded to initiate a criminal inquiry. And it seems clear that the fundamental test of ‘relevance not lawfulness‘ should not change simply because of the identity and position of the party seeking to adduce the evidence.

Evidence derived from torture

Although likely to be rare, it is important to remember that a special exception to the general rule of courts admitting relevant evidence, no matter its origin, has been carved out by the House of Lords (A v Secretary of State for the Home Department (No 2) [2005] UKHL 71). Where the evidence mayhave been obtained by torture (the legal test being that it must be proven on the balance of probabilities that torture took place) that evidence will be inadmissible. This rule recognises the moral and public policy imperatives.

That rule was affirmed by the Supreme Court in 2020 in another civil case, Shagang Shipping Company Ltd v HNA Group Company Ltd[2020] UKSC 34 (‘SHAGANG’). Concentrating on the issue of proof, the Supreme Court held that whilst evidence shown on the balance of probabilities to have been obtained by torture is inadmissible, there is no rule that, if it is not proven to the civil standard, the fact that torture may have taken place must be ignored when deciding the facts in issue. The court confirmed that if there are reasonable grounds for suspecting that a statement was obtained by torture, that is a matter which a judge can and should take into account.

Such a pragmatic approach reflects the fact that proving torture occurred is often inherently difficult and therefore, as a matter of public policy, it is only right that courts in respect of all judicial proceedings be able to take into account the possibilitythat torture may have rendered the evidence unreliable. The evidence that torture was used will therefore fall to be considered by the judge along with all other relevant matters. This significant clarification also recognises the fact that its use will always be subject to the party who wishes to benefit from its use seeking to show that it cannot be proven, on the balance of probabilities, that it was in fact the product of torture. And this too could arise in the criminal context: not least given it is a crime of universal jurisdiction one can see how evidence arising from torture could feature in criminal proceedings in England alleging crimes relating to torture.

Conclusion

RAKIA and SHAGANG largely confirm what we already knew about admissibility of evidence that is obtained by unlawful means. Torture remains a moral line which the courts will not countenance being crossed. For the rest, the Courts seem open to admitting unlawfully obtained evidence in civil proceedings (or arguably from the defendant in criminal or regulatory proceedings) where the issue of whether a crime has been committed in gathering the evidence is left for other organs of the state to investigate. Public authorities are – and should be – held to higher standards, adopting the existing processes which remove any question that the evidence has been unlawfully gathered.

Michael Drury’s expertise in data collection and surveillance matters by state entities is unparalleled in the United Kingdom. As a former director of legal affairs at GCHQ, the largest of the UK’s security and intelligence agencies, for 14 years; founder member of the Serious Fraud Office; and for the last 10 years a partner in BCL providing advice on national security and criminal investigations to both corporate and individual clients, his breadth of experience both in terms of developing legislation (particularly the Regulatory Investigatory Powers Act as the forerunner to the current Investigatory Powers Act 2016) and practical casework gives him unique insights into how the law has developed and the practical consequences that follow. He has already provided advice on the US-UK Bilateral Data Sharing Agreement due to commence this autumn and brings his breadth of knowledge to bear on what is a new departure in a field that is inherently controversial.

Caroline Mair is a BCL barrister specialising in financial crime investigations and anti-money laundering regulatory matters. She has a breadth of experience; notably since joining BCL in 2010 she has advised an individual implicated in a lengthy cross-border investigation concerning the alleged manipulation of LIBOR and has also assisted in defending two individuals charged with conspiracy to cheat HMRC in relation to a multi-million pound film investment scheme fraud – the first prosecution of its kind to be brought. Caroline has developed her regulatory practice in advising regulated persons in relation to their anti-money laundering obligations under the complex 2017 Money Laundering Regulations.

Andrew Watson is a legal assistant and has been involved in a number of matters concerning HMRC, Trading Standards and the SFO and has a particular interest in relation to cash seizure and forfeiture under the relevant provisions of POCA 2002 and the Criminal Finances Act 2017. Recent data protection work has included advising on the obligations placed on a data controller by the DPA 2018/GDPR when considering whether to comply with a non-mandatory ‘Request for Information’.

Related articles