In a world that is becoming e-dominant, the existence of electronically stored information (“e-evidence”) is greater than ever before.  Issues concerning e-evidence and information/cyber-security have taken the limelight in the arbitration field in recent years.  In particular, the issue of how to deal with illegally obtained e-evidence (including manipulation of evidence itself) lies at the forefront of the list of concerns.  In the quest for guidance on how to deal with such evidence, this article explores three related questions: (i) What is special about e-evidence?  (ii) How should arbitral tribunals deal with illegally obtained e-evidence?  (iii) How should information/cyber-security be implemented in arbitration?

A key feature of e-evidence is its dynamic and changeable nature.  Unlike physical documents, e-evidence can be easily modified (even without human intervention), and it may be hard to detect such modification without computer forensics.1The Sedona Conference, The Sedona Principles Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production, 19 SEDONA CONF. J. 1, 211 (2018). The Sedona Conference is a non-partisan and non-profit charitable institute that conducts legal studies. These principles are based on legal precedents from Federal and prevailing state cases in the U.S., offering guidance on the best practice when dealing with e-evidence in courts. X1  This can call into question the authenticity of e-evidence, especially illegally obtained evidence.

Cybersecurity is therefore essential to maintain the integrity of the arbitration process.  Cases show that “often the importance of the evidence has overshadowed the illegality of its source.”2Nitya Jain, Can an Arbitral Tribunal Admit Evidence Obtained through a Cyber-Attack?, KLUWER ARB. BLOG (Jan. 27, 2019), http://arbitrationblog.kluwerarbitration.com/2019/01/27/can-an-arbitral-tribunal-admit-evidence-obtained-through-a-cyber-attack/.X2  Accordingly, the process of preserving and securing e-information is essential to avoid having modified evidence used against the data holder.  As further illustrated below, this is a multi-layered process that includes not just the parties who should prepare for electronic discovery by securing their data in the first place but also everyone involved in the arbitral proceeding, including the arbitrators and arbitral institutions.

E-evidence and cybersecurity are not foreign concepts in arbitration.  Several protocols and institutional rules have recently been issued dealing with e-disclosure, flagging the need for cybersecurity measures, although without much detail.1Chartered Institute of Arbitrators (CIArb) Protocol for E-Disclosure in International Arbitration [hereinafter CIArb Protocol]; Swiss Rules for International Arbitration, Art. 19(2) (2021); London Court of International Arbitration (LCIA) Arbitration Rules, Art. 30(5) (2020).X1   Two main issues take precedence when it comes to e-evidence: (a) how to deal with illegally obtained or hacked e-evidence, and (b) how to safeguard e-evidence’s authenticity.

While arbitral tribunals have already been confronted with illegally obtained evidence—ranging from the use of WikiLeaks documents,2See, e.g., ConocoPhillips Co. v. Venezuela, ICSID Case No. ARB/07/30, Decision on Respondent’s Request for Reconsideration (2014).X2 to hacked emails,3See, e.g., Cosmo Sanderson, Brazilian Pulp Award Leads to Cyber Hack Challenge, GAR (Apr. 12, 2021), https://globalarbitrationreview.com/article/brazilian-pulp-award-leads-cyber-hack-challenge. X3 to even “dumpster diving” where one party trespassed on the other party’s trash room4See, e.g., Methanex Corp. v. United States, UNCITRAL, Final Award (Aug. 3, 2005).X4—they have been hesitant to treat all such documents as “illegally obtained,” which may preclude their admissibility.  Illegal obtainment of evidence can also raise more serious questions about the authenticity of the evidence itself, such as whether it was tampered with and which party bears the burden of proving the legality of the evidence. 

All of this leads to the ultimate questions: should illegally obtained e-evidence be admissible?  And if so, how can tribunals ensure its authenticity?  To answer these questions, publicly available investment arbitration cases and national court cases provide some guidance.

A. Illegally Obtained Evidence

Generally speaking, arbitrators have broad powers to determine the admissibility of evidence.5See, e.g., UNCITRAL Model Law on International Commercial Arbitration (1985) with amendments as adopted in 2006, art. 19(2); International Centre for Settlement of Investment Disputes (ICSID) Arbitration (Additional Facility) Rules (Apr. 2006), art. 41(1); Singapore International Arbitration Centre (SIAC) Rules (2016), art. 19(2).X5  While no institutional rule exists addressing the admissibility of illegally obtained evidence, the principle of “good faith” provides guidance.  This principle is evident in one of the most important “soft laws” in this field:  the IBA Rules on the Taking of Evidence in International Arbitration provide that “the taking of evidence shall be conducted on the principles that each party shall act in good faith.”6International Bar Association Rules on the Taking of Evidence in International Arbitration (2020), Preamble. X6  The IBA Rules further state that “the arbitral tribunal may, at the request of a Party or on its own motion, exclude evidence obtained illegally.”7Id. art. 9(3). X7  Nevertheless, neither the IBA Rules nor the relevant commentary define “illegality”, and the IBA Rules are not binding unless the parties agree to them. 

National approaches are no more helpful and may even leave one’s head spinning.  A survey covering twenty-seven national jurisdictions representing all five U.N. Regional Groups failed to identify a unified approach regarding the admissibility of illegally obtained evidence.8Sara Fallah, The Admissibility of Unlawfully Obtained Evidence before International Courts and Tribunals, 19(2) L. AND PRAC. INT’L COURTS AND TRIBUNALS 147, 167 (2020).X8  The survey identifies two separate approaches to the treatment of illegally obtained evidence:  first, either generally admissible or inadmissible or second, a middle approach which balances the interests of both parties.  Despite the nonexistence of a general rule of admissibility, guiding rules can be deduced from publicly available investment arbitration cases which arbitrators may follow in other forms of arbitration.9Peter Ashford, The Admissibility of Illegally Obtained Evidence in ARBITRATION: THE INTERNATIONAL JOURNAL OF ARBITRATION, MEDIATION AND DISPUTE MANAGEMENT, 5 (Stavros Brekoulakis ed., Vol 85 Issue 4, Sweet & Maxwell 2019) 384.X9

The general rule dictates that the burden of proof lies with the party alleging illegality of the submitted evidence (actori incumbit probatio); if proved, the burden shifts to the other party.10Methanex, at ¶ 55.X10  Arbitrators, however, have gone beyond this basic rule to apply a balancing exercise based on two principles: (i) the clean hands doctrine, and (ii) the materiality of the evidence.  This multi-layered approach respects the principle of good faith and “procedural fairness and equality” between the parties.11Alice Stocker & Désirée Prantl, et al., Chapter II: The Arbitrator and the Arbitration Procedure, Cybersecurity in International Arbitration Hacked Evidence Turns Fancy Buzz Words into Real Threat, in AUSTRIAN YEARBOOK ON INTERNATIONAL ARBITRATION 27,50 (Christian Klausegger and Peter Klein, et al. eds.,2022). X11

The clean hands doctrine dictates that if evidence is obtained through the unlawful conduct of a third disinterested party, the evidence is prima facie admissible.  Put another way, a party may not benefit from its own unlawful conduct by having the evidence obtained unlawfully.  This was the holding in two investment cases where the parties submitted WikiLeaks cables.  In Yukos v. Russia, the tribunal admitted the cables without questioning their admissibility.12Alice Stocker & Désirée Prantl, et al., Chapter II: The Arbitrator and the Arbitration Procedure, Cybersecurity in International Arbitration Hacked Evidence Turns Fancy Buzz Words into Real Threat, in AUSTRIAN YEARBOOK ON INTERNATIONAL ARBITRATION 27,50 (Christian Klausegger and Peter Klein, et al. eds.,2022). X12  In ConocoPhillips v. Venezuela, the tribunal refused to admit the cables because the documents had been submitted late in the procedure.   Professor Abi-Saab dissented explaining that arbitrators should not be willing to turn a blind eye to such “glaring evidence” despite being unlawfully obtained by a third party, especially if admitting the evidence is in the interest of justice.13ConocoPhillips ¶¶ 64, 66-67. X13 

In Methanex v. United States, the claimant attempted to rely on documents found through “dumpster diving.”  Interestingly, the tribunal considered such documents inadmissible but focused on the second prong of the test: materiality of the evidence.15Libananco Holdings Co. v Republic of Turkey, ICSID Case No ARB/06/8, Preliminary Issues (June 23, 2008); Caratube Int’l Oil Co. LLP v Republic of Kazakhstan, ICSID Case No ARB/08/12, Final Award (Sep. 27, 2017).X15  Nevertheless, when privileged documents are in question, tribunals have followed a strict approach by totally excluding them irrespective of whether they were illegally obtained by the party relying on them or by a third party.16Libananco Holdings Co. v. Republic of Turkey, ICSID Case No ARB/06/8, Preliminary Issues (June 23, 2008); Caratube Int’l Oil Co. LLP v. Republic of Kazakhstan, ICSID Case No ARB/08/12, Final Award (Sep. 27, 2017).X16  

The nature of illegality cannot be ignored, but reasonably balanced.  As each case will have its own unique facts, there is no strict rule for admissibility of illegally obtained evidence.  No arbitral tribunal or court wants to issue a decision based on wrong facts because it simply ignored this type of evidence.  On the other hand, accepting such evidence despite its immateriality is unwise, as this will incentivize future unlawful activity by the parties.  Hence, tribunals need to consider both the clean hands doctrine and materiality of the evidence when confronted with issues of illegally obtained evidence.  Moreover, tribunals can deal with the illegal obtainment of evidence by awarding something similar to “cost sanctions” against the party who obtained those evidence, as courts sometimes do.17See, e.g., Imerman v. Imerman [2010] EWHC 64 (Fam).X17 

B. Authenticity

The authenticity of the e-evidence is a more serious concern.  Suspicions about the authenticity of evidence can be raised alone or in addition to the objection of illegal obtainment of evidence.  The latter scenario occurred in EDF v. Romania where the claimant submitted an audio recording of a meeting with a member of the Romania Prime Ministry to prove their claim.  The tribunal found that the recording was illegally obtained, but its holding about the authenticity of the recoding is worth noting,

Considering that today’s sophisticated technology may permit easy manipulation of audio recordings, proven authenticity is in fact an essential condition for the admissibility of this kind of evidence . . . . An obvious condition for the admissibility of evidence is its reliability and authenticity.  It would be a waste of time and money to admit evidence that is not and cannot be authenticated.18EDF (Services) Ltd. v. Republic of Romania, ICSID Case No ARB/05/13, Procedural Order No. 3, at 29 (Aug. 29, 2008) (emphasis added).X18 

While this is absolutely correct, tribunals need to be realistic and not put the stick in the wheels.  Tribunals are handling e-evidence more than ever before, so extensively authenticating every piece of e-evidence will be a waste of time and money.  As the U.S. District Court for the District of Columbia puts it, emails, as an example of electronic method of communication, are now the prominent method of communication in the professional world.19United States v. Safavian 435 F.Supp.2d 36, 41 (D.D.C. 2006). X19   Hence, “absent specific evidence showing alteration, . . . the Court [should not] exclude any embedded emails because of the mere possibility that [alteration] can be done.”20Id.X20 

Case law shows that there is no strict rule when considering the authenticity of e-evidence.  In R v. Mawji,  a claimant submitted evidence that the accused emailed him a death threat.21R v. Mawji, [2003] EWCA Crim 3067.X21  The accused objected to the email’s admission before it was authenticated.  The court concluded that there was no need to test the authenticity of the email because all other evidence already admitted at trial supported the content of the email.  In another case, however, the court had to check the metadata of the emails and hire an electronic evidence specialist to confirm the authenticity of emails and that they were not forged, as claimed by one of the parties.22Greene v. Associated Newspaper [2005] QB 972.X22  This needed to be done because there was no additional evidence to support the authenticity of the emails.  These cases show that the authentication process need not be over complicated when circumstantial evidence exists. 

Procedural controls can also provide strong circumstantial evidence of the integrity and authenticity of the evidence.  In Lorraine v. Markel, the U.S. District Court for the District of Maryland stated that a witness can “provide factual specificity about the process by which electronic evidence is created, acquired, maintained, and preserved without alteration or change.”23Lorraine v. Markel, 241 F.R.D. 534, 545 (D. Md. 2007). X23  While the court was referring to the relevant national law regarding authentication, the principle can apply in all cases.

In sum, a general checklist of testing the admissibility of such evidence may be found, but question of admissibility is far from a straightforward one.  Illegally obtained evidence and authenticity are two serious questions that need to be addressed on a case-by-case basis.  Benjamin Franklin’s famous advice stands right here:  “an ounce of prevention is worth a pound of cure.”  To avoid such critical questions of admissibility and undesired outcomes, it is worth considering information security in the first place.

Information security (including cybersecurity) is important to guarantee the integrity of arbitration proceedings.  The ICCA-NYC Bar-CPR Cybersecurity Protocol for International Arbitration1International Council for Commercial Arbitration, the New York City Bar Association and International Institute for Conflict Prevention Protocol on Cybersecurity in International Arbitration (2020) [hereinafter ICCA-NYC Bar-CPR Protocol].X1 and IBA Cybersecurity Guidelines2International Bar Association’s (IBA) Cybersecurity Guidelines (2018).X2 are the most prominent soft laws that address information security in the legal and arbitration fields.  The former aims to “provide a framework to determine reasonable information security measures for individual arbitration matters,”3ICCA-NYC Bar-CPR Protocol, supra note 25, at xi.X3 while the latter provides law firms and practitioners with guidance on technological measures regarding safety of data in general.  As demonstrated below, information security is not a one-shot solution; a holistic approach is needed because information security threats are possible pre-, during, and post-arbitration.

First, parties need to be immune, to the most practical extent possible, from information security risks.  Hence, it is essential for lawyers to understand the importance of their role even before any arbitration starts in raising their client’s information security awareness to ensure that their data is secured and does not surprisingly appear in the hands of their opponents in the future.

Further as a precautionary step to be done before appointing the tribunal, it may be advisable to send to potential arbitrators a cybersecurity checklist to be confident that a tech savvy arbitrator will be appointed, especially if the arbitration process will be held virtually or depend heavily on e-communication and the submission of e-evidence.  Early consideration can also be given to the evidentiary status of hacked e-evidence in addition to any special information/cybersecurity arrangements for the arbitration process itself.4See Katrien Baetens, Cyber Hack Challenges in International Arbitration, LINKLATERS (Apr. 22, 2021), https://www.linklaters.com/en/insights/blogs/arbitrationlinks/2021/april/cyber-hack-challenges-in-arbitration; CIArb Protocol, at Art. 1. X4

As for the arbitration process, the ICCA-NYC Bar-CPR Cybersecurity Protocol covers the arbitration proceedings and post-arbitration retention and destruction matters, and offers a three-step approach to tackle information security in a reasonable and cost-efficient manner: (i) risk analysis, (ii) implementation, and (iii) modifying information security measures as needed.  As an initial matter, the risk profile of the arbitration needs to be determined so that the parties and the tribunal can adopt the most appropriate measures.  These need not break the bank but need to be sufficient and reasonable.  According to the Protocol, the parties and tribunal need to follow the required measures (e.g. access controls, encryption, and physical security) to avoid any security gaps. 

Notably, the Protocol does not state the role of each participant in implementing the measures.  But it goes without saying that everyone involved in the arbitration process (the parties, arbitrators, and arbitration institution) needs to be involved or else imposed measures likely will be useless.  In fact, arbitrators should police the application of the measures to avoid any security threats during the proceedings to avoid surprises and delays.

Illegally obtained evidence raises more issues than just whether it should be admissible.  It can induce endless enforcement paranoia which arbitrators usually take into consideration during the proceedings.  Both admissibility and inadmissibility of such evidence can give rise to concerns regarding whether the award can be challenged or set aside.  It is by human nature that one cannot un-see what has been seen and arbitrators are not immune from this.  Even if illegally obtained evidence is declared inadmissible, it is hard to be sure that an arbitrator has actually disregarded from what they saw.  This is a strong reason why information measures should be taken by the parties during their normal course of business and way before any arbitration process.  Further, the arbitration proceeding itself is not more immune from information security risks, especially cyber threats.  Hence, failure to adapt to the continuously developing tech-world and implement needed information security measures may jeopardize the attractiveness of arbitration as a convenient method of resolving disputes.

As discussed above, there is no strict rule on the admissibility of illegally obtained evidence.  Literature, soft law, arbitration rules, and case law show that questions of admissibility should be considered on a case-by-case basis.  It is up to the arbitral tribunal to decide the admissibility of illegally obtained evidence; in addressing this matter, a thorough, well-reasoned award is key to avoid annulment.  Whether arbitration rules should address this matter is questionable.  Fairness of procedures however necessitate flexible rules rather than ridged ones.