The Court of Appeal decision Ras Al Khaimah Investment Authority v Azima, on the use of hacked information in civil court proceedings, will be of concern to many. It should serve as a reminder to us all of the importance of protecting our data.
It may well seem counterintuitive that an entity which has obtained information or documentation illegally, so called fruit of the poisonous tree, might remain entitled to rely on that information to its advantage in civil court proceedings. However, following the decision of the Court of Appeal in Ras Al Khaimah Investment Authority v Azima, that does indeed remain the case.
While it may seem surprising, it is not in fact new for the English Courts to refuse to exclude evidence on the ground that it has been unlawfully obtained. The Courts do have the power to exclude evidence that would otherwise be admissible but are not obliged to do so.
Mr Azima in part defended a fraud claim against him by arguing that the claimant, Ras Al Khaimah Investment Authority ("RAKIA"), was relying on hacked materials circulating online, the hacking of which, Mr Azima alleged, RAKIA was responsible for. Mr Azima argued that RAKIA should not be allowed to rely on this abuse of process and that the hacked evidence should be excluded.
RAKIA maintained its innocence, and while the trial judge did not consider that RAKIA's evidence in this respect had stood up under cross examination, Mr Azima failed to establish responsibility for the hacking at court. The trail judge upheld RAKIA's claim and Mr Azima appealed the decision.
The Court of Appeal took an interesting approach to this aspect of the Appeal, by adopting a hypothetical factual matrix in which it was assumed both that Mr Azima's claim that RAKIA was responsible for the hacking was true, and that RAIKA's claim would have failed but for the existence of the hacked emails. Despite this, the Court of Appeal found that even if RAKIA was responsible for the hacking, that conduct would not result in the evidence being excluded because, in English law, the general position is that evidence is admissible however it is obtained.
It was relevant to the Court of Appeal’s analysis, first, that the allegations of fraud made against Mr Azima were very serious and, secondly, that the documents he complained were hacked were documents that were relevant to the proceedings and which Mr Azima would have to disclose in the litigation in any event.
- The starting point is that evidence is admissible however it is obtained.
- The court has the power to exclude evidence, but in deciding whether or not to do so the court must strike a balance between condemning the wrongdoing involved in unlawfully obtaining evidence and getting to the truth.
- Whether or not hacked data will be admissible will depend upon the specific facts of the case and the severity of the allegations involved.
Given the harm that hacking can cause the victim, and the increasing prevalence of hacking and cybercrime more generally, this case remains a worrying indication from the court. It also serves as a reminder to us all of the importance of cyber security and cyber hygiene to protect our data from theft and external attacks.