The Covid-19 pandemic has necessitated the digital shift and increased dependence on digital technology. In recent times, the admissibility of illegally obtained evidence (‘IOE’) has proven itself an imperative notion in international arbitration. This surge in data protection and processing regulations prompted the revision in Rules on the Taking of Evidence in International Arbitration (‘2020 IBA Rules’), replacing the former rules from 2010 with the aim of bringing the rules in line with the prevailing consensus in international arbitration, and to address the increasing reliance on technology brought about by the pandemic. The 2020 IBA Rules focus on cybersecurity as one of the major concerns in international commercial arbitrations, owing to the commercial value of the documents involved while ensuring the digital protection of parties, experts, witnesses and arbitral institutions as well.
In the post, the authors focus on the issue of the admissibility of evidence obtained through hacked emails and data breaches. Since there is no comprehensive set of rules to govern the admissibility of IOE in international arbitration, we seek to shed some light on the 2020 IBA Rules and provide a set of recommendations, which may help the tribunals whenever they are confronted with questions pertaining to IOE.
IBA Rules on the Taking of Evidence in International Arbitration
Arbitral institutions across the globe are free to admit any evidence as they deem fit, determinable on a case-by-case basis. However, they ought to exercise such power within the restrictive walls of the governing rules of procedure, i.e. lex arbitri. Previously, only article 9(2) of the 2010 IBA Rules provided some guidance on the aspect of admissibility of evidence, which too was, at times, silent when posed with practical questions about the admissibility of the IOE. However, the revised rule 9(3) makes explicit mention of the issue of IOE which is a step in the right direction. Furthermore, while the former 2010 IBA Rules clearly provided for confidentiality to the documents submitted in arbitrations, they were, however, silent as to whether such confidentiality protection applied to documents produced in response to a request for production. The 2020 IBA Rules explicitly extend the scope of confidentiality to documents produced in response to a request to produce (article 9).
Landmark Cases on the Issue of Admissibility of IOE
Yukos v. Russiais one of the premier cases in international investment arbitration wherein the Permanent Court of Arbitration (PCA) adopted the liberal approach while deciding the admissibility of obtained evidence. Yukos Oil Company’s former majority shareholders and management filed an arbitration claim against Russia under the Energy Charter Treaty (ECT) before the PCA. Although there is no explicit mention about the issue of admissibility of IOE, i.e., confidential diplomatic cables released by WikiLeaks, the tribunal seemed to have relied extensively on these documents to reach the conclusion. While the Yukos awards failed to offer a clear analysis of the issue about the admissibility of such shreds of evidence, the PCA’s conclusion in Hulley Enterprises clarified that IOE is admissible before tribunals, which may rely on it, thus expanding the scope of admissibility of evidences.
Continuing this trend, the International Centre for Settlement of Investment Disputes (‘ICSID’) judgment in ConocoPhillips v. Venezuela proved to be another landmark decision on the issue. However, the dissenting opinion of one of the arbitrators, Professor Georges Abi-Saab, opened the floodgates for a new approach in international arbitration for the admissibility of IOE. The arbitrator argued in favour of the admissibility of such evidence for two main reasons: (a) that documents procured were material and relevant to the dispute, (b) the privileged or confidential information was later leaked and become public information and the dispute in such cases should be decided in light of on public policy grounds.
Subsequently, in Caratube International Oil Company LLP v Republic of Kazakhstan, the claimant relied on evidence that were obtained through leaked emails published on the website ‘KazakhLeaks’, following a cyber-breach of the Kazakh Government’s computer network. The tribunal admitted the claimants’ submission of non-privileged leaked documents, but refused to admit privileged leaked documents (namely privileged attorney-client communications). It offered a two-pronged reasoning for admitting such evidence: (a) the documents were evaluated as ‘material’ and ‘relevant to the dispute’ and (b) the evidence which was sought to be relied upon was then widely, freely and lawfully available in the public domain, so it could neither be considered privileged information nor be seen as confidential.
In Libananco Holdings Co. Limited v. Republic of Turkey, the PCA did not per se rule the respondent’s conduct of intercepting privileged communication as illegal, but ordered for its exclusion from the proceedings. Here, it opted to protect the legal privilege and parties’ obligation to arbitrate fairly and in good faith thereby preserving the basic procedural fairness.
There has been a gradual increase of cases involving the issue of the admissibility of evidence gathered via cyber-attacks, and this calls for a uniform method to adjudicate upon such issues. However, there continues to be a lack of consensus amongst arbitral tribunals regarding the approach to be adopted with regard to the admission of IOE. Tribunals at times adopted the stricter approach in order to protect the procedural integrity of dispute resolution, while in other cases tribunals have adopted a liberal approach by admitting the non-privileged evidence and deciding the case on the merits of the relevant facts.
To resolve the existing conundrum on the issue, the authors propose a set of questions that the tribunals shall consider while evaluating the admissibility of such evidence:
Whether the evidence procured is genuine and authentic or has been tampered with
The decision of the Trial Chamber of the Special Tribunal for Lebanon can be considered in this regard, as it analyzed the issue of admissibility of IOE especially in respect to WikiLeaks documents. In this case, the tribunal opined that although the documents were relevant and material for the case, it was not satisfied with the accuracy and believed that the document did not display sufficient authenticity.
Whether the cyber intrusion is utilized in furtherance of public interest
William W Park, one of the renowned academics in the field, stated in response to this assertion that arbitration needs to be balanced with the continual inclusion of “truth seeking values that further public goals”. Arbitral tribunals have a duty to prioritize public interest in cyber intrusion based adjudications, and ensure that in the execution of justice the betterment of society is secured as well.
Blair and Gojkovic have analyzed the jurisprudence pertaining to IOE vis-à-vis public interest. Similarly, the ICSID tribunal in the Caratube ruled that the expropriation, abuse of due process and collateral estoppels undertaken by the Kazakhstani government was not motivated by public interest. Thereby, the IOE was ruled as ‘admissible’ in furtherance to actualize the liability of the Kazakh government. Thus the creations of basic requirements have been expounded by Blair and Gojkovic, namely:
- Has the evidence been obtained unlawfully by a party who seeks to benefit from it?
- Does the public interest favour rejecting the evidence as inadmissible?
- Do the interests of justice favor the admission of evidence?
- Whether the party relying on such evidence is an interested party and was directly or indirectly involved in the procurement of evidence in an unlawful manner?
The Tribunal in Caratube:
- rejected the admission of evidences that were previously protected by any kind of privilege.
- allowed the admission of evidence which has not been protected by any privilege and was leaked by the party disinterested in the outcome of the dispute.
- the tribunal opined that IOE may be admitted even if a tribunal ‘affords privileged documents the utmost protection’.
While arguing for the procedural integrity in such cases, the authors recommend the inclusion of a common test across arbitral bodies and tribunals alike, to establish basic guiding principles and parameters for evidence obtained from cyber intrusions. We believe that admission of all kinds evidence (privileged or non-privileged) obtained via cyber breach would encourage such cyber-attacks and parties to go to any extent to prove their case, thereby stripping the procedural rules of their intended effect. Furthermore, while relying on such evidence, which was recently released in a public domain, parties’ proximity or probable nexus to such incident should be closely looked into. Additionally, in case the party to the arbitration is found to have ties with such incidents, then the evidence should not be admitted. That said, we hope that sufficient clarity is induced into the existing conundrum that provides a feasible solution to the issue of admissibility of evidence obtained via the cyber breach.
– Arjun Chakladar & Aman Kumar Yadav