E-Evidence in Criminal Trials: How Digital Footprints Are Changing the Rules of the Game

Written By Steven Lack

In today's digital age, our lives are increasingly documented through devices—mobile phones, smartwatches, laptops, and the cloud. It follows that digital evidence, or "e-evidence," now plays a central role in many criminal trials in New Zealand. From text messages to GPS data, electronic evidence can make or break a prosecution or defence case. This article explores how e-evidence is obtained, how it is treated by the courts, and how it can be challenged.

What Is E-Evidence?

E-evidence refers to any data stored or transmitted in digital form that may be used in a criminal proceeding. Common examples include:

  • Text messages and call logs

  • Emails and instant messages (e.g. WhatsApp, Signal, Facebook Messenger)

  • Photos and videos stored on devices or in the cloud

  • Social media activity

  • GPS and location data

  • Internet browsing history

  • Digital financial records

As smartphones become the central hub of personal and professional communication, they frequently become targets in police investigations. The same can be said of wearable devices, such as smartwatches, which also collect a significant amount of data from your everyday actions and movements. It is important to be aware of the type of data which is being collected by the electronic devices you use on a daily basis.

The Authorities Powers to Obtain E-Evidence

Under the Search and Surveillance Act 2012, enforcement agencies (such as the police) in New Zealand have extensive powers to obtain e-evidence through search warrants, surveillance device warrants and production orders. A search warrant may authorise the search of a premises or a specific device, including remote access to data stored in the cloud. Surveillance device warrants may authorise the live interception of texts, calls and data transmissions which are channelled through a telecommunications company.

Specialist tools such as Cellebrite or GrayKey are routinely used by the authorities to extract data from locked or encrypted devices which have been seized during an investigation. Increasingly, the police and other agencies also issue production orders to compel third parties such as telecommunications providers or cloud storage companies to produce information.

Under section 130 of the Search and Surveillance Act 2012, enforcement officers can also compel a person to provide access to information—such as a PIN or password—to a lawfully seized device. Failure to comply with such an order can result in criminal liability. Defendants should always seek legal advice before consenting to a search or before providing access credentials to their devices, whether voluntarily or under compulsion.

Admissibility of E-Evidence in Court

E-evidence is subject to the same general rules of admissibility under the Evidence Act 2006 as other types of evidence. It must be relevant, probative, and not unfairly prejudicial. However, digital evidence can present its own unique issues:

  • Authentication: Can the prosecution prove the material originated from the accused, and was not altered?

  • Hearsay: If the evidence is a message or post made by a third party who is not a witness, is it admissible?

  • Chain of Custody: Was the data handled in a way that preserves its forensic integrity?

An increasingly relevant concern is the alteration or deletion of digital evidence before it is provided to authorities, often by potential witnesses or complainants themselves. Individuals may attempt to modify metadata, selectively delete communications, or manipulate files in the hope of evading detection for their own offending and/or to enhance the evidential value of what is on their device.

However, digital forensic tools used by law enforcement or independent digital forensic experts are often capable of detecting such interference. Courts may treat evidence of tampering by a defendant as probative of consciousness of guilt, or as aggravating in sentencing. Conversely the court may treat evidence of tampering a prosecution witness as damaging to their credibility and reliability. Lawyers must be alert to these risks when considering digital evidence and its potential impact on a prosecution.

Improperly obtained e-evidence—such as data obtained without a valid warrant or through coercion—may be excluded under s 30 of the Evidence Act if its admission would be unfair or detrimental to the administration of justice. In R v Alsford [2017] NZSC 42, the Supreme Court considered the lawful scope of electronic search warrants and the accused’s privacy interests in digital material. However, the law in this area continues to develop as the capability of the technology available to the public changes.

Challenging E-Evidence

There are several ways to challenge e-evidence in criminal proceedings:

  • Exclude under s 30: If the evidence was improperly obtained, a pre-trial application may be made to exclude it.

  • Expert analysis: The defence may engage an independent forensic expert to verify or rebut claims about the digital evidence.

  • Technical cross-examination: Challenge the accuracy of metadata or show the possibility of tampering or remote access.

  • Interpretation: Argue that the evidence, even if authentic, does not mean what the prosecution says it does.

Common Misconceptions and Risks

Many people mistakenly believe that deleted messages are permanently erased, or that encrypted apps provide complete protection. Others assume that cooperating with police by voluntarily handing over a phone without being compelled to will assist their case. These assumptions can be dangerous.

Key risks include:

  • Data synced to the cloud may still be accessible to police. The police do not necessarily need to recover the digital device in order to access material which is independently stored on servers by a company such as Instagram, Google or Meta.

  • Deleted messages are often recoverable because deletion typically only removes the file's reference in the system directory, not the underlying data itself. Until that space is overwritten by new data, forensic software can often retrieve the deleted content, especially from devices that have not been factory reset or encrypted.

  • “Private” apps like Signal or Telegram may still store metadata. For users this means that even if the content of the messages is encrypted and unreadable by third parties, the apps may still record information about when the message was sent, who it was sent to, and how frequently there was communications with that user. Police may use this metadata to build a picture of your contacts and activities, even if they cannot read the actual messages. In certain cases, if a handset is recovered and the messages remain on the device then they can be extracted and reviewed by the authorities.

The Road Ahead: Trends in Digital Evidence

The international dimension of digital evidence is also becoming increasingly important. Most of the major tech companies are located overseas. That means law enforcement agencies often have difficulties with accessing data (in a timely manner) which is stored by these companies in servers outside of New Zealand’s jurisdiction.

The United States' CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows U.S. law enforcement to compel American tech companies to provide access to data, even if it is stored on servers outside the United States. It also enables foreign governments to enter into executive agreements with the U.S. to gain faster access to data held by U.S.-based providers, bypassing the slower mutual legal assistance treaty (MLAT) process.

For New Zealand, this could mean that, in future, law enforcement agencies may be able to access data from companies like Google, Apple, or Meta more swiftly—if an executive agreement is formed. However, such agreements require strong privacy and human rights protections to be in place. The CLOUD Act thus has the potential to reshape the speed and ease with which cross-border digital evidence can be obtained and used in local prosecutions.

New Zealand’s legal system is still adapting to the implications of digital evidence. Anticipated developments include:

  • Broader international cooperation in evidence-gathering through treaties like the CLOUD Act. This U.S. law allows law enforcement to access data stored overseas from American tech companies and enables faster data-sharing agreements with foreign governments, including the possibility of streamlined access for New Zealand authorities.

  • Pressure for law reform around decryption powers, similar to Australia's approach. In Australia, authorities can issue mandatory notices requiring companies or individuals to assist in decrypting data, provided it is reasonable and technically feasible.

  • Greater use of AI tools by enforcement agencies to review large volumes of digital data.

Conclusion

E-evidence is now a cornerstone of modern criminal litigation. For defendants, it poses both opportunities and risks. For lawyers, it demands a working knowledge of evolving technologies, privacy laws, and the forensic techniques used in modern investigations.

If you or someone you know has had a device seized by police or is facing charges involving digital evidence, seek legal advice early. Strategic decisions made at the outset can have a lasting impact on the outcome of the case. It is important to consult a lawyer that is experienced in dealing with digital evidence. Contact Steven Lack – an experienced Auckland criminal defence barrister – for advice today.

 

Steven Lack
Next

Dirty Money: Defending Money Laundering Charges in New Zealand