Legislative Decree 806 was recently approved, which introduces measures to include information and communication technologies in court proceedings, streamline processes and make the justice service more flexible for users. This happened during the State of Emergency declared due to the COVID-19 pandemic. In this context, the High Council of the Judiciary has implemented several measures with the aim of using virtual or digital resources.
Judicial civil servants have been instructed to preferably work from home with ICT and judges should also use technological resources for all actions, communications, notices, hearings and proceedings. Barristers, third parties and intervenors may take part in processes by means of the available technological resources, and emails were set up as the means of sending and receiving briefs and other notices.
Although it is clear that these emergency decrees don’t alter the General Procedural Code, it was necessary to enable the use of technological resources in the justice system. Regulations like Article 25 of the Procedural Labour and Social Security Code don’t set out the claimant’s duty to state the email addresses of the parties in the claim nor does it refer to any email notices or sending or receiving any electronic documents.
Several positions regarding these legislative decrees have been set forth from procedural and constitutional approaches. However, from a computer law point of view, there is still much to be said and done. The first consideration is that Decree 806 ignores digital safety, as the implantation of technologies in the process should be a way of moving forward and not backwards, and limiting procedural guarantees for the sake of technology would imply a setback, as it is technology what should be adapted and what should enable full compliance with said guarantees.
Not taking digital safety into account in the legislation that regulates the digitalisation of justice during a pandemic is worrying, although understandable under the premise that health, work and people’s lives are fundamental rights of constitutional status we need to protect. That being said, accepting ICT is in the justice system to stay, safety is a basic element that, if ignored, will bring severe consequences to its establishment.
In Spain, a Guide for the implementation of telematic judicial actions has recently been published, which reviews the notices provided by the representatives of the International Bar Association in the Litigation Committee in Spain regarding the experiences of the United Kingdom, Canada (Ontario and Quebec), Japan, Malaysia, Singapore, Norway, the Republic of Ireland, India, Taiwan, the United States (Miami and Washington), Russia, Poland, Belgium and Holland, among other countries, where digital security is a priority.
Among the aspects that stand out in this Guide regarding digital safety are the need to have a secure information repository that guarantees the integrity of legal actions and the express warning against the use of emails to exchange documents, as opposed to what has been proposed in Colombia.
In the same way, it states that when remote connections do not take place in a private setting, that is, with internal network communications, taking safety measures into account becomes even more important. The Guide expressly establishes that the technological resources that are to be used for telematic procedural actions shall comply with minimum safety standards, according to the regulations of the Judicial Interoperability and Security Scheme EJIS. These resources shall guarantee the integrity, authenticity, confidentiality, quality, protection and conservation of the recorded information and of the stored documents and adjust to standards that guarantee the compatibility and interoperability of IT systems.
Decree 806 completely neglects the need to guarantee the authenticity and integrity of notices, recordings and documents. Law 527 of 1999 was ignored, which has already been in force for 21 years in Colombia and guarantees safe and reliable document environments by means of procedures such as digital signatures, electronic signatures and time stamps.
Decree 806 does not mention the data protection of the legal system’s servers, litigants and users in general who actively participate in virtual hearings and proceedings and whose personal and confidential data are recorded. The Spanish Guide requires the tracking and integrity of said recordings, states that complying with the safety measures regulated by the EJIS is essential and considers that the following standards should be especially controlled and then verified:
- Authentication of the parties and legal practitioners.
- User access control.
- Request for the last digits of the CSV of received summons to compare them with the list of intervening parties.
- Showing the ID card in front of the camera.
- Encryption of notices.
- Protocols for the management of security related incidents.
- Possibility of tracking any intentional technical failure.
- Technical support that guarantees the availability of the tools.
- Guaranteed confidentiality.
- Integrity of the recordings.
- Safe custody and storage of the recordings.
- Safe custody and storage of the documents to be produced.
There are thousands of cases of identity theft in digital environments and cyber-attacks every day and the justice system will not be an exception to this global phenomenon. There is no doubt that the current situation demands taking immediate action to preserve the status quo of the justice system. However, there are immediate, mid-term and long-term challenges. How can we litigate without having access to court records? We need to dematerialise them, that is, digitalise them for a probationary period and start thinking of native digital courtrooms. Digital justice clearly must go beyond electronic files and authentication procedures. We need to rethink justice to really apply advanced technology like blockchain, artificial intelligence and the internet of things.
A lack of safety in a digital justice setting enables identity theft and the alteration of documents, qualifications, audio and video files, etc.
The solution cannot be identifying forgery or ignoring documents. The solution must involve regulations that guarantee the Justice System’s diligence and safety.
Héctor José García Santiago, Director of the Government and ICT Observatory of the Pontifical Xavierian University. Executive Chairman of Camerfirma Colombia. www.camerfirma.co
