Rule 34 of the Federal Rules of Civil Procedure provides that electronically stored information is subject to subpoena and discovery for use in legal proceedings. This rule is key to making electronic storage grounds for discovery as evidence. Rule 26 provides that each company has the duty to preserve documents that may be relevant in a particular case. Thus, companies are bound to preserve and turn over computer-stored and computer-generated records.
The pace of technology always outruns the law designed to regulate it. Computers in business have been used for fifty years, and yet the Rules of Civil Procedure and Evidence were late to address these forms of document/information storage. Imagine if file cabinets were invented in 1900, but nobody knew how to ask for the information inside them until 1950.

Rule 1001(1) of the Federal Rules of Evidence defines “writing and recordings” as letters, words, or numbers or their equivalent, set down by handwriting, typewriting, printing, photostating, photographing, magnetic impulse, mechanical or electronic recording, or other forms of data compilation. The notes to this rule state that considerations underlying this rule “dictate its expansion to include computers, photographic systems, and other modern developments.”

To keep you apace with the technology that everyone is using, always include in interrogatories and requests for production of documents information that is contained on a computer or electronic storage system (even a digital camera qualifies). Data will commonly be located on individual desktops and laptops, network hard disks, removable media ( e.g., floppy disks, tapes, and CDs) and, increasingly, personal digital assistants ( e.g., Palm Pilots). Data also may be in the possession of third parties, such as Internet service providers and on computer systems of other peripherally involved entities.


• Think of requesting information from the electronic database storage systems of the spouse, a closely held company, an employer, friends or relatives, investment firms, other entities specific to the case.

• In a divorce case in Southern California, the husband had given his old computer to the parties’ daughter. The wife turned the computer over to Computer Forensics, Inc., and was able to discover more assets than the husband had admitted.


• What type of files? Word processing files, spreadsheet files with asset lists, budgets, financial plans with projections, historical expenditures, experts’ financial models; financial management programs with check, credit card, asset and investment data; database files with financial data, contact lists, assets; e-mail programs; calendar programs; browser history files; e-mail, along with header information archives, and any logs of e-mail system usage; data files created with word processing, spreadsheet, presentation, or other software; databases and all log files that may be required; network logs and audit trails; electronic calendars, task lists, telephone logs, contact managers.


• Set time parameters for the creation of files.


• Hard drives, floppy disks, optical disks, network storage, remote Internet storage, handheld device, backup device; active data storage, including servers, workstations, laptops; off-line storage, including backups, archives, zip disks, tapes, CD-ROM, and any other forms of media.


• Because sometimes it’s the only evidence that exists on an issue. Because it may show inconsistencies with hard copy evidence that will lead to new evidence or impeachment. Because an electronic file may by its nature be easier to search. It can be downloaded onto a hard drive and searched using a desktop search function.


• When you think there is electronic evidence worth having, the first thing to do is issue a notice to preserve and retain the data.

• Federal Rule of Civil Procedure 26(a)(1)(C) obligates parties to provide opponents with copies of or descriptions of documents, data compilations, and tangible things in a party’s possession, custody or control.

• Federal Rule of Civil Procedure 34 permits a party to serve on another party a request to produce data compilations.

• Deposition of custodian or electronic records.

• Protective order and order to turn over hard drive.

See Discovery Resources on page 44 for form requests for discovery and for retention.

Computer forensics

Computer forensics is the collection, preservation, analysis, and presentation of electronic evidence. As a family law attorney, you can be looking for correspondence, tax and accounting records, addresses and phone numbers, presentation files, business plans, calendaring information, task lists, etc. Any of these records can reside on a computer in the form of text files, graphic files, audio files, hidden files, system files, e-mail, and even deleted files (if not overwritten).

Computer forensics can resuscitate deleted files if not overwritten, determine when the file was created and modified, and when the file was deleted (if it was deleted). Computer forensics can also determine how data may have leaked, how e-mail may have been forged, how the network may have been penetrated, and whether keystroke loggers or other tracking device may have been placed on the system.

Importantly, a computer forensic specialist can obtain a hard drive and establish chain of custody and authentication. It might be important to obtain a hard drive and immediately turn it over to a computer forensic specialist rather than boot up the computer yourself (or have your client do it), because the mere act of booting up changes the registry on about 400 to 600 Windows files.

Following are important cases on obtaining electronic evidence in a family law matter.

Rosenberg v. Rosenberg, 2002 WL 15649 (Minn. Ct. App. Jan. 8, 2002): The wife was afraid the husband was failing to report all income produced by his business and sought access to the business computer hard drive. She had no real evidence to suggest that income was unreported. The trial court denied wife’s motion for access, and the appellate court affirmed:

The [trial] court found that appellant’s requests for signed authorizations and access to respondent’s business’s computer’s hard drive were invasive and based on conjecture arising out of her attorney’s limited personal observations of packages being shipped from respondent’s business on a cash-on-delivery basis. . . . Nothing in the record suggests that the district court acted in an arbitrary or capricious manner in denying a portion of appellant’s discovery requests.

Rosenberg is a textbook illustration of the general rule against discovery requests that amount to fishing expeditions. To obtain access to the other party’s computer, a spouse must allege something more than the speculative possibility that the computer might contain relevant evidence.

Evidentiary issues

Authentication may be achieved by Requests for Admissions, admissions during deposition, adoptive admission imputed to the recipient of the e-mail, admissions by a party opponent. Hearsay objections as to the contents of the electronic record may be overcome by the business record exception, the contents of the electronic record as a present sense impression, the contents of the electronic record as an excited utterance, the contents of the electronic record as statement against interest, the necessity exception to the rule against hearsay, the contents of the electronic record as relevant to explain conduct, or the contents of the electronic record to establish declarant’s intent. Fed. R. Evid. 803 and 804.

A few cases concerning evidentiary issues of electronic evidence in the family law context provide guidance.

Hazard v. Hazard, 833 S.W.2d 911 (Tenn. Ct. App. 1991): The copy of a letter from the husband to his former attorney stored in the husband’s computer in the marital home, to which the wife had complete access, was not privileged.

Stafford v. Stafford , 641 A.2d 348 (Vt. 1993): The wife found on the family computer a file called “My List,” which was an inventory and description of the husband’s sexual encounters with numerous women. The wife testified she found the list on the family computer and that the contents were similar to those that appeared in a notebook she had discovered in the husband’s handwriting. The notebook disappeared. “Plaintiff’s testimony of the source of the document as a file in the family computer was sufficient to identify what it was.”

In re Marriage of DeLarco, 313 Ill. App. 3d 107, 728 N.E.2d 1278 (2000): Testimony of wife’s attorney concerning his firm’s billing software and procedures for review of records produced by it established adequate foundation under business records exception to hearsay rule for admission of computer-stored billing records in connection with wife’s petition for contribution to her attorney fees in dissolution action.

Fenje v. Feld, 2003 U.S. Dist. LEXIS 24387 (N.D. Ill., Dec. 8, 2003): Authentication of e-mail “is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” Fed. R. Evid. 901(a). The court also noted that e-mail communications may be authenticated as being from the purported author based on an affidavit of the recipient; the e-mail address from which it originated; comparison of the content to other evidence; and/or statements or other communications from the purported author acknowledging the e-mail communication that is being authenticated.

Cyber misconduct

Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. §§ 2510-2522, generally prohibits the interception of wire, electronic, and oral communications. Title 18 U.S.C. § 2511(1)(a) applies to the person who willfully intercepts such wire, electronic, and oral communications, and subsection (c) to any person who, knowing or having reason to know that the communication was obtained through an illegal interception, willfully discloses its contents. The Electronic Communications Privacy Act of 1986 (ECPA), 100 Stat. 1848 enlarged the coverage of Title III to prohibit the interception of “electronic” as well as oral and wire communications. By reason of that amendment, as well as a 1994 amendment, which applied to cordless telephone communications, 108 Stat. 4279, Title III now applies to the interception of
conversations over both cellular and cordless phones. Although a lesser criminal penalty may apply to the interception of such transmissions, the same civil remedies are available whether the communication was “oral,” “wire,” or “electronic,” as defined by 18 U.S.C. § 2510 (1994 ed. and Supp. V).

Importantly, an “electronic communication” is defined as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.” 18 U.S.C. § 2510(12) (1994 ed. and Supp. V).

Key to a number of family law cases dealing with “spousal snooping” of electronic mail is that accessing e-mail already stored on a computer is not an interception of e-mail in violation of the Act. Interception comes only with transmission. See Fraser v. Nationwide Mutual Insurance Co., 352 F.3d 107 (3d Cir. 2003); United States v. Steiger, 318 F.3d 1039, 1048-49 (11th Cir. 2003); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002); Steve Jackson Games, Inc. v. U.S. Secret Serv., 36 F.3d 457 (5th Cir. 1994); see also U.S. v. Councilman, 245 F. Supp.2d 319 (D. Mass. 2003); Wesley College v. Pitts, 974 F. Supp. 375 (D. Del. 1997), summarily aff’d, 172 F.3d 861 (3d Cir. 1998).

Finally, the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, applies to three types of computers: (1) computers owned by the United States; (2) computers storing certain types of sensitive information; and (3) any “protected computer.” Sensitive information includes information relevant to national defense or foreign policy, records of financial institutions, or consumer credit information. 18 U.S.C. § 1030(a)(1, 2).

A protected computer is any computer used in interstate or foreign commerce or communication. Because almost every computer is used at some time to send a communication to someone in another state and to receive communications from other states via the Internet, the definition of protected computer is quite broad.

The Act prohibits three actions: (a) intentionally accessing a computer without authorization or exceeding authorized access, and thereby obtaining information from any protected computer if the conduct involved an interstate or foreign communication; (b) knowingly and with intent to defraud, accessing a protected computer without authorization, or exceeding authorized access, and by means of such conduct furthering the intended fraud; (c) intentionally accessing a protected computer without authorization, and as a result of such conduct, causing damage. In family law cases, the key concept in § 1030 is use “without authorization.”

The following cases in the family law context address these issues.
In Jessup-Morgan v. AOL, 20 F. Supp.2d 1105 (E.D. Mich. 1998), the husband’s paramour posted an Internet message on an electronic bulletin board inviting readers to telephone the estranged wife to seek sexual liaisons. The message said “I’m single, lonely, horny, and would love to have either phone sex or an in person sexual relationship with someone other than myself. . . .” Id. at 1106. The estranged wife was deluged with unwanted telephone solicitations for sex while living at her parents’ home with her two young children. AOL responded to wife’s subpoena and divulged the identity of its subscriber who had perpetrated this harassment in violation of the AOL subscriber agreement. The subscriber (husband’s lover and then second wife) sued AOL under the Electronic Communications Privacy Act (ECPA) for breach of contract and invasion of privacy, seeking $47 million in damages. She claimed damages from disclosure that affected her own child-custody hearing as well as her future husband’s divorce. The court held that the ECPA was inapplicable because the disclosure was not of content but merely the author of the communication. The case was dismissed.

Conner v. Tate, 130 F. Supp.2d 1370 (2001): A woman sued her lover’s wife for illegally intercepting and taping telephone and voice-mail messages between the lovers and then distributing the information to the local police department. Paramour stated cause of action.

U.S. v. Scarfo, 180 F. Supp.2d 572 (D. N.J. 2001): Keystroke programs (i.e., tracking software designed to capture keystrokes covertly as they are typed) are not in violation of any law, because they do not intercept communications, they do not access the computer in an unauthorized manner, and they cause no harm to the computer or user.

Hazard v. Hazard, 833 S.W.2d 911 (Tenn. Ct. App. 1991): For a description of the case, see page 12.

Stafford v. Stafford, 641 A.2d 348 (Vt. 1993): For a description of the case, see page 12.

Byrne v. Byrne, 168 Misc. 2d 321, 650 N.Y.S.2d 499 (1996): The computer in this case was a laptop that was owned by the husband’s employer, Citibank, and used by the husband as part of his employment. The computer also was used by the husband for personal financial information unrelated to work. The wife took the laptop and gave it to her attorney. The husband and employer asserted that the computer could not be accessed by the wife’s attorney.

The Byre court held:

The computer memory is akin to a file cabinet. Clearly, [the wife] could have access to the contents of a file cabinet left in the marital residence. In the same fashion, she should have access to the contents of the computer. [The wife] seeks access to the computer memory on the grounds that [the husband] stored information concerning his finances and personal business records in it. Such material is obviously subject to discovery.

White v. White, 344 N.J. Super. 211, 781 A.2d 85 (2001): In a divorce action, the husband filed a motion to suppress his e-mail that had been stored on the hard drive of the family computer. The court held that the wife did not unlawfully access stored electronic communications in violation of the New Jersey wiretap act, and wife did not commit the tort of intrusion on seclusion by accessing those e-mails. Here, the wife hired Gamma Investigative Research, which copied the files from the hard drive. The files contained e-mails and images he had viewed on Netscape. The company sent the wife a report on the contents of the files. The husband’s e-mail program on AOL requires a password.

Key to this decision is that once e-mails are downloaded from the e-mail server, they are not stored for the purpose of electronic transmission, and they are thus outside the protections of the wiretap act. Further, the wife was able to access the files without a password by going through other files.

Zepeda v. Zepeda, 632 N.W.2d 48 (S.D. 2001): Husband installed software on home computer to covertly monitor wife’s keystrokes. He discovered that she engaged in highly erotic discussions in Internet chat rooms. Husband separated from wife and later accepted a job in Texas. Husband believed wife was an Internet addict and that this led her to have sex with a man in the family home while the child was sleeping. A temporary custody order prohibited wife from using the Internet unless required by her employment. At trial, husband introduced computer log-on records to show substantial use of the Internet in the household. The court pointed out that these records did not show which member of the household used the computer or whether it was just left logged on.

State v. Appleby, 2002 WL 1613716 (Del. Super. 2002): After the husband and wife commingled their computer hardware, using it freely as each saw fit, its ownership and possession were joint. Each spouse was equally entitled to the equipment. Under the circumstances, where the hard drive was left broken, uninstalled and in the estranged wife’s possession and where the hard drive once was installed in the estranged wife’s computer, she had complete access to it while it was working and hundreds of her personal documents remained on it, the hard drive was “theirs” in every sense.

O’Brien v. O’Brien, 899 So. 2d 1133 (Fla. 5th DCA 2005): Wife illegally “intercepted” husband’s electronic communications with another woman via electronic mail and instant messaging, within meaning of Security of Communications Act, when she installed spyware program on computer, which simultaneously copied electronic communications as they were being transmitted.

Evans v. Evans, 610 S.E.2d 264 (N.C. Ct. App. 2005): Sexually explicit e-mails that wife had sent to physician, were offered by husband in a divorce action in support of grounds for divorce and in support of denying postseparation spousal support to wife, were not illegally intercepted in violation of federal ECPA, where interception of e-mails was not contemporaneous with transmission; e-mails were stored on and recovered from hard drive of family computer. FA

Scrub a Dub Disk

How to “deep six” your data

Before donating that old desktop to a local charity or heaving it into the nearest Dumpster®, make sure that deleted files are gone and irretrievable. Identity thieves may target a donated or discarded computer, and for good reason. In the case of a family law firm, the most private details of clients’ lives and the firm’s practices are ripe for the picking.

Dropping a file into the desktop trash can, emptying your recycle bin, or reformatting your hard drive are only the first steps. Sensitive information is still there, accessible to many data recovery programs and free software tools until it is expertly overwritten.

Following are a handful of new products that promise to deep six your data permanently. They overwrite files and software with meaningless characters making them unreadable and unrecoverable.

Dump the disk

For Mac users, Disk Utility in the Utilities folder on the hard drive (for OS X 10.4 or Tiger systems) provides three ways to overwrite data. A second tool on Macs running OS X (10.3 and higher) is Secure Empty Trash, which provides seven separate overwrites for deleting trashed files.

For PC users, Acronis Privacy Expert Suite 8.0 ($24.95) from Acronis at offers an anti-spywear and security tools package.

• Darik’s Boot and Nuke 1.0.6 (DBAN) is a free download (shareware donation encouraged) at is a self-contained boot floppy that runs on Windows computers and promises to delete the contents of any detectable hard disk.

• ShredIt ($19.95/download) from Mireth Technology is downloadable at and runs on both Mac and Windows machines. It provides drag and drop or “select from menu” options.

• WipeDrive from White Canyon ($39.95) at promises user-friendly protection with twelve overwrite options.

—Deborah Eisel

Laura W. Morgan is the owner and operator of Family Law Consulting in Charlottesville, Virginia, which provides research and writing to family law attorneys nationwide. She is a member of the Advocate Editorial Board and can be reached at

Published in Family Advocate, Volume 28, No. 3, Winter 2006. © 2006 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.