David McNeill argues that the CPIA disclosure regime is unfit for the digital age

The criminal disclosure regime is regarded with dread by counsel, solicitors and officers alike. It can be technical, dry and, for lawyers, usually unpaid. Dealing with disclosure has often seen as a job of last resort for those who would rather be engaged at the front end of a criminal case. This disdain is beginning to result in widespread failure. As a number of recent high profile rape cases such as Liam Allan and Isaac Itiary have shown, buried in the unused material is often the key to whether a prosecution will stand or fall.

Much of the fallout from these near-miscarriages of justice is likely to be directed at individual officers and CPS lawyers for failing properly to apply the Criminal Procedure and Investigations Act 1996 (CPIA). In rebuttal, investigators and prosecutors will no doubt protest about the pressures of caseloads and lack of resources. Defence practitioners can rightly respond that, with no separate legal aid remuneration for pursuing disclosure requests, the system is set up to discourage proper scrutiny.

However, lack of resources, or competence, or hard work, are not the only causes of the increasingly hopeless criminal disclosure regime. The fundamental problem is that the CPIA is simply unfit for the digital age of mass data storage. The more blame that is heaped on individuals for disclosure failures, the further we get from addressing the need for genuine reform.

The starting point should be to accept that digital devices – not only mobile phones but also computers and other devices – store amounts of data that completely change the nature of any disclosure exercise. At one end of the scale, HMRC in Operation Amazon, the tax fraud case that in the Court of Appeal is now the leading authority on electronic disclosure, seized 85 devices with over 7 terabytes of data on them. The disclosure exercise took years and the instruction of huge numbers of independent counsel to sift for LPP and review the material. The search warrants were executed in July 2007 and verdicts were only reached in November 2017. 10 years on, a similar investigation today will inevitably involve far greater quantities of data.

At the other end, almost all defendants who now end up in the Crown Court will have had their smart phone seized by the police. Often they may have more than one. Complainants may have submitted their phones for analysis. Multi-handed cases will involve large numbers of phones. We all know from personal experience that our phones are capable of storing gigabytes of texts, messages, social media, emails and documents. From a sophisticated analysis of the location data, cookies or other information held on the phone, it may be possible to piece together much of our past lives. As practitioners, we now regularly handle downloads of ordinary phones that would exceed 50,000 pages if printed out. Even more data may be accessible from a phone but stored on cloud-based platforms.

Investigators have a duty to return seized devices to their owners if a copy of the data held on them would be sufficient for the investigation. In theory, this means that most defendants should receive their phones and computers back as soon as they have been imaged. Does this solve the problem? No, for a number of reasons. First, it cannot help with complainants’ devices, as in Liam Allan’s case. Secondly, there may be co-defendants who may be interested in the contents of the device. Thirdly, the devices or their contents may belong to third parties – for example, a work computer owned by a defendant’s employer. Fourth, the police sometimes need to retain devices for more detailed analysis in the light of further developments such as defence statements. Finally, the police’s willingness or ability to copy devices quickly and return them is often conspicuously lacking.

We therefore fall back on the CPIA to ensure the disclosure of any data which might undermine the prosecution or assist the defence. Recognising the impossibility of reading millions of documents, the courts and senior judiciary have approved strategies for searching electronic data by using intelligent key words. The process can be increasingly refined if resources are thrown at the problem. Sophisticated search terms can be employed and software can eliminate multiple duplicate copies of the same document. An early, keenly focused identification of the real issues in the case and the right key words likely to yield relevant results is essential. Large prosecutions now inevitably have detailed disclosure management documents which set out the process undertaken in fine detail.

It may be that some form of this process will always be necessary. However, the more elaborate these disclosure strategies become, the more evident their flaws become. Even the most focused disclosure strategy is likely to yield vast numbers of documents which need to be reviewed by the disclosure team – whether officers, prosecutors or counsel – page by page. The job becomes too big for one person, and so multiple document reviewers are engaged. Those reviewers are unlikely to have the same detailed understanding of the case that an investigating officer or trial counsel will have. They will not see the other documents that their colleagues review, and thus not be fully aware of how any one document may fit into a larger picture. They will certainly not be aware of all the nuances of the defences being run by multiple defendants in a complicated case. True, an obviously exculpatory document in a straightforward case should be picked up and disclosed. But to pretend that the significance to the defence of, say, a single text message in a 50,000 page phone download will be picked up by a solitary officer looking at it out of context is simply unrealistic.

In other words, the problem is not that the test for disclosure in the CPIA is wrong in principle. It is that in the age of bulk electronic data, it is becoming impossible to apply on an item by item basis.

The important question should be this. If a defendant, or his representatives, had access to, for example, a large download of a complainant’s iPhone, what searches would they want to make? Applying search terms is only one possible technique for finding information which might really assist the defence. Other techniques will depend on the nature of the case. In a rape case, the defence will inevitably want to see all messages between the complainant and defendant. Sometimes all messages within a particular timeframe might be needed. Context is often all-important – if the prosecution rely in evidence on a text or an email plucked out of context, the defence should be entitled to look around the prosecution evidence to see what else was going on at the time. Equally, a defendant may need to refresh his or her memory about what was happening at the time of an alleged offence, which might be many months or years before. The defence might need to react quickly during a trial to a new issue raised by a co-defendant. The tone or style of communications may be essential to help establish nuanced points about the relationships between individuals. Finally, it may be important to look for the absence of certain messages or records to prove a point.

Only by having disclosure of whole downloads or mirror images can these sorts of informed and intelligent searches – which might genuinely assist the defence – be possible. This would mean recognising categories of material which do not necessarily meet the CPIA test for disclosure, but are handed to the defence to allow them to conduct the sort of effective searches that the disclosure officers will never realistically be able to match.

Although electronic devices are one example of where a more flexible disclosure regime is needed, other material too falls into this category. Judges and counsel have always informally recognised types of material – eg, previous statements of key witnesses, or officers’ notebooks – which in fairness the defence ought to see, whether or not they undermine the prosecution case or assist the defence on an obvious point of fact.

The traditional objections to a more liberal disclosure regime are now largely obsolete. In the past, vast quantities of paper material would have taken huge resources to provide to the defence. Handing over a phone download is now often no more difficult than burning a CD or USB stick. Secure cloud storage and transfer systems such as Egress are soon likely to make the process even easier. Historic objections were that legal aid costs would hugely increase if defence teams could claim for reading large amounts of unused material. The days of being paid for such work, of course, are now long gone.

Should we therefore move to a system of blanket disclosure of certain categories of unused material to the defence? To do so would go too far. The most important reason is that electronic devices inevitably contain large quantities of sensitive or private information. A defendant might rightly be concerned if the prosecution blithely handed over to his fraudster co-defendant a download of his computer containing his passwords and personal data. A complainant in a rape case should not automatically have to surrender all of the private material on her phone to the defendant she accuses of attacking her. The exemptions provided for criminal disclosure in the Data Protection Act 1998 are too wide and vague to give meaningful protection against these concerns.

What is needed, therefore, is a fundamental recasting of the disclosure test that is applied. Instead of a restrictive regime where the presumption is of non-disclosure unless something clearly disclosable can be identified, we should move towards a presumption in favour of disclosing some large electronic item downloads to the defence, so that they can conduct their own intelligent analysis of the material with a better awareness of what would really assist them.

A reformed regime could recognise that the main interest weighing against disclosure should not be inconvenience to the investigators, or a kneejerk defensiveness, but the protection of third parties’ rights to privacy and confidentiality. In such cases, it may be that Judges will need to decide where the balance between these competing interests lies. In the most serious and complex cases, Judges could have the power to order that independent counsel be appointed or that further, targeted analysis of devices be carried out. Judges and practitioners would need better training on the technicalities of electronic data analysis so that the right requests can be made to identify exculpatory material if it exists.

This may sound expensive, difficult and radical. But in the age of the iPhone, it is increasingly obvious that simply carrying on a two decades old disclosure regime designed for limited quantities of paper records is simply not a viable option.

The article was originally published on 3 February 2018 for Criminal Law and Justice Weekly and can be viewed online here.

David McNeill is a barrister with a strong practice in fraud and serious and organised crime cases.