The knotty question whether hacked information can be used against the person from whom they were obtained unlawfully got another close look in the Court of Appeal in Ras Al Khaimah Investment Authority v Azima, a decision handed down on 12 March 2021.
The factual background was that Mr Azima and one of his businesses were in a relationship with the Investment Authority of the Emirate of Ras Al Khaimah (RAKIA), the CEO of which was a Dr Massaad, to set up a pilot training school. The training school was not a success and ceased operations in 2010 and Mr Azima’s business had a claim against the authority arising from that failure. Mr Azima also received two payments totalling $1.56m in 2011 and 2012 following the sale by one of RAKIA’s subsidiaries of a hotel, which he claimed was commission under an agreement with the authority to find buyers.
Dr Massaad turned out to be a fraudster. When the emirate’s authorities started investigating him, Dr Massaad fled; he was subsequently tried and convicted in his absence for fraud, bribery and embezzlement. Dr Massaad and Mr Azima generally seem to have been thick as thieves, with Mr Azima coordinating Dr Massaad’s defence team and acting as Dr Massaad’s representative in negotiations with the Emirate’s lawyers.
In 2016 Mr Azima and RAKIA entered into a settlement agreement concerning the claims of Mr Azima’s business in relation to the training school. As part of that settlement, Mr Azima and his business represented to RAKIA that they had at all times acted in good faith and with the utmost professional integrity towards RAKIA and any other emirates entity and would continue to do so in future. The relevant clause of the agreement also stated that the payment to Mr Azima’s business was made in reliance on that representation.
Soon after the agreement was concluded, websites began to appear containing large quantities of Mr Azima’s hacked confidential emails and making allegations that he was a fraudster. RAKIA sued Mr Azima in England (the settlement agreement provided for this) alleging that Mr Azima had fraudulently represented to RAKIA that his business had made a substantial investment into the training school and that this had been relied on by RAKIA and had induced it to enter into the agreement.
One aspect of Mr Azima’s defence to the claim (and the aspect with which this article is interested) was that RAKIA had come to sue him as a result of the hacked materials, the hacking of which, he alleged, the Emirate/RAKIA was responsible for. Mr Azima relied on the hacking for various purposes in his defence, one of which was that, as the Emirate/RAKIA was responsible for the hacking, RAKIA should not be allowed to rely on this abuse of process and that the hacked evidence should be excluded.
The decision of the trial judge on the hacking issue
The trial judge considered Mr Azima’s allegations concerning the hacking of his emails at length in his judgment (there was no dispute at trial that Mr Azima had been hacked). He found that while Mr Azima had put forward a plausible theory concerning the hacking, that the story advanced by RAKIA which asserted their innocence of wrongdoing had not stood up under cross examination, and that certain inferences could be drawn against RAKIA through their failure to address relevant evidence, Mr Azima had nevertheless not established that the Emirate was responsible for the hacking and that there were various aspects of the evidence which pointed against that conclusion. The judge went on to uphold RAKIA’s claim against Mr Azima.
Mr Azima appeals
Mr Azima appealed numerous aspects of the judgment, including the judge’s findings made on the hacking claim. The Court of Appeal dealt with the hacking issues first and it did so by assuming for that purpose that Mr Azima’s claim that the Emirate/RAKIA was responsible for the hacking was true, that RAKIA had made use of those documents and that its witnesses had lied about how RAKIA had come by the documents.
Even adopting this hypothetical in favour of Mr Azima, the Court of Appeal still found that even if RAKIA was responsible for the hacking, that conduct would still not have resulted in the evidence being excluded. The general position is that evidence is admissible however it is obtained. The court has the power to exclude evidence, but in deciding whether to do so the court has to strike a balance between condemning the wrongdoing involved in unlawfully obtaining evidence and getting to the truth. As the court has a variety of means at its disposal to penalise wrongdoing (for example, through the award of costs against the party who has committed it), the balancing exercise will usually come down in favour of the evidence being admitted.
It seems particularly relevant to the Court of Appeal’s analysis that the allegations made against Mr Azima were very serious (fraudulent misrepresentation inducing a substantial payment) and that the documents which he complained were hacked were documents that were relevant to the claims made by RAKIA in the proceedings and which he would have to disclose in the litigation in any event. There is little doubt that Mr Azima would not have obtained an order before a trial preventing the use of the documents when the hacking claim was still to be determined, so there was no basis to exclude the documents from the trial if it had been established that the documents had been hacked.
Is the law consistent in its treatment of hacking? Hacking is a crime, yet you can commit that crime but still use the fruits of it to prove a civil claim. In Hounga v Allen, a case about illegality,Lord Hughes noted that “the law must act consistently; it cannot give with one hand what it takes away with another, nor condone when facing right what is condemns when facing left.” Yet in all but the most extreme case, the courts will remain disinterested in how the evidence came into a party’s control. Given the very serious nature of the intrusion in a person’s private life and the harm that hacking can cause the victim, and the increasing prevalence of hacking and cybercrime more generally, one has to question whether the court’s approach sends the right message.
If you have any questions about these issues please get in touch with a member of the team or speak with your usual Fox Williams contact.
You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications.