In 2017, the Singapore Court of Appeal held that information that is confidential and privileged and which had been obtained via hacking and subsequently publicised on the internet does not lose its confidential nature. This decision is crucial in light of the pervasiveness of cyberattacks in recent times. This decision also demonstrates that the Court will view disfavourably any attempts to use confidential and privileged information in court proceedings against parties who had lost such information through no fault of their own (such as being victims of hacking).
HT S.R.L ("HT"), an Italian company specialising in security technology, had commenced an action in the High Court of Singapore against its ex-employee, Wee Shuo Woon ("Wee") for, inter alia, breach of his employment contract.
After the commencement of these legal proceedings, HT's servers were hacked by an unknown third party and the stolen information was uploaded on WikiLeaks. There was no evidence to implicate Wee in the hacking.
The stolen information included emails between HT and its solicitors with respect to the legal proceedings commenced by HT against Wee ("Emails").
Wee obtained the Emails by accessing WikiLeaks. Using these Emails, which he exhibited in his Affidavit filed in Court, Wee applied to strike out HT's claim against him. Thereafter HT filed an application in Court for an order for all references to the Emails in Wee's Affidavit and copies of the Emails annexed to Wee's Affidavit to be expunged.
HT's application to expunge the Emails and all references to the Emails in Wee's Affidavit was granted at first instance. This decision was upheld on appeal by a High Court Judge. Wee then appealed again against the High Court's decision and the matter was heard before the apex Court of Appeal.
Court of Appeal's decision
The Court of Appeal upheld the decision below and held that all references to the Email in Wee's Affidavit should be expunged.
In arriving at its decision, the Court of Appeal succinctly set out the difference between privilege, confidence and admissibility. In this case, the parties did not dispute that the Emails were privileged and constituted confidential information. However, it is well established that privilege is asserted by a party to withhold disclosure of information. In this case, the Emails had already been obtained by Wee. Therefore, the Court clarified that it was no longer an issue of privilege but of admissibility.
However, as a general rule, the law of confidence does not protect information which is in the public domain. Accordingly the key issue before the Court of Appeal was whether the Emails had lost their confidential character and whether the Court should restrain the use of the Emails.
The Court of Appeal however found that even though the Emails had been uploaded to WikiLeaks they were not in the public domain (and therefore still retained their confidential character) due to the following:-
(a) The Emails constituted a very small part of all the information that had been stolen and uploaded on WikiLeaks; and
(b) It was highly likely that very few people knew of the presence of the Emails in the information that had been uploaded on WikiLeaks and it would be a time-consuming task to scan through the information to discover and identify the Emails.
This decision elucidates that confidential and privileged information that becomes technically accessible by the public does not automatically lose that status. Instead, the Court would consider the accessibility of the information and whether the information may be easily identified. It is also clear that the Court's decision was influenced by the consideration that a victim of cybercrime should not be exploited by a litigant even if the litigant was not involved in the cybercrime.