Digital evidence can be compelling in court or at the settlement table, but it’s absolutely critical to understand that there is a right way and a wrong way to capture, preserve and present this type of evidence.

By Nicolas Himonidis, Private Investigator, and Paul Lewis, Data Forensic Expert

Many online advertisements promote spyware that can secretly track and record an estranged spouse’s computer key strokes, website visits, e-mail and text message activity. But little or nothing is said about the legality of this conduct.

People assume that if the product is sold on the internet, by a “reputable” company here in the U.S., that it must be legal for their divorce case. Think again.

The interception of electronic communication, without the consent of the sender or the receiver, constitutes a Class E Felony in New York, punishable by up to four years in prison – and there are recent examples of people going to jail for this conduct.

A pending divorce or custody battle doesn’t change this fact, but it certainly seems to make people forget or ignore the law.

Sometimes computer monitoring with the use of such “spyware” is legal, but those situations are very limited. For example, it is legal for a parent to keep tabs on the online activity of a minor child. The same goes for employers whose workers have consented to such monitoring via computer usage policies or other employee agreements. For most other purposes, spyware that monitors and records the activities of anyone without their knowledge and consent is simply illegal.

Technology is moving the battleground of modern divorce and custody actions into the digital domain. The search for hidden assets, indiscretions or evidence affecting custody issues has become largely a digital affair. Digital evidence can be compelling in court or at the settlement table. In a recent survey conducted by The American Academy of Matrimonial Lawyers, more than 90 percent of those polled reported seeing a spike in the use of social media evidence, text message and other digital evidence in divorce cases over past three years.

A Right Way and a Wrong Way

It’s absolutely critical to understand that there is a right way and a wrong way to capture, preserve and present this type of evidence – and the use of computer spyware is almost never the way to go.

Spouses resorting to such tactics are not only committing a felony in many jurisdictions, including New York, but they are wasting their time and their money and taking this serious legal risk for no reason. Under the New York Civil Practice Law and Rules, any information obtained in this manner, no matter how relevant, is inadmissible in court.

“It is truly scary how many aggrieved spouses these days are turning into cyber spies to find information about their partners,” said Nicholas G. Himonidis, an attorney and head of Investigations for T&M Protection Resources. “Scary because many of these people don’t realize they are committing a crime that people have gone to jail for. The proper way to obtain this type of digital evidence is through forensic examination by experts.”

Rulings in New York and other states support the right of a spouse to obtain any and all information on the hard drive of a family computer that is present in the home, and by extension this includes smart phones and other devices. This is very different from the real-time interception made possible by spyware.

One of the frequently cited New York court cases on this issue is the 1996 New York Supreme Court, Kings County, case of Byrne v. Byrne. The court ruled that the wife, who had her husband’s company-issued laptop cloned by a computer forensics expert, was entitled to all the information relevant to the divorce that was accessible on the laptop’s hard drive. The laptop was company property, but of significance to the court was the fact that her husband brought the laptop home every night. The court reasoned that a computer in a couple’s home is legally equivalent to a filing cabinet because each spouse had access to that computer just as either could physically access a filing cabinet in the home – locked or unlocked.

Accordingly, information on the hard drive of a computer in the home is fair game, and obtaining a forensic image of a hard drive to preserve that data, even without the other party’s knowledge, is a perfectly legal and useful tactic in divorce cases.

“In New York, judges since the Byrne case have upheld a spouse’s right to access digital evidence contained on computers in the marital residence,” said Mr. Himonidis. “Forensic imaging of hard drives and other devices provides preservation of all digital data including emails and other communications, but is not deemed to be an “interception” that falls under Eavesdropping statutes. Depending on the device(s) in question, the user’s habits and configuration issues, forensic acquisition and analysis could yield the same or even more evidence than one could obtain with spyware and without the risk of criminal charges or the information being thrown out of court.”

Forensic acquisition of a computer hard drive or other electronic device(s) for any legal case should be done by experienced and certified computer forensic professionals. T&M’s data forensic team are proven experts who are skilled in extracting the information in compliance with data and privacy laws and handling the data according to chain-of-custody and court-accepted processes to ensure that it is admissible in court.

“When retaining a data forensics expert, it is important to select a firm that has direct experience with electronically stored data and the legal process,” said Paul G. Lewis, Vice President of Data Forensics and Information Security at T&M. “Today, many folks know a great deal about computer systems, but it is important to remember that this is not a computer problem. It is an investigation that just happens to involve electronic information.”

Many IT companies are quick to tout how they can be of value, but without a concrete working knowledge of the legal and regulatory issues, the outcome could be a disaster for the client.

“Electronically stored information is very fragile. If it is not handled in strict accordance with accepted forensic evidentiary procedures, one may find the evidence inadmissible on these grounds.” adds Lewis. “In addition, if the matter crosses state lines or expands into another country, which happens routinely in even small matters once data is exposed to the internet, the data privacy and data protection laws of each jurisdiction must be thoroughly understood.”

Many popular “spyware” programs are exceedingly difficult to detect once installed on a computer or a smartphone. Scans of live systems with even the best in class anti-virus and anti-spyware programs often fail to detect them. If you believe that spyware has been installed on your computer or smart phone, the forensic experts at T&M can identify and remove this malicious software and may be able to provide evidence of when it was installed on the device and who may have installed it.

Here are some signs that spyware may be at work:

  • The computer is slow when saving files or opening programs, certain keys don’t work anymore and error messages and pop-up ads are more common.
  • The web home page is different from usual and the browser has been hi-jacked, bringing you to un-chosen websites.

To protect yourself, you should:

  • Change all your online passwords and other personally identifiable information that may have been collected by software that records your every keystroke. Be sure to use a computer that is not suspected of having spyware installed. For example, if you believe your home computer has spyware, consider using a computer at the office or in a public location, such as a library, to change passwords and other personal information.
  • Never use the same login ID and password for two different online services. For example, your brokerage account credentials should be completely different than your LinkedIn credentials. If one online service is compromised, you do not want the hackers to have a user ID and password that works somewhere else.
  • Never install any new software without first verifying its source and don’t click on links in pop-up ads or unsolicited emails that advertise software that combats spyware.


Nicholas G. Himonidis, J.D., CFE, CCFS is Vice President of Investigations at T&M Protection Services and has an extensive background in private investigations, computer forensics and law. He has participated in, conducted and supervised the investigation of thousands of cases, including complex financial frauds, civil RICO claims, fraudulent asset transfers, bankruptcy fraud, insurance fraud and a variety of other economic/white collar crimes.

Paul G. Lewis is  Vice President, Data Forensics & Information Security  at T&M Protection Services. He is a court appointed expert witness with vast experience in computer systems and electronically stored information. Mr. Lewis has led his teams on many high-profile data forensic legal matters around the world.