In the third day of a judicial review of the legality of the search of Kim Dotcom's Coatesville mansion earlier this year, Auckland High Court has heard evidence from a member of the Police's Electronic Crime Laboratory (ECL) on Dotcom's ability to destroy digital evidence on his property.
This is crucial to determining the legality of the raid on Dotcom's house, as the Police earlier testified that Dotcom's ability to tamper with potentially incriminating data in part led to the use of helicopters, the Special Tactics Group and Armed Offenders Squad.
Allan Langille, supervising analyst at ECL, confirmed for the court that while preparing for the January raid (with which he was involved in for a month before Dotcom's arrest) concerns were raised that Dotcom would be able to remotely wipe data on his property.
"All my career when we attend scenes with digital evidence, considerations are given to damage to data," says Langille.
"It's as simple as someone destroying an electronic device, this happens quite often in drug searches where phones are destroyed."
Langille told the court that investigators were particularly worried that Dotcom would have software running that would destroy evidence and then proceed to warn others over the internet , which Justice Helen Winkelmann described yesterday as a "doomsday button".
Winkelmann ruled in June that the copying and transportation of Dotcom's data overseas by the US was illegal. Langille was asked if it was common practice not to recover the data at the ECL in New Zealand.
"Would you say this was not like the ordinary, where you would be involved in the triage of the data. That your responsibilities ended with securing the data for the FBI," asked Dotcom's lawyer Paul Davison QC.
To which Langille replied: "Yes, that would be a fair assessment."
Langille told the court his team was given very limited information on the raid, and the data they were expected to collect. A briefing which took place on 18 January, involving two FBI agents, was the first time he was told about the property they were going to target.
Langille also said at the briefing it was made clear that the operation was top secret. Once he was aware of Megaupload and Kim Dotcom, he said he and his staff were told not to go on megaupload.com because "they didn't want a trail of police on there."
Asked if it would not have been possible to merely cut off Dotcom's access to the internet instead of raiding his property in the manner that it was, Langille said that was an oversimplification.
"We would need to identify the different ISPs, provide those companies with sufficient details, and they would have to shut off everything that was required to be shut off," says Langille
Davison challenged this statement.
"I realise it's not just a throwing of the switch, but certainly it wouldn't be beyond the ability to those with the skills to do so?" asked Davison.
Langille went on to agree with this assertion.
Further evidence is being heard today, including technical information on CCTV footage and its recovery.
See Computerworld's coverage of the first two days of the hearing: