Fed. R. Evid. 901 states that to satisfy the requirement of authentication, the proponent must, (1) produce evidence, and (2) demonstrate that the evidence produced is sufficient to support a finding that the evidence is what the proponent claims it is. The following list is a non-exclusive list of examples of evidence that satisfies this requirement:
- Testimony of a witness with knowledge;
- Non-expert opinion about handwriting;
- Comparison by an expert witness or trier of fact;
- Distinctive characteristics and the like;
- Opinion about a voice;
- Evidence about a telephone conversation;
- Evidence about public records;
- Evidence about ancient documents or data compilations; and
- Evidence about a process or system; and methods provided by a statute or rule.
Fed. R. Evid. 902 states that the following items of evidence require no extrinsic evidence for authenticity in order to be admitted:
- Domestic public documents that are sealed and signed;
- Domestic public documents that are not sealed but are signed and certified;
- Foreign public documents;
- Certified copies of public record;
- Official publications;
- Newspapers and periodicals;
- Trade inscriptions and the like;
- Acknowledged documents;
- Commercial paper and related documents
- Presumptions under a federal statute;
- Certified domestic records of a regularly recorded activity; and
- Certified foreign records of a regularly conducted activity.
During your case-in-chief, you will have to present evidence that has been authenticated. Evidence that is not properly authenticated is inadmissible. Authenticating evidence is guided by the Fed. R. Evid. Many states have adopted or closely mirrored the Fed. R. Evid., but check your local rules to be absolutely sure you are complying the correct rules and procedures.
There are many methods to authenticate your evidence, but there are some major ones that should be utilized first. The first method for authentication is calling a witness that was there when the evidence was created. This witness can provide testimony that will fall under Fed. R. Evid. 901(b)(1). The second method would be to question a witness who has handled the evidence. This could be anyone in the chain of custody that has dealt with the evidence. This testimony would also fall under Fed. R. Evid. 901(b)(1). Also, you can call a witness with personal knowledge of the item. For electronically stored information, (hereinafter referred to as “ESI”) testimony with knowledge of the subject could provide testimony or an expert witness to compare the evidence to something that has already been admitted. There are numerous authentication methods in general, specifically for ESI that we will cover in this presentation.
Courts are facing challenges and hurdles that are being presented through the ever-changing modern technology. With a release or utilization of a new technology, another problem arises with regards to authentication. Most of the changes and procedural concerns are now within the context of ESI, and that’s where the focus of this presentation is going to be.
With the attempts at adjusting the Fed. R. Evid., to the ever-changing technology, the courts have interpreted them quite a few different ways. This has led to a lot of confusion and unpredictability in the legal world. The challenges that are being presented are never ending. With ESI and authentication, problems that can arise include incomplete data entries, mistakes in output instructions for the data, programming errors, damage or contamination of data, and equipment and technology malfunctions. The biggest problem that the courts have recognized though is the ability of ESI to be manipulated.
There are numerous types of ESI as well. ESI includes e-mails, social media evidence, browser history (which may lend itself to prove a certain use in control of technology, timestamps, etc.), geological data (cell towers, GPS, and Wi-Fi data), cloud computing information; and ephemeral electronic data.
2. Getting Data Into Evidence
Getting the data into evidence will depend upon how you receive the data. For instance, Twitter’s website (in reference to Twitter accounts or Vine) states that its data production comes in electronic format capable of viewing by common word processors such as Microsoft word. Additionally, the website mentions that its records are self-authenticating and come with an electronic signature to ensure the integrity at the time of production. A declaration will be provided upon request.
Even if subpoenaing one of these providers or a social media outline in general, it is wise to seek consent first. The SCA allows the provider to provide the user’s records with “the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service …” A well drafted consent form should include the account holder or user’s name, any user id or known screen name, along with the person’s date of birth and address, including email address, as many providers require this information anyway. The consent should also include a detailed description of what information is targeted and a notarized signature of the consenting party.
If you are not receiving the data as part of a response to a subpoena, you have other options. You could take printouts of the video similar to photos taken from social media websites. However, beware that most of these video sharing outlets allow for pseudonyms and nickname, which makes the biggest challenge the issue of who uploaded the video. Additionally, these could be played in court from the sender’s or recipient’s video sharing account with corroborative testimony. This may be the better option depending on whether a still image can capture the behavior you are attempting to prove. Be prepared with your Fed.R.Evid. 101 and 904(b) methods of authentication and applicable exceptions to hearsay.
The level of proof to authenticate ESI varies from jurisdiction to jurisdiction. In People v. Charlery, there was a detective who retrieved and printed hotmail messages. He testified as to the process of retrieval and this satisfied the authenticity requirement. Other jurisdictions will require more strenuous proof on the reliability of the computer processing system. Some jurisdictions have allowed distinctive characteristics to authenticate ESI, such as, profile pictures on social media accounts.
It is also important to recognize how the courts look at evidence, and whether they determine data as inaccessible or accessible. Within the context of ESI, there are four types that the court in Zubulake v. UBS Warburg LLC, determined as inaccessible and accessible in discovery. In Zubulake, the defendant estimated that the cost of producing evidence in this case would be $175,000, not including attorney fees, and that given the volume of producing such information would produce a high likelihood of inadvertent disclosure. In determining whether the data was inaccessible or accessible and who would bear the costs for production, the court identified four major types of ESI data. The first is active, online data. This type of data is generally accessible, and there will be minimal effort in restoring or accessing this information. For active and online data, it is generally stored on a magnetic disk, and the information on it is usually in the early stages of storage. The early stages of storage refer to the time when data, documents, or any other evidence is being created, received, or processed. An example of this type of data would be a hard drive. Because of its accessibility, there is never really a need for any court to engage in a cost-shifting analysis for the purposes of discovery.
The second type data is near-line data. These types of data generally consist of a “robotic storage device that houses removable media.” The types of devices that are usually used to store and retrieve information and data are usually reading and writing devices. A prime example of near-line data would be an optical disc. This type of data is also generally and widely identifiable as accessible within the context of discovery.
The third type of data is offline storage/archives. This is generally a removable optical disk or magnetic tape media. This requires manual intervention to access the information. The main difference between the near-line and offline storage is that the offline data is essentially just a bunch of disks with data on them, such where as near-line data is controlled by an intelligent disk subsystem. The type of data is also generally identified as accessible in discovery.
The last type of ESI noted in Zubulake is fragmented or damaged data. Essentially, when files are created, there are applied to the storage media in clusters. When they are erased, the clusters are made available as free space. Some newer files become larger than the remaining free space, and are subsequently broken up throughout the disk. These types of files can only be recovered after significant processed, and is also generally identified as inaccessible for discovery purposes. Some courts will implement a cost-shifting analysis to determine whether the proponent should bear the cost of production. Most data, if it falls within the first two or three categories we just outlined, are considered accessible and there is no need to proceed to a cost-shifting analysis. In present day, you can store a massive amount of data and information, at a relatively inexpensive rate. This is something to keep in mind when conducting the discovery process.
A common objection to ESI evidence is found under Fed. R. Evid. 901 that the material is not authentic. The attorney should then proceed to various authentication techniques. These techniques include asking the owner or creator of the social media profile if the added the questioned content under Fed. R. Evid. 901(b)(1); formulating requests for admission with printout of the desired posts attached; third, you can bring in an expert to testify under 901(b)(3) or maybe even 901(b)(0); fourth, you can use distinctive characteristics under 901(b)(4); and finally, you could potentially use conditional relevancy under Fed. R. Evid. 104(a) and (b). Until there is a commonly accepted method of authenticating social media evidence, the practitioner should be prepared to meet the most exacting standards.
Again, an attorney must show that the proffered evidence of the alleged communication is an accurate representation of what was posted. 1981 ALR suggested the foundation should include:
- The reliability of the computer equipment used to keep the records and produce the printout;
- The manner in which the basic data was initially entered into the computerized record-keeping system;
- The entrance of the data in the regular course of business;
- The entrance of the data within a reasonable time after the events recorded by persons having personal knowledge of the events;
- The measures taken to insure the accuracy of the data as entered;
- The method of storing the data and the precautions taken to prevent its loss while in storage;
- The reliability of the computer programs used to process the data;
- The measures taken to verify the accuracy of the programs; and
- The time and mode of preparation of the printout.
Lately, courts have not had great difficulty in accepting that a printout or screen shot is an accurate representation of various online communications. In United States v. Catrabran the defendant contended that the computer printouts used against him were inaccurate, and he was able to show inaccuracies in the data. Despite this, the court concluded that the discrepancies merely went to the weight of the evidence. Indeed, one court has even stated that computer printouts, “have a prima facie aura of reliability.” Increasingly though, the only bar to the admission of ESI is finding the applicable hearsay exception.
In Firehouse Restaurant Group, Inc. v. Scurmont LLC., the plaintiff asserted that the printouts from various websites could not be properly authenticated. The defendant argued that most of the printouts contained dates and web addresses on them and “courts may consider ‘circumstantial indicia of authenticity’ such as the presence of the date and identifying web address for purposes of authentication.” The court concluded that these distinctive characteristics were sufficient to make a prima facie showing of authenticity.
Similarly, in United States v. Tank, it was held that chat room transcripts and printouts, much like emails, could be authenticated by the testimony of one of the participants in the online chat. Social Media has proved a little tougher for courts due to the ability to create a screen name. In LaLonde v. LaLonde, the wife argued in custody case that the photographs could not be authenticated “because Facebook allows anyone to post pictures and then ‘tag’ or identify the people in the pictures.” However, the court reasoned that, “there is nothing within the law that requires her permission when someone takes a picture and posts it on a Facebook page.” Also, no permission required to be “tagged” in a photo. The wife’s testimony that she was the person in the photographs and that the photographs accurately reflected her drinking alcohol was sufficient to meet the standard of authentication. It is important to keep in mind that all forms of evidence are subject to a possibility of alteration.
Specifically, e-mails can be authenticated by an admission secured by the author or the sender of the communication that they drafted or sent the communication. It will be given more weight to authenticity if a recipient or non-recipient of the communication had knowledge of it. Additionally, a witness with the knowledge of how the communication carrier sends and receives the information could help authenticate it, as well as information about how it might be stored.
Chat room communications or transcripts may be authenticated if the proponent demonstrates that, (1) the alleged sender had access to the appropriate computer; (2) the chats were conducted at the same time as the person in question admitted to communicate; (3) the chats were being conducted using a screen name created by the person in question; and (4) the content of the chats were similar to what the person in question admitted to.
The internet, websites, and etc. raise three main questions when they face authentication. The first question is what was actually on the website? Then second, does the exhibit or testimony accurately reflect it? And last, if it does, is it attributable to the owner of the site? Circumstantial indications that the information was posted by the owner may be sufficient. This would include distinctive website designs, logos, photos, or other images associated with the owner, the content of the webpage is ordinarily the type of content posted, the content has been republished elsewhere and attributed to the website, and the length of time the information had been posted. All of these factors favor heavily into authentication if the information can be discovered.
An uncommon method of authentication for ESI is judicial notice under Fed. R. Evid. 201(b). The use of judicial notice can alleviate the expenditure of resources in the authentication process. Under 201(b) a court may take judicial notice of a fat if it is not subject to reasonable dispute. In United States v. Brooks , the defendant challenged the admissibility of GPS data that was presented at trial. The court took judicial notice of the reliability and accuracy of the GPS technology, stating that, “[c]ourts routinely rely on GPS technology to supervise individuals on probation […] and, in assessing the Fourth Amendment constraints associated with GPS tracking, courts have general assumed the technology’s accuracy.”
Courts have been willing to admit government websites and any data included therein because they recognize that reports and information from such sources cannot be reasonably disputed among the parties. This is a recognized legitimacy that courts will not hesitate to authenticate and admit. However, courts have also recognized a request for judicial notice for private web pages in certain scenarios. These requests have not been recognized to the same degree of frequency and ease as the government websites and information though for obvious ownership and manipulation reasons. But there are certain cases where it happens.
In O’Toole v. Northrop Grumman Corporation, the court took judicial notice of a retirement fund’s earning history from the respondent’s website because the company failed to explain why the information from their website was unreliable.
There is an array of cases that demonstrate and contemplate the current rules of evidence that we’ve discussed thus far.
In Campbell v. State, the court upheld the admission and authentication of Facebook messages in a domestic assault case. The court asserted that Facebook presents an authentication concern that is twofold. First, because anyone can establish a fictitious profile under any name, the person viewing the profile has no way of knowing whether the profile is legitimate. The second concern is that any person may gain access to another person’s account by obtaining the user’s name and password. The person viewing the profile cannot be certain that the author is in fact the profile owner. However, the most appropriate method for authenticating electronic evidence, as with any kind of evidence, will often depend on the nature of the evidence and the circumstances of the particular case. The appellate court held that the contents of the Facebook messages provide circumstantial evidence supporting the trial court’s ruling.
In United States v. Lanzon, the court upheld the admission of instant messaging transcripts with the defendant and an undercover agent. The defendant argued that copying the instant messaging conversations into a word document altered the conversation such that they could not be authenticated. The court rejected this argument under Fed. R. Evid. 901(b)(1) stating that the proponent need only to present enough evidence to make out a prima facie case that the proffered evidence is what it purports to be.
In Griffin v. Maryland, the court analyzed a MySpace printout that was admitted into evidence. The printout contained the birth data, photo, number of children, and nickname of the person in question. The trial court stated that it should be allowed by the virtue of its disclosing knowledge of facts known particularly to him. The Maryland Court of Appeals would eventually reverse the decision of the trial court because “facts known peculiarly to him” could have been easily duplicated by another user in this instance.
In People v. Lenihan, the mother of the defendant in a murder case downloaded photos from the government witness’s MySpace page four days after the shooting. The court found the defendant’s foundation improper in light of the ability to photoshop, edit photographs, and the fact that the defendant did not know who took the photographs or who uploaded them.
In People v. Clevenstine, the state presented testimony from a computer forensic analyst and a legal compliance officer from MySpace in an internet sexual assault case. The legal compliance office was able to provide testimony that satisfied the Griffin court’s concern that the messages were originated from the MySpace account, and he satisfied the Williams court’s concern about access and use of the profile. The court stated that under Fed. R. Evid. 104(b), that the trier of fact could weigh the reliability of the MySpace evidence against the possibility that an imposter generated the material in question.”
In United States v. Hassan, the two defendants challenges the courts admission of screenshots of Facebook profiles and related files (videos from YouTube), on authentication grounds. The trial court ruled that the screenshots were self-authenticating as records of regularly conducted activity. The evidence also was appropriately authenticated because of the e-mail addresses and IP addresses linking all the evidence together. Record custodians from Google and Facebook certified the screenshots; the court ruled that the lower court did not abuse its discretion.
In State of Hawaii v. Espiritu, the court considered text messages to be a ‘writing’ under Fed. R. Evid. 1002. The court found that the original messages were lost or destroyed. Nevertheless, the court concluded that the text messages were admissible via the complainant’s testimony under the state equivalent of Fed. R. Evid. 1004, finding that 1004 is ‘particularly suited for electronic evidence’ because of the many ways it can be deleted or lost. Fed. R. Evid. 1004 states that an original is not necessary and “other evidence of the content of a writing, recording, or photograph is admissible if all the originals are lost or destroyed, and not by the proponent acting in bad faith.”
3. Recent Changes in Rules & Procedures
There are many people and courts that have very different opinions about how the courts and the legislature should approach a uniformity of rules for ESI. There are widespread inconsistent determinations of threshold authenticity for ESI. There are three main proposed remedies for the problems which include: (1) higher standards of authentication; (2) procedural modifications; and (3) maintain the current rules. But should there be different standards for ESI and physical replications of such ESI evidence?
The approach that addresses changes the threshold follows two main trains of though. The first one is setting a higher standard for authentication of social media and other ESI. The second one is to use the standard threshold requirement, and defer competing accounts of reliability to the fact finder. The idea for the approach that focuses on the threshold is that any inconsistencies will eventually work themselves out via case law. The rules currently, if being applied correctly, should result in courts admitting clearly authentic evidence, rejecting clearly inauthentic evidence, and having the trier of fact determine the authenticity of everything in between.
The argument for raising the standard to a higher standard of authentication focuses on Griffin v. State. In this case, the court looked at whether several pages printed off of the defendant’s girlfriend’s MySpace profile were properly authenticated. The picture of the defendant’s girlfriend, along with her birth date and location, were not sufficient enough “distinctive characteristics” to authenticate the printout of the page due to the high risk of manipulation. The court was looking for proponent to prove that there is no way that anyone else other than the defendant’s girlfriend that could have created the MySpace Profile. The lesson learned from this case is that due to the potentiality of manipulation, the standard for authentication should be raised in order to avoid any of those concerns. Absent a new set of standards that raises the bar for authentication, how should evidence like this be administered with the existing rules?
There is also a proposal that the standard threshold remain the same, and to just defer the weight of the evidence to the fact finder. In Tienda v. State, the court considered the admittance and authenticity of the printouts from a MySpace page that the defendant purportedly owned and maintained. The page referenced multiple times to the homicide that the defendant was on trial for. The appellate court in that case found that the lower court had not abused its discretion in admitting the printouts because a reasonable juror could find that the defendant created them. The court considered the possibility of forgery or manipulation of the MySpace, but given the scenario’s likelihood and weight, it should be considered by the jury.
4. New Developments in Rules & Procedures
Given the unpredictability and the wide variety of results in judicial decisions concerning authenticating ESI, there have been new rules proposed that would supplement the archaic rules. Proposed rule 902 (13) addresses some of the concerns that many have about the current rules and how they address modern day evidence such as ESI. Proposed Rule 902 (13) addresses Certified Records Generated by an Electronic Process or System. The specific language of the rule would state that:
i. The original or a copy of a record if the record was generated by an electronic process or system that produces an accurate result, as shown by a certification by a qualified person that complies with the certification requirements of 902(11), 902(12), a federal statute, or rule proscribed by the Supreme Court; and
ii. The proponent must give an adverse party reasonable notice of the intent to offer the record, and must make the record and certification available for inspection so that the party has a fair opportunity to challenge them.
There are many comments and considerations for proposed rule 902 (13). One is that this provides an alternative to authentication for electronic evidence other than having to use a foundational witness. Additionally, under this rule, a proponent must present certification that would be sufficient to establish authenticity were that information provided by a witness at trial.
There is also a proposed Rule 902 (14) that should be considered. Proposed Rule 902 (14) discusses Certified Copies of Electronic Devices, Storage Media, or Files. The specific language of the proposed rule states that:
Data Copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or 902(12). The proponent also must meet the notice requirements of Rule 902(11).
This amendment would allow copies of electronic data to be certified through the authentication of a ‘hash value.’ A hash value is a unique alpha-numeric sequence of 30 characters. Copies of files have identical hash values, and therefore can be determined to be exact duplicates and authentic through the analysis of the metadata.
Without a doubt, the addition of these two rules would allow for a more uniformed approach to authenticating electronic evidence. There is concern that there is too much overlap with existing rules. Specifically, that the proposed rules 902(13) and 902 (14) would create major problems with other provisions of 902, 901, 104 (a) and 104 (b). There is also a very legitimate fear that the proposed rules, if enacted, would soon be outmoded by future technological advances. Essentially, the concerns culminate into one major theme – the proposed rules do not represent the all encompassing, test-of-time mentality that the Fed. R. Evid. were designed with.
Additional Relevant Publications & Articles:
i. Friedman, Robert, Understanding Counsel’s Obligations and Challenges in the E-Discovery Process. 2011 WL 2941027 *1. Thomson Reuters/Aspatore, available at Westlaw.
ii. Thomson, Lucy L., Mobile Devices New Challenges for Admissibility of Electronic Evidence, ABA SciTech Law., Winter/Spring 2013, at 32.