Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Authentication of Social Media Evidence

By Richard Raysman and Peter Brown
December 21, 2011

More than 250 million photos are uploaded per day on Facebook, and in all, billions of links, blog posts and other content are shared among users each month. With the staggering amount of electronic communications exchanged on social networks, lawyers quickly realized that these portals are a valuable repository of potential evidence ' snapshots of the past and present ' that can be used for impeachment purposes against parties and witnesses.

However, given the possibility of impersonation and digital fabrication in the online world, the information displayed on social media profiles is not immediately verifiable and presents issues of authentication and admissibility under the Federal Rules of Evidence. In the judicial context, printouts of messages, postings and photographs from a particular social media account generally require additional corroboration that links the printouts to their purported creator before a court will allow such material into evidence.

Federal Rules of Evidence

More and more, parties are attempting to introduce social networking communications into evidence. Beyond other admissibility obstacles, such as hearsay or relevance, a piece of evidence must satisfy Fed. R. Evid. 901 (or the state equivalent), which applies in both civil and criminal proceedings, and mandates that the material offered is “authentic,” or what the proponent claims it to be.

Authentication is not a rigid process, but may be accomplished in numerous ways, some of which are prescribed in Rule 901(b). For example, a document may be authenticated by direct proof, such as the testimony of a witness with knowledge that the offered evidence is authentic. See, e.g., United States v. Gagliardi, 506 F.3d 140, 151 (2nd Cir. 2007) (http://bit.ly/tFORcm) (chat room logs properly authenticated as having been sent by the defendant through testimony from witnesses who had participated in the online conversations). In the alternative, as often is the case with electronic communications, the movant may provide circumstantial evidence of authenticity, that is, offer testimony about the distinctive characteristics of a message when considered in conjunction with the surrounding circumstances. See Rule 901(b)(4).

When looking at circumstantial evidence about social media postings, a court might consider such things as: 1) the consistency of the offered message with another message or posting made by the alleged author; 2) the author's awareness of the conduct in question as shown in the details of the message; 3) the message's inclusion of similar requests that the alleged author had made via phone or other communication during the relevant time period; and 4) the message or posting's reference to a little-known nickname or other intimate piece of knowledge. See generally, United States v. Siddiqui, 235 F.3d 1318, 1322-23 (11th Cir. 2000) (http://bit.ly/t7fzyG).

Implicit in recent court decisions regarding electronic evidence is the concept that e-mails, text messages and social media data are subject to the same requirements for authenticity as traditional paper documents. Even though online and social media communications offer unique opportunities for fabrication, such electronic evidence is still evaluated on a case-by-case basis as any other document to determine whether there has been an adequate foundational showing of its relevance and authenticity.

The potential for tampering with electronically stored information on a social networking site poses challenges from the standpoint of authentication. In general, a party's name written as the author of a social media posting or message site is not sufficient alone to authenticate the electronic communication as having been authored or sent by that party. The need for authentication arises because anyone can masquerade under another person's name or otherwise gain access to another's account (or mobile phone). While e-mails and instant messages can be sent and received from any computer or smartphone, text messages are sent from the mobile phone bearing the sender's number and transmitted to the phone associated with the recipient's number. However, as with social media and e-mail accounts, mobile telephones are not always exclusively used by the person to whom the phone number is assigned, creating procedural hurdles. Compare State v. Koch, 2011 WL 4336634 (Pa. Super. Sept. 16, 2011) (detective's description of accurate transcription of defendant's text messages is insufficient for purposes of authentication where the State conceded that defendant did not author all of the text messages on her phone) with Dickens v. State, 175 Md. App. 231 (2007) (http://bit.ly/vxgyGF) (threatening text messages received by victim on cell phone contained details few people would know and were sent from phone in defendant's possession at the time). Even with password protection, account holders often remain logged in with their computers and smartphones unattended, and despite best efforts, accounts and computers are always subject to being infiltrated by hackers. Moreover, digital photographs posted online can be altered with readily available software. See, e.g., People v. Lenihan, 30 Misc.3d 289 (N.Y. Sup. Ct. 2010) (http://bit.ly/uSK3Nj) (defendant properly precluded from confronting witnesses with printouts of MySpace photos depicting him in gang clothing because of the easy ability to digitally edit photographs on the computer). Consequently, proving only that a message or photograph came from a particular account or device, without further authenticating evidence, is inadequate proof of authorship or depiction.

Social Media Evidence

Broadly speaking, a social network allows its members to share information and enables interpersonal contacts through an online portal. A user's profile page might include various content, including pictures, videos, blogs, messages, and lists of “friends,” political causes and leisure pursuits. On social network sites such as Facebook, users exchange information about their personal lives, post commentary about what they are doing or thinking and offer a “wall” on their profile page where friends and others can post open messages. Often, users post celebratory messages immediately following a meaningful event, communications that later might turn into potentially relevant evidence in a civil or criminal proceeding, whether it be incriminating photos or frank admissions.

Prior to the existence of social media, courts wrestled with early online communication modes, such as Internet chat rooms. For example, in United States v. Simpson, 152 F.3d 1241 (10th Cir. 1998) (http://bit.ly/rP9cdA), the court held that there was ample circumstantial evidence to authenticate printouts of the content of chat room discussions, including the use of the e-mail name of the defendant and the presence of the defendant's correct address in the messages, as well as notes seized at the defendant's home containing the address, e-mail address and telephone number referenced in the online discussions. In the last several years, courts have applied the principles surrounding earlier forms of electronic communications to social media.

In Griffin v. State, 419 Md. 343 (2011) (http://bit.ly/uew0ai), a criminal defendant argued that the State did not appropriately authenticate pages printed from his girlfriend's MySpace profile that allegedly outlined threats to a trial witness because the State failed to offer any extrinsic evidence about how the police obtained the printouts in question and how they were linked to the defendant's girlfriend. The Maryland Court of Appeals agreed and remanded the case for a new trial. The court held that the State failed to lay a proper foundation for the MySpace pages, stressing that “the potential for abuse and manipulation of a social networking site ' leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication ' .”

The court concluded that even though the social media profile contained a picture of the defendant and his girlfriend and her correct birth date and location, these were insufficient “distinctive characteristics” to authenticate the printout, given the prospect that an impersonator not only could have created the site, but also authored the threatening posting. Interestingly, the dissent criticized the majority opinion stating the “purpose of authentication is to ' filter untrustworthy evidence” and that the majority's concerns about social network hacking should go less to the admissibility of the evidence but more to the weight given by the factfinder, arguments that could be further fleshed out through cross-examination or rebuttal testimony.

Similarly, in State v. Eleck, 23 A.3d 818 (Conn. App. 2011) (http://bit.ly/uOlW2m), a defendant sought to introduce into evidence Facebook messages purportedly authored and sent by a key prosecution witness that would impeach her credibility. The defendant claimed that he printed the exchange of messages directly from his own computer and had recognized the witness's user name because she had added him as a Facebook “friend” a short time before he received the message and then removed him as a friend after testifying against him at the trial. He also argued that the content of the messages identified the witness as the author since the text hinted at knowledge of the pending case.

The State objected on the grounds that the authorship of the messages could not be authenticated, particularly in light of the witness's testimony that her Facebook account had been hacked. In refusing to authenticate the message printouts, the court noted the “general lack of security of the [social network] medium” that raises an issue as to whether a third party may have sent the messages via the witness's account and stated that it was incumbent on the defendant to advance other foundational proof to authenticate the proffered messages. The court also remained unconvinced that the references in the messages to an acrimonious history between the witness and the defendant provided distinctive evidence of the message's author or contained information only the witness would have possessed about the character of their relationship.

The reluctance of courts to admit social media profiles without ample circumstantial evidence attesting to their authenticity has led certain parties to take great care in presenting such exhibits. In one case, People v. Clevenstine, 68 A.D.3d 1448 (3d Dept. 2009) (http://bit.ly/sRaIkY), the defendant argued that the hard drive containing electronic communications that were exchanged between him and the crime victims via instant message was improperly admitted into evidence. In affirming his conviction, the New York appellate court explained the methodical path the prosecution took to authenticate the incriminating MySpace messages: Witnesses testified that they had engaged in instant messaging with defendant through MySpace, a police investigator related that he had retrieved such conversations from the hard drive of the computer used by the message recipients, a legal compliance officer for MySpace explained that the messages had been exchanged by users of accounts created by defendant and the victims, and the defendant's wife testified about messages she viewed in defendant's MySpace account on their home computer.

The court ultimately rejected the defendant's argument that an unknown person accessed his account and sent the messages. Notably, and in contrast to Eleck and in agreement with the dissent in Griffin, the New York court stated that, under the facts of the case, the likelihood of such a scenario presented a factual issue for the jury in reaching its verdict. Indeed, a prior New York appellate court similarly held that an exchange of computer instant messages was properly authenticated, despite the defendant's suggestion that an imposter had accessed his account. See People v. Pierre, 41 A.D.3d 289 (1st Dept. 2007) (http://bit.ly/vLofZH) (where a person sent an instant message to a screen name and received a reply, the content in response supported the conclusion that the message was sent by defendant, and no evidence was admitted to show anyone else had motive or opportunity to impersonate defendant by using his screen name).

Conclusion

The landscape of electronic evidence continues to take shape, particularly with the proliferation and innovation of social media technology. To prepare to address authentication issues associated with social media and other electronic evidence, counsel should identify each category of electronic evidence to be introduced. Then, he or she should determine what courts have required to authenticate this type of evidence, and carefully evaluate the methods of authentication identified in Federal Rules of Evidence, as well as consider requesting a stipulation from opposing counsel attesting to the veracity of certain social media evidence. With this in mind, counsel can choose the most effective method of authentication ' testimony, affidavit, admission or stipulation ' and be prepared to cite authority to support the selected method and rebut allegations that the social media account in question is fraudulent or compromised. See generally, Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 562 (D. Md. 2007). Indeed, the inability to get electronic evidence admitted because of a failure to authenticate it is a self-inflicted injury that can often be avoided by thoughtful advance preparation. Id. at 542.

Possible avenues for authenticating social network profile postings printed from a social networking site will continue to develop as more parties seek to use such information, but some helpful methods include:

  • Testimony from the purported creator of the social network profile and related postings;
  • Testimony from persons who received the messages;
  • Testimony about the contextual clues and distinctive aspects in the messages themselves tending to reveal the identity of the sender;
  • Testimony regarding the account holder's exclusive access to the originating computer and social media account. ( But see, Commonwealth v. Purdy, 2011 WL 1421367 (Mass. April 15, 2011) ( http://bit.ly/rxs1BX) (court clarified that a party is not required to present evidence of exclusive access to authenticate the authorship of an e-mail));
  • Expert testimony concerning the results of a search of the social media account holder's computer hard drive;
  • Testimony directly from the social networking website that connects the establishment of the profile to the person who allegedly created it and also connects the posting sought to be introduced to the person who initiated it; and
  • Expert testimony regarding how social network accounts are accessed and what methods are used to prevent unauthorized access.

This article first appeared in the New York Law Journal, a sister publication of this newsletter.


Richard Raysman is a partner at Holland & Knight LLP. Peter Brown is a partner at Baker & Hostetler LLP. They are co-authors of Computer Law: Drafting and Negotiating Forms and Agreements (Law Journal Press; available at http://bit.ly/twjGCn).

'

More than 250 million photos are uploaded per day on Facebook, and in all, billions of links, blog posts and other content are shared among users each month. With the staggering amount of electronic communications exchanged on social networks, lawyers quickly realized that these portals are a valuable repository of potential evidence ' snapshots of the past and present ' that can be used for impeachment purposes against parties and witnesses.

However, given the possibility of impersonation and digital fabrication in the online world, the information displayed on social media profiles is not immediately verifiable and presents issues of authentication and admissibility under the Federal Rules of Evidence. In the judicial context, printouts of messages, postings and photographs from a particular social media account generally require additional corroboration that links the printouts to their purported creator before a court will allow such material into evidence.

Federal Rules of Evidence

More and more, parties are attempting to introduce social networking communications into evidence. Beyond other admissibility obstacles, such as hearsay or relevance, a piece of evidence must satisfy Fed. R. Evid. 901 (or the state equivalent), which applies in both civil and criminal proceedings, and mandates that the material offered is “authentic,” or what the proponent claims it to be.

Authentication is not a rigid process, but may be accomplished in numerous ways, some of which are prescribed in Rule 901(b). For example, a document may be authenticated by direct proof, such as the testimony of a witness with knowledge that the offered evidence is authentic. See , e.g. , United States v. Gagliardi , 506 F.3d 140, 151 (2nd Cir. 2007) ( http://bit.ly/tFORcm ) (chat room logs properly authenticated as having been sent by the defendant through testimony from witnesses who had participated in the online conversations). In the alternative, as often is the case with electronic communications, the movant may provide circumstantial evidence of authenticity, that is, offer testimony about the distinctive characteristics of a message when considered in conjunction with the surrounding circumstances. See Rule 901(b)(4).

When looking at circumstantial evidence about social media postings, a court might consider such things as: 1) the consistency of the offered message with another message or posting made by the alleged author; 2) the author's awareness of the conduct in question as shown in the details of the message; 3) the message's inclusion of similar requests that the alleged author had made via phone or other communication during the relevant time period; and 4) the message or posting's reference to a little-known nickname or other intimate piece of knowledge. See generally , United States v. Siddiqui , 235 F.3d 1318, 1322-23 (11th Cir. 2000) ( http://bit.ly/t7fzyG ).

Implicit in recent court decisions regarding electronic evidence is the concept that e-mails, text messages and social media data are subject to the same requirements for authenticity as traditional paper documents. Even though online and social media communications offer unique opportunities for fabrication, such electronic evidence is still evaluated on a case-by-case basis as any other document to determine whether there has been an adequate foundational showing of its relevance and authenticity.

The potential for tampering with electronically stored information on a social networking site poses challenges from the standpoint of authentication. In general, a party's name written as the author of a social media posting or message site is not sufficient alone to authenticate the electronic communication as having been authored or sent by that party. The need for authentication arises because anyone can masquerade under another person's name or otherwise gain access to another's account (or mobile phone). While e-mails and instant messages can be sent and received from any computer or smartphone, text messages are sent from the mobile phone bearing the sender's number and transmitted to the phone associated with the recipient's number. However, as with social media and e-mail accounts, mobile telephones are not always exclusively used by the person to whom the phone number is assigned, creating procedural hurdles. Compare State v. Koch, 2011 WL 4336634 (Pa. Super. Sept. 16, 2011) (detective's description of accurate transcription of defendant's text messages is insufficient for purposes of authentication where the State conceded that defendant did not author all of the text messages on her phone) with Dickens v. State , 175 Md. App. 231 (2007) ( http://bit.ly/vxgyGF ) (threatening text messages received by victim on cell phone contained details few people would know and were sent from phone in defendant's possession at the time). Even with password protection, account holders often remain logged in with their computers and smartphones unattended, and despite best efforts, accounts and computers are always subject to being infiltrated by hackers. Moreover, digital photographs posted online can be altered with readily available software. See , e.g. , People v. Lenihan , 30 Misc.3d 289 (N.Y. Sup. Ct. 2010) ( http://bit.ly/uSK3Nj ) (defendant properly precluded from confronting witnesses with printouts of MySpace photos depicting him in gang clothing because of the easy ability to digitally edit photographs on the computer). Consequently, proving only that a message or photograph came from a particular account or device, without further authenticating evidence, is inadequate proof of authorship or depiction.

Social Media Evidence

Broadly speaking, a social network allows its members to share information and enables interpersonal contacts through an online portal. A user's profile page might include various content, including pictures, videos, blogs, messages, and lists of “friends,” political causes and leisure pursuits. On social network sites such as Facebook, users exchange information about their personal lives, post commentary about what they are doing or thinking and offer a “wall” on their profile page where friends and others can post open messages. Often, users post celebratory messages immediately following a meaningful event, communications that later might turn into potentially relevant evidence in a civil or criminal proceeding, whether it be incriminating photos or frank admissions.

Prior to the existence of social media, courts wrestled with early online communication modes, such as Internet chat rooms. For example, in United States v. Simpson , 152 F.3d 1241 (10th Cir. 1998) ( http://bit.ly/rP9cdA ), the court held that there was ample circumstantial evidence to authenticate printouts of the content of chat room discussions, including the use of the e-mail name of the defendant and the presence of the defendant's correct address in the messages, as well as notes seized at the defendant's home containing the address, e-mail address and telephone number referenced in the online discussions. In the last several years, courts have applied the principles surrounding earlier forms of electronic communications to social media.

In Griffin v. State , 419 Md. 343 (2011) ( http://bit.ly/uew0ai ), a criminal defendant argued that the State did not appropriately authenticate pages printed from his girlfriend's MySpace profile that allegedly outlined threats to a trial witness because the State failed to offer any extrinsic evidence about how the police obtained the printouts in question and how they were linked to the defendant's girlfriend. The Maryland Court of Appeals agreed and remanded the case for a new trial. The court held that the State failed to lay a proper foundation for the MySpace pages, stressing that “the potential for abuse and manipulation of a social networking site ' leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication ' .”

The court concluded that even though the social media profile contained a picture of the defendant and his girlfriend and her correct birth date and location, these were insufficient “distinctive characteristics” to authenticate the printout, given the prospect that an impersonator not only could have created the site, but also authored the threatening posting. Interestingly, the dissent criticized the majority opinion stating the “purpose of authentication is to ' filter untrustworthy evidence” and that the majority's concerns about social network hacking should go less to the admissibility of the evidence but more to the weight given by the factfinder, arguments that could be further fleshed out through cross-examination or rebuttal testimony.

Similarly, in State v. Eleck , 23 A.3d 818 (Conn. App. 2011) ( http://bit.ly/uOlW2m ), a defendant sought to introduce into evidence Facebook messages purportedly authored and sent by a key prosecution witness that would impeach her credibility. The defendant claimed that he printed the exchange of messages directly from his own computer and had recognized the witness's user name because she had added him as a Facebook “friend” a short time before he received the message and then removed him as a friend after testifying against him at the trial. He also argued that the content of the messages identified the witness as the author since the text hinted at knowledge of the pending case.

The State objected on the grounds that the authorship of the messages could not be authenticated, particularly in light of the witness's testimony that her Facebook account had been hacked. In refusing to authenticate the message printouts, the court noted the “general lack of security of the [social network] medium” that raises an issue as to whether a third party may have sent the messages via the witness's account and stated that it was incumbent on the defendant to advance other foundational proof to authenticate the proffered messages. The court also remained unconvinced that the references in the messages to an acrimonious history between the witness and the defendant provided distinctive evidence of the message's author or contained information only the witness would have possessed about the character of their relationship.

The reluctance of courts to admit social media profiles without ample circumstantial evidence attesting to their authenticity has led certain parties to take great care in presenting such exhibits. In one case, People v. Clevenstine , 68 A.D.3d 1448 (3d Dept. 2009) ( http://bit.ly/sRaIkY ), the defendant argued that the hard drive containing electronic communications that were exchanged between him and the crime victims via instant message was improperly admitted into evidence. In affirming his conviction, the New York appellate court explained the methodical path the prosecution took to authenticate the incriminating MySpace messages: Witnesses testified that they had engaged in instant messaging with defendant through MySpace, a police investigator related that he had retrieved such conversations from the hard drive of the computer used by the message recipients, a legal compliance officer for MySpace explained that the messages had been exchanged by users of accounts created by defendant and the victims, and the defendant's wife testified about messages she viewed in defendant's MySpace account on their home computer.

The court ultimately rejected the defendant's argument that an unknown person accessed his account and sent the messages. Notably, and in contrast to Eleck and in agreement with the dissent in Griffin, the New York court stated that, under the facts of the case, the likelihood of such a scenario presented a factual issue for the jury in reaching its verdict. Indeed, a prior New York appellate court similarly held that an exchange of computer instant messages was properly authenticated, despite the defendant's suggestion that an imposter had accessed his account. See People v. Pierre , 41 A.D.3d 289 (1st Dept. 2007) ( http://bit.ly/vLofZH ) (where a person sent an instant message to a screen name and received a reply, the content in response supported the conclusion that the message was sent by defendant, and no evidence was admitted to show anyone else had motive or opportunity to impersonate defendant by using his screen name).

Conclusion

The landscape of electronic evidence continues to take shape, particularly with the proliferation and innovation of social media technology. To prepare to address authentication issues associated with social media and other electronic evidence, counsel should identify each category of electronic evidence to be introduced. Then, he or she should determine what courts have required to authenticate this type of evidence, and carefully evaluate the methods of authentication identified in Federal Rules of Evidence, as well as consider requesting a stipulation from opposing counsel attesting to the veracity of certain social media evidence. With this in mind, counsel can choose the most effective method of authentication ' testimony, affidavit, admission or stipulation ' and be prepared to cite authority to support the selected method and rebut allegations that the social media account in question is fraudulent or compromised. See generally , Lorraine v. Markel American Ins. Co. , 241 F.R.D. 534, 562 (D. Md. 2007). Indeed, the inability to get electronic evidence admitted because of a failure to authenticate it is a self-inflicted injury that can often be avoided by thoughtful advance preparation. Id. at 542.

Possible avenues for authenticating social network profile postings printed from a social networking site will continue to develop as more parties seek to use such information, but some helpful methods include:

  • Testimony from the purported creator of the social network profile and related postings;
  • Testimony from persons who received the messages;
  • Testimony about the contextual clues and distinctive aspects in the messages themselves tending to reveal the identity of the sender;
  • Testimony regarding the account holder's exclusive access to the originating computer and social media account. ( But see, Commonwealth v. Purdy, 2011 WL 1421367 (Mass. April 15, 2011) ( http://bit.ly/rxs1BX) (court clarified that a party is not required to present evidence of exclusive access to authenticate the authorship of an e-mail));
  • Expert testimony concerning the results of a search of the social media account holder's computer hard drive;
  • Testimony directly from the social networking website that connects the establishment of the profile to the person who allegedly created it and also connects the posting sought to be introduced to the person who initiated it; and
  • Expert testimony regarding how social network accounts are accessed and what methods are used to prevent unauthorized access.

This article first appeared in the New York Law Journal, a sister publication of this newsletter.


Richard Raysman is a partner at Holland & Knight LLP. Peter Brown is a partner at Baker & Hostetler LLP. They are co-authors of Computer Law: Drafting and Negotiating Forms and Agreements (Law Journal Press; available at http://bit.ly/twjGCn).

'

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.