In the world of eDiscovery, it seems that there’s no end to alarmist editorializing about the next looming problem law firms and corporations have to grapple over. Authenticating social media is clearly one of those topics, seen here, here, and here. Of course, social media is a real and emerging complication to the eDiscovery landscape, but alarmism is not warranted.
Authenticating social media evidence does present special challenges in litigation. Hacking and spoofing is a real phenomenon in social media platforms. But authenticating social media evidence involves the same common sense approach that serves in any other form of digital evidence authentication. Courts have continually ruled that evidence is authenticated by “appearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.”
Proving who wrote a message will always be a foundational issue for evidentiary hearings. For example, in State v. Eleck, (Conn. App. Ct. Aug. 9, 2011) the court ruled that just because a message came from particular Facebook account, there is no foundational proof of authorship. Or in Commonwealth v. Purdy, 459 Mass. 442, 450-51, 945 N.E.2d 372 (2011), an e-mail sent from Facebook account bearing defendant’s name was not proof of authorship without additional “confirming circumstances.”
But the bar for authentication of evidence is actually not particularly high, and in fact only needs to be corroborated with circumstantial evidence. In the digital world, there is no handwriting or fingerprinting expert as courts often used to prove authorship of a letter. However, courts do consider evidence like commonly used phrases found in a message, or activity and actions that may indicate who was responsible for creating a message as legitimate forms of identification.
If there is a short answer to authenticating social media evidence, it is to collect everything- all images, metadata, embedded content, off-site links, related posts or tweets, and anything else on a page that can help authenticate any item. User profiles, especially information from when an account was created can capture some of the most useful and incriminating evidence, because that’s when users are asked to supply personal and identifying information.
Unfortunately, one common problem is that many lawyers still present digital evidence in court printed out on paper. In Griffin v. State, the court overturned a murder conviction at least in part over a failure to authenticate evidence obtained from a MySpace profile, which had been presented as a printout.
The Griffin court wasn’t willing to accept that a defendant had posted the text, “FREE BOOZY!!!! JUST REMEMBER SNITCHES GET STITCHES!! U KNOW WHO YOU ARE!!” just because a printout of the page attributed the quote to a username associated with the defendant. However, the ruling does note that “authentication may be provided by obtaining information directly from the social media website linking the profile and post to their creator.”
Most lawyers are too tech savvy to produce evidence on paper anymore, but there is still a bias in the profession towards capturing and producing only the bare minimum of evidence for litigation. In part, this comes out of a concern towards keeping the cost of eDiscovery low, but also with an eye towards presenting a simple and straightforward story for the court. But with the cost of data storage collapsing, there is no reason to not collect all possible evidence from social media accounts. In fact, the more data collected, the easier it will be to find circumstantial evidence that may be needed to authenticate social media evidence.