EvidenceProf Blog

Editor: Colin Miller
Univ. of South Carolina School of Law

Friday, April 20, 2012

Friend Request: New Articles By Aviva Orenstein & Caren Morrison Address Issues Related To Authenticating Social Networking Evidence

Hundreds of millions of people world-wide use social media. Wikipedia, which is itself a form of social media, describes social media as follows: “Social media includes web-based and mobile technologies used to turn communication into interactive dialogue.” Of particular interest in evidence law are social networking sites that provide online platforms for people to interact. Users adopt a screen name and establish an on-line identity, forming links with friends they know in the real world or strangers who share similar interests. Users can create and edit written content, post photographs, join affiliational groups, post on the page of friends, and engage in one-on-one electronic conversations, all in real time with a timestamp. The content can be original or can be replicated from other sources. Aviva Orenstein, Friends, Gangbangers, Custody Disputants, Lend Me Your Passwords (fortcoming).

Professor Orenstein's article, which I discussed a bit yesterday, is one of two recent pieces I have read on the authentication of evidence from social networking sites, with the other being Professor Caren Morrison's Passwords, Profiles, and the Privilege Against Self-Incrimination: Facebook and the Fifth Amendment (forthcoming). Like their prior works (here and here), both of these works are trenchant and timely, and, as this post will demonstrate, interact in interesting ways.

Let's start with Morrison's piece first. In her article, Morrison addresses the Fifth Amendment implications of forcing citizens to disclose private social networking information. As an example, consider Griffin v. State, 2010 WL 2105801 (Md.App. 2010), the (in)fanmous "SNITCHES GET STITCHES" case that Morrison discusses in her article (and which I have addressed on this blog). In that case, the threat, "JUST REMEMBER, SNITCHES GET STITCHES!! U KNOW WHO YOU ARE!!" was on the MySpace profile page of the defendant's girlfriend (Ms. Barber), and an intermediate appellate court in Maryland found that the prosecution properly authenticated this threat as one made by the girlfriend through this fact and other circumstantial evidence.

On appeal, however, the Court of Appeals of Maryland disagreed, finding

that the trial judge abused his discretion in admitting the MySpace evidence pursuant to Rule 5-901(b)(4), because the picture of Ms. Barber, coupled with her birth date and location, were not sufficient "distinctive characteristics" on a MySpace profile to authenticate its printout, given the prospect that someone other than Ms. Barber could have not only created the site, but also posted the "snitches get stitches" comment. The potential for abuse and manipulation of a social networking site by someone other than its purported creator and/or user leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication than merely identifying the date of birth of the creator and her visage in a photograph on the site in order to reflect that Ms. Barber was its creator and the author of the "snitches get stitches" language.

So, what's the government to do if it wants to authenticate social networking evidence? One answer is to order the citizen to furnish social networking information (e.g., passwords, metadata, etc.) via subpoena. But as Morrison notes, if this compelled act of production is "testimonial," it is protected by the Fifth Amendment, rendering the data (and metadata) inadmissible.

Morrison then claims that there is a good argument that the compelled disclosure of social networking data is "testimonial":

An individual who is compelled to give law enforcement access to her Facebook page is forced to engage in cognition for the benefit of the state and to turn over the results of that mental process. In addition, she does implicitly relate the factual assertions, “I do have a Facebook page” and “Here is how to access that Facebook page.” Given the fact that most of the controversies surrounding the use of social media evidence at trial have to do with authentication (in other words, is the Facebook profile of “Frederick Walters” really Walters’ Facebook page, or the page of someone posing as Frederick Walters?), these admissions are of considerable value to law enforcement.

Further, such a subpoena places the suspect in the “cruel trilemma,” the traditional touchstone for whether something is testimonial—forcing the suspect to a choice between incriminating truth, a lie, or contempt of court. Since disclosure of Facebook access information would place a suspect squarely in the position of disclosing the information (thereby leading the government to her Facebook page), denying that she has a Facebook page, or refusing to answer, the act of providing the access information to the government would also be testimonial under this standard.

Finally, some contend that the response to a government demand for a person’s password would be inherently testimonial because the demand calls for “specific testimony asserting a fact.”

Moreover, Morrison adds that

the response to a subpoena for Facebook access information may be not only testimonial, but also protected by the Act of Production doctrine. An individual who is compelled to give law enforcement his Facebook password, his user name, or the email address with which he set up the account, implicitly indicates his belief that his Facebook page is the one meant by the government, and that he has control over the page. This situation, then, seems to fall squarely within the act of production doctrine, which bars the government from using evidence of the defendant’s compliance with the subpoena to authenticate the substantive information contained on the Facebook page.

Morrison does acknowledge that the government can grant immunity to the citizen's act of production but then notes that, under such a grant of immunity

the government is barred from making "direct or indirect" use of the implied assertions that the [social networking] account exists, that it is authentic, and that it belongs to the suspect. If the government pursues the case, it must prove that any subsequent evidence that it wants to use “is derived from a legitimate source wholly independent of the compelled testimony."

You might think that this Fifth Amendment analysis leaves citizens secure in their right to privacy, by Morrison argues that "[i]f it cannot obtain the information by subpoena, the government might be spurred to greater intrusions in its attempt to obtain equivalent evidence through surveillance and searches."

So, might citizens be better off, then, with courts more readily finding social networking evidence more readily authenticated? This is where Orenstein's article come into play. Like MorrisonOrenstein notes the current difficulties parties have in authenticating social networking evidence. And the culmination of her piece is to propose a process whereby parties can create a rebuttable presumption of authenticity of social media accounts if they follow three steps:

1. Lay a foundation for the provenance of the print-out of the social media page in question.

a. The witness must describe where on the Internet the page was located and how the witness downloaded it.

b. The relevant page should be printed out with its URL visible.

c. The witness should also be prepared to testify that the printout reflects accurately what the witness saw on the webpage.

d. Some evidence should be offered as to who has access to the page and

2. Establish ownership of the page. This can be accomplished by stipulation, testimony of a person with knowledge (ideally, but not necessarily, the page-owner), an affidavit from the service provider about to whom the page is registered, or circumstantial evidence. In appropriate circumstances, particularly where the name, birthdate, zip code, photo, and other identifying characteristics of the page owner are visible on the page, ownership can be established by such distinctive criteria along with content-based evidence. Allowing authentication based on the page information alone is particularly appropriate where evidence is abundant from the style and content of the page that the page owner regularly used it. It would be an expensive and unnecessary impediment to litigation if courts routinely required affidavits from service providers.

3. Demonstrate that the page owner actually wrote the post in question. This can best be accomplished by stipulation or questioning the page-owner or post-writer. It can also sometimes be established by examining the hard drive of the page-owners computer, but again, that is expensive and incomplete, because Facebook pages and their ilk can be accessed from many different devises anywhere there is an internet connection. Even if the owner of the page denies having written the post, circumstantial evidence such as the content of the post can provide sufficient distinctive characteristics for authentication and identification of the author. Where the page-owner acknowledges ownership of the page but claims hacking or other usurpation, evidence that the posting remained up while the page was in the owner’s control would persuasively rebut claims of hacking etc.

This takes me back to the point that I was making yesterday, which is Orenstein's point as well: We don't need to blow up the rules of evidence, including the rules of authentication, to accommodate technological innovations such as social networking sites. Instead, the existing rules are perfectly adequate to accommodate such advances as long as are a little creative with them, and, if we are, the government shouldn't have to compel production of data and metadata very often. But, if we're not, then we have the situation Morrison described, in which we're damned if we compel production and damned if we don't.



| Permalink

TrackBack URL for this entry:


Listed below are links to weblogs that reference Friend Request: New Articles By Aviva Orenstein & Caren Morrison Address Issues Related To Authenticating Social Networking Evidence:


I don't think the analogy between electronic and written communication is as apt as you would like. If you have not already read it, I highly suggest the article called "What color are your bits?" as it discuses in some detail the difference between the way computer science professionals think about what happens inside a computer and the vastly different way that lawyers think about what happens inside a computer.


I honestly don't know if there is a need to "blow up the rules of evidence" but what I do know is that there is a profound clash of fundamental world-views between computer professionals and lawyers. As an illustration, computer science doesn't even consider a timestamp to have an objective meaning; rationally understood a digital date isn't even a fact let alone a piece of evidence for anything. The whole concept of forgery breaks down because everything is a computer does is a forgery; it's a pointer to a pointer to a pointer without end. Anyone who thinks they have a handle on the problem doesn't understand it.

When I read Orenstein's article I felt like I was watching a three year old make pat-a-cake in the trailer park mud. I honestly don't mean that remark to be deprecating to the author. Rather, I mean it to suggest that we are only beginning in a child-like way to grapple with the fundamental issues. If you honestly think that "the existing rules are perfectly adequate to accommodate such advances" you're not listening to the conversation; you're whistling in the dark.

Posted by: Daniel | Apr 20, 2012 10:27:16 PM

Post a comment