Tuesday, November 24, 2020
Court of Appeals of Mississippi Finds Social Media Concerns Don't Apply to Data Extracted From a Cell Phone
Like many state supreme courts, the Supreme Court of Mississippi has expressed concerns regarding the authentication of social media evidence. In Smith v. State, 136 So.3d 424 (Miss. 2014), the Supreme Court of Mississippi held that
The authentication of social media poses unique issues regarding what is required to make a prima facie showing that the matter is what the proponent claims. Creating a Facebook account is easy. Millier, Samantha L., Note, The FaceBook Frontier: Responding to the Changing Face of Privacy on the Internet, 97 Ky. L.J. 541, 544 (2008-09). “[A]nyone at least thirteen years old with a valid e-mail address could create a profile.” Petrashek, Nathan, The Fourth Amendment and the Brave New World of Online Social Networking, 93 Marq. L.Rev. 1495, 1506 (Summer 2010). To create a profile, a person must go to www.facebook.com, enter his or her full name, birth date, and e-mail address, and register a password. Facebook then sends a confirmation link to the registered e-mail, which the person must click on to complete registration. Miller, 97 Ky. L.J. at 544. Not only can anyone create a profile and masquerade as another person, but such a risk is amplified when a person creates a real profile without the realization that third parties can “mine” their personal data. Id. at 542. Friends and strangers alike may have “access to family photos, intimate details about one's likes and dislikes, hobbies, employer details, and other personal information,” and, consequently, “the desire to share information with one's friends may also expose users to unknown third parties who may misuse their information.” Id. at 542-43 (describing a study done by an internet security company using “Freddi Staur,” a toy frog with a Facebook account, who “friended” several people on Facebook and was able to access their personal information). Thus, concern over authentication arises “because anyone can create a fictitious account and masquerade under another person's name or can gain access to another's account by obtaining the user's username and password,” and, consequently, “[t]he potential for fabricating or tampering with electronically stored information on a social networking sight” is high, and poses challenges to authenticating printouts from the website. Griffin v. State, 419 Md. 343, 19 A.3d 415, 421-22 (2011); see also Eleck, 130 Conn.App. 632, 23 A.3d at 822 (“an electronic communication, such as a Facebook message, ... could be generated by someone other than the named sender”); Campbell v. State, 382 S.W.3d 545, 550 (Tex.App.2012) (“Facebook presents an authentication concern that is twofold. First, because anyone can establish a fictitious profile under any name, the person viewing the profile has no way of knowing whether the profile is legitimate. Second, because a person may gain access to another person's account by obtaining the user's name and password, the person viewing communications on or from an account profile cannot be certain that the author is in fact the profile owner.”
That said, those unique issues did not apply in Willis v. State, 2020 WL 6736816 (Miss.App. 2020).
In Willis, Lavoris Willis was convicted based on data extracted from a cell phone. And, according to the Court of Appeals of Mississippi,
This case differs from both Smith and Greene because the data extracted from the cell phone that was used to convict Willis was not taken from an internet-based application such as Facebook; the data came from the cell phone's hardware (i.e., the memory chip inside the cell phone itself). Therefore, authentication did not require connecting Willis to the digital applications, as in Smith and Greene. Collins testified, as an expert in mobile forensic examinations, that the information was stored on the cell phone by the person who possessed the phone. This testimony properly authenticated the information contained in the forensic extraction report.
The following digital evidence was found on the hardware of the cell phone identifying Willis as the possessor of the cell phone. Willis's name and address were contained in the autofill memory of the cell phone's memory chip, which had to be input directly into the cell phone by the possessor of the phone. Numerous photographs of Willis were extracted from the cell phone's memory chip and entered into evidence. One photo shows Willis in “street clothes” in a hallway of what appears to be a hotel, giving a hand signal. The other photographs are selfies of Willis, shirtless and “mugging for the camera.” In some of the photos Willis appears to be smoking a marijuana joint.
Further, text message conversations from two different sources-Facebook Messenger and SMS messages-were extracted from the cell phone's memory chip and contained information linking the cell phone to Willis. This information included his name, the known alias “Iron Man,” and reference to his incarceration. Both sources required the user of the cell phone to have input the texts. The Facebook messages showed that on July 25, 2017, an outgoing message stated the user's name was “Lavoris,” and an earlier conversation with another individual confirmed the user was “locked up.” Additionally, an outgoing text message that afternoon identified the user as “Iron Man,” Willis's alias. Although Willis denied “Iron Man” was his nick-name at trial, the words were visibly tattooed on his arms.