Judicial Guidance on Authenticating Electronically Stored Information (ESI) from Social Networks

As originally published in Forbes (May 14, 2011).

Electronically stored information (“ESI”) from social networking sites is increasingly finding its way as evidence into courts. Attempts to admit such evidence raise a number of questions, including how to authenticate ESI as admissible. In Griffin v. Maryland, the Maryland Court of Appeals considered this issue as a matter of first impression with respect to printed pages from a MySpace account that it held were not properly authenticated under the Maryland Rules of Evidence. More important, however, the court provided useful guidance for practitioners who need to authenticate social media-based ESI.

Griffin sought reversal of various convictions, contending that the trial judge abused his discretion by admitting, without proper authentication, what the State alleged were several pages printed from his girlfriend’s MySpace profile. The Court of Appeals agreed, reversed, and remanded with instructions for a new trial.

The pages in question were from a MySpace profile under an obviously concocted pseudonym that resembled the name of a popular musician. The profile further described a 23-year old female with a specific birthday and featured a photograph of Griffin and his girlfriend embracing. The State attempted to authenticate the pages as belonging to Griffin’s girlfriend through the testimony of a Sergeant who was the lead investigator in the case. The Sergeant claims (correctly) that the MySpace page was accessible to anyone viewing the Internet. The trial court judge permitted the Sergeant to testify as to the authenticity of the printed pages of the MySpace site that contained the photograph in question.

After a general discussion of social networking, the Court of Appeals noted that it could not be certain who had created the page alleged to belong to Griffin’s girlfriend.

The identity of who generated the profile may be confounding, because “a person observing the online profile of a user with whom the observer is unacquainted has no idea whether the profile is legitimate. . . . The concern arises because anyone can create a fictitious account and masquerade under another person’s name or can gain access to another’s account by obtaining the user’s username and password.

Such fabrication, the court stated, can give rise to charges under the federal Computer Fraud and Abuse Act, as was the case in United States v. Drew (C.D. Cal. 2009) (conviction under said Act where mother fabricated a male screen name to gain the confidence of her daughter’s former friend before rejecting her harshly, which precipitated her suicide). With authentication a condition precedent to admitting evidence, the court warned that “[t]he potential for fabricating or tampering with electronically stored information on a social networking site . . . poses significant challenges from the standpoint of authentication of printouts of [a] site, as here.”

Griffin argued that for evidentiary purposes, the State did not appropriately authenticate the pages allegedly printed on his girlfriend’s profile. The State did not indicate how the Sergeant obtained the pages in question or adequately link the printouts with the girlfriend. The Court of Appeals agreed that the trial court had abused its discretion by admitting the MySpace pages as appropriately authenticated, in particular because the trial court did not acknowledge the possibility that another user could have created the profile at issue. “[T]he picture of [the girlfriend] coupled with her birth date and location were not sufficiently ‘distinctive characteristics’ on a MySpace profile to authenticate its printout.”

The potential for abuse and manipulation of a social networking site by someone other than its purported creator and/or user leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication than merely identifying the date of birth of the creator and her visage in a photograph on the site.

The Court’s Prescriptions for Authenticating Potential Evidence from Social Networking Sites

Notwithstanding its holding, the Court of Appeals made clear that it

should not be heard to suggest that printouts from social networking sites should never be admitted. Possible avenues to explore to properly authenticate a profile or posting printed from a social networking site, will, in all probability, continue to develop as the efforts to evidentially utilize information from the sites increase.

The court suggested the following courses of action.

1. Ask the purported creator if (s)he indeed created the profile and also if she added the posting that you wish to submit into evidence. This simple step was never undertaken in Griffin.
2. If possible, search the computer of the person who allegedly created the profile and posting and examine the computer’s internet history and hard drive to determine whether that computer was used to originate the social networking profile and posting in question. The court notes that “[s]ince a user unwittingly leaves an evidentiary trail on her computer simply by using it, her computer will provide evidence of her web usage.
3. The court notes that one may be able to obtain information directly from the social networking website that links the creation of the profile to the person who allegedly created it and also links the posting sought to be introduced to the person who initated it.