Litigants who proffer data obtained from social networking sites like Facebook, Twitter, and Instagram must authenticate the data before the data will be admitted as evidence. Nearly all jurisdictions have a rule of evidence addressing authentication of exhibits and records, many of which mirror Rule 901(a) of the Federal Rules of Evidence. Courts have not agreed, however, on how to satisfy the requirements of Rule 901(a) for social media evidence. Recently, in Commonwealth v. Mangel, 2018 Pa. Super. 225, at *1 (Mar. 15, 2018), the Pennsylvania Superior Court held that data from the defendant’s Facebook account were not admissible without sufficient direct or circumstantial evidence that the defendant authored the Facebook messages in question or posted the photograph obtained from Facebook. Other jurisdictions have also attempted to establish a definitive standard for admissibility, which has led to two distinct standards for authentication—one that treats social media information like any other type of evidence and another that holds social media information to a more demanding standard on the basis that it is subject to manipulation by persons other than the owner of the account.
This article analyzes Mangel, earlier Pennsylvania decisions, and decisions from other courts to determine whether courts are imposing a more demanding standard of authentication for social media data than for documentary evidence. No matter what standard applies, without an admission of authorship, lawyers proffering social media evidence should consider the following to authenticate by circumstantial evidence:
· Establish that the account or phone number is registered in the purported author’s name, including address.
· Confirm that there are no other accounts bearing the same name.
· Establish the purported author’s exclusive access to the account or phone.
· Demonstrate that the circumstances and content of the messages or postings correlate closely to relevant events to which the other party has testified or admitted.
Commonwealth v. Mangel
In Mangel, the prosecution sought to introduce screenshots of Facebook posts and messages allegedly authored by the defendant. At a hearing on the motion in limine to authenticate the posts and messages, the prosecution presented the testimony of a detective qualified as an expert in computer forensics. The detective testified that Facebook searches showed that the screenshots proffered were from an account that bore the same name as the defendant’s name, that listed the account holder as living in the same hometown and attending the same school as the defendant, that had been verified by a cell phone number—the owner of which resided at the defendant’s physical address and bore the same last name—and that contained several of the same photographs included on the screenshots. The detective concluded that the Facebook account that she located “should be the same” as the account associated with the screenshots proffered into evidence. Mangel, 2018 Pa. Super. 225, at *4–5.
With regard to the messages, the detective testified that the Facebook account name and images from the account, as well as the substantive content of the posts, supported her opinion that the account belonged to the defendant and that he wrote the messages proffered. But when asked by the trial court if she could testify to a reasonable degree of computer and scientific certainty that Mangel actually posted the messages, and “that no one else intervened or someone else grabbed the account,” id. at *6, she said she could not. The trial court refused to admit the screenshots at trial, holding that the prosecution failed to prove the defendant had authored the content. Id. The appellate court affirmed, noting the absence of evidence that Mangel had access to the cell phone identified by the detective or any relationship with the owner of that number who bore the same last name. Id. at *23 n.11.
The court, ruling in March 2018, said it was deciding an issue of first impression, but Mangel was not the first Pennsylvania decision addressing the admission of new forms of electronically generated information.
In Commonwealth v. Amy N. Koch, 39 A.3d 996 (Pa. Super. Ct. 2011), aff’d on other grounds, 106 A.3d 705 (Pa. 2014), a Pennsylvania appellate court imposed a similarly demanding standard for authenticating text messages. The appellate court began its analysis by stating that emails and text messages are documents subject to the same requirements for authenticity as nonelectronic documents. The court then discussed the difficulty in establishing authorship for emails and text messages, given that more than one person may use an email address and, while text messages are intrinsic to the cell phones in which they are stored, cellular telephones “are not always exclusively used by the person to whom the phone number is assigned.” 39 A.3d at 1004–5. The trial court had held that the text messages were sufficiently authenticated by a detective’s testimony that the phone belonged to the defendant, but it had also held that any doubts as to the identity of the sender or recipient went to the weight of the evidence, not its admissibility. Id. at 1004. The appellate court reversed and remanded, holding that the text messages had not been sufficiently authenticated and that they were inadmissible hearsay, given that the hearsay exception for admissions of a party opponent was not applicable without proof of authorship. Id. at 1006. On appeal, three justices of the Pennsylvania Supreme Court voted to affirm, but only on the ground of the hearsay ruling, holding that the trial court’s acceptance of the authenticity of the text messages was not reversible error because there is not an elevated standard for text messages. The remaining three justices agreed that the text messages were adequately authenticated, but they disagreed with the Superior Court’s hearsay ruling. Because the Pennsylvania Supreme Court was evenly divided on the hearsay ruling, the Superior Court’s application of a more demanding standard for authenticating text messages was undisturbed, despite the fact that all six supreme court justices opined that this standard was higher than appropriate. See 106 A.2d 705 (2014).
The standard applied in Mangel and Koch is arguably a departure from an earlier decision, In re F.P., 878 A.2d 91 (Pa. Super. Ct. 2005), in which the court held that circumstantial evidence—specifically, content that correlated with an assault victim’s description of the attacks—was sufficient to authenticate instant messages. The trial court admitted transcripts from several instant message conversations allegedly between the defendant and the victim of the attack. Throughout the transcripts, the defendant threatened the victim with physical violence and accused him of stealing from the defendant. After the dates of the messages, the defendant allegedly assaulted the victim. The defendant argued on appeal that the instant messages should not have been admitted because the prosecution did not prove that he was the author, contending that the prosecution had to introduce evidence of the messages’ source from the Internet service provider or the testimony of a computer forensics expert. The appellate court examined the content of the instant messages, which closely matched or referenced multiple encounters between the defendant and the victim, and held that the transcripts of the instant messages were adequately authenticated. The court rejected the argument that unique rules were required for instant messages because of their relative anonymity and the fact that they can rarely be connected to a specific author with any certainty:
We believe that email messages and similar forms of electronic communication can be properly authenticated within the existing framework of Pa. R. E. 901 and Pennsylvania case law. . . . We see no justification for constructing unique rules of admissibility of electronic communications such as instant messages; they are to be evaluated on a case-by-case basis as any other document to determine whether or not there has been an adequate foundational showing of their relevance and authenticity.
Id. at 95 (citations omitted).
In United States v. Browne, 834 F.3d 403 (3d Cir. 2016), the Third Circuit examined the admissibility of Facebook messages and held that they could be authenticated by circumstantial evidence like any other type of evidence. Under a distinct Facebook account name, Tony Jefferson Browne exchanged messages with several of his victims, some of whom he met in person and with whom he also exchanged photographs. At trial, the district court permitted the government to introduce four Facebook chat logs from an account with the same distinct name, along with a certificate of authenticity that stated that the records that Facebook produced for the named account met the business records requirements of Rule 803(6)(A)–(C).
The Third Circuit affirmed, holding that “[t]o authenticate the messages, the Government was . . . required to introduce enough evidence such that the jury could reasonably find, by a preponderance of the evidence, that Browne and the victims authored the Facebook messages at issue.” Id. at 410. Rejecting the government’s theory of self-authentication, the Third Circuit determined that the Facebook messages were authenticated by extrinsic evidence, which included (1) the victims’ testimony about the exchanges they had had over Facebook with Browne, (2) Browne’s testimony that he owned the account and conversed on Facebook with the victims, and (3) the biographical information interspersed through his Facebook conversations with the victims that was confirmed by his testimony. Id. at 410–15.
In United States v. David Lewisbey, 843 F.3d 653 (7th Cir. 2016), the Seventh Circuit held that it did not need to evaluate the authentication of Lewisbey’s Facebook account by circumstantial evidence because he admitted the account belonged to him. Nonetheless, the court noted that it could have easily done so because the account listed Lewisbey’s nickname, date of birth, place of residence, and residence history. The account also contained more than 100 photographs of Lewisbey, many of which were also found on his phone, and the Facebook application on his phone linked to the Facebook profile in question. The court did not specifically reject self-authentication, and its mention of the personal information in the Facebook profile as indicia of authenticity suggests that the Seventh Circuit would be amenable to that theory, so long as the profile contains sufficient identifying details.
Lewisbey also objected to the use of text messages from two phones at trial, but the court held that the government satisfied its burden of “‘produc[ing] evidence sufficient to support a finding’ that the messages were actually sent and received by Lewisbey.” Id. at 658. One of the phones was confiscated from Lewisbey at the time of his arrest, and during a recorded call from jail, Lewisbey told his mother that the police had taken his phone. The other phone was retrieved from Lewisbey’s bedroom, the “properties” settings on the phone named Lewisbey as the owner, and the contacts in the phone matched Lewisbey’s contacts, such as his mother and his former attorney. Id. The combination of establishing control and the corroborating substantive content on the phone satisfied the government’s burden.
In Antoine Levar Griffin v. State, 19 A.3d 415 (Md. 2010), the Maryland Court of Appeals considered the appropriate standard for authentication of social media and, citing Maryland Federal Magistrate Judge Grimm, joined the courts that have held that social media’s potential for abuse and manipulation requires greater judicial scrutiny. Id. at 423–24. Griffin challenged the authentication and admission of printed pages from a MySpace profile that the prosecution claimed belonged to his girlfriend, who had purportedly threatened a witness a witness. The state did not question the girlfriend about the MySpace profile when she testified, however, and instead relied on the lead investigator, who testified that a picture on the page resembled Griffin and his girlfriend and the profile included her date of birth. Id. at 418–19.
Reasoning that authentication is governed by Maryland Rule 5-901, the court looked to Judge Grimm’s decision in Lorraine v. Markel American Insurance Co., 241 F.R.D. 534 (D. Md. 2007), for assistance in its application. Judge Grimm explained that authentication, a condition precedent for admissibility, is satisfied by evidence “sufficient to support a finding that the matter in question is what its proponent claims.” Judge Grimm also held, however, that the complexity and novelty of electronically stored information, with its potential for manipulation, requires greater scrutiny of foundational requirements than paper records. The court accordingly agreed with Griffin that the picture of his girlfriend, her birth date, and her location were not sufficiently distinctive characteristics to authenticate the printed MySpace profile, given the prospect that someone else could have created the account. Griffin, 19 A.3d at 423–24. The court distinguished the several cases cited by the state, including In re F.P. (discussed above), explaining that authentication of a message by the recipient who identifies his or her own distinctive characteristics is distinguishable from a MySpace profile by one who is neither the creator nor the user of that profile.
The court was careful to state that it was not suggesting that social media profiles can never be authenticated. The court provided guidance as to a number of different methods. The first and most obvious would be to ask the purported creator if he or she created the profile. The next would be to search the computer or device used to create the profile because browsers and other histories can provide an evidentiary trail. A third method would be to obtain information directly from the social network itself. Id. at 427–28.
In Ronnie Tienda Jr. v. State, 358 S.W.3d 633 (Tex. Crim. App. 2012), the Texas Court of Criminal Appeals discussed Griffin v. Maryland and acknowledged the three methods outlined in assessing whether Tienda’s MySpace profile could be authenticated. But the Tienda court chose not to adhere to any strict formulation, instead espousing the proposition from Lorraine v. Markel that “there is no single approach to authentication that will work in all instances.” Tienda, 358 S.W.3d at 639. The court ruled that Tienda’s profile contained sufficient identifying details “to support a finding that the MySpace pages belonged to the appellant and that he created and maintained them.” Id. at 645. The court held that the profile could be authenticated even though the state failed to fulfill any of the Griffin methods of authentication (which were not controlling on the Texas court, but which Tienda had argued should guide the analysis).
Distancing itself even more strongly from Griffin than the Tienda court, the New Jersey Superior Court in State v. Terri Hannah, 448 N.J. Super. 78 (App. Div. 2016), “reject[ed] any suggestion that the three methods of authentication suggested in Griffin are the only methods of authenticating social media posts . . . [and] reject[ed] Griffin’s suggestion that courts should apply greater scrutiny when authenticating information from social networks.” Id. at 88. The trial court addressed the fears of forged documents in the context of social media, noting that a letter can be just as easily forged as a tweet.
Whether practicing in a state that has established that social media evidence must be held to a higher standard for the purposes of authentication or in a state that has embraced self-authentication, lawyers should first attempt to have the witness admit authorship. Failing that, adhering to the best practices outlined above will help ensure that crucial evidence is not excluded.
Matthew Hamilton and Donna Fisher are partners in Pepper Hamilton’s Health Sciences Department, a team of 110 attorneys who collaborate across disciplines to solve complex legal challenges confronting clients throughout the health sciences spectrum. Jessica Southwick is an associate in the Health Sciences Department.
Copyright © 2019, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).