chevron-down Created with Sketch Beta.


On the Fundamentals of Authentication

Michael D Roundy


  • To authenticate a piece of evidence is to establish that it is what it appears to be, what it purports to be, or what its proponent says it is.
  • Calling the key witness to the stand to authenticate a smoking gun document may not always be an option.
  • A distinct body of law has developed, and continues to evolve, for the authentication of electronic documents based upon a variety of circumstantial factors, such as the timing of the messages, contents, actions taken that are consistent with the message, or certain distinctive characteristics of the message.
  • One recent case from Pennsylvania illustrates the limits of a circumstantial approach to authentication.
On the Fundamentals of Authentication
Lucy Lambriex via Getty Images

Particularly in this digital age, parties collect in the course of discovery an avalanche of documents. In the pretrial phase, it may become almost instinctive in litigation attorneys to recognize, analyze, and strategize about the relevance of the information contained in the documents or how to get around hearsay limitations. But a related evidentiary requirement often may be overlooked until trial is upon us: How do we authenticate the document? It isn’t enough that the document is relevant or that there is some applicable exception to the hearsay rule. It must be authenticated before the court may properly allow it into evidence. 

Authentication 101: Introductory Course

To authenticate a piece of evidence is to establish that it is what it appears to be, what it purports to be, or what its proponent says it is. Federal Rule of Evidence 901(a) states that to satisfy the authentication requirement, the proponent must introduce “evidence sufficient to support a finding that the item is what the proponent claims it is.” Rule 901(b) presents a series of examples of ways in which certain kinds of evidence might be authenticated.

If I want to introduce a printout of an email from Sally to Sam, I might simply call one or the other to the stand to identify the email as one that they sent or received on such and such a date, and in many cases that will suffice to authenticate the email. Fed. R. Evid. 901(b)(1) (testimony of a witness with knowledge). Another approach is to have the opposing party stipulate to the authenticity of the document, either just before trial or perhaps even earlier, in response to a request for admission. Some courts even require the parties to confer before trial and identify for the court potential exhibits that the parties agree are admissible and those for which admissibility is disputed.

Authentication 201: Advanced Techniques

Calling the key witness to the stand to authenticate a smoking gun document may not always be an option. In a criminal case, the defendant is not required to take the stand and incriminate himself. So, in the absence of a party or witness willing to stipulate or testify about the evidence, subtler means of identifying a piece of evidence must be relied upon.

The case of State v. Stahl in Florida presented the, by now, classic scenario of a locked cell phone for which law enforcement needed the passcode in order to unlock the device; attempting various possible combinations, unsuccessfully, could eventually result in permanently locking the device and erasing its contents. 206 So. 3d 124 (Fla. Dist. Ct. App. 2016). The defendant was accused of video voyeurism, taking a picture or recording under the skirt of the victim, in violation of state law. The state established probable cause for a warrant to search the cell phone but had to resort to a motion to compel the defendant to provide the passcode. The trial court denied that motion on Fifth Amendment grounds, but the appellate court reversed, holding that revealing the passcode was a nontestimonial statement that did not implicate the Fifth Amendment.

Even if providing the passcode were seen to implicate a testimonial communication, the court found that the “foregone conclusion” exception to the Fifth Amendment privilege would be satisfied. The foregone conclusion doctrine holds that the act of production does not constitute compelling a defendant to be a witness against himself where the state already knew that the evidence existed, that the evidence was in the possession of the accused, and that the evidence was authentic. In Stahl, the court noted that the relevant questions were whether the state knew that the passcode existed, that the accused was in possession of it, and that it was authentic. While the state knew that the passcode existed (the phone could not be opened without one) and that the defendant knew it (i.e., the phone was his, based on the circumstances), authentication of the passcode remained.

The court recognized in that instance that the passcode technology was self-authenticating. “If the phone or computer is accessible once the passcode … has been entered, the passcode … is authentic.” Id. at 136. Thus, in that case, it was not a witness’s testimony that would authenticate the evidence (the code), it was the fact that it worked and opened the phone for the warranted search.

Authentication 301: Circumstantial Authentication

A distinct body of law has developed, and continues to evolve, for the authentication of electronic documents—emails, text messages, social media postings—based upon a variety of circumstantial factors, such as the timing of the messages, contents, actions taken that are consistent with the message, or certain distinctive characteristics of the message. Great debates have arisen over whether the “Maryland Rule” (an inherent mistrust of social media, carrying a higher bar for authentication than just the distinctive characteristics) or the “Texas Rule” (accepting distinctive characteristics as a prima facie showing of authenticity) is more appropriate.

The recent South Carolina Court of Appeals decision in State v. Green rejected the need for such labels or categories and focused on the basic principles embodied in Federal Rule of Evidence 901. 427 S.C. 223 (S.C. Ct. App. 2019). In Green, the defendant, convicted of murder, appealed and challenged the trial court’s admission into evidence of several direct messages between the victim’s Facebook account and an account used by Green’s girlfriend; these messages had lured the victim to the house where he would be murdered. The messages were admitted as coconspirator statements (therefore, not hearsay), which the defendant did not challenge on appeal. Rather, the defendant appealed the court’s ruling that the messages had been properly authenticated.

Green argued that social media can be too easily manipulated by a hacker or by creating a fictitious account, and that in this case neither the sender nor the recipient had corroborated that they were authentic messages. The court rejected the notion that writings through social media carried any different burden of authentication than any other form of writing, such as a letter, postcard, or fax. “The vulnerability of the written word to fraud did not begin with the arrival of the internet, for history has shown a quill pen can forge as easily as a keystroke.” Id. at 231.

The court applied the state’s version of Rule of Evidence 901(b)(4), Authentication by Circumstantial Evidence of Distinctive Characteristics. Under this rule, whether the federal or state formulation, evidence may be authenticated by reference to such identifying characteristics as its appearance, contents, internal patterns, tenor, reference made in the writing to unique facts tied to the writer, the fact that it is made in reply to a prior communication known to be genuine (the so-called reply letter doctrine), or other circumstantial characteristics. In Green, the court relied upon numerous facts that linked the Facebook messages to the defendant’s girlfriend: the screen name was known to be used by the girlfriend; the messages referred to “Julissa,” which other evidence established to be her sister; reference to the address at which she lived; reference to her real first name, Karina; comments in the messages about her relationship with her boyfriend, which were consistent with Karina’s relationship with Green; and the fact that the victim disappeared shortly after being invited in the messages to the same address where his blood was later found. Thus, the court relied on the long-established methods embodied in Federal Rule of Evidence 901 to authenticate the social media messages.

Authentication 401: Nuanced, Case-by-Case Evaluation

One more recent case, from Pennsylvania, illustrates the limits of a circumstantial approach to authentication. In Commonwealth v. Gardner, an unpublished opinion of the Pennsylvania Superior Court (an appellate court), the defendant was convicted of a series of crimes from simple assault to attempted murder. J-S38022-19 (Pa. Super. Ct. Aug. 13, 2019). The defendant claimed that he acted in self-defense, and on appeal challenged the trial court’s exclusion of a Facebook post, purportedly written by the victim, which stated that she had post-traumatic stress disorder and anxiety, she was taking psychiatric medication, and if she killed someone “it would be her psychiatrist’s fault.”

The defendant offered the post to demonstrate the victim’s propensity for violence. To authenticate the post, the defendant testified that he saw the victim take medication throughout the day and that she was on the phone with her doctor and was upset about her medicine; argued that the post itself contained “contextual clues” that the victim was its author; and offered testimony of a witness who said he was familiar with the victim’s diagnosis, medication, and Facebook page.

The appellate court stated that the authentication of social media evidence “is to be evaluated on a case-by-case basis” to determine whether an adequate foundation exists to establish both the relevance and authenticity of the evidence. In particular, there must be evidence to corroborate the identity of the author. The appellate court affirmed the trial court’s exclusion of the Facebook post, noting that the post was “more of a statement than a threat” and that the witness’s testimony was insufficient to authenticate it. Notably, on cross-examination, the witness had acknowledged that the victim had not admitted to authoring the post; that he was unaware that there were 11 Facebook accounts by the same name; and that he had not obtained the account’s IP address, email address, or password.

Old Ways: Still Working

Although the authentication of electronic evidence has evolved into a distinct subject of court decisions around the country—sometimes involving testimony of computer forensics experts, details of IP addresses, screenshots of key messages, and details of account registration—it is also true that the application of long-standing principles of evidence often will determine whether the evidence can be authenticated. Practitioners can develop that evidence in the usual manner during discovery by asking the right questions at deposition, serving requests to admit authenticity, or seeking agreement of the parties.