Cases involving online evidence have continued to increase at a rapid pace, aiding cases all the way from workplace harassment to copyright infringement. Digital evidence relevant to all these cases can come in a variety of forms; such as tweets, social media chat logs, instagram images, web pages, blog posts, Linkedin connections and a litany of others. But just like this evidence can make a case, it can also break the case.Below are three cases in which digital evidence was denied in court for not meeting court standards. Let’s take a look at what went wrong and what we can learn from these situations:
Cases Where Digital Evidence Was Not Accepted
"The lawsuit involved a generic drug company trying to strike out expert witness evidence about drug tolerance. The expert's affidavit merely referenced to a homepage link and did not specify nor attach any webpage to be presented as exhibits. Canada's Federal court did not accept the affidavit as evidence on the basis that a hyperlink to a homepage was not sufficient to make the entire site and its contents as evidence."
Evidence collected on MySpace was attempted to be used in this murder case to prove that the defendant's girlfriend had threatened other witnesses not to testify in court. Evidence of threats sent through her MySpace, with a matching profile picture, birthdate and hometown were presented. But although the information closely mirrored the girlfriend’s actual information, investigators were not able to prove (due to lack of metadata) that the message actually came from her (i.e through her personal computer, or IP address). Given the easily manipulative nature of social media content, it was very possible that the threat or profile itself could have been fake. Without being able to prove that the message did come from her, the evidence was therefore not authenticated and could not be used as sufficient evidence.
Photographs also count as content that must be authenticated. In the People Lenihan murder case, MySpace photographs suggesting gang affiliations were attempted to be used in court to cross examine witnesses. But without additional evidence to support the photographs, and no ability to authenticate the fact that they were real, not altered or photoshopped, the evidence and cross examination were completely rejected.
On March 12, 2014, a collective action suit was filed against Natus for violations of 29 U.S.C. § 216(b) of the Fair Labor Standards Act (“FLSA”), 29 U.S.C. §§ 201, et seq. With an employee claiming that he was employed by Natus who failed to compensate him and other similarly situated employees for earned overtime wages, as legally required under the FLSA. This case dealt with screen captures and printouts of a Linkedin profile attempted to be used as evidence. Finding that defendant made no effort to authenticate the webpage evidence, the court held that these third-party documents were not properly authenticated under FRE 901.
5. Commonwealth Vs. Purdy
In 2011, Duncan Purdy was convicted of deriving support from the earnings of a prostitute, (in violation of G. L. c. 272, § 7,) and maintaining a house of prostitution through a massage parlor (in violation of G. L. c. 272, § 6.)
Upon an investigation, Purdy's computer at the massage parlor was seized, with 10 email exchanges were admitted in evidence, including prostitute/massues recruiting emails as well as emails to customers offering illegal services.
In later escalations, the Supreme Court stated that “evidence that . . . originates from an e-mail or a social networking Web site such as Facebook or MySpace that bears the defendant’s name is not sufficient alone to authenticate the electronic communication as having been authored or sent by the defendant.”
Understand the Federal Rules of Evidence & Limitations of Screenshots
Most state rules concerning eDiscovery are based on the Federal Rules of Civil Procedure - FRCP Rule 34(b)(1)(c), and Federal Rules of Evidence - FRE rule 901(a) - which indicate that parties must provide proof of data integrity and data authenticity for evidence. Data integrity refers to the overall completeness, accuracy and consistency of data. Data authenticity means that a digital object is indeed what it claims to be or what it is claimed to be. FRE Rule 901 requires that Electronically Stored Information (ESI) like social media content must be authenticated to verify it is what it claims to be.
For social media and web page evidence to be valid and accepted according to the Federal Rules of Evidence:
Original source code of the social media message, blog or webpage must be collected
Metadata must be collected
Digital signatures and timestamps must be placed on the data to provide evidence of data integrity & authenticity
Data should be prepared in EDRM-XML for easy processing & analysis in eDiscovery systems
Carefully Consider if Your Recordkeeping Solution Captures Third Party Content
A good 30% of social media messages contain links to third party website content. These links can change easily over time, or, if shorted with a URL shortener, will only be valid for a designated period time before they invalidate as links. Web pages that are linked to can commonly be deleted or changed over time. This makes capturing actual URLs and linked web pages a difficult task.
An ideal social media archiving solution not only collects social media messages, but is also able to look up the original URL and automatically collect the deeplinked web page for later reference. When evaluating options, be sure to invest in a digital recordkeeping solution that captures complete metadata including deep-linked content and links to third party publications in the process.
Learn more about how PageFreezer captures complete metadata here.