Capturing the Evidence You Need, Without the Chain of Custody Worries that You Don’t
If you’re an attorney, a paralegal, an investigator, a law enforcement officer, or even if you justwatch a lot of legal dramas on television, you’re likely familiar with the term “chain of custody”. Essentially, maintaining a “chain of custody” means validating how evidence has been gathered, tracked, and preserved prior to being entered into a case. In both civil and criminal litigation,maintaining a clear chain of custody is critical to the admission of key evidence.
While chain of custody and evidence authentication standards are time-tested and well-established where more tangible forms of evidence are concerned, where digital evidence is involved, there often seems to be more confusion as to what is legally required to preserve a clear chain of readily authenticated evidence. This is even more the case when social media evidence is at issue – and without question, social media evidence will only continue to play an increasingly pivotal role in the legal world. How pivotal?
Consider these facts: In an article in the ABA Judges Journal, it was recently stated that experts estimate that Facebook postings emerge as evidence in as many as 60% of divorce cases.Global law firm Gibson Dunn, in their esteemed eDiscovery and Information Law update, in a section dedicated to social media, reported that, “the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the Discovery of social media continued to skyrocket .....” Attorneys across the country are relying upon social media evidence in all manner of legal matters ranging from criminal law, to insurance fraud, to family law and everything in between.
These sorts of statistics and observations come as no surprise when you consider the fact that three billion people in our world use social media. That’s 42% of the total world population. In fact, 11 new people join social media every second. And those numbers are expected only to grow. Facebook is the third most visited social website in the world, behind only Google and YouTube, and a full 74% of Facebook users visit the site at least once a day. 1.3 million pieces of content are shared on Facebook every minute of every day. That’s an incredible amount of content, and it’s not even to mention the vast amounts of content being shared via Twitter,Instagram, WhatsApp, SnapChat, and a host of other social media sites.
PRESERVATION, AUTHENTICATION, AND CHAIN OF CUSTODY ISSUES
Understandably, with the rapid proliferation of digital evidence and social media in particular, some confusion exists as to what is required to properly authenticate social media evidence that is collected, and how to preserve the chain of custody during the collection process in a way that ensures the evidence will ultimately be admissible in court.
The law is clear that potential evidence found on social media platforms is subject to the same duty to preserve as other types of electronically stored information. The duty to preserve is triggered when a party reasonably foresees that evidence may be relevant to issues in litigation.In those instances, a party has a duty to preserve all evidence in a party’s “possession, custody, or control,” and we know that generally, evidence is considered to be within a party’s “control”when the party has the legal authority and practical ability to access it.
Moreover, we know that preservation of social media evidence is so important that the consequences of failing to preserve can be severe. Indeed, our courts have made clear that both counsel and client may be subject to sanctions for a failure to preserve relevant evidence.In Lester v. Allied Concrete Co., No. CL08-150 (Va. Cir. Ct. Sept. 01, 2011), aff’d, No. 120074(Va. Ct. App. Jan. 10, 2013), that is exactly what happened, when the court sanctioned both the plaintiff and his counsel based, in large part, on its determination that they had engaged in Spoliation of social media evidence[1].
The law is also clear that beyond the duty to preserve evidence, a party must ensure that the evidence is able to be properly authenticated. Certainly, a large part of proper authentication is establishing a clear chain of custody. Where more tangible forms of evidence are concerned, particularly in criminal cases, police officers gather the evidence, store it, tag it, and anyone needing access must sign it in and out. In that way, tangible evidence can be tracked, and parties are able to verify that it has not been altered or tampered with in any way.
What Does This Mean In the Digital Age?
In the digital age, all of this can become more complicated, and as evidence collection evolves, our understanding of best practices must evolve along with it. As we all know, without the right protections, digital files can be easily deleted, edited, altered, and even fabricated entirely. This makes documenting a digital chain of custody all the more important, as a compromised chain of custody can result in the dismissal of critical evidence, which can lead to losing a case that might otherwise have easily been won. All that an opposing attorney needs to do is raise concerns about potential tampering with or tainting of evidence, and you may find yourself facing an uphill battle.
All of this begs the question – what is required to preserve the chain of custody for electronically stored information, and how can you ensure that the evidence you are collecting meets those standards? With respect to electronic evidence, the Electronic Discovery Reference Model offers this definition of “chain of custody”:
All information on a file’s travels from its original creation version to its final production version.A detailed account of the location of each document/file from the beginning of a project until the end. A sound chain of custody verifies that you have not altered information either in the copying process or during analysis.
As we know from Federal Rule of Evidence 901, the standard legal definition of “authentic”evidence is evidence that is what it purports to be. With respect to digital evidence, this means that authentic documents and objects are genuine, not counterfeit or manipulated.
Thus, establishing a valid chain of custody means being able to show where the evidence has been, who has touched it, and its condition at all times, in order to establish that there has been no alteration. With respect to web pages and social media accounts, this means that you can establish (1)When the record was originally produced; (2)That the record is an accurate recording of the webpage in question; and (3)That the record was not subject to alteration from the time it was collected until the time it is presented in court.
THE EVOLUTION OF EVIDENCE AND OF EVIDENTIARY RULES
Fortunately, as the use of digital evidence gathered in legal cases has evolved, the Federal Rules of Evidence have evolved as well. An unfortunate truth is that many attorneys currently practicing law have failed to evolve along with it. Many attorneys remain stuck in the past, using antiquated, costly, and unnecessary methods of preserving and authenticating their data. Methods like taking and printing screenshots, calling in outside witnesses, and gathering affidavit after affidavit to attempt to prove authenticity are outdated, inefficient, and less effective than ideal. As types of evidence and evidentiary rules evolve, practice methods must evolve too.
Upon recognition that digital evidence is here to stay, the Federal Rules of Evidence were amended effective December 1, 2017 to make it easier to authenticate data from electronic sources. These new rules describe a process for authenticating records “generated by an electronic process or system”. Such records include, for example, a printout from a webpage, ora document retrieved from files stored in a personal computer. The rules also provide for using a “process of digital identification” such as hash values to authenticate that electronic data is what it purports to be.
Thus, according to the American Bar Association,
When there is no dispute as to authenticity of ESI, 902(13) and (14) should help achieve the laudable goal of reducing the expense of litigation. Rather than present live testimony of a foundation witness, the proponent establishes authenticity under 902(13) and (14) by presenting a certification containing information that would be sufficient to establish authenticity if the information were provided by testimony at a hearing or trial[2].
So what does this mean, from a practical standpoint? Imagine that you have a case heading to trial in a couple of months. Among your intended exhibits are several copies of Facebook pages with content that you believe will be extremely helpful to your client’s case. You know they need to be readily authenticated to be admitted, and you also know that the judge assigned to your case is fairly skeptical about digital evidence due to the fact that it can easily be altered or manipulated. If opposing counsel won’t stipulate that the web pages are authentic, what would you do? Prior to December of 2017, finding a witness to testify to the authenticity of the evidence would have likely been the choice most in keeping with what the evidentiary rules required. That is no longer true today.
The WebPreserver Difference
As a trusted advisor to your clients, we know that you want to support your cases and claims with the strongest evidence possible. You want it to be thoroughly organized, captured at the moment you need it, sufficiently authenticated, and collected with a clear chain of custody established, so that it can be admitted for its intended purpose. WebPreserver provides this.
When you use WebPreserver, you capture content that remains pristine, untouched, and untampered. When it comes to authenticating online evidence, the fact of the matter is this:there is no substitute for the truth of technology. With WebPreserver, all of the technology you need is at your fingertips. There is no need to manually collect Metadata, no need to rely on an affidavit alone, which may or may not hold up in court.
Rigorous Technology Standards
When you use WebPreserver, you are using a product that generates forensic reports with a forensic SHA256 hash, and HTML source code. All online preservations include key identifying metadata such as the timestamp, the URL, IP address, date, and time, using a certified Stratum-1 atomic clock in compliance with the eSign Act. Even better, WebPreserver hides identity. You can browse safely, capture what you need at the instant you need it, and know that when you do, you are capturing evidence that contains the needed hallmarks of authenticity which courts are increasingly seeking. It doesn’t matter how many affidavits you produce, or how much human testimony you have as to the authenticity of your evidence if the technology isn’t there to back it up. That said, the argument that you need to outsource so “someone can testify to its authenticity” (the evidence), is a false narrative - your service provider cannot produce a stronger forensic report than you will get using WebPreserver, with one mouse click.
Secure Storage Without Danger of Third-Party Interference
If you want to ensure a clean, sound, strong chain of custody, you need to know exactly where your evidence is, and what’s happening to it. With regard to the digital chain of custody, WebPreserver ensures that all of the data preserved by our Plug-in is stored on your local machine or the network ONLY. There is never any concern about remotely storing preservations on third-party systems where they may be subject to tampering or corruption.
Some collection sites use virtual browsers, which are physically isolated from a computer’s underlying operating system. Understandably, these collection methods open the door to chain of custody challenges that can often be hard to dispute. When the evidence isn’t stored under your complete control, it can be difficult to rebut an argument that it has remained pristine and uncorrupted as required under the law. While some third-party service providers would suggest that storing your data on Amazon Cloud or even their own hardware is a safer option, the truth of the matter is simple – you can’t control what you can’t control. You can’t verify for certain, that the digital information of which you are voluntarily relinquishing control has been handled, stored, and forensically verified exactly as you want it to be in every situation. Imagine involving a big IT infrastructure company in a chain of custody matter - it’s not pretty.
By contrast when you use WebPreserver, as opposed to third-party service vendors, virtual machines, and proprietary browsers that use remote storage, you are taking a wise precautionary measure toward ensuring that such challenges are unsuccessful, and that you maintain full legal chain of custody of preserved data.
Don’t Pay Someone Else to Do What You Can Easily Do Yourself
Here’s the truth of the matter – When you outsource your evidence collection to a third party, there’s a high likelihood that they’re already using our software anyway. While we’re proud to provide our software to countless clients all across the country, the simple truth is that it doesn’t make much sense for you to pay someone else to do what you could easily do yourself. Why incur extra fees, add extra time, and risk the loss of valuable evidence in the meantime, when you could install the plug-in yourself, and begin capturing the evidence you need, in the format you need it, immediately? It’s the savvy, safe, logical choice, and one your clients will certainly appreciate because they won’t be handed the big bill your service vendor will send you.
Call us today to discuss deploying the WebPreserver plug-in so that you can begin gathering the evidence you need, when you need it. You’ll be able to capture the evidence that you want, with the assurance that when you do, it will be organized, easy to access, and maintained in pristine, recognizable, and easily exportable formats. With WebPreserver, preservation is not only automated and reliable, it’s also safe and efficient. It’s the smart choice. Call us today!
[1] In Lester, the lawyer instructed his paralegal to make sure the plaintiff “cleaned up” his Facebook page, and the paralegal helped the plaintiff to deactivate his page and delete potentially unfavourable pictures from his account. Although the pictures were later recovered by forensic experts, the court determined that sanctions were justified based on the misconduct.
