Authenticating Social Media Evidence

One of my all-time favorite emails was received from a prosecutor who was handling a drug trafficking case. The email included a picture, plucked from what purported to be the defendant’s Facebook page, showing the defendant sitting on a pile of cash (later determined to be $1.6 million!), holding an AK-47. Jeff has written (here) about authenticating photographs from social media sites. But what of the other evidence that is mined from social media—how is that authenticated? A recent Second Circuit case adheres to the line that the relevant standard isn’t particularly high but finds that the prosecution didn’t meet it in this case.

The case is United States v. Zhyltsou, decided in October. The defendant was tried federally on a charge of transfer of a false identification document. The government’s key witness was Vladyslav Timku, a Ukrainian citizen residing in the U.S. who testified pursuant to a cooperation agreement. Timku testified that he was friends with the defendant and knew about the defendant’s work as a forger because he had previously paid him to create false documents in connection with a tax scheme involving a corporation called Martex International. Timku testified that he asked the defendant to create a forged birth certificate showing that Timku was the father of an invented infant daughter. Timku wanted the document to avoid compulsory military service in Ukraine, which allows service deferment for parents of young children. According to Timku, the defendant agreed and sent the forged document to Timku by email from the Gmail address The transmittal of this document formed the basis of the charge at issue.

The government’s case however had a significant weakness: The only evidence connecting the defendant to the Gmail account used to send the false document was Timku’s testimony. To address this, the government offered a printout from a web page, purporting to be the defendant’s profile on, the Russian equivalent of Facebook. The profile contained a photograph of the defendant and under contact information, listed “Azmadeuz” as his Skype address. Consistent with Timku’s testimony, the web page indicated that the defendant worked at Martex International and at Cyber Heaven. The defendant objected, arguing that the printout had not been properly authenticated. The trial court overruled the objection. The prosecution went on to argue to the jury that “Azmadeuz” was the defendant’s online identity and that because the profile page listed Azmadeuz as his Skype name, the jurors could conclude that the Gmail address was his as well. The jury found the defendant guilty and he appealed.

The Second Circuit reversed, finding that although “[t]he bar for authentication of evidence is not particularly high,” Slip op. at 9 (quotation omitted), the trial court abused its discretion by admitting the profile page. Noting that the government introduced no evidence that the defendant had created the page or was responsible for its contents, it asked:

Had the government sought to introduce, for instance, a flyer found on the street that contained [the defendant’s] Skype address and was purportedly written or authorized by him, the district court surely would have required some evidence that the flyer did, in fact, emanate from [the defendant]. Otherwise, how could the statements in the flyer be attributed to him?

Id. at 15-16.

The court acknowledged that a document’s contents or “distinctive characteristics” can provide sufficient circumstantial evidence for authentication. Id. at 16. But, it concluded, this method is proper only when the document “deals with a matter sufficiently obscure . . . so that the contents of the writing were not a matter of common knowledge.” Id. (quotation omitted). Here, the information on the profile page was general and known by Timku and possibly others, “some of whom may have had reasons to create a profile page falsely attributed to the defendant.” Id. The court concluded:

We express no view on what kind of evidence would have been sufficient to authenticate the VK page and warrant its consideration by the jury. Evidence may be authenticated in many ways, and as with any piece of evidence whose authenticity is in question, the “type and quantum” of evidence necessary to authenticate a web page will always depend on context. Given the purpose for which the web page in this case was introduced, however – to support the inference that it was [the defendant] who used the moniker “azmadeuz” for the Gmail address from which the forged birth certificate was sent – [the evidence rules] required that there be some basis on which a reasonable juror could conclude that the page in question was not just any Internet page, but in fact [the defendant’s] profile. No such showing was made and the evidence should therefore have been excluded.

Id. at 17 (citation omitted).

The court reversed the conviction and remanded for a new trial.

I’ll now say exactly what you’re thinking: But it’s a Second Circuit case! It’s not binding on North Carolina courts. True enough, and I’m not suggesting otherwise. I offer the case only as a cautionary note in light of what the litigants have described to me as “the Wild West” when it comes to authentication of evidence gleaned from social media sites. If you have thoughts about this issue, please post a comment.

1 thought on “Authenticating Social Media Evidence”

  1. Professor Smith — The issue of Facebook postings and authentication was tackled by Judge Flanagan in the Boyd “homegrown terrorists” case back in 2011 in federal court in the Eastern District of NC. The Fourth Circuit affirmed her rulings in United States v. Hassan, 742 F.3d 104 (February, 2014), and the U.S. Supreme Court denied cert in October. It is a brief discussion in the 4th Cir opinion, but might be helpful.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.