The court of appeals recently decided State v. Ford, a case about the authentication of social media evidence. This is the first North Carolina appellate case to give careful consideration to the issue, and the opinion sets a relatively low bar for authentication. Because this type of evidence is increasingly prevalent, the case is an important one. Continue reading
Tag Archives: myspace
Suppose that the defendant is charged with a gang-related murder. The State seeks to establish that the defendant is a gang member by introducing a photograph that a detective found on the defendant’s Facebook page. The photograph shows the defendant flashing gang signs. The defendant argues that the picture can’t be authenticated, because digital photographs can easily be altered, and because the State does not have a witness who was present when the picture was taken and who can testify that the image is a fair and accurate representation. Is the picture admissible?
The usual ways of authenticating photographs won’t work here. Photographs are usually introduced to illustrate a witness’s testimony, based on the witness’s recitation that the witness was present when the photographs were taken and that the photographs “fairly and accurately depict” what the witness saw. See, e.g., State v. Vick, 341 N.C. 569 (1995). When such a witness is available, this foundation is sufficient for digital photographs just as it is for film photography. G. Michael Fenner, The Admissibility of Web-Based Evidence, 47 Creighton L. Rev. 63 (2013) (“A photograph from a Facebook page showing the criminal defendant half-dressed and fully-drunk at a party during the thirty-one days when she had not yet reported that her nearly-three-year-old daughter was missing, or during the five months between the time her daughter was reported missing and the little girl’s body was found, can be authenticated by someone who was at the party, remembers when the party occurred, and can identify the defendant from the photo. It does not matter where the photo was found: on Facebook, on a camera’s flash memory card, or in a shoebox. They are all just photos and can be authenticated in the ordinary, old-fashioned way. When it is irrelevant whether the Facebook page was the source of the photo, then just because it was found on the web does not make authentication any more complicated.”) However, in our hypothetical, that method of authentication isn’t available to the State.
Sometimes it is possible to authenticate photographs even when there is no witness who has first-hand knowledge of the accuracy of the images. An analogous issue often arises with video recordings, and there is a body of case law concerning when surveillance videos may be admitted as “silent witnesses” despite the lack of a human witness who can confirm the recordings’ accuracy. In general, authentication requires testimony from someone familiar with the surveillance system about how it worked, how the camera was functioning at the time of the recording, and how the video was copied from the system and preserved unaltered for trial. See generally Bowman v. Scion, __ N.C. App. __, 737 S.E.2d 384 (2012). A similar foundation could authenticate a surveillance photograph, but in our hypothetical, the State doesn’t know how the picture was taken, and so can’t authenticate the picture in this way either.
But other methods of authentication may be possible. Under Rule 901(a), “[t]he requirement of authentication . . . is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” The Rule lists several methods of authentication, but they are “[b]y way of illustration only, and not by way of limitation.” N.C. R. Evid. 901(b). In our hypothetical, there are a few avenues the State might pursue to authenticate the photograph.
The fact that the picture was posted to the defendant’s account. With electronic communications like emails and text messages, the key to authentication is establishing who likely authored the communication, and it is powerful evidence of authorship when a communication comes from an account linked to a specific person. By contrast, with a photograph, it doesn’t really matter who took the picture, and the fact that the picture was posted to the defendant’s account doesn’t shed much light on who took it anyhow. But the State still has a reasonable argument that the fact that the picture was on the defendant’s Facebook page tends to support its authenticity. Courts have noted that digital images can be altered. People v. Lenihan, 30 Misc.2d 289 (N.Y. Sup. 2010) (defendant properly was barred from cross-examining prosecution witnesses about “photographs that [the defendant’s] mother downloaded from [MySpace]” suggesting that the witnesses were gang members; “[i]n light of the ability to ‘photo shop’, edit photographs on the computer, defendant could not authenticate the photographs”). However, the fact that the defendant chose to display the picture on his own page suggests that he didn’t think the picture was misleading or falsified, and tends to support its genuineness.
The context in which the picture is placed. The relationship between the picture and the other content on the defendant’s Facebook page is also relevant. If the page is devoted to the defendant’s love of puppetry and ceramic unicorns, and the picture at issue is the only thing on the page suggestive of gang affiliation, it is more likely that the picture is satirical, misleading, or was planted on the page by a nefarious interloper. If the page is an unbroken string of drug and gang references, the picture is more likely to be genuine. People v. Valdez, 201 Cal. App. 4th 1429 (Cal. Ct. App. 4th Dist. 2011) (the prosecution adequately authenticated photographs printed from the defendant’s MySpace page that showed him making gang signs; the overall content of the page, including the interests reflected there and responses by the defendant’s friends and family, “suggested the page belonged to [the defendant] rather than someone else by the same name, who happened to look just like him”; and the photograph was in keeping with the gang-related theme of the page, which tended to support its authenticity).
Metadata. Finally, digital photographs often contain metadata – embedded information about when a picture was taken, where it was taken, and the camera with which it was taken. In some instances, metadata might be relevant to authentication. If a witness with the proper expertise were able to review the metadata and to testify that the metadata revealed that the picture had not been altered, that also would tend to support authentication. Cf. People v. Buckley, 185 Cal. App. 4th 509 (Cal. Ct. App. 2nd Dist. 2010) (prosecution was wrongly allowed to introduce a photograph, obtained from a witness’s MySpace page, of the witness flashing gang signs; however, based on prior case law, the court suggested that the picture may have been admissible with “evidence of when and where the picture was taken” and testimony from “a photographic expert . . . that the picture was not a composite and had not been faked”).
How high a hurdle is authentication? The hypothetical at the beginning of this post didn’t include any information about metadata or the other contents of the defendant’s Facebook page. Plus, the law isn’t settled in this area, particularly in North Carolina. Therefore, I don’t have a conclusive answer to my own question, but as a practical matter, the answer may hinge in part on how certain a court must be about authenticity before it will allow the evidence to be introduced. The black-letter law is that authentication is a relatively low hurdle. State v. Mercer, 89 N.C. App. 714 (1988) (noting approvingly that “federal courts have held that a prima facie showing, by direct or circumstantial evidence, such that a reasonable juror could find in favor of authenticity, is enough”). But courts around the country seem to be approaching digital evidence carefully, and perhaps requiring greater certainty about the nature of digital evidence before admitting it.
What does it mean to access a computer without authorization? It’s an important question. North Carolina’s computer crime statutes appear at G.S. 14-453 et seq. Among other things, the statutes make it illegal “willfully and without authorization . . . [to] access . . . any computer.” The crime of unauthorized access is more serious if the computer in question is a government computer, or if the person accessing the computer is doing so for fraudulent purposes. The principal federal computer crime statute, 18 U.S.C. § 1030, contains somewhat similar provisions.
At first, the issue of authorization seems straightforward. The North Carolina statutes define “authorization” as “having the consent or permission of the owner . . . to access a computer . . . in a manner not exceeding the consent or permission.” But consider a couple of scenarios.
1. A law clerk is instructed by the judge for whom she works that she should not use her work computer to access the internet, except for legal research. The clerk generally abides by the judge’s policy, but the morning after the Duke-UNC basketball game, she can’t resist going to the Duke Basketball Report to read about the Devils’ big win. Has she “exceed[ed] the . . . permission” of the judge and thereby committed a crime? (I know that some of you would say that rooting for Duke is a crime, but that’s not what I mean!)
2. A high school student joins MySpace under a false name, creating a bogus profile inspired by a satirical character who appeared in a story the student read on The Onion. Although intended as a joke, this violates MySpace’s terms of service policy, which requires all profiles to be created under the user’s true name. Did the student access MySpace’s computer servers “without authorization”?
3. A grant writer for a nonprofit is terminated for poor job performance. She is told to leave the building immediately, but instead, she returns to her office briefly and removes several personal files from her office computer. Has she committed a crime?
Having once been a law clerk who was instructed not to access the internet except to do legal research, I hope that the answer to (1) is no, but I fear that it is a straightforward yes. (I can neither confirm nor deny ever having visited the Duke Basketball Report during my clerkship year, however.)
Scenario (2) is, as they say in Hollywood, “based on a true story,” except the real story is the sad and serious Megan Meier/Lori Drew case, also known as the MySpace suicide case. The case is described here, as is the presiding federal judge’s ruling that violating a website’s terms of service does not amount to accessing a computer without authorization, because “[i]t basically leaves it up to a website owner to determine what is a crime. And therefore it criminalizes what would be a breach of contract.” My immediate reaction is that all crimes involving lack of consent or lack of authorization “leave it up to [the person who grants, withholds or limits consent] to determine what is a crime.” However, the federal Department of Justice initially appealed the ruling, then dropped its appeal — so perhaps the ruling is more soundly grounded than it appears at first blush.
Scenario (3) is a significantly modified version of the facts in State v. Ramos, 363 N.C. 352 (2009). Ramos was reversed based on an instructional error, and the opinion doesn’t really answer the question I posed. Generally, it seems to me that the employer can bar the former employee from accessing the computer, meaning that the conduct described in the scenario is a crime. However, I suspect that as a matter of civil law, the employer must make the employee’s personal files available to the employee within a reasonable period of time, at least if it didn’t violate company policy for the employee to store personal files on her work computer.
If you have other interesting or questionable scenarios to share, please send me an email or post a comment. Those interested in further reading can check out this post about a recent federal court of appeals opinion in this area.