Technology: Authenticating social media posts

Companies should be prepared to offer foundational evidence to authenticate any social media posts that are vital to a case.

Authentication of social media posts is a relatively new issue for most courts. The ease with which it is possible to set up a profile or post messages under another’s name has led many courts to be extremely strict in applying authentication requirements. So it is important to go beyond the façade of a social media profile or post to obtain foundational evidence that will authenticate what you wish to use in court.

Authentication is generally governed by Rules 104 and 901 of the Federal Rules of Evidence or similar state rules. Rule 901 states that “[t]he requirement of authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” Rule 901 provides several illustrations of various authentication methods, perhaps the most relevant for social media being “[t]estimony that a matter is what it is claimed to be” and “[a]ppearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.”

In the case of a social media website printout, the first authentication issue is simply whether the printout really is an accurate printout of the social media page that its proponent claims it to be. This can be readily proved by testimony from the person who printed out the page or by someone who confirmed the content with that appearing online. The more complicated and interesting authentication issue is whether the printout really is a post from the person whom the proponent claims. Courts have struggled with this issue.

For example, in Griffin v. State, 19 A.3d 415 (Ct. App. Md. 2011), Maryland’s highest court held that the trial court erred in admitting into evidence pages printed from a social media profile said to be that of the girlfriend of a criminal defendant nicknamed “Boozy.” The pages were not properly authenticated even though they were shown to have come from the MySpace profile of a female of the same age, from the same town and with the same birthday as the defendant’s girlfriend, and contained a photograph of the defendant and his girlfriend. The MySpace profile was under the name “Sistasouljah.” The pages included the following blurb: “FREE BOOZY!!!! JUST REMEMBER SNITCHES GET STITCHES!! U KNOW WHO YOU ARE!!”

The state put the pages into evidence to help explain why a witness’s story had been different at an earlier trial. In particular, the witness testified that the defendant’s girlfriend had threatened him prior to his testifying at the earlier trial, leading him to lie on the stand. Although the post was printed after the earlier trial, it was said to corroborate the witness’s testimony that the defendant’s girlfriend had threatened him.

The Griffin court noted:

The concern arises because anyone can create a fictitious account and masquerade under another person’s name or can gain access to another’s account by obtaining the user’s username and password . . . . The potential for fabricating or tampering with electronically stored information on a social networking site, thus poses significant challenges from the standpoint of authentication of printouts of the site . . . . We differ from our colleagues on the [intermediate] Court of Special Appeals, who gave short shrift to the concern that ‘someone other than the alleged author may have accessed the account and posted the message in question.’

Id. at 421-23. The Griffin court determined that the foundation laid was inadequate because the identifying characteristics purporting to link the post to the defendant’s girlfriend were not sufficient “distinctive characteristics” to authenticate the printouts.

The Griffin court identified three ways that such posts may be authenticated:

  1. Authentication may be provided by testimony from the person who created the profile and made the post that she had done so.
  2. Authentication may be provided by searching that person’s computer to examine the Internet history and hard drive to determine whether that computer had been used to create the profile and the post.
  3. Authentication may be provided by obtaining information directly from the social media website linking the profile and post to their creator.

Two judges dissented in Griffin, arguing that the possibility that someone other than the defendant’s girlfriend may have created the profile or posted the threatening message goes not “to the admissibility of the print-outs under Rule 5-901, but rather to the weight to be given the evidence by the trier of fact.” Id. at 430.

Other courts have ruled similarly. See, e.g., Commonwealth v. Purdy, 945 N.E.2d 372, 381-82 (Mass. 2011)(“defendant’s uncorroborated testimony that others used his computer regularly and that he did not author the e-mails was relevant to the weight, not the admissibility, of these messages”); People v. Fielding, 2010 WL 2473344, at *5 (Cal. Ct. App. June 18, 2010)(unpublished)(“the possibility that the incriminating [MySpace] messages purportedly coming from defendant were in fact sent or posted by someone else went to the weight of the evidence, not its admissibility”).

As courts gain experience and knowledge about the underlying technology, they will likely become more consistent in their application of authentication requirements. In the near term, while such decisions are still somewhat unpredictable, it would be prudent to be prepared to offer a great deal of foundational evidence to authenticate any social media posts that are vital to your case.

Partner

author image

Patrick Patras

Patrick L. Patras is a partner in the Chicago office of Hinshaw & Culbertson LLP. He concentrates his practice in the areas of intellectual property...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.