Applying the Rules of Evidence Related to Authentication to Online Sources

Evidence law has special rules that require someone who wants to introduce a document to first introduce “foundation” evidence that shows the document was indeed written by the person who supposedly wrote it; this is called “authentication.” Griffin v. State, decided by Maryland’s highest court on April 28, has an interesting discussion of how those rules play out with regard to online sources. The case itself involved the authentication of a MySpace Web page, but the discussion can apply to many other online sources as well.

Note that this is a different matter than deciding the reliability of an online source, or the admissibility in other respects of an online source (e.g., whether the source contains inadmissible hearsay). It is also a different matter than deciding the factual authenticity of the source given a dispute about the foundation evidence (e.g., if A denies that he wrote a Web page, but B testifies that he had heard A say he did write the Web page). The question is simply what factual foundation — however disputed that factual foundation might be — has to be presented before the document can even be introduced into evidence. It would then be up to the jury to resolve any factual disputes related to that foundation evidence.

Here’s the court’s discussion of some ways that Web page such as a Myspace page can be authenticated in the legal sense, so that the sites’ contents can be introduced as evidence:

The first, and perhaps most obvious method would be to ask the purported creator if she indeed created the profile and also if she added the posting in question, i.e. “[t]estimony of a witness with knowledge that the offered evidence is what it is claimed to be.” The second option may be to search the computer of the person who allegedly created the profile and posting and examine the computer’s internet history and hard drive to determine whether that computer was used to originate the social networking profile and posting in question…. A third method may be to obtain information directly from the social networking website that links the establishment of the profile to the person who allegedly created it and also links the posting sought to be introduced to the person who initiated it….

Simply observing that the page contains a good deal of personally identifying information about the ostensible author is not enough. “[T]he picture of Ms. Barber, coupled with her birth date and location, were not sufficient ‘distinctive characteristics’ on a MySpace profile to authenticate its printout, given the prospect that someone other than Ms. Barber could have not only created the site, but also posted the ‘snitches get stitches’ comment. The potential for abuse and manipulation of a social networking site by someone other than its purported creator and/or user leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication than merely identifying the date of birth of the creator and her visage in a photograph on the site in order to reflect that Ms. Barber was its creator and the author of the ‘snitches get stitches’ language.”