Authentication of Facebook Messages

From State v. Eleck, 130 Conn. App. 632, 23 A.3d 818 (2011):

The defendant first claims that the court abused its discretion in excluding from evidence a printout from his Facebook account documenting electronic messages purportedly sent to him by Judway from her Facebook account. We do not agree.

***As a witness for the state, Judway offered key testimony that, prior to the physical altercation, the defendant had told her that "if anyone messes with me tonight, I am going to stab them." Subsequently, during cross-examination, defense counsel sought to impeach Judway's credibility by asking her whether she had spoken with the defendant in person since the incident. She responded that she had seen the defendant in public but had not spoken to him in person, by telephone or by computer. Defense counsel then showed Judway a printout purporting to show an exchange of electronic messages between the defendant's Facebook account and another account under the user name "Simone Danielle." Judway identified the user name as her own, but denied sending the messages to the defendant. She also testified that someone had "hacked" into her Facebook account and changed her password "two [to] three weeks" ago such that she had been unable to access it subsequently.

Footnote 2. The document contains the following exchange of unaltered messages from April 28, 2009:

"Simone Danielle: Hey I saw you the other day and I just want to say nice bike.

"[The Defendant]: why would you wanna talk to me

"Simone Danielle: I'm just saying that you have a nice bike that's all. The past is the past.

"[The Defendant]: yup thanks

"Simone Danielle: No problems"

Footnote 3. The defendant's counsel appears to have transposed the user name; she repeatedly referred to the user name as "Danielle Simone" although the user name that appears on the document is "Simone Danielle." As stated in the transcript, counsel requested that Judway examine the document and then asked her:

"This is your Facebook name; is that correct, 'Danielle Simone'?" Judway responded, "Yes." Thereafter, when defense counsel asked the defendant whether he had received Facebook messages from "Danielle Simone," he corrected her, clarifying that he received the messages from "Simone Danielle." Neither the state nor the defendant took issue with counsel's verbal miscue, either at the trial or in their appellate briefs, and the court did not mention it in ruling on the objection. In light of these facts, we conclude that the miscue has no bearing on our consideration of this appeal.

On the following day, during the defendant's testimony, his counsel offered into evidence the defendant's Facebook printout containing messages purportedly from Judway. The state objected on the grounds that the authorship of the messages could not be authenticated and the document was irrelevant. In response, to authenticate the document, the defendant testified that he downloaded and printed the exchange of messages directly from his own computer. He also advanced testimony that he recognized the user name, "Simone Danielle," as belonging to Judway because she had added him as a Facebook "friend" a short time before he received the message. He testified that the "Simone Danielle" profile contained photographs and other entries identifying Judway as the holder of that account. Finally, he testified that when he logged in to his Facebook account after the previous day's testimony, user "Simone Danielle" had removed him from her list of Facebook "friends." The defendant's counsel then argued that based on this testimony and Judway's identification of her user name, there was a sufficient foundation to admit the document for the jury's consideration. The court, however, sustained the state's objection on the ground that the defendant had not authenticated that the messages were written by Judway herself. The defendant claims that this determination was improper. ***

§ 9-1 (a) of the Connecticut Code of Evidence provides: "Requirement of authentication. The requirement of authentication as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the offered evidence is what its proponent claims it to be." Where documents are not self-authenticating, the prima facie showing of authenticity may be made in a variety of ways including, but not limited to, the following: "(1) A witness with personal knowledge may testify that the offered evidence is what its proponent claims it to be. . . . (3) The trier of fact or an expert witness can authenticate a contested item of evidence by comparing it with preauthenticated specimens. . . . (4) The distinctive characteristics of an object, writing or other communication, when considered in conjunction with the surrounding circumstances, may provide sufficient circumstantial evidence of authenticity." (Citations omitted.) Conn. Code Evid. § 9-1 (a), commentary.

Footnote 4. The defendant does not argue that the Facebook messages were self-authenticating. Typically, electronic messages do have self-identifying features. For example, e-mail messages are marked with the sender's e-mail address, text messages are marked with the sender's cell phone number, and Facebook messages are marked with a user name and profile picture. Nonetheless, given that such messages could be generated by a third party under the guise of the named sender, opinions from other jurisdictions have not equated evidence of these account user names or numbers with self-authentication. Rather, user names have been treated as circumstantial evidence of authenticity that may be considered in conjunction with other circumstantial evidence. See, e.g., Commonwealth v. Purdy, 459 Mass. 442, 450, 945 N.E.2d 372 (2011) (evidence that electronic communication originates from e-mail or social networking website that bears purported author's name is not sufficient alone to authenticate it).

Although we have not found any Connecticut appellate opinions directly on point regarding the authentication of electronic messages from social networking websites, we are aware that federal courts as well as sister jurisdictions have written on this subject. We know, as well, that "[w]here a state rule is similar to a federal rule we review the federal case law to assist our interpretation of our rule." (Internal quotation marks omitted.) Jacobs v. General Electric Co., 275 Conn. 395, 407, 880 A.2d 151 (2005). Rule 901 of the Federal Rules of Evidence is consistent with § 9-1 (a) of the Connecticut Code of Evidence, except that rule 901 (b) contains an additional list of illustrations. See State v. Swinton, 268 Conn. 781, 811 n.28, 847 A.2d 921 (2004). Accordingly, it is helpful to consider relevant federal case law, as well as the opinions of sister states whose rules of evidentiary authentication are similar.

The precise issue raised here is whether the defendant adequately authenticated the authorship of certain messages generated via Judway's Facebook account. The need for authentication arises in this context because an electronic communication, such as a Facebook message, an e-mail or a cell phone text message, could be generated by someone other than the named sender. This is true even with respect to accounts requiring a unique user name and password, given that account holders frequently remain logged in to their accounts while leaving their computers and cell phones unattended. Additionally, passwords and website security are subject to compromise by hackers. Consequently, proving only that a message came from a particular account, without further authenticating evidence, has been held to be inadequate proof of authorship. See, e.g., Commonwealth v. Williams, 456 Mass. 857, 869, 926 N.E.2d 1162 (2010) (admission of MySpace6 message was error where proponent advanced no circumstantial evidence as to security of MySpace page or purported author's exclusive access).

As a word of caution, however, we note that some have opined that the present lexicon and body of rules for authenticating the authorship of traditional documents is adequate with respect to electronic documents.7 See P. Grimm et al., "Back to the Future: Lorraine v. Markel American Insurance Co. and New Findings on the Admissibility of Electronically Stored Information," 42 Akron L. Rev. 357, 362 (2009). As Pennsylvania's intermediate appellate court articulated in a case similar to the present one, "[the] appellant would have us create a whole new body of law just to deal with e-mails or instant messages. . . . However, the same uncertainties [that exist with electronic documents] exist with traditional written documents. A signature can be forged; a letter can be typed on another's typewriter; distinct letterhead stationary can be copied or stolen. We believe that e-mail messages and similar forms of electronic communication can be properly authenticated within the existing framework of [the rules of evidence]. . . . We see no justification for constructing unique rules for admissibility of electronic communications such as instant messages; they are to be evaluated on a case-by-case basis as any other document to determine whether or not there has been an adequate foundational showing of their relevance and authenticity." (Citation omitted.) In re F.P., 878 A.2d 91, 95-96 (Pa. Super. 2005).

Footnote 7. There are other issues concerning the admissibility of electronically stored information, however, that may test the limits of current rules more acutely. For example, in the case of a website that is frequently updated, issues may arise as to how to authenticate the content of the website as it appeared at a particular moment in the past. See Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 553 (D. Md. 2007). Additionally, besides authentication issues, the evidentiary use of electronically stored information may raise novel issues regarding the rules on hearsay and original writings. See, e.g., Connecticut Light & Power Co. v. Gilmore, 289 Conn. 88, 116-17, 956 A.2d 1145 (2008) (articulating guidelines for the admissibility of printouts of electronic records under the business records exception).

We agree that the emergence of social media such as e-mail, text messaging and networking sites like Facebook may not require the creation of new rules of authentication with respect to authorship. An electronic document may continue to be authenticated by traditional means such as the direct testimony of the purported author or circumstantial evidence of "distinctive characteristics" in the document that identify the author. See Conn. Code Evid. § 9-1 (a), commentary.

Nevertheless, we recognize that the circumstantial evidence that tends to authenticate a communication is somewhat unique to each medium. For example, in the context of a telephone call, our Supreme Court has instructed that "[a] sufficient foundation is laid when the subject matter of the conversation, evidence of its occurrence, and prior and subsequent conduct of the parties fairly establish the identity of the person with whom conversation occurred." International Brotherhood of Electrical Workers Local 35 v. Commission on Civil Rights, 140 Conn. 537, 547, 102 A.2d 366 (1953). Alternatively, this court held that the authorship of letters on a computer hard drive could be authenticated by the mode of expression of the writing, detailed references to the defendant's finances and circumstantial evidence linking the defendant's presence at home with the time the letters were created on his home computer. See State v. John L., 85 Conn. App. 291, 298-302, 856 A.2d 1032, cert. denied, 272 Conn. 903, 863 A.2d 695 (2004). Specifically in the case of electronic messaging, Maryland's highest court has suggested that a proponent of a document might search the computer of the purported author for Internet history and stored documents or might seek authenticating information from the commercial host of the e-mail, cell phone messaging or social networking account. See Griffin v. State, 419 Md. 343, 363-64, 19 A.3d 415 (2011); see also People v. Clevenstine, 68 App. Div. 3d 1448, 1450-51, 891 N.Y.S.2d 511 (2009) (authorship of MySpace messages authenticated where police retrieved record of conversations from victims' hard drive and MySpace officer testified that defendant had created the sending account), appeal denied, 14 N.Y.3d 799, 925 N.E.2d 937, 899 N.Y.S.2d 133 (2010).

In the present case, the defendant proffered evidence as to the accuracy of the copy and Judway's connection to the Facebook account. He also proffered evidence that Judway had added him to her list of Facebook "friends" shortly before allegedly sending the messages, and then removed him as a friend after testifying against him at the trial. Specifically in regard to authorship, however, the direct testimony of the purported author, Judway, contradicted the defendant's assertion. While admitting that the messages were sent from her Facebook account, she simultaneously denied their authorship. She also suggested that she could not have authored the messages because the account had been "hacked." Although this suggestion is dubious under the particular facts at hand, given that the messages were sent before the alleged hacking of the account took place, Judway's testimony highlights the general lack of security of the medium and raises an issue as to whether a third party may have sent the messages via Judway's account. Consequently, we agree with the trial court that the fact that Judway held and managed the account did not provide a sufficient foundation for admitting the printout, and it was incumbent on the defendant, as the proponent, to advance other foundational proof to authenticate that the proffered messages did, in fact, come from Judway and not simply from her Facebook account.

The defendant claims, nevertheless, that he did offer circumstantial evidence that Judway sent the messages. Specifically, he argues that the content of the messages identified Judway as the author. For example, when he sent the message asking "why would you wanna talk to me," the other party replied, "The past is the past." The defendant contends that this indicated that the author knew of the criminal case and, therefore, must have been Judway.

We are not convinced that the content of this exchange provided distinctive evidence of the interpersonal conflict between the defendant and Judway. To the contrary, this exchange could have been generated by any person using Judway's account as it does not reflect distinct information that only Judway would have possessed regarding the defendant or the character of their relationship. In other cases in which a message has been held to be authenticated by its content, the identifying characteristics have been much more distinctive of the purported author and often have been corroborated by other events or with forensic computer evidence. See, e.g., State v. John L., supra, 85 Conn. App. 298-302; see also United States v. Siddiqui, 235 F.3d 1318, 1322-23 (11th Cir. 2000) (e-mails authenticated not only by defendant's e-mail address but also by inclusion of factual details known to defendant that were corroborated by telephone conversations), cert. denied, 533 U.S. 940, 121 S. Ct. 2573, 150 L. Ed. 2d 737 (2001); United States v. Tank, 200 F.3d 627, 630-31 (9th Cir. 2000) (author of chat room message identified when he showed up at arranged meeting); United States v. Safavian, 435 F. Sup. 2d 36, 40 (D.D.C. 2006) (e-mail messages authenticated by distinctive content including discussions of various identifiable personal and professional matters); Dickens v. State, 175 Md. App. 231, 237-41, 927 A.2d 32 (2007) (threatening text messages received by victim on cell phone contained details few people would know and were sent from phone in defendant's possession at the time); State v. Taylor, 178 N.C. App. 395, 412-15, 632 S.E.2d 218 (2006) (text messages authenticated by expert testimony about logistics for text message receipt and storage and messages contained distinctive content, including description of car victim was driving); In re F.P., supra, 878 A.2d 93-95 (instant electronic messages authenticated by distinctive content including author's reference to self by name, reference to surrounding circumstances and threats contained in messages that were corroborated by subsequent actions); Massimo v. State, 144 S.W.3d 210, 215-17 (Tex. App. 2004) (e-mails authenticated where e-mails discussed things only victim, defendant, and few others knew and written in way defendant would communicate). Compare Griffin v. State, supra, 419 Md. 347-48 (admission of MySpace pages was reversible error where proponent advanced no circumstantial evidence of authorship). Consequently, we conclude that the reference in the message to an acrimonious history, with nothing more, did not sufficiently establish that Judway authored the messages such that it would be an abuse of discretion to exclude the document.

Finally, the defendant argues that the messages could be authenticated under the "reply letter" doctrine. We are not convinced. Under that doctrine, "letter B is authenticated merely by reference to its content and circumstances suggesting it was in reply to earlier letter A and sent by addressee of letter A . . . ." Conn. Code Evid. § 9-1 (a), commentary (4). We note, however, that "[t]he mere fact that a letter was sent and a reply received does not automatically authenticate the reply; circumstances must indicate that the reply probably came from the addressee of the letter." C. Tait & E. Prescott, Connecticut Evidence (4th Ed. 2008) § 9.7, p. 630; see also Connecticut Limousine Service, Inc. v. Powers, 7 Conn. App. 398, 401, 508 A.2d 836 (1986). Here, there was a lack of circumstantial evidence to verify the identity of the person with whom the defendant was messaging. Consequently, the reply letter doctrine is inapposite.

Footnote 10. We note that we need not and do not opine on the applicability of the reply letter doctrine to electronic messaging. See 2 C. McCormick, Evidence (6th Ed. 2006) § 227, p. 73.

Share this article:

Share on facebook
Share on twitter
Share on linkedin
Share on email

Recent Posts