The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1048931
P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | F A L L 2 0 1 8 63 author, emoji author). Forensic metadata about the collection includes the page URL, the capture timestamp (when we collected the page), and several hash values for authentication (native format digest, PDF digest, etc.) There are several other pieces of metadata we record, such as the server requests and responses when we collect from a site. You have a complete audit trail, which establishes the digital chain of custody, and makes it easy to authenticate. How are courts treating social media evidence in the discovery process? Are their cases or case law to support the collection/review that you are aware of? Social media evidence is discoverable under the Rules of Civil Procedure, and it's admissible as evidence in court. If the content is publicly available, it's generally considered fair game. You can also make a request for production of private content if you show to the court that's it relevant to the litigation. Suppose you're defending a personal injury case and the plaintiff claims they're unable to do any physically strenuous activity. Even though their account is private, you can see the plaintiff rock climbing in their profile picture (which is visible to the public). You can use that picture as a good faith basis for requesting the private content. You're more likely to prevail if you keep your request specific and proportional to the needs of the case–not necessarily asking for every single post, but keeping it to a certain date range. (This is consistent with the 2015 amendments to the Federal Rules of Civil Procedure.) When you get to court, the threshold test is authentication. There are two schools of thought when it comes to social media evidence. Some courts follow the Maryland approach (Griffin line of cases), and others take the Texas approach (Tienda line of cases). The Maryland approach is strict, and you have to convince the court that the account EG wasn't hacked and the content isn't fake. The Texas approach, on the other hand, follows the usual rules of authentication. You can get the content into evidence if there is sufficient proof. Such proof includes the "distinctive characteristics" of the evidence in accordance with FRE 901(b) (4). If what you're offering into evidence has the distinctive characteristics of a social media page (looks the way it should, works the way it should), then a jury can make the factual determination of authenticity. My understanding is that most courts are now taking the Texas approach. Also, attorneys should keep in mind the new Federal Rules 902(13) and (14) which allow for self- authenticating ESI. Basically, you don't need a live witness at trial to lay a foundation; you can reply upon the certification of a qualified person, which likely means a forensic collections provider. What are some concerns attorneys must be aware of when dealing with social media? When it comes to social media, the big one is you can't subpoena Facebook and other social media companies to get discovery of someone's account. Most companies will rely on the Stored Communications Act, which prohibits a service provider from disclosing the contents of communications on their service. If an account is private, it's best to request access from the other side or to make a motion to compel discovery. A compelling argument will be needed to demonstrate there's likely to be relevant evidence to be found. There are definitely ethical considerations. Attorneys shouldn't be messaging parties, sending friend requests or using pretext to gain access to private social media. At the same time, they should be careful about inadvertently making contact with witnesses and jurors when doing research on social media sites. EG Attorney should also be mindful of spoliation and loss of evidence. While it might be okay for a party to change his privacy settings on your social media, a party to litigation has a duty to preserve content, and they should not delete or edit anything once a trigger event has occurred. What are some the privacy issues that concern you when it comes to social media collection/review? In terms of private social media, the first rule needs to be authorization. When a party's social media is private, you need to be mindful of ethics (no friending or pretext to gain access), as well as the Stored Communications Act. There is a case Ehling v. Monmouth-Ocean Hospital Service, 961 F. Supp. 2d 659, 661–63 (D.N.J. 2013), where the employee had a private Facebook account, but many of her friends were coworkers. When her coworker saw certain posts she made, he shared them with management. The employee claimed this violated the Stored Communications Act. While the court found the employee's private Facebook was covered by the Act, it also determined she had effectively authorized access to her coworker, and this satisfied the "authorized user" exception. Importantly, the court noted the coworker hadn't been coerced by management and had provided the posts voluntarily. Certainly Ehling is very fact specific, and you won't always have a witness who will volunteer access. When an account is completely private, the best practice is to go through the regular discovery process, make a showing of relevance and proportionality, and request production. EG