By Michele Bush
April 20, 2023
Electronic data, referred to as Electronically Stored Information ("ESI") in the legal community, is information derived from electronic devices or Electronic Servicer Providers ("ESP"), such as Google and Facebook. ESI is relied upon in nearly every civil and criminal matter and, often times, is the "smoking gun" to win your case. Whether you need to save messages amid a contentious divorce, produce emails from a disgruntled ex-employee, or prove damages from an unauthorized network intrusion, ESI can be crucial to proving your case.
A simple Google search for "save my text messages" or "download my emails" will provide a plethora of options for free applications, websites, and low-cost services to save your data. Some sources even offer DIY instructions. Although these methods may allow you to save data of interest, there are important considerations before collecting ESI and disclosing it in your case.
According to the Federal Rules of Evidence, Rule 901, the authentication of data is to satisfy the requirement that the evidence is sufficient to support a finding that the item is what the proponent claims it is. This includes any form of ESI such as text messages, call logs, emails, among virtually limitless forms of electronic evidence.
For example, a company filed a lawsuit ("Plaintiff") against a terminated employee ("Respondent") for violation of a non-compete agreement. Plaintiff alleges that the Respondent stole customer information and solicited other employees to work for a competitor. Plaintiff submitted screenshots of text messages which appear to show that the Respondent did, in fact, solicit services and requested that the employee continue their client relationship through the competitor's business. Respondent vehemently denies sending any such text messages and attacks the authenticity of the screenshots.
If you are the company in this example, you are now scrambling to satisfy the requirements of Rule 901 within the court's imposed deadline to prove that the text messages are authentic. This likely means contacting digital forensic examiners, vetting experts, trying to locate the phone with the text messages, hoping the messages are not deleted, arranging a forensic analysis, and incurring expedited fees to obtain the necessary documentation to authentic your evidence in a timely manner.
The Respondent, on the other hand, can hire an expert to forensically analyze their phone to demonstrate that the text messages do not exist on the phone in their possession and explain how easily text messages can be fabricated using free publicly available tools online or by switching the name of the contact on their phone.
To avoid these issues, when a litigant identifies any ESI as potential evidence in a case, best practices for collecting and preserving that data should be followed and disclosed in a manner that its authenticity cannot be disputed. This is commonly accomplished through a Certificate of Authenticity from the custodian who provided the information.
Data authenticity is not the only factor to successfully admitting evidence in criminal or civil litigation. Reliable data is that which is a complete and accurate representation of the information at issue. The reliability of data is determined through scientific analysis, validation, and peer-reviewed.
In our example, let assume the Respondent is a tech-savvy user and didn't hire an independent expert because they created their own software application to extract text messages from their cell phone. Based on that report, the text messages of interest alleged by Plaintiff were never sent. The reports generated by that software and disclosed could, theoretically, be authenticated. However, this leaves the Plaintiff unable to effectively challenge the data since it is entirely dependent upon the functionality of software in Respondent's sole possession.
A famous example of challenged reliability are the breathalyzers. Despite the authenticity of the results from breathalyzers, lawyers began challenging the reliability of that data. Scientific testing of the breathalyzers revealed there was an approximate margin of error of over 15 percent. This meant that results from the breathalyzer that fell within the margin of error were unreliable.
The reliability of electronic evidence is predominantly determined through scientific research, testing, and replicability. For this reason, forensic software tools are constantly tested, validated, and updated when bugs are identified. Additionally, forensic examiners often use more than one specialized forensic tool when collecting, analyzing, and reporting their findings from electronic data to ensure it can be replicated and confirmed by any expert. It is through this scientific process that electronic data and presumed conclusions from that data are considered more probable than not and, therefore, reliable.
The process of collecting, preserving, analyzing, and presenting evidence extracted from electronic devices and service providers demands that the examiner have the technical expertise to follow industry-standard best practices and procedures. Because there are seemingly unlimited combinations of devices with operating systems and software applications it is crucial to understand what techniques should be executed for the specific type of evidence and data to be collected. Data can also be highly volatile and should be handled with extreme care to ensure the integrity of the evidence is not compromised while in the possession of the examiner.
Although a lay person may have a basic understanding on how to extract or document data from electronic devices, this does not necessarily guarantee the data extracted is complete or accurately represented. Without having the technical expertise, following best practices and using forensic tools, data can be inadvertently or purposely misinterpreted, lost or modified by the user and non-forensic tools during the extraction process. Only those trained in the field of digital forensics should handle digital evidence to avoid tampering with and mishandling evidence. Failure to do often results in the suppression of evidence pertinent to the case.
In addition to training and experience, vetted experts must conduct themselves with the highest standard of honesty, integrity, ethics, and professionalism. Furthermore, expert opinions should be based on scientific processes and remain impartial in their decision making. Prior to accepting a case, experts also run conflict checks to ensure there is no bias for either party involved. For these reasons, expert reports and testimony are exceptionally powerful devices in criminal and civil litigation because they are neutral and scientific.