Maryland Supreme Court Rejects “Circumstantial Authentication” Standard for MySpace Evidence — Griffin v. Maryland
[Post by Venkat Balasubramani]
Griffin v. Maryland, No. 74 (Maryland; Apr. 28, 2011)
I blogged last year about a case in Maryland where the court allowed prosecutors to authenticate a witness’s MySpace page merely by accessing it from the internet, printing it out, by testifying that the page contained a photo of the witness and bore the witness’s birthdate. (“MySpace Evidence: Maryland Appeals Court Allows Circumstantial Authentication.”) The trial court admitted the evidence and the intermediate appeals court held that the profile could be “circumstantially authenticated,” and that it was up to the jury to determine whether or not the printout depicted the MySpace page of the witness. The State’s highest court* disagreed, and held that the MySpace printout was not properly authenticated, and remanded for a new trial.
Background: The defendant was convicted of murder. His first trial ended in a mistrial. At the second trial, one of the witnesses changed his testimony, and in order to explain the discrepancy in the testimony, the prosecutor argued that the defendant’s girlfriend Jessica Barber “had threatened [the witness] before the first trial.” In connection with this argument, the prosecution offered Ms. Barber’s MySpace profile page which contained the following blurb:
FREE BOOOZY!!! JUST REMEMBER SNITCHES GET STITCHES!! U KNOW WHO YOU ARE!!
Ms. Barber was not called to authenticate the MySpace page. The prosecution instead called a police officer who testified that he visited the website on December 5, 2006, the date on the printout of the page.
The Court’s Opinion: The court noted that “[a]nyone can create a MySpace profile at no cost, as long as that person has an email address and claims to be over the age of fourteen.” The court also noted that there is no guarantee that the person who creates the account is actually the person who is depicted as the account-holder:
The identity of who generated the profile may be confounding, because ‘a person observing the online profile of a user with whom the observer is acquainted has no idea whether the profile is legitimate.’ The concern arises because anyone can create a fictitious account and masquerade under another person’s name or can gain access to another’s account by obtaining the user’s account name and password . . . .
The possibility for user abuse also exists on MySpace, as illustrated by United States v. Drew, 259 F.R.D. 449 (D. C.D. Cal. 2009), in which Lori Drew, a mother, was prosecuted under the Computer Fraud and Abuse Act . . . for creating a MySpace profile for a fictitious 16-year old male named ‘Josh Evans.’ . . . .
The potential for fabricating or tampering with electronically stored information on a social networking site, thus poses significant challenges from the standpoint of authentication of printouts of the site, as in the present case.
The court states that regardless of the possibilities for abuse, authentication is still governed by general evidence principles and the applicable rules. The state argued that the photograph, personal information, and the references to the defendant “were sufficient to enable the finder of fact to believe that the pages printed from MySpace were indeed [the witness's].” The court disagrees, noting that the lower court: “failed to acknowledge the possibility or likelihood that another user could have created the profile in issue or authored the ‘snitches get stitches’ posting.” The court held that the purportedly ‘distinctive’ elements put forth by the state were not sufficiently distinctive:
The potential for abuse and manipulation of a social networking site by someone other than its purported creator and/or user leads to our conclusion that a printout of an image from such a site requires a greater degree of authentication than merely identifying the date of birth of the creator and her visage in a photograph on the site in order to reflect that [the witness] was its creator and the author of the ‘snitches get stitches’ language.
The court looks to other cases which similarly hold that the potential for abuse with respect to social network-based evidence requires a higher standard of scrutiny for authentication. For example, in Commonwealth v. Williams, the court ruled that the admission of MySpace messages was improper because there was no evidence regarding “who had access to the MySpace page and whether another author . . . could have virtually-penned the messages . . . .”
Guidance for Authentication: The court lays out possible ways in which a party seeking to admit profile evidence could go about authenticating it. One option would be “to ask the purported creator if she indeed created the profile and also if she added the posting in question.” As I noted in my earlier post about this case, the state inexplicably failed to do this in this case. A second option is to “search the computer of the person who allegedly created the profile . . . to determine whether that computer was used to originate the social networking profile and posting in question.” This is fairly invasive, particularly if the profile or message in question is from a witness rather than from the party. The third method is to obtain information “directly from the social networking website that links the establishment of the profile to the person who allegedly created it and also links the posting sought to be introduced to the person who initiated it.”
The Dissent: Two dissenting judges accuse the majority of having a case of the “technological heebie-jeebies,” and note that the key question is whether a “reasonable juror” could conclude that the evidence in question was authentic. In other cases where the authenticity of a piece of evidence is disputed, the typical practice is to let the jury make the call, unless the court concludes that “no reasonable juror” could find the evidence authentic. The dissenting judges fault the majority for not following the same practice in this case.
The court’s conclusion highlights two interesting points. First, there is little guarantee that a particular profile may turn out to be authentic. It is frighteningly easy for someone to create a profile in another person’s name. People litter the internet with their “distinctive attributes,” and it’s equally easy for someone to create a profile in another person’s name which contains purported “unique attributes” of that other person.
Another point which the court touches on but does not delve into is the fact that even if there is some assurance that the particular profile belongs to the witness in question, there is not always a guarantee that the statement on the site was made by the witness. The statement on a person’s social networking profile could be made by a third party, and it would be difficult to discern this from a printout. Whether a third party could post a statement to a person’s social networking profile would depend on the network in question, and the person’s own privacy settings. As we all know, the average person is not necessarily tuned in to the nuances of the privacy settings of various social networking sites. Given all of this, it makes sense to set a fairly high bar for admission of this type of evidence. (Interestingly, the court distinguishes between authentication of social networking evidence and authentication of “e-mails, instant messaging correspondence, and text messages.” According to the court, this type of evidence differs significantly because it is “sent directly from one party to an intended recipient or recipients, rather than published for all to see.”)
* The state’s highest court is called “Court of Appeals of Maryland” for some reason.