Internet evidence: How to authenticate evidence from the Internet under the new Illinois Rules of Evidence
The new Illinois Rules of Evidence, which went into effect January 1, 2011, codified for the first time ever, have followed the lead of the federal rules in providing straightforward means for the authentication of evidence taken from the Internet for admissibility. Federal case law and a nascent body of Illinois rulings point the way for authenticating Internet evidence for anything from using Google Maps for judicial notice to proving the screen identity of a chat room participant or establishing the particular Web page a company’s marketing department targeted Illinois residents with five years ago.
This article highlights the relative simplicity of the procedures and the novel applications under the rules to this point.
Types of Internet Evidence
There are essentially three different types of Internet evidence likely to be the subject of an inquiry into their authenticity: data posted on a Web site by the site’s owner, data posted on a Web site by others with the owner’s consent, and data posted on a Web site by others without the owner’s consent. In general, the first type is most common, the second type often involves chat room participants or Twitter-type postings, and the third type embraces postings or activity on a Web site by hackers or which are otherwise insufficiently attributed.
Internet Evidence Admissibility as “Non-Hearsay”
As a threshold matter, the Illinois Rules of Evidence, like the federal rules, do not generally permit statements offered into evidence to prove the truth of the matter asserted, other than those made by the declarant while testifying at the trial or hearing. Ill.R.Evid. 801-02. Nevertheless, Rule 801 expressly reserves three types of statements as “non-hearsay”: (1) prior inconsistent sworn statements of the declarant; (2) prior consistent statements in rebuttal to a charge “against the declaration of recent fabrication or improper influence or motive”; and (3) admissions of a party opponent. Ill.R.Evid. 801(d) (2011).
The first type is rare in the ambit of Internet evidence, but the second and especially the third are common. Courts have generally held statements made by an opposing party on its Web site admissible pursuant to Fed.R.Evid. 801(d)(2).1 However, as for statements made on a Web site by a third party, those statements will be inadmissible unless it can be shown that the statement was authored by or adopted by the opposing party.2
Rules Governing Authentication of Internet Evidence
For the first time ever, and effective as of January 1, 2011, the Illinois Supreme Court has codified its Rules of Evidence. The rules governing authentication of evidence are in Article IX, Authentication and Identification, and Article X, Contents of Writings, Recordings and Photographs, but the heart of the analysis germane to this discussion resides in Rules 901 and 902 in Article IX. Rule 901(a) of the Federal Rules of Evidence (“FRE”) is the template for Rule 901(a) of the Illinois Rules of Evidence, Requirement of Authentication or Identification, which follows FRE 901(a) verbatim:
(a) General Provision. The requirement of authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims. Ill.R.Evid. 901(a) (2011).
Like the federal rule, this is a highly relaxed standard, supported by a 10th Circuit case holding a criminal defendant’s chat room printout was properly authenticated and admissible where the criminal defendant’s screen identity of “Stavron” yielded his name and address.3 Although the 7th Circuit does not appear to have ruled on this issue as of yet, the Court cited Simpson in dicta in a 2007 ruling that the District Court’s admission of a chat in a nearly-identical criminal case where the defendant was convicted of multiple sexual exploitation and pornography offenses was not an abuse of discretion or prejudicial.4 Clearly, if such a standard of authentication is permissible in criminal cases where personal liberty is at stake, meeting the bar for a civil case will be at least as likely.
The other part of Rule 901, (b)1-10, is an exemplary not exhaustive enumeration of several illustrations of legitimate methods of authentication. These include: testimony of a witness with knowledge; nonexpert opinion on handwriting; comparison by trier of fact or expert witness; distinctive characteristics of the data or thing to be authenticated; voice identification; telephone conversations; public records or reports; ancient documents or data compilation; evidence describing a process or system; and any other method of authentication or identification provided by statute or rules promulgated by the Supreme Court.
Some forms of Internet evidence are admissible by judicial notice. Rule 201, Judicial Notice of Adjudicative Facts, under Article II, permits judicial notice, restricting such notice taken to the type of adjudicative fact that is “not subject to reasonable dispute in that it is either (1) generally known within the territorial jurisdiction of the trial court or (2) capable of accurate and ready determination by resort to sources which cannot reasonably be questioned.” Ill.R.Evid. 201 (2011).
An intriguing line of Illinois Appellate cases relevant to the second part of this rule has emerged over the past several years in both criminal and civil cases. Illinois courts have ruled that “information from mainstream Internet sites such as Map Quest and Google Maps is reliable enough to support a request for judicial notice.”5 Judicial notice can even be taken of information publicly posted on a party’s Web site, if its authenticity is not disputed.6
Some forms of Internet evidence, particularly those on official or government sites, are self-authenticating. Rule 902, also taken verbatim in nearly all parts from FRE 902, governs self-authentication of evidence. One of the sections of this rule most frequently utilized in the authentication of Internet evidence under the FRE is subsection (5), relating to official publications in the form of “[b]ooks, pamphlets, or other publications purporting to be issued by public authority.” Ill.R.Evid. 902(5) (2011). Therefore, in a case standing for this point, the Southern District of Ohio found that FTC press releases printed off the FTC’s worldwide Web page and attached to Defendant’s Motion for Summary Judgment were self-authenticating official publications under FRE 902(5) and did not require an affidavit to authenticate.7
Finally, some forms of Internet evidence cannot be authenticated without a certification from the site’s Web master. This is governed by Illinois Rule of Evidence 902-11, Certified Records of Regularly Conducted Activity, which is substantively the same as FRE 902-11.
Ill.R.Evid. 902-11 permits an original or duplicate record of regularly conducted activity to be admitted if accompanied by written certification of the custodian (in this case, the site Web master) that: (1) the record was made at or close to the time of occurrence of the matters set forth by, or from information conveyed by, a person with knowledge of those matters; (2) was kept in the course of regularly conducted activity; and (3) was made by that regularly conducted activity as a regular practice. Ill.R.Evid. 902-11 (2011). It is no longer necessary to get business records testimony of such a person under Rule 902-11; this can be done by affidavit or deposition.
Proof and Rebuttal of Authentication
To sufficiently authenticate Internet evidence posted by the site’s owner, three things need to be shown, and any witness can testify to these: (1) what was actually on the site; (2) that the exhibit fairly and accurately reflects what was actually on the site; and (3) that it is fairly attributed to the site’s owner. Testimony merely needs to set forth with foundation that the witness typed in the Uniform Resource Locator (URL), logged on, received what was on the site, and printed out or otherwise captured in the exhibit, which fairly and accurately reflects what the witness saw.8
If this prima facie burden of proof is met by the proponent, the burden then shifts to the opponent to pierce the proponent’s showing of authenticity. Therefore, the Seventh Circuit found, for example, that a terrorism expert’s reliance on the assumption that the postings on certain Web sites at issue in the murder of the decedent were actually attributable to the terrorist organization Hamas absent proof of such authorship was untrustworthy.9 The Court concluded that the postings could not reasonably and reliably be attributed to Hamas.10
Naturally, the ideal way for a court to verify the trustworthiness of the evidence proffered is for the court to go online itself and view the Web site posting in question, if it is still posted. If that is no longer possible, the other factors an opponent may raise and which the Court will generally consider as to trustworthiness are:
• The duration for which the data was posted on the site: the longer the better;
• Whether others reported seeing the data;
• If the data is of the type ordinarily posted on that type of Web site, such as financial reporting or information about the company;
• If the site’s owner has published the same data in whole or in part elsewhere;
• If others have published the same data elsewhere; and
• If others have posted the same data elsewhere citing the Web site as the source.
A genuine issue of trustworthiness can also be established circumstantially. For example, where the plaintiff in a claim of employment discrimination was highly skilled in the operation of computers, the 7th Circuit found that she needed to establish that the alleged racist Web postings in question for which a white supremacist group claimed credit were actually posted by the group and not merely slipped onto the site by the plaintiff herself.11
Chat Room/Twitter Evidence
As already set forth above, chat room evidence has been authenticated and found admissible even in criminal proceedings, but verification that the evidence or exhibit is fairly attributable to the person to whom it is attempted to be attributed is required. An elevated standard of trustworthiness applies here because the information sought in chats is data posted not by owners of the Web site or chat room but by third parties.
Obviously, the strongest indicia of reliability inheres in data taken directly off the person’s hard drive, but courts give credence to other evidentiary facts and sources, including:
• Evidence that the individual to whom the chat or transcript is attributed used the screen name in question when participating in the chat or in other chats;
• Evidence that, when a meeting was arranged with the person using the screen name in question, the individual in question showed up;
• Evidence that the individual was in possession of information given to the person to whom the screen name was attributed (such as contact information of someone posing as a chat room participant in a sting operation); and
• Evidence that the person using the screen name identified her/himself as that individual in chats or elsewhere, especially if such identification is coupled with information specific to that person, such as home or e-mail address, or phone number.
A particular Web site may have replaced the Web page that is the subject of litigation months or even years before the lawsuit was brought with a new one, or the same page exists, but the postings have changed. The obsolete posting or same page at issue can still be authenticated and admitted into evidence, but a certification from the Web site’s archive administrator or employee is required to get it in.
Internet archive services provide snapshots of Web pages across various points in time, and, inasmuch as those services accurately capture and store copies of those Web pages in the ordinary course of business, those snapshots are admissible as business records if certified by an archive administrator or employee pursuant to Rule 902-11.12 In some cases the retrieval process may be purely automated, requiring further certification that said automated process is relied upon in the course of ordinary business and produces reliable results.
A final cautionary note needs to be added here as to such certification and the use of affidavits for authentication in general, especially as much of the legal precedence cited in this article arises out of criminal law. Under the landmark 2004 Crawford v. Washington United States Supreme Court ruling and the substantial Confrontation Clause jurisprudence which has evolved in its wake, a criminal defendant’s 6th Amendment right to confront his accusers bars the testimony of a witness when it is offered for the truth of the matter asserted and presented without the witness appearing at trial.13 If the witness is unavailable for trial, the defendant must have had an opportunity to cross-examine the witness.14
In 2009 the Supreme Court held that the certificates of state laboratory analysts in affidavit form and sworn to by a notary confirming that the substance taken from the convicted defendant was cocaine were testimonial and violated the defendant’s Sixth Amendment rights.15 The majority rejected the State’s argument that the certificates were admissible as business records, citing as its rationale that regularly conducted business activity for the purpose of producing evidence for use at trial is inadmissible.16 The Court noted that business and public records are usually admissible absent confrontation not because they are exceptions to hearsay but because they are generated merely for the “administration of an entity’s affairs” and not in anticipation of litigation, and therefore cannot qualify as testimonial.17
In Melendez-Diaz, the certificates of analysis were created in the ordinary course of business, but that business was the preparation of evidence for trial. Here, the snapshots taken by an archive service of a Web page across various times in the past are purely administrative, and not in anticipation of litigation. On these terms, such evidence should clear the Crawford hurdle, but those proffering these types of certifications and records in criminal proceedings should be mindful of these arguments and the trends afoot in this area of the law. Since Melendez-Diaz such arguments to strike certifications based on Crawford will no doubt be more commonplace.
The new Illinois Rules of Evidence closely follow the federal rules both substantively and procedurally in the area of authentication of evidence and, specifically, Internet evidence. Increasingly, diverse forms of Internet evidence can be taken judicial notice of or are self-authenticating, greatly simplifying their admissibility. Where the owner of a Web site can be shown to have either posted the data or adopted the data posted by others, the evidence will generally be admissible. In the case of third-party postings as in chat rooms, so long as the data can be fairly attributed to the person identified by the screen name, the evidence will generally be admissible. In instances where the data no longer exists on the Web site, authentication may still be achieved by certification from the site’s archive administrator. The fact that some forms of Internet evidence are admissible in criminal matters bodes well for their admissibility in civil proceedings as well. ■