Applying the rules of evidence to contemporary digital records can present a variety of complications. Admitting some types of evidence, such as government websites, can be straightforward. However, ensuring websites can be admitted can be difficult in many jurisdictions. Further, individual judges may sometimes take idiosyncratic approaches to the admissibility of websites and other forms of digital evidence, especially when they do not personally understand the technology involved. Simplifying the process for establishing the authenticity of websites can be helpful in ensuring that website evidence vital to a case is deemed admissible in court.
All evidence admitted at trial needs to have some measure of reliability. Authentication of evidence is a foundational process where the proponent of the evidence must demonstrate that the digital artifact—be it an email, a file, a social media post, or any other form of electronic data—is what it purports to be. The goal is to assure the court that the evidence has not been tampered with and is a true and accurate representation of the digital facts in question. Expert testimony often plays a key role in this process, as does adherence to accepted forensic procedures and standards. Authentication lays the groundwork for the court to consider admitting the digital evidence for jurors to weigh its relevance and significance to the case.
The same type of authentication must occur for every document. Federal Rule of Evidence 901 specifically requires that the proponent of a document or other item of evidence must produce some indication that the item or document is what the proponent says it is. A party attempting to authenticate evidence can do this in many ways. Below are some examples included within Rule 901.
Rule 901 contains a number of examples, but those examples generally have not kept up with the times. The rule does not address websites, search engine results, videos, or other types of multimedia that are accessible online. As a result, different states and jurisdictions in the United States may treat the authentication of digital evidence with varying degrees of stringency and methodological approaches, influenced by their respective evidentiary laws and precedents. While some adhere closely to the Federal Rules of Evidence, others have developed their own nuanced requirements or case law that interpret authentication standards in distinct ways. For instance, a state might demand more rigorous demonstration of chain of custody or a higher threshold for demonstrating that digital evidence has not been altered, whereas others might be more permissive, especially if the evidence is of a type commonly deemed reliable.
In some jurisdictions, the authenticity of websites may be established by stipulation between the parties. If that occurs, authenticating a website is a very simple process that rarely causes any meaningful controversy at trial. However, not every opposing party is going to be willing to simply allow website evidence into the record without some additional showing of authenticity.
Website authenticity, in its simplest terms, shows that the website is what the proponent says it is—generally, a record of the website as it appeared on a certain date and time––and that it was not altered in any way before its presentation to the court. In some cases, proving authenticity may also require showing who wrote the content or who maintained the website. Planning ahead can be very helpful to ensure that getting a website into evidence is not a problem on the day of trial.
Every jurisdiction treats website authentication slightly differently. For instance, in Griffin v. State, 19 A.3d 415, 423 (Md. 2011), the Maryland Court of Appeals set out that electronic evidence requires “greater scrutiny” because of an increased potential for manipulation by someone other than the person against whom the evidence may be used. In that case, the party was attempting to admit a printout of a MySpace profile as part of their evidence.
Ultimately, the court in that case determined that appropriate authentication had not occurred and did not admit the evidence. As part of its discussion, however, it set out several potential avenues to authenticate websites. Many of these methods can be an option in other cases.
In the case of a personally maintained website, the website owner or moderator may be able to testify to their proprietary usage of the website and that they posted or otherwise shared information personally on the site. Other testimony that might help authenticate the website might include third parties, such as graphic designers, web developers, or digital forensics experts who created, maintained, or accessed the content in question at a specific date and time.
Some websites can also be authenticated using expert testimony from a digital forensics or IT specialist with a strong background in digital forensics and preferably, a history of credible court appearances. These experts conduct a thorough examination of the website's digital artifacts, such as HTML code, metadata, and server logs, while preserving evidence with forensic techniques to ensure data integrity and a documented chain of custody. An analysis is performed to verify authenticity, looking for signs of tampering and tracing content origins, culminating in a comprehensive report and court testimony. The expert must clearly convey complex information for the court's understanding, withstand cross-examination, and ensure that their methods adhere to legal evidence standards. The goal of this testimony is to assure the court of the website's genuineness, facilitating informed decisions about its evidential value.
Rule 901 permits some evidence to be authenticated because of its distinctive characteristics or circumstantial evidence. This authentication method is fact-specific to each case, and may sometimes present difficulties because the nature of circumstantial evidence is that it is typically considered to be less reliable than direct evidence.
In In re F.P., 878 A.2d 91, the Superior Court of Pennsylvania found that circumstantial evidence was enough to show that electronic but printed messages were authentic. The court’s opinion points to the fact that the user identified himself in the messages, identified the screen name used, and addressed the very specific accusation related to the case.
Before 2017, FRE 901(b) (9) required extrinsic evidence for websites, such as the testimony of a live witness describing the “process or system” and how “it produces an accurate result.” However, following FRE 902’s amendment in 2017, an electronic record as shown by certification of a qualified person is considered self-authenticating. In other words, an in-person testimonial of an expert witness is no longer required if the written certification encompasses all details that the expert would share if they were testifying in person.
Today, many government offices and agencies maintain online databases of information. These websites are often easier to authenticate because there is an inherent trust in public databases and documents. In some jurisdictions, the proponent of the evidence will only need to obtain a certificate of authenticity from the public office to appropriately authenticate a specific page on the public website. In other jurisdictions, the information may be self-authenticating simply because it came from an official government website.
Page Vault Meets Authentication Requirements
Page Vault's unique web capture software is distinguished in the legal market as it aligns seamlessly with the Federal Rules of Evidence. Unlike other solutions, Page Vault's patented technology captures content via its remote browser, securely storing it in a way that users cannot modify. This ensures the digital evidence's integrity and allows Page Vault, particularly its Chief Technology Officer, to serve as the "qualified person" for providing affidavits certifying a capture's authenticity. As a result, Page Vault is the sole software on the market that both meets the authenticity and admissibility criteria set by federal standards and alleviates legal teams from the certification burden.