Monday, August 15, 2011

Assault, Emails and Authentication

As I’ve explained in other posts, to introduce evidence at trial, the prosecutor or defense attorney must “authenticate” the evidence, i.e., must show that it is what it purports to be.

The authentication of emails was the issue in Robert Eleck’s appeal from his conviction for assault in the first degree by means of a dangerous instrument in violation of Connecticut General Statutes § 53a59. State v. Eleck, __ A.3d __, 2011 WL 3278663 (Connecticut Court of Appeals 2011). This is how the Court of Appeals summarized the facts that led to his conviction:

[Eleck] attended a party . . . in Norwalk in the early morning hours of December 9, 2007. All of the approximately twenty teens and young adults who attended were consuming alcoholic beverages, and many were intoxicated. While inside the house, [he] was involved in at least two verbal confrontations with one guest, Matthew Peacock. [Eleck] also conversed on several occasions with another guest, Simone Judway.

Shortly after 2:30 a.m., outside the house, [Eleck] and Peacock engaged in a physical altercation that included punching and grappling. Three other guests, including Zachary Finch, joined the fight to help Peacock. When the combatants were separated, both Peacock and Finch discovered that they had suffered stab wounds.

State v. Eleck, supra.

Eleck was charged with assault in the first degree, as noted above, went to trial, was convicted of assaulting Peacock and acquitted of assaulting Finch and sentenced to “the mandatory minimum sentence of five years incarceration”. State v. Eleck, supra.

On appeal, he claimed the trial judge erred “in excluding from evidence a printout from his Facebook account documenting electronic messages purportedly sent to him by Judway from her Facebook account.” State v. Eleck, supra. This is how that evidence was (allegedly) relevant to an issue in his trial:

As a witness for the state, Judway [testified] that, prior to the physical altercation, [Eleck] told her that `if anyone messes with me tonight, I am going to stab them.’ . . . [D]uring cross-examination, defense counsel sought to impeach Judway's credibility by asking whether she had spoken with [Eleck] since the incident.

She [said] she had seen [him] in public but had not spoken to him in person, by telephone or by computer. Defense counsel then showed Judway a printout purporting to show an exchange of electronic messages between [Eleck’s] Facebook account and another account under the user name `Simone Danielle.

Judway identified the user name as her own, but denied sending the messages to [Eleck.] She [said] someone had `hacked’ her Facebook account and changed her password `two [to] three weeks’ ago such that she had been unable to access it subsequently.

State v. Eleck, supra.

The next day, when Eleck was testifying, his lawyer offered into evidence Eleck’s

Facebook printout containing messages purportedly from Judway. The state objected on the grounds that the authorship of the messages could not be authenticated. . . . [T]o authenticate the document, [Eleck] testified that he downloaded and printed the exchange of messages directly from his own computer.

He also [said] he recognized the user name, `Simone Danielle,’ as belonging to Judway because she had added him as a Facebook `friend’ a short time before he received the message. He testified that the `Simone Danielle’ profile contained photographs and other entries identifying Judway as the holder of that account.

Finally, he testified that when he logged in to his Facebook account after the previous day's testimony, user `Simone Danielle’ had removed him from her list of Facebook `friends.’ [Eleck’s] counsel argued that based on this testimony and Judway's identification of her user name, there was a sufficient foundation to admit the document for the jury's consideration.

State v. Eleck, supra. The trial judge sustained the prosecution’s objection on the basis that Eleck hadn’t authenticated the messages, i.e., hadn’t shown Judway wrote them. State v. Eleck, supra. Eleck challenged that ruling on appeal. State v. Eleck, supra.

The Court of Appeals began its analysis of the issue by explaining that § 9-1(a) of the Connecticut Code of Evidence provides that the

`requirement of authentication as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the offered evidence is what its proponent claims it to be.’

Where documents are not self-authenticating, the prima facie showing of authenticity may be made in a variety of ways including, but not limited to, the following: `(1) A witness with personal knowledge may testify that the offered evidence is what its proponent claims it to be. . . . (3) The trier of fact or an expert witness can authenticate a contested item of evidence by comparing it with preauthenticated specimens. . . . (4) The distinctive characteristics of an object, writing or other communication, when considered in conjunction with the surrounding circumstances, may provide sufficient circumstantial evidence of authenticity.’

State v. Eleck, supra.

In considering the issue, the court noted that it hadn’t found any Connecticut appellate court decisions directly on point, but had found relevant cases from federal courts and from other states. State v. Eleck, supra. It noted that electronic communications raise difficult authentication issues, since

a Facebook message, an e-mail or a cell phone text message, could be generated by someone other than the named sender. This is true even with respect to accounts requiring a unique user name and password, given that account holders frequently remain logged in to their accounts while leaving their computers and cell phones unattended.

Additionally, passwords and website security are subject to compromise by hackers. Consequently, proving only that a message came from a particular account, without further authenticating evidence, has been held to be inadequate proof of authorship.

State v. Eleck, supra. The court found that while electronic communications can present distinctive issues, they can “may continue to be authenticated by traditional means such as the direct testimony of the purported author or circumstantial evidence of `distinctive characteristics’ in the document that identify the author.” State v. Eleck, supra.

And it noted that in this case, Judway’s testimony contradicted what Eleck said about the messages in question, especially since she “denied their authorship” and suggested

she could not have authored the messages because the account had been `hacked.’ Although this suggestion is dubious under the facts at hand, given that the messages were sent before the alleged hacking of the account took place, Judway's testimony highlights the general lack of security of the medium and raises an issue as to whether a third party may have sent the messages via Judway's account.

Consequently, we agree with the trial court that the fact that Judway held and managed the account did not provide a sufficient foundation for admitting the printout. . . .

State v. Eleck, supra.

Eleck also argued that the “content of the messages identified Judway as the author”, noting that when he sent “the message asking `why would you wanna talk to me,’ the other party replied, `The past is the past.’” State v. Eleck, supra. Eleck claimed this “indicated that the author knew of the criminal case and, therefore, must have been Judway”, but the court did not agree. State v. Eleck, supra. “[T]his exchange could have been generated by any person using Judway's account as it does not reflect distinct information that only Judway would have possessed regarding [Eleck] or the character of their relationship.” State v. Eleck, supra.

Finally, Eleck argued that the messages could be authenticated under the reply letter doctrine, which I discussed in a prior post. State v. Eleck, supra. The court noted that under this doctrine,

`letter B is authenticated merely by reference to its content and circumstances suggesting it was in reply to earlier letter A and sent by addressee of letter A. . . . ‘ [Connecticut Code of Evidence] § 9-1(a), commentary (4).

We note, however, that `[t]he mere fact that a letter was sent and a reply received does not automatically authenticate the reply; circumstances must indicate that the reply probably came from the addressee of the letter.’ C. Tait & E. Prescott, Connecticut Evidence (4th Ed.2008) § 9.7, p. 630. . . .

Here, there was a lack of circumstantial evidence to verify the identity of the person with whom [Eleck] was messaging. Consequently, the reply letter doctrine is inapposite.

State v. Eleck, supra.

The Court of Appeals therefore held that the trial judge did not err in refusing to admit the messages on the basis that Eleck had not adequately authenticated them. State v. Eleck, supra. So it upheld Eleck’s conviction, and sentence. State v. Eleck, supra.

1 comment:

Mike said...

Is there a better way to do this ?
There is software that can track social network usage on a particular machine, with access to that machine.
That approach doesn't seem all that practical in this situation though.

Would facebook be able to supply a IP or MAC address for the comment if it were requested through the right channels? I did read of such information being requested, but I am curious about facebook's ability to respond. Do they keep location data ?

--I am not a lawyer or an investigator, just interested.