Print Bookmark

Friend or Foe: Implications for Preservation and Collection of Social Media and Cloud Evidence Under New Federal Rule of Evidence 902

Pending expected Congressional and U.S. Supreme Court approval, most litigators, e-discovery technology practitioners, and digital forensic experts seem to share the view that the proposed amendments to F.R.E. 902 otherwise set to go into effect December 1, 2017, will serve at least one of their intended purposes, by further promoting a “…just, speedy and inexpensive determination in each matter”, prescribed under Fed. R. Civ. Pro. 1. The practical effects of the new rule seek to update and expand the types of existing items of evidence currently deemed admissible without the need of a witness called to verify these evidentiary items for submission at trial, otherwise known as “self-authenticating” evidentiary items, currently including items such as certified public records, product labels, newspaper articles, or official government agency publications, for example[1].  

Recognizing the electronic nature of a significant volume of evidentiary records typically at issue, the proposed amendments seek to add two sections to existing Fed. R. Evid. 902 to address the treatment of electronic record formats, as follows:

The following items of evidence are self-authenticating; they require no extrinsic evidence of authenticity in order to be admitted:


(13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12).  The proponent must also meet the notice requirements of Rule 902(11).[2]

(14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12).  The proponent must also meet the notice requirements of Rule 902(11).[3]

The combined implications from these new provisions expanding the scope of self-authenticating items are potentially significant. Submission of technical documents such as system registry reports showing network and device history, smartphone software logs detailing GPS coordinates and connections obtained, and potentially most noteworthy, the introduction of an electronic document record’s unique ‘digital fingerprint’, technically known as a “hash value” (currently derived primarily from either MD5 or SHA1 algorithms), will now be admissible, and may even become the standard over time.  In their Note, the Advisory Committee on Evidence also calls attention to their drafting intent so as not to limit the standard to solely the submission of hash values, such that “…the rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”[4]   

So far, this all appears to be largely great news for all concerned, most importantly by our corporate clients that should benefit overall by significantly fewer expert billable hours consumed simply to authenticate a piece of evidence, rather than more substantively analyze or defend a particular evidentiary finding that may be disputed, as forensic collection device patent-holder and digital forensic expert David Greetham succinctly makes the case for in his recent article, “Expert Commentary on the Upcoming Proposed Amendments FRE 902[5].  Moreover, aren’t we now one step closer toward achieving the aspirations of many leading e-discovery jurists who continually advocate ‘making the rules our friends’?

Yes. Unless.  Yes, unless you are a corporation subject to serial litigation and/or regulatory investigations, who, during this nascent period following the first 2006 E-Discovery Amendments to the Federal Rules of Civil Procedure,  still have not developed a set of legal policies, business process procedures and technology solutions and preferred technology provider resources -- all collectively  comprising the practice of information governance, litigation readiness and e-discovery preparedness.  As an e-discovery technology practitioner, those of us bedazzled by the process of manipulating the colorful gems of standard ESI such as email and their native file attachment records, sourced in now well-known storage locations and sources, much less non-standard ESI, such as social media content, or IoT content, will tell you that the process of preserving and collecting this content in a ‘forensically sound manner’ can be very challenging for a multitude of reasons. 

Focusing our lens strictly on social media and cloud content ESI sources (setting aside, for now, the different set of equally challenging potential obstacles presented in mobile device content, such as text messages, voicemail messages, or public email account messages stored on mobile devices), such as Facebook messages or Google Drive exports, let’s consider in the context of the commonly prescribed self-collection approach. This particular population of evidentiary data can take the form of point-in-time screen shot captures, pdf images or even hard-copy paper printouts again following the natural lifecycle of the evidentiary record through production of documents, and admission into evidence at trial, as may be required. By now you are either scratching your head or nodding knowingly.  You may also be saying to yourself as I have been doing, “Whoa, there’s a new Sherriff in town, and her name is Self-Authenticity for ESI!”  My computer/digital forensic engineer colleagues and friends are pumping their fists, declaring “We’ve got this!  We have the subject matter expertise and forensic technology tools to meet these new evidentiary requirements.”  Simply put, most common self-collection methods of evidentiary data from social media and cloud content sources inherently strip the hash value metadata from these electronic records, and once reduced to paper form, they are gone for good. 

This is the point in our journey of scenarios where we return to the ‘yes, unless’ departure point. For litigators, whether outside counsel or in-house counsel, the proposed rule changes may require you to begin having more proactive and robust conversations with your clients and business unit leaders educating them about the importance of following existing information governance, legal hold and related policies and procedures.  Similarly, my fellow technology practitioners may be simultaneously breathing a sigh of relief, while also recognizing the increased need for forensically sound preservation and collection procedures to be used with social media content, in order to both comply and gain the benefit from the value propositions raised by these proposed rule changes.

Fortunately there are both pioneers and reliable innovators on the scene that, at least from our experience, have the subject matter expertise, professional certifications and veteran leadership to perform this work in a defensible, compliant manner. While my role is not to help market or sell a particular provider or expert, highly qualified veteran leaders like David Greetham of Ricoh, KrolLDiscovery, Hanzo, X1, Alcatraz – Actiance, and others, represent the best-of-breed providers with respect to social media and cloud content preservation/collection technologies that should be investigated and evaluated when the need arises.  And if you really want to get to the heart of compliance, typically only achieved through genuine change management at an enterprise level, those of us working in the trenches providing information governance services are also ready and willing to help ensure your smooth transition from foe to friend in taking advantage of the real opportunities soon to become available to corporations under this important rule change.  Please contact Stephanie M. Booher or Joseph M. Callow for more information about KMK’s information governance services.

[1] Fed. R. Evid. 902.

[2] Fed. R. Evid. 902(13) (Proposed Amendment 2016).

[3] Fed. R. Evid. 902(14) (Proposed Amendment 2016).

[4] Fed. R. Evid. 902(14) (Proposed Amendment 2016) – Advisory Committee’s Note to 2016 Amendment.

[5]Expert Commentary on Upcoming Proposed Amendments FRE 902”, by David A. Greetham; Published by ACEDS, News & Press:  ACEDS News, Posted by Mary Mack, Tuesday, April 18, 2017.

KMK Legal Alerts and Blog Posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. Please consult with counsel of your choice regarding any specific questions you may have.


© 2018 Keating Muething & Klekamp PLL. All Rights Reserved


Get Updates by Email


Subscribe to RSS

Recent Posts

Other KMK Blogs