Amendments to Federal Rules of Evidence 803 and 902 will become effective on Dec. 1 and will “govern in all proceedings thereafter commenced and, insofar as just, all proceedings then pending.”
We previously analyzed the changes to the hearsay exception for ancient documents (FRE 803(16)), and here focus on amendments concerning the self-authentication of evidence generated by electronic processes or systems (FRE 902(13)) and self-authentication of data copied from an electronic device, storage medium or file (902(14)). In short:
- The intent of these amendments is to streamline authentication of electronic evidence through pretrial certification processes intended to minimize the need for testimony by a foundation witness.
- A party seeking to take advantage of these procedures must ensure that its processes for preservation, collection, processing and production of electronically stored information (ESI), and for tracking the chain of custody of such information, enables the party to make the certification envisioned by the amendments (a certification that may post-date those actions by months or even years in complex litigation).
- These amendments do not prevent the parties from stipulating to authenticity, even without a certification. Nevertheless, they may incentivize parties to more aggressively challenge authenticity where it is apparent that an opponent is unable to make the pretrial certification envisioned by the amendments.
- These amendments focus on authenticity only, and a proponent of the evidence must still be prepared to overcome other hurdles to admissibility, including hearsay and relevance.
These self-authentication rules were proposed to address the burden of demonstrating authenticity of ESI, which is becoming more and more ubiquitous each year. Indeed, in complex litigation, it is not unexpected to discuss ESI collection volume in the terabytes – a size unknown to most litigators even 10 or 15 years ago. This explosion of data has created a costly problem – and opportunity for gamesmanship – for litigators. Each day in the nation’s courts, litigants introduce ESI as evidence.
This proliferation of ESI results in a potentially expensive authentication problem. If the parties cannot agree that electronically created evidence is authentic, the proponent must bring a witness who is prepared to testify about how the information was generated and the systems that created the evidence. This authentication witness is likely to be someone from an IT department who has no knowledge of the facts in the case. Thus, parties may be forced to spend the time and money to prepare and bring a person to testify at trial who will have no other role in the litigation. And often, at the 11th hour, an opponent simply stipulates to authenticity. The problem is compounded when you imagine the costs to third parties. Imagine if Facebook had to prepare and send a witness to trial every time a Facebook post was used in court.
To eliminate (or at least reduce) the burdens of authenticating electronic data, the Advisory Committee on Evidence proposed two amendments to the self-authentication provisions of FRE 902:
Rule 902. Evidence That Is Self-Authenticating
The following items of evidence are self-authenticating; they require no extrinsic evidence of authenticity in order to be admitted:
* * *
(13) Certified Records Generated by an Electronic Process or System.
A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11).
(14) Certified Data Copied From an Electronic Device, Storage Medium or File.
Data copied from an electronic device, storage medium or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
The Committee’s report explains the rationale for these rules, but in sum eliminates the need for the proponent of the evidence to call a forensic technician (or other sponsoring witness) to testify about his or her background and qualifications, process of conducting a digital forensic examination and more. Instead, authentication now only requires written certification, which will save costs and time. It is imperative to keep in mind that these rules address authenticity only – a proponent of the evidence will still have to overcome relevance, hearsay and other admissibility hurdles. Unlike the proposed abolishment of the ancient document rule, these proposed rules were generally well-received.
When Would These Rules Apply?
The Committee provided numerous real-world examples that show how frequently these new rules could be invoked. For example, Rule 902(13) could be used:
- To prove that a USB device was connected to a computer at a certain time.
- To prove that a server was used to connect to a particular webpage.
- To prove a person was or was not at a particular event by using pictures and other information on a cell phone.
- To prove association and activity between co-conspirators through text messages.
Likewise, Rule 902(14) could be used to authenticate any type of information taken from a smartphone or other data source, including text messages, photographs and other data.
The Technical Details
While these Rules seem straightforward and appear to eliminate a time-consuming aspect of introducing evidence, there are technical details a “certification of a qualified person” must include. For example, in the USB device example above, the Rule 902(13) certification would need to include a description of how the operating system records information in the registry about the connection of external storage devices, the process by which the information recorded produces an accurate result, and how the evidence (presumably a printout of registry information) accurately reflects information stored in the registry.
A certification under Rule 902(14) will be more technical. The Advisory Committee Notes specifically require mention of “hash values” – a phrase likely not in the everyday parlance of many litigators:
Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by “hash value.” A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates. This amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original. The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.
Practical Points for Practitioners
These new authentication rules have the potential to make the use of electronic evidence much smoother at trial. Where a party will not stipulate to authenticity in advance, the time and resources saved could be exponential – no longer will you have to prepare a witness for trial, and there is a real possibility of fewer disputes between opposing parties. That said, it will require those involved in collecting and preserving evidence to have protocols that maintain the information the Rules require in the certification. This offers discovery advocates an opportunity to coordinate with their clients ahead of litigation to establish preservation and collection plans that capture the required data and maintain it in a defensible way.
Of course, those preservation policies cannot stop at the client level – law firms and their vendors will need to coordinate the handoff of data. It is not hard to envision a situation where a client collects information from share drives, sends that information to a law firm for litigation, which then produces the data to the other side without hash value information. Without that information, it will be much more difficult to invoke the self-authentication rule. Further, if those documents are altered in any way (even if just copied and pasted to different mediums), the hash value could change, affecting your ability to self-authenticate.
For many cases where the parties are able to reach agreement with their opponents in advance of trial, these rules may not be invoked. That said, we foresee a presumably unintended effect of the new rules. The new rules may incentivize parties who are able to make the required certification to challenge parties who are not able to do so. Further, the new rules could provide a road map to question the steps taken by an opponent in preserving, collecting, processing and producing ESI.