Build Relationships.
Litigate Wisely.

The Admissibility of Electronically Stored Evidence

On Behalf of | Nov 20, 2020 | Electronic Discovery

THE ADMISSIBILITY OF ELECTRONICALLY STORED INFORMATION
UNDER THE FEDERAL RULES OF EVIDENCE

Timothy D. Edwards
Edwards Law Group LLC

In the past twelve years, the legal community has generated hundreds of articles and judicial decisions regarding the discovery of electronically stored information (“ESI”). Only recently, there has been an increased focus on the admissibility of the ESI, which can pose unique and difficult challenges. This article will provide a general framework for the admissibility of ESI under the Federal Rules of Evidence by addressing threshold questions of relevancy, authenticity and the application of the hearsay doctrine to computer systems.

As a preliminary matter, the Federal Rules of Evidence apply to “electronically stored information” as they do to other types of evidence. FRE Rule 101(b)(6) provides that “a reference to any kind of written material or any other medium includes electronically stored information.” In addressing the authenticity of ESI, it is up to the court to make the preliminary decision on admissibility. The ultimate question as to the weight of the evidence, including its authenticity, is a question of fact, and up to the trier of fact to decide. In making its preliminary determination under Rule 104(a), the court is not bound by the Federal Rules of Evidence except those relating to privilege.

The admissibility of ESI is not governed by special rules. Instead, the admissibility of ESI is governed by existing evidentiary rules whose application will vary based upon the unique qualities of the information in question. These unique qualities can generate different foundational requirements for the admissibility of ESI through the application of existing rules of evidence.

The first step in understanding the admissibility of ESI requires a comparison of ESI to traditional paper documents. Years ago, the law looked to the “original” document, or a copy of that document, for proof of authenticity and, most case, admissibility. Unlike paper documents, which are defined by a permanent object, ESI is usually a collection of information that can be freely rearranged by different computer applications. These applications do not always contain complete or accurate information about earlier modifications or previous states of the information in question. This raises a critical distinction between ESI and paper documents for purposes of authentication: absent a physical object, such as a signed contract, the reliability of ESI depends on the examination of pure information, the integrity of the system in which it is stored, and the purpose for which it is offered.

Absent proof of fraud, courts traditionally accept paper documents once the basic foundational requirements for authentication have been met. This assumption does not necessarily apply to ESI because ESI is produced by systems that do not always contain information about previous versions of the author or the data, including reliable metadata. Because ESI is editable it is difficult, if not impossible, to determine whether ESI is what the proponent offers it to be. Systems edit documents routinely, as do humans, leaving no way to trace these changes, or completely verify whether a document is “original” in traditional terms. Absent proof of an “original,” the authentication of ESI will necessarily depend on other evidence, including circumstantial evidence that invites inferences about the reliability of the information and the integrity of the system that it came from.

The untestability of ESI presents challenging evidentiary problems. Instead of asking whether the information is in its original state, the proponent of ESI will necessarily focus on the process, or system’s integrity, to support a finding that the information has been maintained or preserved in its original state or some modification thereof. This requires consideration of the following evidentiary issues that typically surface when electronically stored information is offered into evidence: (1) relevance, (2) authenticity, (3) hearsay issues, (4) whether the best evidence rule applies, and (5) whether the probative value of the ESI is outweighed by considerations of unfair prejudice. Preliminary questions regarding the admissibility of electronically stored evidence, such as relevance, prejudicial impact, hearsay and authenticity, are governed by Rule 104 of the Federal Rules of Evidence.

I. Authenticity

Evidence must be authenticated before it is admitted. To meet this standard, the proponent of the evidence must introduce evidence sufficient to support a finding that it is what the proponent claims it to be. “Authentication and identification represent a special aspect of relevancy . . . This requirement of showing authenticity or identity falls into the category of relevancy dependent upon the fulfillment of a condition of fact and is governed by the procedure set forth in Rule 104(b), Fed. R. Evid. This is commonly referred to as “laying a foundation.” To authenticate a document, its proponent must establish that the document is what it purports to be, and that there is a relationship between the document, and individual, and the issues of the case.

With ESI this hurdle appears to be insurmountable, as ESI can change over time without detection unless specific precautions are used. As a result, it is difficult, if not impossible, to literally “authenticate” an ESI document as an “original” with the same level of comfort one would have with a traditional, paper counterpart. The standard for authentication of ESI must take these factors into account by adopting a different test, with the same rule, which assures that the purported document is what its proponent says it is.

Thankfully, this test is not as difficult to satisfy as one might think. To authenticate ESI, its proponent must establish sufficient to support a finding that it has not been changed since it was originally created. Instead of focusing on whether the document is the “original,” this requires an inquiry into the reliability of the system that created the document and an analysis of circumstantial evidence, such as comparisons and other safeguards used to preserve the integrity of the information. Here, authenticity is defined by the integrity of the data, which supports a finding that the object has remained whole, or has stayed the same, since its creation.

There are various methods for testing the integrity of ESI. First, the proponent of the ESI can compare challenged information with information that is trusted, or has integrity. Circumstantial evidence of similarity between two sets of ESI can allow for an inference of integrity under the correct circumstances. Some computer users insure integrity by controlling when, and if, the information is edited (i.e., through “read only” applications). Finally, “HASH” techniques and encryption can be employed to preserve and test the integrity of information in a very reliable fashion. Of course, the integrity of information that is produced by these systems will depend on the integrity of the systems themselves. If they are modified or altered, the inference of integrity does not follow.

Understanding the difference between ESI and paper documents is only the first step in establishing the authenticity of ESI. Originality, now replaced with the principle of integrity, is no longer the starting point for assessing the authenticity of ESI. Instead, the proponent of the evidence must provide sufficient evidence to support a finding that the proposed ESI has not been changed since its original creation.

This can be done through direct or circumstantial evidence. Direct evidence would be testimony from the author of an e-mail who created the record. Circumstantial evidence would include a variety of information that raises a reasonable inference of authenticity, including metadata, hash values, encryption, time stamps or a proper chain of custody. As a reference point, Rule 901 provides a non-exclusive list identifying how extrinsic evidence can demonstrate authenticity that applies directly to ESI:

A. Authentication Through Extrinsic Evidence.

i. Testimony of witness with knowledge

ESI evidence can be authenticated through “[t]estimony of a witness with knowledge that a matter is what it is claimed to be.” To satisify this standard, the witness must provide testimony that tends to establish the integrity of the document, i.e., that it has not been changed since its creation. For example, the witness can testify about the process by which the electronically stored information is created, acquired, maintained, and preserved without alteration or change, and the safeguards taken to preserve the authenticity of the information during the production phase. The witness need not have personal knowledge of the particular exhibit, so long as he or she has personal knowledge of how that exhibit is routinely made and why there is sufficient evidence to support a finding of integrity.

ii. Comparison by trier or expert witness

Under this rule, the proponent of the electronic evidence may provide testimony that compares the evidence with specimens that have previously been authenticated. This rule allows either expert opinion testimony to authenticate a questioned document by comparing it to one known to be authentic, or by permitting the fact finder to do so. E-mails, for example, can be authenticated under this test. Once a similar email has been authenticated and admitted, either through another evidentiary rule or by judicial notice, that email can be used as the basis for comparison, and a strong inference that the proposed email has not been changed since its creation.

iii. Distinctive characteristics and the like

This rule is the most frequently used to authenticate email. It provides that evidence can be authenticated through its “[a]ppearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.” Distinctive characteristics in an email, such as the e-mail address or screen name of the person, help authenticate such evidence.

Further, “hash values” or “metadata” may be used to authenticate ESI. A hash value is a “unique numerical identifier that can be assigned to a file, a group of files, or a portion of a file, based on a standard mathematical algorithm applied to the characteristics of the data set.” This trait is used to guarantee the authenticity of an original data set and “can be used as a digital equivalent of the Bates stamp used in paper document production.” Other methods, such as encryption, or the use of digital signatures, can also establish the integrity of ESI.

iv. Public records or reports

Under this rule, extrinsic evidence can be used to authenticate documents where the evidence was “authorized by law to be recorded or filed and in fact recorded or filed in a public office, or a purported public record, report, statement, or data compilation, in any form, is from the public office where items of this nature are kept.” The proponent of the evidence needs to show that the office from which the records were taken is the legal custodian of records. This can be accomplished through testimony of an officer authorized to testify to the custodianship or through a certificate of authenticity from the public office. This test can be used to authenticate records such as, tax returns, military records, social security records, government agencies records, data compilations, which may include computer stored records.

v. Ancient documents or data compilations

This test permits authentication of documents if the evidence “[i]s in a condition that creates no suspicion concerning its authenticity; [w]as in a place where it, if authentic, would likely be; and [h]as been in existence 20 years or more at the time it is offered.” While this test may not apply now given its 20 year timeframe, it is important to note given its relation to the hearsay rule. If an ESI exhibit has been in existence for over 20 years, under Rule 901(8), such evidence can be authenticated. This method of authentication can qualify the exhibit under a corresponding hearsay exception, so that the exhibit may then be admitted for the truth of its contents.

Self-Authentication

The Federal Rules of Evidence also permit proponents of evidence to use self-authentication to admit evidence. While there are several categories that provide an efficient method for authenticating evidence, three are particularly relevant in the ESI context:

i. Official publications

“Books, pamphlets or other publications purporting to be issued by public authority” are self authenticating under Rule 902 of the Federal Rules of Evidence. Thus, an e-mail, newsletter, or website published by a public authority can be self-authenticating.

ii. Trade inscriptions and the like

Evidence may be authenticated by “[i]nscriptions, signs, tags or labels purporting to have been affixed in the course of business and indicating ownership, control or origin.” Many business or trade communications, such as e-mails, contain information showing the origin of the transmission and identify the company. Such indicators may be sufficient to authenticate an e mail.

iii. Certified domestic records of regularly conducted activity

Rule 902(11) provides a method of self-authentication for records of regularly conducted activity. This rule mirrors the requirements of the business records hearsay exception to the hearsay rule. The authentication rule states that extrinsic evidence of authenticity is not required if the evidence is an “original or a duplicate of a domestic record of regularly conducted activity that would be admissible under [the business record hearsay exception] if accompanied by a written certification of its custodian or other qualified person.” The proponent must demonstrate that the person is familiar with and can certify “that the record was kept in the course of the regularly conducted activity” and “that the record was made of the regularly conducted activity as a regular practice.”

This method of self-authentication is important to ESI since most business records are now stored in electronic format. And, authenticating evidence in this manner may also admit the evidence for its truth because it qualifies under the business records exception to the hearsay rule. To support the admissibility of ESI under the business records exception, the proponent should demonstrate that the information was kept pursuant to regularly conducted business activity that would satisfy the business records to the hearsay rule and that the “business activity” in question insured the integrity of the information.

A. Hearsay

After the proponent of ESI establishes that the evidence is relevant and authentic, the proposed evidence must overcome any hearsay objections. With ESI, the main issue is whether electronic documents and writings constitute “statements” by a declarant within the meaning of Rule 801(a), Fed. R. Evid. A statement is “an oral or written assertion or … nonverbal conduct of a person, if it is intended by the person as an assertion.” Hearsay is a “statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted.” A declarant is a “person who makes a statement.”

The application of the hearsay rule to ESI depends on whether the information a “person” has made the statement, i.e. whether the information is computer generated or “computer stored” (i.e., input by a person into the system). Often, computers generate metada that includes assertions. They also create “data sets” (i.e., information from a computer generated analysis), such as a breathalyzer result, results from a speed detection device, or information on an ATM receipt. While court are split as to whether computer generated information is hearsay, it is difficult to ignore the fact that a computer system often makes “statements” that could be offered to “prove the truth of the matter asserted.” Despite any ambivalence about whether ESI is “hearsay,” there is no doubt that computer stored information includes statements by people and systems that invite various exceptions to the hearsay rule if it is, in fact, applied. In the context of ESI, there are several exceptions that can be used to admit such evidence.

i. Present sense impression

This hearsay exception applies for a “statement describing or explaining an event or condition made while the declarant was perceiving the event or condition, or immediately thereafter.” Such statements are an exception to the hearsay rule because given the contemporaneous nature of the statement concerning the event; the dangers of a poor memory are minimized.

As it relates to ESI, this exception applies to statements made in emails or other human generated computer records. Even though such statements are in electronic form, the present sense impression exception applies the same way as traditional, hard copy formats. Further, social networking messages or posts may also qualify under this exception.

ii. Excited utterance

These statements relate to “a startling event or condition made while the declarant was under the stress of excitement caused by the event or condition.” Like the present sense impression, such statements are considered trustworthy because statements made in an excited emotional state reduces the possibility of inaccurate statements. Therefore, electronic communications, such as e mails and social media postings can all be excited utterances as long as they were created under the stress of excitement caused by an event or condition.

iii. Then existing state of mind or condition

Similar to the previous two exceptions, statements “describing or explaining an event or condition made while the declarant was perceiving the event or condition, or immediately thereafter” are admissible based upon the contemporaneous nature of the statements. And, like the previous two exceptions, e-mails and social media postings contain considerable amounts of these statements and are good examples for this exception.

iv. Business records

This hearsay exception is often discussed in conjunction with the authentication of certified domestic records of regularly conducted activity pursuant. These records include “memorand[a], report[s], record[s], or data compilation[s], in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge.” The records must be generated in “the course of a regularly conducted activity, as shown by the testimony of the custodian or other qualified witness.” E-mails and computer generated records and documents may qualify under the business records exception, provided that they meet these requirements.

D. The Best Evidence Rule

After the proponent establishes that the evidence is relevant, authentic, and not hearsay, she still must overcome the best evidence rule. Under this rule, “[t]o prove the content of a writing, recording or photograph, the original writing, recording or photograph is required.” For electronically stored information, “original” means any printout—or other output readable by sight—if it accurately reflects the information.” This principle is confirmed by case law that consistently recognizes that “so long as it accurately reflects the data,” printout or duplicate copies of electronic evidence are admissible.

Proving that the document “accurately reflects the data” can be quite difficult given the malleable nature of ESI and the limited information provided by a mere copy of the most recent version. To overcome this obstacle, the proponent must establish that the information, or data, has not changed since it was first created. Absent such proof, the document does not “accurately reflect the data” that gave rise to its creation. Of course, these problems do not apply if the proponent of the evidence is only trying to establish that the proposed information is the most recent version of the document in question.

III. Conclusion

Electronic evidence poses interesting evidentiary challenges. Traditional rule applications such as relevancy and probative value apply to ESI just as they would if the evidence were in traditional, hard copy form. However, it is often difficult to authenticate ESI because of its dynamic and ever-changing format, requiring a new analysis that focuses on the reliability, or integrity, of the information instead of its originality. Once authenticated, the proponent of the ESI must determine whether computer stored information raises hearsay problems and, if so, whether an exception to the hearsay rule will allow the evidence to be admitted. Finally, the proponent of the evidence must satisfy the best evidence rule by showing that the document in question accurately reflects the “data,” which is established by showing that the information in the document has not changed since its creation. If these evidentiary foundations are overcome, the ESI should be admitted and the jury should decide its weight.