Today’s data-driven business environment requires businesses and individuals to grapple with managing growing amounts of electronically-stored information (ESI). According to a recent IBM study, 2,500,000 terabytes of data are produced every day, and 90% of the data existing now was produced in the last year. This growing data includes social media posts, website pages and e-commerce pages—all of which can be great sources of relevant content for attorneys to review and save for cases, especially during due diligence and e-discovery.
Until recently, parties looking to submit web evidence into the record of a federal civil case would have needed to present foundation witnesses and other extrinsic evidence to prove the veracity of the documents. As ESI evidence became more prevalent, this requirement only created unnecessary procedural hurdles for parties. These hurdles were further compounded by the fact that opposing parties would resort to stalling tactics to drive up litigation costs. As the Federal Rules of Evidence (FRE) Advisory Committee noted, opponents would often wait until after a party retained a foundation witness to confirm the truth of specific ESI or allow the foundation witness to testify uncontested.
In 2017, the Federal Rules Committee changed this practice by updating FRE 902 to classify certain types of ESI as eligible for self-authentication. This means that under the newly added sections, FRE 902(13) and (902)(14), accurate ESI data produced through electronic processes and verified copies of electronic information stored on devices, storage mediums or files are considered authentic without requiring additional substantiating evidence.
The reasoning behind this is that electronic data can be quickly verified today using hash value matching, a highly-technical process that verifies the integrity and accuracy of any copies made from original ESI sources. This authentication process helps ensure that electronically-doctored evidence remains off the table.
Simply submitting a hash value, however, isn’t enough. Parties need to also submit signed certifications from qualified professionals confirming that they verified the authenticity of the copy through hash value matching or a different vetted method. They also need to issue reasonable written notice to opposing parties about their intention to introduce the ESI and make both the ESI and certification available for opponents to review.
Failing to take these additional steps to ensure your evidence is self-authenticated could keep valuable evidence off the record and torpedo your case. While case law directly addressing FRE 902(13) and (902)(14) is only starting to develop, the Advisory Committee has already warned that ESI accompanied by deficient certifications—or, worse yet, none at all—would not be considered authenticated under FRE 902(13) and (902)(14). Courts have also historically required parties to authenticate ESI collected from privately-owned websites. In McGown v. Silverman & Borenstein, PLLC, for example, the plaintiff tried submitting ESI evidence showing that the defendant described itself as a debt collector on its website in order to establish that it was a debt collector for purposes of her FDCPA claim. The court, however, declined to take judicial notice of this evidence because the plaintiff submitted this evidence without taking the steps required to authenticate it.
This case shows why it is critical to always authenticate your ESI and it is important to take proactive steps now to avoid litigation hurdles down the road. For example, work with partners and tools that specialize in the legal industry and can accurately verify the hash values of the preserved online content.
New technology and services specifically designed for case matters are helping legal professionals around the world in many different practice areas to accomplish just that. Page Vault, the legal industry’s leading provider of web capture solutions, offers in-house software and vendor services to easily capture, preserve and authenticate web content such as webpages, websites, social media, videos, images, and documents.
The technology automatically provides hash values and collects crucial metadata (e.g., server addresses, URLs, IP addresses) often needed during research, requests for production (RFP) and litigation, that further verifies the authenticity of the web content. Page Vault accurately captures online content in a way that preserves the chain of custody and strengthens the admissibility. In addition, they can provide affidavits upon request, as well as testify on behalf of the technology.