Proposed amendments to Federal Rule of Evidence 902 are scheduled to take effect on Dec. 1, 2017. The new rules aim to streamline the admission of electronic evidence to court proceedings. The new rules 902(13) and (14) replace in-person testimony to establish electronic evidence authenticity with a written certification. Under the current version of Rule 902, certain types of documents are already considered self-authenticating and require no evidence of authenticity to be admissible at trial. Examples of self-authenticating documents include government documents, certified copies of public records, newspapers, and certified business records. The new amendments to Rule 902 will permit authentication of electronic evidence by an affidavit of a “qualified person” who can certify in writing that the document was obtained within the requirements of Rule 902(11) and (12).
How Can You Tell If Documents Fall Within the Requirements?
Electronically stored information that has been collected from an electronic device such as a computer, USB drive, mobile phone, etc., can be associated to something called a hash value. A file’s hash value is represented by an alphanumeric sequence of characters unique to that file.
A hash value possesses certain properties:
1) Deterministic — meaning a specific input will always result in the same output
2) Has a low probability of “collisions” (i.e., it is statistically unlikely that two unique inputs will result in identical outputs)
3) Is capable of being quickly calculated
4) A small change to an input will result in a significant change in the output.
In practice, the hash of a file is a unique “digital fingerprint”. If the contents of a file have been modified in any manner, its calculated hash value will be completely different from the file’s original calculated hash value. This means that a copy of a file that has been defensibly collected and processed will have an identical hash value to that of the original file, allowing the hash value to serve as the proof of authentication required by Rule 902 and verifying that the document an attorney is submitting as evidence is in fact what s/he says it is. This is one example of a method through which certification can be made. The new rule is flexible in allowing certification through processes other than the comparison of the hash value as well, and also indicates certification will be possible with future identification technology that may come along.
“… [t]his amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original. The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”
Advisory Committee on Rules of Evidence, Fall 2016 Meeting, 308
With these amendments, the Advisory Committee on Rules of Evidence hopes to make it easier to authenticate certain types of electronic data and to eliminate wasted costs and efforts. Forensic technicians will no longer have to be in a courtroom to articulate to a judge why s/he should admit the evidence as authentic. Under the new rules, a party will only have to provide a written certification by a qualified person that describes the process and technical basis for authenticity. As outlined in committee notes, a qualified person is defined as someone who would be able to establish authenticity through testimony at trial. This individual must by definition be an information technology practitioner, as only such a person could be qualified to testify as to how data systems operate and whether information was collected through a reliable “process of digital identification.”
Courts, law enforcement, and corporations should all benefit from the new rules. Clients who hire forensic experts to assist in forensic investigations will no longer have to pay for their travel and in-person testimony. Though there will be charges for the certification, it would seem they would be offset by other cost savings. The hassles of coordinating expert testimony, logistics, etc., also would diminish if not disappear. Law enforcement digital forensic examiners can submit a certification, and stay in the lab working on massive caseloads. Judges will relish this change that speeds up proceedings and clogged dockets with less time spent on authentication testimony.
Keep in mind that the adverse party can still challenge the evidence authenticity or object to it on hearsay, right to confront and other grounds. They will have ample opportunity, as the new rules require a party to give the adverse party reasonable notice of intent to use the electronic evidence before trial. They also must make the record and certification available for inspection and possible challenge.
Preparing for the New Rules
While the rules will go into effect in December, investigative teams can start to prepare now, by first ensuring that the collection methods being used track hash values. As the volume of digital evidence will only continue to grow, collecting and duplicating electronic records in a manner that aids authentication under the amended rules will be even more important. Having forensic technology with reliable hashing for handling collection procedures will significantly reduce the likelihood of costly challenges to electronic evidence being submitted, as well as help to cut down on the need for authentication witnesses at evidentiary hearings or trials.
While using a forensic tool may not be required, it will most definitely eliminate most opportunities for opponents to challenge the authenticity of the ESI. Using forensic tools and certified forensic technicians will bolster the proponent’s “repeatable, defensible” process. Thus providing the maximum credibility to their workflow and ultimately the ESI produced. If forensic processes and professionals are not utilized, some lawyers will undoubtedly use the standard set by FRE 902 as a means to prove a discovery process as unreliable.
Corporate and law enforcement teams should also consider training for staff to obtain or update certifications on forensic techniques. External consultant certifications are also important in establishing credentials to support the newly written certifications to authenticate electronic evidence. So be sure to confirm any outside consultant you retain is certified in the leading forensic solutions.