Court Says Prosecutors Can't Just Assume A MySpace Profile Is Legit

from the why-didn't-they-ask? dept

Wed, May 4th 2011 1:26am — Mike Masnick

A murder lawsuit in Maryland involved some evidence from a MySpace profile (allegedly from the defendant's girlfriend, attempting to intimidate witnesses). A police officer went to the profile and printed it out, but prosecutors did nothing else to authenticate that the MySpace profile and the comments on the page were legit and placed by the girlfriend. A lower court said this was fine, but as Venkat Balasubramani discusses, the Maryland Supreme Court has said that just printing out a MySpace profile and showing it to jurors is not enough to prove that the content really came from the person in question. The court even cites the infamous Lori Drew case, in pointing out that it's easy to create fake profiles of people. In the end, the court makes a simple point: if you want to authenticate that a social networking page is from a particular person, there are a number of ways to do so, starting with asking the person in question if it's their website. Stunningly, prosecutors in this case never did that.

I have to admit that I'm a bit confused by the dissent on this case, as described by Venkat:

Two dissenting judges accuse the majority of having a case of the "technological heebie-jeebies," and note that the key question is whether a "reasonable juror" could conclude that the evidence in question was authentic. In other cases where the authenticity of a piece of evidence is disputed, the typical practice is to let the jury make the call, unless the court concludes that "no reasonable juror" could find the evidence authentic. The dissenting judges fault the majority for not following the same practice in this case.

I don't see how it's a case of technological heebie-jeebies at all. If anything, it's the reverse. It's recognizing that (1) such evidence is easy to fake and (2) there are some very easy steps to authenticate the evidence. In a case such as a murder case, isn't it a reasonable standard to make sure that such evidence is, in fact, authentic?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: court, evidence, myspace profile, social media

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

PW (profile), 4 May 2011 @ 2:09am

Over confidence
I had the exact same reaction you did when I read the dissent from those judges. Understanding the ease with which profiles, even those on Facebook or Linkedin, can be faked, clearly means that the judges in the majority have a depth of understanding. The dissenting judges sound more like people who think they "get it" but really don't ;) Over confident about stuff they really don't understand deeply...those are the scariest type of people.
[ link to this | view in chronology ]
TechnoMage (profile), 4 May 2011 @ 2:15am

the "Truth behind the Truth" here...
Maybe the real issue here is what the one the dissenting judges are showing us, but not realizing that they are. Hence, the "Truth behind the Truth" statement, it might be the truth that this case of potential fraudulent evidence was handled differently than other cases because this case had additional easy(and obvious) steps to take to validate the evidence. However, The "Truth" behind that one, is that perhaps the normal way of allowing jurors to see potentially fraudulent evidence is lacking.

I don't have the answer to how to fix this, but maybe this is a sign there is an issue somewhere else, at a lower level, within our legal framework. Not, that I'd know where to start to fix it... I'd unfortunately have to leave that up to lawyers... (that could get messy)
[ link to this | view in chronology ]
abc gum, 4 May 2011 @ 4:58am

What is a "murder lawsuit" ?
Is this a wrongful death lawsuit or a criminal murder case ?

Ok, so I read the article and it appears to be a criminal case ..... but wtf is "Circumstantial Authentication" ????
This is unbelievable.

I've heard of circumstantial evidence being used in civil cases, but had thought the bar was much higher in criminal cases. Apparently not. The prosecutor really dropped the ball, good thing the appeals court employs more knowledgeable people.
[ link to this | view in chronology ]
Anonymous Coward, 4 May 2011 @ 5:09am

More generally...
...absent a specific admission there's no way to prove that the page belongs to the person in question or -- if it does -- that any content placed there was put there by the person in question.

Contemporary malware is quite capable of setting up accounts on "social networks" and on freemail providers, and spammers use this capability all the time. It's common knowledge among all sufficiently-clueful security/abuse researchers. That same malware is also capable of manipulating content...so unless prosecutors have a video showing the person entering that content, they have nothing.
[ link to this | view in chronology ]
- aldestrawk (profile), 4 May 2011 @ 6:56am
  
  Re: More generally...
  There is a way to show it is very likely, if not beyond a reasonable doubt, that someone's profile was authentic. It takes a lot more than accepting the profile on it's face. Myspace would have to maintain, and still possess. logs showing the time and source IP address for the last couple of profile changes. You would have to subpoena Myspace to get that information. You would have to subpoena the ISP that leased that IP address to locate the computer or router the posting came from. Finally, you would have to be able to conclude that the person in question was the only one with access to that computer and Myspace account at the time in question. Forensic examination of the computer may, or may not, uncover evidence of Myspace access in the browser history. Forensic examination should also include an investigation to determine that the computer in question wasn't infected with malware that allowed remote execution A competent prosecutor would have done all that!
  
  Now, if all that information was available, it is still possible that a very clever criminal set this all up and deleted all evidence on the computer of their manipulations. This is pretty damn hard to do. I know a fair amount about computer forensics but I am not sure I wouldn't miss some detail, somewhere.
  [ link to this | view in chronology ]
  - Anonymous Coward, 4 May 2011 @ 8:30am
    
    Re: Re: More generally...
    You make some good points; certainly all those things should have been done.
    
    However, in toto, they STILL don't constitute proof. Here's why:
    
    Contemporary malware and rootkits allow a remote attacker to completely control an infected system. They also assist in maintaining that control over a long period of time. (This is of course highly useful to those trying to maintain botnets.) So if the goal is to set someone up, there's really not much of a barrier to establishing a long-term pattern that points at the (former) owner of the computer in question.
    
    So yes, MySpace's logs might show the same IP address (or a set of IP addresses out of the same dynamically-allocated block); the ISPs logs might show the same. But neither of these logs show that the person who allegedly owns the computer was the person sitting at it when those accesses occurred. Moreover, we have hundreds of millions of counterexamples demonstrating systems clearly doing things without the consent of their (former) owners.
    
    Now, you are correct that a forensic examination of the computer might show the presence or absence of malware-- but only "might". Forensic examinations are not always done competently (c.f. the Julie Amero case, where the utterly idiotic fools were involved) and there is always the question of WHEN malware was present.
    
    This is murky ground, technically and legally. Not being an attorney, I can't speak to the latter, but as a security expert I can speak to the former; and what I say is that absent either (a) a confession or (b) a video showing the person typing the content in, that there is no proof. There is only circumstantial evidence that we KNOW is trivial to fake.
    [ link to this | view in chronology ]
    - aldestrawk (profile), 4 May 2011 @ 5:47pm
      
      Re: Re: Re: More generally...
      You demonstrate what a friend of mine, who is a DA in Santa Clara County (Silicon Valley), once said to me. He said, that prosecutors look to eliminate software engineers from juries because, for them, no amount of evidence is ever enough (I'm a software engineer). I would never vote to convict someone based solely on a Myspace profile, but I would consider it as additional circumstantial evidence if all the investigation I laid out in my comment had been done to authenticate the profile. The existence of malware, including rootkits, can be discovered by good forensic analysis. Apparently though, HBGary (yes, THAT HBGary!) has developed a super-stealthy rootkit called 12 Monkeys. They are claiming it is undetectable. From the emails that were stolen from them, by Anonymous, they planned on selling it for about $240K. If you have enemies that dedicated towards framing you, there may not be much hope.
      http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-root kits-for-the-government.ars/3
      You can defend against bad forensics experts and bad experts in general by getting your own. Society can't give up on prosecuting people because the experts might be incompetent or malevolent. In the Julie Amero case her conviction was overturned.
      Any computer evidence, purporting to be a statement from someone, that is admitted as evidence needs to be minimally authenticated so as to count as an exception to the hearsay rule. In this Myspace case that would be tying the source IP address for the posting to a computer most likely used by only that person. Further issues can be brought up by the defense.
      [ link to this | view in chronology ]
aldestrawk (profile), 4 May 2011 @ 6:28am

counterargument
Wouldn't this be a valid counterargument to the dissenting judges opinion. Why isn't hearsay allowed if a "reasonable juror" could conclude that the evidence in question was authentic.
[ link to this | view in chronology ]
Pickle Monger (profile), 4 May 2011 @ 7:10am

If it's on the Internet, it must be true...
[ link to this | view in chronology ]
Judge Dredd, 4 May 2011 @ 7:37am

I am the Law!
Just another good reason why judges should be tested every 4 years to see if they understand the issues they will be judging on... if not... good bye!
[ link to this | view in chronology ]
The Groove Tiger (profile), 4 May 2011 @ 8:01am

Then why can't the prosecutor's niece or whatever make a MySpace profile impersonating the defendant admitting "I DID IT", then show it to jurors because, you know, they can make the call if it's fake or not.
[ link to this | view in chronology ]
Anonymous Coward, 4 May 2011 @ 8:03am

Mike - I'm a little surprised by your reaction (your embrace of the majority's opinion and your rejection of the dissent). And I think your reaction may result partly from some confusion about admissibility versus credibility. To be admitted into evidence generally requires getting ove ra very low hurdle - is there a modicum of evidence to believe this thing is what it purports to be? What the lower court did here was to allow the government to introduce a printed out Myspace page which they claimed belonged to a particular person. As the government and dissent noted, after this happened, it would be up to the jury to assess the credibility of the printed out page as evidence. Was this an accurate printout of the account in question, or a forgery by govt agents? Even if it were an accurate printout, might the account have been set up by someone else? Even if the account were create dby the person in question, was she responsible for the statements at issue? Both sides could present evidence on this issue, and challenge the opposing side.

The MD Supreme Court rejected this, and the result of their ruling is in essence that the Myspace pages in question don't get admitted into evidence, and the jury never gets to see them or consider whether they are credible evidence or not. A cynic might say that the MSC basically doesn't think jurors are smart enough to assess whether the evidence might have been faked. (I don't think that's a fair assessment of the court's ruling, but I can imagine many legal commentators boiling it down to this.)

I understand (and share!) your interest in encouraging the prosecutors here and in future cases to do a better job of providing evidnece to authenticate digital evidence. But because the upshot here is that jurors won't get an opportunity even to consider digital evidence that seems pretty relevant to the case, I'm somewhat surprised that you're so dismissive of the dissent's concerns, and not more worked up about the fact that a court is ruling to keep digital evidence out of a case.
[ link to this | view in chronology ]
- Anonymous Coward, 4 May 2011 @ 8:42am
  
  Re:
  But - as a commenter above noted - this is nothing different than heresay, which the courts have never allowed. I mean, why not allow witness statements regarding what someone else said as evidence, then let the jury decide if it's accurate?
  [ link to this | view in chronology ]
- MrWilson, 4 May 2011 @ 8:57am
  
  Re:
  Confirming the authenticity of a print out of a MySpace page is not something a computer forensics expert can do, much less a jury member who is "not a computer person." A computer forensics expert would have to actually look at the site and logs to be able to tell anything about the authenticity of the evidence.
  
  It's not digital evidence to provide an unverifiable print out of a digital page.
  
  Unless the page had video or pictures of the defendant committing the crime or describing in explicit detail what was done or to be done and it matched what was done, it's circumstantial and flimsy evidence.
  [ link to this | view in chronology ]