Court Says Prosecutors Can't Just Assume A MySpace Profile Is Legit
from the why-didn't-they-ask? dept
A murder lawsuit in Maryland involved some evidence from a MySpace profile (allegedly from the defendant's girlfriend, attempting to intimidate witnesses). A police officer went to the profile and printed it out, but prosecutors did nothing else to authenticate that the MySpace profile and the comments on the page were legit and placed by the girlfriend. A lower court said this was fine, but as Venkat Balasubramani discusses, the Maryland Supreme Court has said that just printing out a MySpace profile and showing it to jurors is not enough to prove that the content really came from the person in question. The court even cites the infamous Lori Drew case, in pointing out that it's easy to create fake profiles of people. In the end, the court makes a simple point: if you want to authenticate that a social networking page is from a particular person, there are a number of ways to do so, starting with asking the person in question if it's their website. Stunningly, prosecutors in this case never did that.I have to admit that I'm a bit confused by the dissent on this case, as described by Venkat:
Two dissenting judges accuse the majority of having a case of the "technological heebie-jeebies," and note that the key question is whether a "reasonable juror" could conclude that the evidence in question was authentic. In other cases where the authenticity of a piece of evidence is disputed, the typical practice is to let the jury make the call, unless the court concludes that "no reasonable juror" could find the evidence authentic. The dissenting judges fault the majority for not following the same practice in this case.I don't see how it's a case of technological heebie-jeebies at all. If anything, it's the reverse. It's recognizing that (1) such evidence is easy to fake and (2) there are some very easy steps to authenticate the evidence. In a case such as a murder case, isn't it a reasonable standard to make sure that such evidence is, in fact, authentic?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: court, evidence, myspace profile, social media
Reader Comments
Subscribe: RSS
View by: Time | Thread
Over confidence
[ link to this | view in chronology ]
the "Truth behind the Truth" here...
I don't have the answer to how to fix this, but maybe this is a sign there is an issue somewhere else, at a lower level, within our legal framework. Not, that I'd know where to start to fix it... I'd unfortunately have to leave that up to lawyers... (that could get messy)
[ link to this | view in chronology ]
Is this a wrongful death lawsuit or a criminal murder case ?
Ok, so I read the article and it appears to be a criminal case ..... but wtf is "Circumstantial Authentication" ????
This is unbelievable.
I've heard of circumstantial evidence being used in civil cases, but had thought the bar was much higher in criminal cases. Apparently not. The prosecutor really dropped the ball, good thing the appeals court employs more knowledgeable people.
[ link to this | view in chronology ]
More generally...
Contemporary malware is quite capable of setting up accounts on "social networks" and on freemail providers, and spammers use this capability all the time. It's common knowledge among all sufficiently-clueful security/abuse researchers. That same malware is also capable of manipulating content...so unless prosecutors have a video showing the person entering that content, they have nothing.
[ link to this | view in chronology ]
Re: More generally...
Now, if all that information was available, it is still possible that a very clever criminal set this all up and deleted all evidence on the computer of their manipulations. This is pretty damn hard to do. I know a fair amount about computer forensics but I am not sure I wouldn't miss some detail, somewhere.
[ link to this | view in chronology ]
Re: Re: More generally...
However, in toto, they STILL don't constitute proof. Here's why:
Contemporary malware and rootkits allow a remote attacker to completely control an infected system. They also assist in maintaining that control over a long period of time. (This is of course highly useful to those trying to maintain botnets.) So if the goal is to set someone up, there's really not much of a barrier to establishing a long-term pattern that points at the (former) owner of the computer in question.
So yes, MySpace's logs might show the same IP address (or a set of IP addresses out of the same dynamically-allocated block); the ISPs logs might show the same. But neither of these logs show that the person who allegedly owns the computer was the person sitting at it when those accesses occurred. Moreover, we have hundreds of millions of counterexamples demonstrating systems clearly doing things without the consent of their (former) owners.
Now, you are correct that a forensic examination of the computer might show the presence or absence of malware-- but only "might". Forensic examinations are not always done competently (c.f. the Julie Amero case, where the utterly idiotic fools were involved) and there is always the question of WHEN malware was present.
This is murky ground, technically and legally. Not being an attorney, I can't speak to the latter, but as a security expert I can speak to the former; and what I say is that absent either (a) a confession or (b) a video showing the person typing the content in, that there is no proof. There is only circumstantial evidence that we KNOW is trivial to fake.
[ link to this | view in chronology ]
Re: Re: Re: More generally...
http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-root kits-for-the-government.ars/3
You can defend against bad forensics experts and bad experts in general by getting your own. Society can't give up on prosecuting people because the experts might be incompetent or malevolent. In the Julie Amero case her conviction was overturned.
Any computer evidence, purporting to be a statement from someone, that is admitted as evidence needs to be minimally authenticated so as to count as an exception to the hearsay rule. In this Myspace case that would be tying the source IP address for the posting to a computer most likely used by only that person. Further issues can be brought up by the defense.
[ link to this | view in chronology ]
counterargument
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I am the Law!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The MD Supreme Court rejected this, and the result of their ruling is in essence that the Myspace pages in question don't get admitted into evidence, and the jury never gets to see them or consider whether they are credible evidence or not. A cynic might say that the MSC basically doesn't think jurors are smart enough to assess whether the evidence might have been faked. (I don't think that's a fair assessment of the court's ruling, but I can imagine many legal commentators boiling it down to this.)
I understand (and share!) your interest in encouraging the prosecutors here and in future cases to do a better job of providing evidnece to authenticate digital evidence. But because the upshot here is that jurors won't get an opportunity even to consider digital evidence that seems pretty relevant to the case, I'm somewhat surprised that you're so dismissive of the dissent's concerns, and not more worked up about the fact that a court is ruling to keep digital evidence out of a case.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
It's not digital evidence to provide an unverifiable print out of a digital page.
Unless the page had video or pictures of the defendant committing the crime or describing in explicit detail what was done or to be done and it matched what was done, it's circumstantial and flimsy evidence.
[ link to this | view in chronology ]