Electronic evidence presents unique authentication challenges. What are the specific issues for MS Word files?
Judge Grimm on Evidence
On May 4, 2007, Chief U.S. Magistrate Judge Grimm provided a detailed analysis of evidentiary issues associated with electronic evidence.
As Electronic Discovery Law explains, in Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534 (D. Md. 2007), the parties filed cross-motions for summary judgment but failed to comply with the requirement of Rule 56 that they support their motions with admissible evidence. Chief United States Magistrate Judge Paul W. Grimm denied both motions without prejudice to allow resubmission with proper evidentiary support.
In his memorandum opinion, Magistrate Judge Grimm remarks that "considering the significant costs associated with discovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only to have it excluded from evidence or rejected from consideration during summary judgment because the proponent cannot lay a sufficient foundation to get it admitted."
The following discussion uses MS Word documents as an example, but it is applicable to most other documents types.
There are two types of data: document data (words, formatting, etc), and metadata, or data about data. Furthermore, there are two types of metadata: application metadata (title, author, last saved by, etc., even custom fields), and OS metadata (file creation date, file last modified, and more).
To verify the document data together with its metadata, it is possible to compute and record the document's MD5 or SHA signature. Since the application metadata is stored in the file, it too will go into the hash calculation.
For the OS metadata, one can rely on the collection procedure, which hopefully has been done with a validated tool for the best defensibility.
Lacking this, one may go back to the original and use a safe metadata viewer to pull the original OS info (assuming that it has not been modified in the meantime). One can use a tool like Pinpoint Metaviewer to create screenprints for presentation.
For file system metadata one can create a container (such as a zip file) with all the authenticated files together, and compute the signature of the archive. If the files have not been moved or touched or opened, this will preserve the OS metadata.
The signatures thus collected can be used to prove that the evidence has not been tampered with. One can ask the opposing side for the same hashes, and if they agree, there is no argument that both are looking at the same evidence.
To quote from Judge Grimm,
"Authentication also can be accomplished in civil cases by taking advantage of FED. R. CIV. P. 36, which permits a party to request that his or her opponent admit the "genuineness of documents."
If the other side has some doubts about the possible changes in the document, your file hash will prove that both the document and the metadata are intact.
Furthermore, "...at a pretrial conference, pursuant to FED. R. CIV. P. 16(c)(3), a party may request that an opposing party agree to stipulate 'regarding the authenticity of documents,' and the court may take 'appropriate action' regarding that request."
For example, this may be a case where this document has already been under discussion. More generally, once each counsel has exchanged a description of ESI held by a party, one topic for the "meet and confer" can be some form of agreement as to authenticity or at least some stipulation as to what must be done to avoid objections on this basis.
"Similarly, if a party properly makes his or her FED. R. CIV. P. 26(a)(3) pretrial disclosures of documents and exhibits, then the other side has fourteen days in which to file objections. Failure to do so waives all objections other than under Rules 402 or 403, unless the court excuses the waiver for good cause. This means that if the opposing party does not raise authenticity objections within the fourteen days, they are waived."
This is a very important and easier path, since no action is required from the other side.
If the other side produced the document, then, absent special circumstances, this is tantamount to the admission of authenticity.
So far, we have used the FRCP rules. Of course, the arguments are strengthened by proper collection procedure and by availability of hash signature for verification, but strictly speaking these are not required.
The following, more technical, scenarios can use the hashes discussed above:
- Presence of the same document (as authenticated by application hash) as an attachment in email from this custodian;
- Presence of the same document (application hash) on another computer or laptop belonging to the same custodian;
- Presence of the same document (both application and OS hash) in a backup. In this case you will need somebody to testify about the backup procedures.
Note: Legal information is not legal advice. Top8 provides information pertaining to business, compliance, and litigation trends and issues for educational and planning purposes. Top8 and its consultants do not provide legal advice. Readers should consult with competent legal counsel.
The author gratefully acknowledges the editing help and numerous suggestions of Kelvin Rocquemore, Esq., of Trial Solutions.
The author is also thankful to his colleagues at the litsupport discussion group, whose discussions provide him with much inspiration and knowledge.