As part of our continuing coverage of Federal Rule of Evidence 902(14), which goes into effect on Friday December 1, 2017, we will be making available further resources and analysis over the next few weeks in support of this new and important development. To review, FRE 902(14) provides that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed. Instead, such properly collected electronic evidence can be certified through a written declaration by a “qualified person.” This rule will have a significant impact on computer forensics and eDiscovery collection practices. A detailed discussion of Rule 902(14) can be found here.
Today we are providing an example of a Rule 902(14) certification for the authentication of social media evidence collected by X1 Social Discovery. This sample document is for general information purposes only. Your use of this example 902(14) certification is at your own risk, and you should not use this sample documents without first seeking professional legal advice. The provision of this sample document (and the document itself) does not constitute legal advice or opinions of any kind. So with those legal disclaimers, here is the sample 902(14) certification:
Certification under Federal Rule of Evidence 902(14)
(Example Only for demonstration purposes)
I, __________________, hereby declare and certify:
- I am currently a (paralegal) (computer forensic specialist) (electronic discovery specialist) employed by “My Organization” (“My Organization”). My Organization specializes in the discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes and misuse as well as for in support of discovery for civil litigation matters. I am responsible for conducting computer forensic investigations and providing electronic discovery and litigation support.
- I have participated in more than 100 investigations and preservation efforts from social media sites and other Internet websites, and was the lead on approximately 20 of those investigations. These investigations involved finding relevant electronic information in support of internal investigations, civil litigation and criminal matters. In the course of these investigations, I was responsible for performing in-depth analyses and providing documentation and related materials in support of criminal and civil matters for law firms/litigation support consulting firms, (or for law enforcement agencies at the federal and local level)
- I have accumulated extensive experience in the identification, preservation, retrieval, analysis, and documentation of computer-related information, including both data at rest and social media evidence and other internet based electronic evidence in support of computer investigations and ongoing litigation matters.
- I am a licensed user of X1 Social Discovery (“X1”), the leading software used by law firms, law enforcement, government regulatory agencies and litigation support consultants world-wide. X1 Social Discovery is available for purchase by the general public and is generally accepted in the eDiscovery and computer investigation industry. X1 Social Discovery aggregates comprehensive social media content and web-based data into a single user interface, while preserving critical metadata not possible through image capture “screenshot”, or simple computer screen printouts.
- X1 Social Discovery includes an automated function to generate an MD5 “hash value” immediately upon the collection of an item of social media evidence or a webpage. The Committee notes to Federal Rule of Evidence 902(14) define a hash value as follows: “Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value.’ A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates.”
- X1 Discovery, Inc., the software company that develops X1 Social Discovery, makes freely available a separate hash value verification software utility that will recalculate the hash value of an item of electronic evidence that was previously collected by X1 Social Discovery to verify that the evidence has not changed since it was collected by X1. If the “verification” hash value generated by the verification utility is the same as the hash value originally calculated by X1 Social Discovery at the time of the acquisition of the item of electronic evidence, then the identical hash values reliably attest to the fact that the evidence, and any exact duplicates thereof, have not changed.
- I was retained by attorneys for Defendants to provide examination, preservation and analysis of social media evidence in the present case. Pursuant to this request I collected numerous social media evidence from Twitter, Instagram, and Facebook using the X1 Social Discovery software. Attached as Exhibit “A” are the following items of social media evidence:
- A Facebook post that was publicly available on Plaintiff’s Facebook dated July 10, 2017, which was acquired by me on September 3, 2017 at 3:45pm.
- A Twitter post (Tweet) that was publicly available on Acme company’s Twitter feed dated July 13, 2017, which was acquired by me on September 3, 2017 at 3:48pm.
- An Instagram post that was publicly available on Plaintiff’s spouses’ Instagram feed dated July 18, 2017, which was acquired by me on September 3, 2017 at 3:55pm.
- When the items described above were acquired by X1 Social Discovery, the software automatically generated and assigned a hash value based upon the contents of the evidence. This is termed the “acquisition hash.” Using the hash value verification software utility, I recalculated the hash value of the 3 items listed above, on 12/4/17, shortly before I prepared this declaration. The verification hash in all instances were the same as the acquisition hash value, as set forth in the following table:
- The identical hash values reliably attest to the fact that the evidence has not changed.
I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed this _th day of December 2017 in Los Angeles, California.
Signature of Declarant