TDCAA Community
Facebook Page Authentication

This topic can be found at:
http://tdcaa.infopop.net/eve/forums/a/tpc/f/157098965/m/2691000922

January 11, 2012, 15:28
Taylor_Heaton
Facebook Page Authentication
Does anyone have caselaw that supports a family member, law enforcement officer or other person authenticating a facebook page? Defendant has a facebook page that is "public" and portrays him throwing gang signs and posting information on his wall about smoking marijuana, etc... There are plenty of identifiers (ie, name, date of birth, city he lives in) that indicate that the defendant is the owner/user of the account.

I'm sure that if I sent a subpeona or a search warrant to facebook I could obtain the information I am looking for, and authenticate through a business records affidavit. However, I was wondering if a facebook page is set to "public" (meaning anyone with an account can access it), what is the proper method of authentication?
January 11, 2012, 17:50
Steve14
While the pics might be of the guy, how can you prove that he was the one who posted the messages instead of someone else impersonating him?
January 11, 2012, 20:39
Taylor_Heaton
Like I said there are identifiers on the page that indicate that it is the defendant (name, school, date of birth, pictures of himself). I don't have a witness that actually can say that they saw him make the website or post certain messages but therein lies my question. What does the law say that I need to get this authenticated? If I lay the predicate establishing the defendants name, dob, and other identifiers on the page by other means and then offer a copy of the page that contain those same identifiers, is that enough to get it in evidence?
January 11, 2012, 22:48
Steve14
Try this case: People v. Valdez, __ Cal. Rptr. 3d __, 2011 WL 6275691 (California Court of Appeals 2011). It's a case that was published about two weeks ago. (And, yes, I am a bit of an expert when it comes to internet cases, so I keep up with this stuff.)

It's a case very similar to yours, but involves MySpace posts and pics. One argument on appeal dealt with hearsay issues. In the COA opinion,
quote:
The Court of Appeals found that Valdez's hearsay argument was 'without merit because the trial court did not admit the MySpace material for the truth of any assertion on the page.' People v. Valdez, supra. As noted above, the trial judge admitted the MySpace evidence for 'the limited purpose' of corroborating the victim's statement and providing a foundation for Castillo's testimony. People v. Valdez, supra. The Court of Appeals also noted that Valdez's hearsay argument failed because the MySpace evidence did not

'consist of declarative assertions to be assessed as truthful or untruthful, but rather circumstantial evidence of Valdez's active gang involvement. For example, a reasonable jury would understand its purpose was not to determine whether Valdez and his `Krew' were truly `Most Wanted' by the `Ladiez' in Orange County. Rather, as instructed, the jury was to consider the evidence in deciding what weight, if any, to put in Castillo's opinion testimony.'



People v. Valdez, supra.

http://www.courtinfo.ca.gov/opinions/documents/G041904.PDF


It is very important that I point out, however, that special care must be taken in authenticating printouts of MySpace / Facebook postings because they are subject to alteration and/or fabrication

In the above case, Valdez did not ever say that the posts were not his (or the Some Other Dude Did It defense). So that is an important distinction to keep in mind with your case in case your guy does dispute their legitimacy.

I can make a Facebook page for a man named, oh, let's call him "Scott B." for the sake of this post.

Let's pretend that I know "Scott B." and let us say that I don't like him (maybe he owes me money - who knows). So I make a Facebook or MySpace with his name. If I know him well enough I may even have photos of this make-believe "Scott B." So I make the page, I post the photos, and then, since I know "Scott B." and some of his personal details (schools, age, friends, etc.) I can add those details.

Now let's say that I make a bunch of posts under the "Scott B." profile.

So how do you prove who made the posts / Facebook profile? Our friend, "Scott B." or someone else? I am sure that the real "Scott B.", should this person actually exist and not be a figment of my imagination, will deny that he is a liberal, pedophilic, gangbanger who likes to flash people and burn things up, and who wants to live in Greece so he can get his 'disability' check.

So how do you authenticate the posts? Facebook keeps very limited log in records (known as IP addresses). Plus, IP address are often dynamic (meaning you get a new one every so often). Plus, that does not count all the free and open / unsecured WiFi connections at Starbucks, hotels and public spaces (like downtown SA, Houston, and Dallas) that a person can use in order to make this bogus profile.

This may come as a shock to some of the 'old people' whom I have mentioned in the other Facebook post, but there is NO WAY you can detect that or trace it back to someone looking to set up "Scott B."

[This message was edited by Steve14 on 01-11-12 at .]

[This message was edited by Steve14 on 01-11-12 at .]

[This message was edited by Steve14 on 01-11-12 at .]

[This message was edited by Steve14 on 01-11-12 at .]
January 12, 2012, 09:37
Brody V. Burks
"SODDI" is no different when trying to authenticate a facebook page than it is prove up a burglary- sure, the person can deny that the FB post was from them until they're blue in the face, but extrensic evidence can prove them wrong. Remember what 901 (a) requires of you- that evidence is sufficient to support a finding the FB post is what you say it is. (b)(4) lets you bring in other circumstances to lean on in order to authenticate it. Probably the best way to do this is to find someone else on their friends list that you can call. Ask that person if they're familiar with the person, familiar with the FB page, if they have any personal knowledge of the person posting to the FB page, if the posts represent things that the perp is known to have done, etc. If you've got a disgruntled ex, or a co-defendant who can testify that they know the FB page in question, and they know that the perp is the one who set it up and posts to it, that the things in the postings are things that the perp has talked about doing, then you can kill SODDI petty quickly.

On the technical side, the tracing of IP addresses to a particular computer isn't 100% dispositive, but that doesn't mean that it's not without evidentiary value. If you can get the IP address logs from FB then you can use that as a starting point to subpoena the IP address assignments from the ISP. The ISP can tell you what account was assigned that IP during the time that the FB access occurred. They should also be able to give you the MAC address associated with the IP on the users end. That MAC address *IS* a unique identifier. Think of it as a serial number that's burned into the operating software of every computer, router, modem, access point, etc. Then you can get a warrant to seize the computers and modems. If the FB page was accessed dozens of times from the same IP address, which was assigned to the defendant, which was accessed using the MAC address assigned to the defendant's wireless router in their home... Well, then that's a pretty damn good indication that the perp is the one who was setting up the FB page, isn't it? If it traces to an open network at some public place then you're probably SOL, but if it is indeed postings of the perp, then they're going to be posting from their home. Rather than focus on far out scenarios of what *might* have happened, just follow your case to ground and find out what did. Every single one that I've tracked down through IP and MAC addresses have turned out to come from... SURPRISE! the wireless router in the defendant's house. Is it *possible* that someone sat in their driveway and used their open network to create a fake site? Well, maybe. But if it's being accessed dozens of times over multiple days, that's increasingly unlikely. Is it possible someone else in the household did it? Again, maybe, but you can lean on extrensic evidence that shows the defendant did it.

There's also possibilities given how tied in smartphones and FB are now. If you can get a warrant for, or have already seized the perps cell phone, have it searched for photos. If any of the photos taken on the cell phone (which you know was in the perps' control) are the ones posed to FB then you've killed that defense.

I wouldn't rely on the use of identifiers to authenticate the FB account, since those can be posted by anyone. You'll have to have some sort of extrensic evidence that links the perp to the postings.

For some cases-
Tienda v. State, 2010 WL 5129722 Tex.App.-Dallas,2010 (petition granted). (photos of defendant, along with the Ds unique nickname and comments referring to the defendants case and bond hearings were sufficient to authenticate a myspace page)

Also, see generally the discussion of authenticating emails and texts in Manuel v. State
--- S.W.3d ----, 2011 WL 3837561 Tex.App.–Tyler,2011.

The best discussion of using extrensic evidence to authenticate a FB or Myspace page is from Maryland- Griffin v. Maryland, 192 Md.App. 518, 995 A.2d 791, 806, cert. granted, 415 Md. 607 (September 17, 2010). They used a rule exactly like our Texas 901(b)(4) to admit myspace pages authenticated by outside information where a police officer testified that photographs on the page showed a woman known to be the defendant's girlfriend and correctly identified her by her nickname.

Also, see this discussion of the issue from the ABA:

http://apps.americanbar.org/litigation/committees/trialevidence/articles/051711-authentication-social-media.html
January 12, 2012, 14:26
Steve14
Granted, 1T is pretty easy to k4TcH the n00bs. But its also easy to get pwned by someone with skillz on the intertubes - especially when they do it for the lulz. n0 n33ds to be a haxor when Google is ur friend.

http://www.google.com/search?q=spoof+mac+address&sourceid=ie7&rls=com.microsoft:en-us:IE-SearchBox&ie=&oe=

http://en.wikipedia.org/wiki/IP_address_spoofing

Here are step by step instructions:

http://www.klcconsulting.net/Change_MAC_w2k.htm


For those who do not speak haxor:
http://en.wikipedia.org/wiki/Leet
January 12, 2012, 14:58
Brody V. Burks
Right. And have you ever prosecuted a case where that was even a remote possibility? I'm serious here. Have you EVER seen a case where MAC spoofing created a reasonable doubt?

Look, it's *possible* to use rubber cement, medical grade latex, and a 3d printer to spoof someone's fingerprints, but I'll continue to use them in court. Thx.
January 12, 2012, 15:48
Steve14
To be honest, no I have not. It's easier - and cheaper - to get the low hanging fruit (i.e. n00bs). Sort of like the fools who go to the public library to get their child porn fix or, as recently seen, on an airplane (http://www.foxnews.com/us/2011/11/26/man-arrested-for-allegedly-viewing-child-porn-on-airplane/).

But with Google, it is now so easy to get a step-by-step tuturial on how to do these kind of hax. Sure, for the 'old people', it is a bit beyond their skill set. But not for younger people who are more used to technology and computers. Just like how we now find people making homemade pipe bombs and such for the lulz because of YouTube videos showing them how.

But you do make an extremely valid point - we don't see cases that much where this kind of thing is an issue. The IP trail normally leads right to their homes.
January 13, 2012, 01:10
Steve14
One point I just thought of before bed: Maybe the reason why we do not see more of those kinds of cases (such as I described earlier) is because none of them get to the point where they would cross our desks so they could be prosecuted.

I wonder how often a case (Facebook, harassment or otherwise) does not get worked because once the cops realize that the IP was spoofed or lead to an open WiFi they just dropped the matter. And those no one would know about. Sure, major cases like threats to national security or huge bank fraud and the like get worked cuz the Feds have an unlimited budget and the case is important. But for a city or state, money is an issue.

Just a thought.
January 13, 2012, 03:30
Steve14
I thought I remember reading something here several months back and I know just found it.

The topic was Online Harassment from July 25, 2011.

quote:
Brody V. Burks
Member posted 07-25-11
I've filed a couple cases under 33.07. They take a LOT of resources to go about actually proving who made the posting. Short of getting a confession, it's far more work than any other 3rd that I can think of.



I would be interested in hearing what sort of resources you used that were not so cost effective in cases involving no confession.
January 13, 2012, 08:42
Brody V. Burks
quote:
I wonder how often a case (Facebook, harassment or otherwise) does not get worked because once the cops realize that the IP was spoofed or lead to an open WiFi they just dropped the matter. And those no one would know about.


I can only speak for my jurisdiction, and the answer here is not one. I'm involved in each of the cases that get to the point of GJ subpoenas for IP address records, and I've yet to see a single one that ended up in a spoofed IP address or a public hotspot. They've all traced back to the home of the person who was the suspect prior to any computer investigation occurring. I really think you're seeing a problem which doesn't actually exist.