In recent years, the legal community has generated hundreds of articles addressing the discovery of electronically stored information (ESI). In contrast, there is much less information about the admissibility of ESI, which provides most of the evidence that is introduced in motions practice or trial.1 Obviously, it makes little sense to devote considerable resources to the discovery of ESI unless the attorney also can admit the ESI into evidence for appropriate reasons.2 This article provides a general framework for the admissibility of ESI under the Wisconsin Rules of Evidence by addressing threshold questions of relevance, authenticity, and the application of the hearsay doctrine to computer systems.
Understanding the Terrain: Fundamental Distinctions Between ESI and Traditional, “Paper” Records
Despite its special name, ESI’s admissibility is not governed by separate evidentiary rules. Instead, the admissibility of ESI is governed by existing rules whose application will vary based on ESI’s unique qualities. These distinctions, discussed below, generate legally distinct foundational requirements for the admissibility of ESI.
The first step in understanding the admissibility of ESI is to recognize how different it really is. In the “paper world,” the law looks to the “original” document, or a copy thereof, as authentic and, in most cases, admissible. Unlike paper documents, which are defined by a permanent object and are created by people, ESI is usually a collection of information that can be freely rearranged,3 and it is produced by computer systems that do not contain complete, or always accurate, information about earlier modifications or previous states.4 Absent a physical object, such as a signed contract or authenticated affidavit, the reliability of ESI depends on the examination of pure information (with no document in sight), the integrity of the system in which it is stored, and the purpose for which it is offered.5
In contrast to paper documents, ESI can be changed without detection. This is a key feature of ESI for evidentiary purposes. Unlike a fixed, static object – such as a signed contract created by a person – ESI is produced by systems that do not always contain information about previous versions of the author or the data, including reliable metadata.6 This unique, editable feature of ESI makes it difficult, and at times impossible, to determine whether an electronically signed version of a contract is, in fact, the original agreement. Systems edit documents routinely, as do humans, leaving no way to trace these changes, or completely verify whether a document is original in traditional terms. Absent proof of an original, the authentication of ESI will necessarily depend on other evidence, including circumstantial evidence that invites inferences about the reliability of information and the integrity of the system from which it came.7
Timothy D. Edwards, Wayne State 1989, is of counsel at Cullen Weston Pines & Bach LLP, Madison, and an adjunct lecturer at the U.W. Law School, where he has taught for almost 15 years. His practice focuses on employment law, commercial litigation, and electronic discovery. He thanks Kevin Du, Axley Brynelson LLP, for his significant contributions to this article.
Finally, ESI includes metadata, which is information that software developers or system users have included in an Informational record.8 For example, the Properties tab of a Microsoft Word document displays information about the document, including the author, date created, modification date, and other information. The Track Changes feature, commonly used when editing documents, provides information about the document, its history, and the modifications that accompanied its ongoing creation. Metadata can be altered or deleted by anyone with access to the file, making statements intrinsic in the metadata unreliable.9 In most cases, it is impossible to detect such alterations.
For obvious reasons, the untestability of ESI (that is, the inability to verify the original) presents challenging evidentiary problems. How does the lawyer prove that an electronically signed computerized version of a contract is the original version when it has been stored on his client’s network for the past five years?
In the traditional, paper world, the proponent of this assertion would authenticate the contract by finding a person who is familiar with the document and can attest, through first-hand knowledge, that it is, indeed, the contract in question. If this assertion is challenged, the opposing party could introduce evidence to show that the document has been altered, through either expert testimony or lay testimony that challenges the authenticity of the purported original contract. Through this exercise, the parties focus on the original document and the circumstances surrounding the alleged falsification to determine or refute authenticity. Absent unusual circumstances, the jury will referee this dispute.
This process of authentication is not available with ESI, which can be changed without detection unless a forensic specialist is hired to examine the data. How does the law of evidence address the unique features of ESI in assessing the admissibility of computer records? How can the attorney authenticate a document when it is impossible to rule out modifications and deletions to the current version, including changes to its metadata? Should the law recognize “statements” by computers as hearsay that can be admitted in the proper context? This article answers these and other questions and provides attorneys with the necessary tools for evaluating the admissibility of ESI in most settings.
Lorraine and the Admissibility of ESI
ESI consists of electronic communications, such as emails, text messages, digital photographs, website content, social media postings, computer-generated data, and computer-stored records. The seminal case discussing the admissibility of ESI is Lorraine v. Markel American Insurance Co.10 In Lorraine, the court applied a traditional model of evidentiary analysis to ESI.11 The court suggested that the proponent of ESI focus on five factors to determine admissibility: 1) whether the ESI is relevant,12 2) whether it is authentic,13 3) whether there are hearsay concerns,14 4) whether the original-document (best evidence) rule applies,15 and 5) whether the ESI’s probative value outweighs unfair prejudice that might result from admitting the ESI.16
Relevant evidence “means evidence having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence.”17 “Any evidence that assists in getting at the truth of the issue is relevant; in other words, any fact which tends to prove a material issue is relevant, even though it is only a link in the chain of facts which must be proved to make the proposition at issue appear more or less probable. ...”18
This test is no different for ESI than for any other form of information. The ESI must have the tendency to make a consequential fact more or less probable than the fact would be without the evidence. For example, systems metadata that include the time and date of the creation of a document could be highly relevant to show knowledge, state of mind, or other elements of a claim or defense.
After the proponent of the ESI establishes its relevance, the evidence is still inadmissible “if its probative value is substantially outweighed by the danger of unfair prejudice, confusion of the issues, or misleading the jury, or by considerations of undue delay, waste of time, or needless presentation of cumulative evidence.”19 ESI often includes photographs, videos, or other documents that could be excluded if unduly prejudicial or confusing, such as photographs that have been altered or videos that include edited, gruesome footage with minimal probative value.
Evidence must be authenticated before it is admitted.20 To meet this standard, the proponent of the evidence must introduce evidence sufficient to support a finding that the offered evidence is what the proponent claims it to be.21 With ESI this hurdle appears to be insurmountable, because typically ESI changes over time without detection unless specific precautions are used. As a result, it is difficult, if not impossible, to literally “authenticate” an ESI document as an original with the same level of comfort one would have with a traditional, paper counterpart. The standard for authentication of ESI must take these factors into account by adopting a different test, with the same rule, that ensures that the purported document is what its proponent says it is.
Fortunately, this test is not as difficult to satisfy as one might think. To authenticate ESI, its proponent must establish sufficient evidence to support a finding that the ESI has not been changed since it was originally created.22 Instead of focusing on whether the document is the original, this test requires an inquiry into the reliability of the system that created the document and an analysis of circumstantial evidence, such as comparisons and other safeguards used to preserve the integrity of the information. Here, authenticity is defined by the integrity of the data, which supports a finding that the object has remained whole or stayed the same since its creation.
There are various methods for testing the integrity of ESI. One is that the proponent of the ESI can compare challenged information with information that is trusted, or has integrity. Circumstantial evidence of similarity between two sets of ESI can allow for an inference of integrity under the correct circumstances.23 Some computer users ensure integrity by controlling when, and if, the information is edited (that is, through “read-only” applications). Finally, HASH tags and encryption can be employed to preserve and test the integrity of information in a very reliable fashion. Of course, the integrity of information that is produced by these systems will depend on the integrity of the systems themselves. If they are modified or altered, the inference of integrity does not hold up.
Ways to Establish Authenticity of ESI
Understanding the difference between ESI and paper documents is only the first step in establishing the authenticity of ESI. Originality is no longer the starting point for assessing the authenticity of ESI. Instead, the proponent of the evidence must provide sufficient evidence to support a finding that the proposed ESI has not been changed since its original creation. As a reference point, Wis. Stat. section 909.015 provides a nonexclusive list, identifying how extrinsic evidence can demonstrate authenticity, that applies directly to ESI:
Testimony of Witness with Knowledge. ESI evidence can be authenticated through “[t]estimony of a witness with knowledge that a matter is what it is claimed to be.”24 To satisfy this standard, the witness must provide testimony that tends to establish the integrity of the document, by showing that it has not been changed since its creation. For example, the witness can testify about the process by which the ESI is created, acquired, maintained, and preserved without alteration or change and about the safeguards taken to preserve the authenticity of the information during the production phase. The witness need not have personal knowledge of the particular exhibit, so long as he or she has personal knowledge of how that exhibit is routinely made and why there is sufficient evidence to support a finding of integrity.
Comparison by Trier or Expert Witness. Under this rule, the proponent of the ESI may provide testimony that compares the evidence with specimens that have previously been authenticated.25 This rule either allows an expert witness to authenticate a questioned document by comparing it to one known to be authentic or permits the fact finder to do so. Emails, for example, can be authenticated under this test. Once a similar email has been authenticated and admitted, either through another evidentiary rule or by judicial notice, that email can be used as the basis for comparison, and a strong inference arises that the email offered as evidence has not been changed since its creation.
Distinctive Characteristics and the Like. This rule is the most frequently used to authenticate email.26 It provides that evidence can be authenticated through its “[a]ppearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.”27 Distinctive characteristics in an email, such as the email address or screen name of the person, help authenticate such evidence.28
Further, hash values or metadata may be used to authenticate ESI. A hash value is a “unique numerical identifier that can be assigned to a file, a group of files, or a portion of a file, based on a standard mathematical algorithm applied to the characteristics of the data set.”29 This trait is used to guarantee the authenticity of an original data set and “can be used as a digital equivalent of the Bates stamp used in paper document production.” Other methods, such as encryption or the use of digital signatures, can also establish the integrity of ESI.
Public Records or Reports. Under this rule, extrinsic evidence can be used to authenticate documents when the evidence was “authorized by law to be recorded or filed and in fact recorded or filed in a public office, or a purported public record, report, statement, or data compilation, in any form, is from the public office where items of this nature are kept.”30
The proponent of the evidence must show that the office from which the records were taken is the legal custodian of records. This can be accomplished through testimony of an officer authorized to testify to the custodianship or through a certificate of authenticity from the public office. This test can be used to authenticate records such as tax returns, military records, Social Security records, governmental agency records, and data compilations (which may include online records).
Ancient Documents or Data Compilations. This test permits authentication of documents if the evidence “[i]s in a condition that creates no suspicion concerning its authenticity; [w]as in a place where it, if authentic, would likely be; and [h]as been in existence 20 years or more at the time it is offered.”31 Although this test may not apply now given its 20-year timeframe, the test is important to note given its relation to the hearsay rule. If an ESI exhibit has been in existence for more than 20 years, it can, under Wis. Stat. section 909.015(4), be authenticated. This method of authentication can qualify the exhibit under a corresponding hearsay exception, so that the exhibit may then be admitted for the truth of its contents.32
The Wisconsin Rules of Evidence also permit proponents of evidence to use self-authentication to admit evidence.33 While there are several categories that provide an efficient method for authenticating evidence, three are particularly relevant in the ESI context.
Official Publications. “Books, pamphlets or other publications purporting to be issued by public authority” are self-authenticating under Wis. Stat. section 909.02(5). Thus, an email, newsletter, or website published by a public authority can be self-authenticating.
Trade Inscriptions and the Like. Evidence may be authenticated by “[i]nscriptions, signs, tags or labels purporting to have been affixed in the course of business and indicating ownership, control or origin.”34 Many business or trade communications, such as emails, contain information showing the origin of the transmission and identify the company. Such indicators may be sufficient to authenticate an email.
Certified Domestic Records of Regularly Conducted Activity. Section 909.02(12) of the Wisconsin Statutes provides a method of self-authentication for records of regularly conducted activity. This rule mirrors the requirements of the business-records exception to the hearsay rule.35 The authentication rule states that extrinsic evidence of authenticity is not required if the evidence is an “original or a duplicate of a domestic record of regularly conducted activity that would be admissible under [the business-records exception] if accompanied by a written certification of its custodian or other qualified person.” The proponent must demonstrate that the person is familiar with and can certify that “the record was kept in the course of the regularly conducted activity” and “the record was made of the regularly conducted activity as a regular practice.”36
This method of self-authentication is important to ESI because most business records are now stored in electronic format. And, authenticating evidence in this manner may also result in the evidence being admitted for its truth because it qualifies under the business-records exception to the hearsay rule. To support the admissibility of ESI under the business-records exception, the proponent should demonstrate that the information was kept pursuant to regularly conducted business activity that would satisfy the business-records exception, and that the “business activity” in question ensured the integrity of the information.
After the proponent of ESI establishes that the evidence is relevant and authentic, the proponent must overcome any hearsay objections to the proposed evidence. With ESI, the main issue is whether electronic documents and writings constitute statements by a declarant within the meaning of Wis. Stat. section 908.01(1). A statement is “an oral or written assertion or … nonverbal conduct of a person, if it is intended by the person as an assertion.”37 Hearsay is a “statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted.”38 A declarant is a “person who makes a statement.”39
The application of the hearsay rule to ESI depends on whether a “person” has made the statement, that is, whether the information is computer generated or “computer stored” (input by a person into the system). Often, computers generate metadata that includes assertions. They also create “data sets” (information from a computer-generated analysis), such as a breathalyzer result, results from a speed-detection device, or information on an ATM receipt.
While courts disagree as to whether computer-generated information is hearsay,40 it is difficult to ignore the fact that a computer system often makes “statements” that could be offered to “prove the truth of the matter asserted.” Despite any ambivalence about whether ESI is hearsay, there is no doubt that computer-stored information includes statements by people and systems that invite various exceptions to the hearsay rule if it is, in fact, applied. In the context of ESI, there are several exceptions that can be used to admit such evidence.
Hearsay Exceptions Relevant to ESI
Present Sense Impression. This hearsay exception applies to a “statement describing or explaining an event or condition made while the declarant was perceiving the event or condition, or immediately thereafter.”41 Such statements are an exception to the hearsay rule because given the contemporaneous nature of the statement concerning the event, the dangers of a poor memory are minimized.
As relates to ESI, this exception applies to statements made in emails or other human-generated computer records. Even though such statements are in electronic form, the present-sense-impression exception applies the same way as it does to traditional, hard-copy formats. Further, social-networking messages or posts may also qualify under this exception.
Excited Utterance. This hearsay exception relates to statements concerning “a startling event or condition made while the declarant was under the stress of excitement caused by the event or condition.”42 Like statements covered by the present-sense-impression exception, excited utterances are considered trustworthy because making statements while in an excited emotional state reduces the possibility of inaccurate statements. Therefore, electronic communications, such as emails and social-media postings, may be considered excited utterances as long as they were created under the stress of excitement caused by an event or condition.
Then-existing State of Mind or Condition. Statements “describing or explaining an event or condition made while the declarant was perceiving the event or condition, or immediately thereafter” are admissible based on the contemporaneous nature of the statements. And, as with the previous two exceptions, emails and social-media postings often contain these statements and are good examples for this exception.
Business Records. This hearsay exception is often discussed in conjunction with the authentication of certified records of regularly conducted activity. These records include “memorand[a], report[s], record[s], or data compilation[s], in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge.”43 The records must be generated in “the course of a regularly conducted activity, as shown by the testimony of the custodian or other qualified witness.” Emails and computer-generated records and documents may qualify under the business-records exception, provided that they meet these requirements.
The Best Evidence Rule
After the proponent establishes that the evidence is relevant, authentic, and not hearsay, she still must overcome the best evidence rule. Under this rule, “[t]o prove the content of a writing, recording or photograph, the original writing, recording or photograph is required.”44 Case law in other jurisdictions has established that “so long as it accurately reflects the data,” a printout or duplicate copy of electronic evidence is admissible.45 But proving that the document “accurately reflects the data” can be quite difficult given the malleable nature of ESI and the limited information provided by a mere copy of the most recent version.
To overcome this obstacle, the proponent must establish that the information or data has not changed since it was first created. Absent such proof, the document does not “accurately reflect the data” that gave rise to its creation. Of course, these problems do not apply if the proponent of the evidence seeks to establish that the proposed information is the most recent version of the document in question.
Electronic evidence poses interesting evidentiary challenges. Traditional rule applications such as relevancy and probative value apply to ESI just as they would if the evidence were in traditional, hard-copy form. However, it is often difficult to authenticate ESI because of its dynamic and ever-changing format, requiring a different type of analysis that focuses on the reliability, or integrity, of the information instead of the original status of the document. Once the ESI has been authenticated, the proponent must determine whether computer-stored information raises hearsay problems and, if so, whether an exception to the hearsay rule will allow the evidence to be admitted. Finally, the proponent of the evidence must satisfy the best evidence rule by showing that the document in question accurately reflects the data, which is established by showing that the information in the document has not changed since its creation. If these evidentiary foundations are overcome, the court should admit the ESI and the jury should decide its weight.
1 Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534, 585 (D. Md. 2007).
2 Id. at 537-38.
3 George Paul, Foundations of Digital Evidence 17 (ABA Publishing, 2008). This is an excellent, highly recommended book that provides a thoughtful roadmap of the issues surrounding the admissibility of ESI.
5 Id. at 19.
6 Id. at 17-19.
7 Id. at 51.
8 Id. at 19.
9 Id. at 20.
10 See generally id.
11 Lorraine, 241 F.R.D. at 537–38.
12 Id. at 540.
13 Id. at 541–42.
14 Id. at 562–63.
15 Id. at 576.
16 Id. at 583.
17 Wis. Stat. § 904.01.
18 Oseman v. State, 32 Wis. 2d 523, 526, 145 N.W.2d 766 (1966).
19 Wis. Stat. § 904.03.
20 Wis. Stat. § 909.01.
23 Paul, supra note 3, at 50-52.
24 Wis. Stat. § 909.015(1).
25 Wis. Stat. § 909.015(3).
26 Lorraine, 241 F.R.D. at 546.
27 Wis. Stat. § 909.015(4).
28 See United States v. Siddiqui, 235 F.3d 1318, 1322-23 (11th Cir. 2000) (allowing the authentication of an email entirely by circumstantial evidence, including the presence of the defendant’s work email address, content of which the defendant was familiar with, and use of the defendant’s nickname).
29 Lorraine, 241 F.R.D. at 546-57.
30 Wis. Stat. § 909.015(7).
31 Wis. Stat. § 909.015(8).
32 Wis. Stat. § 908.03(16).
33 Wis. Stat. § 909.09.
34 Wis. Stat. § 909.02(7).
35 See Wis. Stat. § 908.03(6).
36 Wis. Stat. § 909.02(12).
37 Wis. Stat. § 908.01(1).
38 Wis. Stat. § 908.01(3).
39 Wis. Stat. § 908.01(2).
40 Compare, e.g., State v. Armsted, 432 So. 2d 837 (La. 1983) (holding that computer-generated data is not hearsay) with United States v. Briscoe, 896 F.2d 1476, 1493-95 (7th Cir. 1990) (holding that computerized telephone metadata constitutes hearsay).
41 Wis. Stat. § 908.03(1).
42 Wis. Stat. § 908.03(2).
43 Wis. Stat. § 908.03(6).
44 Wis. Stat. § 910.02.
45 Lorraine, 241 F.R.D. at 163.