Complex data sources – such as chat messages or a SaaS application’s user interface – are called that for a reason in the world of ediscovery: namely because it’s challenging to reproduce the data in a way that’s useful for attorneys and investigators.
In recent case law, there have been a number of examples of courts requesting screenshots as a way to present the evidence at hand. But do screenshots meet the “best evidence rule?”
Federal Rules of Evidence 1001, 1002, and 1003
In the Federal Rules of Evidence (FRE), Rules 1001, 1002, and 1003 together define “best evidence” when it comes to discovery. Rule 1002 sets the standard for obtaining original documents. However, Rule 1001 states, “Present-day techniques have expanded methods of storing data, yet the essential form which the information ultimately assumes for usable purposes is words and figures. Hence the considerations underlying the rule dictate its expansion to include computers, photographic systems, and other modern developments.”
FRE Rule 1001 goes on to define an admissible copy as being, “produced by methods possessing an accuracy which virtually eliminates the possibility of error.” And Rule 1003 opens the door to using duplicates by stating, “When the only concern is with getting the words or other contents before the court with accuracy and precision, then a counterpart serves equally as well as the original if the counterpart is the product of a method which ensures accuracy and genuineness.”
Recent Case Law Regarding Screenshots as Evidence
One of the best places to look in order to understand the law is by studying how the courts are ruling on specific issues. Here are three recent cases in which screenshots played a role in the production of electronic evidence.
This criminal case involves former high-profile attorney, Michael Avenatti, who was charged with attempting to defraud former clients (including Stephanie Clifford, AKA Stormy Daniels). Avenatti filed a motion stating that his WhatsApp messages could not be used as evidence unless the Government obtained and produced, “the original, electronically stored versions” of those communications.
But in New York District Judge Jesse M. Furman’s ruling, he responds, “It is well established that, if properly authenticated (for example, by a witness with knowledge, such as a participant), screenshots of text messages and copies of electronic communications are admissible,” and denied the defendant’s motion regarding the WhatsApp messages.
In this case, the plaintiff, a high school student, claimed a fellow student and member of the Junior State of American Foundation (JSA), sent “racist and homophobic Facebook messages” to him.
In the initial complaint, the plaintiff provided a .jpeg file showing part of a screen as evidence of the messages at hand. In response to the incomplete evidence, JSA asked Edwards, Sr. (the plaintiff’s father) to provide alternative or additional evidence, including, “for instance, actual screenshots of the messages or the precise date and time of the messages.” However, there was no response to this request.
Later, JSA served written discovery requests to the Edwardses, seeking production of ESI from Edwards, Jr.’s Facebook Messenger account – specifically, “All Facebook Messages in HTML format between [Edwards, Jr.] and Cole Harper between January 1, 2015, and December 31, 2018” – that could prove or refute the authenticity of the alleged Messages. They then explained how to produce native files in HTML format.
As summarized in the court ruling, “Native files are those that originate from the actual application from which they were produced. They are produced in HTML or JSON format and contain metadata that can be used to certify the authenticity of the document. JSA thus sought native files for a self-evident reason: authentication of the Messages.”
In the end, the plaintiff only produced two digital forensics expert affidavits, both of which were after the expert designation deadline, and a forensic report including files from Edwards, Jr.’s phone, but not the requested native Facebook message files, which had been deleted by the plaintiff.
In response, Texas District Judge Sean D. Jordan granted sanctions under Rule 37 of the Federal Rules of Civil Procedure (FRCP) for the plaintiff’s failure to preserve and authenticate the messages.
In this case, the issue at hand was around the production of reports generated by Salesforce, a Customer Relationship Management (CRM) tool. The plaintiff produced reports via screenshots of the Salesforce dashboard. The defendants couldn’t produce the same reports, because they “were not free-standing, fixed reports,” and could only produce Salesforce’s historical data exported to a Microsoft Excel spreadsheet.
But in response, Magistrate Judge Michael Hammer ordered, “to the extent possible, Defendant shall produce the reports in screenshot format in addition to the Excel spreadsheet format already produced. Counsel shall schedule and take the Rule 30(b)(6) deposition of a Defendant representative on this issue if Defendant maintains that it cannot produce the screenshot format.”
The defendants argued that “it is not possible to give Plaintiff this actual information in the form of screenshots of the Salesforce Dashboard due to the dynamic nature of the platform.” But the court ruled that “it is precisely because of this latter argument that Judge Hammer afforded Defendants the option of providing an appropriate representative to testify at a Rule 30(b)(6) deposition on Salesforce’s functionality and how it reports or maintains the data at issue,” and the defendants’ appeal was denied and Judge Hammer’s text order to produce Salesforce data as screenshots or submit to a 30(b)(6) deposition was affirmed.
Using Technology for Authentication is the Future
When it comes to capturing the dynamic nature of collaboration, chat, and dynamic SaaS application data, case law has shown that there are many ways to do so (including the use of screenshots) but that the overarching necessity of production is the authentication of the evidence.
In the first case, the judge stated that screenshots could be used if they were authenticated by a witness. In the second, sanctions were levied against the plaintiff for failing to authenticate social media messages. And in the third, authenticated screenshots were required to supplement the data produced in spreadsheet format because the dynamic nature of the user interface was an important part of the data required in the matter.
So yes, screenshots may be used, but they must be authenticated. And, as has been shown through the evolution of legal technology regarding the collection and production of emails, ensuring defensibility is of primary importance.
That’s why, as more and more complex data sources continue to be requested as part of discovery – social media platforms like Facebook, messaging apps like WhatsApp and Slack, and complex SaaS tools like Salesforce – attorneys will need to utilize technology that collects and stores these dynamic data sources in a forensically-sound, unalterable way that provides a complete audit trail – including the hash value for the collection in the metadata – demonstrating a defensible process.
Because let's face it, these data sources will only appear more and more often in both criminal and civil cases, and going through the process of authenticating screenshots and other forms of copied data does not lead to a speedy and just outcome in these matters.
To learn more about how ediscovery technology can help authenticate collaboration and SaaS applications, download Hanzo’s Guide to Litigation and Ediscovery!