Please ensure Javascript is enabled for purposes of website accessibility

When TMI on social media spells trouble

Why some people take pride in the fact their Facebook profile emulates an episode of Tosh.0 is beyond me. (I am not saying that I don’t watch the show and laugh hysterically. But, simultaneously, I do wonder why people put some of this stuff up on the Internet for the entire world to see.)

While Facebook has been in the news recently for its upcoming IPO, another story, about Facebook privacy, caught my attention on the radio as I was brushing my teeth this morning. Apparently, Facebook is still working on deleting photos from its servers in a timely manner nearly three years after the issue was brought to Facebook’s attention.

Have you ever deleted a horrific photo on Facebook that was posted by a “friend?” Well, you may not have really deleted it. Photos “deleted” from Facebook seemingly never go away if you have a direct link to the image file on Facebook’s servers. Just imagine the joy felt by those individuals who had the common sense or foresight to delete photos because they didn’t want retaliation from an employer, wanted to avoid family drama or uploaded a photo of a friend without permission, to name a few reasons, when they discovered the photo would remain accessible for an indefinite amount of time as long as someone had a direct link to the .jpg file in question.

A few months ago, I had to research the discoverability of information and data on a Facebook (or other social media) account and profile. From the limited guidance published by a few jurisdictions, it seems that a party would likely succeed in requesting Facebook information and data during the discovery process. The court’s interpretation of federal Rule 26(b)(2)(c) allows for an extremely broad scope of relevancy.

While Maryland courts have not ruled on this broad scope of relevancy as it pertains to social media discoverability pursuant to Rule 26(b)(2)(c), it has ruled on its reliability and authentication. In April 2011, the Maryland Court of Appeals reversed the conviction of Antoine Griffin, which was based on evidence gathered from a MySpace profile of Griffin’s girlfriend. The Court of Special Appeals had ruled the police officer proffered by the state as an authenticating witness was sufficient to authenticate the MySpace profile printout. (A law professor from Chicago gave a great summary of this case on his blog and I will highlight some points here.)

The Court of Appeals ruled that the trial judge abused his discretion in admitting the MySpace evidence pursuant to Maryland Rule 5-901(b)(4) because the picture of Griffin’s girlfriend, Jessica Barber, coupled with her birth date and location, were not sufficient “distinctive characteristics” on a MySpace profile to authenticate its printout, given the prospect that someone other than Barber could have not only created the site but also posted the “snitches get stitches” comment.

The potential for abuse and manipulation of a social networking site by someone other than its purported creator and/or user means a printout of an image from such a site requires a greater degree of authentication than merely identifying the date of birth of the creator and her visage in a photograph on the site.

The Court of Appeals also recognized the decisions of other courts when they were called upon to consider authentication of electronically-stored information on social networking sites, which have all suggested greater scrutiny because of the heightened possibility for manipulation by individuals other than the true user or poster.

After citing a laundry list of such cases, the court then cautioned that

we should not be heard to suggest that printouts from social networking sites should never be admitted. Possible avenues to explore to properly authenticate a profile or posting printed from a social networking site, will, in all probability, continue to develop as the efforts to evidentially utilize information from the sites increases.

The three existing methods are:

(1) The most obvious method would be to ask the purported creator if she indeed created the profile and also if she added the posting in question, i.e. testimony of a witness with knowledge that the offered evidence is what it is claimed to be.

(2) If the alleged creator denied creating the profile or posting the entry, the second option may be to search the computer of the person who allegedly created the profile and posting and examine the computer’s Internet history and hard drive to determine whether that computer was used to originate the social networking profile and posting in question.

(3) A third method may be to obtain information directly from the social networking website that links the establishment of the profile to the person who allegedly created it and also links the posting sought to be introduced to the person who initiated it. This method was apparently successfully employed to authenticate a MySpace site in People v. Clevenstine, 68 A.D.3d 1448, 891 N.Y.S.2d 511 (N.Y.App.Div. 2009).

Has anyone been shutting down their social media profiles to protect themselves? I never update my Facebook profile with status messages anymore, and all of the photos on my profile are fairly mundane. What are your thoughts on the discoverability of social media?