Wednesday, April 24, 2019

Home | Site Map | Help | Printing




Computer Forensics
  In The News
  DEI News
  Recent Cases
Customer Support

Authenticating Evidence of Internet Chat Room Logs Recovered From A Hard Drive

The Federal Courts have thus far addressed the authentication of computer-generated evidence based upon the same rules, principles and statutes that have existed before computer usage became widespread.[1]  The recent case of United States v. Tank, 200 F.3d 627 (9th Cir. 2000), which involves evidence of Internet chat room conversation logs, is no exception to this trend.

In Tank, the Defendant appealed from his convictions for conspiring to engage in the receipt and distribution of sexually explicit images of children and other offenses.  Among the issues addressed on appeal was whether the government made an adequate foundational showing of the relevance and the authenticity of a co-conspirator’s Internet chat room log printouts.  A search of a computer belonging to one of Defendant Tank’s co-conspirators, Riva, revealed computer text files containing "recorded" online chat room discussions that took place among members of the Orchard Club, an Internet chat room group to which Tank and Riva belonged.[2]  Riva's computer was programmed to save all of the conversations among Orchid Club members as text files whenever he was online.

At an evidentiary hearing, Tank argued that the district court should not admit the chat room logs into evidence because the government had failed to establish a sufficient foundation.  Tank objected that there was no foundation for admission of the chat room log printouts into evidence because: (1) they were not complete documents, and (2) undetectable "material alterations," such as changes in either the substance or the names appearing in the chat room logs, could have been made by Riva prior to the government’s seizure of his computer.[3]  The district court ruled that Tank's objection went to the evidentiary weight of the logs rather than to their admissibility, and allowed the logs into evidence.  Tank appealed and the appellate court addressed the issue of whether the government established a sufficient foundation for the chat room logs.

The appellate court considered the issue in the context Federal Rule of Evidence 901(a), which provides that the “requirement of authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.”  The court noted that "’[t]he rule requires only that the court admit evidence if sufficient proof has been introduced so that a reasonable juror could find in favor of authenticity or identification.'"  United States v. Black, 767 F.2d 1334, 1342 (9th Cir.1985) . . . The government must also establish a connection between the proffered evidence and the defendant. See id.’”[4]

In authenticating the chat room text files, the prosecution presented testimony from Tank’s co-conspirator Riva, who explained how he created the logs with his computer and stated that the printouts appeared to be an accurate representation of the chat room conversations among members of the Orchid Club.  The government also established a connection between Tank and the chat room log printouts. Tank admitted that he used the screen name "Cessna" when he participated in one of the conversations recorded in the chat room log printouts.  Additionally, several co‑conspirators testified that Tank used the chat room screen name "Cessna" that appeared throughout the printouts.  They further testified that when they arranged a meeting with the person who used the screen name "Cessna," it was Tank who showed up.[5]

Based upon these facts, the court found that the government made an adequate foundational showing of the authenticity of the chat room log printouts under Rule 901(a).  Specifically, the government “presented evidence sufficient to allow a reasonable juror to find that the chat room log printouts were authenticated.”[6]

As to the issue of completeness, the court determined that any question of the completeness of the chat room log printouts would have affected the weight of the evidence, and not their admissibility. Additionally, the Court discounted Tank’s argument that because Riva could have made material deletions to the evidence prior to its seizure by U.S. Customs agents, the Government was required to establish that no such material deletions occurred.  Interestingly, Tank argued on appeal that the Government was required to conduct a computer forensic analysis on Riva’s hard drive to ensure that the files in question were not materially altered by Riva prior to the seizure.  The court found otherwise, noting that such an exercise was not required by the Government for authentication purposes, but again, was an issue relevant to the weight of the evidence.[7]

The Tank decision is consistent with other cases that have addressed the issue of the authenticity of computer evidence in the general context of Fed.R.Evid. 901(a).[8] The Tank case illustrates that there are no specific requirements or “magic formula” for the authentication of chat room conversation logs, but that the facts and circumstances of the creation and recovery of the evidence as applied to Rule 901(a) is the approach generally favored by the courts.

[1] Authentication of Computer-Generated Evidence In the United States Federal Courts, (1995) 35 IDEA:J.L.& Tech. 437, 439.

[2] United States v. Tank, supra, 200 F.3d at 629

[3] Id. at 630

[4] Id.

[5] Id. at 631

[6] Id.

[7] Id. at 631, fn. 5

[8] See also, United States v. Whitaker 127 F.3d 595, 601(7th Cir 1997).


  Top of Page   

 © 2001 Digital Evidence Inc. - All rights reserved.