United States: Pending New Jersey Criminal Case Highlights The Need For Clarity On What Aspects Of Digital Forensics Evidence Are Admissible Without Expert Testimony

Imagine DNA evidence without a scientist explaining it to the finder of fact?  Face it– alleles, reference samples, and the fine line distinctions between mitochondrial DNA and nuclear DNA are not the things that most cocktail party conversations are made of.  When DNA evidence is examined in the courtroom, it is done with the guidance of expert witnesses.

Nearly two decades ago, when  the public's understanding of the internet was as primitive as that memorable, yet now extinct dial up noise that we all heard before making a connection the "information superhighway" through our telephone lines, the world was fixated with the O.J. Simpson trial.  Beyond the fact that every move at the trial was nationally televised such that the players became household names, the CSI generation was born out of this case, dubbed the trial of the century.

In People of the State of California v. Orenthal James Simpson, the government attempted to complete the logical connect the dots exercise between droplets of blood found at the gruesome scene of a double homicide with fresh wounds found on the hands of a retired football hero turned movie star, sideline reporter, and national pitch man.  Defense lawyers picked apart the government's handling of the blood evidence, effectively demonstrating an alternative hypothesis for the presence of the victim's blood in places where it was inconceivable for it to be, absent some involvement by the defendant, on its way toward building the reasonable doubt necessary to acquit Mr. Simpson.  Today, DNA evidence is used routinely to successfully exonerate individuals whose liberty has been wrongfully taken from them, and, accordingly, it has earned its hallowed place as an instrumentality for ensuring that justice is served.

DNA evidence is to helping solve biological phenomena what digital forensic evidence is to helping answer questions about matters concerning the digital universe of connectivity that dominates our contemporary way of life.  The nature and character of DNA evidence is such that it must generally be explained through the carefully elicited testimony of a competent expert witness.  As many episodes of CSI as one might watch, it does not truly make someone versed enough in the science to fully grasp the relevancy and implications of the evidence.  Digital forensic evidence is, in many ways, very similar.  While many of us have a general understanding of how our "digital DNA" burns its way across cyberspace in the form of emails, text messages, and social media posts, retroactively reconstructing an event through digital forensics – at least competently and reliably – still involves significant skill, proven methodologies, and specialized tools. For instance, imaging a computer hard drive or a computer server, to be done properly, must be done using a write block device.  If a write block device is not employed, and a mere non-forensic copy of the data is made, the data could be rendered useless in a legal proceeding due to, among other things, the corruption of crucial dates and other metadata needed to create the timeline of events and cast of characters necessary to deduce the who, what, when, where, and why that motivates the inquiry in the first place.

State v. Brown is a pending criminal case in Essex County, New Jersey involving allegations that the defendant tweeted a nude video of his former girlfriend.  The defendant is charged with two counts of invasion of privacy for allegedly covertly videotaping the woman as she got ready to take a shower.  Allegations such as this have become commonplace in today's society, where anyone with a cell phone can become an amateur producer on a whim, wherever and whenever, however private the moment.  So called "revenge porn" – where a jilted ex-lover publicly shares an otherwise private, intimate photo or video out of scorn after a relationship ends – has prompted legislative action in, at last count, 12 states in the U.S., as well as in Israel, Great Britain, and Germany, among other places, to provide enhanced criminal penalties for such conduct.  With the expanded scope of potential criminal liabilty that has resulted from these legislative enactments and the general focus on privacy brought about by the continued emergence of the "internet of things," there is an enhanced need to ensure that the digital foresnics that are central to these cases are sound and free from surmise, innuendo, and unproven assumptions.  It is more than just a need for the system to adapt in order to understand evolving technologies, its a consitutional prerogative.  We have learned too many lessons from mistakes that have been demonstrated with DNA evidence or the lack thereof not to apply them to another similar emerging science.

The trial judge in State v. Brown  issued an order requiring the prosecution to get an expert witness to explain how the government could tie the tweet in question to the defendant.  The prosecution argued on interlocutory appeal of that order to the Appellate Division that a detective could testify as to the steps she took in purportedly linking the tweet to the defendant, and, therefore, that an expert witness was not necessary.

According to the Appellate Division, the investigation in State v. Brown can be summarized succinctly as a series of steps taken by detectives with the Essex County Prosecutor's Office:

• First, upon discovering the nude footage of herself and identifying the voice of the male subject in the recording as that of her former boyfriend to police, the alleged victim provided the defendant's cell phone number to detectives.
• Second, detectives were granted a commutations data warrant to obtain information from Twitter about the Twitter account that tweeted the video with the hope of linking that account to an individual Twitter user.  The results of that warrant, the government alleges, led to information about the IP address from which the Twitter account responsible for publishing the video had first been created.
• Third, according to detectives, armed with the IP address from which the Twitter account responsible for the tweet was created, detectives were able to ascertain that the IP address was registered to the manufacturer of Blackberry smartphones.  Detectives claim that they were able to deduce ownership of the IP address through a "reverse IP lookup" on the publicly available, web based database called DomainTools.
• Fourth, after determining that the IP address meant that the tweet originated from a Blackberry brand smartphone, detectives claim that they then subpoenaed subscriber information from Blackberry for the IP address that detectives were able to identify from their communications data warrant to Twitter.  The detectives' subpoena requested subscriber information for an identified one hour and forty-five minute period corresponding to the time of the tweet in question.
• Fifth, in response to the subpoena, detectives claim that Blackberry requested the user's International Mobile Equipment Identity or International Mobile Subscriber Identity numbers.
• Sixth, detectives apparently issued a grand jury subpoena to the defendant's cellular provider for the information requested of them by Blackberry.
• Seventh, armed with the unique identifiers for the defendant's cell phone that were furnished to detectives by the defendant's cell phone provider, Blackberry responded to the subpoena served upon it by informing detectives that a  Blackberry device at the IP address provided by Twitter downloaded TwitVid, an app for posting photos and videos to Twitter.  The information received from Blackberry, detectives claim, also provided an email address for the individual that allegedly downloaded the app.
• Finally, detectives claim that they served a subpoena on Microsoft for subscriber information regarding the email address provided to them by Blackberry.  They claim that the response from Microsoft revealed that the email address provided to Twitter when the Twitter account responsible for the tweet in question was created belonged to the defendant.

The trial judge remarked that "[a]fter poring over these records, and aided by both parties' written submissions, this Court has experienced significant difficulty and confusion in attempting to discern exactly how the records link the Defendant to the particular video in question."  The trial judge went on to conclude that "the concepts required to establish this inferential link are 'so esoteric that jurors of common judgment and experience cannot form a valid judgment' about whether or not Defendant uploaded this video."  (Citing Butler v. Acme Markets, Inc., 89 N.J. 270, 283 (1982)).  The trial judge reached this conclusion without conducting a hearing pursuant to Rule 104 of the New Jersey Rules of Evidence.  This proved to be a sticking point upon appellate reivew of the trial court's decision, but the case still  highlights the need for clarity as to where lay witness testimony regarding digital forensics ends and where expert testimony must begin.

Rule 104 of the New Jersey Rules of Evidence, like its nearly identical counterpart pursuant to the Federal Rules of Evidence, generally provides that trial judges are the gatekeepers of questions pertaining to the relevance and admissibility of evidence.  In that function, the trial courts are vested with broad latitude to explore the relevance and admissibility of evidence – short of assigning weight or assessing the credibility of that evidence – as a threshold matter, outside of the presence of the jury.  Rule 104(a) of the New Jersey Rules of Evidence, like Rule 104(a) of the Federal Rules of Evidence, also provides that trial courts are generally not bound by the other evidence rules, with the exception of certain narrow exceptions like privilege, in assessing issues of relevance and admissibility.

In an unpublished opinion, State v. Brown, 2014 WL 4450430 (September 11, 2014), the Appellate Division – New Jersey's intermediate appellate court directly beneath the New Jersey Supreme Court — concluded that there was an insufficient factual record below to determine whether expert testimony was necessary in order to link the digital evidence secured by detectives to the defendant. The Appellate Division remanded the case back down to the trial court, and ordered a hearing pursuant to Rule 104 of the New Jersey Rules of Evidence.  That hearing will explore the specific question of whether a prosecutor's office detective is qualified to present evidence that allegedly links a tweet to the mobile telephone of the defendant, or if all or part of such testimony must be presented through a duly qualified expert.  Given the statements of the trial court initially when ordering the prosecution to enlist an expert, it is likely that this will not be the last that we hear of State v. Brown in connection with the admissibility of non-expert opinion testimony in the area of digital forensics.

Cases involving more traditional, non-technical legal analyses are illustrative of the problem presented in Brown.  In 2011, the New Jersey Supreme Court decided State v. McLean, 205 N.J. 438, a case involving whether or not a police officer could provide lay opinion testimony that the defendant was engaging in hand-to-hand drug transactions.  In McLean, New Jersey's highest court determined that allowing a police officer to offer conclusory testimony that a defendant was engaged in hand-to-hand drug transactions, even when questions from the prosecutor were couched in such a way as to draw on that officer's experience and training, would be tantamount to "authoriz[ing] every arresting officer to opine on guilt in every case."

The battle lines are clearly drawn for a showdown on whether the government can offer non-expert opinion evidence on digital forensics topics in criminal proceedings, and the implications in our increasingly digitized world are immense.  The New Jersey Supreme Court's decision in McLean, warning of the slippery slope presented when the testimony of police officers moves from the mere recitation of facts to officers offering unqualified opinions interpreting those facts, appears to underpin the careful attention to detail that is necessary when handling criminal cases involving digital forensics.  One conclusory word or phrase in an officer's testimony could move the fate of a criminal defendant out of the hands of the jury and into the hands of the arresting officer.

As the United States Court of Appeals for the Sixth Circuit aptly put it in United States v. Ganier, 468 F.3d 920, 936 (6th Cir. 2006), "[s]oftware programs such as Microsoft Word and Outlook may be as commonly used as home medical thermometers, but . . . forensic tests . . . are more akin to specialized medical tests run by physicians."  Personal injury cases have always necessitated physician testimony to substantiate a particualar diagnosis.  That testimony is then subjected to cross-examination, and a finder of fact weighs the credibility of that testimony.  When one's liberty is at issue, coupled with the expanding reach of the criminal law in complex, hyper-technical areas, the need for expert testimony is arguably even more compelling.

The emerging state of the law in the area of digital forensics presents some interesting opportunities for impactful advocacy aimed at protecting the fundamental rights of those standing accused of a crime.  All indications are that State v. Brown is a case to watch.

Originally published September 25, 2014

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.