Instant liability
Tracey Stretton explores whether social networking data in integrated technologies can be used in litigation proceedings
As we increasingly turn to social networking sites to conduct day-to-day communication, it is perhaps not surprising to hear that social networking is predicted to replace email as the dominant form of communication for some businesses by 2014.
Fifty-seven per cent of Britons have used social networking sites this year, compared to 43 per cent in 2010, according to The Office of National Statistics.
The pervasiveness of social networking is best illustrated by this analogy: if Facebook were a country, it would be the world’s third largest, behind China and India, and ahead of the United States.
Statistics show that more than one billion pieces of content (status updates, blog posts, photos and so on) are shared daily on Facebook, up from 1.5 million a year ago.
The power of social networking was all too apparent in the recent riots in London and other cities in the UK. Using Blackberry handsets, rioters were able to rapidly mobilise and coordinate acts of vandalism, theft and violence using BlackBerry Messenger (BBM) – a closed social networking service that is free, instant and encrypted, making it difficult for authorities to track usage.
In the aftermath, as the government considers whether it will block sites like BBM and Twitter during times of violent unrest, some of those arrested have been charged with inciting riots using the BBM service. The role that electronic evidence like this has to play in legal proceedings is about to undergo judicial scrutiny in the UK.
Social networking is not, however, only for teenagers with smartphones. Law firms are increasingly turning to sites such as Twitter, Facebook and LinkedIn to market their services and strengthen their relationships with clients.
Google+, the newest kid on the social networking block, is offering a new range of communication features. Social networking is integrating with other services like YouTube and gaming software, resulting in a richer stream of video-enhanced communication.
Businesses need to manage these newer forms of communication, as they may be obliged to preserve and produce the information generated to comply with regulations and to use in future legal proceedings. As newer forms of technology continue to evolve, firms should also consider how their social media policies need to adapt to prevent confidential information from streaming onto public networks.
Implications for litigation
In the UK, litigating parties must carry out a reasonable search for documents and disclose these to the opposing side.
The Civil Procedure Rules define a document broadly as “anything in which information of any description is recorded”. This explicitly includes email and other electronic communications that are readily accessible from computer systems and other electronic devices and media that are stored on servers and back-up systems, and even deleted data.
The electronic information created and stored on social networking sites is therefore generally subject to disclosure in litigation. It may even be more valuable than more formal sources of evidence, because of the informality and spontaneous nature of online communications.
Information gleaned from social networking sites can be relied upon in court to establish or bolster a point made by a party in a case. Documentary evidence is of course admissible and electronic messages like emails and text messages have been viewed as documents for some time.
More recently, postings, messages and activity logs from Facebook and other social networking sites have been relied upon in litigation. In order for evidence to be admissible, it must, however, be relevant and reliable. The trial judge essentially performs a gate-keeping role in excluding unreliable evidence. While relevance is fairly easy to assess on the facts of a case, it is more complex to show that evidence is reliable enough to be admitted. You must be able to show that the source of the evidence makes it reliable and that the message is authentic.
The Blackberry BBM service can still be relied upon to safely and securely deliver messages without interception and alteration. However, you will need to demonstrate a chain of custody from the original author to the present holder of the message and that it has not been tampered with or fabricated. If evidence is collected by a forensic expert following proper procedures, there is a greater chance that it will be admissible. If its reliability is questioned, the expert can testify about the procedures followed.
Even if a BBM message is proven to be reliable evidence, you may still have to prove who sent it. In Applause Stores Productions & Matthew Firsht v Grant Raphael [2008] EWHC 1781 (QB), a UK case involving defamation, a false Facebook profile and Facebook group were created and private and defamatory information was published on these pages about one of the claimants.
The claimants’ solicitors obtained a disclosure order against Facebook for disclosure of registration data provided by the user responsible for creating the false material, including email addresses and the IP addresses of all computers used to access Facebook by the owner of those email addresses.
The evidence established that the false profile and group were created by a computer at the defendant’s home, but he alleged that a stranger visiting his flat had used his computer, without his permission, and created the false profile and group.
A composite activity log of the defendant’s Facebook usage was created and the judge considered the pattern of usage apparent from this log. He concluded that the only sensible inference was that the defendant had created the false profile and group and was responsible for publishing the defamatory material.
Privacy is another contentious area and there have been a number of cases in the US recently where parties have claimed that social networking evidence is private and not discoverable.
In Romano v Steelcase 907 NYS 2d 650 (21 Sept 2010), a personal injury action, the defendants sought access to the plaintiff’s current and historical Facebook and MySpace accounts, including deleted pages containing information inconsistent with claims she made about the extent and nature of her injuries.
The court found that public portions of the plaintiff’s social networking sites contained content that was material and necessary to the litigation. It held that there was a reasonable likelihood that the same would apply to information on private portions of the websites.
Despite the plaintiff’s objections on privacy grounds, the court held that the production of the social network account entries would not violate privacy rights, with reference to the privacy disclaimers in MySpace and Facebook policies.
In addition, it found that the need to access private information in the case outweighed any privacy concerns. Preventing access would contravene strong public policy in favour of open disclosure and condone attempts “to hide relevant information behind self-regulated privacy settings”.
The court noted that it was perhaps wishful thinking to have a reasonable expectation of privacy on social networking sites, since the very nature and purpose of these sites is to share personal information.1
New technologies
Google has just entered the social networking fray and launched its new ‘plus’ social networking service, which garnered 25 million users during its three-month field test.
The new service, like Facebook, allows users to maintain a profile where personal information may be posted, including photos and videos. Google+, however, comes with Circle, Huddles, Sparks and Hangouts, all of which allow users to collect and share information in increasingly tailored and novel ways.
Circles allows users to organise contacts into groups – friends, colleagues, clients and acquaintances – and into tiered levels of access so that the information which is shared is distributed to only those circles that have permission to view it. This is becoming more important as sites like Google+ are used for private and business purposes and users increasingly have contacts and content they need to keep separate.
Arguably, the more steps which are taken to mark social networking data as private, the stronger the case for withholding such data in litigation. However, based on current case law, if the evidence is relevant and not privileged, it is very likely that it will need to be disclosed anyway.
Another novel feature of Google+ is the Hangout application, which allows users to invite their contacts to engage in a group video chat, while watching a video uploaded to YouTube. These new integrated technologies create new opportunities for sharing rich information sources and interacting with other users. They are bound to create new and potentially relevant evidence trails.
Other new technologies allow users to upload images and video to their social networking pages. Xbox Kinect, a full-body interactive gaming system, records users’ activities in pictures and videos. These are stored on the game console and can be shared with other users of Xbox Live or posted to a user’s Facebook or Twitter pages.
The Xbox console is effectively a storage device and a source of potentially relevant evidence. In a personal injury case, a defendant accessing public portions of the individual’s Facebook account may find publicly viewable photographs of the claimant playing the popular Xbox game Dance Central, which requires rigorous dance moves and physical activity.
Apart from seeking access to the claimant’s Facebook account, the defendant may also demand disclosure of data stored on the Xbox console to check if further photographic evidence exists.
Managing policies
It is therefore imperative for firms to adapt, implement and enforce social networking policies that define acceptable usage of social media.
Usage policies should clearly establish what employees’ privacy expectations are and the organisation’s right to monitor social networking during the work day, or while using firm-issued equipment and accounts. There is no one-size-fits-all approach – firms need to take into account local laws and culture, as well as applicable industry regulations when crafting their own policies.
Regulatory bodies such as the US Securities and Exchange Commission and UK Financial Services Authority have stringent requirements for the retention of instant messaging; these also need to be taken into account in document retention policies.
Social networking policies should also be intertwined with data security protocols. Only authorised employees should be allowed to share public information on public sites, and all staff should be reminded not to share confidential information in public forums, including social networking sites, blogs and open message boards.
Employee training on social media policies should be provided on an annual basis, with appropriate refresher training for new developments, acquisitions and mergers. It may be wise to form a social media monitoring team to proactively monitor social media streams and sites.
It is also worth considering issuing litigation holds to third-party service providers when litigation is reasonably anticipated, to ensure that social networking evidence stored in the cloud is preserved.
Social networking is here to stay and we will no doubt see more use of these services as organisations think of innovative ways to build relationships with clients, predict their needs and deliver tailored products and services.
Firms should therefore proactively address the potential risks that flow from this new stream of information in terms of regulatory compliance, disclosure obligations in litigation and data security breaches. Evidence will always gather where people are interacting and spending time, so it is essential to stay plugged in to these new technologies when it comes to fact finding.
tstretton@krollontrack.co.uk
Endnote
1 See also McMillen v Hummingbird Speedway No. 113-2010 CD (CP Jefferson 9 Sept 2010) and Zimmerman v Weis Markets No. CV-09-1535 (CP Northumberland 19 May 2011)