back to article Legal expert: Letters can be evidence, so can Facebook

Private things turn up in court cases. This has always been the case, and there are many people in jail, paying fines or out of a job because of what they have said or done in private. Yet when a court wants to use material from a social networking page in a case, there is a web-wide sharp intake of breath. There are …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Handing over passwords

    "What will rightly give some observers cause for concern is that the court agreed to demand the handing over of Zimmerman's usernames and passwords."

    Although I am uncomfortable with the idea of someone's passwords being handed over in such a manner I suppose the important question would be whether similar actions would be taken with "physical" media.

    Say, if his bosses thought there was something incriminating stored in his garage would the courts demand Zimmerman hand over the garage keys?

    1. Bluenose

      Fishing expedition?

      Have to agree with Lee. Asking for user names and passwords on the basis that there MIGHT be something that supports their case is not something that a court should agree. Even in major litigation cases both sides have to show that there is good cause before being granted the information. And in search situations, even the police need to provide evidence of probable cause before they can get a warrant.

      Don't think that this decision was a good one. Especially as the article is mixing requests for information made by courts (which is one thing) and the requests for information by a defence team.

      1. Anonymous Coward

        Proper discovery is one thing... passwords and user IDs is a whole different thing

        Having been involved in a few discovery requests, in the e-mail world the court has to officially determine the criteria and scope for the search. Most typically, this will mean date ranges, keywords, communications to/from certain individuals, etc. I have never seen a situation where the discovery was for everything in a user's inbox, which is essentially what this is allows.

        I would imagine, for example, that if the evidence in question were credit card receipts in someone's house... the court could file for discovery of said receipts, but not hand council the keys to that person's house to rummage through and see what they find.

        Proper discovery is scoped discovery... this is madness (Sparta)

        1. Alister

          @AC Proper discovery

          Whilst i don't condone what happened in this case, I would contrast your idea of the criteria and scope being limited with the increasingly common practice of seizing a person's computer in criminal cases where there is believed to be data which could be used as evidence. In those cases, they certainly don't limit their search and access to just the relevent data.

          Being a Brit, I don't know if federal and criminal law have differing rules about evidence seizure compared to civil law in the US?

          There was also the recent well publicised case where Federal officials removed a whole rack of servers from a data center although the evidence they were after was confined to only a single virtual host running on the shared hardware.

          To use your analogy, that would be like handing over the keys to a whole apartment block, instead of just the apartment of the accused.

  2. Sir Runcible Spoon


    So, if I were to use a social web site, I should pgp sign all my statements so that anyone hacking into my account can't give false testimony on my behalf? After all, it's a lot easier to fake an SMS or web posting than my actual handwriting (as in diaries/letters etc.)

    1. AGirlFromVenus

      in the UK, waste of time

      ...because the state can demand your private key, and thus a PGP signed document is meaningless in terms of authenticity.


      1. John G Imrie

        You've got the wrong end of the stick

        This is not to encrypt the data to stop someone else seeing it, but to digitally sign it to prove it was your post.

  3. Anonymous Coward
    Big Brother

    Handing over login's?

    Not without a warrant!

    1. Jason Bloomberg

      Or a Court Order

      But in this case the court has so ordered and it would likely be contempt at least not to comply.

      Everyone may think it's extreme to have to hand over passwords but that's little different to an Anton Piller order and its successors which grant a right to enter and rummage about to find what they are looking for. No, they shouldn't be granted for fishing expeditions but is there any evidence here that shows it has been?

      1. Naughtyhorse

        and when the first post...

        is me poking my lawyer.

        it's all inadmissable :D

        (yer know i thought about law as a profession, would have done so. but for the rigour of the exams, people come staggering out of exams saying 'god that was rigourous!' so i beame a coal miner, much less rigorous, in fact 1 question; 'what is your name?' I got 50% at mine)

  4. Pete 2 Silver badge


    One big difference between a written, tangible piece of evidence such as those traditionally considered and an entry in a blog, or tweet is being able to demonstrate that the pattern of bits a lawyer wishes to put before a court are the same bits that the person actually wrote.

    So while it's possible, if not easy, to determine if a written entry has been forged or altered that isn't necessarily the case with a piece of computerised evidence. For example, if the website in question passes stuff through a spell checker, or censor before publication - is that then what the person actually wrote? Also is the entry put before a court the final piece of work - complete with corrections, second-thoughts about the content and rewording/clarificatiosn, or is it merely one of the drafts that best supports whichever view the lawyer wishes to promote?

    At best "evidence" from a website/forum seems to me comparable to evidence written in pencil: not permanent, easily altered (either before or after the evidence gathering process) and possibly only has the status of a doodle on a post-it, rather than a literary masterpiece from a professional letter-writer or diary-keeper, with the difference in intent and prior thought that goes into it.

    If I was on a jury, I would definitely be highly skeptical of a FB entry presented to me as evidence. And if the evidence had been obtained from the prosecution using the owner's password to obtain it, I'd probably discount it unless the site itself could prove it was what the person had written and meant to have published.

    1. Jimbo 6
      Paris Hilton

      "If I was on a jury, I would definitely be highly skeptical..."

      However, you sir obviously have considerably more grey matter between your ears than most of the poulation. Your average lunghead would almost certainly take anything on Facebook (or the News O' T' Screws, or the Daily Heil) at face value.

      "Think of how stupid the average person is, and realize half of them are stupider than that." --George Carlin

      Paris, cos, well, duuh.

  5. Christoph

    Read only

    Once they have his passwords the evidence is invalid, since they can forge and alter what is on there. So it's not admissible any longer.

    They should have read only access at most. Perhaps have defendant log in then page through what is there so they can see? Or have the web site supply the information? But NOT the passwords. That not only lets them forge messages in his name, it gives them access to the private information of friends of his on the site who have trusted him with access to their information. That cannot possibly be justified - those friends have nothing to do with the case.

    1. Fred Flintstone Gold badge

      Not quite.

      Such evidence tends to be gathered in the presence of witnesses, whose sole job is to observe and establish the start of an unbroken chain of evidence. Any attempt to push material in would (as you rightly state) invalidate the evidence, and it is thus the task of the people gaining access to prevent such changes from happening.

      AFAIK it's even possible to order a change of password to prevent any further changes to the account.

    2. Anonymous Coward
      Thumb Up

      Not sure who downvoted you

      ...but chain of custody is a *BIG DEAL*. Industry standards exists for data handling of, for example, e-mail during discovery... but when it comes to this stuff, well, who knows.

    3. Tom 13

      You can't let the defendant keep the password either.

      If he has unfettered access, he can delete the incriminating evidence. The site has to be frozen by a third party, possibly even an officer of the court, for purposes of the trial.

  6. Anonymous Coward
    Big Brother

    Trawling the Sheeple

    The more the Sheeple put their lives on display on this social networking crud, the more various parties will consider it a legitimate place to trawl for information.

  7. Anonymous Coward

    I'd rather reset a password...

    ... instead of giving it to someone, even if the boss order me to hand it over. You see, in my paranoid point of view, the choice of password does give the receiver an inside look into your mind. So in my view, the choice of a password is something that should be guarded, and unless a very series crime have been committed, it must never be handed over, only reset.

    and in the case of facebook, it won't surprise me to find out that the user is using that same password on other site, including webmail, finical and shopping sites. The receiver of the password will have _far_ more of an access then what the court have intended for him/her to have.

    any way, in this case, why didn't the court order facebook to hand the data over instead of giving free access to the other party?

    1. Anonymous Coward

      Re: I'd rather rest a password...

      sorry guys, typing mistake, in the 2nd paragraph, the word should have been "financial" instead of "finical" in "including webmail, finical and shopping sites."

    2. Fred Flintstone Gold badge

      Errm, cough..

      So you're suggesting that setting a password to "ilikesmallchildren" as a Catholic priest is not advisable then?


      1. Naughtyhorse


        it's bloody well obligatory if you want to get on in thei church sonny!

    3. Dave 120

      Password reset

      Nothing wrong with resetting your password as you're suggesting, in fact it'd be good practice.

      As for why the court didn't ask Facebook, why should it? You're before it and it has the power to order you to hand over the info. If they wanted to search your house they don't ask the landlord or mortgage company.

      If you then wanted to claim that the update you posted 6 months ago that your friends have commented on was 'planted' there you could. Good luck with that.

      1. ElReg!comments!Pierre

        @Dave120: you have it backwards

        "If they wanted to search your house they don't ask the landlord or mortgage company."

        Ha but in this case the login info is not passed to the court, it's passed to the adverse party. They should definitely have asked the info from Facebook instead.

        "If you then wanted to claim that the update you posted 6 months ago that your friends have commented on was 'planted' there you could. Good luck with that."

        No need. The adverse party has the login information, so the burden of proof is theirs to deal with. Actually if I was the bloke in question I would hand over the password, then login through a proxy or 5 and change stuff. Then if the employer wishes to produce evidence from the account, ask Facebook for a history of changes. Good luck proving who made the changes. I doubt any court would accept evidence that's so obviously tainted.

        In any case that's gross incompetence from the court's part. Why not give the keys to the guy's house, too, so that the employer can raid his house at 4 in the morning, see how his leg really is?

  8. Whitter

    Bar room laywers please advise!

    What if you immediately chat to your lawyer on FB? Then they can't get full access, as at least part of what is there is explicitly excluded...?

    1. Fred Flintstone Gold badge


      .. if you are having a confidential discussion with your lawyer over Farcebook you should start with looking up what "confidential" means, or have your head examined..

      You don't want 100 "Likes" on your strategy email, trust me.

      1. Whitter

        @Fred Flintstone

        There is a messaging system in FB, not just the broadcast-to-all.

        With that, you could easly argue expectation of privacy, which is all you need.

        1. Tom 13


          expectation of privacy =/= privileged conversation.

          The mere fact that it is occurring on Facebook invalidates privilege.

  9. Anonymous Coward
    Anonymous Coward

    What's to stop

    ...the defendant coughing up the passwords and then immediately changing them while the email is still in transit? You'd be complying with the letter (if not the spirit) of the court order; and it's the letter interpretation that cases are won or lost on.

    Also; what's to stop every single friend of the defendant immediately counter-suing Weis Markets under wiretap laws or similar?

    The obvious solution is to not put the information out there in the first place, of course.

    1. ShadowedOne

      The title is a pain in the ass, and must contain letters and/or digits.

      Common sense? I expect the judge would not only rip you a new one, he/she would probably level charges of contempt and/or evidence tampering at you.

  10. Anonymous Coward

    Everyone is missing the point completely

    And that big blaring point is it's the damned internet...where men are men, women are men, boys are men, girls are men and I am a giant fire breathing lizard capable of destroying downtown tokyo with one blast of my mega death ray. But seriously now, I really really am a super model dating, drug dealing, bad ass mother fucker who can beat up your dad whilst screwing your mum and high fiving chuck norris.

    If a court actually believed half the stuff that people claim to do on the internet half of the population would be locked up by now. That's why facebook "evidence" shouldn't be used in a court...

    1. Anonymous Coward
      Anonymous Coward

      I expect a photo post

      of you and your buds playing basketball would be quite sufficient proof for this. Perfectly normal, no need for fakery.

      And most of what gets posted on Facebook is for real. At least amongst my group of friends. Indeed, I would even say amongst most of the people I friended with a game playing sock puppet (although I won't vouch for the Finns since I can't read the language in which they post).

  11. 404

    Stupid is as stupid does

    Several of my lawyer/legal clients have dedicated workstations for searching Facebook, Tweets, LinkedIn, My space(! lol), etc for divorce, workman's comp, disability cases etc for the sole purpose of finding inconsistencies they can exploit. Have for years. It was just a matter of time before they would start demanding passwords, no surprise here.

    I tell people all the time not to post their lives on the internet - damn thing is forever, ya know? As usual though, you really can't tell anyone anything, they know what's best.... right up to the time it bites them in the ass.....

  12. Elmer Phud

    Wasn't me

    I wuz fraped yer honour

  13. Craigness


    Isn't this a bit like a newspaper listening to someone's private messages on the assumption that they might contain something of value to the newspaper? The difference is there's a judge involved.

    1. Naughtyhorse

      difference is there's a judge involved

      as opposed to gumshoes, coppers and politicians

      So that would be a key difference then!

  14. Anonymous Coward
    IT Angle

    safe password

    How about someone designs a login process for email or whatever where entering a specific "safe" password deletes everything the user has flagged as dodgy?

  15. Yet Another Anonymous coward Silver badge

    Reset a Password

    That has already been covered in the US. There is a distinct difference in being forced to give a password - which is generally NOT allowed, it being regarded as self-incrimination, and demanding access to the data.

    The ACLU made the reasonable point, and the court accepted it, that a password of "I WILL KILL AGAIN" might be incriminating!

  16. Anonymous Coward
    Big Brother

    Potential slver lining?

    Can this be used as a precedent to demand that anyone in a variety of (alleged) *news*papers hand over their uer IDs & passwords?

  17. Old Handle

    This must happen all the time

    It's hard for me to believe Facebook doesn't have some more appropriate procedure for allowing court-mandated access to private content than simply handing over your normal password.

    1. Tom 13

      Facebook might,

      that doesn't mean the judge was aware of it.

  18. Brewster's Angle Grinder Silver badge

    Were the passwords not hashed?

    There's a little more on the case here:

    It covers the reasons for the breadth of discovery. But what I've not discovered is whether Facebook were able to comply; i.e. are their passwords stored unhashed?

  19. JeffyPooh

    I would comment on this, but...


  20. RobS

    Evidence Admissibility vs Weight

    When arguing about the rules of evidence, far too many people seem to be of the opinion that if the evidence could possibly have been tampered with then it should not be admitted in the court. The legal system has been handling tricky stuff like lying for a very long time. The rules for admissibility of evidence are loose by design. Let anything that might be relevant through but try not to completely swamp the system. The weight given to the evidence at trial is what you are lessening with your arguments. If you want to challenge admissibility, attack the rules for admission not the quality of the evidence.

  21. Fred Flintstone Gold badge

    Better solution: release the password publicly.

    At that point you have complied, but in a manner that renders it useless as evidence can no longer be deemed reliable..

    1. Angus 2


      cop a contempt of court charge?

    2. Tom 13

      Better a civil trial in which at most

      you go bankrupt because of fraud, than spending time in the pokey with Barney and Igor because you thumbed your nose at the judge.

  22. Anonymous Coward

    The point is

    no matter what you try to cover, always an audit trail if looked for.

    Some posters here have little idea of the fact that they would clone the evidence, preserving time and date stamps.

    The system, whilst not the brightest of people, have codes of practice for gathering and preserving electronic data evidence, so changing a file name and pretending you didnt, wouldnt pass the test...unless you were some of the commentors here who have never heard of r-drive or encase.

    Yes i worked there once at the crime lab

  23. Alexander Rogge

    Fake messages abound

    I've seen a lot of messages on Facebook that go something like:

    "My name is... and I left my Facebook open for my friend to send messages as me, again."

    There are also the worms that hijack user profiles and send explicit or fraudulent message content to Friends or random users on Facebook. There's simply no way to prove that an electronic message was actually sent intentionally by any individual without a witness or some way to connect the information contained in the suspected message with actual observations of the suspect.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022