The federal rules of evidence recently changed specifically with the goal of modifying the authenticity requirements for certain ESI. Specifically, Fed. R. Evid. 902(13) and 902(14) were added to Rule 902 (the rule on self-authenticating documents), and these sections read as follows:
The following items of evidence are self-authenticating; they require no extrinsic evidence of authenticity in order to be admitted:
* * *
(13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11).
(14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
Fed. R. Evid. 902(13) & 902(14) (2018).
While the new rules appear to reduce some of the complexities involved in introducing electronic evidence, practitioners should be aware of what a “certification of a qualified person” must include. For example, as it relates to a USB drive, the Rule 902(13) certification would need to include a details about 1) how the operating system writes or records information in the registry about the connection of external storage devices, 2) the process by which the information recorded produces an accurate result, and 3) how the evidence itself-the record of the registry itself-accurately reflects what is stored in the registry.
A certification under Rule 902(14) is even more involved. The Advisory Committee Notes for the rule specifically require mention of hash values. Specifically, the Advisory Committee observed the following:
Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by “hash value.” A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates. This amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original. The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.