A Law You’ve Never Heard of Could Help Protect Us From Deceptive Photos and Videos
Update: The application on which this analysis was based has been retired. Learn more here.
An estimated one trillion digital photos and videos are captured through personal mobile phones every year, and the number is growing. As a result, user generated content will continue to proliferate and likely make its way into domestic and international legal proceedings for the foreseeable future. While this represents a significant opportunity to submit new forms of evidence, it’s also likely problematic given the democratization of sophisticated technologies that are manipulating and altering content and metadata. Even video, one of the most trusted mediums of information, can no longer be taken at face value with the advent of “Deepfakes” — synthetic videos created by artificial intelligence techniques such as Generative Adversarial Networks. Although much of society (media, government, business) is not prepared to address the malicious use of AI and Deepfakes, recent changes to the Federal Rules of Evidence may have created a framework for the latest technological innovations to defend against this vulnerability in legal proceedings.
Amendments to the Federal Rule of Evidence (FRE) 902 went into effect a year ago to simplify the process and reduce costs of admitting into evidence electronically stored information (“ESI”). The resulting amendments will likely make it significantly easier to introduce digital evidence in the U.S. justice system because of a new certification lawyers can submit with evidence. This certification establishes at the outset that the digital evidence presented is “self-authenticating,” meaning that it is evidence that can be admitted without requiring a witness to testify to its authenticity at trial. This speeds up the process and lowers the cost of using digital evidence since the certification puts opposing counsel on notice and frontloads any authentication issues early-on in the proceeding. However, to date, lawyers are either unaware or not taking advantage of these amendments and only a handful of cases have drawn on the new rules.
I have been researching and writing about rules of evidence across a range of jurisdictions for some time. I began digging into the FRE 902 amendments shortly after they were adopted and working with Truepic on these issues as of October. The amendments are a monumental change in the way that the U.S. justice system views and weighs digital evidence, especially as social media platforms and user generated content are proving critical pieces of evidence in legal proceedings ranging from human rights violations and war crimes to civil and criminal proceedings domestically.
The new rules read as follows:
Rule 902(13): Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11).
Rule 902(14): Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
Why is the amended FRE 902 is a monumental change?
The amended FRE 902 is a monumental change for two specific reasons. First, it provides a low-cost framework that, when combined with new technologies, can insulate legal proceedings from the rise of manipulated photos and video. For example, Truepic photos and videos have a corresponding “hash” value — the output of a cryptographic mathematical function which can only have been created from the exact pixelation and metadata information taken at point of capture. The hash is created instantaneously and logged to a decentralized blockchain, thereby creating an immutable reference to the photo or video and closing the digital chain of custody. This “controlled capture” is the basis of Truepic’s technology and how its partners are using it to document human rights violations among other use cases in an age where every photo and video is questioned and scrutinized.
What sets Truepic apart, when combined with the FRE amendments, is that not only does Truepic use an electronic process that produces an accurate result but the technology is designed to certify that a photo/video has not and cannot be manipulated, by way of closing chain-of-custody from the instant of capture. As you can see in the sample certification appended below, the audit log indicates the seconds between the moment the shutter was pressed to the moment the hashed metadata was written to the blockchain.
Second, it is also clear that these amendments substantially ease the process and cost of optimizing the use of digital evidence in legal issues throughout the U.S. justice system. Photos, video, and other user-generated content are increasingly drawing attention to human rights and humanitarian issues around the world, especially in places where authoritarian drift limits free speech, open press, and access to information. Since human rights and humanitarian advocates rely so heavily on user generated content in their efforts, the FRE amendments are critical for a field that is hampered by limited resources.
Prof. Daniel Capra, the Reporter to the Advisory Committee on the Rules of Evidence told me that “while I think the goals of the amendments were pretty modest, I am happy and intrigued to know about their potential usefulness for human rights and humanitarian matters.”
The biggest challenge is that that the amendments, which will save significant time and costs, are only useful if lawyers and human rights defenders are aware and take advantage of them. And in my discussions with lawyers, judges, human rights activists, I am struck that the overwhelming majority of them are unaware of these amendments and their implications.
There are still a range of issues that need to be addressed as the legal community continues to grapple with the fast-evolving and growing world of digital evidence. For example, I discovered that there are several untested assumptions about how authentication emerges as an issue. People outside of the U.S. legal community might be surprised to know that electronic or digital evidence is currently “rarely the subject of legitimate authenticity dispute,” meaning that legitimate authenticity disputes are not coming to the fore as lawyers and judges are using digital evidence. This was exactly the argument that the Advisory Committee used in swiftly amending the rules: “the amendments would alleviate the unnecessary costs of this production by allowing the qualifying witness to establish authenticity by way of certificate.” There are several anecdotal reasons for why it is the case that authenticity is rarely the subject of a legitimate challenge in the U.S., though the topic is lacking in empirical examination, which is something I will be exploring further in a forthcoming article. Furthermore, these assumptions will likely be tested as Deepfakes and AI-manipulated photos and videos become increasingly more commonplace.
There are several excellent sources of analysis on the amended rules; chief among them is the May 7, 2016 Report of the Advisory Committee on Evidence Rules — Committee Rules of Practice and Procedure of the Judicial Conference of the United States, which offers several detailed examples of how the rules can be used. One in particular (excerpted below) is a game-changer for tech companies and tech-oriented organizations like Truepic that are developing applications and other tech-enabled solutions to some of the most challenging use-cases of digital evidence.
Moving forward, Truepic is committed to further research as the digital landscape continues to evolve far beyond justice and accountability systems. Truepic will be working with practitioners and experts to continually build up resiliency against fast-evolving issues of authentication in domestic and international legal contexts.
SAMPLE TRUEPIC CERTIFICATION OF AUTHENTICITY UNDER FEDERAL RULE OF EVIDENCE 902(13)
I, __[Truepic, Inc. Employee]*______, being duly sworn, hereby certify that:
1. I have been requested by [organization] to provide an [affidavit/certification] under Federal Rule of Evidence 902(13) that the [photograph/video] described below was generated by an electronic process/system that produces an accurate result consistent with the requirements of Federal Rules of Evidence 902(11) [or 902(12)] and 803(6)(A-C) [only if also seeking to qualify the records as business records in addition to authenticating them].
2. I am an adult, over the age of 21 years, and I am competent to testify. [Note: If the affiant would qualify to give opinion testimony on a topic of scientific, technical, or specialized knowledge under Federal Rule of Evidence 702, insert a description of his/her qualifications, as noted in №3, below. If not, establish that the information used to certify the evidence is based on the affiant’s personal knowledge.]
3. Describe: educational background and relevant work experience including current job description, professional training, and membership in professional organizations.
4. Describe prior certification experience.
5. Identify and describe prior testimony.
6. I am currently a [title] at Truepic, Inc.
7. Describe knowledge and experience in information systems in general and in particular the “electronic process or system” that was used to generate the information in question or system at issue. [Note: Person signing affidavit or certification must have personal knowledge of the facts and systems [hardware and software] that are at issue and they must describe the “electronic process or system” with enough specificity to satisfy the court and the opponent that the evidence sought to be admitted is authentic.]
7.1 Truepic’s electronic system is designed to capture and store photographs/videos whose origin, contents, and metadata can be verified. Photos and videos that pass a rigorous verification process are designated as authentic.
7.2 Many Smartphone camera applications are designed for sharing photos on social media. Users are provided a range of options to enhance or modify images and so these applications are designed to manipulate the raw footage.
7.3 Conversely, Truepic’s system and process is designed to capture photographs/video in as close to a raw state as possible and automatically verify metadata from the moment the content is captured. This metadata is immediately stored to Truepic’s secure servers and written to the blockchain — a distributed public ledger that allows the writing of immutable records — to close chain of custody, obstructing risk of manipulation.
7.4 Here is a detailed description of Truepic’s electronic system and process of authentication:
7.4.1 The user opens a mobile application that integrates Truepic’s controlled capture technology and clicks the button to take a photograph (similar to a standard phone camera application).
7.4.2 As soon as the user captures the photograph or video, the application immediately begins sending a series of metadata to Truepic’s secure servers:
22.214.171.124 GPS location — the servers capture the device’s GPS location.
126.96.36.199 Time and Date — the servers capture the device’s set time/date, and verify this information by cross-referencing it in that moment.
188.8.131.52 User information — the user is logged into the application on their Smartphone so the servers capture this information.
184.108.40.206 Hash Value — a hash value the output of a cryptographic mathematical function that is computed based on the digital contents of the photograph/video; something akin to a digital fingerprint for each photograph or video uploaded to Truepic’s servers. Truepic’s electronic system generates Secure Hash Algorithms (SHA)-256 for each piece of content.
7.4.3 At the same time that Truepic’s secure servers capture the key metadata of the photograph/video, the hash value is written to the blockchain meaning that it is thereafter verified and immutable. Blockchain allows for the secure transaction of data because it is 1) decentralized, 2) anonymized, 3) immutable. Blockchain is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data, which means that by design, a blockchain is resistant to modification of the data.
8. Attached is an authenticated Truepic photograph and corresponding chain of custody record.
9. The image attached hereto was generated Truepic’s electronic system and authenticated by Truepic’s process.
I declare under penalty of perjury that the foregoing is true and correct.
Name of Affiant/Declarant
[For Affidavits — Insert Notary Public Notarization Here]
*Though there has been some discussion about the definition of a “qualified person” under the Amendments, in reviewing this sample certification, Reporter to the Advisory Committee on the Rules of Evidence Prof. Capra noted that the intended definition parallels that of FRE 803(6) [admission of business records], which courts have interpreted generously.
Link to image: https://truepic.com/HQT33IDB/
Tara Vassefi is the Washington Director for Truepic, a technology company specialized in digital image and video authenticity. She was formerly a Video as Evidence Legal Fellow with WITNESS and is currently a visiting scholar at UC Berkeley Law School’s Human Rights Center. She is working on an empirical examination of authenticity objections and rulings; feel free to reach out to provide feedback or request more information. You can find more regarding digital evidence and online disinformation from Tara and other members of the Truepic team on the company’s Medium blog.