449 P.3d 353
Ariz. Ct. App.
2019
Case Information

*1 IN THE

A RIZONA C OURT OF A PPEALS D IVISION O NE

STATE OF ARIZONA, Appellee v.

BRANDON GRIFFITH, Appellant .

No. 1 CA-CR 18-0040 FILED 8-13-2019

Appeal from the Superior Court in Maricopa County No. CR 2017-123766-002 The Honorable John Christian Rea, Judge AFFIRMED

COUNSEL

Arizona Attorney General’s Office , Phoenix

By Jana Zinman

Counsel for Appellee

Maricopa County Legal Defender’s Office , Phoenix By Cynthia D. Beck

Counsel for Appellant

*2 OPINION

Judge Michael J. Brown delivered the opinion of the Court, in which Presiding Judge Diane M. Johnsen and Judge Jennifer M. Perkins joined. B R O W N , Judge: Brandon Griffith appeals his conviction and sentence for

trafficking in stolen property. The issue before us is whether incriminating digital evidence a Facebook message and search history log — was properly authenticated at trial. To resolve the issue, we first clarify how the evidentiary rules governing hearsay and authentication apply when a party seeks to admit communications that are purportedly authored by an account holder on a social media site such as Facebook. We then address whether the State satisfied its authentication obligation by presenting sufficient evidence from which a jury could reasonably conclude that Griffith authored the Facebook message and the searches contained in the search history log. Because the record is sufficient to support a finding that Griffith made the statements contained in these communications and they were offered against him, we find no abuse of discretion.

BACKGROUND J.H. and S.H. returned from an errand to find their home had been burglarized. The couple noticed several items missing, including three Apple iPads. Based on information S.H. acquired from Apple, police subpoenaed Apple and obtained information about a subject named Brandon Griffith. Using a police database, officers found a Brandon Griffith with the same address as the one Apple provided. Police then interviewed Griffith, who explained that others frequently brought him computer devices asking him to restore the devices to their factory settings. He admitted he performed this service for pay even when he suspected the devices were stolen. Griffith faintly recalled that R.H., the suspect in the police’s burglary investigation, had once brought him several devices to reset, including three iPads. Griffith said he communicated with R.H. through Facebook, prompting the police to obtain a search warrant for Griffith’s Facebook account. In response, Facebook produced, among other things, a message containing a photograph sent from Griffith’s account and a log of the account’s search history.

¶3 When the State sought to introduce the Facebook documents as business records at trial, Griffith objected that they were inadmissible hearsay because the State failed to provide the certification or testimony required to admit them under Arizona Rule of Evidence (“Rule”) 803(6) , often referred to as the business records exception, or under Rule 902(11), which allows for such evidence to be self-authenticating if a proper certification is provided. The State responded that it could lay sufficient foundation through the testimony of the detective who obtained the records from Facebook because she would “be able to testify that, in accordance with her search warrant, she had specific procedures . . . to follow in order to” obtain the records from Facebook. The detective then explained that Facebook has a “law enforcement portal,” a webpage where officers may request information by uploading a subpoena or search warrant, and Facebook responds using the same page. After hearing her testimony, the superior court admitted the records, concluding the Facebook portal mechanism provided the “functional equivalent of a certification.” Griffith timely appealed.

DISCUSSION Griffith argues the superior court abused its discretion by admitting the Facebook records at trial because they were hearsay, were not subject to any exception, and were not authenticated. ” We review evidentiary rulings for an abuse of discretion. State v. King , 213 Ariz. 632, 635, ¶ 7 (App. 2006). Because no Arizona case speaks to how authentication and hearsay rules apply to communications obtained directly from an online social media platform such as Facebook, and the relevant Arizona rules mirror their federal counterparts, we look to federal decisions for guidance. State v. Winegardner , 243 Ariz. 482, 485, ¶ 8 (2018).

A. Facebook Message We first address whether the superior court properly admitted the Facebook message. Facebook is a social media website where account holders can send messages to other users. United States v. Browne 834 F.3d 403, 405 (3d Cir. 2016). To allow account holders to locate other users and pages on the platform, Facebook has a search function that generates results based on the keywords the user enters. Griffith argues the court erred because the Facebook message

was inadmissible hearsay. He focuses on the State’s failure to satisfy Rule 803(6)(D), contending it did not provide (1) the testimony of any witness with knowledge about how Facebook makes or stores records of user *4 messages or (2) a certification to that effect complying with Rule 902(11). The State counters that because the message was a Facebook business record under Rule 803(6), testimony from the detective who obtained the record from Facebook rendered it self-authenticating under Rule 902(11). An out-of-court statement offered for its truth is subject to the rule against hearsay. Ariz. R. Evid. 801(c), 802. As pertinent here, “records of a regularly conducted activity” are excepted from the rule against hearsay so long as the proponent lays the required foundation. Ariz. R. Evid. 803(6)(D). To lay that foundation, the proponent must show “by the testimony of the custodian or another qualified witness, or by a certification that complies with Rule 902(11) or (12) ” that (1) “the record was made at or near the time by -- or from information transmitted by -- someone with knowledge;” (2) “the record was kept in the course of a regularly conducted activity;” and (3) “making the record was a regular practice of that activity.” Ariz. R. Evid. 803(6). If the record includes statements made by an opposing party and is offered against that opposing party, those statements are not hearsay. Rule 801(d)(2); see, e.g. , State v. McCurdy , 216 Ariz. 567, 572, ¶ 11 (App. 2007) (rejecting a hearsay challenge to statements contained within hospital records when “the source of the inmate’s identifying information was the inmate himself ”). The Facebook message at issue was a reply to a message from

another Facebook user complaining about the quality of his or her camera. In response, a message from Griffith ’s account asked, “ Need a better one ?” accompanied by a photograph of an iPad. The iPad in the photograph bore the same serial number as one stolen from S.H. At trial, the State offered the Facebook message to prove that, as the message implicitly asserted, Griffith had the iPad and was presenting it to others for sale. Contrary to the State’s assertion, it did not satisfy Rule

803(6)’s foundation requirements to admit the message. The State acknowledged at trial it had no certification from Facebook. And the detective’s testimony was insufficient because she had no knowledge of, and did not testify to, whether the record of the message was made “ by -- or from information transmitted by -- someone with knowledge, ” nor whether the record was “kept in the course of a regularly conducted activity, ” nor that making the record was a regular practice ” of Facebook. Ariz. R. Evid. 803(6)(A), (B), (C); see Taeger v. Catholic Family & Cmty. Servs. 196 Ariz. 285, 297, ¶ 41 (App. 1999) (explaining that laying foundation under the business records exception requires evidence of how a record was kept in the regular course of business and thus testimony only about how a record was obtained did not suffice). *5 Even if the State had provided such testimony or certification,

however, given the purpose for which the State offered the Facebook message, it still would not have been admissible as a business record for two related reasons. See Browne , 834 F.3d at 409. First, the primary purpose of the business records exception is to “ capture records that are likely accurate and reliable in content, as demonstrated by the trustworthiness of the underlying sources of information and the process by which and purposes for which that information is recorded.” Id. at 410; see State v. Parker , 231 Ariz. 391, 402, ¶ 33 (2013) (“Trustworthiness and reliability stem from the fact that [a business] regularly relies on the information that third parties submit as part of their ordinary course of business.”) . Indeed, the law has long recognized that unlike other hearsay, generally no reason exists to question the trustworthiness and reliability of a statement relied on by a business because businesses normally require authentic, truthful statements to function. See Shirley J. McAuliffe, Arizona Practice Law of Evidence § 803:7 (4th ed. 2019). But because a social media platform such as Facebook does not “purport to verify or rely on the substantive contents of the communications in the course of its business,” its records custodian cannot confirm the accuracy or reliability of the content of those communications. Browne , 834 F.3d at 410. All the custodian can confirm is “that the depicted communications took place between certain Facebook accounts, on particular dates, or at particular times.” Id. at 411 (noting that such technical information, unaccompanied by any message, would call for a different hearsay analysis). Put in terms of Rule 803(6), the custodian cannot testify that the statement contained in the message “was made at or near the time by . . . someone with knowledge.” Ariz. R. Evid. 803(6)(A). Messages between users of such a social media platform are thus significantly different from those that the business records exception was designed to encompass. Second, admitting the message here based only on a certificate

or testimony by Facebook would overlook the relationship between authentication and relevance, of which authentication is an essential component. See Browne , 834 F.3d at 410; see also State v. Lavers , 168 Ariz. 376, 386 (1991) (describing au thentication as an “aspect[] of relevancy that [is] a condition precedent to admissibility”). Evidence is relevant when it has “any tendency to make” a fact of consequence “more or less probable than it would be without the evidence.” Ariz. R. Evid. 401. Importantly, evidence can have this tendency only if it is what the proponent claims it is, i.e., if it is authentic. ” Browne , 834 F.3d at 409. Because the State claimed the message was sent by Griffith himself, the State was required to provide “some indicia of authorship” to satisfy its authentication obligation before *6 the message could be admitted into evidence. See State v. Fell , 242 Ariz. 134, 136, 137, ¶¶ 6, 9 (App. 2017); see also Browne , 834 F.3d at 410. A Facebook records custodian, however, could provide no

such indicia beyond attesting or certifying that the message came to or from a particular account. See Browne , 834 F.3d at 410. Allowing the State to fulfill “its authentication obligation simply by submitting such [a certification or] attestation would amount to holding that social media evidence need not be subjected to a ‘relevance’ assessment prior to admission” under Rule 803(6). Id. ; see also United States v. Farrad , 895 F.3d 859, 879 – 80 (6th Cir. 2018) (“[I]t is not at all clear . . . why our rules of evidence would treat electronic photos that police stumble across on Facebook one way and physical photos that police stumble across lying on a sidewalk a different way.”) ; United States v. Vayner , 769 F.3d 125, 132 (2d Cir. 2014) (stating that the government ’s introduction of “a flyer found on the street that contained [the defendant]’s Sky pe address and was purportedly written or authorized by him ” would require some evidence that the flyer did, in fact, emanate from [the defendant] ” ). In short, when the ultimate relevance of a document obtained from a social media platform turns on the fact of authorship, the foundation requirements of Rule 803(6)(D) are inadequate to authenticate it because, as is the case here, they simply do not show who authored the message. Accordingly, we conclude that social media communications,

when offered to prove the truth of what a user said, fall outside the scope of Rule 803(6), and thus are not self-authenticating under Rule 902(11) when offered for that purpose. We nonetheless determine the Facebook message was admissible under Rules 801(d)(2) and 901(a). King , 213 Ariz. at 635, ¶ 8 (“[W]e will uphold a trial court’s ruling if the court reached the correct result even though based on an incorrect reason.”). Authenticated statements made by and offered against a

party- opponent are “not hearsay.” Ariz. R. Evid. 801(d)(2); see also Farrad 895 F.3d at 877 (“[E]ven if the photos [on the defendant’s Facebook page] were statements, they would have (so long as authenticated) qualified as statements of a party opponent and thus were not hearsay all the same.”) ; Browne , 834 F.3d at 415 (holding that Facebook chat messages were not admissible as business records but were admissible as statements by a party opponent where sufficient evidence showed the defendant sent the messages). Therefore, the superior court did not abuse its discretion in admitting the message so long as the record contains evidence from which a jury could reasonably conclude that the message was what the State claimed it to be a message authored by Griffith himself. State v. Schad , 129 *7 Ariz. 557, 570 (1981) (“In o rder to prove an admission or declaration it is necessary to show . . . that the statement was, in fact, made by the declarant.”); see also Ariz. R. Evid. 901(a). Just as with other evidence, a party may authenticate

communications under Rule 901 using a wide variety of evidence, bearing in mind that social media evidence poses “some special challenges because of the great ease with which . . . account[s] may be falsified or . . . accessed by an imposter.” Browne , 834 F.3d at 412; see also State v. Haight-Gyuro , 218 Ariz. 356, 360, ¶ 14 (App. 2008) (noting that a court should take “a flexible approach” and “consider the unique facts and circumstances in each case— and the purpose for which the evidence is being offered — in deciding whether the evidence has been properly authenticated ”). To be clear, the proponent need not definitively establish authorship that is a question for the jury to resolve. Lavers , 168 Ariz. at 386. Instead, such a statement may be admitted if reasonable extrinsic evidence tends to show the party made it. Fell , 242 Ariz. at 137 – 38, ¶¶ 9, 13 – 15; see also, e.g. , Farrad , 895 F.3d at 877 – 78; United States v. Recio , 884 F.3d 230, 236 (4th Cir. 2018); Browne , 834 F.3d at 413; Commonwealth v. Meola , 125 N.E.3d 103, 112 – 15 (Mass. App. Ct. 2019). Sufficient evidence exists in this record to satisfy that standard. Although not dispositive, the Facebook account from which the message was sent uses Griffith’s name. The detective who obtained the records testified that she requested them by uploading a search warrant through a specific webpage solely for law enforcement and Facebook delivered the records to her through that same page. In his interview with police, Griffith stated that he performed a factory reset on only one of the three iPads he had been given by the burglary suspect. Consistent with that statement, the Apple records show a new registry in Griffith’s name for only one of the iPads, and a photograph of that particular iPad was attached to the message sent from Griffith’s Facebook account. Therefore, independent evidence from Apple tended to verify that Griffith possessed the same iPad shown in the Facebook message at the time the message was sent and, consequently, a jury could reasonably find that Griffith himself sent the message. The superior court did not abuse its discretion in admitting the message.

B. Facebook Search History Log We next address whether the superior court abused its discretion by admitting the log showing the searches made by Griffith’s Facebook account, which revealed multiple searches for S.H., J.H., and their email addresses. Griffith raises the same arguments concerning *8 authentication and hearsay in challenging the court’s decision to admit the search log into evidence. For similar reasons, we reject his arguments. The State offered the search log to prove that Griffith himself directed Facebook to make these searches, contending he was aware of who S.H. and J.H. were, knowledge he would have had gained only from their stolen iPads. As with the Facebook message, the State attempted to satisfy Rule 803(6)(D) by offering the inadequate testimony of the detective who acquired the records, supra ¶ 9. We reject Griffith’s argument that the searches also constituted inadmissible hearsay; because the statements contained in the searches were offered against Griffith, they were not hearsay if he made them. Ariz. R. Evid. 801(d)(2). As to authentication, Griffith stated that when someone

supplied him with a device to reset, his practice was to contact the registered owner to attempt to collect compensation in exchange for returning the device, and that he at least vaguely knew who these devices belonged to after searching for the owners’ email addresses online. The Facebook searches are thus consistent with Griffith’s admitted practice , and a jury could reasonably conclude that he authored them. Because sufficient evidence existed to show that Griffith authored the searches, the superior court did not abuse its discretion in admitting them.

CONCLUSION We affirm Griffith’s conviction and sentence.

Read the detailed case summary