IN THE
ARIZONA COURT OF APPEALS
DIVISION ONE
STATE OF ARIZONA, Appellee,
v.
BRANDON GRIFFITH, Appellant.
No. 1 CA-CR 18-0040
FILED 8-13-2019
Appeal from the Superior Court in Maricopa County
No. CR 2017-123766-002
The Honorable John Christian Rea, Judge
AFFIRMED
COUNSEL
Arizona Attorney General’s Office, Phoenix
By Jana Zinman
Counsel for Appellee
Maricopa County Legal Defender’s Office, Phoenix
By Cynthia D. Beck
Counsel for Appellant
STATE v. GRIFFITH
Opinion of the Court
OPINION
Judge Michael J. Brown delivered the opinion of the Court, in which
Presiding Judge Diane M. Johnsen and Judge Jennifer M. Perkins joined.
B R O W N, Judge:
¶1 Brandon Griffith appeals his conviction and sentence for
trafficking in stolen property. The issue before us is whether incriminating
digital evidence—a Facebook message and search history log—was
properly authenticated at trial. To resolve the issue, we first clarify how the
evidentiary rules governing hearsay and authentication apply when a party
seeks to admit communications that are purportedly authored by an
account holder on a social media site such as Facebook. We then address
whether the State satisfied its authentication obligation by presenting
sufficient evidence from which a jury could reasonably conclude that
Griffith authored the Facebook message and the searches contained in the
search history log. Because the record is sufficient to support a finding that
Griffith made the statements contained in these communications and they
were offered against him, we find no abuse of discretion.
BACKGROUND
¶2 J.H. and S.H. returned from an errand to find their home had
been burglarized. The couple noticed several items missing, including
three Apple iPads. Based on information S.H. acquired from Apple, police
subpoenaed Apple and obtained information about a subject named
Brandon Griffith. Using a police database, officers found a Brandon Griffith
with the same address as the one Apple provided. Police then interviewed
Griffith, who explained that others frequently brought him computer
devices asking him to restore the devices to their factory settings. He
admitted he performed this service for pay even when he suspected the
devices were stolen. Griffith faintly recalled that R.H., the suspect in the
police’s burglary investigation, had once brought him several devices to
reset, including three iPads. Griffith said he communicated with R.H.
through Facebook, prompting the police to obtain a search warrant for
Griffith’s Facebook account. In response, Facebook produced, among other
things, a message containing a photograph sent from Griffith’s account and
a log of the account’s search history.
2
STATE v. GRIFFITH
Opinion of the Court
¶3 When the State sought to introduce the Facebook documents
as business records at trial, Griffith objected that they were inadmissible
hearsay because the State failed to provide the certification or testimony
required to admit them under Arizona Rule of Evidence (“Rule”) 803(6),
often referred to as the business records exception, or under Rule 902(11),
which allows for such evidence to be self-authenticating if a proper
certification is provided. The State responded that it could lay sufficient
foundation through the testimony of the detective who obtained the records
from Facebook because she would “be able to testify that, in accordance
with her search warrant, she had specific procedures . . . to follow in order
to” obtain the records from Facebook. The detective then explained that
Facebook has a “law enforcement portal,” a webpage where officers may
request information by uploading a subpoena or search warrant, and
Facebook responds using the same page. After hearing her testimony, the
superior court admitted the records, concluding the Facebook portal
mechanism provided the “functional equivalent of a certification.” Griffith
timely appealed.
DISCUSSION
¶4 Griffith argues the superior court abused its discretion by
admitting the Facebook records at trial because they “were hearsay, were
not subject to any exception, and were not authenticated.” We review
evidentiary rulings for an abuse of discretion. State v. King, 213 Ariz. 632,
635, ¶ 7 (App. 2006). Because no Arizona case speaks to how authentication
and hearsay rules apply to communications obtained directly from an
online social media platform such as Facebook, and the relevant Arizona
rules mirror their federal counterparts, we look to federal decisions for
guidance. State v. Winegardner, 243 Ariz. 482, 485, ¶ 8 (2018).
A. Facebook Message
¶5 We first address whether the superior court properly
admitted the Facebook message. Facebook is a social media website where
account holders can send messages to other users. United States v. Browne,
834 F.3d 403, 405 (3d Cir. 2016). To allow account holders to locate other
users and pages on the platform, Facebook has a search function that
generates results based on the keywords the user enters.
¶6 Griffith argues the court erred because the Facebook message
was inadmissible hearsay. He focuses on the State’s failure to satisfy Rule
803(6)(D), contending it did not provide (1) the testimony of any witness
with knowledge about how Facebook makes or stores records of user
3
STATE v. GRIFFITH
Opinion of the Court
messages or (2) a certification to that effect complying with Rule 902(11).
The State counters that because the message was a Facebook business
record under Rule 803(6), testimony from the detective who obtained the
record from Facebook rendered it self-authenticating under Rule 902(11).
¶7 An out-of-court statement offered for its truth is subject to the
rule against hearsay. Ariz. R. Evid. 801(c), 802. As pertinent here, “records
of a regularly conducted activity” are excepted from the rule against
hearsay so long as the proponent lays the required foundation. Ariz. R.
Evid. 803(6)(D). To lay that foundation, the proponent must show “by the
testimony of the custodian or another qualified witness, or by a certification
that complies with Rule 902(11) or (12)” that (1) “the record was made at or
near the time by -- or from information transmitted by -- someone with
knowledge;” (2) “the record was kept in the course of a regularly conducted
activity;” and (3) “making the record was a regular practice of that activity.”
Ariz. R. Evid. 803(6). If the record includes statements made by an
opposing party and is offered against that opposing party, those statements
are not hearsay. Rule 801(d)(2); see, e.g., State v. McCurdy, 216 Ariz. 567, 572,
¶ 11 (App. 2007) (rejecting a hearsay challenge to statements contained
within hospital records when “the source of the inmate’s identifying
information was the inmate himself”).
¶8 The Facebook message at issue was a reply to a message from
another Facebook user complaining about the quality of his or her camera.
In response, a message from Griffith’s account asked, “Need a better one?”
accompanied by a photograph of an iPad. The iPad in the photograph bore
the same serial number as one stolen from S.H. At trial, the State offered
the Facebook message to prove that, as the message implicitly asserted,
Griffith had the iPad and was presenting it to others for sale.
¶9 Contrary to the State’s assertion, it did not satisfy Rule
803(6)’s foundation requirements to admit the message. The State
acknowledged at trial it had no certification from Facebook. And the
detective’s testimony was insufficient because she had no knowledge of,
and did not testify to, whether the record of the message was made “by --
or from information transmitted by -- someone with knowledge,” nor
whether the record was “kept in the course of a regularly conducted
activity,” nor that “making the record was a regular practice” of Facebook.
Ariz. R. Evid. 803(6)(A), (B), (C); see Taeger v. Catholic Family & Cmty. Servs.,
196 Ariz. 285, 297, ¶ 41 (App. 1999) (explaining that laying foundation
under the business records exception requires evidence of how a record was
kept in the regular course of business and thus testimony only about how a
record was obtained did not suffice).
4
STATE v. GRIFFITH
Opinion of the Court
¶10 Even if the State had provided such testimony or certification,
however, given the purpose for which the State offered the Facebook
message, it still would not have been admissible as a business record for
two related reasons. See Browne, 834 F.3d at 409. First, the primary purpose
of the business records exception is to “capture records that are likely
accurate and reliable in content, as demonstrated by the trustworthiness of
the underlying sources of information and the process by which and
purposes for which that information is recorded.” Id. at 410; see State v.
Parker, 231 Ariz. 391, 402, ¶ 33 (2013) (“Trustworthiness and reliability stem
from the fact that [a business] regularly relies on the information that third
parties submit as part of their ordinary course of business.”). Indeed, the
law has long recognized that unlike other hearsay, generally no reason
exists to question the trustworthiness and reliability of a statement relied
on by a business because businesses normally require authentic, truthful
statements to function. See Shirley J. McAuliffe, Arizona Practice — Law of
Evidence § 803:7 (4th ed. 2019). But because a social media platform such as
Facebook does not “purport to verify or rely on the substantive contents of
the communications in the course of its business,” its records custodian
cannot confirm the accuracy or reliability of the content of those
communications. Browne, 834 F.3d at 410. All the custodian can confirm is
“that the depicted communications took place between certain Facebook
accounts, on particular dates, or at particular times.” Id. at 411 (noting that
such technical information, unaccompanied by any message, would call for
a different hearsay analysis). Put in terms of Rule 803(6), the custodian
cannot testify that the statement contained in the message “was made at or
near the time by . . . someone with knowledge.” Ariz. R. Evid. 803(6)(A).
Messages between users of such a social media platform are thus
significantly different from those that the business records exception was
designed to encompass.
¶11 Second, admitting the message here based only on a certificate
or testimony by Facebook would overlook the relationship between
authentication and relevance, of which authentication is an essential
component. See Browne, 834 F.3d at 410; see also State v. Lavers, 168 Ariz. 376,
386 (1991) (describing authentication as an “aspect[] of relevancy that [is] a
condition precedent to admissibility”). Evidence is relevant when it has
“any tendency to make” a fact of consequence “more or less probable than
it would be without the evidence.” Ariz. R. Evid. 401. Importantly,
“evidence can have this tendency only if it is what the proponent claims it
is, i.e., if it is authentic.” Browne, 834 F.3d at 409. Because the State claimed
the message was sent by Griffith himself, the State was required to provide
“some indicia of authorship” to satisfy its authentication obligation before
5
STATE v. GRIFFITH
Opinion of the Court
the message could be admitted into evidence. See State v. Fell, 242 Ariz. 134,
136, 137, ¶¶ 6, 9 (App. 2017); see also Browne, 834 F.3d at 410.
¶12 A Facebook records custodian, however, could provide no
such indicia beyond attesting or certifying that the message came to or from
a particular account. See Browne, 834 F.3d at 410. Allowing the State to
fulfill “its authentication obligation simply by submitting such [a
certification or] attestation would amount to holding that social media
evidence need not be subjected to a ‘relevance’ assessment prior to
admission” under Rule 803(6). Id.; see also United States v. Farrad, 895 F.3d
859, 879–80 (6th Cir. 2018) (“[I]t is not at all clear . . . why our rules of
evidence would treat electronic photos that police stumble across on
Facebook one way and physical photos that police stumble across lying on
a sidewalk a different way.”); United States v. Vayner, 769 F.3d 125, 132 (2d
Cir. 2014) (stating that the government’s introduction of “a flyer found on
the street that contained [the defendant]’s Skype address and was
purportedly written or authorized by him” would require “some evidence
that the flyer did, in fact, emanate from [the defendant]”). In short, when
the ultimate relevance of a document obtained from a social media platform
turns on the fact of authorship, the foundation requirements of Rule
803(6)(D) are inadequate to authenticate it because, as is the case here, they
simply do not show who authored the message.
¶13 Accordingly, we conclude that social media communications,
when offered to prove the truth of what a user said, fall outside the scope
of Rule 803(6), and thus are not self-authenticating under Rule 902(11) when
offered for that purpose. We nonetheless determine the Facebook message
was admissible under Rules 801(d)(2) and 901(a). King, 213 Ariz. at 635,
¶ 8 (“[W]e will uphold a trial court’s ruling if the court reached the correct
result even though based on an incorrect reason.”).
¶14 Authenticated statements made by and offered against a
party-opponent are “not hearsay.” Ariz. R. Evid. 801(d)(2); see also Farrad,
895 F.3d at 877 (“[E]ven if the photos [on the defendant’s Facebook page]
were statements, they would have (so long as authenticated) qualified as
statements of a party opponent and thus were not hearsay all the same.”);
Browne, 834 F.3d at 415 (holding that Facebook chat messages were not
admissible as business records but were admissible as statements by a party
opponent where sufficient evidence showed the defendant sent the
messages). Therefore, the superior court did not abuse its discretion in
admitting the message so long as the record contains evidence from which
a jury could reasonably conclude that the message was what the State
claimed it to be—a message authored by Griffith himself. State v. Schad, 129
6
STATE v. GRIFFITH
Opinion of the Court
Ariz. 557, 570 (1981) (“In order to prove an admission or declaration it is
necessary to show . . . that the statement was, in fact, made by the
declarant.”); see also Ariz. R. Evid. 901(a).
¶15 Just as with other evidence, a party may authenticate
communications under Rule 901 using a wide variety of evidence, bearing
in mind that social media evidence poses “some special challenges because
of the great ease with which . . . account[s] may be falsified or . . . accessed
by an imposter.” Browne, 834 F.3d at 412; see also State v. Haight-Gyuro, 218
Ariz. 356, 360, ¶ 14 (App. 2008) (noting that a court should take “a flexible
approach” and “consider the unique facts and circumstances in each case—
and the purpose for which the evidence is being offered—in deciding
whether the evidence has been properly authenticated”). To be clear, the
proponent need not definitively establish authorship—that is a question for
the jury to resolve. Lavers, 168 Ariz. at 386. Instead, such a statement may
be admitted if reasonable extrinsic evidence tends to show the party made
it. Fell, 242 Ariz. at 137–38, ¶¶ 9, 13–15; see also, e.g., Farrad, 895 F.3d at 877–
78; United States v. Recio, 884 F.3d 230, 236 (4th Cir. 2018); Browne, 834 F.3d
at 413; Commonwealth v. Meola, 125 N.E.3d 103, 112–15 (Mass. App. Ct. 2019).
¶16 Sufficient evidence exists in this record to satisfy that
standard. Although not dispositive, the Facebook account from which the
message was sent uses Griffith’s name. The detective who obtained the
records testified that she requested them by uploading a search warrant
through a specific webpage solely for law enforcement and Facebook
delivered the records to her through that same page. In his interview with
police, Griffith stated that he performed a factory reset on only one of the
three iPads he had been given by the burglary suspect. Consistent with that
statement, the Apple records show a new registry in Griffith’s name for
only one of the iPads, and a photograph of that particular iPad was attached
to the message sent from Griffith’s Facebook account. Therefore,
independent evidence from Apple tended to verify that Griffith possessed
the same iPad shown in the Facebook message at the time the message was
sent and, consequently, a jury could reasonably find that Griffith himself
sent the message. The superior court did not abuse its discretion in
admitting the message.
B. Facebook Search History Log
¶17 We next address whether the superior court abused its
discretion by admitting the log showing the searches made by Griffith’s
Facebook account, which revealed multiple searches for S.H., J.H., and their
email addresses. Griffith raises the same arguments concerning
7
STATE v. GRIFFITH
Opinion of the Court
authentication and hearsay in challenging the court’s decision to admit the
search log into evidence. For similar reasons, we reject his arguments.
¶18 The State offered the search log to prove that Griffith himself
directed Facebook to make these searches, contending he was aware of who
S.H. and J.H. were, knowledge he would have had gained only from their
stolen iPads. As with the Facebook message, the State attempted to satisfy
Rule 803(6)(D) by offering the inadequate testimony of the detective who
acquired the records, supra ¶ 9. We reject Griffith’s argument that the
searches also constituted inadmissible hearsay; because the statements
contained in the searches were offered against Griffith, they were not
hearsay if he made them. Ariz. R. Evid. 801(d)(2).
¶19 As to authentication, Griffith stated that when someone
supplied him with a device to reset, his practice was to contact the
registered owner to attempt to collect compensation in exchange for
returning the device, and that he at least vaguely knew who these devices
belonged to after searching for the owners’ email addresses online. The
Facebook searches are thus consistent with Griffith’s admitted practice, and
a jury could reasonably conclude that he authored them. Because sufficient
evidence existed to show that Griffith authored the searches, the superior
court did not abuse its discretion in admitting them.
CONCLUSION
¶20 We affirm Griffith’s conviction and sentence.
AMY M. WOOD • Clerk of the Court
FILED: AA
8