'God mail': authentication and admissibility of electronic mail in federal courts.

• Author: Jablon, Andrew

1. INTRODUCTION

   "Pay no attention to that man behind the curtain! The Great Oz has spoken!"(1)

   As strange as it may sound, electronic mail ("e-mail") is much like the wizard from Frank L. Baum's classic The Wizard of Oz. When Dorothy first met the wizard, she was taken in by the smoke and mirrors. Not until her dog Toto drags open the curtain does Dorothy realize the truth: the wizard is an ordinary man. Just as Dorothy was taken in by what appeared to be an all-powerful wizard, courts may be taken in by the smoke and mirrors of electronic mail. Unfortunately, it appears that because of what one commentator has labeled the "gee whiz" effect,(2) courts are poised to take the authenticity of e-mail as a given. As this Note will illustrate, if courts would only look behind the proverbial curtain, they would see that although e-mail is a valuable tool, it is replete with security flaws.

   With over twenty million domestic users of the Internet,(3) and with both legitimate and illegitimate(4) businesses relying increasingly on both Internet and internal electronic mail as a form of communication,(5) it is only a matter of time until the courts will have to address the problem of authentication as it applies to the admissibility of e-mail. Some may argue that electronic mail should be treated the same as any other form of documentary evidence; however, this Note will illustrate that the increasing use of electronic mail in the United States, combined with the ease with which it can be forged, should at least give courts pause.

   Although the Federal Rules of Evidence (FRE) discuss the relationship between evidence stored on a computer and the "Best Evidence Rule,"(6) the Rules do not directly address the problem of reliability and computer evidence. Moreover, because federal courts have only had to address the admissibility of e-mail under the business records exception to the hearsay rule,(7) they have been able to avoid the problems of authenticating e-mail.(8) As this Note will demonstrate, the enormous growth of the Internet will inevitably present a court with a party seeking to introduce into evidence a piece of electronic mail that is not a business record. Courts will thus be forced to examine such evidence under the authentication guidelines of the Federal Rules of Evidence.

   Although the issue is clearly in its infancy, a structured look at the authentication requirements of Article IX of the Federal Rules of Evidence along with the authenticity problem inherent in e-mail is in order. Section II addresses this problem by first discussing, albeit briefly, the technical aspects of the authentication problem. Section III will then examine the few cases that have already dealt with e-mail's reliability,(9) and will present a few examples to demonstrate the potential criminal applications of e-mail. Section IV will look at how courts have traditionally addressed the problem of authenticating documents, and Section V will apply those traditional concepts to e-mail. Finally, Section VI will present a solution to the authentication problem and, in the alternative, recommend how judges, under Rule 104(a)(10) of the Federal Rules of Evidence, should analyze the preliminary admissibility issues.(11)

2. Technical Background

   1. The Internet

      Electronic mail is used on both "Intranets," self-contained networks of computers, and the Internet, the global connection of networks. The Advance Research Project Agency (ARPA) created the Internet in 1969 as an alternate means of communication between military installations in case of war.(12) The idea was that if one computer on the network was knocked off-line, the other computers could continue to function.(13) In late 1969, what became known as the Internet went on-line.(14)

      Although the Internet was created as a military tool, with the creation of the first electronic mail program in 1972, the Internet quickly gained popularity among scientists as a means of sharing information. Over the last fifteen years, the Internet has expanded to become a worldwide linkage of computers with an estimated forty million users from as many as 100 countries.(15)

      One method of communication on the Internet is via electronic mail, or

      "e-mail," comparable in principle to sending a first class letter. One can

      address and transmit a message to one or more other people. E-mail on the

      Internet is not routed through a central control point, and can take many

      and

      varying paths to the recipients. Unlike postal mail, simple e-mail

      generally is

      not "sealed" or secure, and can be accessed or viewed on intermediate

      computers between the sender and recipient (unless the message is

      encrypted).(16)

      When e-mail is received, it contains "header" information. Header information, at a minimum, includes the name of the sender, the name of the recipient, and the date and time the message was sent. Additionally, most e-mail programs allow the recipient to view additional header information, such the electronic path that the e-mail traveled to reach the recipient.(17) To illustrate, assume user A logs on to Internet provider X, and from provider X logs into a separate account on provider Y. If that user then sends a message from her account on provider Y, the header information will tell the recipient that the message, which originated from provider Y, came from a user logged on through provider X.

      The computers through which an e-mail message travels are identified in the header information by each computer's Internet Protocol ("IP") address. "Every computer that has access to the Internet has a unique address. All Internet addresses consist of four groups of digits separated by periods that indicate the network. subnetwork, and local address. For example, an Internet address might read `231.35.1.19.' This address is referred to as the `IP address.'"(18) Most people are more familiar with an IP address' alphanumeric equivalent, known as a "domain name." Domain names consist of two domains, the first being a "top level" domain indicating the type of organization using the name (e.g., ".edu" for educational, ".com" for commercial). The "second-level" domain, although appearing before the top level domain, is typically the name of the company maintaining the Internet site.(19) Domain names identify the Internet server to which individual computers are attached, and are best known for their use in World Wide Web addresses (e.g., "www.georgetown.edu").

   2. "God Mail"

      The fundamental problem with e-mail lies in determining its true point of origin. Even if it is true that "most computer criminals ... are not highly qualified ... experts,"(20) and a "genius ... appears in one of every thousand cases,"(21) the authenticity of e-mail is still cause for concern, since it does not take a genius to create either an anonymous e-mail message or a message with false header information, known on the Internet as "God Mail."(22) [Forging e-mail] requires little specialized skill because the Internet's e-mail system, designed almost 30 years ago for academic discourse, has no provisions for declaring a message to be authentic."(23) Currently, the only easy way to authenticate a message is through header information. This information, however, is notoriously inadequate because of well-known security flaws in the mail protocol(24) used on the Internet.(25) As such, using an IP address from header information as a means of authentication could be roughly equated to deeming a letter authentic solely because of the type-written return address on its envelope.

      While there are shareware programs(26) available to make simple forgeries,(27) it is an equally easy task to manually create an e-mail message with false header information. By telneting(28) to the mail port(29) of a server (an unprotected hole in most Internet providers), someone can manually enter header information as they choose.(30) These simple examples of "God Mail" are traceable, because they do not alter the IP address of the sender. A more skilled hacker can alter the IP address, however, and thus create a flawless forgery, through a process known as "IP spoofing."(31) Such a forgery can only be discovered through alternate means, such as UNIX(32) audit trails.33 Moreover, an e-mail becomes untraceable if sent via "re-senders,"(34) groups that receive e-mail and then forward it on anonymously.

      Additionally, if a message were sent from a "compromised" account (i.e. an account for which the login and password are discovered by an unauthorized user), it would be nearly impossible to determine the actual sender of the message.(35) To demonstrate, consider the following analogy. Assume John Doe writes all of his correspondence on personalized stationery. The letters are typed and signed with a rubber signature stamp. If someone broke into John Doe's home, typed a letter on his personalized stationery, stamped it with his rubber signature stamp, and mailed it from Doe's local post office, Doe would be very hard pressed to prove that the letter was forged. Similarly, an e-mail sent by an unauthorized user on a compromised account would be indistinguishable from an e-mail sent by the account's owner.

3. Cases and Examples

   Although electronic mail has not yet been challenged on authentication grounds,(36) e-mail has been seen in the judicial system. As this section electronic mail already has played a pivotal role in a number of both civil and criminal cases. Additionally, the potential use of e-mail as evidence is ever-increasing.

   1. Compromised Accounts

      A recent case in Redwood City, California, serves as an example of how a compromised account can lead to a forged e-mail message. Adelyn Lee, an employee of Oracle Corporation, had a relationship with the company's Chief Executive Officer, Larry Ellison, over a period of eighteen months.(37) In 1993, Lee was fired, allegedly for poor performance in her duties.(38) In retribution, she accessed the Oracle computer network...