Editor’s note: This is the second in a two-part series.

Leonard Deutchman Leonard Deutchman

In last week’s article, I discussed the Pennsylvania Superior Court’s opinion in Commonwealth v. Ayyakkannu Manivannan, 2018 PA Super. 112 (May 4, 2018), and how it illustrates that the legal issue underlying it is basic and simple. This trend of opinions involving simple legal rules made complex, if at all, by the discussion of how such rules apply to digital technology, suggests that legal minds understand enough about digital technology and how it fits into rules of evidence and other legal principals that we no longer have to start from the very beginning, legally or technically, when digital technology gives rise to legal issues.

In this article, I’ll continue the discussion beginning with the letter and the authentication process, and the role of GeekTools.com in the case.

Authenticating the Letter

Appellant asserted that it was prejudicial error to admit the Comcast letter because the commonwealth failed to authenticate it properly under Pa.R.E. 902(11) and so the letter was inadmissible hearsay. Second, Appellant argued that admission of the Comcast letter violated his constitutional right to confront the witnesses against him.

In reviewing appellant’s his claim, the court first noted that to “constitute reversible error, an evidentiary ruling must not only be erroneous, but also harmful or prejudicial to the complaining party,” and the trial court’s decision here was neither. The court found that “hearsay” is “an out of court statement offered to prove the truth of the matter asserted” under Pa.R.E. 801(C), and is generally inadmissible, as it “‘lacks guarantees of trustworthiness fundamental to [our] system of jurisprudence’” (citation omitted).

The court found that that the Comcast letter did not meet the requirements of the hearsay exception for business records. Pennsylvania Rule of Evidence 803 provided that, when testimony of the custodian or another qualified witness, or by a certification that complies with Rule 902(11) or (12), or with a statute permitting certification, shows that “Records of a Regularly Conducted Activity were “made at or near the time by—or from information transmitted by—someone with knowledge, “kept in the course of regularly conducted activity of a ‘business,’” by some entity who made a “regular practice” of making that record, neither the source of information nor other circumstances indicate a lack of trustworthiness. Moreover, Rule of Evidence 902(11) provided that the “original or a copy of a domestic record that meets the requirements of Rule 803(6)(A)-(C), as shown by a certification of the custodian or another qualified person that complies with Pa.R.C.P. No. 76, are “self-authenticating,” in that “they require no extrinsic evidence of authenticity in order to be admitted.”

Turning to the matter at hand, the court found that while the commonwealth did not present testimony from a record custodian or other qualified witness, “it sought to authenticate the Comcast letter by certification.” The certification, however, was lacking. The certification, which “was executed 19 months after the Comcast letter” by a person “identified only as ‘a legal analyst II,’ was tendered separately from the Comcast letter, with no “additional documents attached, e.g., the letter itself.” Thus, the court conclude that there was “no discernable correlation between this document and the evidence” it purported to authenticate and so, the court could not “accept that the Comcast letter” was “self-authenticating” or that the commonwealth could “guarantee the trustworthiness of its contents. Accordingly,” the court concluded, the trial court “erred in admitting this evidence.” Since the commonwealth presented evidence that the complainant’s “account was accessed from numerous IP addresses,” and the “Comcast letter provided the only direct evidence of the appellant’s connection to one of those addresses,” admission of the certification “was prejudicial to the appellant in the context of the harassment conviction,” and so its admission was not harmless.

The Geek Tools

The appellant further complained that the court erred in admitting documents “downloaded from GeekTools.com,” since the “documents and testimony about their contents constituted hearsay.” The court disagreed, but did agree with the appellant’s argument that testimony regarding such documents constituted expert testimony without foundation.

The appellant argued that the evidence regarding GeekTools “was insufficient to sustain his convictions for unlawful use of a computer” because the witnesses, including Pennsylvania State University police officer Jessica Meyer, were “not competent to draw conclusions from the information in the complainant’s email account settings that depicted multiple instances of disparate IP addresses accessing her account from approximate geographic locations.” The three witnesses were merely “lay witnesses with no relevant training to interpret that technical information and to explain its significance to the jury.”

The court found “no Pennsylvania case law on this issue,” but several others from other jurisdictions on point and supporting the appellant. “In those handful of jurisdictions that have ruminated on the issue,” the court wrote, “all have agreed that expert testimony is required and that the testimony of a lay witness is insufficient to permit the admission of e-mail transmission and IP address records and the affiliation between IP addresses and physical addresses.” In the most recent case found by the court, People v. Garrison, 411 P.3d 270 (Colo. App. 2017), cert. denied, No. 17SC677 (Colo. filed Jan. 29, 2018), the accused “had established a Gmail account through Google in the victim’s name; when police subpoenaed Google about the Gmail account, Google identified two IP addresses associated with the Gmail account”—one at the accused’s residence and the other at his wife’s employer. The Colorado Court of Appeals outlined what would have to be known, and what the non-expert did not know, about the significance of IP addresses:

  • The record of each e-mail transmission includes an Internet Protocol (IP) address from which the transmission initiated;
  • The IP address can be linked to an Internet service provider (ISP); and
  • In turn, the ISP can often trace the IP address to the physical address of a particular ISP.

The Colorado court found that, despite “the dramatic increase in use of email,” the lay person would not be aware of these facts, at least in the combination used by the prosecution to explain how the investigation began with charges against the victim, but led to evidence of criminal acts by defendant. Ultimately, the Colorado Court of Appeals relied on Colorado Rule of Evidence 701, “substantially similar to the Pennsylvania Rule of Evidence governing the admission of lay testimony,” which held that if a witness “is not testifying as an expert, the witness’ testimony in the form of opinions or inferences is limited to those opinions or inferences which are” importantly, “not based on scientific, technical, or other specialized knowledge within the scope of Rule 702.” Thus, the scientific and technical testimony offered by Officer Calloway et al. was improperly admitted. The court found similar holdings by the Court of Special Appeals of Maryland in Ali v. State, No. 1252 Sept. Term 2014 (Md. Ct. Spec. App. filed Jan. 13, 2017) (unreported) and the U.S. District Court for the Southern District of Florida in Hydentra HLP International V. Luchian, Case No. 1:15-cv-22134-UU (S.D. Fla. filed June 2, 2016).


The fundamental issue in Ayyakkannu Manivannan is whether expert testimony was required to admit the information obtained from Comcast and provide the trier of fact with sufficient background to understand such information. The court found that, for all of the arcane background of that information, the rules that apply to admissibility of any expert testimony apply here, and easily so. If the information submitted was not submitted properly, the letter containing the information should not have been admitted; if the information submitted required an expert witness to explain the significance of that information generally and in the case at bar, the information should not have been admitted.

Opinions such as that in Ayyakkannu Manivannan are heartening because in them, digital evidence is treated like any other evidence (that is, any other evidence whose admissibility requires expert testimony). The initial cases involving digital evidence went on for page after page, explaining the smallest points in the greatest of details, since readers were unfamiliar with the technical aspects of digital evidence and the how they fit in the world of Rules of Evidence. The opinions discussed here reflect that while digital evidence still requires expert explanation, readers are not as puzzled by the concepts as they were at the start: the fact that expert testimony is still required does not mean that the concepts are as arcane as they were 15 years ago, simply that when convincing a trier of fact of a defendant’s guilt beyond a reasonable doubt, the burden is still a large one regardless of the neighborhood of facts at issue. Hopefully, five years (or less) from now we can look back on the long, tortuously detailed opinions which dominated the judicial review of digital evidence when it was first being introduced as we do now when reviewing the first cases involving DNA, or even tracking personal movements through the inspection of cell-phone tower records, and smile.

Leonard Deutchman is vice president, legal for KrolLDiscovery, which he helped build into the largest e-discovery provider in the United States. Before joining KrolLDiscovery, he was a chief assistant district attorney at the Philadelphia District Attorney’s Office, where he founded the Cyber Crime Unit and conducted and oversaw hundreds of long-term investigations involving cybercrime, fraud, drug trafficking and other offenses.