Most reported breaches are in North America, at least in part because of relatively strict disclosure laws in North American countries. It is estimated that the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion.[1][2] As a result of data breaches, it is estimated that in first half of 2018 alone, about 4.5 billion records were exposed.[3] In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.[4]
E-mail Password Crackers 272 11
At a criminal trial, the judge did not err in admitting in evidence electronic mail (e-mail) exchanges, where the Commonwealth demonstrated adequate confirming circumstances to authenticate the e-mails as having been authored by the defendant, namely, evidence that the e-mails originated from an account bearing the defendant's name and acknowledged to be used by the defendant; evidence that the e-mails were found on the hard drive of a computer that the defendant acknowledged he owned, and to which he supplied all necessary passwords; and other evidence of the defendant's authorship, including one e-mail that contained an attached photograph of the defendant and another e-mail in which the defendant described himself. [447-451]
GANTS, J. The defendant was convicted of deriving support from the earnings of a prostitute, in violation of G. L. c. 272, 7, and maintaining a house of prostitution, in violation of G. L. c. 272, 6. [Note 2] The Appeals Court affirmed in an unpublished memorandum and order pursuant to its rule 1:28, Commonwealth v. Purdy, 76 Mass. App. Ct. 1119 (2010), and we granted the defendant's application for further appellate review. On appeal, the defendant challenges the admission of ten electronic mail (e-mail) exchanges that he claims were not properly authenticated. He also argues that the trial judge erred in failing to provide the jury with an instruction limiting their use of statements made by an alleged prostitute to an undercover officer who visited the defendant's establishment. After oral argument, we requested supplemental briefing regarding whether the judge's definition of "sexual intercourse" in her final instructions on the elements of the crime of maintaining a house of prostitution created a substantial risk of a miscarriage of justice, and whether the evidence was legally sufficient to support a conviction of that offense.
prostitute because we conclude that the e-mail exchanges were properly authenticated and admitted in evidence, and that, while the judge erred in not providing an instruction limiting the jury's use of a masseuse's out-of-court statements, the error was not prejudicial because we find with "fair assurance" that it "did not influence the jury, or had but very slight effect." Commonwealth v. Flebotte, 417 Mass. 348, 353 (1994), quoting Commonwealth v. Peruzzi, 15 Mass. App. Ct. 437, 445 (1983).
The police executed a search warrant of the salon on October 7, 2005, and during the course of that search seized a desktop computer. After the defendant received Miranda warnings and waived his rights, he told Detective Joseph Murphy of the Cambridge police department, in response to his questions, that the desktop computer was his and that he used it. He also provided, from his own memory, the passwords needed to access programs on the computer. The defendant was searched and found to have $1,608 in cash, including three of the marked bills that had been paid by Detective Hyde.
Detective Murphy made an exact copy of the hard drive of the defendant's computer and, in searching it, located numerous e-mails, of which ten e-mail exchanges were admitted in evidence. These e-mails were sent from an e-mail account that the defendant acknowledged during his testimony that he used, with
an e-mail address that contained the defendant's first and last names. Detective Murphy also located 69,000 images on the computer, some of which were photographs that were shown to the jury, and thousands of which were photographs that were taken with a digital camera found in the salon.
Among the e-mail exchanges admitted in evidence was one that was initiated from the defendant's e-mail address and signed with the defendant's name and the address of the salon, and had the "header," "personal assistant with benefits?." The author wrote that he was "seeking a personal secretary with an open mind, who . . . knows where to keep her nose and where not." In response to a reply from a recipient, the author described himself as a "working artist, as well [as an] entrepreneur, small business guy, hairstylist, art and antiques dealer, [and] massage therapist," and added, "and I operate a service." [Note 3] In a later e-mail in this exchange, also from the defendant's e-mail address, the author asserted that potential earnings could range from $200 to $2,000 per week.
A separate e-mail was entitled "massage" and was sent from the defendant's e-mail address and signed with the defendant's first name. The author describes a "blond girl" who is "fairly new and so a little nervous," and states: "If you are gentle and kind to her I'm sure you're going to have a very good time." He adds, "She has beautiful breasts and she will allow light touching. It is ok, but no other touching." The recipient of the e-mail responded that he wanted an "unhurried session" with a "gal who will treat me right[,] be slow[,] gentle and very friendly within her limits." [Note 4] An e-mail from the defendant's e-mail address and signed with the defendant's first initial replied, "I will make sure you are treated well."
to be unaware of any sexual services performed on the premises in exchange for a fee and testified that he was clear with the masseuses that there was to be no sexual activity or lewdness. The defendant also denied offering Detective Cherubino any "extras" or authoring the e-mails in evidence.
The computer was located in the area of the salon that was devoted to the sale of antiques, near the massage room, and the defendant testified that it was always on and that other people in the salon, particularly the masseuses, knew the passwords to his computer and used the computer frequently. He testified that they used his e-mail account to play pranks on him, and that they answered e-mails in his name. Asked about each e-mail individually, the defendant asserted that most of the e-mails in evidence were pranks and he was unsure what the others were.
Discussion. 1. Authentication of e-mail messages. The defendant argues that the judge erred in admitting the ten e-mail exchanges because the evidence was insufficient to authenticate them as having been authored by him. "The requirement of authentication . . . as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims." Mass. G. Evid. 901(a) (2011). See Commonwealth v. Nardi, 452 Mass. 379, 396 (2008); Commonwealth v. LaCorte, 373 Mass. 700, 704 (1977); M.S. Brodin & M. Avery, Massachusetts Evidence 9.2, at 580 (8th ed. 2007). See also Fed. R. Evid. 901(a) (2010) (same). "The role of the trial judge in jury cases is to determine whether there is evidence sufficient, if believed, to convince the jury by a preponderance of the evidence that the item in question is what the proponent claims it to be. If so, the evidence should be admitted, if it is otherwise admissible." M.S. Brodin & M. Avery, Massachusetts Evidence, supra. See Commonwealth v. Nardi, supra. Here, because the relevance and admissibility of the communications depended on their being authored by the defendant, the judge was required to determine whether the evidence was sufficient for a reasonable jury to find by a preponderance of the evidence that the defendant authored the e-mails. See Commonwealth v. Leonard, 428 Mass. 782, 785-786 (1999); Mass. G. Evid. 104(b)(1) & note, at 11. [Note 5] Evidence
Here, the defense moved in limine to preclude the Commonwealth from introducing the e-mails in evidence. Defense counsel represented that the defendant shared his computer with others at the salon and that he denied authoring the e-mails, but did not challenge the prosecutor's representation that the e-mails she sought to offer were taken from the hard drive of the computer owned by the defendant and were signed with the defendant's first name or his first initial. The judge denied the motion in limine based on the prosecutor's unrebutted representation. At the time the e-mails were offered and admitted in evidence, the Commonwealth not only had provided evidence to support its representations but also had elicited evidence from Detective Murphy that the defendant knew and provided from memory all the passwords necessary to access the computer's programs, and that the e-mails originated from an e-mail address that the defendant used and that bore his name. [Note 6] The Commonwealth, however, did not furnish direct evidence that the defendant had authored any of the ten e-mails admitted in evidence; there was no testimony that anyone observed him typing any of the e-mails or that anyone had discussed any of the e-mails with him. The defendant contends this evidence is insufficient to establish that the e-mails were what the Commonwealth claimed them to be, that is, e-mails authored by the defendant. We disagree, and we conclude that the evidence was sufficient to authenticate the e-mails as having been authored by the defendant.
While e-mails and other forms of electronic communication present their own opportunities for false claims of authorship, the basic principles of authentication are the same. See United States v. Safavian, 435 F. Supp. 2d 36, 41 (D.D.C. 2006) ("The possibility of alteration does not and cannot be the basis for excluding e-mails as unidentified or unauthenticated as a matter of course, any more than it can be the rationale for excluding paper documents" [emphasis in original]); Simon v. State, 279 Ga. App. 844, 847 (2006) ("e-mail offers unique opportunities for fabrication [but] it is held to the same standards of authentication as other similar evidence"). Evidence that the defendant's name is written as the author of an e-mail or that the electronic communication originates from an e-mail or a social networking Web site such as Facebook or MySpace that bears the defendant's name is not sufficient alone to authenticate the electronic communication as having been authored or sent by the defendant. See Commonwealth v. Williams, 456 Mass. 857, 868-869 (2010). There must be some "confirming circumstances" sufficient for a reasonable jury to find by a preponderance of the evidence that the defendant authored the e-mails. See Commonwealth v. Hartford, supra at 488. See also Commonwealth v. Williams, supra. 2ff7e9595c
Comments