PA Superior Court: Tracing IP Addresses at Trial Requires Authentic Evidence and Expert Witnesses 

The Pennsylvania Superior Court has decided the case of Commonwealth v. Manivannan. In Manivannan, the Superior Court reversed the defendant’s cyber-stalking related convictions after finding that prosecutors improperly failed to prove that the defendant was the person who accessed the complainant’s e-mail account without permission. This is an important decision because it continues a trend of Pennsylvania appellate courts recognizing that electronic evidence can easily be fabricated and therefore must be properly authenticated in order to be admitted into evidence.  

The Facts of Commonwealth v. Manivannan

In August 2011, the defendant worked at the United States Department of Energy. While employed there, he met and began dating the complainant. The complainant would occasionally use his computer to access her email, but she never gave him permission to access her email account. In November 2013, the complainant ended the relationship with the defendant and began seeing another man. 

The defendant did not take the breakup well. By January 2014, the defendant was regularly contacting the complainant through various means of communication despite being asked to stop. On one night, the complainant and her new boyfriend were sitting in her car when the defendant pulled up behind them. The defendant proceeded to follow the two after the complainant drove away. Thereafter, the complainant confronted the defendant and told him that he needed to stop following her.

The defendant continued to engage in this type of behavior. For example, the complainant and her new boyfriend planned a weekend trip to Morgantown, West Virginia. While there, she became aware that the defendant was in the area, as well. Obviously, she became suspicious that the defendant’s presence was not coincidental. She then learned that the accommodation emails she obtained from the hotel were forwarded to her mother, even though the complainant did not send them herself. 

The complainant checked the log-in records for her email account and learned that her email account had been accessed twenty-one times from thirteen different Internet Protocol (“IP”) addresses located in various states. She screenshotted the suspicious activity and gave the photos to the police. The police then used a website called Geektools.com to determine which internet service providers owned the IP addresses, and the police then subpoenaed the account information for those IP Addresses from Comcast. 

Comcast provided the police with a fax on Comcast letterhead with information stating that the IP addresses used to access the complainant’s e-mail account belonged to the defendant. The defendant was then charged criminally with five counts of unlawful use of a computer and one count of harassment. 

The defendant pleaded not guilty and went to trial. At trial, the judge permitted the Commonwealth to introduce the screenshots taken from the complainant’s log-in records despite the defendant’s objection that there was no basis for authenticating that those IP addresses were actually the addresses that accessed the complainant’s e-mail account. The trial court also permitted the Commonwealth to introduce the letter from Comcast. This letter did not indicate an individual author, but it was signed “Comcast Legal Response Center.” The defendant objected to the introduction of this letter because it failed to identify an individual author and it was not an original as required under Rule 1002 of the Pennsylvania Rules of Evidence. To overcome this, the Commonwealth provided a separate, faxed, boilerplate Pa.R.E. 902(11) declaration that was dated on April 18, 2016 that gave no context for the document its signor purported to certify. This document made no reference to the Comcast letter, and the Commonwealth also presented no evidence that the certification it offered had actually accompanied the Comcast letter. The Commonwealth argued that it qualified as a Business Record and thus an exception to the rule against hearsay. After argument, the trial court allowed the introduction of this letter. 

The trial court further allowed the police officer and the complainant to testify that the defendant was in Los Angeles, California when someone accessed the complainant’s email account with an IP address that was located in Los Angeles. However, neither the complainant nor the officer were qualified as expert witnesses. At the conclusion of the trial, the jury convicted the defendant, and the court sentenced him to nearly five years of probation. The court also attempted to ban the defendant from the Commonwealth of Pennsylvania, although it later rescinded that unconstitutional provision. The defendant appealed his conviction based on the unreliable electronic evidence, and the Commonwealth appealed the fact that the court did not sentence the defendant to jail time. 

The Superior Court Appeal

The Superior Court reversed the conviction. It found both that the Commonwealth failed to properly authenticate the IP address tracking that the police had done and that authenticating these documents required the testimony of an expert witness. 

What is the Business Record Exception to the Hearsay Rule? 

Typically, hearsay is not admissible in trial. Hearsay is an out of court statement offered to prove the truth of the matter asserted. Hearsay is typically not admissible because it is not trustworthy and because the defense has no opportunity to cross-examine the person that made the statement. However, there are exceptions to the general ban on hearsay. One such exception is the Business Records Exception. This rule allows statements that would otherwise be hearsay to be admitted into evidence if certain requirements are met. The logic behind is the rule these records are inherently reliable because businesses have an interest in having accurate records. It is important to remember that the record does not have to come from the traditional definition of a business. Associations, institutions, non-profit organizations, etc. can all produce documents that qualify as a “business record” for purposes of this rule. 

Prosecutors routinely use the Business Records Exception in their cases. In Pennsylvania, there is a five part test that must be satisfied for a statement to qualify as an Business Record: 1) the record was made at or near the time by-or from information transmitted by-someone with knowledge; 2) the record was kept in the course of regularly conducted activity of a “business”; 3) making the record was a regular practice of that activity; 4) all these conditions are shown by the testimony of the custodian or another qualified witness, or by a certification that complies with Rule 902(11) or (12), or with a statute permitting certification; and 5) neither the source of the information nor other circumstances indicate a lack of trustworthiness (i.e. a document that was made in anticipation of litigation would not be deemed reliable). All of these elements must be met before a document can be entered into evidence. 

The Court’s Ruling  

In Manivannan, one of the main issues was whether the Commonwealth properly authenticated the Comcast letter. Notably, the Commonwealth failed to present testimony from a custodian of records or other qualified witness. Instead, it attempted to authenticate the Comcast letter using the vague certification. The problem with the certification was that it was not specific. Specifically, the court stated that there was “no discernable correlation between this document and the evidence it purports to authenticate.” 

This is very significant because prosecutors frequently attempt to introduce documents under the Business Record Exception without complying with all of the requirements. Here, the court held that the trial court erred when it admitted this letter into evidence. The Court further held that this was reversible error because the letter provided the only direct evidence of the defendant’s connection to the IP address that unlawfully accessed the complainant’s e-mail account. 

The Commonwealth Must Present Expert Witnesses to Trace IP Addresses At Trial

The Superior Court also found that the trial court should have required the Commonwealth to present expert witnesses as to the IP address tracing. The court found that lay witnesses cannot draw conclusions from highly technical issues such as ascertaining geographic locations from IP addresses and testify to these conclusions at trial. In Manivannan’scase, the Commonwealth introduced evidence of various IP accounts, testimony about how IP addresses work, and how those addresses were traced back to the defendant without ever offering evidence that the officer or complainant were expert witnesses in the relevant field. The Superior Court rejected the introduction of this testimony without an expert witness, finding that expert testimony is required when the Commonwealth seeks to introduce this highly technical evidence. In other words, subjects such as IP addresses, how e-mail accounts are maintained, the ability to link a physical addresses to an IP address, and other computer science related issues are not common knowledge. Therefore, the trial court should have prohibited this testimony without an expert witness. Accordingly, the court reversed the defendant’s conviction for this reason, as well.  

Facing Criminal Charges? We Can Help

Manivannan illustrates that a case can be won or lost based on challenges to the evidence that is allowed to be presented to the jury. If you are charged with a highly technical crime, you need a skilled defense attorney who is up-to-date on the rules of evidence and able to use them to your advantage. Our award-winning Philadelphia criminal defense lawyers have successfully defended thousands of clients at trial and on appeal. We offer a free 15-minute criminal defense strategy session to anyone who is facing criminal charges or under investigation. Call 267-225-2545 to discuss your case with an experienced and understanding criminal defense attorney today.