United States v. Lubich ( 2013 )

                       UNITED STATES, Appellee
v.
Heather D. LUBICH, Electronics Technician Second Class
U.S. Navy, Appellant
No. 12-0555
Crim. App. No. 201100378
United States Court of Appeals for the Armed Forces
Argued February 19, 2013
Decided May 3, 2013
ERDMANN, J., delivered the opinion of the court, in which BAKER,
C.J., STUCKY and RYAN, JJ., and EFFRON, S.J., joined.
Counsel
For Appellant:    Lieutenant Kevin S. Quencer, JAGC, USN (argued).
For Appellee: Major William C. Kirby, USMC, (argued); Colonel
Kurt J. Brubaker, USMC, Colonel Stephen C. Newman, USMC, and
Brian K. Keller, Esq. (on brief).
Military Judge:   Carole J. Gaasch
This opinion is subject to revision before final publication.
United States v. Lubich, No. 12-0555/NA
Judge ERDMANN delivered the opinion of the court.
At a special court-martial with members, Electronics
Technician Second Class (ET2) Heather D. Lubich was convicted,
contrary to her pleas, of one specification of attempted
larceny; one specification of wrongfully and knowingly
transferring, possessing, or using a means of identification of
another person; and one specification of impersonating a
commissioned officer with the intent to defraud; in violation of
Articles 80 and 134, Uniform Code of Military Justice (UCMJ), 

, 934 (2006).    The convening authority approved the
sentence of forty-five days confinement, forfeiture of $1,300
pay per month for two months, reduction to E-3, and a bad-
conduct discharge.   The United States Navy-Marine Corps Court of
Criminal Appeals (CCA) affirmed the findings and sentence.
United States v. Lubich, No. NMCCA 201100378, 

, at *9 (N-M. Ct. Crim. App. Apr. 19, 2012).
Military Rule of Evidence (M.R.E.) 901(a) provides that
“[t]he requirement of authentication or identification as a
condition precedent to admissibility is satisfied by evidence
sufficient to support a finding that the matter in question is
what its proponent claims.”   We granted review in this case to
determine whether the military judge abused her discretion when
she overruled a defense authentication objection and admitted
2
United States v. Lubich, No. 12-0555/NA
two Government exhibits which were based on computerized data.1
We hold that the military judge did not abuse her discretion and
affirm the decision of the CCA.
Background
The charges against Lubich were based on allegations that
she impersonated her supervisor, a commissioned officer, by
using his name, personal information and Leave and Earnings
Statement (LES), to apply for a $10,000 loan from Omni
Financial, Inc. via the Internet.      In the course of the
investigation, the Naval Criminal Investigative Service (NCIS)
made a request to the Information Assurance Department of the
Navy-Marine Corps Intranet (NMCI) for Lubich’s Internet account
data.    NMCI downloaded the requested data on six CD-ROMs and
sent the discs to NCIS.
At trial, Erik Schmidt, a cyber forensic examiner with
NCIS, testified that he conducted a forensic examination of the
six CD-ROMs provided by NMCI utilizing automated forensic tool
1
We granted review of the following issue:
Whether the military judge erred by overruling defense
counsel’s foundation and authentication objections and
admitting computerized data evidence gathered by an
unnamed Navy-Marine Corps Intranet (NMCI) analyst who
used an unidentified process with unknown reliability
to collect data related to Appellant’s network user
activity.
United States v. Lubich, 

 (C.A.A.F. 2012) (order
granting review).
3
United States v. Lubich, No. 12-0555/NA
programs.2    Schmidt’s examination produced two computerized
reports:     Prosecution Exhibit (PE) 19, a report which listed the
web sites accessed by Lubich’s account and the dates and number
of times the web sites were accessed; and PE 23, a report that
compiled the user names and passwords for the web sites accessed
from Lubich’s Internet account.3
Following a brief foundational examination, the Government
moved for the admission of PE 19.      The defense objected on the
grounds that Schmidt lacked the “requisite personal knowledge to
authenticate th[e] document” and the military judge convened an
2
Schmidt utilized EnCase Forensic and AccessData Forensic
Toolkit.
3
PE 19 is titled “Internet Explorer Cookie Index,” and is based
on the Index.DAT file of Lubich’s account. Schmidt testified
that “[a] cookie is a text file that is saved on your user’s
profile from web pages; when you visit the web page, it tracks
the user’s access.” Schmidt testified that cookies are
automatically created and stored in a “database type” file
called Index.DAT. PE 19 is a 179-page report which recounts
information about hundreds of cookies, such as the “URL,”
“Filename,” “Last Accessed” date, and “Hits.” Notably, the
“URL” field for each of the hundreds of cookies reads
“Cookie:heather.lubich@” followed by the name of the relevant
web site. Similarly, the “Filename” field for each of the
hundreds of cookies reads “heather.lubich@,” followed by an
identifier for the site and the extension “.txt.” PE 23, on its
face, is a “NTUSER.DAT Registry Report” from the
“HEATHER_LUBICH” account. Schmidt testified that NTUSER.DAT is
a Windows Operating System file that holds data for a user
account profile, and stores saved user names and passwords for
web sites that the user visited. As printed, the Registry
Report notes on every page that it is the NTUSER.DAT of the
HEATHER_LUBICH account. The saved user names and passwords
noted on the report include, on a number of occasions, Lubich’s
official Navy e-mail address, her password, and her Social
Security number.
4
United States v. Lubich, No. 12-0555/NA
Article 39(a), UCMJ, 

(a) (2006), session to
address the objection.   During the Article 39(a) hearing, the
defense expanded their objection to include a Confrontation
Clause objection and told the military judge that he had the
same objections to the admission of PE 23.      The authentication
objection was directed at the data contained on the CD-ROMs
which had been provided by NMCI.       The defense argued that “[The
data] can’t be authenticated without somebody from NMCI
testifying to the collection processes that took the data from
ET2 Lubich’s computers to those six CDs that Mr. Schmidt was
given a week or two ago.”
In response to questions from the military judge as to the
process NMCI utilized to gather the data from Lubich’s Internet
accounts, Schmidt testified as follows:
It’s an automated process. They enter the user
account information in this process which in the
background will run the search through the server logs
and then find the computers and then remotely pull the
folders themselves from the user accounts, the My
Documents and folder settings -- or section, to the
work station. He’s actually located over on the East
Coast out in Washington -- I’m sorry -- Norfolk. He
will then burn the information to a CD-ROM and then
ship it Fed Ex to our office.
The military judge asked if there was “any discretion on the
part of the person drawing the data, or is it all automated?”
Schmidt replied, “[t]he only interaction would be burning it
[to] the CD-ROM itself I think.”       On cross-examination during
the Article 39(a) hearing, Schmidt testified that he had never
5
United States v. Lubich, No. 12-0555/NA
worked at NMCI and was not familiar with all the software they
utilized.   When asked whether someone at NMCI had personally
verified which computers Lubich used, Schmidt responded, “I
couldn’t tell you.   I can’t testify to that.”
Following Schmidt’s testimony and counsel’s arguments
regarding authentication and the Confrontation Clause, the
military judge ruled:
I believe that argument goes more to the weight of the
evidence, and you certainly can explore that in cross-
examination. The objection is overruled. I find that
both Prosecution Exhibits 19 and 23 for identification
have been sufficiently authenticated and that the
Confrontation Clause is not implicated because we’re
dealing with an automated process, no conclusions in
these documents themselves and, again, it’s an
automated process with very little discretion involved
on the part of the person that was obtaining the data.
So Prosecution Exhibits 19 and 23 for identification
are received into evidence.
Schmidt’s subsequent testimony, based on the data in PEs 19
and 23, linked Lubich’s account and her user name and password
to the loan application which utilized her supervisor’s name,
Social Security number and LES.4       On cross-examination, Schmidt
testified that there was no way to know whether Lubich was
sitting at her computer at the times when certain data was
4
PE 19 revealed that someone using Lubich’s account visited the
web site, “secure.yesomni.com,” the web site of the company to
which she allegedly sent the loan application in the name of her
supervisor, fifteen times. PE 19 showed that
“secure.yesomni.com” was last accessed May 18, 2009. Similarly,
PE 23 shows that someone using the HEATHER_LUBICH account input
the Social Security numbers of Lubich and her supervisor into
“secure.yesomni.com” on March 25, 2009.
6
United States v. Lubich, No. 12-0555/NA
entered or if she logged in with her password, then left the
computer and someone else sat down in her place.    He also
testified that he had not personally accessed the computer hard
drives to obtain the information on the CD-ROMs and that it was
possible there was additional information on the hard drives.
During closing arguments, trial counsel argued that PEs 19
and 23 provided direct evidence that Lubich stole the victim’s
identity and used his Social Security number in an attempt to
obtain a loan from Omni Financial.   Lubich was convicted of
attempted larceny, identity theft, and impersonating a
commissioned officer with an intent to defraud.    The CCA
affirmed, holding that Schmidt’s descriptions of the processes
used to download the data to the CD-ROMs properly authenticated
PEs 19 and 23.   Lubich, 

, at *8-*9.
Discussion
At trial, “the Government bears the burden of establishing
an adequate foundation for admission of evidence against an
accused.”   United States v. Maxwell, 

, 150 (C.M.A.
1993) (citation omitted).   “The Government may meet its burden
of proof with direct or circumstantial evidence.”    

 at 150-
51.   On appeal, we review a military judge’s decision to admit
evidence for an abuse of discretion.     United States v. Freeman,

, 453 (C.A.A.F. 2008) (citation omitted).     “An abuse
of discretion occurs when the trial court’s findings of fact are
7
United States v. Lubich, No. 12-0555/NA
clearly erroneous or if the court’s decision is influenced by an
erroneous view of the law.”   

       “‘Further, the abuse of
discretion standard of review recognizes that a judge has a
range of choices and will not be reversed so long as the
decision remains within that range.’”       

 (citation omitted).
Lubich argues that the military judge erred because Schmidt
did not establish the reliability, accuracy, or trustworthiness
of the data NCIS received from NMCI.       Lubich urges the court to
reverse the CCA and suggests we adopt the type of detailed
analyses for the authentication of computerized data set forth
in In re Vee Vinhnee, 

 (B.A.P. 9th Cir. 2005), and
Lorraine v. Markel, 

 (D. Md. 2007).5       Lubich also
relies on this Court’s analysis for the authentication of video
surveillance footage in United States v. Harris, 

(C.A.A.F. 2001), as an example of the type of authentication
process the court should require for the admission of
computerized data.   Finally, Lubich argues that the admission of
PEs 19 and 23 was not harmless because the error had a
substantial influence on the findings.
The Government counters that the military judge did not err
in the authentication of PEs 19 and 23 because she was
satisfied, by a preponderance of the evidence, that the matter
5
In re Vee Vinhnee adopted an eleven-step analysis for the
foundation of computer records. 

. Lorraine
cited this eleven-step test in its analysis of the foundational
requirements for electronic records. 241 F.R.D. at 558.
8
United States v. Lubich, No. 12-0555/NA
in question was what it purported to be based on Schmidt’s
testimony.   According to the Government, Lubich’s NMCI account
data was automatically stored and collected by an NMCI process
with only minimal human interaction.   Finally, the Government
argues that the fact that Schmidt did not personally collect the
data goes to its weight, not its admissibility.
“The requirement of authentication or identification as a
condition precedent to admissibility is satisfied by evidence
sufficient to support a finding that the matter in question is
what its proponent claims.”   M.R.E. 901(a).   Evidence may be
authenticated through the testimony of a witness with knowledge
“that a matter is what it is claimed to be.”   M.R.E. 901(b)(1).
M.R.E. 901(b)(9) permits evidence resulting from a “process or
system” to be authenticated via “[e]vidence describing [the]
process or system used to produce [the] result and showing that
the process or system produces an accurate result.”
It is important in this case to identify the basis for the
defense objection.   Authentication simply requires establishing
that the evidence is what the proponent claims it to be.6    M.R.E.
6
Much of the case law addressing the authentication of computer
data, including the authority relied on by Lubich, see supra p.8
and note 5, analyzes the requirements of M.R.E. 901 in the
context of M.R.E. 803(6), the business records exception to the
rule against hearsay. See, e.g., In re Vee Vinhnee, 

 (“The primary authenticity issue in the context of business
records is . . . .”); Lorraine, 241 F.R.D. at 542 (“The
requirement of authentication and identification also insures
that evidence is trustworthy, which is especially important in
9
United States v. Lubich, No. 12-0555/NA
901(a).    Here the Government claimed that the data contained on
the six CD-ROMs was taken from Lubich’s NMCI Internet accounts.
During argument on the motion, the military judge invited the
defense counsel to elaborate on the authentication objection.
Defense counsel responded, “It’s my understanding that the data
that Mr. Schmidt analyzed came from Petty Officer Lubich’s
computers at NSAWC.7    I mean, I don’t think there’s any dispute
about that.”    This is significant as the defense recognized that
the data was from Lubich’s Internet accounts, but nevertheless
argued that it was necessary to have direct testimony from NMCI
personnel as to the process utilized by NMCI to collect the
data.
In United States v. Blanchard, 

, 309 (C.A.A.F.
1998), we noted that the M.R.E. 901 is the same as Fed. R. Evid.
analyzing hearsay issues. Indeed, these two evidentiary
concepts often are considered together when determining the
admissibility of exhibits or documents.”). While authentication
and hearsay are distinct issues, some cases conflate the two or
use the same facts to address both issues. See In re Vee
Vinhnee, 

 (“Ordinarily, because the business
record foundation commonly covers the ground, the authenticity
analysis is merged into the business record analysis without
formal focus on the question.” (citing 5 Weinstein § 900.06 [2]
[a])). However, authentication under M.R.E. 901 and
admissibility as a hearsay exception are distinct inquiries.
Authenticity is a “condition precedent to admissibility” and
requires only a prima facie showing that is “sufficient to
support a finding that the matter in question is what its
proponent claims.” M.R.E. 901(a). As the business records
hearsay exemption is not at issue in this case, our analysis
focuses solely on authentication under M.R.E. 901, and we
distinguish our analysis from those cases which blend
authentication and hearsay analyses.
7
“NSAWC” is the Naval Strike and Air Warfare Center.
10
United States v. Lubich, No. 12-0555/NA
901 and embraces the well-established view that authentication
is a component of relevancy.   We stated:
[I]t requires a preliminary determination by the judge
that sufficient evidence of authenticity exists to
present the authenticity question to the members for
their ultimate factual determination. See generally
United States v. Sliker, 

 (2d Cir. 1984);
see Ricketts v. City of Hartford, 

, 1411
(2d Cir. 1996) (judge’s discretion to exclude evidence
on authenticity ground is limited to deciding whether
sufficient proof exists for a reasonable juror to
determine authenticity). It suffices to say that
these same principles are applicable at courts-martial
and, accordingly, federal court of appeals decisions
applying these principles would be most helpful. See
United States v. Richendollar, 

 (C.M.A.
1986).

.
The process for authentication is more fully discussed in 5
Jack B. Weinstein & Margaret A. Berger, Weinstein’s Federal
Evidence § 901.02[3], at 901-13 to 901-14 (Joseph M. McLaughlin
ed., 2d ed. 2003) (footnotes omitted):
Generally speaking, the proponent of a proffered
item of evidence needs only to make a prima facie
showing that the item is what the proponent claims it
to be. . . .
Once the proponent has made the requisite
showing, the trial court should admit the item,
assuming it meets the other prerequisites to
admissibility, such as relevance and compliance with
the rule against hearsay, in spite of any issues the
opponent has raised about flaws in the authentication.
Such flaws go to the weight of the evidence instead of
its admissibility. The trial court’s admission of the
exhibit means only that the fact finder may consider
the item of evidence during its deliberations. The
fact finder remains free to disregard the item if the
trial evidence overcomes the preliminary showing of
authenticity.
11
United States v. Lubich, No. 12-0555/NA
Weinstein explains “[i]n general, electronic documents or
records that are merely stored in a computer raise no computer-
specific authentication issues.    If a computer processes data
rather than merely storing it, authentication issues may arise.”
Weinstein & Berger § 900.06[3], at 900-68.
Schmidt’s testimony satisfied the rules set forth in
Blanchard and as discussed in Weinstein’s Federal Evidence.
During the Article 39(a) session, Schmidt explained that he had
worked in this area for seven years.   He described the
collection process that retrieved the data from Lubich’s account
on two occasions.   First, in response to trial counsel’s
question about how the data was collected, Schmidt explained:
The Information Assurance Department reviews server
logs for the network and verifies from the server logs
themselves what computers the user account logged
into. They, in turn -- it’s all an automated process
-- in turn will go to the computer itself and copy
that user account’s profile and provide it and burn it
to CD-ROM.
Later Schmidt described the automated process in more detail to
the military judge:   NMCI personnel “enter the user account
information in this process which in the background will run the
search through the server logs and then find the computers and
then remotely pull the folders themselves from the user accounts
. . . to the work station.”   He also testified that he verified
this process with NMCI.
12
United States v. Lubich, No. 12-0555/NA
The Government therefore made a prima facie showing of
authenticity by presenting evidence sufficient to allow a
reasonable juror to find that data on the six CD-ROMs was data
from Lubich’s Internet accounts.     Schmidt’s testimony
established that NMCI transferred data stored on the computers
to the CD-ROMs utilizing an automated process rather than
analyzing or manipulating the data.    See United States v. Tank,

, 630 (9th Cir. 2000) (“‘Any question as to the
accuracy of the printouts . . . would have affected only the
weight of the printouts, not their admissibility.’” (alteration
in original) (quoting United States v. Catabran, 

,
458 (9th Cir. 1988))).
The Government also met several of the illustrative
criteria of M.R.E. 901(b):
M.R.E. 901(b)(1) -– “Testimony of witness with knowledge”
was satisfied through Schmidt’s familiarity with the NMCI
procedures;
M.R.E. 901(b)(4) -– “Distinctive characteristics and the
like” was satisfied as the computer data contained numerous
references to Lubich’s personal computer information;
M.R.E. 901(b)(9) -– “Process or system” was satisfied by
Schmidt’s discussion regarding the NMCI process.
Once this preliminary standard for reliability was
established, the defense had the opportunity to attack the
perceived weaknesses in the case through cross-examination of
Schmidt.   Indeed, Lubich’s counsel questioned Schmidt about the
possibility that someone else was sitting at a computer that
13
United States v. Lubich, No. 12-0555/NA
Lubich previously logged onto and entered the information
without her knowledge.   Defense counsel also questioned Schmidt
about whether any other forensic data was reviewed, whether they
sought forensic evidence from other individuals, and whether
there may have been other Internet history data associated with
the account that could have been deleted from the profile but
remained on hard drives that were not examined by NCIS.   Thus,
Lubich had the opportunity to confront Schmidt about this
evidence and attempt to diminish its impact on the members.
We decline to adopt Lubich’s proposal that we develop a
detailed authentication analysis for computer data.8   There are
numerous scenarios in which this issue will arise and we see no
benefit in attempting to craft a “standard” test to analyze all
computer data situations.   We will continue to rely on the
military judge’s discretion to determine authenticity.    See
Blanchard, 48 M.J. at 310 (explaining that “[M.R.E.] 104 gives
discretion to the trial judge as to the manner in which he makes
preliminary determinations concerning admissibility of evidence”
and “reject[ing] appellant’s general argument that the military
8
Lubich’s reliance on Harris is also misplaced. Harris involved
the authentication of a videotape under M.R.E. 901 utilizing the
“silent witness” theory. 55 M.J. at 436. There the court
established the authentication criteria for photos taken by an
automated camera. Id. at 438-40. That situation differs from
this case where Lubich concedes that the data was taken from her
Internet account.
14
United States v. Lubich, No. 12-0555/NA
judge erred by failing to strictly follow selected federal
decisions in making his authenticity determination.”).
We hold that the military judge did not abuse her
discretion in admitting PEs 19 and 23.    Once these exhibits were
admitted, it was then up to the members to determine the true
authenticity and probative value of the evidence based on
Schmidt’s testimony.
Decision
The decision of the United States Navy-Marine Corps Court
of Criminal Appeals is affirmed.
15