Preparing Open Source Intelligence (OSINT) for Litigation



Social Media
Internet Mining

Let’s face it, we live in a day and age where your online existence says volumes about who you are and how you conduct your yourself. In rare instances, we see social media replacing the need for traditional surveillance.

Surveillance is most often necessary but judges and juries don’t always warm up to the idea of someone crouching in the bushes or sitting in a car photographing another person. However, open source intelligence has the benefit of often coming from the subjects themselves, thereby eliminating or at the very least curtailing the “creepy” factor.

We’ve all heard and read countless articles on the Internet in investigations, and for good reason. Even with the Internet as mature as it is now, a clear majority of investigative agencies, law firms, insurance companies, and employers are not effectively using this potential treasure trove.


Google Hacking-Database

The Google Hacking Database (GHDB) is open source intelligence at its finest, an authoritative source for querying the ever-widening reach of the Google search engine.

Information randomly gathered and haphazardly put together will often be useless when evidentiary issues are ignored at the start of the investigation. Like any other investigation, it’s important to involve your legal team at the inception of any open source intelligence query.

A simple “social media” inquiry may sound harmless enough but it often falls short of gathering evidence in a way that makes the results useful when it matters the most, at trial. Also, consider “flat-rate” basic services that perform a general scan. They often do so without a narrowly tailored effort and in many instances, fails to consider how the information relates to the overall investigation and defense in litigation.

ABA Rule 4.2 Communication with Person Represented by Counsel

In representing a client, a lawyer shall not communicate about the subject of the representation with a person the lawyer knows to be represented by another lawyer in the matter unless the lawyer has the consent of the other lawyer or is authorized to do so by law or a court order.

Furthermore, it’s been adopted by many state bar associations that “friending” or connecting with a represented party is frowned upon and a violation of Rules of Professional Conduct in most instances.

Ethical Considerations

Although tempting, especially behind the guise of the Internet wall, one must avoid initiating contact with a represented party. Although it’s quite clear, the question of what constitutes “contact” is often a matter of debate. The American Bar Association (ABA) projects contact with an opposing party not permissible and specifically defines when contact is appropriate.

What if you’re not a lawyer, maybe you’re an investigator or claims professional? Remember, as with common investigation rules, if the information secured is to be used by counsel at trial, expect the same rules to apply. Most jurisdictions have made the use of pretexting or creating a fictitious persona to contact a party, an ethical boundary not to be crossed. Are there jurisdictions with a more liberal approach? Sure. However, the safest bet is to only extract information that is publicly available on a person’s Internet profile or web page.

The CROSStrax Internet Mining Tool

The CROSStrax Internet Mining Tool was designed for quick, relevant, intelligent, and investigator guided Internet mining investigations. Our instant search capabilities provide the valuable information you can use to assess risk.

Behind the scenes:

1. Figure 1 – shows our search engine firing on all cylinders. That’s right, CROSStrax does the work for you and searches the Internet through direct API access.

2. Figure 2 – is our manual search box. Once the system is done, the investigator can no go into CROSStrax and dig further using the exact search criteria the specific site uses behind the scenes.

3. Figure 3 – allows you to attach all confirmed hits to a final report that is generated for you. A photo snippet, matching indicators, and a summary is attached to each hit and neatly placed in a final report for your clients.

Facebook Social Media

77% of Facebook users don’t know how to change their privacy settings or simply haven’t edited them.


As in any investigation, thought must be given to obtaining open source intelligence in a way that will allow it to be admitted into evidence at trial. Article X of the Federal Rules of Evidence deals with the admission of writings, recordings, or photographs. Fed. R. Evid. No. 1001(1) defines “writings” and “recordings” as “letters, words, or numbers, or their equivalent set down by…photo stating, photographing, magnetic impulse, mechanical or electronic recording, or other forms of data compilation”

In this regard, the admissibility of open source intelligence content is no different than traditional evidence, such as diaries, photographs, or other documents. The evidence must first be authenticated to be admitted. Like all other evidence, it also must be relevant and material and must not constitute hearsay in order to be admitted. Practical Pointer: Know what fact you are trying to prove and articulate how the social media evidence will prove that fact.


Most background search services fall short on knowing what to do with the information once it is obtained. For the information to be admitted at trial before a jury, it must be both authentic and relevant. Relevancy is usually not an issue. Authentication, on the other hand, can be a very complicated matter.

Rules and requirements of authentication can vary among jurisdictions and often fall within the discretion of the judge. While the easiest way to authenticate evidence is via stipulation, this is not always available. Federal Rule of Evidence 901 requires evidence that the item is what it is claimed to be. While the threshold for authentication is low, it should be considered at the time the information is obtained. If you wait until trial to decide how to authenticate the evidence, it may be too late.

Under Rule 901, the most practical opportunities for authentication are from the testimony of a witness with knowledge or from distinctive characteristics in the evidence. The courts have determined that the following are sufficient for the authentication of social media:

1. The statement of a party to an instant message that conversations were his own
2. A witness who has read messages or posts that know’s the subject individual
3. Distinctive characteristics in a photograph that identify the individual
4. A username consistent with a common nickname of an individual
5. Testimony about the process of downloading and preserving evidence from the person doing so.

Courts have routinely excluded social media evidence simply because it was found online and downloaded; therefore, you need to have a plan for authentication from the outset.

Expectation of Privacy

People generally believe an individual’s personal information will remain private and will not be admissible in court. However, when it comes to social media and any other open source intelligence, an individual is most likely waiving their expectation when they post information that is publicly accessible.

Many courts have concluded, essentially, once you post something viewable by anyone else on the Internet, you have forfeited any privacy interest in it.

In one early social media privacy case, involving MySpace, a court dissented, “(A woman’s) affirmative act made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material.”

You may have a reasonable expectation of privacy with respect to papers in a locked filing cabinet, but not to papers you leave visible on your desk in your workplace. Your activities in an isolated or fenced home create a stronger expectation of privacy than your activities in a high-rise hotel with the curtains open.

Social media privacy cases simply apply the long-standing “reasonable expectation of privacy” rule to open source intelligence. Looking at the way social media sites operate, most courts have decided that once something is voluntarily posted on Facebook, it no longer brings a reasonable expectation of privacy. You give up your privacy by posting something on publicly accessible Facebook pages.

Don’t be fooled, your privacy can be violated on social media, however, if someone else makes a post that is invasive of your privacy. Remember, your consent doesn’t cover the postings of others that you don’t authorize.

Use of Counsel in Obtaining Evidence

Some may feel it’s common sense; however, it may simply be in your best interest to engage counsel in obtaining open source intelligence gathered on the Internet at the outset. There is a lot of great open source intelligence resources at your fingertips, but if the data isn’t secured in a manner consistent with the ethical and evidentiary requirements of the jurisdiction, it will soon be labeled as useless.

Because those requirements vary, a “cookie-cutter” social media or Internet mining investigation is usually less effective. Take time to get the right evidence the right way.


Pin It on Pinterest