Close this search box.

Conviction Overturned in Vermont Due to Social Media Authentication Challenges

Table of Contents
    Add a header to begin generating the table of contents
    Scroll to Top

    Recent Posts

    mobile phone with facebook on screen

    In order to use social media evidence in a criminal trial, attorneys must ensure that the evidence is properly acquired and authenticated. As this case from Vermont highlights, evidence must be introduced to sufficiently prove that social media content can be attributed to a party.


    • In 2015 a defendant in Vermont was convicted of several crimes against a police officer at trial.
    • Some of the evidence used against the defendant at trial included Facebook messages obtained by law enforcement via a search warrant.
    • The prosecution failed to properly authenticate the messages as coming from the defendant.
    • In 2020, the Vermont Supreme Court reversed the most significant conviction and affirmed the lesser included offenses because of the failure to authenticate the Facebook messages.


    On July 10, 2020 the Vermont Supreme Court issued a ruling in State of Vermont v. Christina Maria Allcock, a criminal case which resulted in the partial reversal of a conviction primarily because of social media evidence that was entered at trial. The 2015 case involved a woman in Vermont who was arrested for a variety of crimes and ultimately convicted by a lower court on three charges of assaulting and impeding a police officer.


    During the course of the investigation, law enforcement became aware of Facebook posts that were allegedly related to the case. An individual who had received Facebook messages from an account purporting to be that of the defendant came forward and provided the messages to law enforcement. The messages reportedly included admissions by the defendant about how she assaulted the police officer.


    Instead of relying just on the screenshots of these Facebook messages, law enforcement served a search warrant on Facebook to obtain the actual messages from Facebook themselves. The search warrant return from Facebook included the messages as well as standard information about the account responsible for sending the messages such as subscriber information, Internet Protocol (IP) address logs, and other details. The name of the Facebook account was the same as the defendant.


    At trial, prosecutors showed the jury the Facebook messages and entered them into evidence as business records. There was no question that the messages were authentic and came from Facebook, however the prosecutors missed a few critical steps in proving the messages actually came from the defendant. At the conclusion of the trial, the jury convicted the defendant on all charges.

    After her conviction, the defendant appealed. The Vermont Supreme Court ultimately reversed the most significant charge of aggravated assault of a police officer, but affirmed the other two lesser charges. The Facebook messages were the crux of the reversal, with the majority of the Supreme Court finding that they were not properly authenticated as coming from the defendant.

    Where the Prosecution Went Wrong

    1. Although prosecutors obtained the messages via a search warrant, only entering them as business records for evidence was not sufficient. The messages, on their face, did not fully explain their origins. The messages were not like a bank statement or other evidence that is obvious on its face what it is.
    2. When the witness testified about receiving the Facebook messages, no testimony was given as to why the witness believed the messages actually came from the defendant.
    3. There was no testimony in evidence as to why the police thought the Facebook messages came from the defendant.
    4. There is nothing in evidence about whether or not these Facebook messages were public posts, or private.


    1. The witness that received the Facebook messages and went to the police could have provided testimony as to why they believed the messages came from the defendant.
    2. By taking the IP address from the search warrant return provided by Facebook and issuing a subpoena to determine whether or not the Facebook page could be traced back to the defendant’s residence, place of employment, mobile device, or all of the above.
    3. By examining the Facebook page in its entirety to find other evidence that it was that of the defendant including pictures, geolocation information, and metadata.
    4. Entering evidence that the events described in the Facebook messages were not publicly available and as such, only the defendant could have know the information.


    The Vermont Supreme Court reiterated that social media evidence is not required to be authenticated in any more strict of a manner than other evidence and that the burden for introducing such evidence is not demanding. However, because of the relative ease of creating an imposter or otherwise fraudulent social media account, this evidence must go through the authentication process.


    The Court seems to imply that any of the four recommendations listed above would have been sufficient to authenticate the messages came directly from the defendant.

    This case is an excellent reminder that not only is the acquisition and collection of social media evidence critical to preserve evidence, but also the foundation that must be laid in trial to ensure the evidence is properly admitted and attributed to the party at issue.


    At Natsar, we are continuously improving our products and services. Please let us know how we did and if this information and resources were helpful to you.

    Picture of Josh Moulin

    Josh Moulin

    Josh Moulin has been in the cybersecurity field for over two decades and worked in a variety of roles. He is the founder and principal of Natsar, a cybersecurity company in New York, USA. Previously, he has served in roles including the Senior VP of Operations at the Center for Internet Security (CIS), commander of an FBI cybercrimes task force, director of an ASCLD/LAB accredited digital forensics lab, Chief Information Officer (CIO) and Chief Information Security Officer (CISO) of a national security program within the United States nuclear weapons enterprise, and an Executive Partner at Gartner, the world’s largest research and advisory company. Josh is considered an expert in cybersecurity, risk management, and organizational leadership and frequently engages with companies around the world on these and other topics. He has a Master of Science Degree in Information Security Assurance and the following certifications: CAWFE, CEH, CFCE, CHFI, CISSP, CNDA, DFCP, GCFA, GCFR, GCIA, GIME, and GSEC.

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Scroll to Top

    Contact Natsar

    Fill out the form below, and we will be in touch shortly.
    Please enable JavaScript in your browser to complete this form.