Key Twitter Metadata Fields Lawyers and eDiscovery Professionals Need to Be Aware of

As discussed in our previous post, authentication of social media evidence can present significant challenges when you collect by screen shots, printouts or raw html feeds from an archive tool. This is just one reason why social media data must be properly collected, preserved, searched and produced in a manner consistent with best practices. When social media is collected with a proper chain of custody and all associated metadata is preserved, authenticity can be much easier to establish. As an example, the following are key metadata fields for individual Twitter items that provide important information to establish authenticity of the tweet, if properly collected and preserved:

Metadata Field Description
created_at UTC timestamp for tweet creation
user_id The ID of the poster of a tweet
handle User’s screen name (different from user name)
retweet_id The post ID of a retweet
retweet_user The username of the user who retweeted
Reply Indicates if this tweet is a reply
direct_message Indicates if this tweet is a direct message
Hashtags List of all hashtags in the tweet
Description Up to 160 characters describing the tweet
geo_enabled If the user has enabled geo-location (optional)
Place Geo-location from where user tweeted from
Coordinates Geo-location coordinates where tweet sent
in_reply_to_user_id unique id for the user that replied
profile_image_url location to a user’s avatar file
recipient_id unique id of direct message recipient
recipient_screen_name display name of direct message sender
screen_name display name for a user
sender_id unique id of direct message sender
Source application used to Tweet or direct message(i.e., from an iPhone or specific Twitter app)
time_zone a user’s time zone
utc_offset time between user’s time zone and UTC time
follow_request_sent Indicates request to follow the user
Truncated If the post is truncated due to excessive length

Any one or combination of these fields can be key circumstantial data to authenticate a single or group of social media items. US Federal Rule of Evidence 901(b)(4) provides that a party can authenticate electronically stored information (“ESI”) with circumstantial evidence that reflects the “contents, substance, internal patterns, or other distinctive characteristics” of the evidence. As outlined in our white paper, many cases have applied Rule 901(b)(4) to metadata associated with emails and other ESI. But you will not get all this key metadata from a printout, screen capture, or even most compliance archive tools. Best practices technology specifically designed to collect, preserve, search and produce social media for eDiscovery is required.

Facebook and Linkedin items have their own unique, but generally comparable, metadata. Stay tuned for our posting of key Facebook metadata in a few days.