Digital evidence and the constitution
This presentation is the property of its rightful owner.
Sponsored Links
1 / 94

Digital Evidence and The Constitution PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

Digital Evidence and The Constitution. Sean B. Hoar [email protected] Text of the Fourth Amendment.

Download Presentation

Digital Evidence and The Constitution

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Digital evidence and the constitution

Digital Evidence and The Constitution

Sean B. Hoar

[email protected]


Text of the fourth amendment

Text of the Fourth Amendment

  • “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”


When does a search occur under the fourth amendment

When does a search occur under the Fourth Amendment?

  • A search occurs when the government infringes upon a “legitimate expectation of privacy”

  • The two part test:

    • 1. A person must have an actual subjective expectation of privacy

    • 2. Society must be prepared to recognize that expectation as reasonable


When does a search occur under the fourth amendment1

When does a search occur under the Fourth Amendment?

  • Probable cause is required to justify most governmental intrusions upon interests protected by the Fourth Amendment

    • Probable cause is defined as “a fair probability that contraband or evidence of a crime will be found in a particular place.”


When does a search occur under the fourth amendment2

When does a search occur under the Fourth Amendment?

  • What a person knowingly exposes to the public, even in his home or office, is not protected by the Fourth Amendment


The evolution of the fourth amendment

The evolution of the Fourth Amendment

  • Olmstead v. United States, 277 U.S. 438, 48 S.Ct. 564 (1928);

  • Berger v. New York, 388 U.S. 41, 87 S.Ct. 1873 (1967);

  • Katz v. United States, 389 U.S. 347, 88 S.Ct. 507 (1967);


Olmstead v united states

Olmstead v. United States

Facts:Olmstead was the general manager of a large bootlegging operation in Seattle and throughout the state of Washington. This operation brought in over $2M annually (in 1920s dollars!). Federal officers tapped the phones of the operation’s main office building and the home phone lines of the scheme’s leaders in an investigation of a conspiracy to violate the National Prohibition Act. Listening to these conversations, the government was able to compile over 775 typewritten pages of call transcripts.

Issues:Does the use of a wiretap violate the Fourth Amendment’s prohibition against unreasonable searches and seizures? Does the Fifth Amendment allow the government to introduce evidence obtained through a wiretap?

Prohibition-era officers destroy kegs of beer


Olmstead v united states1

Olmstead v. United States

Holding:Chief Justice Taft (pictured) wrote for the majority in this first case to apply the Fourth Amendment to the act of wiretapping. They held that no search or seizure occurred within the meaning of the Fourth Amendment in that a search must be of material things – the person, the house, papers, or effects – and that mere conversation is not within the ambit of the Fourth Amendment. Taft discussed the admissibility of evidence and wrote that it is determined by the common-law rule: it is not affected by the means by which it is acquired. He concluded that forbidding evidence that was obtained in a manner other than “nice ethical conduct” by government agents would “make society suffer and give criminals greater immunity.” Justice Brandeis wrote a forceful dissent urging his brethren to be forward-looking.


Olmstead v united states2

Olmstead v. United States

The prescient dissent: Associate Justice Brandeis wrote a forceful dissent urging his brethren to consider the implications of allowing government agents unbridled discretion in the acquisition of evidence: “The progress of science in furnishing the government with means of espionage is not likely to stop with wire tapping.” 277 U.S. at 474. “The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.” 277 U.S. at 479.

“Decency, security, and liberty alike demand that government officials shall be subjected to the same rules of conduct that are commands to the citizen. In a government of laws, existence of the government will be imperiled if it fails to observe the law scrupulously. Our government is the potent, the omnipresent teacher. For good or for ill, it teaches the whole people by its example. Crime is contagious. If the government becomes a lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy. To declare that in the administration of the criminal law the end justifies the means-to declare that the government may commit crimes in order to secure the conviction of a private criminal-would bring terrible retribution. Against that pernicious doctrine this court should resolutely set its face.” 277 U.S. at 485.


Olmstead v united states3

Olmstead v. United States

Discussion Questions:

  • There are two competing values the Court discusses: the ability of the government to fight crime and the individual’s right to privacy. How do you balance the values?

  • If you were on the Taft court, which portion of the opinion would you have written?


Berger v new york

Berger v. New York

Facts: In an investigation of a criminal conspiracy to bribe the Chairman of New York State Liquor Authority, recordings were made on a “Minifon” (see next slide) by Ralph Pansini after he was “shaken down” for a bribe to obtain a liquor license. Using this information, authorities obtained an eavesdropping order that allowed them to place recording devices in the office of an attorney who was involved in the conspiracy.

Issue: Does the New York statute allowing the government to eavesdrop on potential targets comport with the constitutional protections afforded by the Fourth and Fifth Amendments?


Berger v new york1

Berger v. New York

A “Minifon” recording device such as this was worn by Ralph Pansini to gather evidence that led to the issuance of an eavesdropping order. The Minifon even came with a wristwatch microphone!


Berger v new york2

Berger v. New York

Holding:The majority opinion described in some detail the history and evolution of eavesdropping before turning to the statute at issue. The Court held that New York’s statute was impermissibly broad and thus “contrary to the command of the Fourth Amendment.” Specifically, the statute was unlawful because it (1) raised a serious probable cause question – it did not require any belief that an offense had been or was being committed or that the “property” sought be described; (2) lacked particularization – it provided agents complete discretion to seize whatever they wanted to seize; (3) lacked any showing of necessity – it provided an extensive time frame for eavesdropping based upon only one showing of probable cause and did not require termination upon seizure of a particular conversation.


Berger v new york3

Berger v. New York

  • Holding:

    • conversation is within the ambit of Fourth Amendment protection;

    • use of electronic devices to capture conversation is a search;

    • warrant supported by probable cause particularly describing place to be searched, and things to be seized must leave nothing to discretion of officer executing warrant;

    • the Fourth Amendment’s right of privacy is enforceable against the States through the Due Process Clause of the Fourteenth Amendment; and

    • the need for Fourth Amendment’s protections is especially great in the case of electronic eavesdropping;


Berger v new york4

Discussion questions:

1.What is meant by Justice Clark’s statement that “[t]he law, though jealous of individual privacy, has not kept pace with…advances in scientific knowledge”?

2.If Olmstead is one end of the spectrum and Berger is the other end, where are we today?

Berger v. New York


Katz v united states

Katz v. United States

Facts:Charles Katz was charged and convicted of illegal gambling, in violation of 18 U.S.C. § 1084. At trial, over Katz’s objection, the district court allowed the government to introduce telephone conversations they had recorded when Katz used a public pay telephone. The government had attached an electronic listening and recording device to the outside of the phone booth. The Ninth Circuit affirmed the conviction and the Supreme Court granted cert.

Issue(s): Are phone conversations made inside of a public phone booth protected by the Fourth Amendment? Is a physical intrusion required to violate the Fourth Amendment?

This is a phone booth . . . A relic of the past . . .


Katz v united states1

Katz v. United States

Holding:The Court reversed the Ninth Circuit and held that where an individual can subjectively expect privacy, their conversation is protected by the Fourth Amendment. Justice Potter Stewart (pictured) wrote that the Fourth Amendment protects “people, not places.” Justice Harlan wrote an oft-cited concurrence that described an intrusion as a search if (1) the individual has a subjective expectation of privacy; and (2) society is prepared to recognize this expectation of privacy as reasonable.

After Katz, the “trespass” doctrine no longer controls, i.e. the lack of physical intrusion has no constitutional significance.


Reasonableness under the fourth amendment lessons from katz

“Reasonableness” under the Fourth Amendment: Lessons from Katz

  • Government agents must obtain judicial authorization prior to search;

  • Judicial authorization must be through detached scrutiny of a neutral magistrate;

  • Judicial authorization must be obtained through showing of probable cause;

  • There must be precise limits on the search;

  • An accounting of items seized must be made subsequent to the search


Katz v united states2

Katz v. United States

Discussion Questions:

1.Justice Harlan’s test contains both a subjective and objective element. Are these two concepts in conflict?

2.Do you have a subjective expectation of privacy in your emails? Is this objectively reasonable? What must you do to forfeit any right to privacy you may have had?


Kyllo v united states

Kyllo v. United States

Facts:Federal authorities suspected Danny Kyllo of Florence, Oregon of operating an indoor marijuana grow. At 3:20 a.m., an agent pointed an Agema Thermovision 210 (pictured) from his parked car toward Kyllo’s house (part of a triplex). The resulting thermal image showed a “hot spot” above the garage. These images, along with other evidence, were used to obtain a search warrant, which subsequently resulted in authorities discovering a 100-plant grow operation.

Issue(s): Does the use of a thermal imaging device to detect amounts of heat emanating from a private house constitute a “search” within the meaning of the Fourth Amendment?

Danny Lee Kyllo


Kyllo v united states1

Kyllo v. United States

Danny Kyllo outside his house

The Agema Thermovision 210


Kyllo v united states2

Kyllo v. United States

Four different images showing the different settings on the thermal imaging device. This image was reprinted as an Appendix in the U.S. Reports


Kyllo v united states3

Kyllo v. United States

Holding: Justice Scalia, writing for a 5-4 Court, held that the Fourth Amendment protections for home privacy require a “firm” and “bright” line and that the use of a thermal imaging device required a warrant. The rule from Kyllo states that where the “Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a “search” and is presumptively unreasonable without a warrant.” There was a vigorous dissent authored by Justice Stevens.

Danny Kyllo


Kyllo v united states4

Kyllo v. United States

Discussion Questions:

Especially in recent years, the law appears to be reactionary - it struggles to keep up with technology. What do you anticipate will be the impact of Justice Scalia’s “publicly available” condition precedent to avoid a “presumptively unreasonable” search without a warrant?

If the technology is publicly available, does the search become presumptively reasonable without a warrant?

Does it make any difference that it is possible to buy an Agema Thermovision – and other similar products - on the Internet today? i.e. they are clearly publicly available . . .

Danny Kyllo


The fourth amendment s expectation of privacy in computer cases

The Fourth Amendment’s expectation of privacy in computer cases

  • Computers as Storage Devices

    • Generally, there is a reasonable expectation of privacy in closed containers, and, therefore, in the data stored in electronic devices

    • Expectation of privacy in information from a computer is lost, however, when it is openly available, i.e. peer to peer file sharing . . .


The fourth amendment s expectation of privacy in computer cases1

The Fourth Amendment’s expectation of privacy in computer cases

  • Third-party possession

    • Reasonable expectation of privacy in stored electronic information may be lost when control is relinquished to third parties

    • In third-party possession cases, distinguish between possession by a carrier in the course of transmission to an intended recipient, and subsequent possession by the intended recipient

      • During transmission, contents generally retain Fourth Amendment protection. Government intrusion and examination of contents ordinarily violates the reasonable expectation of privacy of both the sender and receiver


The fourth amendment s expectation of privacy in computer cases2

The Fourth Amendment’s expectation of privacy in computer cases

  • Third-party possession

    • Once an item has been received by the intended recipient, the sender’s reasonable expectation of privacy generally depends upon whether the sender can reasonably expect to retain control over the item and its contents.

      • When a person leaves a package with a third party for temporary safekeeping, for example, he usually retains control of the package, and thus retains a reasonable expectation of privacy in its contents.


The fourth amendment s expectation of privacy in computer cases3

The Fourth Amendment’s expectation of privacy in computer cases

  • Third-party possession

    • Once an item has been received by the intended recipient, the sender’s reasonable expectation of privacy generally depends upon whether the sender can reasonably expect to retain control over the item and its contents. .

      • If the sender cannot reasonably expect to retain control over the item in the third party’s possession, however, the sender no longer retains a reasonable expectation of privacy in its contents. See United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (defendant does not retain reasonable expectation of privacy in contents of e-mail message sent to America Online chat room after the message has been received by chat room participants) and United States v. Poulsen, 41 F.3d 1330, 1337 (9th Cir. 1994) (failure to pay rent to commercial storage facility extinguished reasonable expectation of privacy in hacker’s computer tapes at that facility).


The fourth amendment s expectation of privacy in computer cases4

The Fourth Amendment’s expectation of privacy in computer cases

  • Information shared with third parties

    • Generally, one cannot reasonably expect to retain control over information revealed to third parties, even if senders have a subjective expectation that third parties will keep the information confidential

    • Example: subscriber information

      • Customers of Internet service providers do not have a reasonable expectation of privacy in customer account records maintained by and for the provider’s business


The fourth amendment s expectation of privacy in computer cases5

The Fourth Amendment’s expectation of privacy in computer cases

  • Private searches

    • The Fourth Amendment is inapplicable to a search or seizure, even an unreasonable one, conducted by a private individual not acting as an agent of the government

      • No violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement


The fourth amendment s expectation of privacy in computer cases6

The Fourth Amendment’s expectation of privacy in computer cases

  • Private searches

    • In determining whether a private party is an instrument or agent of the government, half of the federal courts of appeal have adopted a “totality of the circumstances” approach that examines three factors:

      • (1) whether the government knows of or acquiesces in the intrusive conduct;

      • (2) whether the party performing the search intends to assist law enforcement efforts at the time of the search; and

      • (3) whether the government affirmatively encourages, initiates or instigates the private action


Exceptions to the warrant requirement in computer cases

Exceptions to the warrant requirement in computer cases

  • Warrantless searches that violate a reasonable expectation of privacy will comply with the Fourth Amendment if they fall within an established exception to the warrant requirement.


Exceptions to the warrant requirement in computer cases1

Exceptions to the warrant requirement in computer cases

  • Consent

    • Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search.

    • Note that Oregon does not recognize “apparent authority.” Consent must be obtained from someone who has “actual authority” to do so.


Exceptions to the warrant requirement in computer cases2

Exceptions to the warrant requirement in computer cases

  • Consent

    • Scope of consent: Computer cases often raise the question of whether consent to search a location or item implicitly includes consent to access the memory of electronic storage devices encountered during the search.

      • Courts look to whether the particular circumstances of the agents’ request for consent implicitly or explicitly limited the scope of the search to a particular type, scope, or duration


Exceptions to the warrant requirement in computer cases3

Exceptions to the warrant requirement in computer cases

  • Consent

    • Written consent should clearly delineate the property to be seized and searched. If the search is to occur at an “off-site” location, the written consent should clearly authorize the property to be searched off-site.

      • A signed consent form for the seizure of “any property” under the defendant’s control and to “a complete search of the premises and property” at the defendant’s address merely permitted the agents to seize the defendant’s computer from his apartment, but did not permit them to search the computer off-site because it was no longer located at the defendant’s address. United States v. Carey, 172 F.3d 1268, 1274 (10th Cir. 1999).


Exceptions to the warrant requirement in computer cases4

Exceptions to the warrant requirement in computer cases

  • Third-party consent

    • General Rules: It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this “common area” as well.


Exceptions to the warrant requirement in computer cases5

Exceptions to the warrant requirement in computer cases

  • Third party consent

    • Spouses and domestic partners

    • Parents

    • System administrators


Exceptions to the warrant requirement in computer cases6

Exceptions to the warrant requirement in computer cases

  • Third party consent

    • Spouses and domestic partners: Absent an affirmative showing that the consenting spouse has no access to the property searched, the courts generally hold that either spouse may consent to search all of the couple’s property. However, when one of them refuses . . . see Georgia v. Randolph . . .


Exceptions to the warrant requirement in computer cases7

Exceptions to the warrant requirement in computer cases

  • Third party consent

    • Georgia v. Randolph (2006) – generally . . . when two persons have equal use and control of a residence and one of them consents to a warrantless search of common areas of the premises, but the other refuses, the search violates the Fourth Amendment right of the objecting person


Exceptions to the warrant requirement in computer cases8

Exceptions to the warrant requirement in computer cases

  • Third party consent

    • Parental consent: Parents can usually consent to searches of their children’s rooms when the children are under 18 years old. If the children are 18 or older, the parents may or may not be able to consent, depending on the facts.


Exceptions to the warrant requirement in computer cases9

Exceptions to the warrant requirement in computer cases

  • Third party consent

    • System administrator consent: Every computer network is managed by a system administrator whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have “root level” access to the systems they administer, which effectively grants them master keys to open any account and read any file on their systems. System administrators typically serve as agents of “provider[s] of electronic communication service” under the ECPA.

      • The ECPA regulates law enforcement efforts to obtain the consent of a system administrator to search an individual's account. See 18 U.S.C. §§ 2702-03.


Exceptions to the warrant requirement in computer cases10

Exceptions to the warrant requirement in computer cases

  • Implied consent

    • Users of computer systems may waive their rights to privacy as a condition of using the systems.

      • A signed policy or employee manual may waive any privacy interest that an employee or user of a network system may otherwise have in the materials stored on the network

      • Clicking through a “banner” describing policies of use of network computers and warning that use may be monitored and that there is no privacy interest in the materials stored on the network may waive such an interest


Exceptions to the warrant requirement in computer cases11

Exceptions to the warrant requirement in computer cases

  • Exigent circumstances

    • Exigent circumstances often arise in computer cases because, in some circumstances, electronic data is perishable.

      • Computer commands can destroy data in a matter of seconds, as can humidity, temperature, and physical mutilation. Each case is fact dependent.


Exceptions to the warrant requirement in computer cases12

Exceptions to the warrant requirement in computer cases

  • Plain view

    • To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent.

      • For example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine.

        • Note, however, that any further search for evidence of the unrelated crime must be supported with a new warrant or consent

      • The plain view doctrine does not authorize agents to open a computer file and view its contents. The contents of an unopened computer file are not in plain view. See United States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999)


Exceptions to the warrant requirement in computer cases13

Exceptions to the warrant requirement in computer cases

  • Search incident to a lawful arrest

    • Generally, pursuant to a lawful arrest, agents may conduct a search of the arrested person, and a more limited search of his surrounding area, without a warrant. The arrest must be lawful and the search reasonably contemporaneous with the arrest.


Exceptions to the warrant requirement in computer cases14

Exceptions to the warrant requirement in computer cases

  • Search incident to a lawful arrest

    • Pagers: Historically, courts allowed police access to electronic pagers carried by the arrested person at the time of arrest. The information was generally limited to the display of numbers which recently called the pager.


Exceptions to the warrant requirement in computer cases15

Exceptions to the warrant requirement in computer cases

  • Search incident to a lawful arrest

    • Smartphones (BlackBerry, iPhone, Droid, etc.): The limit on a search incident to an arrest is that it must be reasonable. While a search of physical items found on the arrestee’s person may always be reasonable, more invasive searches in different circumstances may violate the Fourth Amendment.

      • The increasing storage capacity of handheld computers suggests that this exception may not always apply in the case of electronic searches. Courts may conclude that a very time-consuming search through a handheld computer that contains an entire warehouse of information may require a warrant. Seizure, as opposed to the search, may be permitted if it is reasonably related to the probable cause for the search.


Exceptions to the warrant requirement in computer cases16

Exceptions to the warrant requirement in computer cases

  • Inventory searches

    • After lawfully taking custody of property, police may conduct a warrantless search of the property to satisfy three purposes:

      • To protect the owner’s property while it is in police custody

      • To protect police against claims of lost or stolen propery

      • To protect police from potential danger

    • The search must serve a legitimate, non-investigatory purpose and must follow standardized procedures.

    • It is unlikely that the inventory-search exception to the warrant requirement would support a search through computer files or other electronic data.


Exceptions to the warrant requirement in computer cases17

Exceptions to the warrant requirement in computer cases

  • Border searches

    • “Routine searches” at the border or its functional equivalent do not require a warrant, probable cause, or reasonable suspicion that the search may uncover contraband or evidence.

    • Searches that are especially intrusive require reasonable suspicion.


Exceptions to the warrant requirement in computer cases18

Exceptions to the warrant requirement in computer cases

  • Special case: workplace searches.

    • The legality of warrantless workplace searches depends on often-subtle factual distinctions such as

      • whether the workplace is public sector or private sector

      • whether employment policies exist that authorize a search, and

      • whether the search is work-related


Exceptions to the warrant requirement in computer cases19

Exceptions to the warrant requirement in computer cases

  • Private workplace searches

    • Generally, law enforcement officers can conduct a warrantless search of private (i.e., non-government) workplaces only if the officers obtain the consent of either the employer or another employee with common authority over the area searched.


Exceptions to the warrant requirement in computer cases20

Exceptions to the warrant requirement in computer cases

  • Public workplace searches

    • In public (i.e., government) workplaces, officers cannot rely on an employer’s consent, but can conduct searches if written employment policies or office practices establish that the government employees targeted by the search cannot reasonably expect privacy in their workspace.

    • Note that government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees’ reasonable expectation of privacy


Exceptions to the warrant requirement in computer cases21

Exceptions to the warrant requirement in computer cases

  • Public workplace searches

    • Government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees’ reasonable expectation of privacy


Exceptions to the warrant requirement in computer cases22

Exceptions to the warrant requirement in computer cases

  • Private sector workplace searches

    • Private company employees generally retain a reasonable expectation of privacy in their workplaces as to law enforcement searches. As a result, private-workplace searches by law enforcement will usually require a warrant unless the agents can obtain the consent of an employer or a co-worker with common authority.


Exceptions to the warrant requirement in computer cases23

Exceptions to the warrant requirement in computer cases

  • Private sector workplace searches

    • Consent in private sector-workplaces

      • Private-sector employers and supervisors generally enjoy a broad authority to consent to searches in the workplace. While employers generally retain the right to access their employees’ work spaces, co-workers may or may not, depending on the facts. When co-workers do exercise common authority over a workspace, however, investigators can rely on a co-worker’s consent to search that space.


Exceptions to the warrant requirement in computer cases24

Exceptions to the warrant requirement in computer cases

  • Private sector workplace searches

    • Employer searches in private-sector workplaces

      • Warrantless workplace searches by private employers rarely violate the Fourth Amendment. So long as the employer is not acting as an instrument or agent of the government at the time of the search, the search is a private search and the Fourth Amendment does not apply


Exceptions to the warrant requirement in computer cases25

Exceptions to the warrant requirement in computer cases

  • Public-sector workplace searches

    • Public employees are less likely to retain a reasonable expectation of privacy against government searches at work than are private employees. The following factors may be relevant:

      • whether the work area is assigned solely to the employee;

      • whether others have access to the space;

      • whether the nature of the employment requires a close working relationship with others;

      • whether office regulations place employees on notice that certain areas are subject to search; and

      • whether the property searched is public or private.


Exceptions to the warrant requirement in computer cases26

Exceptions to the warrant requirement in computer cases

  • Public-sector workplace searches

    • Implied consent

      • Generally, government employees who are notified that their employer has retained rights to access or inspect information stored on the employer’s computers can have no reasonable expectation of privacy in the information stored there.

      • Note that in government workplaces, employers acting in their official capacity cannot consent to a law enforcement search of their employees’ offices


Exceptions to the warrant requirement in computer cases27

Exceptions to the warrant requirement in computer cases

  • Public-sector workplace searches

    • “Reasonable” workplace searches

      • A public employer or the employer’s agent can conduct a workplace search that violates a public employee’s reasonable expectation of privacy so long as the search is “reasonable.” A warrantless search must satisfy two requirements to qualify as “reasonable:”

        • (1) the search must have a work-related reason, rather than merely to obtain evidence for use in criminal proceedings.

        • (2) the search must be justified at its inception and permissible in its scope. A search will be justified at its inception “when there are reasonable grounds for suspecting that the search will turn up evidence that the employee is guilty of work-related misconduct, or that the search is necessary for a non-investigatory work-related purpose.” A search will be “permissible in its scope” when “ the measures adopted are reasonably related to the objectives of the search and [are] not excessively intrusive in light of the nature of the misconduct.” O’ Connor, 480 U.S. at 726


Searching computers with a warrant

Searching computers with a warrant

  • Practical aspects of planning a search

    • Strategy must be formulated for conducting the search

      • Identify role of computer in offense

        • storage device for evidence?

        • contraband, evidence, instrumentality, or fruit of crime?

      • On-site or off-site search?

      • Multiple warrants for data stored in multiple locations?

    • The affidavit and warrant

      • Probable cause must exist that location to be searched contains specified evidence of specified criminal violations

      • Property to be searched and seized must be accurately and particularly described – although it usually cannot be precisely known ahead of time, general parameters of the type of evidence to be searched for and seized must be described

      • Search strategy must be explained for digital evidence to ensure third party privacy interests are protected, and that investigators only view evidence within ambit of the warrant


Execution of warrants

Execution of warrants

  • Knock and announce issues

    • Generally, agents must announce their presence and authority prior to executing a search warrant. This "knock and announce" rule reduces the risk of violence and destruction of property when agents execute a search. The rule is not absolute, however.


Execution of warrants1

Execution of warrants

  • Knock and announce issues

    • agents can dispense with the knock-and-announce requirement if they have

      • a reasonable suspicion that knocking and announcing their presence, under the particular circumstances, would be dangerous or futile, or that it would inhibit the effective investigation of the crime by, for example, allowing the destruction of evidence.


Execution of warrants2

Execution of warrants

  • Notice of items to be seized must be provided to the subject of the search at the outset of search

  • Receipt of items seized must be provided to the subject of search

  • Accounting of items seized must be provided to the court


Execution of warrants3

Execution of warrants

  • Searching networks

    • Technically, agents can obtain a warrant to seize an entire network suspected of use in a criminal enterprise. However, seizing the entire network might cripple a functioning business and disrupt customer access, as well as subject the government to civil suits under the PPA and the ECPA. Steve Jackson Games, Inc. v. Secret Service, 816 F. Supp. 432, 440, 443 (W.D. Tex. 1993).

  • Privileged documents issues

    • Develop strategy for reviewing privileged computer files


Delayed notice of searches

Delayed notice of searches

  • “Sneak and peak” warrants

    • The “sneak and peak” provision is primarily designed to authorize delayed notice of searches, rather than delayed notice of seizures:

      • any warrant issued under it must prohibit the seizure of any tangible property, any wire or electronic communication, or, except as expressly provided in the Electronic Communications Privacy Act, any stored wire or electronic information, unless the court finds "reasonable necessity" for the seizure.


Delayed notice of searches1

Delayed notice of searches

  • “Sneak and peak” warrants

    • 18 U.S.C. 3103(b) provides that the required notice of the service of a warrant may be delayed if the court finds "reasonable cause" to believe that providing immediate notification of the execution of the warrant may have an adverse result as defined by 18 U.S.C. § 2705

    • Notice of the search must nonetheless be provided within a "reasonable period" not to exceed 30 days after the search, which period can be further extended by a court for good cause.


Delayed notice of searches2

Delayed notice of searches

  • “Sneak and peak” warrants

    • an adverse result as defined by 18 U.S.C. § 2705 includes endangering the life or physical safety of an individual, flight from prosecution, destruction of or tampering with evidence, intimidation of witnesses, or otherwise seriously jeopardizing an investigation or unduly delaying a trial.


Post seizure issues

Post-seizure issues

  • If an initial search reveals evidence of a different crime than that which was authorized in the initial search, a second warrant should be obtained for the additional evidence


Post seizure issues1

Post-seizure issues

  • Permissible time periods for examining seized computers

    • The forensic examination of seized computers often takes months to complete. Neither Rule 41 nor the Fourth Amendment impose any specific time limitation for the forensic examination. However, unless the computer is itself an instrumentality or a proceed of fraud and therefore subject to forfeiture, a strategy should be developed to obtain a mirror image of any hard drive and otherwise obtain evidence from the seized computer as soon as practicable so that it can be returned within a reasonable period of time.


Post seizure issues2

Post-seizure issues

  • United States v. Comprehensive Drug Testing, Inc. (CDT)

  • Classic example of bad facts making bad law

  • CDT is an en banc decision which affirmed three district court orders

    • one quashing subpoenas

    • two ordering return of property seized pursuant to a search warrant

      • The subpoenas and search warrants emanated from a criminal investigation, but CDT was not a criminal defendant, merely a repository of digital evidence


Cdt factual background

CDT factual background

  • The case emanated from an investigation into the use of steroids by professional baseball players

    • In 2002, an investigation commenced into the Bay Area Lab Cooperative (Balco), which was suspected of providing steroids to professional baseball players.

    • That year, the Major League Baseball Players Association entered into a collective bargaining agreement with MLB owners


Cdt factual background1

CDT factual background

  • The collective bargaining agreement provided for suspicionless drug testing of all players.

    • Urine samples were to be collected during first year of agreement and tested for banned substances.

    • Players were assured results would remain anonymous and confidential . . .


Cdt factual background2

CDT factual background

  • The sole purpose of the testing was to determine whether more than five percent of players tested positive – which would require additional testing in future seasons.

    • CDT administered the program

      • collected specimens from players

      • maintained list of players & test results

    • Quest Diagnostics performed actual tests


Cdt factual background3

CDT factual background

  • During the Balco investigation, ten players were identified as having tested positive in the CDT program.

    • NDCA issued grand jury subpoena seeking all “drug testing records and specimens” pertaining to MLB in CDT’s possession.

    • CDT and MLBPA attempted to negotiate a more limited subpoena, but negotiations failed.


Cdt factual background4

CDT factual background

  • When negotiations failed, CDT and MLBPA moved to quash the subpoena.

  • After CDT and baseball players’ union moved to quash the subpoena . . . a search warrant – limited to test results of ten named baseball players - was obtained for CDT’s facilities in Long Beach, California


  • Cdt factual background5

    CDT factual background

    • And - you guessed it - although the CDT warrant was limited to test results of ten named baseball players, drug testing records of hundreds of MLB players – and many more people - were obtained . . .


    Cdt factual background6

    CDT factual background

    • A search warrant was also obtained for the urine samples on which the drug tests had been performed which were kept at Quest Diagnostics’ facilities in Las Vegas.

    • New subpoenas were then served on CDT and Quest for the same records which had just been seized.


    Cdt factual background7

    CDT factual background

    • CDT and MLBPA then moved for return of the property seized from CDT in CDCA

      • Judge Cooper in CDCA found that government failed to comply with procedures specified in warrant and ordered property returned

    • CDT and MLBPA also moved for return of property seized from Quest in Nevada

      • Judge Mahan in Nevada ordered property returned, with exception of ten identified baseball players


    Cdt factual background8

    CDT factual background

    • CDT and MLBPA then moved to quash latest round of subpoenas in NDCA

      • Judge Ilston in NDCA quashed the subpoenas

    • All three judges expressed grave dissatisfaction with government’s handling of investigation, even going so far as to accuse government of manipulation and misrepresentation.


    Cdt factual background9

    CDT factual background

    • The search warrant affidavit

      • Contained extensive boilerplate about risk of destruction of electronically stored information if search not done off-site

        • Which supported authorization for off-site search

      • Contained procedure wherein data would be reviewed and segregated by specially trained computer personnel to restrict access to data by investigating agents

        • Which supported authorization to examine data


    Cdt factual background10

    CDT factual background

    • The search warrant affidavit

      • Contained procedure wherein if computer personnel determined that data fell outside warrant, the data would be returned within reasonable period of time not to exceed 60 days from date of seizure, absent further authorization

        • Which supported authorization for seizure


    Cdt factual background11

    CDT factual background

    • In executing the search warrant at CDT’s facilities in Long Beach . . .

      • the agent copied a file directory (the Tracey Directory) off a network server which included, among hundreds of other documents, an Excel spreadsheet that contained the names of many baseball players who tested positive for steroids

      • The agents took an electronic copy of the entire directory off-site for later review . . .


    Cdt factual background12

    CDT factual background

    • The problem . . .

      • boilerplate about risk of destruction of electronically stored information if search not done off-site wasn’t accurate . . .

        • The record reflected no forensic lab analysis, no evidence of booby traps, no decryption, no cracking of passwords, no effort by dedicated computer computer specialist to separate data from which government had probable cause from other data . . .


    Cdt factual background13

    CDT factual background

    • The problem . . .

      • procedure wherein data would be reviewed and segregated by specially trained computer personnel to restrict access to data by investigating agents wasn’t followed

        • The “Tracey Directory” – which had names of all those who tested positive – was immediately provided to case agent who examined entire list

      • Procedure for return of data wasn’t followed


    Cdt factual background14

    CDT factual background

    • Because certain evidence seized was outside the scope of warrant & because procedures specified in warrant not complied with . . .

      • Two district courts ordered the return of property

        • District of Nevada (Judge Mahan)

        • Central District of California (Judge Cooper)

      • One district court ordered subpoenas quashed

        • Northern District of California (Judge Illston)


    Cdt factual background15

    CDT factual background

    • All three judges expressed “grave dissatisfaction” with government’s handling of investigation

      • Even accusing it of manipulation & misrepresentation

    • Government then appealed all three orders

      • Divided 9th Circuit panel reversed two orders but found appeal from Cooper order untimely

      • Case then taken en banc . . .


    Cdt factual background16

    CDT factual background

    • CDT affirmed three district court orders

      • one quashing subpoenas

      • two ordering return of property seized pursuant to a search warrant


    Cdt summary

    CDT summary

    • Chief Judge Kozinski wrote opinion

      • Concluding: “This was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable cause.”

      • and taking “the opportunity to guide our district and magistrate judges in the proper administration of search warrants and grand jury subpoenas for electronically stored information . . .”


    Cdt summary1

    CDT summary

    • 1.Government must disclose actual risk of destruction & prior efforts to obtain data

    • 2.Search procedure must be designed to obtain only info within ambit of warrant

    • 3.Government must waive reliance upon plain view doctrine in digital evidence cases

    • 4.Segregation process must restrict access of investigators to info

    • 5.Government must destroy or return info outside ambit of warrant


    Cdt legal effect

    CDT legal effect

    • Search protocol should be as narrow as possible & actual concerns about data corruption should be specifically articulated

      • Note - most search warrants served on targets (not third party repositories) will necessarily be broad to account for hidden files, & digital device will likely be instrumentality


    Cdt legal effect1

    CDT legal effect

    • There must be wall between reviewers (usually computer personnel) & investigators

      • Data reviewed must be segregated &/or redacted prior to investigative review

    • Under new Rule 41, return need not list all “data,” only the hardware seized


    Cdt legal effect2

    CDT legal effect

    • The plain view doctrine

      • Do you overlook evidence of murder or child abuse?

        • Always seek second warrant should review reveal evidence of other crimes

    • Decision prospective


    Questions

    Questions?


    Digital evidence and the constitution1

    Digital Evidence and The Constitution

    Sean B. Hoar

    [email protected]


  • Login