1 / 54

Protecting Privacy: The Fourth Amendment in the Digital Age

Explore the history and application of the Fourth Amendment in relation to privacy and electronic surveillance. Learn about the expectation of privacy, exclusionary rule, and the impact on public and private sector searches. Discover how the Fourth Amendment applies to email and workplace privacy.

ejimmy
Download Presentation

Protecting Privacy: The Fourth Amendment in the Digital Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter Seven The Fourth Amendment

  2. Generally • The Fourth Amendment provides protection against unreasonable searches and seizures conducted by government officials. • Requires that searches are predicated on “probable cause” • a crime has been committed • evidence of the crime exists • evidence resides in the place to be searched • As the 4th Amendment protects people not places, it protects both tangible and intangible items extending even to oral communications. • Important to computer forensics as it requires judicial order for electronic surveillance.

  3. History of the 4th Amendment • Hotly debated between privacy advocates and conservatives. • Privacy advocates fear that those government officials least responsible to the electorate would become too powerful. • Law enforcement or conservatives argue that the Constitution is designed to serve as a guide not a limitation. • For the most part, the 20th Century was characterized by a conservative interpretation of the 4th Amendment.

  4. History • Olmstead v. U.S. (U.S. 277 (1928)) – ruled that the sanctity afforded to a private home did not include telephone communications made within that home. (i.e., the 4th Amendment protects people NOT places. • Katz v. U.S. {U.S. 389 (1967)}) – reversed Olmstead, and inferred that an expectation of privacy was created in situations in which individuals took affirmative actions to make it such. Thus, those communications which are held on public telephones may be granted protection if individuals have a reasonable expectation of privacy or take measures to make their communication private.

  5. Exclusionary Rule: Application to Fourth Amendment • Weeks v. U.S. (232 U.S. 383 (1914) – if government agents engage in unlawful searches or seizures, then all fruits of that action could not be used in subsequent prosecutions. Such fruits included: any information or evidence obtained in later activities if such activities were predicated on the original search • Determined to be necessary as the self-restraint of the police did not provide adequate protection against the violations of the 4th Amendment. • Has only been used sparingly in cases of digital evidence

  6. The Expectation of Privacy and Electronic Surveillance • Not specifically articulated in the Constitution • Relies on inferences in other sources like the 1st, 3rd, and 4th Amendments • Thus, the right to privacy is moderated only by the expectation of such privacy, which is not a generalized notion but based on case characteristics.

  7. Private vs. Public Sector Searches • generally speaking, public employers are much more limited in their actions than are their private counterparts • generally speaking, purely personal items which have no connection to the employment relationship are not subject to standards for a workplace search

  8. Expectation of Privacy and Institutional Climate • Factors which affect expectation: • whether the items or areas to be searched have been set aside for the employee’s exclusive or personal use; • whether the employee has been given permission to store personal information within the area; • whether the employee has been advised that the system may be accessed by others; • whether there has been a history of searches or inspections of the area; • whether there is a clearly articulated policy which identifies common areas vs. private areas.

  9. Factors discussed in Ortega • whether the employee’s expectation of privacy was consistent with the operational realities of the workplace (i.e., the exclusivity of the workspace, accessibility to workplace by others, nature of employee’s duties, knowledge of search procedures or practices, and reason for search • whether the invasion of the employee’s Fourth Amendment protections was reasonable when balanced against governmental interest in the intrusion (reasonable suspicion is sufficient in investigations involving work-related employee misconduct) • whether the search was reasonable at inception and whether the subsequent scope of the search was related to the original justification of the search

  10. Application of Ortega to e-mail • U.S. v. Simons – after a systems administrator discovered over 1000 KP images on him machine, Simons argued that he had a reasonable expectation of privacy on his workstation. • Ruling: Systems administrators may scan networks to identify non-work related activity.

  11. Ortega continued • U.S. v. Monroe – Performing system maintenance, system administrator opened stored messages on the server prior to their arrival at the destination mailbox as they were overly large . Noting that they contained contraband, the system administrator notified the commander, and a whole scale search was initiated. Monroe argued that he had a right to privacy. • Ruling: In the most basic sense, the Court ruled that there was no reasonable expectation of privacy in the e-mail box in regards to supervisory oversight as the system was properly bannered with a warning indicating use of the system conferred consent to monitoring.

  12. Current State • Thus, both cases held that public employees using government computers have no expectation of privacy AND that systems administrators are permitted to perform searches in the interest of system maintenance. • However, this did not include systems monitoring by law enforcement. Thus, law enforcement is counting on broad interpretations of ECPA, PPA, CALEA, and the 4th Amendment.

  13. Electronic Communications Privacy Act of 1980 • extended provisions originally found in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 to include non-aural electronic communications, including e-mail, inferring an expectation of privacy to emerging mediums of communication and stored messages – once messages are received, they are theoretically protected by the 4th Amendment • also extended Title III to wireless communications • unlike the 4th Amendment – prohibitions regarding interception apply to all individuals, not just law enforcement

  14. Three Titles Under ECPA

  15. ECPA – Title I • Updated Title III of the Omnibus Crime Control and Safe Streets Act of 1968 • Outlined statutory procedures for intercepting wire, oral, and electronic communications (i.e., inaudible, digital, and/or other electronic communications transmitted through copper wire, coaxial, or fiber optic cables, microwave, or other radio transmissions • Prohibited the manufacturing, possessing, or selling of interception devices (including software) – except by government agents or system administrators for routine maintenance • Although they must secure a court order to intercept the contents of a communication, they are not prohibited from identifying the existence or presence of such communication.·

  16. Two Problems with Title I • Problem 1 – only extended to those communications which affect interstate or foreign commerce. Thus, it does not involve cases where communications do not physically cross state lines. • Problem 2 – does not specifically address the suppression of evidence collected in violation of this Act (it does, however, provide for monetary compensation for victims)

  17. Title II - Stored Communications Act • prohibits access to a facility through which an electronic communication service is provided to obtain, alter, or restrict or prevent authorized access to a communication held in electronic storage • Also prohibits providers from disclosing the contents of a communication • Exceptions include the consent of any party to the communication or the subscriber AND any information provided by a system administrator that pertains to the commission of a crime

  18. Title III • Quite narrow in scope • Simply governs the use of trap and trace devices

  19. The Reins on Electronic Surveillance • Title III and ECPA – provide law enforcement with the capability of electronically monitoring targeted communications • By design – electronic surveillance should be used judiciously, and only in those situations where they are deemed necessary • Authorization – can only be made by a federal district court judge not federal magistrates like traditional search warrant applications. Very important – is supposed to elevate the judicial oversight and the privacy protections afforded American citizens

  20. Requirements under Title III • Must be authorized by a Federal District Court Judge • Must demonstrate probable cause which specifies with particularity, the offenses being committed, the telecommunications facility (or place) from which the targeted communication is to be intercepted, a description of those communications, and the identities of the perpetrators • Must identify previous attempts at evidence collection, and articulate why less intrusive methods have proven unsuccessful. This may include unacceptable levels of danger.

  21. Continuing requirements of Title III surveillance • Generally limited to 30 days, although extensions may be granted • Progress Reports issued on a regular basis (7 – 10 days) • Surveillance must be terminated if the objectives are met prior to the 30 day period. • Must be recorded for evidence integrity, and sealed under the supervision of a federal district judge • Upon surveillance termination, targeted subjects must be notified of the previous surveillance and given an inventory of the communications catalogued. • Service providers must cooperate with authorities with valid court orders. However, they are also bound by the same provisions as law enforcement. That is, they may be held liable for violations of this Act.

  22. Other Provisions • Attorney General, Deputy or the Associate Attorney General may, if authorized, initiate electronic surveillance of wire or electronic communications without a court order, if an application for such order is made within 48 hours of surveillance initiation (Kerr, 2000). • According to the FBI, each Carnivore device is kept secure at Quantico – only being released in lawful deployments • Punishments available under TITLE III – any party to an illegal interception may be charged with a federal offense punishable by imprisonment up to 5 years, a fine, or both. Also, those individual victims may seek compensation through civil proceedings.

  23. Privacy Protection Act • made it unlawful for local, state or federal law enforcement authorities to search or seize those materials which may be publishable • attempted to expand the scope of the 1968 Wiretap Act to include Electronic Bulletin Boards – while protecting 1st Amendment concerns (I.e., published works) • Like the ECPA – it does not preclude admitting evidence seized in violation of this act.Generally – requires law enforcement to take care in cases involving electronic bulletin boards – imaging on site is preferred

  24. INTERCEPTION under ECPA and PPA • Both define interception as occurring when the communication is contemporaneous with the transmission of information from sender to recipient

  25. Privacy and Bulletin Boards • Rule of thumb: There is no expectation of privacy, because messages are posted in plain view. • Thus, investigators may monitor or actively survey an activity occurring in these cyber-exchanges with one important exception. • Private bulletin boards or those not accessible to the general public do carry an elevated expectation of privacy. Much like traditional vice investigations, officers may develop pseudonyms and alter-identities to engage in online exchanges. • Remember: Individuals who intentionally disclose information to unknown parties (as individuals on bulletin boards most assuredly are) run the risk of encountering law enforcement officers.

  26. The Case of Steve Jackson Games • Rulings: • Secret Service agents did not violate the Wire Tap and Title I by seizing and destroying private e-mails as interception is contemporaneous with transmission. • Title I of the ECPA is not applicable to the unauthorized access of electronic messages stored in a service provider computer. • However, the Secret Service had violated the requirements of Title II of the ECPA. • The Court also declined to extend a “good faith” defense for the agents reliance on the warrants. Public relations disaster for the Secret Service

  27. Communications Assistance for Law Enforcement Act (CALEA) • attempted to articulate the need for greater latitude in electronic surveillance and incorporate wireless communication and emerging communications mediums • requires that manufacturers of telecommunications equipment and service providers develop systems which provide the capability for surveillance of telephone and cellular communications, advanced paging, satellite-based systems, and specialized mobile radio • also required the delivery of “packet-mode communications” by these providers to LE without a warrant • theoretically – designed to heighten privacy protection originally articulated in the ECPA. In fact, Congress explicitly declared that the surveillance requirements of the Act should be narrowly interpreted, and not expand, but maintain, traditional levels of government surveillance.

  28. Government’s Position • Originally, Louis Freeh testified to Congress that the FBI’s intention was simply to preserve traditional methods of investigation, not expand them. • However, they now argue that this Act is not being interpreted as it was intended (i.e., it is too restrictive of law enforcement.) • Argue that CALEA requires cellular phone companies and other wireless providers to build location tracking capability into their configuration. • Argue that interception of conference calls which include a judicially approved targeted communications may continue even if the target is no longer a party to the communication. • Argue that mere pen register orders sufficiently provide the authority to obtain signaling information and communication content. They further argue that the delivery of the entire communication is necessary due to the difficulties associated with distinguishing signal and content in communications that involve packet switching protocols. • Finally, they argue that carriers should be required to ensure that encrypted communications be decipherable even if the individual user holds the key.

  29. Court Rulings & Statutory Rulings • The Patriot Act • Permits roving wiretaps • Lessens the sanction on illegal wiretaps • Created exemptions to the Foreign Intelligence Surveillance Act • In cooperation with the FCC – requirements that cellular phones be traceable and that information on digits dialed during a communication (i.e. (i.e. account numbers, credit card numbers, etc.) be recoverable have been established

  30. Current State of Privacy • 1968 – 1996 – the list of offenses for which wiretapping is permitted has more than tripled. • Numbers across level of jurisdiction – steadily increasing • Short duration requirement – has been all but eroded

  31. Challenges to Warranted Searches • Particularity • Secondary Warrants • Encryption • Commingling • Seizure • Third Party Origination • Staleness

  32. Particularity • Courts have not been consistent in their interpretation of the particularity and specificity necessary in computer cases. • Broad searches – 9th Circuit - issued rulings which would appear to support wide scale, broad searches, arguing that computer searches may not be held to the same standard of specificity demanded in traditional cases ({U.S. v. Gomez-Soto, 723 F.2d 649 (9th Cir.)}); and by upholding the seizure of an entire computer system (hardware, software, and storage media) because the affidavit in the case established probable cause to believe Lacy’s entire computer system was likely to evidence criminal activity (U.S. v. Lacy, 119 F.3d 742, 745 (9th Cir. 1997). • Broad searches – 10th Circuit – have consistently ruled that the sheer volume and variety of stored information precludes specificity.

  33. Judicial Inconsistency • 1995 – 9th Circuit – invalidated a warrant allowing the seizure of virtually every document and computer file and ruled that the warrant failed to separate criminal vs. non-criminal documents and how they related to specific criminal activity (U.S. v. Kow, F.3d 423,427 {9th Cir., 1995}). Although this would appear to directly contradict their earlier rulings, it is consistent with the inconstancy found within juridical circuits. • 1999 – 10th Circuit - In U.S. v. Carey (172 F.3d 1268; 1999 U.S. App. LEXIS 7197; 1999 Colo. J. C.A.R. 2287), the 10th Circuit denied a general warrant that was directed at drug paraphernalia, in which officers searched JPEG files and found child pornography – although government claimed that their finds were “inadvertent” and therefore legal under the “plain view” doctrine, the Court ruled that the contents of the file were not in plain view.

  34. Particularity cont’d • Generally speaking – the courts have allowed greater leeway in searches of computer related equipment • Offsite searches – have been found necessary in some cases. • Computer as an instrument – warrants require less particularity • Corresponding Media – courts have also upheld broad seizures of storage media. • Diskettes – individual items on a diskette may be counted singularly (Important in KP cases in which sentencing is based on number of images). • Stolen computers – have no expectation of privacy

  35. Seizure of Evidence • for purposes of the 4th Amendment, the reasonable actions that are less intrusive than a traditional arrest depends on a balance between the pubic interest and the individuals right to personal security free from arbitrary interference by law officers, and consideration of the constitutionality of such seizures involves a weighing of the gravity of the public concerns served by the seizure, the degree to which the seizure advances the public interest,, and the severity of the interference with individual liberty. (Rawlings v. Kentucky, 448 U.S. 98; 100 S.Ct. 2556; 1980 U.S. Lexis 142; 65 L. Ed. 2d 633.) • the Fourth Amendment’s mandate of reasonableness does not require the agent to spend days at the site viewing the computer screens to determine precisely which documents may be copied within the scope of the warrant, so long as a review procedure promptly after seizure safeguards against the government’s retention and use of computer-generated documents known to lie beyond a reasonable interpretation of the warrant’s scope (United States v. Gawrysiak, 972 F. Supp. 853, 866 (D.N.J. 1997).

  36. Seizure of Evidence • Generally speaking - Courts have upheld the seizure of equipment, if returned in a timely manner, if an on-site search would place an unreasonable expectation on the part of the officer • courts have also ruled that officers were not required to give deference to descriptive labels, and that items could be seized and transported to a place where careful analysis could be conducted. • they have also upheld the search and seizure of hidden, deleted, or erased files.

  37. Secondary Warrants • May be necessary in cases of encrypted files, commingled data, criminal items, or evidence uncovered during an unrelated search (i.e., KP discovered in a drug case), or in any case in which an investigator is unsure of the specificity of the original warrant.

  38. Encrypted Files • If encrypted files are to be seized, but are not accessible due to unknown keys or passwords, investigators may wish to seek a subpoena to compel individuals to reveal the same. • When seeking such action, investigators should liken the situation to traditional investigations where a key was necessary to search items which were included in a warrant (i.e., safes, etc.).

  39. Commingling • Commingling – the intermingling of personal or irrelevant information with potential evidence • challenges often predicated on voluminous searches of text or database documents that include nonevidentiary materials • investigators may avoid challenges by using software that searches for specific text or keywords within documents. • Rule of thumb – always request a secondary warrant

  40. Third Party Origination • Quite common in computer-related criminal activity – evidence often uncovered by system administrators and computer repair technicians • The admissibility of information collected in an investigation by a third party hinges on whether the third party was constructively acting as an agent of the government. • Courts have consistently ruled that documents which are open to the public negate any expectation of privacy, and that relinquishing computers to a third party reduces or eliminates an expectation of privacy.

  41. Staleness • Courts have ruled that collectors of child porn tend to keep images for extended periods of time – thus, it was reasonable to believe that images transferred 10 months prior were still there. U.S. v. Lacy [119 F.3d 742 (9th Cir. 1997)]

  42. Warrantless Searches • Consent • Plain view • Exigent Circumstances • Incident to Arrest

  43. Consent • Consent – if given voluntarily by an individual who has the proper authority over the area and is legally capable of granting such access. [Schneckloth v. Bustamonte , 412U.S. 218 (1973)] • consent may be given by a third party if that third party has a shared interest or authority over the equipment [United States v. Matlock, 415 U.S. 164 (1974)]. However, the search is limited to that area of the consenting third party’s common authority United States v. Block, 590 F.2d 5335 (4th Cir. 1978)] • Encryption, passwords, or stegonography may negate the concept of common authority. • Totality of the circumstances – includes the traditional considerations of age, education, intelligence, physical and mental conditions of the person granting consent combined with the weighing the physical control and the level of access. (i.e., the use of passwords infers privacy) • Minor’s computers – may be searched if the child is under 18 • Scope of the consent – is rarely all-encompassing – hinges on the breadth of the reasonable understanding of the granter

  44. Consent – The case of Turner • http://laws.findlaw.com/1st/981258.html, • suppressed evidence of child pornography after it was found in a consensual search by an individual who was identified as a suspect in the sexual assault of his neighbor

  45. Exigent Circumstances • Generally – actions which are undertaken to protect or preserve human life are acceptable even if they would not be so in non-emergency situations [(Mincey v. Arizona, 437 U.S. 385, 392-93 (1978)}; [U.S. v. Doe, 61 F.3d 107, 110-111 (1st Cir. 1995)] • Remember: warrantless seizure is limited to the length of the exigency. Once the urgency is passed, warrants must be obtained. • Determined by totality of the circumstances

  46. Exigent Circumstances and the Totality • Totality of the circumstances – Factors include: include: • the degree of urgency involved; • the amount of time necessary to obtain a warrant; • whether the evidence is about to be removed or destroyed; • the danger or possibility thereof at the site; • information which suggests that the possessors of said material are aware of the officer’s intention to secure it; • the ready destructibility of said contraband. These characteristics may prove especially salient in situations in which computers are involved as digital evidence is particularly fragile.

  47. Plain view • Three requirements: • object is unobstructed • officer is in a lawful position; • the evidentiary value of the object is immediately apparent. • Cautions – Investigators cannot broaden the scope of the original search based on new evidence. Instead, investigators should obtain a secondary warrant prior to further investigation (U.S. v. Carey, 172 F.3d 1268, 1273 (10th Circuit, 1999).

  48. Plain View – Case in Point • U.S. v. Carey, [172 F.3d 1268; 1999 U.S. App. LEXIS 7197; 1999 Colo. J.C.A.R. 2287] – officer investigating for evidence of drug trafficking found images of child pornography and changed the scope of his search to include KP. Thus, subsequent findings were not inadvertent, but intentional. Should have requested a secondary warrant.

  49. Incident to Arrest • Traditionally, officers could search and/or seize items found within the immediate vicinity of a suspect immediately prior to the arrest of said suspect. • Predicated on officer safety – computer technology does not fit. However, the courts have ruled that pagers seized during this period may be seized (and subsequently, searched). Thus, the search of computers (especially laptops, PDA’s or Palms) may be likened to beepers in the future.

  50. Other legal considerations • Vicinage • Undercover investigations • Sentencing guidelines

More Related