August 27, 2009

Orin Kerr thinks the 9th Circuit has made "every computer search warrant that has ever been obtained — and every offsite search" unconstitutional.

"Am I right that the Ninth Circuit's Fourth Amendment decision in United States v. Comprehensive Drug Testing has rendered every computer search warrant that has ever been obtained — and every offsite search — unconstitutional? I've been working in this area for over a decade, and I have never heard of a case that satisfies the Ninth Circuit's new procedural standards."

18 comments:

chuck b. said...

That wacky 9th circuit!

TWM said...

Here are the rules as I read them:

"1. Magistrates should insist that the government waive reliance upon the plain view doctrine in digital evidence cases. See p. 11876 supra."

I assume this means if the computer investigators are searching for evidence of fraud and they find child porn they have to ignore it and not tell anyone? Or would it just be inadmissible in court?

"2. Segregation and redaction must be either done by specialized personnel or an independent third party. See pp. 11880-81 supra. If the segregation is to be done by government computer personnel, it must agree in the warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant."

This doesn't seem to be a problem in that the case agents don't really need to know other non-related stuff. Still, if, to use the child porn example again, the computer investigators find illegal stuff do they have to ignore it and not tell anyone?

"3. Warrants and subpoenas must disclose the actual risks of destruction of information as well as prior efforts to seize that information in other judicial fora. See pp. 11877-78, 11886-87 supra."

Okay, add a line in the warrant saying this.

"4. The government’s search protocol must be designed to uncover only the information for which it has probable cause, and only that information may be examined by the case agents. See pp. 11878, 11880-81 supra."

Computer forensic programs do this already.

"5. The government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept. See p. 11881-82 supra."

Again, no problem there except for the potential plain view issues of other crimes.

It appears that this will have little impact past the discovery of another crime during an examination of the computer.

Joe said...

Computer forensic programs do this already.

Ha ha ha ha ha ha. What a laugh. Thanks.

Contrary to the movies and TV, there is no program that magically goes through a hard drive or electronic material and find THE EVIDENCE. This is no different than searching a file cabinet. Yes, you are to gather only those items material to the case, but you ARE going to wade through and see a whole lot of stuff that isn't connected--that's often the entire point of the warrant (and discovery) in the first place.

traditionalguy said...

Very interesting stuff. When the Feds want a case against us, the first witness they always use against us is our computer memories and hard drives. Ergo, a careful lawyer will not send e-mails that he can avoid sending. Will the Court's new rule rebuild confidence???

Prosqtor said...

Gang, civil discovery and criminal searches are very different things. In a sense, the ATLA is more powerful than the government.

TWM said...

"Ha ha ha ha ha ha. What a laugh. Thanks.

Contrary to the movies and TV, there is no program that magically goes through a hard drive or electronic material and find THE EVIDENCE. This is no different than searching a file cabinet. Yes, you are to gather only those items material to the case, but you ARE going to wade through and see a whole lot of stuff that isn't connected--that's often the entire point of the warrant (and discovery) in the first place."

I'm glad I amused you but that is simply not true. Once you image a drive there are programs that can selectively look for certain documents and files simply based on keyword searches among other things. You can filter out much of what you don't need to see by using those programs. I've been trained and used these programs (albeit more than few years ago) so I didn't get the info from CSI Miami either.

That said, I do know that you are always going to get stuff that doesn't apply to your warrant and none of these programs are perfect, thus my question about plain view.

Ignorance is Bliss said...

Some might question the wisdom of this decision. But, as Judge Kozinski has been known to say,

I would hope that a wise internet porn collecting man with the richness of his experiences would more often than not reach a better conclusion than a prude who hasn’t lived that life.

Bruce Hayden said...

Should be interesting. I think that this is long overdue.

At some point, there will be some overlap. But I do disagree to some extent about whether you can look for one thing and ignore something else. In particular, there are classes of files that are applicable for one type of offense, and not for another. For example, if the search is for (likely kiddie) porn, then going through spreadsheets and Word documents is probably questionable. And, ditto probably for email that doesn't have some sort of image/graphics file attached (then, again, a lot of my business emails go out with graphical attachments in the form of my business card).

WV: frion

Frion was two years ago, a lack of inspection for health care. Since then, worked hard to improve. A new long-range plan is the crowning glory.This was presented to State Secretary Jet Bussemaker during the Congress' direction to take in their own hands "on October 15, 2008 in the Buitensociëteit in Zwolle. (Automatic translation from the Dutch).

TWM said...

"At some point, there will be some overlap. But I do disagree to some extent about whether you can look for one thing and ignore something else. In particular, there are classes of files that are applicable for one type of offense, and not for another. For example, if the search is for (likely kiddie) porn, then going through spreadsheets and Word documents is probably questionable. And, ditto probably for email that doesn't have some sort of image/graphics file attached (then, again, a lot of my business emails go out with graphical attachments in the form of my business card)."

And if you are looking for evidence of bank fraud or such then going through image/graphic files is obviously questionable, although as you say emails for example might overlap and be a difficult issue. But even then a good forensic program can narrow down items significantly.

Cedarford said...

I don't normally side with the 9th, but they are on the side of what I think the public wants..that search warrants allow certain unexpected "fruits of discovery" (like being allowed to charge for 3 handguns being in the illegal possession of a felon found when they search his place for two keys of coke he just bought.)
But not turned into a fishing expedition where a warrant to look at email related to business fraud does not give license to open each and every file on a suspects computer for porn, emails to friends to check if they are up to anything "illegal", files related to the suspects medical expenses and prescription drug purchases..

Courts are getting more sensitive to indiscriminate warrants to open computers and servers to "general search" in a way they would never dream of permitting a judge to issue a warrant to "search anything in the house of the suspect for anything illegal you may find, search all farm property of the suspected for any evidence of the alledged mistreatment of veal calves or anything else.."

Der Hahn said...

And if you are looking for evidence of bank fraud or such then going through image/graphic files is obviously questionable...

Not really. Digitized paper documents will be image files and information could be hidden in the usually inaccessible control codes that accompanies various file types.

Information on a hard drive is all just bits (one and zeros). Manipulate it correctly and you could be looking for a needle in a million haystacks.

TWM said...

"Not really. Digitized paper documents will be image files and information could be hidden in the usually inaccessible control codes that accompanies various file types.

Information on a hard drive is all just bits (one and zeros). Manipulate it correctly and you could be looking for a needle in a million haystacks."

That's very true. Documents can be hidden in photographs and certain forensic programs can find them there.

The problem is there is no perfect way to search a computer in that no matter how the forensic program picks and chooses what it searches for some things are going to be interrelated and things you aren't searching for are going to pop-up and come to the attention of the computer forensic investigators.

So what's the answer? Never allow a search of a computer anymore? Good times for criminals if that is the case.

Common sense dictates anything that is not criminal and not related to the crime under investigation is simply ignored not communicated to any other agent or agency. And stuff that is criminal and not related to the crime under investigation is deemed in plain view and perhaps a second warrant can then be obtained to seize it and use it in court.

Joe said...

You miss the point, a program can narrow the search but doing so assumes that you know fairly precisely what you are looking for. Even if you restrict the search to text, the best contextual analysis programs are a great help, but still require a human eye to eliminate false positives. Make the search too narrow and you will miss things. And what if the damning piece of evidence is in a foreign language?

And to be thoroughly pedantic, you can do a search without actually looking at the data. Even if you don't physically look at the data, something does.

If you are investigating embezzlement, you wouldn't restrict your search to just .csv and .xls files on a PC. That would be irresponsible. You have to pretty much search everything (heck, even executables--they may be self-extracting archives or specially encoded.) You have to even search images--someone may have scanned a receipt. It may be in such poor quality that OCR won't work. Odds are that a person will need to use various tools to enhance and manipulate the image. (And, as someone pointed out, if you're going to put photographic images off bounds, then the crooks will simply encode the data into them--the tools to do this are readily available.)

I stand by my laugh. The faith in computer AI is highly misplaced.

Revenant said...

You miss the point, a program can narrow the search but doing so assumes that you know fairly precisely what you are looking for.

Correct me if I'm wrong, but search warrants require that those requesting them have a fairly precise idea of what they are looking for. You can't get an "I'll know it when I see it" warrant for evidence gathering, can you?

Revenant said...

And, as someone pointed out, if you're going to put photographic images off bounds, then the crooks will simply encode the data into them--the tools to do this are readily available.)

I question your use of the word "simply". Take your example, where you're investigating embezzlement. Well, why would the embezzler have his records encoded as pictures? Then he can't load them into Word or Excel anymore. He can't do anything with them except look at them. If that's all he plans to do, why have them on a computer at all? A person that paranoid about security would have the files on an encrypted thumb drive that could be tossed into the kitchen garbage grinder on short notice.

It seems to me that your scenario assumes a world in which criminals do nothing with their computers except wait to be raided by the cops. In reality those computers are being used for things -- email, spreadsheets, etc -- that pretty much require the data to be in certain formats. Yes, you CAN, in theory, document your criminal enterprise exclusively as JPGs, just like you can, in theory, run a gang armed with nothing with hammers and saws that can be explained away as home improvement tools. But in reality that doesn't happen, because it isn't effective and it isn't efficient.

Prosqtor said...

Ordinary police officers are generally those who are reviewing computer data looking for evidence of child pornography. When looking for such evidence, the person searching is not going to look only for images. He is also going to look for evidence of purchases of child pornography, and participation in chat rooms and Email pertaining to the production and acquisition of same. Limiting a search does not work in the real world.

This general issue arises all the time. If you have a warrant to search a private residence for a stolen TV, you are not going to look in the sugar bowl. However, if you are looking for a controlled substance you can, and will, look everywhere in the house. Think about it: where do you look for marijuana, cocaine, or methamphetamine?

Balfegor said...

Ordinary police officers are generally those who are reviewing computer data looking for evidence of child pornography.

Thankfully, I've never had it come up, but I've heard horror stories about it coming up during massive document reviews, when sifting documents and email for production. It's an issue for counsel to be alert to even in completely unrelated civil cases, because you never know what kinds of junk people have on their hard-drives.

I question your use of the word "simply". Take your example, where you're investigating embezzlement. Well, why would the embezzler have his records encoded as pictures?

They're more likely to just be pictures, frankly. Faxes, for whatever reason, are usually stored as TIFF images. People sometimes scan copies of letters, receipts, invoices, ticket stubs, handwritten document markups, and other hardcopy records into TIFFs, PDFs, JPEGs, etc., and keep them on their hard drives (for their own records) or circulate them by email. If email is purged from the server regularly to save space, the only remaining accessible copy of much of that material may well be sitting on someone's hard drive.

Perhaps warrants have to be really specific, but speaking generally, beyond the warrant context, I think a document search that excluded imagefiles and MP3s and other audio (for voicemails) would run a serious risk of overlooking important relevant material.

Balfegor said...

Make the search too narrow and you will miss things. And what if the damning piece of evidence is in a foreign language?

Good point -- even for ordinary review purposes, I've found a lot of American document review systems simply can't handle East Asian character sets. Hopefully forensic search systems would be better, but it's a question to ask.