|
Intellectual Property Section (CCIPS) and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section Criminal Division United States Department of Justice PREFACE This
publication supersedes Federal Guidelines for Searching and Seizing Computers
(1994), as well as the Guidelines’ 1997 and 1999 Supplements. Although
the interagency group that produced the Guidelines achieved its goal of offering
“systematic guidance to all federal agents and attorneys” in the law
of computer search and seizure, intervening changes in law and the dramatic expansion
of the Internet since 1994 have fostered the need for fresh guidance. This manual
is designed to combine an updated version of the Guidelines’ advice on searching
and seizing computers with guidance on the statutes that govern obtaining electronic
evidence in cases involving computer networks and the Internet. Of course,
this manual is intended to offer assistance, not authority. Its analysis
and conclusions reflect current thinking on difficult areas of law, and do not
represent the official position of the Department of Justice or any other agency. It
has no regulatory effect, and confers no rights or remedies. Attn:
Search and Seizure Manual I. SEARCHING
AND SEIZING COMPUTERS WITHOUT A WARRANT II. SEARCHING
AND SEIZING COMPUTERS WITH A WARRANT III. THE
ELECTRONIC COMMUNICATIONS PRIVACY ACT IV. ELECTRONIC SURVEILLANCE
IN COMMUNICATIONS NETWORKS V. EVIDENCE
VI.
APPENDICES In the last decade, computers and the Internet have entered the mainstream of American life. Millions of Americans spend several hours every day in front of computers, where they send and receive e-mail, surf the Web, maintain databases, and participate in countless other activities. Unfortunately, those who commit crime have not missed the computer revolution. An increasing number of criminals use pagers, cellular phones, laptop computers and network servers in the course of committing their crimes. In some cases, computers provide the means of committing crime. For example, the Internet can be used to deliver a death threat via e-mail; to launch hacker attacks against a vulnerable computer network; to disseminate computer viruses; or to transmit images of child pornography. In other cases, computers merely serve as convenient storage devices for evidence of crime. For example, a drug kingpin might keep a list of who owes him money in a file stored in his desktop computer at home, or a money laundering operation might retain false financial records in a file on a network server. The dramatic increase in computer-related crime requires prosecutors and law enforcement agents to understand how to obtain electronic evidence stored in computers. Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government with important (and sometimes essential) evidence in criminal cases. The purpose of this publication is to provide Federal law enforcement agents and prosecutors with systematic guidance that can help them understand the legal issues that arise when they seek electronic evidence in criminal investigations. The law governing electronic evidence in criminal investigations has two primary sources: the Fourth Amendment to the U.S. Constitution, and the statutory privacy laws codified at 18 U.S.C. §§ 2510-22, 18 U.S.C. §§ 2701-11, and 18 U.S.C. §§ 3121-27. Although constitutional and statutory issues overlap in some cases, most situations present either a constitutional issue under the Fourth Amendment or a statutory issue under these three statutes. This manual reflects that division: Chapters 1 and 2 address the Fourth Amendment law of search and seizure, and Chapters 3 and 4 focus on the statutory issues, which arise mostly in cases involving computer networks and the Internet. Chapter 1 explains the restrictions that the Fourth Amendment places on the warrantless search and seizure of computers and computer data. The chapter begins by explaining how the courts apply the “reasonable expectation of privacy” test to computers; turns next to how the exceptions to the warrant requirement apply in cases involving computers; and concludes with a comprehensive discussion of the difficult Fourth Amendment issues raised by warrantless workplace searches of computers. Questions addressed in this chapter include: When does the government need a search warrant to search and seize a suspect's computer? Can an investigator search without a warrant through a suspect's pager found incident to arrest? Does the government need a warrant to search a government employee's desktop computer located in the employee’s office? Chapter 2 discusses the law that governs the search and seizure of computers pursuant to search warrants. The chapter begins by reviewing the steps that investigators should follow when planning and executing searches to seize computer hardware and computer data with a warrant. In particular, the chapter focuses on two issues: first, how investigators should plan to execute computer searches, and second, how they should draft the proposed search warrants and their accompanying affidavits. Finally, the chapter ends with a discussion of post-search issues. Questions addressed in the chapter include: When should investigators plan to search computers on the premises, and when should they remove the computer hardware and search it later off-site? How should investigators plan their searches to avoid civil liability under the Privacy Protection Act, 42 U.S.C. § 2000aa? How should prosecutors draft search warrant language so that it complies with the particularity requirement of the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure? What is the law governing when the government must search and return seized computers? The focus of Chapter 3 is the stored communications portion of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-11 (“ECPA”). ECPA governs how investigators can obtain stored account records and contents from network service providers, including Internet service providers (ISPs), telephone companies, cell phone service providers, and satellite services. ECPA issues arise often in cases involving the Internet: any time investigators seek stored information concerning Internet accounts from providers of Internet service, they must comply with the statute. Topics covered in this section include: How can the government obtain e-mails and network account logs from ISPs? When does the government need to obtain a search warrant, as opposed to 18 U.S.C. § 2703(d) order or a subpoena? When can providers disclose e-mails and records to the government voluntarily? What remedies will courts impose when ECPA has been violated? Chapter 4 reviews the legal framework that governs electronic surveillance, with particular emphasis on how the statutes apply to surveillance on the communications networks. In particular, the chapter discusses Title III as modified by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-22 (referred to here as “Title III”)1, as well as the Pen Register and Trap and Trace Devices statute, 18 U.S.C. §§ 3121-27. These statutes govern when and how the government can conduct real-time surveillance, such as monitoring a computer hacker's activity as he breaks into a government computer network. Topics addressed in this chapter include: When can victims of computer crime monitor unauthorized intrusions into their networks and disclose that information to law enforcement? Can network “banners” generate implied consent to monitoring? How can the government obtain a pen register/trap and trace order that permits the government to collect packet header information from Internet communications? What remedies will courts impose when the electronic surveillance statutes have been violated? Of course, the issues discussed in Chapters 1 through 4 can overlap in actual cases. An investigation into computer hacking may begin with obtaining stored records from an ISP according to Chapter 3, move next to an electronic surveillance phase implicating Chapter 4, and then conclude with a search of the suspect's residence and a seizure of his computers according to Chapters 1 and 2. In other cases, agents and prosecutors must understand issues raised in multiple chapters not just in the same case, but at the same time. For example, an investigation into workplace misconduct by a government employee may implicate all of Chapters 1 through 4. Investigators may want to obtain the employee's e-mails from the government network server (implicating ECPA, discussed in Chapter 3); may wish to monitor the employee's use of the telephone or Internet in real-time (raising surveillance issues from Chapter 4); and at the same time, may need to search the employee's desktop computer in his office for clues of the misconduct (raising search and seizure issues from Chapters 1 and 2). Because the constitutional and statutory regimes can overlap in certain cases, agents and prosecutors will need to understand not only all of the legal issues covered in Chapters 1 through 4, but will also need to understand the precise nature of the information to be gathered in their particular cases. Chapters 1 through 4 are followed by a short Chapter 5, which discusses evidentiary issues that arise frequently in computer-related cases. The publication concludes with appendices that offer sample forms, language, and orders. Computer crime investigations raise many novel issues, and the courts have only begun to interpret how the Fourth Amendment and federal statutory laws apply to computer-related cases. Agents and prosecutors who need more detailed advice can rely on several resources for further assistance. At the federal district level, every U.S. Attorney’s Office has at least one Assistant U.S. Attorney who has been designated as a Computer and Telecommunications Coordinator (“CTC”). Every CTC receives extensive training in computer-related crime, and is primarily responsible for providing expertise relating to the topics covered in this manual within his or her district. CTCs may be reached in their district offices. Further, several sections within the Criminal Division of the U.S. Department of Justice in Washington, D.C., have expertise in computer-related fields. The Office of International Affairs ((202) 514-0000) provides expertise in the many computer crime investigations that raise international issues. The Office of Enforcement Operations ((202) 514-6809) provides expertise in the wiretapping laws and other privacy statutes discussed in Chapters 3 and 4. Also, the Child Exploitation and Obscenity Section ((202) 514-5780) provides expertise in computer-related cases involving child pornography and child exploitation. Finally,
agents and prosecutors are always welcome to contact the Computer Crime and Intellectual
Property Section (“CCIPS”) directly both for general advice and specific
case-related assistance. During regular business hours, at least two
CCIPS attorneys are on duty to answer questions and provide assistance to agents
and prosecutors on the topics covered in this document, as well as other matters
that arise in computer crime cases. The main number for CCIPS is (202) 514-1026.
The Fourth Amendment limits the ability of government agents to search for evidence without a warrant. This chapter explains the constitutional limits of warrantless searches in cases involving computers.
According
to the Supreme Court, a warrantless search does not violate the Fourth Amendment
if one of two conditions is satisfied. First, if the government’s conduct
does not violate a person’s “reasonable expectation of privacy,”
then formally it does not constitute a Fourth Amendment “search” and
no warrant is required. See Illinois v. Andreas, 463 U.S. 765, 771 (1983). Second,
a warrantless search that violates a person’s reasonable expectation of privacy
will nonetheless be “reasonable” (and therefore constitutional) if it
falls within an established exception to the warrant requirement. See Illinois
v. Rodriguez, 497 U.S. 177, 183 (1990). Accordingly, investigators must
consider two issues when asking whether a government search of a computer requires
a warrant. First, does the search violate a reasonable expectation of privacy? And
if so, is the search nonetheless reasonable because it falls within an exception
to the warrant requirement? B. The
Fourth Amendment’s “Reasonable Expectation of Privacy” in Cases
Involving Computers A search is constitutional if it does not violate a person’s “reasonable” or “legitimate” expectation of privacy. Katz v. United States, 389 U.S. 347, 362 (1967) (Harlan, J., concurring). This inquiry embraces two discrete questions: first, whether the individual’s conduct reflects “an actual (subjective) expectation of privacy,” and second, whether the individual’s subjective expectation of privacy is “one that society is prepared to recognize as ‘reasonable.’” Id. at 361. In most cases, the difficulty of contesting a defendant’s subjective expectation of privacy focuses the analysis on the objective aspect of the Katz test, i.e., whether the individual’s expectation of privacy was reasonable. No bright line rule indicates whether an expectation of privacy is constitutionally reasonable. See O’Connor v. Ortega, 480 U.S. 709, 715 (1987). For example, the Supreme Court has held that a person has a reasonable expectation of privacy in property located inside a person’s home, see Payton v. New York, 445 U.S. 573, 589-90 (1980); in conversations taking place in an enclosed phone booth, see Katz, 389 U.S. at 358; and in the contents of opaque containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982). In contrast, a person does not have a reasonable expectation of privacy in activities conducted in open fields, see Oliver v. United States, 466 U.S. 170, 177 (1984); in garbage deposited at the outskirts of real property, see California v. Greenwood, 486 U.S. 35, 40-41 (1988); or in a stranger’s house that the person has entered without the owner’s consent in order to commit a theft, see Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978). 2. Reasonable Expectation of Privacy in Computers as Storage Devices
The most basic Fourth Amendment question in computer cases asks whether an individual enjoys a reasonable expectation of privacy in electronic information stored within computers (or other electronic storage devices) under the individual’s control. For example, do individuals have a reasonable expectation of privacy in the contents of their laptop computers, floppy disks or pagers? If the answer is ‘yes,’ then the government ordinarily must obtain a warrant before it accesses the information stored inside. When confronted with this issue, courts have analogized electronic storage devices to closed containers, and have reasoned that accessing the information stored within an electronic storage device is akin to opening a closed container. Because individuals generally retain a reasonable expectation of privacy in the contents of closed containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982), they also generally retain a reasonable expectation of privacy in data held within electronic storage devices. Accordingly, accessing information stored in a computer ordinarily will implicate the owner’s reasonable expectation of privacy in the information. See United States v. Barth, 26 F. Supp.2d 929, 936-37 (W.D. Tex. 1998) (finding reasonable expectation of privacy in files stored on hard drive of personal computer); United States v. Reyes, 922 F. Supp. 818, 832-33 (S.D.N.Y. 1996) (finding reasonable expectation of privacy in data stored in a pager); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995) (same); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993) (same); United States v. Blas, 1990 WL 265179, at *21 (E.D. Wis. 1990) (“[A]n individual has the same expectation of privacy in a pager, computer, or other electronic data storage and retrieval device as in a closed container.”). But see United States v. Carey,172 F.3d 1268, 1275 (10th Cir. 1999) (dicta) (analogizing a computer hard drive to a file cabinet in the context of a search pursuant to a warrant, but then stating without explanation that “the file cabinet analogy may be inadequate”). Although
individuals generally retain a reasonable expectation of privacy in computers
under their control, special circumstances may eliminate that expectation. For
example, an individual will not retain a reasonable expectation of privacy in
information from a computer that the person has made openly available. In
United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents looking
over the defendant’s shoulder read the defendant’s password from the
screen as the defendant typed his password into a handheld computer. The
court found no Fourth Amendment violation in obtaining the password, because the
defendant did not enjoy a reasonable expectation of privacy “in the display
that appeared on the screen.” Id. at 1389. See also
Katz v. United States, 389 U.S. 347, 351 (1967) (“What a person knowingly
exposes to the public, even in his own home or office, is not a subject of Fourth
Amendment protection.”). Nor will individuals generally enjoy a reasonable
expectation of privacy in the contents of computers they have stolen. See
United States v. Lyons, 992 F.2d 1029, 1031-32 (10th Cir. 1993). 3. Reasonable Expectation of Privacy and Third-Party Possession Individuals who retain a reasonable expectation of privacy in stored electronic information under their control may lose Fourth Amendment protections when they relinquish that control to third parties. For example, an individual may offer a container of electronic information to a third party by bringing a malfunctioning computer to a repair shop, or by shipping a floppy diskette in the mail to a friend. Alternatively, a user may transmit information to third parties electronically, such as by sending data across the Internet. When law enforcement agents learn of information possessed by third parties that may provide evidence of a crime, they may wish to inspect it. Whether the Fourth Amendment requires them to obtain a warrant before examining the information depends first upon whether the third-party possession has eliminated the individual’s reasonable expectation of privacy. To analyze third-party possession issues, it helps first to distinguish between possession by a carrier in the course of transmission to an intended recipient, and subsequent possession by the intended recipient. For example, if A hires B to carry a package to C, A’s reasonable expectation of privacy in the contents of the package during the time that B carries the package on its way to C may be different than A’s reasonable expectation of privacy after C has received the package. During transmission, contents generally retain Fourth Amendment protection. The government ordinarily may not examine the contents of a package in the course of transmission without a warrant. Government intrusion and examination of the contents ordinarily violates the reasonable expectation of privacy of both the sender and receiver. See United States v. Villarreal, 963 F.2d 770, 774 (5th Cir. 1992); but see United States v. Walker, 20 F. Supp.2d 971, 973-74 (S.D.W. Va. 1998) (concluding that packages sent to an alias in furtherance of a criminal scheme do not support a reasonable expectation of privacy). This rule applies regardless of whether the carrier is owned by the government or a private company. Compare Ex Parte Jackson, 96 U.S. (6 Otto) 727, 733 (1877) (public carrier) with Walter v. United States, 447 U.S. 649, 651 (1980) (private carrier). A government “search” of an intangible electronic signal in the course of transmission may also implicate the Fourth Amendment. See Berger v. New York, 388 U.S. 41, 58-60 (1967) (applying the Fourth Amendment to a wire communication in the context of a wiretap). The boundaries of the Fourth Amendment in such cases remain hazy, however, because Congress addressed the Fourth Amendment concerns identified in Berger by passing Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (“Title III”), 18 U.S.C. §§ 2510-22. Title III, which is discussed fully in Chapter 4, provides a comprehensive statutory framework that regulates real-time monitoring of wire and electronic communications. Its scope encompasses, and in many significant ways exceeds, the protection offered by the Fourth Amendment. See United States v. Torres, 751 F.2d 875, 884 (7th Cir. 1985). As a practical matter, then, the monitoring of wire and electronic communications in the course of transmission generally raises many statutory questions, but few constitutional ones. See generally Chapter 4.
Once an item has been received by the intended recipient, the sender’s reasonable expectation of privacy generally depends upon whether the sender can reasonably expect to retain control over the item and its contents. When a person leaves a package with a third party for temporary safekeeping, for example, he usually retains control of the package, and thus retains a reasonable expectation of privacy in its contents. See, e.g., United States v. Most, 876 F.2d 191, 197-98 (D.C. Cir. 1989) (finding reasonable expectation of privacy in contents of plastic bag left with grocery store clerk); United States v. Barry, 853 F.2d 1479, 1481-83 (8th Cir. 1988) (finding reasonable expectation of privacy in locked suitcase stored at airport baggage counter); United States v. Presler, 610 F.2d 1206, 1213-14 (4th Cir. 1979) (finding reasonable expectation of privacy in locked briefcases stored with defendant’s friend for safekeeping). See also United States v. Barth, 26 F. Supp.2d 929, 936-37 (W.D. Tex. 1998) (holding that defendant retains a reasonable expectation of privacy in computer files contained in hard drive left with computer technician for limited purpose of repairing computer). If the sender cannot reasonably expect to retain control over the item in the third party’s possession, however, the sender no longer retains a reasonable expectation of privacy in its contents. For example, in United States v. Horowitz, 806 F.2d 1222 (4th Cir. 1986), the defendant e-mailed confidential pricing information relating to his employer to his employer’s competitor. After the FBI searched the competitor’s computers and found the pricing information, the defendant claimed that the search violated his Fourth Amendment rights. The Fourth Circuit disagreed, holding that the defendant relinquished his interest in and control over the information by sending it to the competitor for the competitor’s future use. See id. at 1225-26. See also United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (holding that defendant does not retain reasonable expectation of privacy in contents of e-mail message sent to America Online chat room after the message has been received by chat room participants) (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). In some cases, the sender may initially retain a right to control the third party’s possession, but may lose that right over time. The general rule is that the sender’s Fourth Amendment rights dissipate along with the sender’s right to control the third party’s possession. For example, in United States v. Poulsen, 41 F.3d 1330 (9th Cir. 1994), computer hacker Kevin Poulsen left computer tapes in a locker at a commercial storage facility but neglected to pay rent for the locker. Following a warrantless search of the facility, the government sought to use the tapes against Poulsen. The Ninth Circuit held that the search did not violate Poulsen’s reasonable expectation of privacy because under state law Poulsen’s failure to pay rent extinguished his right to access the tapes. See id. at 1337. An important line of Supreme Court cases states that individuals generally cannot reasonably expect to retain control over mere information revealed to third parties, even if the senders have a subjective expectation that the third parties will keep the information confidential. For example, in United States v. Miller, 425 U.S. 435, 443 (1976), the Court held that the Fourth Amendment does not protect bank account information that account holders divulge to their banks. By placing information under the control of a third party, the Court stated, an account holder assumes the risk that the information will be conveyed to the government. Id. According to the Court, “the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” Id. (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). See also Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (finding no reasonable expectation of privacy in phone numbers dialed by owner of a telephone because act of dialing the number effectively tells the number to the phone company); Couch v. United States, 409 U.S. 322, 335 (1973) (holding that government may subpoena accountant for client information given to accountant by client, because client retains no reasonable expectation of privacy in information given to accountant). Because computer data is “information,” this line of cases suggests that individuals who send data over communications networks may lose Fourth Amendment protection in the data once it reaches the intended recipient. See United States v. Meriwether, 917 F.2d 955, 959 (6th Cir. 1990) (suggesting that an electronic message sent via a pager is “information” under the Smith/Miller line of cases); Charbonneau, 979 F. Supp. at 1184 (“[A]n e-mail message . . . cannot be afforded a reasonable expectation of privacy once that message is received.”). But see C. Ryan Reetz, Note, Warrant Requirement for Searches of Computerized Information, 67 B.U. L. Rev. 179, 200-06 (1987) (arguing that certain kinds of remotely stored computer files should retain Fourth Amendment protection, and attempting to distinguish United States v. Miller and Smith v. Maryland). Of course, the absence of constitutional protections does not necessarily mean that the government can access the data without a warrant or court order. Statutory protections exist that generally protect the privacy of electronic communications stored remotely with service providers, and can protect the privacy of Internet users when the Fourth Amendment may not. See 18 U.S.C. §§ 2701-11 (discussed in Chapter 3, infra). Defendants
will occasionally raise a Fourth Amendment challenge to the acquisition of account
records and subscriber information held by Internet service providers using less
process than a full search warrant. As discussed in a later chapter, the
Electronic Communications Privacy Act permits the government to obtain transactional
records with an “articulable facts” court order, and basic subscriber
information with a subpoena. See 18 U.S.C. §§ 2701-11 (discussed
in Chapter 3, infra). These statutory procedures comply with the Fourth
Amendment because customers of Internet service providers do not have a reasonable
expectation of privacy in customer account records maintained by and for the provider’s
business. See United States v. Hambrick, 55 F. Supp.2d 504,
508 (W.D. Va. 1999), aff’d, 225 F.3d 656, 2000 WL 1062039 (4th Cir.
2000) (unpublished opinion) (finding no Fourth Amendment protection for network
account holder’s basic subscriber information obtained from Internet service
provider); United States v. Kennedy, 81 F. Supp.2d 1103, 1110) (D. Kan.
2000) (same). This rule accords with prior cases considering the scope of
Fourth Amendment protection in customer account records. See, e.g.,
United States v. Fregoso, 60 F.3d 1314, 1321 (8th Cir. 1995) (holding that
a telephone company customer has no reasonable expectation of privacy in account
information disclosed to the telephone company); In re Grand Jury Proceedings,
827 F.2d 301, 302-03 (8th Cir. 1987) (holding that customer account records maintained
and held by Western Union are not entitled to Fourth Amendment protection).
The Fourth Amendment “is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.” United States v. Jacobsen, 466 U.S. 109, 113 (1984). As a result, no violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement. See id. For example, in United States v. Hall, 142 F.3d 988 (7th Cir. 1998), the defendant took his computer to a private computer specialist for repairs. In the course of evaluating the defendant’s computer, the repairman observed that many files stored on the computer had filenames characteristic of child pornography. The repairman accessed the files, saw that they did in fact contain child pornography, and then contacted the state police. The tip led to a warrant, the defendant’s arrest, and his conviction for child pornography offenses. On appeal, the Seventh Circuit rejected the defendant’s claim that the repairman’s warrantless search through the computer violated the Fourth Amendment. Because the repairman’s search was conducted on his own, the court held, the Fourth Amendment did not apply to the search or his later description of the evidence to the state police. See id. at 993. See also United States v. Kennedy, 81 F. Supp.2d 1103, 1112 (D. Kan. 2000) (concluding that searches of defendant’s computer over the Internet by an anonymous caller and employees of a private ISP did not violate Fourth Amendment because there was no evidence that the government was involved in the search). In United States v. Jacobsen, 466 U.S. 109 (1984), the Supreme Court presented the framework that should guide agents seeking to uncover evidence as a result of a private search. According to Jacobsen, agents who learn of evidence via a private search can reenact the original private search without violating any reasonable expectation of privacy. What the agents cannot do without a warrant is “exceed[] the scope of the private search.” Id. at 115. See also United States v. Miller, 152 F.3d 813, 815-16 (8th Cir. 1998); United States v. Donnes, 947 F.2d 1430, 1434 (10th Cir. 1991). But see United States v. Allen, 106 F.3d 695, 699 (6th Cir. 1999) (dicta) (stating that Jacobsen does not permit law enforcement to reenact a private search of a private home or residence). This standard requires agents to limit their investigation to the precise scope of the private search when searching without a warrant after a private search has occurred. So long as the agents limit themselves to the scope of the private search, the agents’ search will not violate the Fourth Amendment. However, as soon as agents exceed the scope of the private warrantless search, any evidence uncovered may be suppressed. See United States v. Barth, 26 F. Supp.2d 929, 937 (W.D. Tex. 1998) (suppressing evidence of child pornography found on computer hard drive after agents viewed more files than private technician had initially viewed during repair of defendant’s computer). In computer cases, this aspect of Jacobsen means that private searches will often be useful partly as opportunities to provide the probable cause needed to obtain a warrant for a further search. The fact that a private person has uncovered evidence of a crime on another person’s computer does not permit agents to search the entire computer. Instead, the private search permits the agents to view the evidence that the private search revealed, and, if necessary, to use that evidence as a basis for procuring a warrant to search the rest of the computer.2 Although most private search issues arise when private third parties intentionally examine property and offer evidence of a crime to law enforcement, the same framework applies when third parties inadvertently expose evidence of a crime to plain view. For example, in United States v. Procopio, 88 F.3d 21 (1st Cir. 1996), a defendant stored incriminating files in his brother’s safe. Later, thieves stole the safe, opened it, and abandoned it in a public park. Police investigating the theft of the safe found the files scattered on the ground nearby, gathered them, and then used them against the defendant in an unrelated case. The First Circuit held that the use of the files did not violate the Fourth Amendment, because the files were made openly available by the thieves’ private search. See id. at 26-27 (citing Jacobsen, 466 U.S. at 113). Importantly,
the fact that the person conducting a search is not a government employee does
not necessarily mean that the search is “private” for Fourth Amendment
purposes. A search by a private party will be considered a Fourth Amendment
government search “if the private party act[s] as an instrument or agent
of the Government.” Skinner v. Railway Labor Executives’ Ass’n,
489 U.S. 602, 614 (1989). The Supreme Court has offered little guidance on
when private conduct can be attributed to the government; the Court has merely
stated that this question “necessarily turns on the degree of the Government’s
participation in the private party’s activities, . . . a question that can
only be resolved ‘in light of all the circumstances.’” Id.
at 614-15 (quoting Coolidge v. New Hampshire, 403 U.S. 443, 487 (1971)). In
the absence of a more definitive standard, the various federal Courts of Appeals
have adopted a range of approaches for distinguishing between private and government
searches. About half of the circuits apply a ‘totality of the circumstances’
approach that examines three factors: whether the government knows of or acquiesces
in the intrusive conduct; whether the party performing the search intends to assist
law enforcement efforts at the time of the search; and whether the government
affirmatively encourages, initiates or instigates the private action. See,
e.g., United States v. Pervaz, 118 F.3d 1, 6 (1st Cir. 1997); United
States v. Smythe, 84 F.3d 1240, 1242-43 (10th Cir. 1996); United States
v. McAllister, 18 F.3d 1412, 1417-18 (7th Cir. 1994); United States v.
Malbrough, 922 F.2d 458, 462 (8th Cir. 1990). Other circuits have adopted
more rule-like formulations that focus on only two of these factors. See,
e.g., United States v. Miller, 688 F.2d 652, 657 (9th Cir. 1982)
(holding that private action counts as government conduct if, at the time of the
search, the government knew of or acquiesced in the intrusive conduct, and the
party performing the search intended to assist law enforcement efforts); United
States v. Paige, 136 F.3d 1012, 1017 (5th Cir. 1998) (same); United States
v. Lambert, 771 F.2d 83, 89 (6th Cir. 1985) (holding that a private individual
is a state actor for Fourth Amendment purposes if the police instigated, encouraged
or participated in the search, and the individual engaged in the search with the
intent of assisting the police in their investigative efforts). C. Exceptions to the Warrant Requirement in Cases Involving Computers Warrantless
searches that violate a reasonable expectation of privacy will comply with the
Fourth Amendment if they fall within an established exception to the warrant requirement. Cases
involving computers often raise questions relating to how these “established”
exceptions apply to new technologies. Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search. See Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973). This consent may be explicit or implicit. See United States v. Milian-Rodriguez, 759 F.2d 1558, 1563-64 (11th Cir. 1985). Whether consent was voluntarily given is a question of fact that the court must decide by considering the totality of the circumstances. While no single aspect controls the result, the Supreme Court has identified the following important factors: the age, education, intelligence, physical and mental condition of the person giving consent; whether the person was under arrest; and whether the person had been advised of his right to refuse consent. See Schneckloth, 412 U.S. at 226. The government carries the burden of proving that consent was voluntary. See United States v. Price, 599 F.2d 494, 503 (2d Cir. 1979). In computer
crime cases, two consent issues arise particularly often. First, when does
a search exceed the scope of consent? For example, when a target consents
to the search of a machine, to what extent does the consent authorize the retrieval
of information stored in the machine? Second, who is the proper party to
consent to a search? Do roommates, friends, and parents have the authority
to consent to a search of another person’s computer files?3
“The scope of a consent to search is generally defined by its expressed object, and is limited by the breadth of the consent given.” United States v. Pena, 143 F.3d 1363, 1368 (10th Cir. 1998). The standard for measuring the scope of consent under the Fourth Amendment is objective reasonableness: “What would the typical reasonable person have understood by the exchange between the [agent] and the [person granting consent]?” Florida v. Jimeno, 500 U.S. 248, 251 (1991). This requires a fact-intensive inquiry into whether it was reasonable for the agent to believe that the scope of consent included the items searched. Id. Of course, when the limits of the consent are clearly given, either before or during the search, agents must respect these bounds. See Vaughn v. Baldwin, 950 F.2d 331, 333 (6th Cir. 1991).
Computer cases often raise the question of whether consent to search a location or item implicitly includes consent to access the memory of electronic storage devices encountered during the search. In such cases, courts look to whether the particular circumstances of the agents’ request for consent implicitly or explicitly limited the scope of the search to a particular type, scope, or duration. Because this approach ultimately relies on fact-driven notions of common sense, results reached in published opinions have hinged upon subtle (if not entirely inscrutable) distinctions. Compare United States v. Reyes, 922 F. Supp. 818, 834 (S.D.N.Y. 1996) (holding that consent to “look inside” a car included consent to retrieve numbers stored inside pagers found in car’s back seat) with United States v. Blas, 1990 WL 265179, at *20 (E.D. Wis. 1990) (holding that consent to “look at” a pager did not include consent to activate pager and retrieve numbers, because looking at pager could be construed to mean “what the device is, or how small it is, or what brand of pager it may be”). See alsoUnited States v. Carey, 172 F.3d 1268, 1274 (10th Cir. 1999) (reading written consent form extremely narrowly, so that consent to seizure of “any property” under the defendant’s control and to “a complete search of the premises and property” at the defendant’s address merely permitted the agents to seize the defendant’s computer from his apartment, but did not permit them to search the computer off-site because it was no longer located at the defendant’s address). Prosecutors can strengthen their argument that the scope of consent included consent to search electronic storage devices by relying on analogous cases involving closed containers. See, e.g., United States v. Galante, 1995 WL 507249, at *3 (S.D.N.Y. 1995) (holding that general consent to search car included consent to have officer access memory of cellular telephone found in the car, relying on circuit precedent involving closed containers); Reyes, 922 F. Supp. at 834. Agents
should be especially careful about relying on consent as the basis for a search
of a computer when they obtain consent for one reason but then wish to conduct
a search for another reason. In two recent cases, the Courts of Appeals suppressed
images of child pornography found on computers after agents procured the defendant’s
consent to search his property for other evidence. In United States v.
Turner, 169 F.3d 84 (1st Cir. 1999), detectives searching for physical evidence
of an attempted sexual assault obtained written consent from the victim’s
neighbor to search the neighbor’s “premises” and “personal
property.” Before the neighbor signed the consent form, the detectives discovered
a large knife and blood stains in his apartment, and explained to him that they
were looking for more evidence of the assault that the suspect might have left
behind. See id. at 86. While several agents searched for
physical evidence, one detective searched the contents of the neighbor’s
personal computer and discovered stored images of child pornography. The
neighbor was charged with possessing child pornography. On interlocutory
appeal, the First Circuit held that the search of the computer exceeded the scope
of consent and suppressed the evidence. According to the Court, the detectives’
statements that they were looking for signs of the assault limited the scope of
consent to the kind of physical evidence that an intruder might have left behind.
See id. at 88. By transforming the search for physical
evidence into a search for computer files, the detective had exceeded the scope
of consent. See id. See alsoCarey, 172 F.3d at 1277
(Baldock, J., concurring) (concluding that agents exceeded scope of consent by
searching computer after defendant signed broadly-worded written consent form,
because agents told defendant
Because
the decisions evaluating the scope of consent to search computers have reached
sometimes unpredictable results, investigators should indicate the scope of the
search explicitly when obtaining a suspect’s consent to search a computer.
i) General Rules It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this “common area” as well. The watershed case in this area is United States v. Matlock, 415 U.S. 164 (1974). In Matlock, the Supreme Court stated that one who has “common authority” over premises or effects may consent to a search even if an absent co-user objects. Id. at 171. According to the Court, the common authority that establishes the right of third-party consent requires
Id. at 171 n.7. Under the Matlock approach, a private third party may consent to a search of property under the third party’s joint access or control. Agents may view what the third party may see without violating any reasonable expectation of privacy so long as they limit the search to the zone of the consenting third party’s common authority. See United States v. Jacobsen, 466 U.S. 109, 119 (1984) (noting that the Fourth Amendment is not violated when a private third party invites the government to view the contents of a package under the third party’s control). This rule often requires agents to inquire into third parties’s rights of access before conducting a consent search, and to draw lines between those areas that fall within the third party’s common authority and those areas outside of the third party’s control. See United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (holding that a mother could consent to a general search of her 23-year-old son’s room, but could not consent to a search of a locked footlocker found in the room). Because the joint access test does not require a unity of interests between the suspect and the third party, however, Matlock permits third-party consent even when the target of the search is present and refuses to consent to the search. See United States v. Sumlin, 567 F.2d 684, 687 (6th Cir. 1977) (holding that woman had authority to consent to search of apartment she shared with her boyfriend even though boyfriend refused consent). Courts have not squarely addressed whether a suspect’s decision to password-protect or encrypt files stored in a jointly-used computer denies co-users the right to consent to a search of the files under Matlock. However, it appears likely that encryption and password-protection would in most cases indicate the absence of common authority to consent to a search among co-users who do not know the password or possess the encryption key. Compare United States v. Smith, 27 F. Supp.2d 1111, 1115-16 (C.D. Ill. 1998) (concluding that a woman could consent to a search of her boyfriend’s computer located in their house, and noting that the boyfriend had not password-protected his files) with Block, 590 F.2d at 541 (concluding that a mother could not consent to search of a locked footlocker in her son’s room where she did not possess the key). Conversely, if the co-user has been given the password or encryption key by the suspect, then she probably has the requisite common authority to consent to a search of the files under Matlock. See United States v. Murphy, 506 F.2d 529, 530 (9th Cir. 1974) (per curiam) (concluding that an employee could consent to a search of an employer’s locked warehouse because the employee possessed the key, and finding “special significance” in the fact that the employer had himself delivered the key to the employee). As
a practical matter, agents may have little way of knowing the precise bounds of
a third party’s common authority when the agents obtain third-party consent
to conduct a search. When queried, consenting third parties may falsely claim
that they have common authority over property. In Illinois v. Rodriguez,
497 U.S. 177 (1990), the Supreme Court held that the Fourth Amendment does not
automatically require suppression of evidence discovered during a consent search
when it later comes to light that the third party who consented to the search
lacked the authority to do so. See id. at 188-89. Instead,
the Court held that agents can rely on a claim of authority to consent if based
on “the facts available to the officer at the moment, . . . a man of reasonable
caution . . . [would believe] that the consenting party had authority” to
consent to a search of the premises. Id. (internal quotations omitted)
(quoting Terry v. Ohio, 392 U.S. 1, 21-22 (1968)). When agents reasonably
rely on apparent authority to consent, the resulting search does not violate the
Fourth Amendment. ii) Spouses and Domestic Partners
Absent
an affirmative showing that the consenting spouse has no access to the property
searched, the courts generally hold that either spouse may consent to search all
of the couple’s property. See, e.g., United States
v. Duran, 957 F.2d 499, 504-05 (7th Cir. 1992) (concluding that wife could
consent to search of barn she did not use because husband had not denied her the
right to enter barn); United States v. Long, 524 F.2d 660, 661 (9th Cir.
1975) (holding that wife who had left her husband could consent to search of jointly-owned
home even though husband had changed the locks). For example, in United
States v. Smith, 27 F. Supp.2d 1111 (C.D. Ill. 1998), a man named Smith was
living with a woman named Ushman and her two daughters. When allegations
of child molestation were raised against Smith, Ushman consented to the search
of his computer, which was located in the house in an alcove connected to the
master bedroom. Although Ushman used Smith’s computer only rarely, the
district court held that she could consent to the search of Smith’s computer. Because
Ushman was not prohibited from entering the alcove and Smith had not password-protected
the computer, the court reasoned, she had authority to consent to the search.
See id. at 1115-16. Even if she lacked actual authority to
consent, the court added, she had apparent authority to consent. See id.
at 1116 (citing Illinois v. Rodriguez). iii) Parents
In some computer crime cases, the perpetrators are relatively young and reside with their parents. When the perpetrator is a minor, parental consent to search the perpetrator’s property and living space will almost always be valid. See 3 W. LaFave, Search and Seizure: A Treatise on the Fourth Amendment § 8.4(b) at 283 (2d ed. 1987) (noting that courts have rejected “even rather extraordinary efforts by [minor] child[ren] to establish exclusive use.”). When
the sons and daughters who reside with their parents are legal adults, however,
the issue is more complicated. Under Matlock, it is clear that parents
may consent to a search of common areas in the family home regardless of the perpetrator’s
age. See, e.g., United States v. Lavin, 1992 WL 373486,
at *6 (S.D.N.Y. 1992) (recognizing right of parents to consent to search of basement
room where son kept his computer and files). When agents would like to search
an adult child’s room or other private areas, however, agents cannot assume
that the adult’s parents have authority to consent. Although courts
have offered divergent approaches, they have paid particular attention to three
factors: the suspect’s age; whether the suspect pays rent; and whether the
suspect has taken affirmative steps to deny his or her parents access to the suspect’s
room or private area. When suspects are older, pay rent, and/or deny
access to parents, courts have generally held that parents may not consent. See
United States v. Whitfield, 939 F.2d 1071, 1075 (D.C. Cir. 1991) (holding
“cursory questioning” of suspect’s mother insufficient to establish
right to consent to search of 29-year-old son’s room); United States v.
Durham, 1998 WL 684241, at *4 (D. Kan. 1998) (mother had neither apparent
nor actual authority to consent to search of 24-year-old son’s room, because
son had changed the locks to the room without telling his mother, and son also
paid rent for the room). In contrast, parents usually may consent if their
adult children do not pay rent, are fairly young, and have taken no steps to deny
their parents access to the space to be searched. See United States
v. Rith, 164 F.3d 1323, 1331 (10th Cir. 1999) (suggesting that parents are
presumed to have authority to consent to a search of their 18-year-old son’s
room because he did not pay rent); United States v. Block, 590 F.2d 535,
541 (4th Cir. 1978) (mother could consent to police search of 23-year-old son’s
room when son did not pay rent). iv) System Administrators Every computer network is managed by a “system administrator” or “system operator” whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have “root level” access to the systems they administer, which effectively grants them master keys to open any account and read any file on their systems. When investigators suspect that a network account contains relevant evidence, they may feel inclined to seek the system administrator’s consent to search the contents of that account. As a practical matter, the primary barrier to searching a network account pursuant to a system administrator’s consent is statutory, not constitutional. System administrators typically serve as agents of “provider[s] of electronic communication service” under the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2701-11. ECPA regulates law enforcement efforts to obtain the consent of a system administrator to search an individual’s account. See 18 U.S.C. § 2702-03. Accordingly, any attempt to obtain a system administrator’s consent to search an account must comply with ECPA. See generally Chapter 3, “The Electronic Communications Privacy Act,” infra. To the extent that ECPA authorizes system administrators to consent to searches, the resulting consent searches will in most cases comply with the Fourth Amendment. The first reason is that individuals may not retain a reasonable expectation of privacy in the remotely stored files and records that their network accounts contain. See generally Reasonable Expectation of Privacy and Third Party Possession, supra. If an individual does not retain a constitutionally reasonable expectation of privacy in his remotely stored files, it will not matter whether the system administrator has the necessary joint control over the account needed to satisfy the Matlock test because a subsequent search will not violate the Fourth Amendment. In the event that a court holds that an individual does possess a reasonable expectation of privacy in remotely stored account files, whether a system administrator’s consent would satisfy Matlock should depend on the circumstances. Clearly, the system administrator’s access to all network files does not by itself provide the common authority that triggers authority to consent. In the pre-Matlock case of Stoner v. California, 376 U.S. 483 (1964), the Supreme Court held that a hotel clerk lacked the authority to consent to the search of a hotel room. Although the clerk was permitted to enter the room to perform his duties, and the guest had left his room key with the clerk, the Court concluded that the clerk could not consent to the search. If the hotel guest’s protection from unreasonable searches and seizures “were left to depend on the unfettered discretion of an employee of the hotel,” Justice Stewart reasoned, it would “disappear.” Id. at 490. See also Chapman v. United States, 365 U.S. 610 (1961) (holding that a landlord lacks authority to consent to search of premises used by tenant); United States v. Most, 876 F.2d 191, 199-200 (D.C. Cir. 1989) (holding that store clerk lacks authority to consent to search of packages left with clerk for safekeeping). To the extent that the access of a system operator to a network account is analogous to the access of a hotel clerk to a hotel room, the claim that a system operator may consent to a search of Fourth Amendment-protected files is weak. Cf. Barth, 26 F. Supp.2d at 938 (holding that computer repairman’s right to access files for limited purpose of repairing computer did not create authority to consent to government search through files). Of
course, the hotel clerk analogy may be inadequate in some circumstances. For
example, an employee generally does not have the same relationship with the system
administrator of his company’s network as a customer of a private ISP such
as AOL might have with the ISP’s system administrator. The company may
grant the system administrator of the company network full rights to access employee
accounts for any work-related reason, and the employees may know that the system
administrator has such access. In circumstances such as this, the system administrator
would likely have sufficient common authority over the accounts to be able to
consent to a search. See generally Note, Keeping Secrets
in Cyberspace: Establishing Fourth Amendment Protection for Internet Communication,
110 Harv. L. Rev. 1591, 1602-03 (1997). See also United States
v. Clarke, 2 F.3d 81, 85 (4th Cir. 1993) (holding that a drug courier hired
to transport the defendant’s locked toolbox containing drugs had common authority
under Matlock to consent to a search of the toolbox stored in the courier’s
trunk). Further, in the case of a government network, the Fourth Amendment
rules would likely differ dramatically from the rules that apply to private networks.
See generally O’Connor v. Ortega, 480 U.S. 709 (1987)
(explaining how the Fourth Amendment applies within government workplaces) (discussed
infra). Individuals often enter into agreements with the government in which they waive some of their Fourth Amendment rights. For example, prison guards may agree to be searched for drugs as a condition of employment, and visitors to government buildings may agree to a limited search of their person and property as a condition of entrance. Similarly, users of computer systems may waive their rights to privacy as a condition of using the systems. When individuals who have waived their rights are then searched and challenge the searches on Fourth Amendment grounds, courts typically focus on whether the waiver eliminated the individual’s reasonable expectation of privacy against the search. See, e.g., American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Service, 871 F.2d 556, 56-61 (6th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in government lockers after signing waivers). A few courts have approached the same problem from a slightly different direction and have asked whether the waiver established implied consent to the search. According to the doctrine of implied consent, consent to a search may be inferred from an individual’s conduct. For example, in United States v. Ellis, 547 F.2d 863 (5th Cir. 1977), a civilian visiting a naval air station agreed to post a visitor’s pass on the windshield of his car as a condition of bringing the car on the base. The pass stated that “[a]cceptance of this pass gives your consent to search this vehicle while entering, aboard, or leaving this station.” Id. at 865 n.1. During the visitor’s stay on the base, a station investigator who suspected that the visitor had stored marijuana in the car approached the visitor and asked him if he had read the pass. After the visitor admitted that he had, the investigator searched the car and found 20 plastic bags containing marijuana. The Fifth Circuit ruled that the warrantless search of the car was permissible, because the visitor had impliedly consented to the search when he knowingly and voluntarily entered the base with full knowledge of the terms of the visitor’s pass. See id. at 866-67. Ellis
notwithstanding, it must be noted that several circuits have been critical of
the implied consent doctrine in the Fourth Amendment context. Despite the
Fifth Circuit’s broad construction, other courts have proven reluctant to
apply the doctrine absent evidence that the suspect actually knew of the search
and voluntarily consented to it at the time the search occurred. See McGann
v. Northeast Illinois Regional Commuter R.R. Corp., 8 F.3d 1174, 1179 (7th
Cir. 1993) (“Courts confronted with claims of implied consent have been reluctant
to uphold a warrantless search based simply on actions taken in the light of a
posted notice.”); Securities and Law Enforcement Employees, District Council
82 v. Carey, 737 F.2d 187, 202 n.23 (2d Cir. 1984) (rejecting argument that
prison guards impliedly consented to search by accepting employment at prison
where consent to search was a condition of employment). Absent such evidence,
these courts have preferred to examine general waivers of Fourth Amendment rights
solely under the reasonable-expectation-of-privacy test. See id.
Under the “exigent circumstances” exception to the warrant requirement, agents can search without a warrant if the circumstances “would cause a reasonable person to believe that entry . . . was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequence improperly frustrating legitimate law enforcement efforts.” See United States v. Alfonso, 759 F.2d 728, 742 (9th Cir. 1985). In determining whether exigent circumstances exist, agents should consider: (1) the degree of urgency involved, (2) the amount of time necessary to obtain a warrant, (3) whether the evidence is about to be removed or destroyed, (4) the possibility of danger at the site, (5) information indicating the possessors of the contraband know the police are on their trail, and (6) the ready destructibility of the contraband. See United States v. Reed, 935 F.2d 641, 642 (4th Cir. 1991). Exigent circumstances often arise in computer cases because electronic data is perishable. Computer commands can destroy data in a matter of seconds, as can humidity, temperature, physical mutilation, or magnetic fields created, for example, by passing a strong magnet over a disk. For example, in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his computer memo book, and seized the computer immediately. The district court held that the agents did not need a warrant to seize the memo book because the defendant’s acts had created exigent circumstances. See id. at 1392. Similarly, in United States v. Romero-Garcia, 991 F. Supp. 1223, 1225 (D. Or. 1997), aff’d on other grounds 168 F.3d 502 (9th Cir. 1999), a district court held that agents had properly accessed the information in an electronic pager in their possession because they had reasonably believed that it was necessary to prevent the destruction of evidence. The information stored in pagers is readily destroyed, the court noted: incoming messages can delete stored information, and batteries can die, erasing the information. Accordingly, the agents were justified in accessing the pager without first acquiring a warrant. See id. See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (in conducting search incident to arrest, agents were justified in retrieving numbers from pager because pager information is easily destroyed). Of course, in computer cases, as in all others, the existence of exigent circumstances is absolutely tied to the facts. Compare Romero-Garcia, 911 F. Supp. at 1225 with David, 756 F. Supp at 1392 n.2 (dismissing as “lame” the government’s argument that exigent circumstances supported search of a battery-operated computer because the agent did not know how much longer the computer’s batteries would live) and United States v. Reyes, 922 F. Supp. 818, 835-36 (S.D.N.Y. 1996) (concluding that exigent circumstances could not justify search of a pager because the government agent unlawfully created the exigency by turning on the pager). Importantly,
the existence of exigent circumstances does not permit agents to search or seize
beyond what is necessary to prevent the destruction of the evidence. When
the exigency ends, the right to conduct warrantless searches does as well: the
need to take certain steps to prevent the destruction of evidence does not authorize
agents to take further steps without a warrant. See United States
v. Doe, 61 F.3d 107, 110-11 (1st Cir. 1995). Accordingly, the seizure
of computer hardware to prevent the destruction of information it contains will
not ordinarily support a subsequent search of that information without a warrant. See
David, 756 F. Supp. at 1392. Evidence of a crime may be seized without a warrant under the plain view exception to the warrant requirement. To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent. See Horton v. California, 496 U.S. 128 (1990). For example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine.
Importantly, the plain view exception cannot justify violations of an individual’s reasonable expectation of privacy. The exception merely permits the seizure of evidence that has already been viewed in accordance with the Fourth Amendment. In computer cases, this means that the government cannot rely on the plain view exception to justify opening a closed computer file.4 The contents of a file that must be opened to be viewed are not in ‘plain view.’ See United States v. Maxwell, 45 M.J. 406, 422 (C.A.A.F. 1996). This rule accords with decisions applying the plain view exception to closed containers. See, e.g., United States v. Villarreal, 963 F.2d 770, 776 (5th Cir. 1992) (concluding that labels fixed to opaque 55-gallon drums do not expose the contents of the drums to plain view). (“[A] label on a container is not an invitation to search it. If the government seeks to learn more than the label reveals by opening the container, it generally must obtain a search warrant.”). United
States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999), provides a useful example. In
Carey, a police detective searching a hard drive with a warrant for drug
trafficking evidence opened a “jpg” file and instead discovered child
pornography. At that point, the detective abandoned the search for drug trafficking
evidence and spent five hours accessing and downloading several hundred “jpg”
files in a search for more child pornography. When the defendant moved to
exclude the child pornography files on the ground that they were seized beyond
the scope of the warrant, the government argued that the detective had seized
the “jpg” files properly because the contents of the contraband files
were in plain view. The Tenth Circuit rejected this argument with respect
to all of the files except for the first “jpg” file the detective discovered. See
id. at 1273, 1273 n.4. Although the court’s reasoning is somewhat
opaque, this aspect of Carey seems sensible. The plain view exception
permits agents to seize property found in plain view, not to infringe a suspect’s
right to privacy until his property comes into plain view. As a result, the
detective could seize the first “jpg” file that came into plain view
when the detective was executing the search warrant, but could not rely on the
plain view exception to justify the search for additional “jpg” files
on the defendant’s computers that were beyond the scope of the warrant. 4. Search Incident to a Lawful Arrest Pursuant to a lawful arrest, agents may conduct a “full search” of the arrested person, and a more limited search of his surrounding area, without a warrant. See United States v. Robinson, 414 U.S. 218, 235 (1973); Chimel v. California, 395 U.S. 752, 762-63 (1969). For example, in Robinson, a police officer conducting a patdown search incident to an arrest for a traffic offense discovered a crumpled cigarette package in the suspect’s left breast pocket. Not knowing what the package contained, the officer opened the package and discovered fourteen capsules of heroin. The Supreme Court held that the search of the package was permissible, even though the officer had no articulable reason to open the package. See id. at 234-35. In light of the general need to preserve evidence and prevent harm to the arresting officer, the Court reasoned, it was perse reasonable for an officer to conduct a “full search of the person” pursuant to a lawful arrest. Id. at 235. Due to the increasing use of handheld and portable computers and other electronic storage devices, agents often encounter computers when conducting searches incident to lawful arrests. Suspects may be carrying pagers, Personal Digital Assistants (such as Palm Pilots), or even laptop computers when they are arrested. Does the search-incident-to-arrest exception permit an agent to access the memory of an electronic storage device found on the arrestee’s person during a warrantless search incident to arrest? In the case of electronic pagers, the answer clearly is “yes.” Relying on Robinson, courts have uniformly permitted agents to access electronic pagers carried by the arrested person at the time of arrest. See United States v. Reyes, 922 F. Supp. 818, 833 (S.D.N.Y. 1996) (holding that accessing numbers in a pager found in bag attached to defendant’s wheelchair within twenty minutes of arrest falls within search-incident-to-arrest exception); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995); Yu v. United States, 1997 WL 423070 (S.D.N.Y. 1997); United States v. Thomas, 114 F.3d 403, 404 n.2 (3d Cir. 1997) (dicta). See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (same holding, but relying on an exigency theory). Courts have not yet addressed whether Robinson will permit warrantless searches of electronic storage devices that contain more information than pagers. In the paper world, certainly, cases have allowed extensive searches of written materials discovered incident to lawful arrests. For example, courts have uniformly held that agents may inspect the entire contents of a suspect’s wallet found on his person. See, e.g., United States v. Castro, 596 F.2d 674, 676 (5th Cir. 1979); United States v. Molinaro, 877 F.2d 1341, 1347 (7th Cir. 1989) (citing cases). Similarly, one court has held that agents could photocopy the entire contents of an address book found on the defendant’s person during the arrest, see United States v. Rodriguez, 995 F.2d 776, 778 (7th Cir. 1993), and others have permitted the search of a defendant’s briefcase that was at his side at the time of arrest. See, e.g., United States v. Johnson, 846 F.2d 279, 283-84 (5th Cir. 1988); United States v. Lam Muk Chiu, 522 F.2d 330, 332 (2d Cir. 1975). If agents can examine the contents of wallets, address books, and briefcases without a warrant, it could be argued that they should be able to search their electronic counterparts (such as electronic organizers, floppy disks, and Palm Pilots) as well. Cf. United v. Tank, 200 F.3d 627, 632 (9th Cir. 2000) (holding that agents searching a car incident to a valid arrest properly seized a Zip disk found in the car, but failing to discuss whether the agents obtained a warrant before searching the disk for images of child pornography). The
limit on this argument is that any search incident to an arrest must be reasonable. See
Swain v. Spinney, 117 F.3d 1, 6 (1st Cir. 1997). While a search of
physical items found on the arrestee’s person may always be reasonable, more
invasive searches in different circumstances may violate the Fourth Amendment. See,
e.g. Mary Beth G. v. City of Chicago, 723 F.2d 1263, 1269-71 (7th
Cir. 1983) (holding that Robinson does not permit strip searches incident
to arrest because such searches are not reasonable in context). For example,
the increasing storage capacity of handheld computers suggests that Robinson’s
bright line rule may not always apply in the case of electronic searches. Courts
may conclude that a quick search through a pager that stores a few phone numbers
is reasonable incident to an arrest, but that a very time-consuming search through
a handheld computer that contains an entire warehouse of information presents
a different case. Cf. United States v. O’Razvi, 1998 WL 405048, at
*7 n.7 (S.D.N.Y. 1998). When in doubt, agents should obtain a search warrant
before examining the contents of electronic storage devices that might contain
large amounts of information. Law enforcement officers routinely inventory the items they have seized. Such “inventory searches” are reasonable — and therefore fall under an exception to the warrant requirement — when two conditions are met. First, the search must serve a legitimate, non-investigatory purpose (e.g., to protect an owner’s property while in custody; to insure against claims of lost, stolen, or vandalized property; or to guard the police from danger) that outweighs the intrusion on the individual’s Fourth Amendment rights. See Illinois v. Lafayette, 462 U.S. 640, 644 (1983); South Dakota v. Opperman, 428 U.S. 364, 369 (1976). Second, the search must follow standardized procedures. See Colorado v. Bertine, 479 U.S. 367, 374 n.6 (1987); Florida v. Wells, 495 U.S. 1, 4-5 (1990). It
is unlikely that the inventory-search exception to the warrant requirement would
support a search through seized computer files. See O’Razvi,
1998 WL 405048, at *6-7 (noting the difficulties of applying the inventory-search
requirements to computer disks). Even assuming that standard procedures authorized
such a search, the legitimate purposes served by inventory searches in the physical
world do not translate well into the intangible realm. Information does not
generally need to be reviewed to be protected, and does not pose a risk of physical
danger. Although an owner could claim that his computer files were altered
or deleted while in police custody, examining the contents of the files would
offer little protection from tampering. Accordingly, agents will generally need
to obtain a search warrant in order to examine seized computer files held in custody.
In order to protect the government’s ability to monitor contraband and other property that may enter or exit the United States illegally, the Supreme Court has recognized a special exception to the warrant requirement for searches that occur at the border of the United States. According to the Court, “routine searches” at the border or its functional equivalent do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence. United States v. Montoya De Hernandez, 473 U.S. 531, 538 (1985). Searches that are especially intrusive require at least reasonable suspicion, however. See id.. at 541. These rules apply to people and property both entering and exiting the United States. See United States v. Oriakhi, 57 F.3d 1290, 1297 (4th Cir. 1995). At least one court has interpreted the border search exception to permit a warrantless search of a computer disk for contraband computer files. In United States v. Roberts, 86 F. Supp.2d 678 (S.D. Tex. 2000), United States Customs Agents learned that William Roberts, a suspect believed to be carrying computerized images of child pornography, was scheduled to fly from Houston, Texas to Paris, France on a particular day. On the day of the flight, the agents set up an inspection area in the jetway at the Houston airport with the sole purpose of searching Roberts. Roberts arrived at the inspection area and was told by the agents that they were searching for “currency” and “high technology or other data” that could not be exported legally. Id. at 681. After the agents searched Roberts’ property and found a laptop computer and six Zip diskettes, Roberts agreed to sign a consent form permitting the agents to search his property. A subsequent search revealed several thousand images of child pornography. See id. at 682. When charges were brought, Roberts moved for suppression of the computer files, but the district court ruled that the search had not violated the Fourth Amendment. According to the court, the search of Roberts’ luggage had been a “routine search” for which no suspicion was required, even though the justification for the search offered by the agents merely had been a pretext. See id. at 686 (citing Whren v. United States, 517 U.S. 806 (1996)). The court also concluded that Roberts’ consent justified the search of the laptop and diskettes, and indicated that even if Roberts had not consented to the search, “[t]he search of the defendant’s computer and diskettes would have been a routine export search, valid under the Fourth Amendment.” See Roberts, 98 F. Supp.2d at 688. Importantly,
agents and prosecutors should not interpret Roberts as permitting the interception
of data transmitted electronically to and from the United States. Any real-time
interception of electronically transmitted data in the United States must comply
strictly with the requirements of Title III, 18 U.S.C. §§ 2510-22. See
generally Chapter 4. Further, once electronically transferred data
from outside the United States arrives at its destination within the United States,
the government ordinarily cannot rely on the border search exception to search
for and seize the data because the data is no longer at the border or its functional
equivalent. Cf.Almeida-Sanchez v. United States, 413 U.S. 266, 273-74 (1973)
(concluding that a search that occurred 25 miles from the United States border
did not qualify for the border search exception, even though the search occurred
on a highway known as a common route for illegal aliens, because it did not occur
at the border or its functional equivalent). Outside the United States border, searching and seizing electronic evidence raises difficult questions of both law and policy. Because the Internet is a global network, international issues may arise in many cases; even a domestic investigation may involve a computer system, data, witness or subject located in a foreign jurisdiction. In such cases, the Fourth Amendment may or may not apply, depending on the circumstances. See generally United States v. Verdugo-Urquidez, 494 U.S. 259 (1990) (considering the extent to which the Fourth Amendment applies to searches outside of the United States). However, international policies regarding sovereignty and privacy may require the United States to take actions ranging from informal notice to a formal request for assistance to the country concerned. This manual will not attempt to provide detailed guidance on how to resolve international issues that arise in such cases. Investigators and prosecutors should contact the Office of International Affairs at (202) 514-0000 for assistance. However, a few basic principles can be stated here. The United States maintains approximately 40 bilateral mutual legal assistance treaty relationships and many other relationships pursuant to letters rogatory or other longstanding means of cooperation. While cooperation with respect to computer and electronic evidence is under further development internationally, these treaty structures and ongoing relationships continue to provide the legal and practical means by which the United States both seeks and provides legal assistance. When agents learn prior to a search that some of all of the data to be searched is located in a foreign jurisdiction, they should seek advice from the Office of International Affairs as to the need for and appropriate means to seek assistance from that country. When immediate international assistance is required, the international network of 24-hour Points of Contact established by the High-tech Crime Subgroup of the G-8 countries can provide assistance, such as preserving data and assisting in real-time tracing of cross-border communications. See generally Michael A. Sussmann, The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium, 9 Duke J. Comp. & Int’l L. 451, 484 (1999). The network is available twenty-four hours a day to respond to urgent requests for assistance in international high-tech crime investigations, or cases involving electronic evidence. The membership currently includes Australia, Brazil, Canada, Denmark, Finland, France, Germany, Italy, Japan, Republic of Korea, Luxembourg, Russia, Spain, Sweden, United Kingdom, and the United States, and continues to grow. The Point of Contact for the United States is CCIPS, which can be contacted at (202) 514-1026 during regular business hours, or, after hours, through the DOJ Command Center at (202) 514-5000. CCIPS also has computer crime law enforcement contacts in countries beyond members of the network; agents and prosecutors can call CCIPS for assistance. Finally,
international issues may also arise when the United States responds to foreign
requests for international legal assistance for computer and electronic evidence. Investigators
and prosecutors can the Office of International Affairs ((202) 514-0000) or CCIPS
for additional advice. D. Special Case: Workplace Searches Warrantless workplace searches deserve a separate analysis because they occur often in computer cases and raise unusually complicated legal issues. The primary cause of the analytical difficulty is the Supreme Court’s complex decision in O’Connor v. Ortega, 480 U.S. 709 (1987). Under O’Connor, the legality of warrantless workplace searches depends on often-subtle factual distinctions such as whether the workplace is public sector or private sector, whether employment policies exist that authorize a search, and whether the search is work-related. Every warrantless workplace search must be evaluated carefully on its facts. In general, however, law enforcement officers can conduct a warrantless search of private (i.e., non-government) workplaces only if the officers obtain the consent of either the employer or another employee with common authority over the area searched. In public (i.e., government) workplaces, officers cannot rely on an employer’s consent, but can conduct searches if written employment policies or office practices establish that the government employees targeted by the search cannot reasonably expect privacy in their workspace. Further, government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees’ reasonable expectation of privacy. One
cautionary note is in order before we proceed. This discussion evaluates
the legality of warrantless workplace searches of computers under the Fourth Amendment. In
many cases, however, workplace searches will implicate federal privacy statutes
in addition to the Fourth Amendment. For example, efforts to obtain an employee’s
files and e-mail from the employer’s network server raise issues under
the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-11 (discussed
in Chapter 3), and workplace monitoring of an employee’s Internet use implicates
Title III, 18 U.S.C. §§ 2510-22 (discussed in Chapter 4). Before
conducting a workplace search, investigators must make sure that their search
will not violate either the Fourth Amendment or relevant federal privacy statutes. Investigators
should contact CCIPS at (202) 514-1026 or the CTC in their district for further
assistance. 1. Private Sector Workplace Searches The rules for
conducting warrantless searches and seizures in private-sector workplaces generally
mirror the rules for conducting warrantless searches in homes and other personal
residences. Private company employees generally retain a reasonable expectation
of privacy in their workplaces. As a result, private-workplace searches by law
enforcement will usually require a warrant unless the agents can obtain the consent
of an employer or a co-worker with common authority. a) Reasonable Expectation of Privacy in Private-Sector Workplaces Private-sector
employees will usually retain a reasonable expectation of privacy in their office
space. In Mancusi v. DeForte, 392 U.S. 364 (1968), police officers
conducted a warrantless search of an office at a local union headquarters that
defendant Frank DeForte shared with several other union officials. In response
to DeForte’s claim that the search violated his Fourth Amendment rights,
the police officers argued that the joint use of the space by DeForte’s co-workers
made his expectation of privacy unreasonable. The Court disagreed, stating
that DeForte “still could reasonably have expected that only [his officemates]
and their personal or business guests would enter the office, and that records
would not be touched except with their permission or that of union higher-ups.”
Id. at 369. Because only a specific group of people actually enjoyed
joint access and use of DeForte’s office, the officers’ presence violated
DeForte’s reasonable expectation of privacy. See id. See
also United States v. Most, 876 F.2d 191, 198 (D.C. Cir. 1989) (“[A]n
individual need not shut himself off from the world in order to retain his fourth
amendment rights. He may invite his friends into his home but exclude the
police; he may share his office with co-workers without consenting to an official
search.”); United States v. Lyons, 706 F.2d 321, 325 (D.C. Cir. 1983)
(“One may freely admit guests of one’s choosing — or be legally
obligated to admit specific persons — without sacrificing one’s right
to expect that a space will remain secure against all others.”). As
a practical matter, then, private employees will generally retain an expectation
of privacy in their work space unless that space is “open to the world at
large.” Id. at 326. b) Consent in Private Sector-Workplaces Although most non-government workplaces will support a reasonable expectation of privacy from a law enforcement search, agents can defeat this expectation by obtaining the consent of a party who exercises common authority over the area searched. See Matlock, 415 U.S. at 171. In practice, this means that agents can often overcome the warrant requirement by obtaining the consent of the target’s employer or supervisor. Depending on the facts, a co-worker’s consent may suffice as well. Private-sector employers and supervisors generally enjoy a broad authority to consent to searches in the workplace. For example, in United States v. Gargiso, 456 F.2d 584 (2d Cir. 1972), a pre-Matlock case, agents conducting a criminal investigation of an employee of a private company sought access to a locked, wired-off area in the employer’s basement. The agents explained their needs to the company’s vice-president, who took the agents to the basement and opened the basement with his key. When the employee attempted to suppress the evidence that the agents discovered in the basement, the court held that the vice-president’s consent was effective. Because the vice-president shared supervisory power over the basement with the employee, the court reasoned, he could consent to the agents’ search of that area. Id. at 586-87. See also United States v. Bilanzich, 771 F.2d 292, 296-97 (7th Cir. 1985) (holding that the owner of a hotel could consent to search of locked room used by hotel employee to store records, even though owner did not carry a key, because employee worked at owner’s bidding); J.L. Foti Constr. Co. v. Donovan, 786 F.2d 714, 716-17 (6th Cir. 1986) (per curiam) (holding that a general contractor’s superintendent could consent to an inspection of an entire construction site, including subcontractor’s work area). In a close case, an employment policy or computer network banner that establishes the employer’s right to consent to a workplace search can help establish the employer’s common authority to consent under Matlock. See Appendix A. Agents
should be careful about relying on a co-worker’s consent to conduct a workplace
search. While employers generally retain the right to access their employees’
work spaces, co-workers may or may not, depending on the facts. When co-workers
do exercise common authority over a workspace, however, investigators can rely
on a co-worker’s consent to search that space. For example, in United
States v. Buettner-Janusch, 646 F.2d 759 (2d Cir. 1981), a professor and an
undergraduate research assistant at New York University consented to a search
of an NYU laboratory managed by a second professor suspected of using his laboratory
to manufacture LSD and other drugs. Although the search involved opening
vials and several other closed containers, the Second Circuit held that Matlock
authorized the search because both consenting co-workers had been authorized to
make full use of the lab for their research. See id. at 765-66. See
also United States v. Jenkins, 46 F.3d 447, 455-58 (5th Cir. 1995)
(allowing an employee to consent to a search of the employer’s property);
United States v. Murphy, 506 F.2d 529, 530 (9th Cir. 1974) (per curiam)
(same); United States v. Longo, 70 F. Supp.2d 225, 256 (W.D.N.Y. 1999)
(allowing secretary to consent to search of employer’s computer). But
see United States v. Buitrago Pelaez, 961 F. Supp. 64, 67-68 (S.D.N.Y.
1997) (holding that a receptionist could consent to a general search of the office,
but not of a locked safe to which receptionist did not know the combination).
c) Employer Searches in Private-Sector Workplaces Warrantless
workplace searches by private employers rarely violate the Fourth Amendment. So
long as the employer is not acting as an instrument or agent of the Government
at the time of the search, the search is a private search and the Fourth Amendment
does not apply. See Skinner v. Railway Labor Executives’ Ass’n,
489 U.S. 602, 614 (1989). 2. Public-Sector Workplace Searches Although
warrantless computer searches in private-sector workplaces follow familiar Fourth
Amendment rules, the application of the Fourth Amendment to public-sector workplace
searches of computers presents a different matter. In O’Connor v.
Ortega, 480 U.S. 709 (1987), the Supreme Court introduced a distinct framework
for evaluating warrantless searches in government workplaces that applies to computer
searches. According to O’Connor, a government employee can enjoy
a reasonable expectation of privacy in his workplace. See id.
at 717 (O’Connor, J., plurality opinion); Id. at 721 (Scalia, J.,
concurring). However, an expectation of privacy becomes unreasonable if “actual
office practices and procedures, or . . . legitimate regulation” permit the
employee’s supervisor, co-workers, or the public to enter the employee’s
workspace. Id. at 717 (O’Connor, J., plurality opinion). Further,
employers can conduct “reasonable” warrantless searches even if
the searches violate an employee’s reasonable expectation of privacy. Such
searches include work-related, noninvestigatory intrusions (e.g., entering an
employee’s locked office to retrieve a file) and reasonable investigations
into work-related misconduct. See id. at 725-26 (O’Connor,
J., plurality opinion); Id. at 732 (Scalia, J., concurring). a) Reasonable Expectation of Privacy in Public Workplaces The reasonable expectation of privacy test formulated by the O’Connor plurality asks whether a government employee’s workspace is “so open to fellow employees or to the public that no expectation of privacy is reasonable.” O’Connor, 480 U.S. at 718 (plurality opinion). This standard differs significantly from the standard analysis applied in private workplaces. Whereas private-sector employees enjoy a reasonable expectation of privacy in their workspace unless the space is “open to the world at large,” Lyons, 706 F.2d at 326, government employees retain a reasonable expectation of privacy in the workplace only if a case-by-case inquiry into “actual office practices and procedures” shows that it is reasonable for employees to expect that others will not enter their space. See O’Connor, 480 U.S. at 717 (plurality opinion); Rossi v. Town of Pelham, 35 F. Supp.2d. 58, 63 (D.N.H. 1997). See also O’Connor, 480 U.S. at 730-31 (Scalia, J., concurring) (noting the difference between the expectation-of-privacy analysis offered by the O’Connor pluralit |