X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Computer crime scene investigations are conducted in another world. Electronically stored information and computer software operate with their own set of rules that make comparisons to physical evidence misleading. Search warrants that target computerized evidence run the risk of becoming general warrants. And the Fourth Amendment’s injunctions of particularity and specificity in identifying the files to be seized are being challenged by the methods for acquiring them. Take, for example, the case of a sexual assault complaint filed in connection with a party attended by airmen from a military base on the night of Feb. 12, 2005. One of the airmen had taken photos at the party and was sought out as a witness. 1 He turned over the images, which had been copied to his laptop. But since the investigators believed his computer possibly held more evidence, they obtained a search warrant. It permitted an examination of the specified laptop and memory card for images from the night at issue. Later, a mirror image of the hard drive was being prepared to be sent to the forensic lab for analysis. The technician was unaware of the limitations prescribed by the warrant. In the process of confirming that the mirrored hard drive was functioning properly, she viewed all the photos as thumbnails. Although she had finished her assignment, the technician proceeded to inspect the thumbnails and discovered pictures of nude persons. Suspecting contraband, she opened one image file uncovering illicit pornography. After continuing the search for nearly 30 minutes and locating more images, she advised the investigators of what she had found. Now that a second investigation was under way involving the same computer, a new search warrant was obtained for the pornographic files. The witness, now suspect, was ultimately convicted of possession of illegal pornography. According to the U.S. Air Force Court of Criminal Appeals, the computer technician went beyond the bounds of the first search warrant when she opened a thumbnail to determine if it was contraband. Her actions had nothing to do with confirming the mirror imaging operation or locating pictures from the party. A duplicate hard drive could have been created within the scope of the warrant. The search authorization did not allow investigators to look into image files outside the date of the party. Moreover, since the technician was oblivious to the terms of the warrant, she could not possibly have intended to find relevant evidence. While “computers make tempting targets in searches for incriminating information,” the proper approach would have been to seek a second warrant before opening files unrelated to the primary investigation. The court concluded that in computer cases, specificity was essential in defining the scope of the warrant and the search process. The problem in applying the Fourth Amendment to computer searches is finding an appropriate analogy in the physical world. Unlike paper documents, a computer file or data must be converted by software to be read and understood. A file name is not always indicative, and crossing the threshold into its contents begs the question of whether it was within the scope of the warrant. Seizing thousands of mutable files that change every time they are opened exceeds the boundaries of any search warrant without some restraints or protocols. The Carey-Tamura special approach speaks to this point. In the late 1970s, Leigh Raymond Tamura was accused of bribery connected with bid rigging in a scheme involving his company, an importer of telephone cable. 2 An FBI search warrant for company paper files covered contracts for cable sales, payments made to an engineer involved in the scheme, and travel records of the principals. In light of the company employees’ refusal to help them search the files, the agents seized all records and sorted them out at another location. The fundamental issue was the lawfulness of a wholesale seizure of records clearly beyond the scope of the warrant. The government’s argument underscored the onerousness of sorting through the records on site. The trial court agreed and admitted the documents. Citing the American Law Institute’s Model Code of Pre-Arraignment Procedure, the appeals court concluded that when it was unfeasible to conduct a search at the location, application should be made to a magistrate judge asking for permission to remove the files in toto, which should then be sealed and held pending approval. So long as the agents were motivated by practical concerns, and not on a fishing expedition or acting unconscionably, their conduct could be considered reasonable. The Tamura approach to intermingled paper files evolved into the second warrant requirement found in computer cases and Department of Justice protocols. ‘Carey’ Ruling The Kansas police were interested in Patrick Carey based on their investigation into drug selling activities at his home. 3 With his consent, the police searched his apartment for drugs and related items. In the process, they found two computers. The machines were brought back to the station and the officers obtained a search warrant to look for names, phone numbers, receipts and other evidence of drug sale activities. A keyword search of text files for relevant terms came up empty. However, the computer directories revealed JPG files with “sexually suggestive titles.” The detective admitted being unfamiliar with the use of JPG files by drug dealers. The first JPG file he opened showed what he believed to be illicit pornography. For five hours, he continued searching through other image files before returning to his original purpose of trying to find drug related information. No warrant had been requested for the JPG search. Until the first image file was opened, there was no reason to suspect Carey had illicit pornography. The government’s plain view argument was insupportable, since the contents of the files were not immediately apparent to the investigators. Moreover, they already understood their obligation to first get a search warrant, since they had requested one before conducting the original computer search for drug data. Looking through closed image files under these circumstances was outside the scope of the warrant. The Carey decision underscores the nuances involved in computer searches and the distinction from conventional paper files. Judge John C. Porfilio, writing for the U.S. Court of Appeals for the Tenth Circuit, observed: “Relying on analogies to closed containers or file cabinets may lead courts to ‘oversimplify a complex area of Fourth Amendment doctrines and ignore the realities of massive modern computer storage.’” NEW YORK APPLICATION In 2003, a New York court recognized the soundness of the Carey-Tamura approach. 4 The police had a warrant to search the residence of Robert Carratu in connection with the sale of illegal cable boxes. The warrant delineated crime-specific physical devices such as descramblers, sale and purchase records, manuals and notably, computers and diskettes. Three computers were discovered and brought back to the crime lab for forensic analysis. The folders and file names were examined to find evidence related to illegal cable operations. One folder was clearly marked “Fake I.D.” and contained image files of driver’s licenses, Social Security cards and other documents. This evidence was used to support a charge of possession of a forgery device. Relying on Carey, the judge found the search exceeded the scope of the warrant. The particularity requirement was breached because the warrant only permitted a search of text files related to illegal cable activities, and not image files pertaining to forgery. The detective opened an image file because he believed it contained evidence of forgery, not theft of services. Examining those files was not inadvertent nor was the evidence in plain view. The folder name justified seeking another warrant for a new search. Therefore, the court suppressed the false identification files. FEDERAL PROTOCOLS Whether or not local police have a set of protocols for searching computers, the Department of Justice does. First, there is the oft-cited Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations released in 2002. 5 Two years later, the department published the Forensic Examination of Digital Evidence, 6 and this year it issued the second edition of Electronic Crime Scene Investigation. 7 In a decision from the Southern District of New York, Judge Kenneth M. Karas illuminated some of the complex problems arising from search warrants for computer-based evidence. 8 Citing the Searching and Seizing Computers manual, and other authorities, he pointed out that “when the government seeks to seize the information stored on a computer, as opposed to the computer itself, that underlying information must be identified with particularity and its seizure independently supported by probable cause.” And in a Florida case involving a search through intermingled computer files, a judge noted: “The better practice would have been to follow the DOJ guidelines in developing a search strategy and presenting that strategy to the magistrate judge, and the failure to do so is troubling.” Still, the absence of a proper search strategy was not fatal to the warrant’s validity. 9 In these cases, the police had possession of the computers and there were no exigent circumstances to justify unbridled searching. From their vantage point, the investigators had several options to minimize the intrusiveness of their search by focusing on file types, file names, keyword searches, dates, search topics, etc. The Searching and Seizing Computers manual contains two significant recommendations: When agents obtain a warrant to seize hardware that is itself evidence, contraband, or an instrumentality of crime, they should explain in the affidavit whether and how they plan to search the hardware following the seizure . . . In general, agents should obtain a second warrant to search a computer seized pursuant to a valid warrant if the property targeted by the proposed search is different from that underlying the first warrant. These guidelines underscore the importance of specificity and particularity in the computer information sought and the methods for finding it. Computer files are distinct entities, distinguishable from other physical evidence. They are dynamic, and their contents changeable requiring translation to be viewed and understood. Search limiting protocols are essential to curb overbroad and unfettered examination of private files in a growing range of formats. Practicality, convenience and necessity are poor guarantees of constitutional protections. New technologies demand new solutions to protect individual rights. And the limitations of computer search methods should not diminish the protections guaranteed by the Fourth Amendment. Ken Strutin is director of legal information services at the New York State Defenders Association. Endnotes: 1. United States v. Osorio, 2008 CCA Lexis 184 (A.F. Crim. App. May 9, 2008). 2. United States v. Tamura, 694 F.2d 591 (9th Cir. 1982). 3. United States v. Carey, 172 F.3d 1268 (10th Cir. 1999). 4. People v. Carratu, 194 Misc. 2d 595 (Sup. Ct. Nassau County 2003). 5. http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm. 6. http://www.ncjrs.gov/pdffiles1/nij/199408.pdf. 7. http://www.ncjrs.gov/pdffiles1/nij/219941.pdf. 8. United States v. Vilar, 2007 U.S. Dist. LEXIS 26993 (S.D.N.Y. April 4, 2007). 9. United States v. Maali, 346 F. Supp. 2d 1226, 1247 (M.D. Fla. 2004).

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.