596 lines
34 KiB
Plaintext
596 lines
34 KiB
Plaintext
Article 8 of comp.org.eff.news:
|
|
Xref: vpnet comp.org.eff.news:8 comp.org.eff.talk:868 misc.legal:1503
|
|
Path: vpnet!tellab5!laidbak!ism.isc.com!ispd-newsserver!rpi!usc!elroy.jpl.nasa.gov!decwrl!world!eff!mnemonic
|
|
From: mnemonic@eff.org (Mike Godwin)
|
|
Newsgroups: comp.org.eff.news,comp.org.eff.talk,misc.legal
|
|
Subject: Less intrusive, more efficient searches and seizures
|
|
Summary: Need suggestions in response to Virus Conference paper
|
|
Message-ID: <1991Apr3.161113.21048@eff.org>
|
|
Date: 3 Apr 91 16:11:13 GMT
|
|
Followup-To: comp.org.eff.talk
|
|
Organization: The Electronic Frontier Foundation
|
|
Lines: 577
|
|
Approved: mnemonic@eff.org
|
|
|
|
|
|
Mitch Kapor and I submitted the following paper to the
|
|
Fourth Annual Computer Virus and Security Conference in
|
|
New York earlier in March. Since then, discussions of the paper
|
|
have led to two main lines of feedback: a) law enforcement
|
|
needs *technical* guidance about gathering computer evidence
|
|
without being overinclusive, yet meeting the requirements of
|
|
the rules of evidence, and b) civil-liberties and law-enforcement
|
|
needs converge on the need for less intrusive searches, since
|
|
LE would like to be able to search efficiently and not have to
|
|
scan whole hard disks for information.
|
|
|
|
In the interest of being able to develop these technical guidelines,
|
|
which should supplement and help implement the legal guidelines
|
|
discussed in the paper, we publish the paper here, and ask for your
|
|
responses.
|
|
|
|
---------------------------------------------------------
|
|
|
|
Civil Liberties Implications of Computer Searches and
|
|
Seizures:
|
|
Some Proposed Guidelines for Magistrates Who Issue Search
|
|
Warrants
|
|
|
|
Submitted by:
|
|
|
|
Mitchell Kapor, B.A. Yale (1971), M.A. Beacon College (1978)
|
|
President, The Electronic Frontier Foundation
|
|
|
|
Mike Godwin, B.A. University of Texas at Austin (1980), J.D. (1990)
|
|
Staff Counsel, The Electronic Frontier Foundation
|
|
|
|
|
|
I. Introduction.
|
|
|
|
We are now about a decade and a half into the era of affordable
|
|
desktop computers. Yet for most people--and especially for the legal
|
|
community--the civil-liberties implications of this new consumer
|
|
technology have only barely begun to register. Only by acquiring a
|
|
knowledge of the new technology, of its uses, and of its importance to
|
|
traditional civil liberties can we guarantee the protection of those civil
|
|
liberties in the future.
|
|
Currently, the Electronic Frontier Foundation (EFF) is focusing
|
|
on two major aspects of this failure of the law-enforcement
|
|
community to fully incorporate civil-liberties awareness in its
|
|
investigations of computer-related crime:
|
|
|
|
1) When law enforcement officials lack understanding both of
|
|
the new technology and--just as important--of how it is normally used,
|
|
they simply cannot conduct the discretion-less, "particular" searches
|
|
and seizures required by the Fourth Amendment1 when those searches
|
|
and seizures involve computer equipment and data.
|
|
|
|
2) The electronic conferencing systems offered by computer-
|
|
based electronic bulletin-board systems (BBSs), commercial
|
|
information services, and noncommercial computer networks--which
|
|
may, to various degrees, be subject to law-enforcement searches and
|
|
seizures--have created an environment for some of the most vigorous
|
|
exercise of First Amendment prerogatives this nation has ever seen.
|
|
When law enforcement does not routinely recognize the First
|
|
Amendment significance of BBSs and other forms of electronic speech
|
|
and publishing, its broad searches and seizures can "chill" the free
|
|
exercise of those First Amendment rights.
|
|
|
|
This paper is adapted from the EFF's response to the American
|
|
Bar Association Criminal Justice Section's suggested guidelines for the
|
|
issuance of search warrants relating to business records (July 1990)2.
|
|
The guidelines seemed to be based in large part on J. McEwan,
|
|
Dedicated Computer Crime Units (1989), D. Parker, Computer Crime:
|
|
Criminal Justice Resource Manual (1989), and C. Conly, Organizing for
|
|
Computer Crime Investigation and Prosecution. Published by the
|
|
National Institute of Justice, all three publications were oriented
|
|
toward informing law enforcement of the kinds of abuses to which
|
|
computer technology potentially lends itself.
|
|
But while such a focus may be useful for prosecutors, who may
|
|
need to be brought up to speed on the technology, it is not a good focus
|
|
for magistrates, who must evaluate law enforcement's claims that
|
|
there is probable cause for particular searches and seizures in particular
|
|
cases. For example, it may be useful for prosecutors to know that "the
|
|
data in the storage device or media can be erased, replaced with other
|
|
data, hidden, encrypted, modified, misnamed, misrepresented,
|
|
physically destroyed, or otherwise made unusable."3 But this does not
|
|
mean that the magistrate should always find probable cause to believe
|
|
that a particular computer owner or operator has done so, and then
|
|
authorize a highly intrusive and disruptive seizure of a BBS so that
|
|
investigators can do a low-level search for hidden or encrypted data.
|
|
Similarly, the fact that a clever hobbyist can find criminal uses
|
|
for all sorts of equipment does not create probable cause to believe that
|
|
every piece of electronic property that could conceivably be used in any
|
|
type of computer crime -- or that could conceivably be evidence in
|
|
some type of computer crime -- should be seized in every
|
|
investigation.4
|
|
Moreover, the kind of exhaustive listing of potential computer-
|
|
crimes and crime techniques in these references, together with their
|
|
instructive but not particularly representative anecdotal evidence,
|
|
cannot help but give both law-enforcement agents and magistrates the
|
|
impression that BBSs and similar systems are likely to be used for
|
|
computer-related crimes of various sorts.
|
|
Our criticism of the original ABA Criminal Justice Section
|
|
suggested guidelines was basically threefold:
|
|
1) There was no guidance to the magistrate as to when the
|
|
computer or related equipment should not be seized, either because it
|
|
is not necessary as evidence or because such a seizure would intolerably
|
|
"chill" the lawful exercise of First Amendment rights or abridge a
|
|
property owner's Fourth Amendment rights.
|
|
2) There was inadequate recognition of the business or
|
|
individual computer owner's interest in continuing with lawful
|
|
commercial business, which might be hindered or halted by the seizure
|
|
of an expensive computer.
|
|
3) There was no effort to measure the actual likelihood that
|
|
investigators would find computers equipped with such justice-
|
|
obstructing measures as automatic-erasure software or "degausser"
|
|
boobytrap hardware, the presence of which might justify a "no-knock"
|
|
search and seizure, among other responses.
|
|
Section II of this paper, infra, contains the EFF's general
|
|
comments on the suggested guidelines. while Section III contains our
|
|
amended version of those guidelines.
|
|
|
|
|
|
II. Comments on Proposed Guidelines on Searches and Seizures
|
|
|
|
A. Searches and seizures of computers used for publishing or
|
|
electronic bulletin boards.
|
|
|
|
While the same legal principles apply to searches and seizures of
|
|
computerized records as to other records, when the search is of records
|
|
on a computer used for publishing or for operating an electronic
|
|
bulletin board system (BBS), the need for particularity is heightened
|
|
since the material to be searched may be protected by the First
|
|
Amendment. Particularity is also needed because First Amendment
|
|
rights of association and statutory rights of privacy may be impinged by
|
|
seizure of electronic mail or other private and third-party
|
|
correspondence.
|
|
Also, seizure of a computer used by a publication or for running
|
|
an electronic bulletin board system (BBS) may violate the First
|
|
Amendment by acting as a prior restraint on future speech and by
|
|
interfering with the rights of expression and association of the operator
|
|
and users of the system.
|
|
|
|
B. No-knock entries because of risk of destruction of data.
|
|
|
|
We believe the concern with possible destruction of data,
|
|
whether stored internally or externally, is overstated in the proposed
|
|
commentary. Such a concern can justify a "no-knock" entry only in
|
|
rare circumstances on a strong factual showing by law enforcement
|
|
personnel. First, we are not aware of any data showing that a device
|
|
like a degausser is frequently or commonly used to destroy evidence
|
|
during a search. Second, the only data that can be destroyed "at the flip
|
|
of a [power] switch" is the relatively small amount of information in
|
|
the internal memory (RAM) of a computer, and not information
|
|
stored on an internal hard disc. Information is only contained in RAM
|
|
when a computer is being actively operated, and then only information
|
|
about the current application the computer is running.
|
|
Thus, in order for a no-knock entry to be warranted, there must
|
|
be credible evidence presented to the judicial officer either that (l) it is
|
|
likely that the suspects have a device like a degausser by which data
|
|
will be destroyed, or (2) the computer user will be using the computer
|
|
for illegal purposes at the time of the search, e.g., when a warrant is
|
|
sought at the moment a telephone tap demonstrates that computer
|
|
user is in the act of using the computer to illegally access a computer
|
|
database without authorization.
|
|
|
|
C. Searches and seizures when the computer is used for electronic
|
|
communications (e-mail).
|
|
|
|
E-mail and other stored electronic communications are protected
|
|
by the Electronic Communications Privacy Act, 18 U.S.C. 2701-2711. E-
|
|
mail should thus be protected from search and seizure, unless there is
|
|
probable cause to search and seize a specific electronic communication.
|
|
Accordingly, if a search is likely to take place of a computer which
|
|
provides an e-mail service to users, such as most BBSs, the affiant
|
|
should inform the judicial officer of this possibility so that the judicial
|
|
officer can establish procedures to ensure that the officers executing the
|
|
warrant do not view e-mail for which no probable cause exists, and to
|
|
ensure that the BBS computer is not seized unnecessarily as this will
|
|
prevent the authorized access of users to their e-mail.
|
|
|
|
D. Search vs. seizure
|
|
|
|
We suggest that the commentary make a stronger distinction
|
|
between the factors applicable to searches of computers, and those
|
|
which demonstrate that the seizure itself of a computer or of discs is
|
|
warranted. Because of this, we propose that several of the paragraphs
|
|
be rearranged.
|
|
|
|
E. Seizure of computer discs.
|
|
|
|
Often, warrants have provided for the wholesale seizure of all
|
|
computer discs, without any requirement that the officers executing the
|
|
warrant review the data contained on each disc and seize copies only of
|
|
relevant files. Because of the voluminous amount of materials that
|
|
can be stored on a computer disc, such a seizure is often equivalent to a
|
|
prohibited general search, as it permits the seizure of a great many files
|
|
for which there is no probable cause to seize. The commentary does
|
|
mention the possibility of establishing a procedure to ensure that not
|
|
all files on a disc are seized, but we believe this should be further
|
|
emphasized.
|
|
We believe that that only in the situation where an entire
|
|
organization is permeated with fraud or other misconduct is the
|
|
wholesale seizure of computer discs appropriate. In all other
|
|
circumstances, the search of the computer discs for seizable data should
|
|
be conducted on the organization's premises. While this type of on-
|
|
premises search may be time-consuming, the same exact procedure is
|
|
followed when officers executing a warrant are searching through
|
|
hard-copy files for seizable material. The judicial officer should allow
|
|
the wholesale seizure of discs and a search off-premises of these discs
|
|
for seizable material only if the affiant can present specific factors
|
|
which demonstrate a necessity for an off-premises search. Further, if
|
|
the judicial officer does permit an off-premises search of the computer
|
|
discs, the warrant should require that such a search take place promptly
|
|
(presumptively within a matter of days), and that the officers executing
|
|
the warrant then promptly copy only the relevant parts of the discs and
|
|
immediately return the originals to the owner or custodian.
|
|
The citation to Voss v. Bergsgaard, 774 F.2d 402 (10th Cir. 1985),
|
|
does not support the proposition it is cited for, in that it suggests the
|
|
description there was sufficiently particular when in fact the Court held
|
|
the warrant unconstitutionally overbroad.
|
|
|
|
F. Seizure of computer where isolated information or records stored on
|
|
the computer is the object of the search.
|
|
|
|
While the seizure of a computer should be authorized when the
|
|
computer is the instrumentality of a crime, in most other
|
|
circumstances, where officials seek isolated information or records
|
|
stored on the computer, seizure should not be authorized. In the first
|
|
place, such a seizure would violate the particularity requirement as
|
|
many non-seizable records would be seized. Secondly, the seizure may
|
|
force a halt to legitimate business operations.
|
|
In such circumstances, the judicial officer should require that the
|
|
search of the computer hard drive take place at the organization's
|
|
premises, and that the officers executing the warrant make copies only
|
|
of the seizable files or data.
|
|
|
|
|
|
III. Revisions to Business Record Guidelines and Guideline
|
|
Commentary
|
|
|
|
The original ABA Criminal Justice Section Suggested Guideline
|
|
appeared in the form of a two-paragraph "Guideline" articulating the
|
|
general principles underlying Constitutional searches and seizures of
|
|
business records, followed by four pages of "Commentary" laying out
|
|
the legal issues raised by business-record searches and seizures, with a
|
|
particular focus on computer-based records. We prepared suggested
|
|
modifications to the guideline and to the commentary which
|
|
incorporates the discussion in Sections I and II.
|
|
|
|
A. As to the guideline, the first two paragraphs read as follows:
|
|
|
|
As is the case generally, the description for searches and seizures
|
|
of business records should be so definite that it eliminates officer
|
|
discretion in determining which items are covered, which are
|
|
not, and when the search must come to an end. However,
|
|
because it is not always possible to meet this standard, the
|
|
particularity requirement may be applied with less rigidity than
|
|
in other settings. The judicial officer, in assessing particularity,
|
|
must determine if the description of the records (whether in
|
|
writing or electronically maintained) is as specific as the
|
|
circumstances allow -- or, in the alternative, whether the
|
|
description is sufficiently specific to prevent the searching party
|
|
from unnecessarily examining non-relevant records in order to
|
|
find the desired records.
|
|
|
|
The particularity requirement is most likely to be met when (1)
|
|
probable cause exists to seize all the items within a particular
|
|
category, as when the entire enterprise is permeated with fraud
|
|
or other misconduct, or (2) when the warrant sets out some
|
|
objective standard, a limiting feature, that allows the officers to
|
|
differentiate between what can and cannot be seized, or (3) when
|
|
the application describes as fully as possible, in light of what the
|
|
investigators know, what is to be seized, or (4) when the warrant
|
|
spells out a method for executing the search that limits the
|
|
exposure of non-relevant materials, such as appointing a third-
|
|
party monitor.
|
|
|
|
To this Guideline EFF proposed adding the following paragraph:
|
|
|
|
"Warrants for computerized records must be drawn narrowly
|
|
and with enough specificity to eliminate or minimize the researchers'
|
|
discretion and intrusion into other materials stored on the computer.
|
|
Seizure of the computer itself, while proper in the limited
|
|
circumstances where it is the instrumentality of a crime (as when the
|
|
computer is itself a tool directly used to commit telecommunications
|
|
fraud), is generally not justified when the object of the search is
|
|
evidence stored on the computer, particularly since seizure of the
|
|
computer may force a legitimate business to cease operations. Where
|
|
the computer being searched is used in the publication or
|
|
communication of information, warrants must be drawn even more
|
|
narrowly to avoid infringing on First Amendment rights of expression
|
|
and association, and seizures of such computers may also violate First
|
|
Amendment rights unless the computer is the instrumentality of a
|
|
crime."
|
|
|
|
In the commentary, the additions we suggested are underlined, and at
|
|
any point where we suggest deleting some material we have indicated
|
|
this by brackets ([]). In addition, our proposal rearranged several of the
|
|
paragraphs:
|
|
|
|
(Beginning after Second Paragraph on p. 39)
|
|
When the records are electronically stored in a computer, as is
|
|
frequently the situation, the same legal principles apply. [] In most
|
|
respects, search and seizure issues in computer cases are like those in
|
|
other criminal cases. J. McEWAN, DEDICATED COMPUTER CRIME
|
|
UNITS 55-56 (189); CF. D. PARKER, COMPUTER CRIME: CRIMINAL
|
|
JUSTICE RESOURCE MANUAL (1989).
|
|
When computerized records are sought, they must be described,
|
|
as in the case with written records, with enough specificity to eliminate
|
|
or minimize the searchers' discretion as to what may be examined and
|
|
seized. When the information sought can be made definite (e.g., a
|
|
memorandum from sales manager Jones to field agent Smith, dated
|
|
March 11, 1980, concerning the sale of certain chemicals), the
|
|
particularity requirement is easily satisfied whether the record is in
|
|
writing or electronically stored. If it is likely that the record of this
|
|
document exists only in electronic form, the particular computer and
|
|
storage media should be identified, and the affidavit should be clear
|
|
that the searchers have the technical capacity to access the information.
|
|
The need for particularity is heightened where the computer to
|
|
be searched is used for a newspaper, magazine, electronic publishing or
|
|
to operate an electronic bulletin board.5 There are "special restraints
|
|
upon searches for and seizures of material arguably protected by the
|
|
First Amendment." Lo-Ji Sales, Inc. v. New York, 442 U.S. 319, 326 n.5
|
|
(1970). Where the materials to be seized may be protected by the First
|
|
Amendment, both the particularity requirement and the probable
|
|
cause requirement must be met with "scrupulous exactitude." See, e.g.,
|
|
Voss v. Bergsgaard, 774 F.2d 402, 405 (10th Cir. 1985) (quoting Stanford
|
|
v. Texas, 379 U.S. 476, 485 (1965) and citing Zurcher v. Stanford Daily,
|
|
436 U.S. 547, 565 (1978).
|
|
In addition, when a computer used to operate a BBS is searched,
|
|
there is significant danger that First Amendment rights of association
|
|
and statutory rights of privacy may be impinged by seizure of electronic
|
|
mail (e-mail) or other private communications which have no relation
|
|
to the alleged criminal activity justifying the search. Seizure and
|
|
search of e-mail isgoverned by the procedures of the Electronic
|
|
Communications Privacy Act, 18 U.S.C. 2701-2711. Similarly, seizure
|
|
of material on a BBS meant for publication or dissemination which is
|
|
not related to the alleged crime may violate First Amendment rights of
|
|
free expression.
|
|
When the affiant describes [] the records to be seized only in
|
|
general terms, such as "books, letters, papers, memoranda, contracts,
|
|
files, computer tape logs, computer operation manuals, and computer
|
|
tape printouts," there is a likelihood that the particularity
|
|
requirements have not been met. In such a circumstance, the judicial
|
|
officer should question the affiant to see whether any additional
|
|
limiting standards -- time period, authorship, transaction, or offense,
|
|
for example -- can be established. The more limitations in the affidavit,
|
|
the more likely that Fourth Amendment particularity exists.6
|
|
In some instances, the affidavit may contemplate so extensive a
|
|
seizure of computerized data that a successful search would cripple the
|
|
business. Under these circumstances,the judicial officer should explore
|
|
with the applicant the feasibility of copying or otherwise acquiring the
|
|
information sought without depriving the owner or custodian of its
|
|
use. Since the justification for a search is to gather evidence, not close a
|
|
business, it is important that the seizure be no more intrusive than
|
|
necessary. To this end, the judicial officer may require the applicant to
|
|
demonstrate technical expertise or access to such.
|
|
One troubling problem arises from the way computerized
|
|
records are stored. Because computer discs have such a large storage
|
|
capacity, it is common to store unrelated data on the same disc. This
|
|
means that a seizure of an entire disc may involve substantial amounts
|
|
of information that is not relevant to the inquiry. When the discs are
|
|
maintained by an innocent third party, such as a large accounting firm,
|
|
the invasion of privacy is compounded, since the relevant discs may
|
|
also contain data for other clients of the firm. To protect the rights of
|
|
these third parties, special procedures may be necessary.
|
|
Similarly, the wholesale seizure of a large number of computer
|
|
discs would appear to violate the particularity requirement, and be a
|
|
prohibited general search, in a situation where the entire organization
|
|
is not permeated with fraud or other misconduct.7 In such cases, the
|
|
search of the computer discs for seizable items preferably should be
|
|
conducted on the organization's premises. Wholesale removal of discs
|
|
for off-premises searches should be authorized only if identifiable
|
|
particular circumstances so mandate, and in such case the officers
|
|
executing the warrant should promptly copy only relevant parts of the
|
|
discs and promptly return the discs to the owner or custodian.
|
|
To limit the scope of the seizure and the invasion of the rights of
|
|
the third parties, and to protect the owner's rights (and the custodian as
|
|
well), the judicial officer should consider (1) appointing an expert to
|
|
accompany the law enforcement officers on the search to provide
|
|
guidance to them in identifying the named items; (2) directing that all
|
|
searches of discs for seizable items be conducted on the organization's
|
|
premises, and (3) in situations where an on-premise search of the discs
|
|
is not feasible because of specific reasons, establishing a procedure
|
|
whereby the relevant parts of the disc may be promptly copied and then
|
|
the original returned to the owner or custodian within a reasonable
|
|
period of time, presumptively no longer than several days.
|
|
The computer itself may be subject to seizure when it is an
|
|
instrumentality for the commission of an offense, for example when it
|
|
is employed to commit a host of illegal acts: software piracy,
|
|
embezzlement, and telecommunications fraud are among these.8 For
|
|
a fuller description of offenses committed with computers, see
|
|
McEWAN, DEDICATED COMPUTER CRIME, Units 1-5, 38 (1989).
|
|
Computers may also serve criminal enterprises by maintaining
|
|
databases of, for example, drug distributions or customers for child
|
|
pornography. In terms of establishing probable cause and particularity,
|
|
the affidavit must, as is generally true, provide reason to believe that
|
|
an offense has been committed, and that the object to be seized -- the
|
|
computer -- is implicated. The computer should be identified as fully
|
|
as possible, i.e., by manufacturer, model number and serial number to
|
|
meet the particularity requirement.
|
|
Seizure of the computer itself should not be authorized where
|
|
information or records stored on the computer are the only object of
|
|
the search. Such computer seizures and the attendant seizure of all
|
|
data on the computer's hard drive would not meet the particularity
|
|
requirement. In addition, as with the wholesale seizure of
|
|
computerized records, the seizure of the computer will often make it
|
|
impossible for a lawful business to continue operating. If the computer
|
|
is used for publishing or communicating information, e.g., if it is used
|
|
by a newspaper, publication or for running a BBS, seizure may violate
|
|
the First Amendment, because the seizure may act as a prior restraint
|
|
on future speech or may interfere with the rights of expression and
|
|
association of the operator and users of the system.
|
|
Because a computer is actually a system of several parts, the
|
|
affidavit should specify what exactly is to be seized. An expert may be
|
|
necessary in order to ensure a complete and precise listing.
|
|
When the affidavit, of necessity, employs technical language to
|
|
explain the offense involved, such as "patching a long distance phone
|
|
call to avoid paying the toll," See Ottensmeyer v. Chesapeake and
|
|
Potomac Tel. Co., 756 F.2d 986 (4th Cir. 1985), the affiant's credentials,
|
|
training, and education in computer sciences should be set forth so that
|
|
the judicial officer has a basis for evaluating the analysis and
|
|
interpretation in the affidavit. In unusual situations when the judicial
|
|
officer has difficulty comprehending the nature of the offense alleged,
|
|
or questions the expertise of the affiant or the affiant's witnesses, the
|
|
judicial officer can summon an expert witness to provide additional
|
|
testimony. Ordinarily, however, the procedure is to require the affiant
|
|
to further supplement the affidavit, or attempt to rewrite it to meet the
|
|
judicial officer's objections. The judicial officer may also require an
|
|
expert to accompany the affiant in order to insure that the seizable
|
|
items are properly identified and removed in a reasonable manner to
|
|
avoid injury to property, [] needless exposure of unrelated records, or
|
|
infringement of First Amendment rights. In Ottensmeyer, 756 F.2d at
|
|
986, an expert accompanied the searching party. Cf. De Massa v.
|
|
Nunez, 747 F.2d 1283 (9th Cir. 1984) (special master appointed to
|
|
supervise the seizure of documents during execution of warrant at
|
|
attorney's office); Forro Precision Inc. v. International Business
|
|
Machine Corp., 673 F.2d 1045 (9th Cir. 1982) (discussing the role of an
|
|
expert during the execution of the warrant).
|
|
Because computer systems increasingly rely on complicated
|
|
access procedures and may also have the capacity to destroy data when
|
|
an unauthorized user attempts to access them there is an additional
|
|
need for expertise. The judicial officer should make sure that the
|
|
officers executing the warrant have the capacity to make the seizure
|
|
without destroying data or damaging property unnecessarily, and thus
|
|
may appoint an outside expert to monitor or supervise the execution of
|
|
the warrant. The appointment of an expert provides added assurance
|
|
that (1) there will not be an inadvertent interruption in the electric
|
|
power during data manipulation by the officers that could result in the
|
|
loss of information, (2) that if there is a hard disc drive, the heads on
|
|
the drive will be "parked" before moving the system to avoid
|
|
destroying stored information, (3) that when such equipment as
|
|
telephone modems, auto-dialers, and printers are connected to the
|
|
computer, they will be disconnected without loss of information, and
|
|
(4) that the officers executing the search warrant will not
|
|
unintentionally change data while collecting evidence. See generally,
|
|
C. CONLY, ORGANIZING FOR COMPUTER CRIME INVESTIGATION
|
|
AND PROSECUTION 22 (1989).
|
|
|
|
|
|
IV. Conclusion.
|
|
|
|
These suggestions were submitted to the ABA through Judge
|
|
William R. McMahon of Ohio, who chairs the ABA, NCSCJ committee
|
|
on Modern Technology and the Courts. It is the EFF's hope that these
|
|
suggestions can also be used as a resource by state and federal
|
|
legislatures, by state and federal judiciaries, and--perhaps most
|
|
importantly--by the front-line law-enforcement officials and
|
|
prosecutors whose job it is to integrate the enforcement of the law with
|
|
the preservation of our civil liberties.
|
|
1The Fourth Amendment to the U.S. Constitution states that "The
|
|
right of the people to be secure in their persons, houses, papers, and
|
|
effects, against unreasonable searches and seizures, shall not be
|
|
violated, and no Warrants shall issue, but upon probable cause,
|
|
supported by Oath or affirmation, and particularly describing the
|
|
place to be searched, and the persons or things to be seized."
|
|
2Sections II and III of this paper were originally researched and
|
|
written for EFF by Nick Poser, Esq., and Terry Gross, Esq., of
|
|
Rabinowitz, Boudin, Standard, Krinsky & Lieberman. Harvey
|
|
Silverglate, Esq., and Sharon Beckman, Esq., of Silverglate & Good
|
|
reviewed these sections and offered valuable suggestions and
|
|
comments.
|
|
|
|
3D. Parker, Computer Crime: Criminal Justice Resource Manual
|
|
(1989), page 68.
|
|
4 A "sample" search warrant in Conly, Organizing for Computer
|
|
Crime Investigation and Prosecution includes the following
|
|
language:
|
|
|
|
"In the County of Baltimore, there is now property subject to
|
|
seizure, such as computers, keyboards, central processing units,
|
|
external and/or internal drives, internal and/or external
|
|
storage devices such as magnetic tapes and/or disks, terminals
|
|
and/or video display units and/or receiving devices and
|
|
peripheral equipment such as, but not limited to, printers,
|
|
automatic dialers, modems, acoustic couplers, and or [sic] direct
|
|
line couplers, peripheral interface boards and connecting cables
|
|
or ribbons, diaries, logs, and other records, correspondence,
|
|
journals, ledgers memoranda [sic], computer software,
|
|
programs and source documentation, computer logs, magnetic
|
|
audio tapes and recorders used in the obtaining, maintenance,
|
|
and or [sic] dissemination of information obtained from the
|
|
official files and computers of the [sic] MCI
|
|
Telecommunications Inc. and other evidence of the offense."
|
|
|
|
Although clearly taken from a warrant drafted for a specific
|
|
crime involving MCI, this language is frequently copied almost
|
|
verbatim in warrants involving far different crimes. Moreover, the
|
|
drafters, perhaps afraid that their language was not sufficiently
|
|
inclusive, made sure to add the phrase "such as, but not limited to"
|
|
in reference to what qualifies as a "peripheral" for the purposes of the
|
|
warrant. One may wonder how such a broad description meets the
|
|
"particularly describing" clause of the Fourth Amendment, or how it
|
|
limits the discretion of the executing officer as to which property he
|
|
or she will seize.
|
|
5 There is growing recognition that bulletin board systems (BBSs) are
|
|
a form of press. See, e.g., An Electronic Soapbox: Computer Bulletin
|
|
Boards and the First Amendment, 39 Fed. Com. L. J. 217, 240 (1988),
|
|
citing Legi-Tech, Inc. v. Keiper, 766 F.2d 728, 734-36 (2d Cir. 1985).
|
|
6Two problems, unrelated to particularity, may arise with respect to
|
|
the seizure of computerized data. [] First, in certain circumstances,
|
|
affiants may have specific information that the suspects have devices
|
|
by which computerized data may be rapidly destroyed, and in such
|
|
cases affiants may seek permission to enter the premises without
|
|
announcing their authority and purpose. Affiants may also seek such
|
|
permission in cases where it is known that the suspect will be using
|
|
the computer for illegal purposes at the time of the search, e.g., when
|
|
a warrant is sought at the moment a telephone tap demonstrates that
|
|
the computer user is in the act of illegally accessing a computer
|
|
database over the telephone lines, as evidence of the crime could be
|
|
lost if the computer user shuts off the computer. For an analysis of
|
|
the standard for "no-knock" entries in business premises see
|
|
Guideline 10.3 infra.
|
|
|
|
The second problem relates to the time period in which the
|
|
computerized data are stored. In addition, unlike written records,
|
|
data internal to the system are not likely to be so maintained for long
|
|
periods. Although computers commonly have book-length or longer
|
|
storage capacity, the typical procedure is to transfer the data to
|
|
external storage, typically in the form of a disc or tape. Given the
|
|
practice, the judicial officer must evaluate the affidavit with care to
|
|
ascertain the likelihood that the data is in the computer and has not
|
|
been transferred to a different location or erased. If electronic
|
|
communications are maintained on the computer, such as with
|
|
computers operating electronic bulletin boards, reference must be
|
|
made to the Electronic Communications Privacy Act, 18 U.S.C. 2701-
|
|
2711, and the affiants should inform the judicial officer, so that he can
|
|
establish procedures to ensure that the privacy of these
|
|
communications is protected, and that no communications are
|
|
searched unless probable cause exists as to that communication.
|
|
7 Generic listings which would permit the seizure of virtually all
|
|
computer related materials fail to meet the particularity requirement.
|
|
See, e.g., Voss v. Bergsgaard, 774 F.2d 402, 407 (10th Cir. 1985), []
|
|
(affidavit held insufficient which described the computer records and
|
|
materials to be seized as follows: "One Alpha Micro computer
|
|
processing unit, approximately four Alpha Micro computer
|
|
terminals, computer printers, and computer manuals, logs, printout
|
|
files, operating instructions, including coded and handwritten
|
|
notations, and computer storage materials, including magnetic tapes,
|
|
magnetic discs, floppy discs, programs and computer source
|
|
documents"
|
|
8A computer is certainly "property" and hence theoretically might be
|
|
subject to seizure if it is forfeitable pursuant to a specific statute
|
|
authorizing such forfeiture, e.g., the Racketeer Influenced and
|
|
Corrupt Organizations Act, 18 U.S.C. $ 1913. Because a computer is
|
|
also a communications device much as a typewriter or printing press
|
|
is, however, seizure of the computer raises First Amendment issues
|
|
not present in other types of forfeitures. For this reason, the better
|
|
procedure when dealing with an arguably forfeitable computer
|
|
system is not to seize it, which raises First Amendment and prior-
|
|
restraint problems, but to allow the government to proceed instead by
|
|
subpoena or motion, where the delicate issues can be litigated
|
|
without the prior restraint that seizure pendente lite would cause.
|
|
|
|
|
|
--
|
|
Mike Godwin, (617) 864-0665 | "You gotta put down the ducky
|
|
mnemonic@eff.org | if you wanna play the saxophone."
|
|
Electronic Frontier |
|
|
Foundation |
|
|
|
|
|
|
|
|
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+
|