Drake Law Review
2000
Articles
THE SEARCH AND
SEIZURE OF COMPUTERS: ARE WE SACRIFICING PERSONAL
PRIVACY FOR THE
ADVANCEMENT OF TECHNOLOGY?
Stephan K. Bayens
[FNa1]
Copyright © 2000 Drake University; Stephan K. Bayens
New technologies should lead us to look
more closely at just what values the Constitution seeks to preserve.--Laurence
H. Tribe, The Constitution in Cyberspace [FN1]
I. Introduction
It
is amazing how such simple statements can embody such overwhelming notions and
concepts. The Fourth Amendment states quite simply that people have the right "to be secure in their persons,
houses, papers, and effects, against unreasonable searches and seizures . . .
." [FN2] Despite its
simplicity, this statement continues to protect an ever-advancing society from
the oppressive nature of the state. The Fourth Amendment's simplicity and
flexibility has permitted the judiciary to shape and mold its prescriptions
into a timeless document. The timeless nature of the Fourth Amendment, however,
faces a serious challenge in present-day society technology. The Fourth
Amendment has, throughout its history, not only faced technological advancement
but has met technological challenges head on. The Fourth Amendment now faces
its newest technological foe-computer systems.
This Article examines the Fourth Amendment's current ability to protect
individual privacy from the rapid evolution of computer technology. Computer
technology is a worthy challenger given its unique idiosyncrasies. This Article
seeks first to address those idiosyncrasies inherent in computer technology and
then to examine the Fourth Amendment's ability to provide adequate protections in
this new computer-based world.
Part II of this Article examines the Fourth Amendment's touchstone "reasonable expectation of
privacy" standard and its current application in various computer-based
settings. Part III analyzes the Fourth Amendment's particularity requirements
with regard to computers. Finally, Part IV looks at statutory provisions
created especially to address problems unique to computer- based communications.
II. Technology
and the Fourth Amendment: Unequal Risings?
In
order for the protections of the Fourth Amendment to cloak the individual from
intrusive government searches and seizures, a judicially construed threshold
must first be crossed. The United States Supreme Court in Katz v. United States
[FN3] ruled the
constitutional protections embodied in the Fourth Amendment are only triggered
upon the showing of a reasonable expectation of privacy. [FN4] Justice Harlan,
in concurring with the majority, created a two-pronged test designed to
objectively quantify this seemingly amorphous standard. [FN5] The Court
subsequently adopted this test in examining all potential Fourth Amendment
cases. [FN6] The first prong
requires "[t]he person must have had an actual or subjective expectation
of privacy." [FN7] The second prong
demands that this subjective "expectation be one that society is prepared
to recognize as 'reasonable."'[FN8] If a court determines either of
these prerequisites are lacking, the Fourth Amendment is not triggered, and the
government may search and seize without a warrant even the most rudimentary
showing of reasonable suspicion is unnecessary. [FN9] The
"reasonable expectation of privacy" test is a flexible one because it
is dependent upon current societal expectations as to what is reasonable. [FN10] However, the
test is becoming increasingly more difficult
to apply consistently given the rapid advancements in technology. [FN11] As technology
evolves so do societal expectations of reasonableness. But is the traditional
Katz formula flexible enough to evolve along side both technology and our
societal expectations?
A. The Reasonable
Expectation of Privacy Formula and Employee Computers
In
assessing an employee's expectation of privacy in the workplace, it is important
to distinguish between government employers and private employers. The
distinction is important because in order to trigger the Fourth Amendment the
search or seizure must be by a government or state actor. [FN12] Private
employers are not bound by the constraints of the Fourth Amendment [FN13] unless their
actions were at the behest of government officials. [FN14] Given this
important distinction, an initial examination regarding areas of Fourth
Amendment jurisprudence that apply to both the government workplace and the
private workplace is necessary. Only then can the unique government workplace
settings be addressed.
1. The Government Workplace and the Private
Workplace: Common Threads
A
number of initial hurdles must be cleared in asserting a reasonable expectation
of privacy in data stored on an employee's work computer. These initial hurdles
deal with the numerous exceptions courts have carved out of the sweeping language of the Fourth Amendment.
Although there are numerous exceptions to the Fourth Amendment, the plain view
doctrine and consent are particularly relevant in the area of employee
computers.
a.
The Plain View Doctrine. The plain view doctrine allows for seizure of evidence
without a warrant if an officer is "in a lawful position to observe the
evidence, and its incriminating" nature is immediately apparent. [FN15] Justice Harlan,
in his Katz concurrence, succinctly expressed the rationale behind the plain
view doctrine stating, "objects, activities or statements that [one]
exposes to the 'plain view' of outsiders are not 'protected' because no
intention to keep them to [one]self has been exhibited." [FN16] In the computer
context, e-mail or other electronic messaging that require no password for
access and are open to all employees, as well as personal data stored on a work
computer, may be subject to the plain view doctrine. [FN17] The plain view
doctrine would likely apply in these circumstances because no reasonable
expectation of privacy could be asserted when such a high number of employees
would have accessto the messages sent.
In reality, however, this particular situation is fairly rare. The
majority of workplaces provide their employees with individual passwords in
order to ensure some semblance of privacy in e-mail transmissions. [FN18] Password-based
access restriction would take e-mail and other electronic communications out of
the purview of the plain view doctrine, as third-party access to the
transmitted material would be practically
nonexistent. [FN19]
The
other specific factual situation where the plain view doctrine may apply is
"through a process of 'timesharing' in which multiple users share
concurrently the resources of a single computer system." [FN20] Like e-mail
messaging if the use of the timeshared computer or network is not apportioned
off by the use of passwords, the computer data is likely subject to the plain
view doctrine. [FN21] This is
especially true if the data is saved to a communal hard drive networked
throughout the business or organization. [FN22] Similar to the
above discussion of e-mail, if individualized passwords are used to gain access
to specific material saved by that user, and other employees could not access
that material, the material would likely be taken out of the purview of the
plain view doctrine. [FN23] It should additionally be noted
that Fourth Amendment protections are not based solely on possessory interests
in the items searched and seized. [FN24] Thus, although users of multi-user
computer systems "do not own the hardware, they nevertheless maintain an
expectation of privacy in the information stored on the system" [FN25] as long as
appropriate privacy safeguards are in place. [FN26]
Therefore, in the majority of workplace situations the employee may
safely store data on a work computer without fear the plain view doctrine will
strip him of his constitutional rights under the Fourth Amendment. Employees should, however, inquire as to: (1) the
individual password restrictions instituted by the company or government
agency; (2) the appropriate place to save and store data to limit access; and
(3) the number of employees that have unrestricted access to all employee
computers regardless of password protections.
b.
The Consent Exception. The consent exception to the Fourth Amendment is
implicated more deeply in the workplace than in the limited factual situations
discussed above concerning plain view. [FN27] The consent of "one who
possesses common authority over premises or effects is valid as against the
absent, nonconsenting person with whom the authority is shared." [FN28] Thus, if several people own or use
a particular computer, any one of those people could possibly grant consent to
search the "common area" of the computer. [FN29]
The
greatest obstacle, however, in the consent area deals with the growing number
of explicit workplace policies stating Internet use and e-mail transmissions
may be monitored. [FN30] Accepting or continuing employment
with a company or governmental agency that has instituted such a policy may
operate as employee consent and could bar application of Fourth Amendment
protections. [FN31] Initially, this
possibility was just a theory among scholars. [FN32] A federal district court, however,
recently removed this from the theoretical plane and placed it in established
case law. [FN33]
In United States v. Simons, [FN34] defendant Mark
Simons was employed with the Foreign Bureau of Information Services (FBIS), a
division of the Central Intelligence Agency (CIA), as an electronic engineer. [FN35] The Systems
Operation Center Manager, who manages the computer network for FBIS, was
investigating the capabilities of a new system placed on the FBIS network that
logged all computer traffic going outside the network. [FN36] A component of
this program allowed the systems manager to do a keyword search of the logged
material. [FN37] The systems
manager, attempting to discover if the new program could unearth inappropriate
Internet usage, ran the keyword "sex." [FN38] A significant
number of responses were traced back to a particular workstation, later
determined to belong to the defendant. [FN39] The search results indicated that
the accessed Internet sites appeared to be pornographic in nature, and the
frequency with which these sites were accessed dispelled any possibility of
accidental activity. [FN40] Upon direction of his supervisor,
the systems manager verified the sites were pornographic, accessed defendant's
computer through the network and discovered over 1,000 downloaded graphic files
containing pornographic material. [FN41] The systems manager copied
defendant's hard drive via the network. [FN42] This copy was then handed over to
the special investigation unit of the CIA where it was discovered that a number
of the downloaded graphic files depicted child pornography. [FN43] A special agent
obtained a search warrant permitting the agent
to copy defendant's hard drive, floppy disks, documents concerning screen
names, and personal correspondence. [FN44]
Simons claimed the searches were conducted in violation of the Fourth
Amendment and therefore, all evidence should be suppressed. [FN45] In denying
defendant's motion to suppress, the court relied heavily on the FBIS's official
policy regarding computer use. [FN46] In light of this specific policy,
the court ruled defendant had no reasonable expectation of privacy regarding
his Internet usage. [FN47] "The Court [gave] significant
weight to the portion of the policy stating that audits shall be implemented to
support identification, termination and prosecution of unauthorized activity.
The Court also [gave] weight to the part [of the policy] providing that audits
would be capable of recording web sites visited." [FN48] Based on the
ruling of the Simons court many workers may now "be expected to consent to
monitoring if they decide that earning a livelihood is more important than
enjoying privacy protections in the workplace." [FN49] Although this is
a troubling conclusion, governmental employees may at least have some degree of
protection from this practice. [FN50]
2. Issues Unique to the Government Workplace
Given the Fourth Amendment's applicability to searches by government
employers, the Supreme Court created an exception to the Fourth Amendment designed to ensure the government's ability to
properly and effectively supervise, control, and run the government workplace. [FN51] If the Court had
not created such an exception, a government supervisor would have to obtain a
valid search warrant every time she searched an employee's workstation for a
missing file. [FN52] Thus, in
O'Connor v. Ortega, [FN53] the Court ruled two types of
workplace searches were exempt from the auspices of the Fourth Amendment: (1) a
non-investigatory, work-related intrusion and (2) an investigation into
work-related employee misfeasance. [FN54]
The
Court, however, did not intend to institute a carte blanche rule permitting the
warrantless search of all items in an employee's workstation. Personal items,
such as a handbag or brief case, were explicitly excluded from those items an
employer could search. [FN55] This exclusion of personal items
from workplace searches presents an interesting dilemma in regard to items that
could conceivably serve a dual purpose, like a floppy disk. [FN56] A floppy disk has the capability of
being either an integral part of the workplace or an extremely personal
container of intimate thoughts. Courts, however, will likely find it reasonable
to assume that floppy disks located at the workplace fall within the workplace
context, thus resolving the amorphous nature of a computer disk. [FN57]
In
theory at least, government employees receive greater constitutional
protections against workplace searches and seizures of their computers than their private sector counterparts. Yet, given
the workplace exception carved out in O'Connor [FN58] and the apparent
assumption that items capable of storing electronic data immediately fall in
the workplace context, [FN59] these additional protections are
limited.
B. The Reasonable
Expectation of Privacy Standard and the Internet
"The Internet is not a physical or tangible entity, but rather a
giant network which interconnects innumerable smaller groups of linked computer
networks." [FN60] The Internet is
an overwhelming mass of information that has no centralized administrator,
storage location, or control point. [FN61] "It exists
and functions as a result of the fact that hundreds of thousands of separate
operators of computers and computer networks independently decided to use
common data transfer protocols to exchange communications and information with
other computers (which in turn exchange communications and information with
still other computers)." [FN62] By the close of 1999, an estimated
200 million people will be using the Internet. [FN63] Many methods can
be used in communicating on the Internet. Those that best contemplate Fourth
Amendment protections are real time communications (chat rooms) and one-to-one
messaging (e-mail). [FN64]
1. Chat away . . . the Government Is
Listening
The use of-real time communication on the
Internet permits the computer user to engage in instantaneous dialog with
another person or an entire group of people. [FN65] These real time communications
"allow[ ] two or more [people] to type messages to each other that almost
immediately appear on the others' computer screens." [FN66] Those wishing to
discuss similar topics of interest can utilize "chat rooms," which
are electronic meeting places that allow people with a mutual interest to
electronically discuss a chosen topic. [FN67] The range of
subjects is innumerable, and new chat rooms are created daily. [FN68]
In
order to assert the protections of the Fourth Amendment in electronic dialogs,
participants would have to demonstrate a subjective expectation of privacy that
society is prepared to recognize as reasonable. The primary difficulty in
asserting the Fourth Amendment in a chat room setting is the previously
discussed plain view exception. [FN69] In a public chat room, it would be
difficult to claim a reasonable expectation of privacy as the contents of the
discussion are open for all in the chat room to read. [FN70] An Ohio federal
district court squarely addressed this issue in United States v. Charbonneau. [FN71]
In
Charbonneau, an agent with the FBI began perusing various chat rooms posing as
a pedophile. [FN72] The agent
operated primarily in private chat rooms titled "BOYS" and
"PRETEEN." [FN73] The agent did not actively engage in conversation with the other
members of the chat room; rather he passively observed and recorded the dialog
between members. [FN74] Child
pornography was often exchanged by using information gained during these
electronic communications. [FN75] The agent identified one of those
involved in the distribution of the child pornography by his screen name. [FN76] The agent then
obtained defendant's true identity through the use of a search warrant. [FN77] Defendant sought
suppression of the statements he made while in the chat room as well as the
e-mail messages he sent to other users. [FN78]
The
court, in denying defendant's motion to suppress, ruled when defendant engaged
in chat room conversations, he essentially assumed the risk that one of his
fellow users could possibly be a law enforcement official. [FN79] The court further ruled defendant could not
have a reasonable expectation of privacy because he was aware of the operating
procedures in the chat room and continued to use the chat room despite its open
nature. [FN80] Thus, there is
no recognizable expectation of privacy in publicly accessible chat rooms.
2. E-mail: Akin to Telephone Calls and First
Class Mail?
E-mailing someone is essentially the same as sending someone a written
letter, except that the written letter has been reduced to electronic form and
sent to the recipient's e-mail address. [FN81] This electronic letter can be sent to one person or a host of
different people by simply including the e-mail addresses of the additional
people. [FN82] Any particular
message can be forwarded to another person by adding the appropriate address. [FN83] "The message
then crosses the Internet, moving from node to node until it reaches its
destinations." [FN84] In attempting to apply the
reasonable expectation of privacy standard to this relatively new form of
communication, courts analogize e-mail to other forms of communication. [FN85] In United States v. Maxwell, [FN86] the United
States Court of Appeals for the Armed Forces likened e-mail to both first class
mail and telephone calls. [FN87]
In
Maxwell, FBI agents received several e-mails and graphic files discussing and
depicting child pornography from a concerned citizen, along with the screen
names of the users that sent the messages and material. [FN88] Based on this
information, the agent sought a search warrant permitting him to unearth the
true identity of the users by obtaining the master list of users and screen
names from the Internet service provider. [FN89] Upon discovering the true identity
of those involved, agents discovered the defendant was in the Air Force. [FN90] The Air Force
Office of Special Investigations sought a warrant to search the defendant's
quarters. [FN91] A number of
graphic files depicting child pornography were located on his computer. [FN92] He subsequently
sought suppression of all physical evidence recovered during the various searches. [FN93]
The
court, in addressing whether the defendant could properly litigate the issue,
ruled e-mail was similar to first class mail in that "if a sender of
first-class mail seals an envelope and addresses it to another person, the
sender can reasonably expect the contents to remain private and free from the
eyes of the police absent a search warrant founded upon probable cause." [FN94] The court additionally ruled e-mail
maintained some qualities of telephone calls as "the maker of a telephone
call has a reasonable expectation that police officials will not intercept and
listen to the conversation." [FN95] Relying on these parallels, the
court found "the transmitter of an e-mail message enjoys a reasonable
expectation that police officials will not intercept the transmission." [FN96] The court, however,
proceeded to narrowly define its ruling by stating "once the [e-mail] is
received and opened, the destiny of the letter then lies in the control of the
recipient of the letter, not the sender, absent some legal privilege." [FN97] The court further narrowed its
holding stating:
Expectations of privacy in e-mail transmissions depend in large part on
the type of e-mail involved and the intended recipient . . . . [E]-mail that is
"forwarded" from correspondent to correspondent lose[s] any semblance
of privacy. Once these transmissions are sent out to more and more subscribers,
the subsequent expectation of privacy incrementally diminishes. [FN98]
The court, in addressing the government's
claim defendant disclosed the information to the Internet service provider
thereby eliminating the protections of the Fourth Amendment, denoted that
although the service provider would always have ultimate access to messages
stored on its computers, it was in a radically different position. [FN99] To use the mail
and telephone analogy, "[t]he post office cannot indiscriminately
intercept the letters it transmits, and neither may the telephone company
routinely eavesdrop on the conversations occurring on its lines." [FN100] Thus, defendant
was permitted to litigate the issue because he had a reasonable expectation of
privacy in the e-mail messages, despite the service provider's ability to
access the contents of any particular message. [FN101]
The
Charbonneau court, relying on the narrowing factors in Maxwell, ruled not only
did defendant's chat room conversations lack Fourth Amendment protection, but
his e-mail messages sent to others in the chat room and the e-mail sent or
forwarded to the undercover agents also lacked Fourth Amendment protection. [FN102] Defendant lacked a reasonable
expectation of privacy in the e-mail sent to other members of the chat room
because his privacy interests exponentially diminished based on his forwarding
of messages from correspondent to correspondent. [FN103] Furthermore,
defendant bore the risk that one of his fellow users in the chat room could
possibly be a law enforcement official. [FN104] Thus, those items actually
forwarded or sent to the officers had no
Fourth Amendment protection. [FN105] Subject to certain restrictions,
courts are willing to recognize a reasonable expectation of privacy in e-mail. [FN106] Yet, that
recognition can be quickly dashed once the recipient accesses the e-mail or if
it is forwarded to a relatively large number of people.
C. Not Only Will
They Fix Your Computer, but They'll Fix Your Wagon As Well
The
Fourth Amendment to the Constitution provides citizens shall be free from
unreasonable searches and seizures by the government. [FN107] The Fourth
Amendment, however, "is wholly inapplicable to a search or seizure, even
an unreasonable one, effected by a private individual not acting as an agent of
the Government or with the participation or knowledge of any governmental
official." [FN108] In determining
whether a private party is acting as an agent of the government, courts apply a
two-pronged test. [FN109] First the court must examine
whether "the [g]overnment knew of or acquiesced in the intrusive conduct.
. . ." [FN110] The court must
then decide whether "the private party's purpose for conducting the search
was to assist law enforcement efforts or further his own ends." [FN111] Searches by
private parties in the computer arena normally occur when computer technicians
inadvertently stumble upon illegal material when servicing a computer. [FN112] The conversion from a private party
to an agent of the government is difficult
to ascertain and must be determined ad hoc. [FN113]
In
United States v. Hall, [FN114] the defendant took the central
processing unit of his computer to a local computer store for repairs. [FN115] A computer technician, in order to
diagnose the particular problem with the unit, accessed a number of file
directories. [FN116] In viewing these
directories, the technician observed a number of files with sexually explicit
titles. [FN117] The technician
opened these files and discovered what he believed to be child pornography. [FN118] The employee
immediately contacted local law enforcement officers who instructed him to make
copies of the material. [FN119] Agents eventually procured a search
warrant relying solely on the technician's affidavit; at no time did the agents
review the copied material. [FN120] The search of defendant's computer
and home revealed numerous graphic images of child pornography. [FN121] Defendant moved
to suppress the evidence claiming an agent of the government made the discovery
of the images. [FN122]
The
Seventh Circuit denied defendant's motion ruling the technician's search was
pursuant to the maintenance work performed and not at the behest of the
government. [FN123] The court ruled
neither of the private-actor conversion prongs were satisfied. [FN124] First, the
government agents had no knowledge of the intrusive action, and second, the
purpose of the intrusion was not to unearth evidence of a crime but to complete
the normal course of the repair shop's
business. [FN125] The government
would not concede that the subsequent copying of the files at the behest of the
agents converted the technician into a government agent. [FN126] However the
court ruled the affidavits in support of the warrant did not rely on the
unreasonable search to establish probable cause. [FN127] Thus, the copied
images were independently discovered through proper channels. [FN128]
Similarly, in United States v. Barth, [FN129] the defendant, owner of his own
accounting firm, was experiencing difficulties with his office computer and
called in a computer technician to alleviate the problem. [FN130] The technician while searching for
viruses by opening various files, discovered computer images of child
pornography. [FN131] The technician,
a confidential informant for the FBI, contacted an agent and was instructed to
copy the contents of the hard drive. [FN132] The following day local law
enforcement agents, without a warrant, reviewed the contents of defendant's
hard drive. [FN133] Based solely on
an affidavit detailing the technician's initial discovery, a state magistrate
issued a warrant to search defendant's hard drive. [FN134] A forensic
computer analyst was brought in to conduct the search. [FN135] Before the
search began, however, the analyst was briefed about the contents of the
computer and its various systemic processes. [FN136] The analyst
discovered further pornographic images and defendant sought suppression of the
images due to an unreasonable search and seizure
under the Fourth Amendment. [FN137]
The
court, in granting defendant's motion to suppress, ruled the initial discovery
by the technician constituted a search by a private party. [FN138] The court found
"no evidence that [the technician] intended to assist law enforcement
officers when he initially viewed the image." [FN139] The technician's
status, however, quickly changed. [FN140] As soon as the technician contacted
the FBI, the government knew that a reliable confidential informant was in
possession of a computer containing contraband, and thus, the government
acquiesced to all further conduct by the technician. [FN141]
Unlike the court in Hall, the court found the independent source
doctrine was not implicated. [FN142] Although the application for the
warrant contained only information gained by the technician's initial
discovery, the forensic computer analyst who conducted the search received
information from the officers as to the computer's contents and operating
system. [FN143] The court ruled
"[b]ecause [the forensic computer analyst] was aware of and used the
information obtained by the [officers] in their initial unlawful search, [[the
analyst's] search pursuant to warrant was not a 'genuinely independent source
of information and evidence."' [FN144] The court found no merit in all
other asserted exceptions and granted defendant's motion to suppress. [FN145]
As
the above cases demonstrate, private computer owners as well as business owners need to be aware of the
substantial risk in seeking computer assistance. The vast majority of computer
related problems could only be properly diagnosed and repaired by actually
accessing specific files or file directories on the computer. Thus, the
likelihood that inappropriate material will be discovered is substantial. Given
this likelihood, it is no surprise that private computer technicians are
rapidly becoming confidential informants for various law enforcement agencies. [FN146] Due to the
growing number of these "dual purpose" technicians and the public's
absolute reliance on these technicians for computer assistance, the analysis
for when a private individual is converted into a government actor may need to
be modified to protect privacy interests.
D. Third-Party
Consent and Home Computer Systems
The
in-home single system computer user, although free from the prying eyes of her
employer who owns and maintains her workplace computer system, must still be
wary of exceptions to the Fourth Amendment. One of the most common exceptions
applicable to the private computer user is third-party consent. [FN147] Government officials may search
premises or effects without a warrant or probable cause if a person with the
proper authority has voluntarily granted consent. [FN148] The Supreme
Court in United States v. Matlock [FN149] expounded upon
the traditional notion of consent by ruling officers may obtain voluntary consent "from a third
party who possessed common authority over or other sufficient relationship to
the premises or effects sought to be inspected." [FN150]
Common authority is . . . not to be implied from the mere property
interest a third party has in the property. The authority which justifies the
third- party consent does not rest upon the law of property, with its attendant
historical and legal refinements, but rests rather on mutual use of the property
by persons generally having joint access or control for most purposes . . . . [FN151]
In
examining third-party consent under a single computer system, [FN152] it is important to
note that normally "[t]here are no formal restrictions as to privacy,
although if more than one person uses the system, there may be an informal
respect for each other's private files." [FN153] A third party's
ability to consent to the search of a home computer will depend heavily upon
the steps taken to define mutually exclusive zones of privacy. [FN154] "From this,
it might be asserted that the aforementioned 'informal respect' counts for
something here, to which might be added the contention that this understanding
between family members takes on greater significance in light of the especially
private nature of information likely to be found in computer files." [FN155] A United States
district court in Illinois, however, did not find this argument convincing. [FN156]
In United States v. Smith, [FN157] the defendant's
live-in girlfriend granted officers voluntary consent to search the computer
located in their master bedroom. [FN158] Officers accessed the computer,
which was not password protected, and discovered numerous graphic files containing
child pornography. [FN159] At the suppression hearing,
defendant's girlfriend testified her youngest daughter would occasionally use
the computer, the location of the computer was open to the remainder of the
house, and defendant had previously attempted to show her how to use the
computer. [FN160] Defendant
countered by testifying that immediately prior to the search "he had
removed the passwords from the hardware but had kept the passwords in place on
the software." [FN161]
The
court, in denying defendant's motion to suppress, found defendant's girlfriend
had the requisite actual authority to consent to the search of the computer. [FN162] In addition to
the claims of the girlfriend, the court relied heavily on the fact that
officers were not hindered in their search due to protective passwords guarding
the system. [FN163] The court found
this fact belying of defendant's claim he maintained exclusive and possessory
control over the computer. [FN164] Given the court's emphasis on
password protections, however, it is highly probable that the use of protective
passwords could eliminate or at least narrow the scope of consent given by
third parties. [FN165]
III. The Fourth
Amendment's Particularity Requirements and Computers
The
Fourth Amendment to the United States Constitution demands all warrants
particularly describe the place to be searched and the items to be seized. [FN166] Throughout
history, application of the particularity requirements has been fairly straightforward
due to the obvious physical constraints of society. "But computers create
a 'virtual' world where data exists 'in effect or essence though not in actual
fact or form."' [FN167]
A. Describing the
Place to Be Searched
The
Fourth Amendment's particularity requirement with regard to the place to be
searched as well as Federal Rule of Criminal Procedure 41(a) [FN168] are ill prepared
to deal with this new virtual world. Specifically, Federal Rule of Criminal Procedure 41(a) provides that
"a search warrant . . . may be issued . . . by a federal magistrate, or a
state court of record within the federal district, for a search of property or
for a person . . . within the district . . . ." [FN169] The difficulty
lies in a networked computer system where the actual material sought might be
on a file server in a different "office, building, district, state, or
even country." [FN170] This dilemma is even more troubling
because law enforcement officials are currently only guided by way of analogy
to similar problems involving the wiretapping of
phones. [FN171] In these network
scenarios, there are essentially two variations: (1) law enforcement knows the
material is located in a place other than the one described in the warrant, and
(2) the file server, unbeknownst to the government, is located outside the
district. [FN172]
In
a situation where the government knows the location of the information is in a
different place than the warrant describes, The Federal Guidelines for
Searching Computers encourages law enforcement officials to simply seek an
additional warrant describing the other location. [FN173] This may entail
going to another federal district, despite its distance, or even coordinating
with their foreign law enforcement counterparts. [FN174] If officers
believe the information is on a file server located in some anonymous place,
The Federal Guidelines for Searching Computers instructs officers to be candid
with the issuing judge concerning their belief. [FN175] Officers should
support their candid claim by pointing to specific efforts aimed at uncovering
the true source of the data. [FN176] The officers should also attempt to
demonstrate a clear relationship between the computer they wish to search and
an additional file server located elsewhere. [FN177] If, however, the
executing agency fails to obtain the necessary safeguard of an additional
warrant or fails to be candid with the issuing judge or magistrate, its
warrantless intrusion of a file server located elsewhere may still be permitted
in limited circumstances. [FN178]
In United States v. Judd, [FN179] officers
executed a search warrant on the office suite of the defendant's business. [FN180] The warrant
precisely described by number a particular office suite but officers failed to
locate the items prescribed in the warrant. [FN181] Officers questioned the defendant,
and he indicated the items sought were located in the company's bookkeeping
suite next door. [FN182] Without a warrant, the officers
went to the bookkeeping suite and seized the specified documents. [FN183] The court ruled
that both suites were offices of the same business, officers reasonably
misunderstood the floor plan of the corporate offices, and the warrant
authorized a search of the entire corporate office. [FN184] The court,
therefore, permitted the warrantless search of the second suite. [FN185] Thus, by analogy if the file server
containing the information sought was located in the same set of corporate
offices, a court may allow the warrant to cover the search of both places. [FN186]
In
the second networked scenario, the file server is unknowingly located outside
the district where the warrant is issued. In this situation, the true virtual
nature of networked systems becomes apparent. For example, if officers were
forced to access a file server outside the district to obtain authorized data, the
officers would technically still be physically present in the issuing district.
Yet, it could also be argued the officers essentially made a virtual leap into
the other district via the computer network. This example truly exposes the limits of a physically-based rule.
In attempting to resolve this quandary, however,courts may turn to a similar
issue involving federal wiretap statutes. [FN187] Similar to the district limitation
in Federal Rule of Criminal Procedure 41(a), 18 U.S.C.
§ 2518(3) permits a judge
to enter an order "authorizing or approving interception of wire, oral, or
electronic communications within the territorial jurisdiction of the court in
which the judge is sitting . . . ." [FN188] Given this definitional similarity,
cases involving the location of wiretaps outside the issuing judge's district
may prove useful in making an inferential leap to computer networks.
With regard to the interception of communications by wiretap, the United
States Court of Appeals for the Second Circuit ruled a wiretap occurs in two
locations simultaneously. [FN189] The wiretap occurs at the place
where the tapped phone is located and at the place where the communication is
first heard by law enforcement. [FN190] The court reached this conclusion
by turning to the statute's definition of interception. [FN191] Section 2510(4)
defines interception as "the aural or other acquisition of the contents of
any . . . communication . . . ." [FN192] The court reasoned that because the
definition included "'aural' acquisition of the contents of the
communication, the interception must also be considered to occur at the place
where the redirected contents are first heard." [FN193] Thus, the court
ruled that although the wiretap was issued in the Southern District of New
York, the tapped phone was located in New
Jersey, and the officers were redirecting the tapped phone back to New York for
interception; the district court had jurisdiction to authorize the wiretap. [FN194] The court
additionally relied on policy reasons for permitting all monitoring to occur in
a single jurisdiction. [FN195] The court found a single court
could better assess the wiretapping techniques of law enforcement, thus more
adequately protecting individual privacy interests. [FN196]
The
Fifth Circuit has concurred with the Second Circuit, finding "interception includes both the
location of a tapped telephone and the original listening post, and that judges
in either jurisdiction have authority . . . to issue wiretap orders." [FN197] Similarly, the
Seventh Circuit relying on United States v. Rodriguez [FN198] and United
States v. Denman, [FN199] found permission to intercept
communications from mobile devices could be issued "regardless of where
the phone or listening post was." [FN200] The court reasoned a "narrow,
literal interpretation would serve no interest in protecting privacy, since the
government can always seek an order from the district court for the district in
which the listening post is located authorizing nationwide surveillance of
cellular phone calls." [FN201]
Turning to data searches of networks, courts could rely on the above
wiretap analogies to support the notion that these types of searches can occur
in more than one place. [FN202] Based on that rationale, two
different districts could potentially issue
the warrant-the district where the officers are located and the district where
the file server is located. Thus, a court may find the particularity
requirement of the Fourth Amendment as well as Federal Rule of Criminal Procedure 41(a) are satisfied
based solely on the officers' location when the search occurs. This would alleviate the difficulty of a
file server unknowingly located in another district. Courts could possibly
resolve the previously posited quandary by finding the officer's presence in
the issuing district, as well as accession of the particularly described
computer terminal, is sufficient to meet both the enumerated constitutional and
statutory protections.
B. Describing
with Particularity the Items to Be Seized
The
Fourth Amendment demands a search warrant define the items to be seized with
sufficient particularity [FN203] to avert "general, exploratory
rummaging in a person's belongings." [FN204] "The requirement of
particularity [historically] arises out of a hostility to the [British] Crown's
practice of issuing 'general warrants' taken to authorize the wholesale . . .
search of contraband or evidence." [FN205] Particularity of a warrant, as to
the items sought, encompasses two general problems: (1) the warrant must
provide sufficiently specific information to guide the officer's judgment in
selecting what to seize, and (2) the warrant's breadth must be sufficiently narrow to avoid seizure of purely unrelated
items. [FN206] The seizure of
computer equipment is especially vulnerable to the two prongs of the
particularity requirement. [FN207] Due to a computer's ability to
store vast amounts of information, [FN208] the potential difficulty in
accessing particular files in a computer, [FN209] and the fact that simple file
titles do not satisfactorily indicate the substance of that file, [FN210] it is often
difficult to meet the constraints of the Fourth Amendment.
1. Specificity in Guiding Officer Discretion
In
determining whether items have been sufficiently described in the warrant, the
test is one of practicality and will be guided by traditional notions of common
sense. [FN211] Thus, a
description is sufficiently specific if it "enables the searcher to
reasonably ascertain and identify the things authorized to be seized." [FN212] In certain cases
generic classifications will be permitted when more precise descriptions are not
possible given the circumstances and the nature of the activity investigated. [FN213]
In
Davis v. Gracey, [FN214] plaintiffs claimed the use of the
generic term "equipment" in the warrant was not sufficiently explicit
to cover the search of their computers and external CD-ROM drives. [FN215] The court guided
its examination of this claim by positing two questions: "[D]id the
warrant tell the officers how to separate the items subject to seizure from irrelevant items, and were the objects seized
within the category described in the warrant?" [FN216] The court
answered both questions in the affirmative. [FN217] The warrant
permitted officers to seize "'equipment . . . pertaining to the
distribution or display of pornographic material in violation of state
obscenity law . . . ."' [FN218] The court found the delineating
language of the warrant sufficiently specific to guide the officers; thus the
items were legally seized. [FN219]
In
United States v. Kow, [FN220] however, the Ninth Circuit found no
such delineating language. [FN221] In Kow, the warrant permitted the
seizure of essentially every computer-generated document relating to the
defendant's business. [FN222] The language of the warrant made
only illusory references to the suspected criminal conduct, [FN223] and "[t]he
government did not limit the scope of the seizure to a time frame within which
the suspected criminal activity took place." [FN224] Based on the
overwhelming errors, the court ruled that "[a]s drafted, the warrant
simply was not sufficiently particular." [FN225]
2. Over-Breadth
The
problem with a warrant being overly broad is that it authorizes the seizure of
material with no true nexus to the criminal activity. [FN226] This nexus,
however, can be overcome in limited factual circumstances. [FN227] "A
generalized seizure of business documents may be justified if the government
establishes probable cause to believe that the entire business is merely a
scheme to defraud or that all the business's records are likely to evidence
criminal activity." [FN228] This general exception has
hesitantly been applied to individuals as well, but courts are extremely
cautious in applying the "all records" doctrine to the home. [FN229] Courts find it
difficult to prove that a criminal activity so permeates an individual's life
that all computer records found in the home would be subject to seizure. [FN230]
"Without such unusual proof, the broad categories of items that may
be seized pursuant to an 'all records' search of a home must be sufficiently
linked to the alleged criminal activity so as to distinguish them from
innocent, personal materials." [FN231] In United States v. Lacy, [FN232] the Ninth
Circuit did not find the seizure of defendant's entire computer system to be
overly broad. [FN233] There the court
found probable cause to believe the entire computer system was likely to
evidence criminal activity and a more precise description was impossible. [FN234]
Thus, a warrant for computer searches must contain descriptive guides,
approved by a neutral magistrate, to protect citizens from sweeping searches. [FN235]
These guidesare especially important with society's growing dependence
on computers. Businesses keep a
plethora of information on their computer systems, including financial records,
customer lists, inventory, and employee
files. Individuals also use computers to track their finances, balance their
checkbook, or even document their daily lives. Thus, the potential for abuse is
great and the level of intrusion overwhelming. Additionally, computer records,
unlike hard copies, "are extremely susceptible to tampering, hiding, or
destruction, whether deliberate or inadvertent." [FN236] This provides even more reason for
the judiciary to carefully proscribe the limits of government intrusion, and as
technology continues to grow more advanced the level of intrusion grows
exponentially. A prime example is United States v. Upham. [FN237]
In
Upham, officers obtained a search warrant for the defendant's home computer. [FN238] Using a
utilities program, agents were able to undelete nearly 1,400 files containing
child pornography, [FN239] despite defendant reformatting the
hard drive of the computer. [FN240] "But until the deleted
information is actually overwritten by new information, the old information can
often be recovered by a specialized utility program, which is what the
government did in this case." [FN241] The court, in denying defendant's
motion to suppress, found the recovery of all unlawful images to be within the
plain language of the warrant no matter the method of retrieval. [FN242] The court
likened the government's actions to decoding an encrypted message or pasting
together pieces of a torn-up paper. [FN243]
The
First Circuit, in its seemingly brief analysis of the issue, has now permitted the government to resurrect
"ghost" files for use in the active prosecution of its citizens. [FN244] Upham is a truly
harrowing example of the dangers created by computers. Although indispensable
to modern society, computers have created an environment extremely susceptible
to a slippery slope of governmental abuse.
IV. Statutory
Protections and Bulletin Board Systems
Electronic bulletin board systems (BBSs) function in a manner similar to
traditional notions of bulletin boards. [FN245] They are an electronic location
were users can post and read messages. [FN246] Unlike a traditional bulletin
board, however, a BBS allows users to privately communicate through e-mail, to
engage in real time communications in "chat rooms," to upload or
download computer files, and to share information on a wide variety of topics. [FN247] A system
operator, or "sysop," manages the bulletin board, and users can
access it via normal phone lines. [FN248] BBSs can be dedicated to illegal
activity-"pirate bulletin boards"-or may be an important platform for
citizens to disseminate protected First Amendment speech. [FN249] Obviously, the
most difficult types of BBSs to address are those hybrid bulletin boards that
commingle protected First Amendment speech and illegal activities. [FN250] The commingled
bulletin board is difficult to address because BBSs are in some circumstances
afforded statutory protections that, at
least in theory, exceed the Constitution. [FN251]
A. The Privacy
Protection Act
The
Privacy Protection Act (PPA) [FN252] provides:
Notwithstanding any other law, it shall be unlawful for a government
officer or employee, in connection with the investigation or prosecution of a
criminal offense, to search for or seize any work product materials [or
documentary materials] possessed by a person reasonably believed to have a
purpose to disseminate to the public a newspaper, book, broadcast, or other
similar form of public communication . . . . [FN253]
The
purpose of the statute was to provide additional protections for those who are
not directly involved in the criminal activities for which the material is
sought and for those who are dedicated to the dissemination of constitutionally
protected materials. [FN254] This general proposition creates a
number of issues, however, that demand further review. These issues include:
(1) the reasonably believed element of the statute; (2) the exceptions and
exemptions to those exceptions; (3) what constitutes other public
communication; and (4) what happens when the BBS contains legal and illegal
material.
1. The Reasonably Believed Element
A critical element of the PPA is that
officers must have reason to believe that the property seized would be work
product materials as defined by the PPA. [FN255] In Steve Jackson Games, Inc. v.
United States Secret Service, [FN256] the Secret
Service received information that hackers had accessed Bell South's computer
system and were distributing sensitive material gained from the intrusion on
Bulletin Boards. [FN257] Eventually, investigators received
information implicating an employee of Steve Jackson Games. [FN258] Steve Jackson
Games, Inc. was a company involved in publishing "books, magazines, box
games, and related products." [FN259] Additionally, Steve Jackson Games,
Inc. operated a computer bulletin board system where information was posted
about the products, employees and game enthusiasts traded information, and
users could send and receive e-mail. [FN260] The employee implicated in the
theft was a systems operator of the Jackson Bulletin Board System and had
authority to delete information from it. [FN261] Agents then obtained a warrant
authorizing the search of computer software and hardware relating to the
computer attacks. [FN262] The agents seized two computers,
numerous floppy disks, a printer, and various other computer components. [FN263] Included in the material seized was
a book intended for immediate publication, drafts of magazine articles,
contracts between Steve Jackson Games, Inc. and the authors of these articles,
as well as all the publications that appeared on the bulletin board. [FN264]
In finding the agents violated the PPA, the
court found the original seizure of the items did not implicate the PPA because
the agents did not have "reason to believe that property seized would be
the work product materials of a person believed to have a purpose to
disseminate to the public a newspaper, book, broadcast or other similar form of
public communications." [FN265] The court found this despite the
fact agents could have discovered this information with minimal investigative
effort. [FN266] The court went
on to rule that the agents did posses the requisite knowledge once they learned
of the contents and failed to return the work product materials to Steve
Jackson Games, Inc. [FN267] Thus, it appears that officers
purposefully remaining ignorant of the particular bulletin board system they
wish to search could potentially limit the applicability of the PPA. Yet
"reasonably believed" is an elastic standard that is open to a
multitude of interpretations, and courts would likely interpret it to prevent
agents from relying on purposeful ignorance to circumnavigate the rule.
2. Exceptions and Exemptions to Exceptions
The
first exception to the PPA concerns the definition of what constitutes work
product materials and documentary materials under the PPA. [FN268] The PPA specifically excludes
"contraband or the fruits of [the] crime" as falling within these
categories. [FN269] The PPA excludes
these materials because they "are so
intimately related to the commission of a crime, and so often essential to
securing a conviction, that they should be available for law enforcement
purposes, and, therefore, must fall outside the no search rule that is applied
to work product." [FN270] Second, the protections of the PPA
are not implicated if officers have "probable cause to believe that the
person possessing such materials has committed or is committing the criminal
offense to which the materials relate." [FN271] This exception was intended to
"protect from search only those persons involved in First Amendment
activities who are themselves not implicated in the crime under investigation,
and not to shield those who participate in crime." [FN272] Offenses,
however, regarding "the receipt, possession, communication, or withholding
of such materials" are expressly covered by the PPA and do not fall into
the criminal activity exception. [FN273] This exemption from the exception
was designed to prevent the government from end-running the PPA by simply
classifying work product material as stolen goods. [FN274] The final
exception allows officers to seize otherwise protected materials if it "is
necessary to prevent the death of, or serious bodily injury to, a human
being." [FN275]
3. What Constitutes Other Public
Communication?
Whether a computer bulletin board system alone can constitute a
protected form of public communication is an
unresolved issue under the PPA. No court has addressed the application of the
PPA solely to a computer bulletin board system. [FN276] Given its
potential for mass dissemination of constitutionally protected materials,
courts in the future will likely have to make an ad hoc determination as to the
relative constitutional value of material contained on any one bulletin board
system.
For the first time, an individual user can disseminate their point of
view to a large number of geographically separated people without having the
message filtered by the editorial process of a newspaper or broadcaster. To
deprive this type of system of the protections of the PPA would distort the
plain meaning of "public communication." Protecting BBSs under the
PPA would be consistent with congressional intent, since its legislative
history provides explicitly that Congress intended that "form of public
communication" have "a broad meaning." [FN277]
As a result of this information technology
revolution, the scope of the PPA may become more expansive. [FN278]
4. Commingled Material
The
final problem created by the PPA and BBSs is where legal and illegal material
are commingled on a single BBS, making it nearly impossible to seize the
illegal material without violating the PPA. [FN279] Given a computer's ability to store vast numbers of pages,
criminals can bury their illegal material with constitutionally protected
material, thus subjecting the government to a PPA violation. [FN280] Although nocases
expressly recognize this dilemma, courts have ruled there are times when simply
no alternative exists but to seize all items and sort non-evidentiary items out
at a later time. [FN281] The judiciary or legislative branch
will ultimately have to address this situation. The appropriate remedy appears
to be that taken by those courts addressing the commingling issue. That remedy
would permit the government to seize all the information, promptly sort it, and
then return all non-evidentiary items to the owner. [FN282] Currently, the
plain language of the PPA would not permit this resolution. Rather than the
judiciary substantially altering the plain meaning of the statute, the
legislative branch should enact an amendment permitting the complete seizure of
commingled items upon neutral review by a magistrate. Finally, it should be
noted that the appropriate remedy for a PPA violation is not the exclusionary
rule but rather civil damages. [FN283] Additionally, nothing in the PPA
prevents the government from seeking forfeiture of computers or CD-ROMs
containing commingled material. [FN284]
B. The Electronic
Communications Privacy Act
The
Electronic Communications Privacy Act of 1986 (ECPA) [FN285] was created "'to update and clarify Federal
privacy protections and standards in light of dramatic changes in new computer
and telecommunications technologies."' [FN286] The ECPA consists of two parts:
Title I prohibits the interception of electronic communications by any person
without authorization, [FN287] and Title II prohibits access to
stored electronic communications and data by any person without authorization. [FN288]
1. Title I: Interception of Electronic
Communications
Title I of the ECPA prohibits the interception and disclosure of
electronic communications. [FN289] It essentially extends the Federal
Wiretap Act to include those communications transmitted in "whole or in
part by a wire, radio, electromagnetic, photoelectronic or photooptical system
that affects interstate or foreign commerce." [FN290] The most glaring
issues regarding Title I include: (1) the definition of interception; [FN291] (2) the
interstate commerce requirement; [FN292] (3) the exceptions to the blanket
rule; [FN293] and (4) the appropriate remedy for
a violation of this rule. [FN294]
a.
The Definition of Interception. Section 2510(4) defines "intercept"
as "the aural or other acquisition of the contents of any . . . electronic
. . . communication through the use of any electronic, mechanical, or other
device." [FN295] Courts have
determined that the term does not apply to
the electronic storage of e-mail or data prior to its receipt. [FN296] Thus, as presently interpreted,
interception of an electronic communication under Title I can only occur if it
is actually intercepted in route from the sender to the server storage area. [FN297] It is arguable,
however, whether this is the correct interpretation of the ECPA. [FN298] Section 2701(a) under Title II of
the ECPA-the storage of electronic communications-excludes application of the
storage protections to conduct authorized under § 2518 of Title I. [FN299] Section 2518 outlines the proper
procedures law enforcement officials must follow in intercepting electronic
communications. [FN300]
Congress included section 2518 of the Federal Wiretap Act as an
exception to illegal access of a Stored Communication. This indicates that, if
the proper warrant is obtained, the government may legally intercept an
electronic communication in electronic storage. Therefore, as the language of
section 2518 clearly states, stored electronic communications are subject to
interception under the Federal Wiretap Act. [FN301]
b.
The Interstate Commerce Requirement. Section 2510(12) requires the electronic
transmission affect interstate commerce. [FN302] The interstate commerce requirement
does not require the actual communication to pass through various states;
rather the communication need only take place on a system that affects
interstate commerce. [FN303] Thus, Internet communications fall within the definition regardless of the
sender's or recipient's location. [FN304] Additionally,
any type of network, BBS, or business computer linked over state lines fall
within the definition. [FN305] The more difficult question
concerns intrastate computer networks and their applicability under the ECPA.
The legislative history of the ECPA specifically provided private networks and
intra-company communications protection under the ECPA. [FN306] It additionally sought to grant
protection to internal communications of a company, if that company's
activities affect interstate commerce. [FN307] Thus if courts adhere to the
legislative intent of the ECPA, a fairly broad range of communications will be
protected.
c.
The Exceptions. The broad protections enumerated in the ECPA are limited by
some substantial limitations. The first exception permits system providers to
monitor communications when misuse is suspected. [FN308] The statute does
not permit "random monitoring except for mechanical or service quality
control checks." [FN309] The second exception provides that
those communications readily accessible to the public are not covered by the
ECPA. [FN310] Courts may equate
readily accessible to the plain view doctrine employed in traditional Fourth
Amendment analysis. [FN311] Finally, the ECPA exempts material
inadvertently discovered by the operator of the computer system. [FN312] "When an electronic
communications provider inadvertently obtains the contents of a transmission,
and the communication appears to relate to the commission
of an ongoing criminal activity, the provider may divulge the contents of the
transmission to law enforcement agencies." [FN313] The scope of
many of these exceptions has not been defined by the judiciary, and is open to
broad interpretation. With the growing use of electronic communications, it
will only be a matter of time before courts are forced to address the inherent
ambiguities created by these exceptions.
d.
The Appropriate Remedy. In the case of intercepted electronic communications,
the available remedies are inexplicably limited. Section 2518(10)(a) provides,
"[a]ny aggrieved person . . . may move to suppress the contents of any
wire or oral communication intercepted pursuant to this chapter." [FN314] This section
does not provide for the suppression of electronic communications. The
exclusion of electronic communications is not explained by legislative history
and seems to be somewhat of an enigma. Although suppression is not expressly
available under the statute, there may be ulterior grounds for suppression.
"First, many interceptions of electronic communications which violate the
ECPA will also violate the Fourth Amendment, subjecting them to the Fourth
Amendment's exclusionary rule." [FN315] Additionally, § 2520(b)(1) provides that appropriate
remedies include "such preliminary and other equitable or declaratory
relief as may be appropriate." [FN316] Thus, in extremely egregious
situations this catch-all provision could support a motion to suppress.
2. Title II: Storage of Electronic
Communications
Title II of the ECPA prohibits the unauthorized intentional access of
"a facility through which an electronic communication service is provided
. . . and thereby obtains, alters, or prevents authorized access to a wire or
electronic communication while it is in electronic storage." [FN317] The ECPA
additionally proscribes that "a person or entity providing an electronic
communication service [or remote computing service] to the public shall not
knowingly divulge to any person or entity the contents of a communication while
in electronic storage by that service." [FN318] These two provisions, like their
Title I counterpart, contain various intricacies that demand analysis. They
include: (1) procedural steps for law enforcement access; [FN319] (2) exceptions
to the provisions; [FN320] (3) the definition of a public
communication service; [FN321] and (4) the key difference between
Title II and Title I. [FN322]
a.
Procedural Steps for Law Enforcement Access. The procedural constraints on
governmental invasions are perhaps the most important aspects of the ECPA. The
government's ability to access stored electronic communications depends upon
how long the particular communication has been electronically stored. [FN323] If the government attempts to
compel a provider to disclose electronic communications that have been stored
less than 180 days, they must obtain a
warrant issued by a neutral and detached magistrate. [FN324] If the
electronic communication has been stored more than 180 days, the government has
two alternatives. [FN325] The first alternative permits the
government to proceed without notice to the provider or customer if a warrant
was obtained under the Federal Rules of Criminal Procedure. [FN326] The second
permits access of the material by the government with notice to the provider or
customer by obtaining an administrative subpoena, grand jury subpoena, or trial
subpoena. [FN327] One necessary
clarification involves the definition of "electronic storage," which
is "any temporary, intermediate storage of . . . [[an] electronic
communication incidental to the electronic transmission thereof." [FN328] Thus, § 2703 only protects an electronic
communication while it is intermediately stored on the server. "Once a
message is opened, however, its storage is no longer 'temporary' nor
'incidental to . . . transmission' and it thus takes on the legal character of
all other stored data." [FN329]
b.
Exceptions to the Provisions. The only exception to the prohibition of
intentional unauthorized access under §
2701(a) is that a system operator may routinely monitor and maintain the
system. [FN330] Additionally,
"if system operators inadvertently discover incriminating information that
affect the users of the system, the system operator may take appropriate
disciplinary action." [FN331] The system operator cannot further
divulge that information unless an exception
applies under § 2702(b). [FN332]
The
exceptions under § 2702(a) prohibition
of divulging information by a service provider are limited. The provider may
divulge the electronic communication "to an addressee or intended
recipient of such information" or "with the lawful consent of the
originator or an addressee or intended recipient of such communication." [FN333] Additionally,
the provider may divulge electronic communication to law enforcement if it was
"inadvertently obtained" and its subject matter appears "to
pertain to the commission of a crime." [FN334] The legislative history indicates
that such evidentiary electronic communication must relate to an ongoing crime.
[FN335] Thus, evidence
pertaining to a past crime should not be disclosed under the ECPA.
c.
The Definition of a Public Communication Service. Section 2702(a)(1) prohibits
an electronic communication service to the public from divulging
communications. [FN336] The statute does
not expound on the definition of public. The term "public" generally
"means available to all who seek the service, even if there is some
requirement, such as a fee." [FN337] The term may be limited in the
business context. A business network that limits access to employees would not
seem to fall under this definition. [FN338] "If that business network is
connected to the Internet (an extensive world-wide network), it may be part of
a 'public' system, but this does not necessarily mean that the corporate LAN
(local-area network) becomes a 'public' service." [FN339]
d.
The Key Difference Between Title II and Title I. The requirements for
interception under Title I are far more stringent than the required threshold
to gain access to stored electronic communications under Title II. [FN340] Section 2518(1) demands that to
permit interception, law enforcement officials must detail before the court six
comprehensive elements that exceed the requirements for a traditional search
warrant. [FN341] Section 2703 of
Title II only requires a warrant if the electronic information is stored less
than 180 days, and a simple administrative subpoena if more than 180 days. [FN342] Although the
level of protection varies greatly between Title II and Title I, the practical
results are nominal. Whether officers simultaneously intercept the material or
simply wait a split second until the communication is stored is of little
consequence to officers. Thus, the protections under Title I are essentially
non-existent in practice. Intelligent government officials will simply wait the
split second for the information to be stored given the markedly lower
threshold in stored communication. Thus in reality, Title I is a hollow statute
providing very little additional protections in the electronic communications
field.
V. Conclusion
The
Fourth Amendment is one of the few remaining bastions of freedom. Although detractors argue the Fourth Amendment
has become riddled with judicially-created exceptions, it continues as one of
the last standing protections against the tyranny of an oppressive government.
Yet, in many respects it appears as though the Fourth Amendment has finally met
its match in technology.
Computer technology becomes obsolete in a matter of months. The law
cannot be expected to formulate appropriate responses to these advancements
with similar alacrity. The technological issues facing the Fourth Amendment are
not easily answered. It requires the judiciary to constantly redefine
protections created over 200 years ago in response to tyrannical English rule.
Traditional notions of privacy and possessory interests have become
increasingly difficult to apply with the amorphous world of networks and the
Internet.
The
impossibility of asserting reasonable privacy interests is a product of
society's dependence on electronic forms of communication. It has now reached a
point where even deleting material or encrypting data may not be sufficient to
protect the individual. Even relatively novice computer users understand that
employers, Internet service providers, and hackers can easily monitor
electronic transmissions. However, this recognition should not operate as a bar
to Fourth Amendment protections. Electronic communication in its various forms
is a practical necessity despite its inherent dangers. Thus, the judiciary or
the legislature must acknowledge this dilemma and formulate appropriate responses. The Privacy Protection Act and the
Electronic Communications Privacy Act are examples of such legislative
responses, yet the actual protections created by these statutes are specious at
best.
Advancing computer technology has created enormous opportunities, has
immeasurably increased our productivity, and is currently indispensable, but
with these benefits come natural consequences. The primary consequenceis a
sacrifice of privacy rights. The
growing capabilities of computers, the Fourth Amendment's inability to rapidly
evolve, and the reduction of human existence to digital and electronic forms
permit the government to intimately display the contents of one's life by
simply accessing a computer hard drive or e-mail account. The potential for
governmental abuse and deeply intrusive conduct is the price society pays for
technological advancement. Yet one
thing remains certain, technology will continue to advance like a whirlwind,
and the coveted constitutional protections embodied in the Fourth Amendment
will continue to ineptly protect citizens in the face of this storm.
[FNa1]. B.A., Central College, 1996; J.D.,
Drake University, 1999. The author is presently an attorney clerk for the
Honorable Michael Streit of the Iowa Court of Appeals. The views expressed in
this Article are solely those of the author and should not be attributed to the
Iowa state judiciary or any of its members.
[FN1]. Laurence H. Tribe, The
Constitution in Cyberspace: Law and Liberty Beyond the Electronic Frontier, The
Humanist, Sept.-Oct. 1991, at 15, 16.
[FN3]. Katz v. United States, 389 U.S. 347 (1967).
[FN4]. See id. at 350-52, 360.
[FN5]. Id. at 361 (Harlan, J., concurring).
[FN6]. See, e.g., Smith v. Maryland, 442 U.S. 735, 740-41 (1979) (ruling pen registers
installed by telephone companies do not constitute a search).
[FN7]. United States v. Simons, 29 F. Supp. 2d 324, 326
(E.D. Va. 1998) (citing Katz v. United States, 389 U.S. at 361 (Harlan, J.,
concurring)).
[FN8]. Katz v. United States, 389 U.S. at 361 (Harlan, J.,
concurring).
[FN9]. See generally id. (expressing
"objects, activities, or statements" exposed
to outsiders are not protected from search and seizure because there is no
intent to keep them private).
[FN10]. See id.
[FN11]. 1 Wayne R. LaFave, Search and
Seizure § 2.6, at 70 (3d ed. Supp.
1999).
[FN12]. Computer Search & Seizure
Working Group, U.S. Dep't of Justice, Federal Guidelines for Searching and
Seizing Computers 17 (1994) [hereinafter Computer Guidelines].
[FN13]. Id.
[FN14]. See generally United States v. Hall, 142 F.3d 988, 993 (7th Cir.
1998) (explaining the court must decide if a private individual was acting as
an "instrument or agent of the state").
[FN15]. See Computer Guidelines, supra
note 12, at 8. See generally Horton v. California, 496 U.S. 128, 133 (1990) (stating if
evidence is in plain view, then observing it or seizing it would not infringe
on the right of privacy).
[FN16]. Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring).
[FN17]. See Bohach v. City of Reno, 932 F. Supp. 1232, 1234-35
(D. Nev. 1996); see also Scott A. Sundstrom, Note, You've Got Mail!
(and the Government Knows It): Applying the Fourth Amendment to Workplace
E-mail Monitoring, 73 N.Y.U. L. Rev. 2064, 2085 (1998) (citing Bohach v. City of Reno, 932 F. Supp. at 1234-35 in support of a
similar proposition involving privacy and paging systems).
[FN18]. See Sundstrom, supra note 17, at
2085.
[FN19]. Id. at 2086.
[FN20]. 1 LaFave, supra note 11, § 2.6, at 71. Examples of timesharing include:
"[T]he commercial sale of computer time, provision of computer resources
to faculty and students by a university, and provision of such resources to
employees by a business organization." 1 Id.
[FN21]. See 1 id.; see
also Sundstrom, supra note 17, at 2085-86 (stating e- mail messages that have
no password are in plain view and open to all employees).
[FN22]. Cf. 1 LaFave, supra note 11,
§ 2.6, at 71 (discussing how computer
users are not usually restricted to their own files, but may have access to any
records stored on the computer they are using. Users are either not restricted
by the system set-up or they are able to circumvent file protections). For
example, the Drake University Law Review has six computers that are linked to
the university network. All law review material is saved to a networked hard
drive that is specifically set-up for law review use. All members of the law
review can access this networked hard drive and save personal or law review
related material to this drive. Even though a password is required to initially
access the particular computer station, the material saved to that networked
drive is essentially shared by all law review staff. Thus, an unscrupulous law
review member that was saving child pornography to this networked drive would
have no reasonable expectation of privacy in those images given the large
number of people that have access to that drive. See generally Randolph S. Sergent, Note, A Fourth Amendment Model
for Computer Networks and Data Privacy, 81 Va. L. Rev. 1181, 1197-200 (1995) (discussing
under the risk-analysis approach, a person would not have a reasonable
expectation of privacy if that data would be
knowingly exposed to others or there was no way to exclude others from viewing
the material).
[FN23]. See Sergent, supra note 22, at
1197-200. The computer system at the Drake Law Review is also illustrative of
this proposition. When initially accessing a particular computer station in the
law review office, a password is required. Once that password has been properly
entered, that particular computer immediately installs previously saved
preferences unique to that user. One such preference is a computer file folder,
which is created specifically for that user to place saved material. Entering
that user's assigned password can only access this computer file folder. In
this situation, that same unscrupulous law review member could likely assert a
reasonable expectation of privacy in the pornographic images because other
members could not access the material.
[FN24]. Rakas v. Illinois, 439 U.S. 128, 149 & n.17
(1978).
[FN25]. Raphael Winick, Searches and
Seizures of Computers and Computer Data, 8 Harv. J.L. & Tech. 75, 83 (1994); see also 1
LaFave, supra note 11, § 2.6(f)
(stating users of multi-user systems still maintain an expectation of privacy
despite the fact that those who operate the system may need to access that user's information in order to
appropriately bill the user and to make occasional back-ups of the information
to protect against accidental data loss).
[FN26]. See Winick, supra note 25, at 83
(recognizing the ability to exclude others from saved data is an integral part
of establishing a reasonable expectation of privacy).
[FN27]. The notion of consent in this
particular section will be strictly limited to its application in the
workplace. The effect of consent on private in-home users will be discussed
infra Part III.A.
[FN28]. United States v. Matlock, 415 U.S. 164, 170 (1974). The Court
further noted "common authority" is not defined by traditional
notions of property law, but: rests rather on mutual use of the property by
persons generally having joint access or control for most purposes, so that it
is reasonable to recognize that any of the co-inhabitants has the right to
permit the inspection in his own right and that the others have assumed the
risk that one of their numbers might permit the common area to be searched. Id. at 171 n.7.
[FN29]. See Computer
Guidelines, supra note 12, at 13. The breadth of the "common area" as to a computer may be difficult to
ascertain. "[C]ourts may honor claims to privacy where the defendant has
taken some special steps to protect his personal effects from scrutiny of
others, and others lack ready access." Id. at 14. Thus, the common area of
a computer will likely depend on the degree of individualized password
protection on that particular computer. Id. at 15. If each user has complete
access to all files on a workplace computer, then the common area of the
computer would likely encompass the entire computer. See id. However, if each
individual employee could only access her data through the use of an
individualized password, then the common area may be limited to only those
items on the desktop. Id. The use of an individualized password would seem to
satisfy the special steps courts have recognized in limiting the scope of the
consent. The scope of consent is also
limited to the type of evidence involved in the suspected offense. United States v. Turner, 169 F.3d 84, 87 (1st Cir.
1999). In United States v. Turner, the court ruled that officers exceeded the
scope of the defendant's consent by searching the hard drive of his personal
computer when they were only investigating an assault. Id. at 88. The court
stated: "We think that an objectively reasonable person assessing in
context the exchange between [the defendant] and these detectives would have
understood that the police intended to search only in places where an intruder
hastily might have disposed of any physical
evidence of the . . . assault . . . ." Id. The court continued by finding
the officers were limited to searching those plausible areas where physical
evidence of an assault could be located, and that a computer hard drive clearly
was not one of those areas. Id.; see also United States v. Carey, 172 F.3d 1268, 1272-73
(10th Cir. 1999) (discussing the bounds of consent in the computer
area).
[FN30]. See Sundstrom, supra note 17, at
2090.
[FN31]. Id.
[FN32]. Id.
[FN33]. See United States v. Simons, 29 F. Supp. 2d 324, 327
(E.D. Va. 1998).
[FN34]. United States v. Simons, 29 F. Supp. 2d 324 (E.D.
Va. 1998).
[FN36]. Id.
[FN37]. Id. at 326.
[FN38]. Id.
[FN39]. Id.
[FN40]. Id.
[FN41]. Id.
[FN42]. Id.
[FN43]. Id.
[FN44]. Id.
[FN45]. Id.
[FN46]. Id. at 327. The applicable section
of the FBIS policy is as follows: Audits. Electronic auditing shall be
implemented within all FBIS unclassified
networks that connect to the Internet or other publicly accessible networks to
support identification, termination, and prosecution of unauthorized activity.
These electronic audit mechanisms shall . . . be capable of recording:
-- Access to the system, including successful and failed login attempts,
and logouts;
-- Inbound and Outbound file transfers;
-- Sent and received e-mail messages;
-- Web sites visited, including uniform resource locator (URL) of pages
retrieved;
-- Date, Time, and user associated with each event.
Id.
[FN47]. Id.
[FN48]. Id.
[FN49]. See Sundstrom, supra note 17, at
2091.
[FN50]. See Perry v. Sindermann, 408 U.S. 593, 597 (1972). Courts could
possibly view the waiver of constitutional rights as an unconstitutional condition of government employment. See
Sundstrom, supra note 17, at 2091. [E]
ven though a person has no 'right' to a valuable governmental benefit and even
though the government may deny him the benefit for any number of reasons, there
are some reasons upon which the government may not rely. It may not deny a
benefit to a person on a basis that infringes his constitutionally protected
interests . . . . Perry v. Sindermann, 408 U.S. at 597.
[FN51]. O'Connor v. Ortega, 480 U.S. 709, 720-21 (1987).
[FN52]. See Computer Guidelines, supra
note 12, at 17.
[FN53]. O'Connor v. Ortega, 480 U.S. 709 (1987).
[FN56]. See Computer Guidelines, supra note
12, at 18.
[FN57]. See Williams v. Philadelphia Hous. Auth., 826 F. Supp.
952, 954 (E.D. Pa. 1993) (permitting the
warrantless workplace search of a computer disk containing
both personal and work-related items); see also Computer Guidelines, supra note
12, at 18 (stating employers may reasonably assume that floppy disks found at
an office are part of the workplace, in most cases).
[FN58]. See O'Connor v. Ortega, 480 U.S. at 702-21.
[FN59]. See Williams v. Philadelphia Hous. Auth., 826 F. Supp.
at 954.
[FN60]. ACLU v. Reno, 929 F. Supp. 824, 830 (E.D. Pa. 1996).
[FN62]. Id.
[FN63]. Id. at 831.
[FN64]. See id. at 834. Other forms of
Internet communication include one-to-many messaging (list services),
newsgroups, real-time remote computer utilization, and remote information
retrieval. Id. For a cursory discussion on these varying forms of communication
see id. at 834-36.
[FN65]. Id. at 835.
[FN66]. Id.
[FN67]. See id.
[FN68]. See id.
[FN69]. See supra notes 15-26 and
accompanying text.
[FN70]. See United States v. Maxwell, 45 M.J. 406, 419
(C.A.A.F. 1996) (stating in
dicta "[m]essages sent to the public at large in the 'chat room' . . .
lose any semblance of privacy"); see also Note, Keeping Secrets in Cyberspace: Establishing
Fourth Amendment Protection for Internet Communication, 110 Harv. L. Rev. 1591,
1603 (1997) ("Because police have the right to 'go' on the
Internet anywhere that members of the public may go, an open listserv,
newsgroup, chat room, telnet-able file, or Web page with no restrictions on its
use is in plain view and cannot be considered private for Fourth Amendment
purposes.") [hereinafter Keeping Secrets]; Brian I. Simon, Note &
Comment, The Tangled Web We Weave: The Internet and Standing Under the Fourth
Amendment, 21 Nova L. Rev. 941, 959-60 (1997)
(presenting a chat room hypothetical and the
difficulty in asserting Fourth Amendment standing in such a situation).
[FN71]. United States v. Charbonneau, 979 F. Supp. 1177
(S.D. Ohio 1997).
[FN73]. Id.
[FN74]. Id.
[FN75]. Id. The child pornography was
distributed by using a "list." Id. The court explained: A user
generally would create the list by identifying all users in a private room; the
user then would enter screen names of the identified users onto an
"e-mail" message and create a list of recipients. The sender of the
pornographic pictures would next send an e-mail to the recipients identified on
the list. The e-mail often would contain a brief message and an attached
graphic file containing child pornography. Id.
[FN76]. Id.
[FN77]. Id.
[FN78]. Id. at 1183.
[FN79]. Id. at 1185.
[FN80]. Id.
[FN81]. ACLU v. Reno, 929 F. Supp. 824, 834 (E.D. Pa. 1996).
[FN82]. Keeping Secrets, supra note 70, at
1592.
[FN83]. Id.
[FN84]. Id.
[FN85]. See United States v. Maxwell, 45 M.J. 406, 417-18
(C.A.A.F. 1996).
[FN86]. United States v. Maxwell, 45 M.J. 406 (C.A.A.F.
1996).
[FN91]. Id.
[FN92]. Id.
[FN93]. Id. at 415.
[FN94]. Id. at 417.
[FN95]. Id. at 418.
[FN96]. Id.
[FN97]. Id. at 417; see Francis A.
Gilligan & Edward J. Imwinkelreid, Cyberspace:
The Newest Challenge for Traditional Legal Doctrine, 24 Rutgers Computer & Tech. L.J. 305, 320 (1998).
[FN98]. United States v. Maxwell, 45 M.J. at 418-19.
[FN99]. See Gilligan & Imwinkelreid,
supra note 97, at 320; 1 LaFave, supra note 11, § 8.6(f).
[FN100]. Gilligan & Imwinkelreid, supra
note 97, at 320.
[FN101]. See id. at 319-20 (noting the
similarities between e-mail messages and telephone conversations or first class
mail regarding expectations of privacy).
[FN102]. United States v. Charbonneau, 979 F. Supp. 1177,
1185 (S.D. Ohio 1997); see supra notes 71-80 and accompanying
text for the underlying facts in Charbonneau.
[FN103]. United States v. Charbonneau, 979 F. Supp. at 1185.
[FN104]. Id.
[FN105]. Id.; see Hoffa v. United States, 385 U.S. 293, 302 (1966) (finding no
Fourth Amendment rights exist where "a wrongdoer's misplaced belief that a
person to whom he voluntarily confides his wrongdoing will not reveal
it").
[FN106]. See United States v. Maxwell, 45 M.J. 406, 418
(C.A.A.F. 1996). Although courts may be willing to recognize a
reasonable expectation of privacy in the contents of e-mail, the same cannot be
said for the biographical and financial information provided to initiate
Internet service. In United States v. Hambrick, a federal district court ruled
an Internet Service Provider could reveal biographical and financial
information to the government without violating the Fourth Amendment. United States v. Hambrick, 55 F. Supp. 2d 504, 507
(W.D. Va. 1999). The court found the registered name on the account and
the credit card used to secure the account could be disclosed because defendant
voluntarily gave that information to the Service Provider. Id. The court found
defendant has assumed the risk that this private institution may disclose his
personal information to law enforcement officials. Id.
[FN107]. U.S. Const. amend. IV.
[FN108]. United States v. Jacobsen, 466 U.S. 109, 113 (1984) (citation and
internal quotations omitted).
[FN109]. See United States v. Hall, 142 F.3d 988, 993 (7th Cir.
1998).
[FN110]. Id. (citing United States v. McAllister, 18 F.3d 1412, 1417
(7th Cir. 1994)); see United States v. Barth, 26 F. Supp. 2d 929, 935
(W.D. Tex. 1998) (citing United States v. Paige, 136 F.3d 1012, 1017 (5th
Cir. 1998)).
[FN111]. United States v. Hall, 142 F.3d at 993.
[FN112]. See id. at 990-91 (relaying Hall's
illegal conduct was discovered by a technician who was servicing his computer).
[FN113]. Id. at 993-94 (discussing the
conversion of a private party to an agent of the government).
[FN114]. United States v. Hall, 142 F.3d 988 (7th Cir. 1998).
[FN117]. Id.
[FN118]. Id.
[FN119]. Id.
[FN120]. Id.
[FN121]. Id. at 992.
[FN122]. Id.
[FN123]. Id. at 993.
[FN124]. Id.
[FN125]. Id.
[FN126]. Id. at 994.
[FN127]. Id.
[FN128]. Id. "The independent source
doctrine allows admission of evidence that has been discovered by means wholly
independent of any constitutional violation." Nix v. Williams, 467 U.S. 431, 443 (1984).
[FN129]. United States v. Barth, 26 F. Supp. 2d 929 (W.D.
Tex. 1998).
[FN131]. Id.
[FN132]. Id. at 933.
[FN133]. Id.
[FN134]. Id.
[FN135]. Id.
[FN136]. Id.
[FN137]. Id. at 934-35.
[FN138]. Id. at 935.
[FN139]. Id. at 936.
[FN140]. See id.
[FN141]. Id.
[FN142]. Id. at 939.
[FN143]. Id.
[FN144]. Id. (quoting Murray v. United States, 487 U.S. 533, 542 (1988)). The court also
found the inevitable discovery doctrine and the good faith doctrine inappropriate
exceptions given this particular set of facts. Id. at 939, 942.
[FN145]. Id. at 942.
[FN146]. See id. at 932. The technician was
not only privately employed but also served as a confidential informant for the
FBI. Id.
[FN147]. See supra notes 27-50 and
accompanying text for a discussion on consent issues in the workplace.
[FN148]. Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973); see Computer
Guidelines, supra note 12, at 11.
[FN149]. United States v. Matlock, 415 U.S. 164 (1974).
[FN151]. Id. at 171 n.7 (citations
omitted).
[FN152]. A single system is a single
computer with one user, or possibly a small number of users. Sergent, supra
note 22, at 1183. An example of this type of system is a family who is living
together and sharing one computer. 1 LaFave, supra note 11, § 8.6(f).
[FN153]. Sergent, supra note 22, at 1183.
[FN154]. 1 LaFave, supra note 11, § 8.6(f).
[FN155]. Id.
[FN156]. See United States v. Smith, 27 F. Supp. 2d 1111, 1116
(C.D. Ill. 1998).
[FN157]. United States v. Smith, 27 F. Supp. 2d 1111 (C.D.
Ill. 1998).
[FN160]. Id.
[FN161]. Id.
[FN162]. Id. at 1115-16.
[FN163]. Id. at 1116.
[FN164]. Id.
[FN165]. See Computer Guidelines, supra
note 12, at 15. "[C]reating a separate personal directory on a computer
may not sufficiently mark it as exclusive, but protecting that separate
directory with a secret password may 'lock the container.' In that event, if
law enforcement analysts search the directory by breaking the password . . . a
court would probably suppress the result." Id.
[FN166]. U.S. Const. amend. IV. A government
search may still violate the Fourth Amendment despite the warrant's validity.
See United States v. Carey, No. 98-3077, 1999 WL
215669, at *6 (10th Cir. Apr. 14, 1999). Officers can
always exceed the bounds of a properly issued warrant, thus offending the
Fourth Amendment. See id. In United States v. Carey, officers, searching for
drug notations, obtained a warrant to search the defendant's computer. Id. at
*1-2. The officer conducting the search, however, did not limit his search to
text files; rather he abandoned the warrant's articulated scope and began
searching graphic files. Id. That search revealed child pornography. Id. The court ruled although the warrant was
sufficiently particular in all respects, the officer's actions exceeded the
bounds of the warrant and violated the Fourth Amendment. Id. at *6.
[FN167]. Computer Guidelines, supra note
12, at 89 (quoting The American Heritage Dictionary (2d ed. 1983)).
[FN168]. Fed. R. Crim. P. 41(a).
[FN169]. Id. (emphasis added).
[FN170]. Computer Guidelines, supra note
12, at 90. The Guidelines explained: For example, an informant indicates that
the business where he works has a duplicate set of books used to defraud the Internal
Revenue Service. He has seen these books on his computer terminal in his
Manhattan office. Based upon this information, agents obtain a warrant in the
Southern District of New York authorizing a search for, and seizure of, these
records. With the informant's help, agents access his computer workstation,
bring up the incriminating documents . . . . Unfortunately, unbeknownst to the
agents, prosecutor, or informant, the file server that held those documents was
physically located in another office, building, district, state, or country. Id.
[FN171]. See generally id. (relying on
wiretap cases to guide United States Attorney's in these decisions); David
Movius, U.S. Dep't of Justice, Supplement to Federal Guidelines for Searching
and Seizing Computers 29-30 (1997) (relying on the same).
[FN172]. Computer Guidelines, supra note
12, at 90.
[FN173]. Id. at 91.
[FN174]. Id.
[FN175]. Id. at 93.
[FN176]. Id.
[FN177]. Id. at 93-94.
[FN178]. Id. at 93.
[FN179]. United States v. Judd, 687 F. Supp. 1052 (N.D.
Miss. 1988).
[FN181]. Id.
[FN182]. Id.
[FN183]. Id. at 1054-55.
[FN184]. Id. at 1058-59.
[FN185]. Id.
[FN186]. See Computer Guidelines, supra
note 12, at 91.
[FN187]. See 18 U.S.C. § §
2510-2522 (1994).
[FN188]. Id. § 2518(3) (emphasis added); see Fed. R. Crim. P. 41(a).
[FN189]. United States v. Rodriguez, 968 F.2d 130, 136 (2d
Cir. 1992).
[FN190]. Id.
[FN191]. Id.
[FN193]. United States v. Rodriguez, 968 F.2d at 136.
[FN194]. See id.
[FN195]. Id.
[FN196]. Id.
[FN197]. United States v. Denman, 100 F.3d 399, 403 (5th
Cir. 1996).
[FN198]. United States v. Rodriguez, 968 F.2d 130 (2d Cir.
1992).
[FN199]. United States v. Denman, 100 F.3d 399 (5th Cir.
1996).
[FN200]. United States v. Ramirez, 112 F.3d 849, 853 (7th
Cir. 1997).
[FN201]. Id.
[FN202]. See generally id. (discussing
surveillance of cellular phone calls).
[FN203]. U.S. Const. amend. IV.
[FN204]. Coolidge v. New Hampshire, 403 U.S. 443, 467 (1971).
[FN205]. United States v. Upham, 168 F.3d 532, 535 (1st Cir.
1999) (citing Coolidge v. New Hampshire, 403 U.S. at 467).
[FN206]. Id.
[FN207]. United States v. Hunter, 13 F. Supp. 2d 574, 583
(D. Vt. 1998).
[FN208]. "The typical home computer
with a seemingly modest ten megabytes of storage capacity has the equivalent
capacity of approximately 100,000 typewritten pages." Gilligan &
Imwinkelreid, supra note 97, at 306 (citing Winick,
supra note 25, at 75, 81).
[FN209]. United States v. Hunter, 13 F. Supp. 2d at 583.
[FN211]. Davis v. Gracey, 111 F.3d 1472, 1478 (10th Cir.
1997); see also United States v. Hunter, 13 F. Supp. 2d at 583-85 (finding a
warrant authorizing the seizure of documents "practically" included
documents on a computer or disk given society's current dependence on
computers).
[FN212]. United States v. Wolfenbarger, 696 F.2d 750, 752
(10th Cir. 1982) (citations omitted).
[FN213]. See Davis v. Gracey, 111 F.3d at 1478; United States v. Kow, 58 F.3d 423, 427 (9th Cir.
1995).
[FN214]. Davis v. Gracey, 111 F.3d 1472 (10th Cir. 1997).
[FN218]. Id. (quoting the language of the
warrant).
[FN219]. Id.
[FN220]. United States v. Kow, 58 F.3d 423 (9th Cir. 1995).
[FN222]. Id.
[FN223]. Id. "Except for vague
references to 'fraudulent' transactions and possible disparities between actual
and reported income, the warrant failed to give any indication of the alleged
crime . . . ." Id.
[FN224]. Id.
[FN225]. Id.
[FN226]. See United States v. Lamb, 945 F. Supp. 441, 457-58
(N.D.N.Y. 1996) (finding e-mail messages discussing the transport of
child pornography to have a sufficient nexus to the crime and thus subject to
seizure).
[FN227]. See United States v. Kow, 58 F.3d at 427. In Kow, the
court found there was no indication that the entire business was wrought with
illegalities, thus a warrant permitting the wholesale seizure of all corporate
documents was over broad. Id. at 427-28.
[FN228]. Id. at 427. It should be noted
that "documents" naturally include those located on a computer or
hard drive. See United States v. Hunter, 13 F. Supp. 2d 574, 581
(D. Vt. 1998). Thus, probable cause for documents thereby implicates
a search of the computer and all related disks. Id.
[FN229]. See United States v. Falon, 959 F.2d 1143, 1148 (1st
Cir. 1992).
[FN230]. See id.
[FN231]. Id.
[FN232]. United States v. Lacy, 119 F.3d 742 (9th Cir. 1997), cert. denied, 118 S. Ct. 1571 (1998).
[FN234]. Id.
[FN235]. See United States v. Lamb, 945 F. Supp. 441, 457-58
(N.D.N.Y. 1996); see also United States v. Kow, 58 F.3d 423, 426-30 (9th Cir.
1995) (holding a warrant that did not describe items to be seized with
particularity cannot stand).
[FN236]. United States v. Hunter, 13 F. Supp. 2d 574, 583
(D. Vt. 1998).
[FN237]. United States v. Upham, 168 F.3d 532 (1st Cir.
1999).
[FN239]. Id.
[FN240]. Id. at 537.
Reformatting is "a process that erases some of the indexing code that
allows undeleting to be done quickly." Id.
[FN241]. Id.
[FN242]. Id.
[FN243]. Id.
[FN244]. See id.
[FN245]. See Computer Guidelines, supra
note 12, at 70.
[FN246]. Id.
[FN247]. Id.
[FN248]. Id.
[FN249]. Id. Examples of BBSs dedicated
primarily to illegal activities include: (1) distributing copyrighted software;
(2) distributing fraudulently obtained
credit card numbers or telephone access codes; and (3) distributing child pornography
or adult obscenity. Id.
[FN250]. See id.
[FN251]. Id. at 70-71.
[FN252]. 42 U.S.C. § §
2000aa-2000aa-12 (1994).
[FN253]. Id. § 2000aa(a).
[FN254]. S. Rep. No. 96-874, at 4 (1980),
reprinted in 1980 U.S.C.C.A.N. 3950, 3950-51.
[FN255]. 42 U.S.C. §
2000aa(a).
[FN256]. Steve Jackson Games, Inc. v. United States Secret
Serv., 816 F. Supp. 432 (W.D. Tex. 1994), aff'd, 36 F.3d 457 (5th Cir. 1994).
[FN258]. Id.
[FN259]. Id. at 434.
[FN260]. Id. at 434-35.
[FN261]. Id. at 435.
[FN262]. Id. at 436-37.
[FN263]. Id. at 439.
[FN264]. Id. at 439-40.
[FN265]. Id. at 440.
[FN266]. Id.
[FN267]. Id. at 440-41.
[FN268]. 42 U.S.C. §
2000aa-7(a)-(b) (1994).
[FN269]. Id. §
2000aa-7(a), (b)(1). Work product materials include: (1) those
items prepared, produced, authored, or created in anticipation of public
dissemination; (2) which are possessed expressly for that purpose; and (3)
contain mental impressions, conclusions, opinions, or theories. Id. §
2000aa-7(b)(1)-(3). Documentary materials are those "upon
which information is recorded, and includes, . . . [magnetically] or
electronically recorded cards, tapes, or discs . . . ." Id. §
2000aa-7(a). Thus, the PPA will protect floppy dis[k]s,
CD-ROMS, and computer hard drives. See Winick, supra note 25, at 122.
[FN270]. S. Rep. No. 96-874, at 17 (1980),
reprinted in 1980 U.S.C.C.A.N. 3964, 3964.
[FN271]. 42 U.S.C. §
2000aa(a)(1), (b)(1).
[FN272]. H.R. Rep. No. 96-1064, at 7
(1980).
[FN273]. 42 U.S.C. §
2000aa(a)(1). The PPA does exclude a few enumerated
items from this possession clause, including: (1) items relating to national
defense; (2) classified material; (3) child pornography; and (4) material concerning the sale of children. Id.
[FN274]. See Computer Guidelines, supra
note 12, at 75. For example, if a reporter possessed a smuggled corporate
document discussing a defective product, officers without this exemption could
circumnavigate the Act's legislative intent by charging the reporter with
possession of stolen goods. Id.
[FN275]. 42 U.S.C. §
2000aa(a)(2), (b)(2). Under documentary materials, additional
exceptions include: (1) that giving notice would lead to destruction,
alteration, or concealment of the material, and (2) the materials have not been
produced pursuant to a court order and "all appellate remedies have been
exhausted or . . . further [delay] . . . would threaten the interests of
justice." Id. §
2000aa(b)(3)-(4).
[FN276]. In Steve Jackson Games, Inc., the
court relied primarily on the company's publishing activities, rather than its
bulletin board system in applying the PPA. Steve Jackson Games, Inc. v. United States Secret
Serv., 816 F. Supp. 432, 434 n.1 (W.D. Tex. 1994), aff'd, 36 F.3d 457 (5th Cir. 1994); see Computer
Guidelines, supra note 12, at 81; Winick, supra note 25, at 99-100 & n.142.
[FN277]. Winick, supra note 25, at 100
(footnote omitted).
[FN278]. Computer Guidelines, supra note
12, at 78.
[FN279]. See id. at 82.
[FN280]. Id.
[FN281]. See generally United States v. Hillyard, 677 F.2d 1336, 1340 (9th Cir. 1982) ("Cases may
arise in which stolen goods are intermingled with and practicably
indistinguishable from legitimate goods. If commingling prevents on-site
inspection, . . . the entire property may be seizable, at least temporarily.");
National City Trading Corp. v. United States, 635
F.2d 1020, 1026-27 (2d Cir. 1980) (finding a law office and a
targeted business that shared office space were so commingled that the entire
suite was subject to search).
[FN282]. See supra note 281 and
accompanying text.
[FN283]. 42 U.S.C. §
2000aa-6(a) (1994). "A person having a cause of action under this section shall be entitled to
recover actual damages but not less than liquidated damages of $1,000, and such
reasonable attorneys' fees and other litigation costs reasonably
incurred." Id. §
2000aa-6(f).
[FN284]. See State v. One (1) Pioneer CD-ROM Changer, 891
P.2d 600, 607 (Okla. Ct. App. 1994).
[FN285]. Title I of the ECPA is codified at
18 U.S.C. § § 2510-2522 (1994). Title II of the ECPA is codified at 18 U.S.C. § §
2701-2711.
[FN286]. Megan Connor Bertron, Home Is
Where Your Modem Is: An Appropriate
Application of Search and Seizure Law to Electronic Mail, 34 Am. Crim.
L. Rev. 163, 176 (1996) (quoting S. Rep. No. 99-541, at 1 (1986), reprinted in
1986 U.S.C.C.A.N. 3555, 3555).
[FN287]. See Electronic Communications
Privacy Act of 1986, Pub. L. No. 99-508, 1986 U.S.C.C.A.N. (100 Stat. 1848)
1848, 1848 (codified at 18 U.S.C. §
2510).
[FN288]. See id. at 1860-61 (codified at 18 U.S.C. §
2701).
[FN289]. 18 U.S.C. §
2511(1)(a), (c).
[FN290]. Id. § 2510(12). Prior to the
ECPA's enactment the Federal Wiretap Act only included wire or oral
communications. Id. § 2511(1).
[FN291]. See infra Part IV.B.1.a.
[FN292]. See infra Part IV.B.1.b.
[FN293].See infra Part IV.B.1.c.
[FN294]. See infra Part IV.B.1.d.
[FN296]. See Steve Jackson Games, Inc. v. United States Secret
Serv., 36 F.3d 457, 462 (5th Cir. 1994) ("Congress
did not intend for 'intercept' to apply to 'format electronic communications'
when those communications are in 'electronic storage."'); Bohach v. City of Reno, 932 F. Supp. 1232, 1236 (D.
Nev. 1996) ("An 'electronic communication,' by definition,
cannot be 'intercepted' when it is in 'electronic storage . . . ."'); United States v. Reyes, 922 F. Supp. 818, 836 (S.D.N.Y. 1996)
("Therefore, intercepting an electronic communication essentially means acquiring
the transfer of data. Taken together, the definitions thus imply a requirement
that the acquisition of the data be simultaneous with the original transmission
of the data.").
[FN297]. See United States v. Reyes, 922 F. Supp. at 836.
[FN298]. See Nicole Giallonardo, Casenote,
Steve Jackson Games v. United States Secret Service: The Government's
Unauthorized Seizure of Private E-mail Warrants More Than the Fifth Circuit's
Slap on the Wrist, 14 J. Marshall J. Computer & Info. L. 179, 196-98 (1995).
[FN299]. 18 U.S.C. §
2701(a), (c)(3).
[FN301]. Giallonardo, supra note 298, at
197 (footnotes omitted).
[FN302]. 18 U.S.C. §
2510(12).
[FN303]. S. Rep. No. 99-541, at 3 (1986),
reprinted in 1986 U.S.C.C.A.N. 3555,
3565-66.
[FN304]. Winick, supra note 25, at 91.
[FN305]. Id.
[FN306]. S. Rep. No. 99-541, at 3,
reprinted in 1986 U.S.C.C.A.N. at 3566.
[FN307]. Id.
[FN308]. 18 U.S.C. §
2511(2)(a)(i) (1994).
[FN309]. Id.
[FN310]. Id. §
2511(2)(g)(i).
[FN311]. For a discussion of the plain view
doctrine see supra Part II.A.1.a.
[FN312]. 18 U.S.C. §
2511(3)(b)(iv).
[FN313]. Winick, supra note 25, at 94.
[FN314]. 18 U.S.C. §
2518(10)(a).
[FN315]. Winick, supra note 25, at 93.
[FN316]. 18 U.S.C. §
2520(b)(1).
[FN317]. Id. §
2701(a)(1).
[FN318]. Id. § 2702(a)(1)-(2).
[FN319]. See infra Part IV.B.2.a.
[FN320]. See infra Part IV.B.2.b.
[FN321]. See infra Part IV.B.2.c.
[FN322]. See infra Part IV.B.2.d.
[FN323]. See 18 U.S.C. §
2703(a).
[FN324]. Id.
[FN326]. Id. §
2703(b)(A).
[FN327]. Id. §
2703(b)(B).
[FN328]. Id. §
2510(17)(A).
[FN329]. Computer Guidelines, supra note
12, at 86 (quoting 18 U.S.C. §
2510(17)).
[FN330]. 18 U.S.C. §
2701(c)(1).
[FN331]. Winick, supra note 25, at 97-98.
[FN332]. See 18 U.S.C. §
2702(b).
[FN333]. Id. §
2702(b)(1), (3).
[FN334]. Id. §
2702(b)(6).
[FN335]. S. Rep. No. 99-541, at 38 (1986),
reprinted in 1986 U.S.C.C.A.N. 3555, 3592.
[FN336]. 18 U.S.C. §
2702(a)(1).
[FN337]. Computer Guidelines, supra note
12, at 84.
[FN338]. Id.
[FN339]. Id.
[FN340]. Giallonardo, supra note 298, at
202.
[FN341]. 18 U.S.C. §
2518(1). The comprehensive elements are: (1) the identity of
the officer making the application; (2) a complete set of facts detailing the
nature of the offense, the location, the type of communications sought, and the
identities of the involved parties; (3) a complete statement as to whether other investigative procedures have
failed, and why they are unlikely to succeed in the future; (4) a statement as to
the time period for interception; (5) a complete statement concerning all other
applications made for interception; and (6) if an application for extension,
the officer must detail the material gained thus far from the interception. Id.
§
2518(1)(a)- (f).
[FN342]. Id. §
2703(a)-(b).
END OF DOCUMENT