Many of the provisions of the PATRIOT Act relevant here would, unless reenacted into law, sunset on December 31, 2005. Accordingly, prosecutors and agents are urged to inform the Computer Crime and Intellectual Property Section (CCIPS), at 202-514-1026, whenever use of the new authorities proves helpful in a criminal case. This information will help ensure that Congress is fully informed when deciding whether to reenact these provision.
Nathan Judish of CCIPS took primary responsibility for the revisions in this Manual, under the supervison of Martha Stansell-Gamm, Chief of the Computer Crime and Intellectual Property Section. Assistance in editing was provided by CCIPS attorneys (in alphabetical order): Richard Downing, Mark Eckenwiler, David Green, Patricia McGarry, Paul Ohm, Richard Salgado, Michael Sussmann, and summer interns Matthew Heintz, Andrew Ting, Arun Subramanian, and Amalie Weber.
Also providing helpful suggestions were Thos. Gregory Motta and Lynn Pierce of the Office of General Counsel of the Federal Bureau of Investigation, and "Computer and Telecommunication Coordinators (CTCs)" Arif Alikhan, Mark Califano, Scott Christie, and Steven Schroeder.
This edition owes a tremendous debt to Orin S. Kerr, principal author of the 2001 edition, who departed from the Department of Justice in 2001 to teach at the George Washington University Law School. The 2001 edition superseded the 1994 Federal Guidelines for Searching and Seizing Computers, and reflected an enormous expenditure of time and thought on the part of Mr. Kerr and a number of attorneys at CCIPS, AUSAs, and specialists at the Federal Bureau of Investigation and other federal agencies. The organization and analysis of the 2001 edition has been retained here - not because of inertia, but because they have proven to be sound and enduring.
As is true with most efforts of this kind, the Manual is intended to offer assistance, not authority. Its analysis and conclusions reflect current thinking on difficult areas of law, and do not represent the official position of the Department of Justice or any other agency. It has no regulatory effect, and confers no rights or remedies.
Electronic copies of this document are available from the Computer Crime and Intellectual Property Section's web site, www.cybercrime.gov. The electronic version will be periodically updated, and prosecutors and agents are advised to check the website's version for the latest developments. Inquiries, comments, and corrections should be directed to Nathan Judish at (202) 514-1026. Requests for paper copies or written correspondence will be honored only when made by law enforcement officials or by public institutions. Such requests should be sent to the following address:
Attn:
Search and Seizure Manual
Computer Crime and Intellectual Property Section
10th & Constitution Ave., NW
John C. Keeney Bldg., Suite 600
Washington, DC 20530
In the last decade, computers and the Internet have entered the mainstream of American life. Millions of Americans spend several hours every day in front of computers, where they send and receive e-mail, surf the Web, maintain databases, and participate in countless other activities.
Unfortunately, those who commit crime have not missed the computer revolution. An increasing number of criminals use pagers, cellular phones, laptop computers and network servers in the course of committing their crimes. In some cases, computers provide the means of committing crime. For example, the Internet can be used to deliver a death threat via e-mail; to launch hacker attacks against a vulnerable computer network; to disseminate computer viruses; or to transmit images of child pornography. In other cases, computers merely serve as convenient storage devices for evidence of crime. For example, a drug kingpin might keep a list of who owes him money in a file stored in his desktop computer at home, or a money laundering operation might retain false financial records in a file on a network server.
The dramatic increase in computer-related crime requires prosecutors and law enforcement agents to understand how to obtain electronic evidence stored in computers. Electronic records such as computer network logs, e-mails, word processing files, and ".jpg" picture files increasingly provide the government with important (and sometimes essential) evidence in criminal cases. The purpose of this publication is to provide Federal law enforcement agents and prosecutors with systematic guidance that can help them understand the legal issues that arise when they seek electronic evidence in criminal investigations.
The law governing electronic evidence in criminal investigations has two primary sources: the Fourth Amendment to the U.S. Constitution, and the statutory privacy laws codified at 18 U.S.C. §§ 2510-22, 18 U.S.C. §§ 2701-12, and 18 U.S.C. §§ 3121-27. Although constitutional and statutory issues overlap in some cases, most situations present either a constitutional issue under the Fourth Amendment or a statutory issue under these three statutes. This manual reflects that division: Chapters 1 and 2 address the Fourth Amendment law of search and seizure, and Chapters 3 and 4 focus on the statutory issues, which arise mostly in cases involving computer networks and the Internet.
Chapter 1 explains the restrictions that the Fourth Amendment places on the warrantless search and seizure of computers and computer data. The chapter begins by explaining how the courts apply the "reasonable expectation of privacy" test to computers; turns next to how the exceptions to the warrant requirement apply in cases involving computers; and concludes with a comprehensive discussion of the difficult Fourth Amendment issues raised by warrantless workplace searches of computers. Questions addressed in this chapter include: When does the government need a search warrant to search and seize a suspect's computer? Can an investigator search without a warrant through a suspect's pager found incident to arrest? Does the government need a warrant to search a government employee's desktop computer located in the employee's office?
Chapter 2 discusses the law that governs the search and seizure of computers pursuant to search warrants. The chapter begins by reviewing the steps that investigators should follow when planning and executing searches to seize computer hardware and computer data with a warrant. In particular, the chapter focuses on two issues: first, how investigators should plan to execute computer searches, and second, how they should draft the proposed search warrants and their accompanying affidavits. Finally, the chapter ends with a discussion of post-search issues. Questions addressed in the chapter include: When should investigators plan to search computers on the premises, and when should they remove the computer hardware and search it later off-site? How should investigators plan their searches to avoid civil liability under the Privacy Protection Act, 42 U.S.C. § 2000aa? How should prosecutors draft search warrant language so that it complies with the particularity requirement of the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure? What is the law governing when the government must search and return seized computers?
The focus of Chapter 3 is the stored communications portion of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-12 ("ECPA"). ECPA governs how investigators can obtain stored account records and contents from network service providers, including Internet service providers (ISPs), telephone companies, cell phone service providers, and satellite services. ECPA issues arise often in cases involving the Internet: any time investigators seek stored information concerning Internet accounts from providers of Internet service, they must comply with the statute. This chapter includes amendments to ECPA specified by the USA PATRIOT Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001) (the "PATRIOT Act"). The PATRIOT Act clarified and updated ECPA in light of modern technologies, and in several respects it eased restrictions on law enforcement access to stored communications. Topics covered in this section include: How can the government obtain e-mails and network account logs from ISPs? When does the government need to obtain a search warrant, as opposed to 18 U.S.C. § 2703(d) order or a subpoena? When can providers disclose e-mails and records to the government voluntarily? What remedies will courts impose when ECPA has been violated?
Chapter 4 reviews the legal framework that governs electronic surveillance, with particular emphasis on how the statutes apply to surveillance on the communications networks. In particular, the chapter discusses Title III as modified by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-22 (referred to here as "Title III"), (1) as well as the Pen Register and Trap and Trace Devices statute, 18 U.S.C. §§ 3121-27. This chapter also includes amendments to these statutes specified by the PATRIOT Act. These statutes govern when and how the government can conduct real-time surveillance, such as monitoring a computer hacker's activity as he breaks into a government computer network. Topics addressed in this chapter include: When can victims of computer crime monitor unauthorized intrusions into their networks and disclose that information to law enforcement? Can network "banners" generate implied consent to monitoring? How can the government obtain a pen register/trap and trace order that permits the government to collect packet header information from Internet communications? What remedies will courts impose when the electronic surveillance statutes have been violated?
Of course, the issues discussed in Chapters 1 through 4 can overlap in actual cases. An investigation into computer hacking may begin with obtaining stored records from an ISP according to Chapter 3, move next to an electronic surveillance phase implicating Chapter 4, and then conclude with a search of the suspect's residence and a seizure of his computers according to Chapters 1 and 2. In other cases, agents and prosecutors must understand issues raised in multiple chapters not just in the same case, but at the same time. For example, an investigation into workplace misconduct by a government employee may implicate all of Chapters 1 through 4. Investigators may want to obtain the employee's e-mails from the government network server (implicating ECPA, discussed in Chapter 3); may wish to monitor the employee's use of the telephone or Internet in real-time (raising surveillance issues from Chapter 4); and at the same time, may need to search the employee's desktop computer in his office for clues of the misconduct (raising search and seizure issues from Chapters 1 and 2). Because the constitutional and statutory regimes can overlap in certain cases, agents and prosecutors will need to understand not only all of the legal issues covered in Chapters 1 through 4, but will also need to understand the precise nature of the information to be gathered in their particular cases.
Chapters 1 through 4 are followed by a short Chapter 5, which discusses evidentiary issues that arise frequently in computer-related cases. The publication concludes with appendices that offer sample forms, language, and orders.
Computer crime investigations raise many novel issues, and the courts have only begun to interpret how the Fourth Amendment and federal statutory laws apply to computer-related cases. Agents and prosecutors who need more detailed advice can rely on several resources for further assistance. At the federal district level, every United States Attorney's Office has at least one Assistant U.S. Attorney who has been designated as a Computer and Telecommunications Coordinator ("CTC"). Every CTC receives extensive training in computer-related crime, and is primarily responsible for providing expertise relating to the topics covered in this manual within his or her district. CTCs may be reached in their district offices. Further, several sections within the Criminal Division of the United States Department of Justice in Washington, D.C., have expertise in computer-related fields. The Office of International Affairs ((202) 514-0000) provides expertise in the many computer crime investigations that raise international issues. The Office of Enforcement Operations ((202) 514-6809) provides expertise in the wiretapping laws and other privacy statutes discussed in Chapters 3 and 4. Also, the Child Exploitation and Obscenity Section ((202) 514-5780) provides expertise in computer-related cases involving child pornography and child exploitation.
Finally, agents and prosecutors
are always welcome to contact the Computer Crime and Intellectual Property Section
("CCIPS") directly both for general advice and specific case-related assistance.
During regular business hours, at least two CCIPS attorneys are on duty to answer
questions and provide assistance to agents and prosecutors on the topics covered
in this document, as well as other matters that arise in computer crime cases.
The main number for CCIPS is (202) 514-1026. After hours, CCIPS can be reached
through the Justice Command Center at (202) 514-5000.
The Fourth Amendment limits the ability of government agents to search for evidence without a warrant. This chapter explains the constitutional limits of warrantless searches in cases involving computers.
The Fourth Amendment states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
According to the Supreme
Court, a warrantless search does not violate the Fourth Amendment if one of
two conditions is satisfied. First, if the government's conduct does not violate
a person's "reasonable expectation of privacy," then formally it does not constitute
a Fourth Amendment "search" and no warrant is required. See
Illinois v. Andreas, 463 U.S.
765, 771 (1983). Second, a warrantless search that violates a person's reasonable
expectation of privacy will nonetheless be "reasonable" (and therefore constitutional)
if it falls within an established exception to the warrant requirement. See
Illinois v. Rodriguez, 497 U.S.
177, 185 (1990). Accordingly, investigators must consider two issues when asking
whether a government search of a computer requires a warrant. First, does the
search violate a reasonable expectation of privacy? And if so, is the search
nonetheless reasonable because it falls within an exception to the warrant requirement?
A search is constitutional if it does not violate a person's "reasonable" or "legitimate" expectation of privacy. Katz v. United States, 389 U.S. 347, 362 (1967) (Harlan, J., concurring). This inquiry embraces two discrete questions: first, whether the individual's conduct reflects "an actual (subjective) expectation of privacy," and second, whether the individual's subjective expectation of privacy is "one that society is prepared to recognize as 'reasonable.'" Id. at 361. In most cases, the difficulty of contesting a defendant's subjective expectation of privacy focuses the analysis on the objective aspect of the Katz test, i.e., whether the individual's expectation of privacy was reasonable.
No bright line rule indicates whether an expectation of privacy is constitutionally reasonable. See O'Connor v. Ortega, 480 U.S. 709, 715 (1987). For example, the Supreme Court has held that a person has a reasonable expectation of privacy in property located inside a person's home, see Payton v. New York, 445 U.S. 573, 589-90 (1980); in "the relative heat of various rooms in the home" revealed through the use of a thermal imager, see Kyllo v. United States, 533 U.S. 27 (2001); in conversations taking place in an enclosed phone booth, see Katz, 389 U.S. at 358; and in the contents of opaque containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982). In contrast, a person does not have a reasonable expectation of privacy in activities conducted in open fields, see Oliver v. United States, 466 U.S. 170, 177 (1984); in garbage deposited at the outskirts of real property, see California v. Greenwood, 486 U.S. 35, 40-41 (1988); or in a stranger's house that the person has entered without the owner's consent in order to commit a theft, see Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978).
2. Reasonable Expectation of Privacy in Computers as Storage Devices
To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer without a warrant if it would be prohibited from opening a closed container and examining its contents in the same situation.
The most basic Fourth Amendment question in computer cases asks whether an individual enjoys a reasonable expectation of privacy in electronic information stored within computers (or other electronic storage devices) under the individual's control. For example, do individuals have a reasonable expectation of privacy in the contents of their laptop computers, floppy disks or pagers? If the answer is "yes," then the government ordinarily must obtain a warrant before it accesses the information stored inside.
When confronted with this issue, courts have analogized electronic storage devices to closed containers, and have reasoned that accessing the information stored within an electronic storage device is akin to opening a closed container. Because individuals generally retain a reasonable expectation of privacy in the contents of closed containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982), they also generally retain a reasonable expectation of privacy in data held within electronic storage devices. Accordingly, accessing information stored in a computer ordinarily will implicate the owner's reasonable expectation of privacy in the information. See United States v. Barth, 26 F. Supp. 2d 929, 936-37 (W.D. Tex. 1998) (finding reasonable expectation of privacy in files stored on hard drive of personal computer); United States v. Reyes, 922 F. Supp. 818, 832-33 (S.D.N.Y. 1996) (finding reasonable expectation of privacy in data stored in a pager); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995) (same); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993) (same); United States v. Blas, 1990 WL 265179, at *21 (E.D. Wis. Dec. 4, 1990) ("[A]n individual has the same expectation of privacy in a pager, computer, or other electronic data storage and retrieval device as in a closed container.").
Although courts have generally agreed that electronic storage devices can be analogized to closed containers, they have reached differing conclusions over whether each individual file stored on a computer or disk should be treated as a separate closed container. In two cases, the Fifth Circuit has determined that a computer disk containing multiple files is a single container for Fourth Amendment purposes. First, in United States v. Runyan, 275 F.3d 449, 464-65 (5th Cir. 2001), in which private parties had searched certain files and found child pornography, the Fifth Circuit held that the police did not exceed the scope of the private search when they examined additional files on any disk that had been, in part, privately searched. Analogizing a disk to a closed container, the court explained that "police do not exceed the private search when they examine more items within a closed container than did the private searchers." Id. at 464. Second, in United States v. Slanina, 283 F.3d 670, 680 (5th Cir. 2002), the court held that when a warrantless search of a portion of a computer and zip disk had been justified, the defendant no longer retained any reasonable expectation of privacy in the remaining contents of the computer and disk, and thus a comprehensive search by law enforcement personnel did not violate the Fourth Amendment.
In contrast to the Fifth Circuit's approach, the Tenth Circuit has refused to allow such exhaustive searches of a computer's hard in the absence of a warrant or some exception to the warrant requirement. See United States v. Carey, 172 F.3d 1268, 1273-75 (10th Cir. 1999) (ruling that agent exceeded the scope of a warrant to search for evidence of drug sales when he "abandoned that search" and instead searched for evidence of child pornography for five hours). In particular, the Tenth Circuit cautioned in a later case that "[b]ecause computers can hold so much information touching on many different areas of a person's life, there is greater potential for the 'intermingling' of documents and a consequent invasion of privacy when police execute a search for evidence on a computer." United States v. Walser, 275 F.3d 981, 986 (10th Cir. 2001).
Although individuals generally retain a reasonable expectation of privacy in computers under their control, special circumstances may eliminate that expectation. For example, an individual will not retain a reasonable expectation of privacy in information from a computer that the person has made openly available. In United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents looking over the defendant's shoulder read the defendant's password from the screen as the defendant typed his password into a handheld computer. The court found no Fourth Amendment violation in obtaining the password, because the defendant did not enjoy a reasonable expectation of privacy "in the display that appeared on the screen." Id. at 1389. See also Katz v. United States, 389 U.S. 347, 351 (1967) ("What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection."); United States v. Gorshkov, 2001 WL 1024026, at *2 (W.D. Wash. May 23, 2001) (holding that defendant did not have a reasonable expectation of privacy in use of a private computer network when undercover federal agents looked over his shoulder, when he did not own the computer he used, and when he knew that the system administrator could monitor his activities). Nor will individuals generally enjoy a reasonable expectation of privacy in the contents of computers they have stolen. See United States v. Lyons, 992 F.2d 1029, 1031-32 (10th Cir. 1993).
3. Reasonable Expectation of Privacy and Third-Party Possession
Individuals who retain a reasonable expectation of privacy in stored electronic information under their control may lose Fourth Amendment protections when they relinquish that control to third parties. For example, an individual may offer a container of electronic information to a third party by bringing a malfunctioning computer to a repair shop, or by shipping a floppy diskette in the mail to a friend. Alternatively, a user may transmit information to third parties electronically, such as by sending data across the Internet. When law enforcement agents learn of information possessed by third parties that may provide evidence of a crime, they may wish to inspect it. Whether the Fourth Amendment requires them to obtain a warrant before examining the information depends first upon whether the third-party possession has eliminated the individual's reasonable expectation of privacy.
To analyze third-party possession issues, it helps first to distinguish between possession by a carrier in the course of transmission to an intended recipient, and subsequent possession by the intended recipient. For example, if A hires B to carry a package to C, A's reasonable expectation of privacy in the contents of the package during the time that B carries the package on its way to C may be different than A's reasonable expectation of privacy after C has received the package. During transmission, contents generally retain Fourth Amendment protection. The government ordinarily may not examine the contents of a package in the course of transmission without a warrant. Government intrusion and examination of the contents ordinarily violates the reasonable expectation of privacy of both the sender and receiver. See United States v. Villarreal, 963 F.2d 770, 774 (5th Cir. 1992); but see United States v. Walker, 20 F. Supp. 2d 971, 973-74 (S.D.W. Va. 1998) (concluding that packages sent to an alias in furtherance of a criminal scheme do not support a reasonable expectation of privacy). This rule applies regardless of whether the carrier is owned by the government or a private company. Compare Ex Parte Jackson, 96 U.S. (6 Otto) 727, 733 (1877) (public carrier) with Walter v. United States, 447 U.S. 649, 651 (1980) (private carrier).
A government "search" of an intangible electronic signal in the course of transmission may also implicate the Fourth Amendment. See Berger v. New York, 388 U.S. 41, 58-60 (1967) (applying the Fourth Amendment to a wire communication in the context of a wiretap). The boundaries of the Fourth Amendment in such cases remain hazy, however, because Congress addressed the Fourth Amendment concerns identified in Berger by passing Title III of the Omnibus Crime Control and Safe Streets Act of 1968 ("Title III"), 18 U.S.C. §§ 2510-2522. Title III, which is discussed fully in Chapter 4, provides a comprehensive statutory framework that regulates real-time monitoring of wire and electronic communications. Its scope encompasses, and in many significant ways exceeds, the protection offered by the Fourth Amendment. See United States v. Torres, 751 F.2d 875, 884 (7th Cir. 1985); Chandler v. United States Army, 125 F.3d 1296, 1298 (9th Cir. 1997). As a practical matter, then, the monitoring of wire and electronic communications in the course of transmission generally raises many statutory questions, but few constitutional ones. See generally Chapter 4.
Individuals may lose Fourth Amendment protection in their computer files if they lose control of the files.
Once an item has been received by the intended recipient, the sender's reasonable expectation of privacy generally depends upon whether the sender can reasonably expect to retain control over the item and its contents. When a person leaves a package with a third party for temporary safekeeping, for example, he usually retains control of the package, and thus retains a reasonable expectation of privacy in its contents. See, e.g., United States v. Most, 876 F.2d 191, 197-98 (D.C. Cir. 1989) (finding reasonable expectation of privacy in contents of plastic bag left with grocery store clerk); United States v. Barry, 853 F.2d 1479, 1481-83 (8th Cir. 1988) (finding reasonable expectation of privacy in locked suitcase stored at airport baggage counter); United States v. Presler, 610 F.2d 1206, 1213-14 (4th Cir. 1979) (finding reasonable expectation of privacy in locked briefcases stored with defendant's friend for safekeeping). See also United States v. Barth, 26 F. Supp. 2d 929, 936-37 (W.D. Tex. 1998) (holding that defendant retains a reasonable expectation of privacy in computer files contained in hard drive left with computer technician for limited purpose of repairing computer).
If the sender cannot reasonably expect to retain control over the item in the third party's possession, however, the sender no longer retains a reasonable expectation of privacy in its contents. For example, in United States v. Horowitz, 806 F.2d 1222 (4th Cir. 1986), the defendant e-mailed confidential pricing information relating to his employer to his employer's competitor. After the FBI searched the competitor's computers and found the pricing information, the defendant claimed that the search violated his Fourth Amendment rights. The Fourth Circuit disagreed, holding that the defendant relinquished his interest in and control over the information by sending it to the competitor for the competitor's future use. See id. at 1225-26. See also United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (holding that defendant does not retain reasonable expectation of privacy in contents of e-mail message sent to America Online chat room after the message has been received by chat room participants) (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). In some cases, the sender may initially retain a right to control the third party's possession, but may lose that right over time. The general rule is that the sender's Fourth Amendment rights dissipate as the sender's right to control the third party's possession diminishes. For example, in United States v. Poulsen, 41 F.3d 1330 (9th Cir. 1994), computer hacker Kevin Poulsen left computer tapes in a locker at a commercial storage facility but neglected to pay rent for the locker. Following a warrantless search of the facility, the government sought to use the tapes against Poulsen. The Ninth Circuit held that the search did not violate Poulsen's reasonable expectation of privacy because under state law Poulsen's failure to pay rent extinguished his right to access the tapes. See id. at 1337.
An important line of Supreme Court cases states that individuals generally cannot reasonably expect to retain control over mere information revealed to third parties, even if the senders have a subjective expectation that the third parties will keep the information confidential. For example, in United States v. Miller, 425 U.S. 435, 443 (1976), the Court held that the Fourth Amendment does not protect bank account information that account holders divulge to their banks. By placing information under the control of a third party, the Court stated, an account holder assumes the risk that the information will be conveyed to the government. Id. According to the Court, "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." Id. (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). See also Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (finding no reasonable expectation of privacy in phone numbers dialed by owner of a telephone because act of dialing the number effectively tells the number to the phone company); Couch v. United States, 409 U.S. 322, 335 (1973) (holding that government may subpoena accountant for client information given to accountant by client, because client retains no reasonable expectation of privacy in information given to accountant).
Because computer data is "information," this line of cases suggests that individuals who send data over communications networks may lose Fourth Amendment protection in the data once it reaches the intended recipient. See United States v. Meriwether, 917 F.2d 955, 959 (6th Cir. 1990) (suggesting that an electronic message sent via a pager is "information" under the Smith/Miller line of cases); Charbonneau, 979 F. Supp. at 1184 ("[A]n e-mail message . . . cannot be afforded a reasonable expectation of privacy once that message is received."). But see C. Ryan Reetz, Note, Warrant Requirement for Searches of Computerized Information, 67 B.U. L. Rev. 179, 200-06 (1987) (arguing that certain kinds of remotely stored computer files should retain Fourth Amendment protection, and attempting to distinguish United States v. Miller and Smith v. Maryland). Of course, the absence of constitutional protections does not necessarily mean that the government can access the data without a warrant or court order. Statutory protections exist that generally protect the privacy of electronic communications stored remotely with service providers, and can protect the privacy of Internet users when the Fourth Amendment may not. See 18 U.S.C. §§ 2701-2712 (discussed in Chapter 3, infra).
Defendants will occasionally raise a Fourth Amendment challenge to the acquisition of account records and subscriber information held by Internet service providers using less process than a full search warrant. As discussed in a later chapter, the Electronic Communications Privacy Act permits the government to obtain transactional records with an "articulable facts" court order, and basic subscriber information with a subpoena. See 18 U.S.C. §§ 2701-2712 (discussed in Chapter 3, infra). These statutory procedures comply with the Fourth Amendment because customers of Internet service providers do not have a reasonable expectation of privacy in customer account records maintained by and for the provider's business. See United States v. Hambrick, 55 F. Supp. 2d 504, 508 (W.D. Va. 1999), aff'd, 225 F.3d 656 (4th Cir. 2000) (unpublished opinion) (finding no Fourth Amendment protection for network account holder's basic subscriber information obtained from Internet service provider); United States v. Kennedy, 81 F. Supp. 2d 1103, 1110) (D. Kan. 2000) (same). This rule accords with prior cases considering the scope of Fourth Amendment protection in customer account records. See, e.g., United States v. Fregoso, 60 F.3d 1314, 1321 (8th Cir. 1995) (holding that a telephone company customer has no reasonable expectation of privacy in account information disclosed to the telephone company); In re Grand Jury Proceedings, 827 F.2d 301, 302-03 (8th Cir. 1987) (holding that customer account records maintained and held by Western Union are not entitled to Fourth Amendment protection).
4. Private Searches
The Fourth Amendment does not apply to searches conducted by private parties who are not acting as agents of the government.
The Fourth Amendment "is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official." United States v. Jacobsen, 466 U.S. 109, 113 (1984) (internal quotation omitted). As a result, no violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement. See id. For example, in United States v. Hall, 142 F.3d 988 (7th Cir. 1998), the defendant took his computer to a private computer specialist for repairs. In the course of evaluating the defendant's computer, the repairman observed that many files stored on the computer had filenames characteristic of child pornography. The repairman accessed the files, saw that they did in fact contain child pornography, and then contacted the state police. The tip led to a warrant, the defendant's arrest, and his conviction for child pornography offenses. On appeal, the Seventh Circuit rejected the defendant's claim that the repairman's warrantless search through the computer violated the Fourth Amendment. Because the repairman's search was conducted on his own, the court held, the Fourth Amendment did not apply to the search or his later description of the evidence to the state police. See id. at 993. See also United States v. Kennedy, 81 F. Supp. 2d 1103, 1112 (D. Kan. 2000) (concluding that searches of defendant's computer over the Internet by an anonymous caller and employees of a private ISP did not violate Fourth Amendment because there was no evidence that the government was involved in the search).
In United States v. Jacobsen, 466 U.S. 109 (1984), the Supreme Court presented the framework that should guide agents seeking to uncover evidence as a result of a private search. According to Jacobsen, agents who learn of evidence via a private search can reenact the original private search without violating any reasonable expectation of privacy. What the agents cannot do without a warrant is "exceed[] the scope of the private search." Id. at 115. See also United States v. Miller, 152 F.3d 813, 815-16 (8th Cir. 1998); United States v. Donnes, 947 F.2d 1430, 1434 (10th Cir. 1991). But see United States v. Allen, 106 F.3d 695, 699 (6th Cir. 1999) (dicta) (stating in dicta that Jacobsen does not permit law enforcement to reenact a private search of a private home or residence). This standard requires agents to limit their investigation to the scope of the private search when searching without a warrant after a private search has occurred. So long as the agents limit themselves to the scope of the private search, the agents' search will not violate the Fourth Amendment. However, as soon as agents exceed the scope of the private warrantless search, any evidence uncovered may be vulnerable to a motion to suppress.
In computer cases, law enforcement use of the private search doctrine will depend in part on whether law enforcement examination of files not examined during the private search is seen as exceeding the scope of the private warrantless search. See United States v. Runyan, 275 F.3d 449, 464-65 (5th Cir. 2001) (holding that police did not exceed the scope of a private search when they examined more files on privately searched disks than had the private searchers). Under the approach adopted by the Fifth Circuit in Runyan, a third-party search of a single file on a computer allows a warrantless search by law enforcement of the computer's entire contents. Other courts, however, may reject the Fifth Circuit's approach and rule that government searchers can view only those files whose contents were revealed in the private search. See United States v. Barth, 26 F. Supp. 2d 929, 937 (W.D. Tex. 1998) (holding, in a pre-Runyan case, that agents who viewed more files than private searcher exceeded the scope of the private search). Even if courts follow the more restrictive approach, the information gleaned from the private search will often be useful in providing the probable cause needed to obtain a warrant for a further search. (2)
Although most private search issues arise when private third parties intentionally examine property and offer evidence of a crime to law enforcement, the same framework applies when third parties inadvertently expose evidence of a crime to plain view. For example, in United States v. Procopio, 88 F.3d 21 (1st Cir. 1996), a defendant stored incriminating files in his brother's safe. Later, thieves stole the safe, opened it, and abandoned it in a public park. Police investigating the theft of the safe found the files scattered on the ground nearby, gathered them, and then used them against the defendant in an unrelated case. The First Circuit held that the use of the files did not violate the Fourth Amendment, because the files were made openly available by the thieves' private search. See id. at 26-27 (citing Jacobsen, 466 U.S. at 113).
Importantly, the fact that the person conducting a search is not a government employee does not always mean that the search is "private" for Fourth Amendment purposes. A search by a private party will be considered a Fourth Amendment government search "if the private party act[s] as an instrument or agent of the Government." Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 614 (1989). The Supreme Court has offered little guidance on when private conduct can be attributed to the government; the Court has merely stated that this question "necessarily turns on the degree of the Government's participation in the private party's activities, . . . a question that can only be resolved 'in light of all the circumstances.'" Id. at 614-15 (quoting Coolidge v. New Hampshire, 403 U.S. 443, 487 (1971)). In the absence of a more definitive standard, the various federal Courts of Appeals have adopted a range of approaches for distinguishing between private and government searches. About half of the circuits apply a "totality of the circumstances" approach that examines three factors: whether the government knows of or acquiesces in the intrusive conduct; whether the party performing the search intends to assist law enforcement efforts at the time of the search; and whether the government affirmatively encourages, initiates or instigates the private action. See, e.g., United States v. Pervaz, 118 F.3d 1, 6 (1st Cir. 1997); United States v. Smythe, 84 F.3d 1240, 1242-43 (10th Cir. 1996); United States v. McAllister, 18 F.3d 1412, 1417-18 (7th Cir. 1994); United States v. Malbrough, 922 F.2d 458, 462 (8th Cir. 1990). Other circuits have adopted more rule-like formulations that focus on only two of these factors. See, e.g., United States v. Miller, 688 F.2d 652, 657 (9th Cir. 1982) (holding that private action counts as government conduct if, at the time of the search, the government knew of or acquiesced in the intrusive conduct, and the party performing the search intended to assist law enforcement efforts); United States v. Paige, 136 F.3d 1012, 1017 (5th Cir. 1998) (same); United States v. Lambert, 771 F.2d 83, 89 (6th Cir. 1985) (holding that a private individual is a state actor for Fourth Amendment purposes if the police instigated, encouraged or participated in the search, and the individual engaged in the search with the intent of assisting the police in their investigative efforts).
5. Use of Technology to Obtain Information
The government's use of
innovative technology to obtain information about a target can implicate the
Fourth Amendment. See Kyllo
v. United States, 533 U.S. 27 (2001). In Kyllo,
the Supreme Court held that the warrantless use of a thermal imager to reveal
the relative amount of heat released from the various rooms of a suspect's home
was a search that violated the Fourth Amendment. In particular, the Court held
that where law enforcement "uses a device that is not in general public use,
to explore details of the home that would previously have been unknowable without
a physical intrusion, the surveillance is a 'search' and is presumptively unreasonable
without a warrant." Id. at 40.
Use by the government of innovative technology not in general public use to
obtain information stored on or transmitted through computers or networks may
implicate this rule from Kyllo
and thus may require a warrant. Whether a technology falls within the scope
of the Kyllo rule depends on
at least two factors. First, the use of technology should not implicate Kyllo
if the technology is in "general public use," see
id. at 34 & 39 n.6, although
courts have not yet defined the standard for determining whether a given technology
meets this requirement. Second, the Supreme Court restricted its holding in
Kyllo to the use of technology
to reveal information about "the interior of the home." See
id. at 40 ("We have said that
the Fourth Amendment draws a firm line at the entrance to the house." (internal
citation omitted)).
C. Exceptions to the Warrant Requirement in Cases Involving Computers
Warrantless searches that violate a reasonable expectation of privacy will comply with the Fourth Amendment if they fall within an established exception to the warrant requirement. Cases involving computers often raise questions relating to how these "established" exceptions apply to new technologies.
1. Consent
Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search. See Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973). This consent may be explicit or implicit. See United States v. Milian-Rodriguez, 759 F.2d 1558, 1563-64 (11th Cir. 1985). Whether consent was voluntarily given is a question of fact that the court must decide by considering the totality of the circumstances. While no single aspect controls the result, the Supreme Court has identified the following important factors: the age, education, intelligence, physical and mental condition of the person giving consent; whether the person was under arrest; and whether the person had been advised of his right to refuse consent. See Schneckloth, 412 U.S. at 226. The government carries the burden of proving that consent was voluntary. See United States v. Matlock, 415 U.S. 164, 177 (1974); United States v. Price, 599 F.2d 494, 503 (2d Cir. 1979).
In computer crime cases, two consent issues arise particularly often. First, when does a search exceed the scope of consent? For example, when a target consents to the search of a machine, to what extent does the consent authorize the retrieval of information stored in the machine? Second, who is the proper party to consent to a search? Do roommates, friends, and parents have the authority to consent to a search of another person's computer files? (3)
a) Scope of Consent
"The scope of a consent to search is generally defined by its expressed object, and is limited by the breadth of the consent given." United States v. Pena, 143 F.3d 1363, 1368 (10th Cir. 1998) (internal quotation omitted). The standard for measuring the scope of consent under the Fourth Amendment is objective reasonableness: "What would the typical reasonable person have understood by the exchange between the [agent] and the [person granting consent]?" Florida v. Jimeno, 500 U.S. 248, 251 (1991). This requires a fact-intensive inquiry into whether it was reasonable for the agent to believe that the scope of consent included the items searched. Id. Of course, when the limits of the consent are clearly given, either before or during the search, agents must respect these bounds. See Vaughn v. Baldwin, 950 F.2d 331, 333 (6th Cir. 1991).
The permitted scope of consent searches depends on the facts of each case.
Computer cases often raise the question of whether consent to search a location or item implicitly includes consent to access the memory of electronic storage devices encountered during the search. In such cases, courts look to whether the particular circumstances of the agents' request for consent implicitly or explicitly limited the scope of the search to a particular type, scope, or duration. Because this approach ultimately relies on fact-driven notions of common sense, results reached in published opinions have hinged upon subtle (if not entirely inscrutable) distinctions. Compare United States v. Reyes, 922 F. Supp. 818, 834 (S.D.N.Y. 1996) (holding that consent to "look inside" a car included consent to retrieve numbers stored inside pagers found in car's back seat) with United States v. Blas, 1990 WL 265179, at *20 (E.D. Wis. Dec. 4, 1990) (holding that consent to "look at" a pager did not include consent to activate pager and retrieve numbers, because looking at pager could be construed to mean "what the device is, or how small it is, or what brand of pager it may be"). See also United States v. Carey, 172 F.3d 1268, 1274 (10th Cir. 1999) (reading written consent form extremely narrowly, so that consent to seizure of "any property" under the defendant's control and to "a complete search of the premises and property" at the defendant's address merely permitted the agents to seize the defendant's computer from his apartment, not to search the computer off-site because it was no longer located at the defendant's address). Prosecutors can strengthen their argument that the scope of consent included consent to search electronic storage devices by relying on analogous cases involving closed containers. See, e.g., United States v. Galante, 1995 WL 507249, at *3 (S.D.N.Y. Aug. 25, 1995) (holding that general consent to search car included consent to have officer access memory of cellular telephone found in the car, relying on circuit precedent involving closed containers); Reyes, 922 F. Supp. at 834.
Agents should be especially careful about relying on consent as the basis for a search of a computer when they obtain consent for one reason but then wish to conduct a search for another reason. In two recent cases, the Courts of Appeals suppressed images of child pornography found on computers after agents procured the defendant's consent to search his property for other evidence. In United States v. Turner, 169 F.3d 84 (1st Cir. 1999), detectives searching for physical evidence of an attempted sexual assault obtained written consent from the victim's neighbor to search the neighbor's "premises" and "personal property." Before the neighbor signed the consent form, the detectives discovered a large knife and blood stains in his apartment, and explained to him that they were looking for more evidence of the assault that the suspect might have left behind. See id. at 86. While several agents searched for physical evidence, one detective searched the contents of the neighbor's personal computer and discovered stored images of child pornography. The neighbor was charged with possessing child pornography. On interlocutory appeal, the First Circuit held that the search of the computer exceeded the scope of consent and suppressed the evidence. According to the Court, the detectives' statements that they were looking for signs of the assault limited the scope of consent to the kind of physical evidence that an intruder might have left behind. See id. at 88. By transforming the search for physical evidence into a search for computer files, the detective had exceeded the scope of consent. See id. See also Carey, 172 F.3d at 1277 (Baldock, J., concurring) (concluding that agents exceeded scope of consent by searching computer after defendant signed broadly-worded written consent form, because agents told defendant that they were looking for drugs and drug-related items rather than computer files containing child pornography) (citing Turner).
It is a good practice for agents to use written consent forms that state explicitly that the scope of consent includes consent to search computers and other electronic storage devices.
Because the decisions evaluating the scope of consent to search computers have reached sometimes unpredictable results, investigators should indicate the scope of the search explicitly when obtaining a suspect's consent to search a computer.
b) Third-Party Consent
i) General Rules
It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this "common area" as well.
The watershed case in this area is United States v. Matlock, 415 U.S. 164 (1974). In Matlock, the Supreme Court stated that one who has "common authority" over premises or effects may consent to a search even if an absent co-user objects. Id. at 171. According to the Court, the common authority that establishes the right of third-party consent requires
mutual use of the property by persons generally having joint access or control for most purposes, so that it is reasonable to recognize that any of the co-inhabitants has the right to permit the inspection in his own right and that the others have assumed the risk that one of their number might permit the common area to be searched.
Id. at 171 n.7.
Under the Matlock approach, a private third party may consent to a search of property under the third party's joint access or control. Agents may view what the third party may see without violating any reasonable expectation of privacy so long as they limit the search to the zone of the consenting third party's common authority. See United States v. Jacobsen, 466 U.S. 109, 119 (1984) (noting that the Fourth Amendment is not violated when a private third party invites the government to view the contents of a package under the third party's control). This rule often requires agents to inquire into third parties's rights of access before conducting a consent search, and to draw lines between those areas that fall within the third party's common authority and those areas outside of the third party's control. See United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (holding that a mother could consent to a general search of her 23-year-old son's room, but could not consent to a search of a locked footlocker found in the room). Because the joint access test does not require a unity of interests between the suspect and the third party, however, Matlock permits third-party consent even when the target of the search is present and refuses to consent to the search. See United States v. Sumlin, 567 F.2d 684, 687-88 (6th Cir. 1977) (holding that woman had authority to consent to search of apartment she shared with her boyfriend even though boyfriend refused consent).
Co-users of a computer will generally have the ability to consent to a search of its files under Matlock. See United States v. Smith, 27 F. Supp. 2d 1111, 1115-16 (C.D. Ill. 1998) (concluding that a woman could consent to a search of her boyfriend's computer located in their house, and noting that the boyfriend had not password-protected his files). However, when an individual protects her files with passwords and has not shared the passwords with others who also use the computer, the Fourth Circuit has held that the authority of those other users to consent to search of the computer will not extend to the password-protected files. See Trulock v. Freeh, 275 F.3d 391, 403-04 (4th Cir. 2001) (analogizing password-protected files to locked footlockers inside a bedroom, which the court had previously held to be outside the scope of common authority consent). Conversely, if the co-user has been given the password by the suspect, then she probably has the requisite common authority to consent to a search of the files under Matlock. See United States v. Murphy, 506 F.2d 529, 530 (9th Cir. 1974) (per curiam) (concluding that an employee could consent to a search of an employer's locked warehouse because the employee possessed the key, and finding "special significance" in the fact that the employer had himself delivered the key to the employee).
As a practical matter, agents may have little way of knowing the precise bounds of a third party's common authority when the agents obtain third-party consent to conduct a search. When queried, consenting third parties may falsely claim that they have common authority over property. In Illinois v. Rodriguez, 497 U.S. 177 (1990), the Supreme Court held that the Fourth Amendment does not automatically require suppression of evidence discovered during a consent search when it later comes to light that the third party who consented to the search lacked the authority to do so. See id. at 188-89. Instead, the Court held that agents can rely on a claim of authority to consent if based on "the facts available to the officer at the moment, . . . a man of reasonable caution . . . [would believe] that the consenting party had authority" to consent to a search of the premises. Id. (internal quotations omitted) (quoting Terry v. Ohio, 392 U.S. 1, 21-22 (1968)). When agents reasonably rely on apparent authority to consent, the resulting search does not violate the Fourth Amendment.
ii) Spouses and Domestic Partners
Most spousal consent searches are valid.
Absent an affirmative showing that the consenting spouse has no access to the property searched, the courts generally hold that either spouse may consent to search all of the couple's property. See, e.g., United States v. Duran, 957 F.2d 499, 504-05 (7th Cir. 1992) (concluding that wife could consent to search of barn she did not use because husband had not denied her the right to enter barn); United States v. Long, 524 F.2d 660, 661 (9th Cir. 1975) (holding that wife who had left her husband could consent to search of jointly-owned home even though husband had changed the locks). For example, in United States v. Smith, 27 F. Supp. 2d 1111 (C.D. Ill. 1998), a man named Smith was living with a woman named Ushman and her two daughters. When allegations of child molestation were raised against Smith, Ushman consented to the search of his computer, which was located in the house in an alcove connected to the master bedroom. Although Ushman used Smith's computer only rarely, the district court held that she could consent to the search of Smith's computer. Because Ushman was not prohibited from entering the alcove and Smith had not password-protected the computer, the court reasoned, she had authority to consent to the search. See id. at 1115-16. Even if she lacked actual authority to consent, the court added, she had apparent authority to consent. See id. at 1116 (citing Illinois v. Rodriguez).
iii) Parents
Parents can consent to searches of their children's rooms when the children are under 18 years old. If the children are 18 or older, the parents may or may not be able to consent, depending on the facts.
In some computer crime cases, the perpetrators are relatively young and reside with their parents. When the perpetrator is a minor, parental consent to search the perpetrator's property and living space will almost always be valid. See 3 W. LaFave,Search and Seizure: A Treatise on the Fourth Amendment § 8.4(b) at 283 (2d ed. 1987) (noting that courts have rejected "even rather extraordinary efforts by [minor] child[ren] to establish exclusive use.").
When the sons and daughters who reside with their parents are legal adults, however, the issue is more complicated. Under Matlock, it is clear that parents may consent to a search of common areas in the family home regardless of the perpetrator's age. See, e.g., United States v. Lavin, 1992 WL 373486, at *6 (S.D.N.Y. Nov. 30, 1992) (recognizing right of parents to consent to search of basement room where son kept his computer and files). When agents would like to search an adult child's room or other private areas, however, agents cannot assume that the adult's parents have authority to consent. Although courts have offered divergent approaches, they have paid particular attention to three factors: the suspect's age; whether the suspect pays rent; and whether the suspect has taken affirmative steps to deny his or her parents access to the suspect's room or private area. When suspects are older, pay rent, and/or deny access to parents, courts have generally held that parents may not consent. See United States v. Whitfield, 939 F.2d 1071, 1075 (D.C. Cir. 1991) (holding "cursory questioning" of suspect's mother insufficient to establish right to consent to search of 29-year-old son's room); United States v. Durham, 1998 WL 684241, at *4 (D. Kan. Sept. 11, 1998) (mother had neither apparent nor actual authority to consent to search of 24-year-old son's room, because son had changed the locks to the room without telling his mother, and son also paid rent for the room). In contrast, parents usually may consent if their adult children do not pay rent, are fairly young, and have taken no steps to deny their parents access to the space to be searched. See United States v. Rith, 164 F.3d 1323, 1331 (10th Cir. 1999) (suggesting that parents are presumed to have authority to consent to a search of their 18-year-old son's room because he did not pay rent); United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (mother could consent to police search of 23-year-old son's room when son did not pay rent).
iv) System Administrators
Every computer network is managed by a "system administrator" or "system operator" whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have "root level" access to the systems they administer, which effectively grants them master keys to open any account and read any file on their systems. When investigators suspect that a network account contains relevant evidence, they may feel inclined to seek the system administrator's consent to search the contents of that account.
As a practical matter, the primary barrier to searching a network account pursuant to a system administrator's consent is statutory, not constitutional. System administrators typically serve as agents of "provider[s] of electronic communication service" under the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. §§ 2701-2712. ECPA regulates law enforcement efforts to obtain the consent of a system administrator to search an individual's account. See 18 U.S.C. § 2702-2703. Accordingly, any attempt to obtain a system administrator's consent to search an account must comply with ECPA. Seegenerally Chapter 3, "The Electronic Communications Privacy Act," infra.
To the extent that ECPA authorizes system administrators to consent to searches, the resulting consent searches will in most cases comply with the Fourth Amendment. Most fundamentally, it may be that individuals retain no reasonable expectation of privacy in the remotely stored files and records that their network accounts contain. See generally Chapter I.B.3, supra. If an individual does not retain a constitutionally reasonable expectation of privacy in his remotely stored files, it will not matter whether the system administrator has the necessary joint control over the account needed to satisfy the Matlock test because a subsequent search will not violate the Fourth Amendment.
In the event that a court holds that an individual does possess a reasonable expectation of privacy in remotely stored account files, whether a system administrator's consent would satisfy Matlock would depend on the circumstances. Clearly, the system administrator's access to all network files does not by itself provide the common authority that triggers authority to consent. In the pre-Matlock case of Stoner v. California, 376 U.S. 483 (1964), the Supreme Court held that a hotel clerk lacked the authority to consent to the search of a hotel room. Although the clerk was permitted to enter the room to perform his duties, and the guest had left his room key with the clerk, the Court concluded that the clerk could not consent to the search. If the hotel guest's protection from unreasonable searches and seizures "were left to depend on the unfettered discretion of an employee of the hotel," Justice Stewart reasoned, it would "disappear." Id. at 490. See also Chapman v. United States, 365 U.S. 610 (1961) (holding that a landlord lacks authority to consent to search of premises used by tenant); United States v. Most, 876 F.2d 191, 199-200 (D.C. Cir. 1989) (holding that store clerk lacks authority to consent to search of packages left with clerk for safekeeping). To the extent that the access of a system operator to a network account is analogous to the access of a hotel clerk to a hotel room, the claim that a system operator may consent to a search of Fourth Amendment-protected files is weak. Cf. Barth, 26 F. Supp. 2d at 938 (holding that computer repairman's right to access files for limited purpose of repairing computer did not create authority to consent to government search through files).
Of course, the hotel clerk analogy may be inadequate in some circumstances. For example, an employee generally does not have the same relationship with the system administrator of his company's network as a customer of a private ISP such as AOL might have with the ISP's system administrator. The company may grant the system administrator of the company network full rights to access employee accounts for any work-related reason, and the employees may know that the system administrator has such access. In circumstances such as this, the system administrator would likely have sufficient common authority over the accounts to be able to consent to a search. See generally Note, Keeping Secrets in Cyberspace: Establishing Fourth Amendment Protection for Internet Communication, 110 Harv. L. Rev. 1591, 1602-03 (1997). See also United States v. Clarke, 2 F.3d 81, 85 (4th Cir. 1993) (holding that a drug courier hired to transport the defendant's locked toolbox containing drugs had common authority under Matlock to consent to a search of the toolbox stored in the courier's trunk). Further, in the case of a government network, the Fourth Amendment rules would likely differ dramatically from the rules that apply to private networks. See generally O'Connor v. Ortega, 480 U.S. 709 (1987) (explaining how the Fourth Amendment applies within government workplaces) (discussed infra).
Individuals often enter into agreements with the government in which they waive some of their Fourth Amendment rights. For example, prison guards may agree to be searched for drugs as a condition of employment, and visitors to government buildings may agree to a limited search of their person and property as a condition of entrance. Similarly, users of computer systems may waive their rights to privacy as a condition of using the systems. When individuals who have waived their rights are then searched and challenge the searches on Fourth Amendment grounds, courts typically focus on whether the waiver eliminated the individual's reasonable expectation of privacy against the search. See, e.g., American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Service, 871 F.2d 556, 56-61 (6th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in government lockers after signing waivers).
A few courts have approached the same problem from a slightly different direction and have asked whether the waiver established implied consent to the search. According to the doctrine of implied consent, consent to a search may be inferred from an individual's conduct. For example, in United States v. Ellis, 547 F.2d 863 (5th Cir. 1977), a civilian visiting a naval air station agreed to post a visitor's pass on the windshield of his car as a condition of bringing the car on the base. The pass stated that "[a]cceptance of this pass gives your consent to search this vehicle while entering, aboard, or leaving this station." Id. at 865 n.1. During the visitor's stay on the base, a station investigator who suspected that the visitor had stored marijuana in the car approached the visitor and asked him if he had read the pass. After the visitor admitted that he had, the investigator searched the car and found 20 plastic bags containing marijuana. The Fifth Circuit ruled that the warrantless search of the car was permissible, because the visitor had impliedly consented to the search when he knowingly and voluntarily entered the base with full knowledge of the terms of the visitor's pass. See id. at 866-67.
Ellis notwithstanding, it must be noted that several circuits have been critical of the implied consent doctrine in the Fourth Amendment context. Despite the Fifth Circuit's broad construction, other courts have proven reluctant to apply the doctrine absent evidence that the suspect actually knew of the search and voluntarily consented to it at the time the search occurred. See McGann v. Northeast Illinois Regional Commuter R.R. Corp., 8 F.3d 1174, 1180 (7th Cir. 1993) ("Courts confronted with claims of implied consent have been reluctant to uphold a warrantless search based simply on actions taken in the light of a posted notice."); Securities and Law Enforcement Employees, District Council 82 v. Carey, 737 F.2d 187, 202 n.23 (2d Cir. 1984) (rejecting argument that prison guards impliedly consented to search by accepting employment at prison where consent to search was a condition of employment). Absent such evidence, these courts have preferred to examine general waivers of Fourth Amendment rights solely under the reasonable-expectation-of-privacy test. See id.
2. Exigent Circumstances
Under the "exigent circumstances" exception to the warrant requirement, agents can search without a warrant if the circumstances "would cause a reasonable person to believe that entry . . . was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequence improperly frustrating legitimate law enforcement efforts." See United States v. McConney, 728 F.2d 1195, 1199 (9th Cir. 1984) (en banc). In determining whether exigent circumstances exist, agents should consider: (1) the degree of urgency involved, (2) the amount of time necessary to obtain a warrant, (3) whether the evidence is about to be removed or destroyed, (4) the possibility of danger at the site, (5) information indicating the possessors of the contraband know the police are on their trail, and (6) the ready destructibility of the contraband. See United States v. Reed, 935 F.2d 641, 642 (4th Cir. 1991).
Exigent circumstances often arise in computer cases because electronic data is perishable. Computer commands can destroy data in a matter of seconds, as can humidity, temperature, physical mutilation, or magnetic fields created, for example, by passing a strong magnet over a disk. For example, in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his computer memo book, and seized the computer immediately. The district court held that the agents did not need a warrant to seize the memo book because the defendant's acts had created exigent circumstances. See id. at 1392. Similarly, in United States v. Romero-Garcia, 991 F. Supp. 1223, 1225 (D. Or. 1997), aff'd on other grounds 168 F.3d 502 (9th Cir. 1999), a district court held that agents had properly accessed the information in an electronic pager in their possession because they had reasonably believed that it was necessary to prevent the destruction of evidence. The information stored in pagers is readily destroyed, the court noted: incoming messages can delete stored information, and batteries can die, erasing the information. Accordingly, the agents were justified in accessing the pager without first acquiring a warrant. See also United States v. Gorshkov, 2001 WL 1024026, at *4 (W.D. Wash. May 23, 2001) (concluding that circumstances justified download without a warrant of data from computer in Russia where probable cause existed that Russian computer contained evidence of crime, where good reason existed to fear that delay could lead to destruction of or loss of access to evidence, and where agent merely copied data and subsequently obtained search warrant); United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (in conducting search incident to arrest, agents were justified in retrieving numbers from pager because pager information is easily destroyed).
Of course, in computer cases, as in all others, the existence of exigent circumstances is absolutely tied to the facts. Compare Romero-Garcia, 911 F. Supp. at 1225 with David, 756 F. Supp at 1392 n.2 (dismissing as "lame" the government's argument that exigent circumstances supported search of a battery-operated computer because the agent did not know how much longer the computer's batteries would live) and United States v. Reyes, 922 F. Supp. 818, 835-36 (S.D.N.Y. 1996) (concluding that exigent circumstances could not justify search of a pager because the government agent unlawfully created the exigency by turning on the pager).
Importantly, the existence of exigent circumstances does not permit agents to search or seize beyond what is necessary to prevent the destruction of the evidence. When the exigency ends, the right to conduct warrantless searches does as well: the need to take certain steps to prevent the destruction of evidence does not authorize agents to take further steps without a warrant. See United States v. Doe, 61 F.3d 107, 110-11 (1st Cir. 1995). Accordingly, the seizure of computer hardware to prevent the destruction of information it contains will not ordinarily support a subsequent search of that information without a warrant. See David, 756 F. Supp. at 1392.
3. Plain View
Evidence of a crime may be seized without a warrant under the plain view exception to the warrant requirement. To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent. See Horton v. California, 496 U.S. 128 (1990). For example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine.
The plain view doctrine does not authorize agents to open and view the contents of a computer file that they are not otherwise authorized to open and review.
Importantly, the plain view exception cannot justify violations of an individual's reasonable expectation of privacy. The exception merely permits the seizure of evidence that an agent is already authorized to view in accordance with the Fourth Amendment. In computer cases, this means that the government cannot rely on the plain view exception to justify opening a closed computer file it is not otherwise authorized to view. (4) The contents of such a file that must be opened to be viewed are not in "plain view." See United States v. Maxwell, 45 M.J. 406, 422 (C.A.A.F. 1996). This rule accords with decisions applying the plain view exception to closed containers. See, e.g., United States v. Villarreal, 963 F.2d 770, 776 (5th Cir. 1992) (concluding that labels fixed to opaque 55-gallon drums do not expose the contents of the drums to plain view) ("[A] label on a container is not an invitation to search it. If the government seeks to learn more than the label reveals by opening the container, it generally must obtain a search warrant.").
As discussed above, see Chapter I.B.2., courts have reached differing conclusions over whether each individual file stored on a computer should be treated as a separate closed container, and this distinction has important ramifications for the scope of the plain view exception. United States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999), provides a cautionary example of the restrictive approach. In Carey, a police detective searching a hard drive with a warrant for drug trafficking evidence opened a "jpg" file and instead discovered child pornography. At that point, the detective spent five hours accessing and downloading several hundred "jpg" files in a search not for evidence of the narcotics trafficking that he was authorized to seek and gather pursuant to the original warrant, but for more child pornography. When the defendant moved to exclude the child pornography files on the ground that they were seized beyond the scope of the warrant, the government argued that the detective had seized the "jpg" files properly because the contents of the contraband files were in plain view. The Tenth Circuit rejected this argument with respect to all of the files except for the first "jpg" file the detective discovered. See id. at 1273, 1273 n.4. As best as can be discerned, the rule in Carey seems to be that the detective could seize the first "jpg" file that came into plain view when the detective was executing the search warrant, but could not rely on the plain view exception to justify the search solely for additional "jpg" files containing child pornography on the defendant's computers, evidence beyond the scope of the warrant. Cf. United States v.Walser, 275 F.3d 981, 986-87 (10th Cir. 2001) (finding no Fourth Amendment violation when officer with warrant to search for electronic records of drug transactions opened single computer file containing child pornography, suspended search, and then returned to magistrate for second warrant to search for child pornography).
In contrast to the Tenth Circuit's approach in Carey, the doctrine set forth by the Fifth Circuit in United States v. Runyan, 275 F.3d 449, 464-65 (5th Cir. 2001), and United States v. Slanina, 283 F.3d 670, 680 (5th Cir. 2002), suggests that plain view of a single file on a computer or storage device could provide a basis for a more extensive search. In those two cases, the court held that when a warrantless search of a portion of a computer or storage device had been proper, the defendant no longer retained any reasonable expectation of privacy in the remaining contents of the computer or storage device. See Slanina, 283 F.3d at 680; Runyan, 275 F.3d at 464-65. Thus, a more extensive search of the computer or storage device by law enforcement did not violate the Fourth Amendment. This rationale may also apply when a file has been placed in plain view.
4. Search Incident to a Lawful Arrest
Pursuant to a lawful arrest, agents may conduct a "full search" of the arrested person, and a more limited search of his surrounding area, without a warrant. See United States v. Robinson, 414 U.S. 218, 235 (1973); Chimel v. California, 395 U.S. 752, 762-63 (1969). For example, in Robinson, a police officer conducting a patdown search incident to an arrest for a traffic offense discovered a crumpled cigarette package in the suspect's left breast pocket. Not knowing what the package contained, the officer opened the package and discovered fourteen capsules of heroin. The Supreme Court held that the search of the package was permissible, even though the officer had no articulable reason to open the package. See id. at 234-35. In light of the general need to preserve evidence and prevent harm to the arresting officer, the Court reasoned, it was per se reasonable for an officer to conduct a "full search of the person" pursuant to a lawful arrest. Id. at 235.
Due to the increasing use of handheld and portable computers and other electronic storage devices, agents often encounter computers when conducting searches incident to lawful arrests. Suspects may be carrying pagers, cellular telephones, Personal Digital assistants (such as Palm Pilots), or even laptop computers when they are arrested. Does the search-incident-to-arrest exception permit an agent to access the memory of an electronic storage device found on the arrestee's person during a warrantless search incident to arrest? In the case of electronic pagers, the answer clearly is "yes." Relying on Robinson, courts have uniformly permitted agents to access electronic pagers carried by the arrested person at the time of arrest. See United States v. Reyes, 922 F. Supp. 818, 833 (S.D.N.Y. 1996) (holding that accessing numbers in a pager found in bag attached to defendant's wheelchair within twenty minutes of arrest falls within search-incident-to-arrest exception); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995); Yu v. United States, 1997 WL 423070, at *2 (S.D.N.Y. Jul. 29, 1997); United States v. Thomas, 114 F.3d 403, 404 n.2 (3d Cir. 1997) (dicta). See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (same holding, but relying on an exigency theory).
Courts have not yet addressed whether Robinson will permit warrantless searches of electronic storage devices that contain more information than pagers. In the paper world, certainly, cases have allowed extensive searches of written materials discovered incident to lawful arrests. For example, courts have uniformly held that agents may inspect the entire contents of a suspect's wallet found on his person. See, e.g., United States v. Castro, 596 F.2d 674, 676 (5th Cir. 1979); United States v. Molinaro, 877 F.2d 1341, 1347 (7th Cir. 1989) (citing cases). Similarly, one court has held that agents could photocopy the entire contents of an address book found on the defendant's person during the arrest, see United States v. Rodriguez, 995 F.2d 776, 778 (7th Cir. 1993), and others have permitted the search of a defendant's briefcase that was at his side at the time of arrest. See, e.g., United States v. Johnson, 846 F.2d 279, 283-84 (5th Cir. 1988); United States v. Lam Muk Chiu, 522 F.2d 330, 332 (2d Cir. 1975). If agents can examine the contents of wallets, address books, and briefcases without a warrant, it could be argued that they should be able to search their electronic counterparts (such as electronic organizers, floppy disks, and Palm Pilots) as well. Cf. United v. Tank, 200 F.3d 627, 632 (9th Cir. 2000) (holding that agents searching a car incident to a valid arrest properly seized a Zip disk found in the car, but failing to discuss whether the agents obtained a warrant before searching the disk for images of child pornography).
The limit on this argument
is that any search incident to an arrest must be reasonable. See
Swain v. Spinney, 117 F.3d 1,
6 (1st Cir. 1997). While a search of physical items found on the arrestee's
person may always be reasonable, more invasive searches in different circumstances
may violate the Fourth Amendment. See,
e.g. Mary Beth G. v. City of
Chicago, 723 F.2d 1263, 1269-71 (7th Cir. 1983) (holding that Robinson
does not permit strip searches incident to arrest because such searches are
not reasonable in context). For example, the increasing storage capacity of
handheld computers suggests that Robinson's
bright line rule may not always apply in the case of electronic searches. When
in doubt, agents should consider whether to obtain a search warrant before examining
the contents of electronic storage devices that might contain large amounts
of information.
5. Inventory Searches
Law enforcement officers
routinely inventory the items they have seized. Such "inventory searches" are
reasonable -- and therefore fall under an exception to the warrant requirement
-- when two conditions are met. First, the search must serve a legitimate, non-investigatory
purpose (e.g., to protect an owner's property while in custody; to insure against
claims of lost, stolen, or vandalized property; or to guard the police from
danger) that outweighs the intrusion on the individual's Fourth Amendment rights.
See Illinois
v. Lafayette, 462 U.S. 640, 644 (1983); South
Dakota v. Opperman, 428 U.S. 364, 369-70 (1976). Second, the search must
follow standardized procedures. See
Colorado v. Bertine, 479 U.S.
367, 374 n.6 (1987); Florida v. Wells,
495 U.S. 1, 4-5 (1990).
It is unlikely that the inventory-search exception to the warrant requirement would support a search through seized computer files. See United States v. O'Razvi, 1998 WL 405048, at *6-7 (S.D.N.Y. July 17, 1998) (noting the difficulties of applying the inventory-search requirements to computer disks); see also United States v. Flores, 122 F. Supp. 2d 491, 493-95 (S.D.N.Y. 2000) (finding search of cellular telephone "purely investigatory" and thus not lawful inventory search). Even assuming that standard procedures authorized such a search, the legitimate purposes served by inventory searches in the physical world do not translate well into the intangible realm. Information does not generally need to be reviewed to be protected, and does not pose a risk of physical danger. Although an owner could claim that his computer files were altered or deleted while in police custody, examining the contents of the files would offer little protection from tampering. Accordingly, agents will generally need to obtain a search warrant in order to examine seized computer files held in custody.
6. Border Searches
In order to protect the government's ability to monitor contraband and other property that may enter or exit the United States illegally, the Supreme Court has recognized a special exception to the warrant requirement for searches that occur at the border of the United States. According to the Court, "routine searches" at the border or its functional equivalent do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence. United States v. Montoya De Hernandez, 473 U.S. 531, 538 (1985). Searches that are especially intrusive, however, require at least reasonable suspicion. See id. at 541. These rules apply to people and property both entering and exiting the United States. See United States v. Oriakhi, 57 F.3d 1290, 1297 (4th Cir. 1995).
In at least one case, courts have addressed whether the border search exception permits a warrantless search of a computer disk for contraband computer files. In United States v. Roberts, 86 F. Supp. 2d 678 (S.D. Tex. 2000), aff'd on other grounds, 274 F.3d 1007 (5th Cir. 2001), United States Customs Agents learned that William Roberts, a suspect believed to be carrying computerized images of child pornography, was scheduled to fly from Houston, Texas to Paris, France on a particular day. On the day of the flight, the agents set up an inspection area in the jetway at the Houston airport with the sole purpose of searching Roberts. Roberts arrived at the inspection area and was told by the agents that they were searching for "currency" and "high technology or other data" that could not be exported legally. Id. at 681. After the agents searched Roberts' property and found a laptop computer and six Zip diskettes, Roberts agreed to sign a consent form permitting the agents to search his property. A subsequent search revealed several thousand images of child pornography. See id. at 682.
The district court rejected the defendant's motion to suppress the computer files, holding that the search of Roberts' luggage had been a "routine search" for which no suspicion was required, even though the justification for the search offered by the agents merely had been a pretext. See id. at 686, 688 (citing Whren v. United States, 517 U.S. 806 (1996)). The court also concluded that Roberts' consent justified the search of the laptop and diskettes, and indicated that even if Roberts had not consented to the search, "[t]he search of the defendant's computer and diskettes would have been a routine export search, valid under the Fourth Amendment." See Roberts, 98 F. Supp. 2d at 688. On appeal, the Fifth Circuit affirmed the district court's refusal to suppress the evidence on the grounds that the initial jetway search of Roberts was justified by reasonable suspicion that Roberts possessed child pornography, and that the subsequent search and seizure of computer equipment was justified by probable cause. See id. at 1017. The court did not reach the issue of whether the seizure of Roberts' computer equipment could be considered routine.
Importantly, agents and prosecutors should not interpret Roberts as permitting the interception of data transmitted electronically to and from the United States. Any real-time interception of electronically transmitted data in the United States must comply strictly with the requirements of Title III, 18 U.S.C. §§ 2510-2522, or the Pen/Trap statute, 18 U.S.C. §§ 3121-3127. See generally Chapter 4. Further, once electronically transferred data from outside the United States arrives at its destination within the United States, the government ordinarily cannot rely on the border search exception to search for and seize the data because the data is no longer at the border or its functional equivalent. Cf. Almeida-Sanchez v. United States, 413 U.S. 266, 273-74 (1973) (concluding that a search that occurred 25 miles from the United States border did not qualify for the border search exception, even though the search occurred on a highway known as a common route for illegal aliens, because it did not occur at the border or its functional equivalent).
7. International Issues
Increasingly, electronic evidence necessary to prevent, investigate, or prosecute a crime may be located outside the borders of the United States. This can occur for several reasons. Criminals can use the Internet to commit or facilitate crimes remotely, e.g., when Russian hackers steal money from a bank in New York, or when the kidnappers of an American deliver demands by e-mail for release of their captive. Communications also can be "laundered" through third countries, such as when a criminal in Brooklyn uses the Internet to pass a communication through Tokyo, Tel Aviv, and Johannesburg, before it reaches its intended recipient in Manhattan - much the way monies can be laundered through banks in different countries in order to hide their source. In addition, provider architecture may route or store communications in the country where the provider is based, regardless of the location of its users.
When United States authorities investigating a crime believe electronic evidence is stored by an Internet service provider or on a computer located abroad (in "Country A"), U.S. law enforcement usually must seek assistance from law enforcement authorities in Country A. Since, in general, law enforcement officers exercise their functions in the territory of another country with the consent of that country, U.S. law enforcement should only make direct contact with an ISP located in Country A with (1) prior permission of the foreign government; (2) approval of DOJ's Office of International Affairs ("OIA") (which would know of particular sensitivities and/or accepted practices); or (3) other clear indicia that such practice would not be objectionable in Country A. (There is general agreement that access to publicly available materials in Country A, such as those posted to a public Web site, and access to materials in Country A with the consent of the owner/custodian of those materials, are permissible without prior consultations.)
Under certain circumstances, foreign law enforcement authorities may be able to share evidence informally with U.S. counterparts. However, finding the appropriate official in Country A with which to explore such cooperation is an inexact science, at best. Possible avenues for entree to foreign law enforcement are: (1) the designated expert who participates in the G8's network of international high-tech crime points of contact (discussed below); (2) law enforcement contacts maintained by OIA; (3) representatives of U.S. law enforcement agencies who are stationed at the relevant American Embassy (e.g., FBI Legal Attaches, or "LegAtts," and agents from the U.S. Secret Service and U.S. Customs Service); and (4) the Regional Security Officer (from the Diplomatic Security Service) at the American Embassy (who may have good in-country law enforcement contacts). OIA can be reached at 202-514-0000.
Where Country A cannot otherwise provide informal assistance, requests for evidence usually will be made under existing Mutual Legal Assistance Treaties (MLATs) or Mutual Legal Assistance Agreements, or through the Letters Rogatory process. See 28 U.S.C. § 1781-1782. These official requests for assistance are made by OIA to the designated "Central Authority" of Country A or, in the absence of an MLAT, to other appropriate authorities. (Central Authorities are usually located within the Justice Ministry, or other Ministry or office in Country A that has law enforcement authority.) OIA has attorneys responsible for every country and region of the world. Since official requests of this nature require specified documents and procedures, and can take some time to produce results, law enforcement should contact OIA as soon as a request for international legal assistance becomes a possibility.
When U.S. law enforcement has reason to believe that electronic evidence exists on a computer or computer network located abroad, and expects a delay before that evidence is secured in Country A, a request to foreign law enforcement for preservation of the evidence should be made as soon as possible. Such request, similar to a request under 18 U.S.C. § 2703(f) to a U.S. provider (see Chapter 3.G.1, p. 101), will have varying degrees of success based on several factors, most notably whether Country A has a data preservation law, and whether the U.S. has sufficient law enforcement contacts in Country A to ensure prompt execution of the request. The Council of Europe Cybercrime Convention, completed in 2001, obligates all signatories to have the ability to affect cross-border preservation requests, and the availability of this critical form of assistance therefore is expected to increase greatly in the near future.
To secure preservation, or in emergencies when immediate international assistance is required, the international Network of 24-hour Points of Contact established by the High-tech Crime Subgroup of the G8 countries can provide assistance. This network, created in 1997, is comprised of approximately twenty-eight member countries, and continues to grow every year. (5) Participating countries have a dedicated computer crime expert and a means to contact that office or person twenty-four hours a day. See generally Michael A. Sussmann, The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium, 9 Duke J. Comp. & Int'l L. 451, 484 (1999). CCIPS is the point of contact for the United States and can be contacted at 202-514-1026 during regular business hours or at other times through the Department of Justice Command Center at 202-514-5000. The Council of Europe's Cybercrime Convention obligates all signatory countries to have a 24-hour point of contact for cybercrime cases, and international 24-hour response capabilities are therefore expected to continue to increase. In addition, CCIPS has high-tech law enforcement contacts in many countries that are not a part of the G8's network or the Council of Europe; agents and prosecutors should call CCIPS for assistance.
In the event that United States law enforcement inadvertently accesses a computer located in another country, CCIPS, OIA, or another appropriate authority should be consulted immediately, as issues such as sovereignty and comity may be implicated. Likewise, if exigencies such as terrorist threats raise the possibility of direct access of a computer located abroad by United States law enforcement, appropriate U.S. authorities should be consulted immediately.
Searching, seizing,
or otherwise obtaining electronic evidence located outside of the United States
can raise difficult questions of both law and policy. For example, the Fourth
Amendment may apply under certain circumstances, but not under others. See
generally, United
States v. Verdugo-Urquidez, 494 U.S. 259 (1990) (considering the extent
to which the Fourth Amendment applies to searches outside of the United States).
This manual does not attempt to provide detailed guidance on how to resolve
difficult international issues that may arise in cases involving electronic
evidence located beyond our borders. Investigators and prosecutors should contact
CCIPS or OIA for assistance in particular cases.
D. Special Case: Workplace Searches
Warrantless workplace searches occur often in computer cases and raise unusually complicated legal issues. The starting place for such analysis is the Supreme Court's complex decision in O'Connor v. Ortega, 480 U.S. 709 (1987). Under O'Connor, the legality of warrantless workplace searches depends on often-subtle factual distinctions such as whether the workplace is public sector or private sector, whether employment policies exist that authorize a search, and whether the search is work-related.
Every warrantless workplace search must be evaluated carefully on its facts. In general, however, law enforcement officers can conduct a warrantless search of private (i.e., non-government) workplaces only if the officers obtain the consent of either the employer or another employee with common authority over the area searched. In public (i.e., government) workplaces, officers cannot rely on an employer's consent, but can conduct searches if written employment policies or office practices establish that the government employees targeted by the search cannot reasonably expect privacy in their workspace. Further, government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees' reasonable expectation of privacy.
One cautionary note is in order here. This discussion e