Computer Crime and Intellectual Property Section (CCIPS)

Searching and seizing computers raises unique issues for law enforcement personnel. Before addressing these issues, however, it is important to have a basic understanding of key terms and fundamental concepts that will influence the government's search and seizure decisions. This section describes these central terms and concepts. A more complete glossary can be found at APPENDIX B, p. 132.

A. DEFINITIONS

When people speak of searching or seizing computers, they usually are not referring only to the CPU (Central Processing Unit). After all, a computer is useless without the devices that allow for input (e.g., a keyboard or mouse) and output (e.g., a monitor or printer) of information. These devices, known as "peripherals," [1] are an integral part of any "computer system."

Failure to more specifically define the term "computer" may cause misunderstandings. Having probable cause to seize a "computer" does not necessarily mean there is probable cause to seize the attached printer. Therefore, we need to be clear about our terms.

Hardware -- "The physical components or equipment that make up a computer system. . . ." Webster's Dictionary of Computer Terms 170 (3d ed. 1988). Examples include keyboards, monitors, and printers.

1. Software -- "The programs or instructions that tell a computer what to do." Id. at 350. This includes system programs which control the internal operation of the computer system (such as Microsoft's Disk Operating System, "MS-DOS," that controls IBM-compatible PCs) and applications programs which enable the computer to produce useful work (e.g., a word processing program such as WordPerfect).
2. Data -- "A formalized representation of facts or concepts suitable for communication, interpretation, or processing by people or by automatic means." Id. at 84. Data is often used to refer to the information stored in the computer.
3. Documentation -- Documents that describe technical specifications of hardware components and/or software applications and how to use them.
4. Input/Output (I/O) Device -- A piece of equipment which sends data to, or receives data from, a computer. Keyboards, monitors, and printers are all common I/O devices.
5. Network -- "A system of interconnected computer systems and terminals." Id. at 253.
6. System Administrator (or System Operator, "sysop") -- The individual responsible for assuring that the computer system is functioning properly. He is often responsible for computer security as well.

For search and seizure purposes, unless the text specifically indicates otherwise, the term "computer" refers to the box that houses the CPU, along with any internal storage devices (such as internal hard drives) and internal communications devices (such as an internal modem or fax card). Thus, "computer" refers to the hardware, software, and data contained in the main unit. Printers, external modems (attached by cable to the main unit), monitors, and other external attachments will be referred to collectively as "peripherals" and discussed individually where appropriate. When we are referring to both the computer and all attached peripherals as one huge package, we will use the term "computer system." "Information" refers to all the information on a computer system, including both software applications and data.

It is important to remember that computer systems can be configured in an unlimited number of ways with assorted input and output devices. In some cases, a specific device may have particular evidentiary value (e.g., if the case involves a bookie who prints betting slips, the printer may constitute valuable evidence); in others, it may be the information stored in the computer that may be important. In either event, the warrant must describe, with particularity, what agents should search for and seize.

Table of Contents - Main Federal Guidelines

Supplement - Definitions

B. LIST OF COMPUTER SYSTEM COMPONENTS

The following is an abridged list of hardware components which may play a role in a criminal offense and, therefore, be subject to search and seizure under warrant. For a more extensive list, see the "GLOSSARY" at APPENDIX B, p. 132. It is important to remember that electronic components are constantly changing, both in nature and in number, and no list can be comprehensive.

  Device Name           Description




  
  CPU:              The central processing unit.
  
  Hard Disk         A storage device based on a fixed, permanently-mounted
    Drive:          disk drive.  It may be either internal or external.  
                    Both applications and data may be stored on the disk.
                   
  Floppy Disk       A drive that reads from or writes to floppy
    Drive:          diskettes.  Information is stored on the diskettes 
                    themselves, not on the drive.
                   
  Mouse:            A pointing device that controls input.  Normally,
                    the user points to an object on the screen and then 
                    presses a button on the mouse to indicate her selection.
                   
  Modem:            A device allowing the computer to communicate with
                    another computer, normally over standard telephone 
                    lines.  Modems may be either external or internal.
                   
  Fax Peripheral:   A device, normally inserted as an internal
                    card, that allows the computer to function as a fax 
                    machine.
                   
  CD ROM:           CD ROM stands for Compact Disk Read-Only Memory.
                    CD ROMs store and read massive amounts of information 
                    on a removable disk platter.  Unlike hard drives and 
                    diskettes, CD ROMs are read-only and data cannot be 
                    written to the platter.
                   
  Laser Disk:       Similar to a CD ROM drive but uses lasers to
                    read and write information.
                   
  Scanner:          Any optical device which can recognize characters
                    on paper and, using specialized software, convert 
                    them into digital form.
                   
  Printer:          A number of technologies exist, using various 
                    techniques.  The most common types of computer 
                    printers are:
  
               1. Dot matrix - characters and graphics are created by
                  pins hitting the ribbon and paper;
  
               2. Laser - electrostatically charges the printed page
                  and applies toner;
  
               3. Ink jet - injects (sprays) ink onto the paper;
  
               4. Thermal - a hot printer head contacts special paper
                  that reacts to heat;
  
               5. Band - a rotating metal band is impacted as it spins;
  
               6. Daisy wheel - a small print wheel containing the form
                  of each character rotates and hits the paper, character 
                  by character;
  
               7. Plotter - moves ink pens over the paper surface, typically
                  used for large engineering and architectural drawings.
  

Table of Contents - Main Federal Guidelines

C. DETERMINING THE COMPUTER'S ROLE IN THE OFFENSE

Before preparing a warrant to seize all or part of a computer system and the information it contains, it is critical to determine the computer's role in the offense. First, the computer system may be a tool of the offense. This occurs when the computer system is actively used by a defendant to commit the offense. For example, a counterfeiter might use his computer, scanner, and color printer to scan U.S. currency and then print money. Second, the computer system may be incidental to the offense, but a repository of evidence. For example, a drug dealer may store records pertaining to customers, prices, and quantities delivered on a personal computer, or a blackmailer may type and store threatening letters in his computer.

In each case, the role of the computer differs. It may constitute "the smoking gun" (i.e., be an instrumentality of the offense), or it may be nothing more than an electronic filing cabinet (i.e., a storage device). In some cases, the computer may serve both functions at once. Hackers, for example, often use their computers both to attack other computer systems and to store stolen files. In this case, the hacker's computer is both a tool and storage device. Whatever the computer's role in each case, prosecutors must consider this and tailor warrants accordingly.

By understanding the role that the computer has played in the offense, it is possible to focus on certain key questions:

Is there probable cause to seize hardware?

Is there probable cause to seize software?

Is there probable cause to seize data?

Where will this search be conducted? Is it practical to search the computer system on site, or must the examination be conducted at a field office or laboratory?

If agents remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized data, to its owner/user before trial?

Considering the incredible storage capacities of computers, how will agents search this data in an efficient, timely manner?

Before addressing these questions, it is important to recognize that general Fourth Amendment principles apply to computer searches, and traditional law enforcement techniques may provide significant evidence of criminal activity, even in computer crime cases. Therefore, we begin with a brief overview of the Fourth Amendment.

Go to . . . Table of Contents - Main Guidelines

CCIPS || Home Page

[1] Peripheral equipment means "[t]he input/output units and auxiliary storage units of a computer system, attached by cables to the central processing unit." Webster's Dictionary of Computer Terms 279 (3d ed. 1988). [Back]