Computer Crime and Intellectual Property Section (CCIPS) |
Computer Crime and Intellectual Property Section (CCIPS) |
A. SEARCH WARRANTS
There is, of course, "a strong preference for warrants," and courts will scrutinize a warrantless search. Indeed, a warrant can save a search where probable cause is doubtful or marginal. Most searches of computer systems will be pursuant to warrant, but the recognized exceptions to the warrant requirement apply equally to the search and seizure of computers.
Table of Contents - Main Guidelines
Supplement - General Principles
B. PLAIN VIEW
Evidence of a crime may be seized without a warrant under the plain view exception to the warrant requirement. To rely on this exception, the officer must be in a lawful position to observe the evidence, and its incriminating character must be immediately apparent. See Horton v. California, 496 U.S. 128 (1990). For example, if agents with a warrant to search a computer for evidence of narcotics trafficking find a long list of access codes taped to the computer monitor, the list should also be seized.
Table of Contents - MainGuidelines
Supplement - Plain View
C. EXIGENT CIRCUMSTANCES
"When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity." United States v. David, 756 F. Supp. 1385, 1392 (D. Nev. 1991). [2] If a target's screen is displaying evidence which agents reasonably believe to be in danger, the "exigent circumstances" doctrine would justify downloading the information before obtaining a warrant. For example, agents may know that the incriminating data is not actually stored on the suspect's machine, but is only temporarily on line from a second network storage site in another building, city, or district. Thus, even if the agents could secure the target's computer in front of them, someone could still electronically damage or destroy the data--either from the second computer where it is stored or from a third, unknown site. Of course, when agents know they must search and seize data from two or more computers on a wide-area network, they should, if possible, simultaneously execute separate search warrants. (See "Describing the Place to be Searched," infra p. 87.) But sometimes that is not possible, and agents must then analyze the particular situation to decide whether the "exigent circumstances" exception applies. In computer network cases, as in all others, the answer is absolutely tied to the facts.
In determining whether exigent circumstances exist, agents should consider: (1) the degree of urgency involved, (2) the amount of time necessary to obtain a warrant, (3) whether the evidence is about to be removed or destroyed, (4) the possibility of danger at the site, (5) information indicating the possessors of the contraband know the police are on their trail, and (6) the ready destructibility of the contraband. United States v. Reed, 935 F.2d 641, 642 (4th Cir.), cert. denied, 112 S. Ct. 423 (1991).
Under the "exigent circumstances" exception to the warrant requirement, agents can search without a warrant if the circumstances would cause a reasonable person to believe it to be necessary. The Supreme Court has upheld warrantless entries and searches when police officers reasonably believe that someone inside needs "immediate aid," Mincey v. Arizona, 437 U.S. 385, 392-93 (1978), or to prevent the destruction of relevant evidence, the escape of a suspect, or the frustration of some other legitimate law enforcement objective. United States v. Arias, 923 F.2d 1387 (9th Cir.), cert. denied, 112 S. Ct. 130 (1991). The officer's fears need not be correct so long as they are reasonable. See United States v. Reed, supra (proper inquiry is what objective officer could reasonably believe).
Recognizing the strong preference for warrants, courts have suppressed evidence where the officers had time to get a warrant but failed to do so. United States v. Houle, 603 F.2d 1297 (8th Cir. 1979). Some courts have even ruled that exigent circumstances did not exist if the law enforcement officers had time to obtain a warrant by telephone. United States v. Patino, 830 F.2d 1413, 1416 (7th Cir. 1987) (warrantless search not justified when officer had adequate opportunity to obtain telephone warrant during 30-minute wait for backup assistance; not permissible for agents to wait for exigency and then exploit it), cert. denied, 490 U.S. 1069 (1989).
Additionally, while exigencies may justify the seizure of hardware (i.e., the storage device), this does not necessarily mean that they support a warrantless search. In United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), the court held that although the agent was correct to seize the defendant's computer memo book without a warrant (because the agent saw him deleting files), the agent should have gotten a search warrant before re-accessing and searching the book. The court held the exigencies allowed the agent to take the computer memo book but, once taken, there was time to get a warrant to look inside. Therefore, the seized evidence had to be suppressed. Id. at 1392.
This holding is, of course, analogous to cases which address other kinds of containers. In the David case, the computer book itself was not contraband, instrumentality, fruit, or evidence of crime. It was, instead, a small file cabinet, a locked box, a container of data. The agent was not interested in the hardware but in the information inside. As the cases make clear, authority to seize a container does not necessarily authorize a warrantless search of the container's contents. See Texas v. Brown, 460 U.S. 730, 750 (1983)(Stevens, J., concurring)(plain view justified seizure of party balloon but additional justification was required to open balloon without warrant). Courts have suppressed warrantless searches when the defendant still had a reasonable expectation of privacy in the contents of the container. See United States v. Turk, 526 F.2d 654 (5th Cir.)(although seizure of tape was proper, playing taped conversation of private telephone communication was not), cert. denied, 429 U.S. 823 (1976); Blair v. United States, 665 F.2d 500 (4th Cir. 1981).
Agents must always remember, however, that electronic data is perishable. Humidity, temperature, vibrations, physical mutilation, magnetic fields created by passing a strong magnet over a disk, or computer commands (such as "erase *.*" or "format") can destroy data in a matter of seconds. Thus, the exigent circumstances doctrine may justify a warrantless seizure in appropriate cases.
Table of Contents - Main Federal Guidelines
D. BORDER SEARCHES
The law recognizes a limited exception to the Fourth Amendment's probable cause requirement at the nation's borders. Officials may search people and property without a warrant and without probable cause as a condition of crossing the border or its "functional equivalent." United States v. Ramsey, 431 U.S. 606 (1977), cert. denied, 434 U.S. 1062 (1978). Both incoming international baggage (United States v. Scheer, 600 F.2d 5 (3d Cir. 1979) and incoming international mail at the border are subject to search without a warrant to determine whether they contain items which may not lawfully be brought into the country. Border searches or international mail searches of diskettes, tapes, computer hard drives (such as laptops carried by international travelers), or other media should fall under the same rules which apply to incoming persons, documents, and international mail.
On the other hand, the border search exception to the warrant requirement probably will not apply to data transmitted electronically (or by other non-physical methods) into the United States from other countries. For example, if an individual in the U.S. downloads child pornography from a foreign BBS, a warrantless search of his home computer could not be supported by the border search exception. In such cases, it is difficult to find a "border" or its functional equivalent as data travels over international telephone lines or satellite links. What seems clear, however, is that once data has been received by a computer within the United States, that data resides in the country and has passed beyond the border or its functional equivalent. Because the justification for the border search exception is grounded on the sovereign's power to exclude illegal articles from the country, that exception no longer applies once such articles (in this case electronic data) have come into the country undetected.
Table of Contents - Main Federal Guidelines
E. CONSENT SEARCHES
Agents may search a place or object without a warrant or, for that matter, without probable cause, if a person with authority has consented. Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973). This consent may be explicit or implicit. United States v. Milan-Rodriguez, 759 F.2d 1558, 1563-64 (11th Cir.)(telling police where to find a key constitutes implicit consent to a search of the locked area), cert. denied, 474 U.S. 845 (1985), and cert. denied, 486 U.S. 1054 (1988).
Whether consent was voluntarily given is a question of fact which the court will decide. United States v. Scott, 578 F.2d 1186, 1189 (6th Cir.), cert. denied, 439 U.S. 870 (1978). The burden is on the government to prove that the consent was voluntary, United States v. Price, 599 F.2d 494, 503 (2nd Cir. 1979), and, in making its decision, the court will consider all the facts surrounding the consent. Schneckloth, supra, at 226-7; United States v. Mendenhall, 446 U.S. 544, 557-8 (1980). See generally United States v. Caballos, 812 F.2d 42 (2d Cir. 1987). While no single aspect controls the result, the Supreme Court has identified the following important factors: the age of the person giving consent; the person's education, intelligence, mental and physical condition; whether the person was under arrest; and whether he had been advised of his right to refuse consent. Schneckloth, supra, at 226.
In computer crime cases, several consent issues are likely to arise. First, did the scope of the search exceed the consent given? For example, what if a target consents to a search of his machine, but the data is encrypted? Does his consent authorize breaking the encryption scheme? Second, who is the proper party to consent to a search? Does a system administrator have the authority to consent to a search of a file server containing the files of all the system users?
Table of Contents - Main Federal Guidelines
Supplement - Consent Searches
1. Scope of the Consent
A person who consents to a search may explicitly limit this consent to a certain area. United States v. Griffin, 530 F.2d 739, 744 (7th Cir. 1976). When the limits of the consent are clearly given, either at the time of the search or even afterwards, agents must respect their bounds. In Vaughn v. Baldwin, 950 F.2d 331 (6th Cir. 1991), the plaintiff dentist had voluntarily turned over records to the IRS. The IRS agent kept the records for months and refused several informal requests for their return. Plaintiff then formally, in writing, revoked his consent to the IRS, which still kept the records to make copies. Finally, plaintiff sued and the IRS returned the originals but kept the copies. The court found that the IRS had violated the Fourth Amendment. Although the IRS was entitled to copy the records while they lawfully had them, they could not keep the records once plaintiff revoked his consent. Moreover, considering the long period of time that the IRS held the documents, the court rejected the argument that once the plaintiff demanded return of his documents the government should be entitled to retain them for a reasonable period for copying.
Consent may also be limited implicitly. In United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), the court held that while the defendant had consented, pursuant to a cooperation agreement, to share some of the information contained in his hand-held computer memo book, his attempt to prevent agents from seeing the file password constituted a limit on his consent. Although the agent did nothing wrong by leaning over defendant's shoulder to watch him enter the password, the government clearly exceeded the implicit limits of David's consent when agents used the password to read the whole computer book without David's permission. For a more extensive discussion of encryption issues, see, infra p. 52.
Table of Contents - Main Federal Guidelines
2. Third-Party Consent
a. General Rules
It is not uncommon for several people to use or own the target computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as that person has authority over the computer. In these cases, all users have assumed the risk that a co-user might not just discover everything in the computer but might also permit law enforcement to discover the "common area" as well.
In United States v. Matlock, 415 U.S. 164 (1974), the Supreme Court stated that one who has common authority over premises or effects may consent to a search even if the absent co-user objects. In an important footnote, the Court said that "common authority" is not a property law concept but
rests rather on mutual use of the property by persons generally having joint access or control for most purposes, so that it is reasonable to recognize that any of the co-inhabitants has the right to permit the inspection in his own right and that the others have assumed the risk that one of their number might permit the common area to be searched.
Id. at 171 n.7.
Extending this analysis, a third party with common authority may consent even if he is antagonistic toward the defendant. One could even argue that sharing access to a common premises with an unsympathetic person would objectively increase the risk of disclosure, and thus reasonable expectations of privacy actually diminish. This is especially true where the consenting individual agrees to a search of common premises to exculpate himself from the defendant's criminal activity. See 3 W. LaFave, Search and Seizure: A Treatise on the Fourth Amendment § 8.3(b) at 244-45 (2d ed. 1987). See also United States v. Long, 524 F.2d 660 (9th Cir. 1975)(wife in fear of her husband could still consent to a search of the jointly owned house even though she had moved out and he had changed the locks).
Where two or more people enjoy equal property rights over a place, they may still have exclusive, private zones within the shared premises. Housemates with separate bedrooms, spouses with private areas or containers, and housemates with separate directories on a shared computer may reasonably expect to own that space alone. But when do these individual expectations overcome another's common authority over premises or property? Although there is no bright line test, courts will generally regard a defendant's claims of exclusive control in this situation with some skepticism. See Frazier v. Cupp, 394 U.S. 731, 740 (1969).
Even so, courts may honor claims to privacy where the defendant has taken some special steps to protect his personal effects from the scrutiny of others, and others lack ready access. 3 W. LaFave, supra § 8.3(f), at 259-60. In United States v. Block, 590 F.2d 535 (4th Cir. 1978), the Fourth Circuit held that a mother's authority to permit police officers to inspect her 23-year-old son's room did not include his locked footlocker in the room. The court stated that the authority to consent to search
cannot be thought automatically to extend to the interiors of every discrete enclosed space capable of search within the area. . . . Common experience . . .teaches all of us that the law's "enclosed spaces"--mankind's valises, suitcases, footlockers, strong boxes, etc.--are frequently the objects of his highest privacy expectations, and that the expectations may well be at their most intense when such effects are deposited temporarily or kept semi-permanently in public places or in places under the general control of another.
Id. at 541.
In a footnote, however, the Block court noted that not every "enclosed space" within a room is exempt from the reach of the authorized search area. A rule of reason applies, one that considers the circumstances "indicating the presence or absence of a discrete expectation of privacy with respect to a particular object: whether it is secured, whether it is commonly used for preserving privacy, etc." Id. at n.8. Cf. United States v. Sealey, 830 F.2d 1028, 1031 (9th Cir. 1987)(spousal consent valid because sealed containers were not marked in any way that would indicate defendant's sole ownership). Thus, creating a separate personal directory on a computer may not sufficiently mark it as exclusive, but protecting that separate directory with a secret password may "lock the container." In that event, if law enforcement analysts search the directory by breaking the password (because the co-user who consented to the search did not know that password), a court would probably suppress the result.
Matlock did not address whether a consent search is valid when police have reasonably, but mistakenly, relied upon the consent of someone who appeared to have common authority over the premises, but in fact did not. In Illinois v. Rodriguez, 497 U.S. 177 (1990), however, the Supreme Court held that a consent search is valid when police are reasonable in thinking they have been given authorized consent. The Court cautioned, however, that police cannot simply rely upon someone at the scene who claims to have authority if the surrounding circumstances indicate otherwise. If such authority is unclear, the police are obligated to ask more questions. Determining who has power to consent is an objective exercise, the Court stated, and the test is whether the facts available to the police officer at the moment would warrant a person of reasonable caution to believe that the consenting party had authority over the premises. Id. at 2801.
Table of Contents - Main Federal Guidelines
Supplement - Third Party Consent
b. Spouses
Under the Matlock "common authority" approach, most spousal consent searches are valid. Although spouses who create exclusive areas may preclude their partners from consenting to a search, that circumstance will be unusual. Indeed, spouses do not establish "exclusive use" just by being the only one who uses the area; there must be a showing that the consenting spouse was denied access. 3 W. LaFave, supra p. 11, § 8.4(a), at 278. In United States v. Duran, 957 F.2d 499, 504-5 (7th Cir. 1992), for example, the defendant and his wife lived on a farm with several outbuildings. The wife consented to the search of a building which she believed defendant used as a private gym, but the police found marijuana plants inside. The court emphasized the presumption that the entire marital premises are jointly held and controlled by the partners, and said this presumption can be overcome only by showing that the consenting spouse was actually denied access to the area in question.
With spouses, as with roommates, the Rodriguez "reasonable belief" rule (supra p. 15) allows investigating agents to draw reasonable conclusions, based upon the situation they encounter, about who has authority to consent. In the absence of objective evidence to the contrary, agents will be reasonable in presuming that spouses have authority to consent to a search of anything on the marital property. Illinois v. Rodriguez, supra.
Table of Contents - Main Federal Guidelines
c. Parents
In some recent computer crime cases the perpetrators have been relatively young and, even if no longer legally minors, have resided with their parents. Under the Matlock rationale, it is clear that parents may consent to a search of common areas in the family home. Additionally, with regard to minor children, the courts have found parents to hold superior rights in the home and "even rather extraordinary efforts by the child to establish exclusive use may not be effective to undermine the parents' authority over their home, including rooms occupied by the child." 3 W. LaFave, supra p. 14, § 8.4(b), at 283. Therefore, if parents consent to a search and seizure of floppy disks or passwords locked in the minor child's room, that consent should be upheld.
The issue becomes more complicated, however, when the sons and daughters who reside with their parents are adults. In these situations, courts may reach the opposite result when, as a practical matter, the adult child has established an exclusive area in the home that the parents have respected. Id. at 285. See discussion of United States v. Block, supra p. 14.
Table of Contents - Main Federal Guidelines
d. Employers
Employers may be either public (i.e., government) or private. The distinction is important because government employers, unlike private employers, are bound by the Fourth Amendment. In construing the reach of the Fourth Amendment into the workplace, the Supreme Court has held that government employers may search employee offices, without either a warrant or the consent of the employee, when the search is administrative in nature; that is, it is work-related (e.g., the supervisor needs to find a case file) or involves work-related misconduct. O'Connor v. Ortega, 480 U.S. 709 (1987).
The Court found that government employees can have a reasonable expectation of privacy even though the physical area is owned by the government. Id. at 717 (specifically rejecting a contention made by the Solicitor General that public employees can never have a reasonable expectation of privacy in their place of work). The realities of the workplace, however, suggest that an employee's expectation of privacy must be reduced to the degree that fellow employees, supervisors, subordinates, guests, and even the general public may have access to that individual's work space. Recognizing that government agencies could not function properly if supervisors had to establish probable cause and obtain a warrant whenever they needed to look for a file in an employee's office, the Supreme Court held that two kinds of searches are exempt. Specifically, both (1) a non-investigatory, work-related intrusion and (2) an investigatory search for evidence of suspected work-related employee misfeasance are permissible without a warrant and should be judged by the standard of reasonableness. Id. at 725-6.
Even so, the Court made clear that "[n]ot everything that passes through the confines of the business address can be considered part of the workplace context. . . ." Id. at 717. For example, the contents of an employee's purse, briefcase, or closed luggage do not lose their private character just because the employee has brought them to work. Thus, while the circumstances may permit a supervisor to search in an employee's desk for a work-related file, the supervisor usually will have to stop at the employee's gym bag or briefcase. This analysis may have interesting implications for "containers" like floppy disks, which certainly may be either work-related or private, depending on the circumstances. It will probably be reasonable for employers to assume that floppy disks found at an office are part of the workplace, but there may be cases where a court will treat a floppy disk as if it were a personal container of private items.
Of course, there may be some government agencies where employees do consent (either expressly or tacitly) to searches of even private parcels because of the nature of the job. For example, employees with security clearances who work with classified material may expect that their purses, briefcases, and other bags may be inspected under certain circumstances. The factual variations on this "reasonable expectation" theme are endless, and are tied absolutely to the details of each case.
The O'Connor Court did not address the appropriate standard to be applied when a government employee is being investigated for criminal misconduct or breaches of other non-work-related statutory or regulatory standards. Id. at 729. In a case involving employee drug testing, at least one court has noted, in dicta, that "[t]he government may not take advantage of any arguably relaxed 'employer' standard for warrantless searches. . .when its true purpose is to obtain evidence of criminal activity without complying with the more stringent standards that normally protect citizens against unreasonably intrusive evidence-gathering." National Federation of Federal Employees v. Weinberger, 818 F.2d 935, 943 n.12 (D.C. Cir. 1987). Therefore, it would appear that whenever law enforcement is conducting an evidence-gathering search, even if the search is to take place at a government office, agents must either obtain a warrant or fall within some generally recognized exception to the warrant requirement. Appropriate consent from a third party is, of course, one of those exceptions.
Generally speaking, an employer (government or private) may consent to a search of an employee's computer and peripherals if the employer has common authority over them. Agents and prosecutors must consider whether, under the facts, the employee would expect privacy in those items and whether that expectation would be objectively reasonable. Relevant factors include whether (1) the area/item to be searched has been set aside for the employee's exclusive or personal use (e.g., does the employee have the only key to the computer or do others have access to the data); (2) the employee has been given permission to store personal information on the system or in the area to be searched; (3) the employee has been advised that the system may be accessed or looked at by others; (4) there have been past inspections of the area/item and this fact is known to the employee; and (5) there is an employment policy that searches of the work area may be conducted at any time for any reason. And when the employer is the federal government, another factor is (6) whether the purpose of the search was work-related, rather than primarily for law enforcement objectives. See generally O'Connor, 480 U.S. at 717 (employee's expectation of privacy must be assessed in the context of the employment relationship).
There are currently no cases specifically addressing an employer's consent to search and seize an employee's computer (and related items). But there are cases that discuss searches of an employee's designated work area or desk. For example, the Seventh Circuit has upheld the search of a hotel room that served as a welfare hotel's business office after the hotel owner consented. United States v. Bilanzich, 771 F.2d 292 (7th Cir. 1985). The room searched was used by the defendant/manager of the hotel for hotel business, the hotel's books were stored there, and the room was also used by doctors and welfare officials when they visited residents. The manager kept the key to the room. In affirming the manager's theft and forgery convictions (based in large part on documents seized from the business office/hotel room), the Seventh Circuit found that the hotel owner had the requisite control over and relationship to the business office to consent to its search. The court rejected the manager's argument that she had sole control over the business office because she generally had the key, finding that the owner could request access to the room at any time, that the room was shared with others (visiting physicians and welfare officials), and that the items sought were business records (e.g., welfare checks that the manager had forged). Thus, the manager did not have exclusive control over the area nor was it for her personal use. In addition, the purpose of the search was "employment related," since the manager was defrauding the employer and the customers.
In United States v. Gargiso, 456 F.2d 584, 587 (2d Cir. 1972), the Second Circuit upheld the search of a locked, wired-off area in the basement of a book company--a search to which the highest official of the book company then on the scene (the company's vice president) had consented. The defendant, an employee of the book company, objected to the search. Both the defendant and the vice president had supervisory authority over the area searched, and both also had keys to the area, as did other company personnel. The court found that the vice president's control over the area was equal to that of the employee's, making the consent effective. The vice president had sufficient control over the area to permit inspection in his own right and the employee had assumed the risk that the vice president would do so.
In Donovan v. A.A. Beiro Construction Co., Inc., 746 F.2d 894, 900 (D.C. Cir. 1984), the D.C. Circuit found the D.C. Government's consent to a search conducted by OSHA inspectors of a D.C. construction site effective against one of the contractors. The site was a large, multi-employer area surrounded by a chain link fence with no interior fences separating the various contractors' work areas. There was considerable overlap and interaction among the various contractors and their employees. The Court found that the defendant/contractor had no reasonable expectation of privacy in the area searched, because it was a common construction site shared by many. Thus, the defendant/ contractor had assumed the risk that anyone with authority at the site would permit inspection of the common construction area.
In an earlier case, United States v. Blok, 188 F.2d 1019 (D.C. Cir. 1951), the D.C. Circuit affirmed the reversal of a petty larceny conviction of a government employee, finding that the search of the employee's desk violated the employee's right of privacy. The court found that the employee had exclusive use of the desk and a reasonable expectation of privacy in it. Her employer's consent to a police search of the desk did not make the search reasonable. There was no policy putting employees on notice that they should not expect privacy in their desks. Nor was the search conducted by the employer for employment purposes (e.g., searching for a file). "It was precisely the kind of search by policemen for evidence of a crime against which the constitutional prohibition was directed." Id. at 1021 (quoting the district court). Thus, the employer's consent was ineffective because the area searched was for the employee's exclusive and personal use (factor number 1 above); the purpose of the search was not work-related (factor number 6 above); and there was no policy putting the employee on notice that her desk might be subject to search (factors number 3 and 5 above). Significantly, the O'Connor Court cited Blok with approval. O'Connor, 480 U.S. at 719.
Table of Contents - Main Federal Guidelines
Supplement - Consent Search, Employers
e. Networks: System Administrators
Case law demonstrates that the courts will examine the totality of the circumstances in determining whether an employee has a reasonable expectation of privacy or whether an employer shares authority over the employee's space and can consent to a search. But applying this employer-consent case law to computer searches can become especially troublesome when the employee's computer is not a stand-alone container, but an account on a large network server. The difficulty is a practical one. In the physical world, individuals often intuitively understand their rights to control physical space and to restrict access by others because they can observe how everyone uses the space. For example, with filing cabinets, employees can see whether they are located in private areas, whether others have access, whether the cabinets are locked, and who has the keys. While explicit company policies certainly help to clarify the situation, employees can physically observe company practices and will probably conclude from their observations that certain property is or is not private.
By contrast, in an electronic environment, employees cannot "see" when a network administrator, supervisor, or anyone else accesses their data. They cannot watch the way people behave with data, as they can with a file cabinet, and deduce from their observations the measure of privacy they ought to expect. As a practical matter, system administrators can, and sometimes do, look at data. But when they do, they leave no physical clues which would tell a user they have opened one of his files. Lacking these physical clues, some users who are unfamiliar with computer technology may falsely but honestly believe that their data is completely private. Will the courts hold this false belief to be one that society is prepared to recognize as reasonable? Will the courts still find it reasonable, even when a user knows that there are such people as system administrators who are responsible in some fashion for operating and securing the entire network? If so, do users who actually understand the technology and the scope of a system operator's access to data have a lesser expectation of privacy and fewer Fourth Amendment protections than users who are not so well informed? And what happens in the years ahead as our population becomes increasingly computer literate?
Of course, these search and seizure questions are not limited to computer networks in the workplace. Universi-ties, libraries, and other organizations, both public and private, may operate computer networks on which users store data which they consider private--either partly or completely. If those networks provide services to the public, they will be controlled by the provisions of 18 U.S.C. § 2702, which limits the situations in which a service provider may release the contents of qualifying electronic mail. (For a detailed discussion of this statute, see "STORED ELECTRONIC COMMUNICATIONS," infra p. 82.) But for material which falls outside this statute, the Fourth Amendment analysis discussed above will still apply.
Prosecutors who face these issues at trial should be ready to argue that reasonable network users do, indeed, understand the role and power of system operators well enough to expect them to be able to protect and even restore their files. Therefore, absent some guarantees to the contrary, reasonable users will also expect system administrators to be able to access all data on the system. Certainly, if the system has published clear policies about privacy on the network or has even explained to users that its network administrators have oversight responsibility and control, this will support the position that a system operator's consent to a search was valid. But if the network and its users have not addressed these issues and the situation is ambiguous, the safest course will be to get a warrant. (Of course, if the system administrator does have authority to access and produce a user's files and simply will not do it on request, agents should use a subpoena.)
If agents choose to apply for a warrant and are concerned that a target/user will delete his data before they can execute the search, the agents should consider asking a cooperating system operator to make and keep a backup of the target's data, which they can later procure under the warrant or subpoena. The circumstances of each case will dictate the wisest approach, but agents and prosecutors should explore all these questions before they just ask a system administrator to produce a user's files.
Table of Contents - Main Federal Guidelines
F. INFORMANTS AND UNDERCOVER AGENTS
As in other types of investigations, it is often helpful to use informants or undercover agents to develop evidence. In some cases, of course, they may be of limited value (e.g., a case involving a lone hacker). Additionally, as a matter of policy, there may be restrictions on the type of undercover activities in which agents may engage. For example, the FBI does not access bulletin boards simply to view board activities when there is no reason to believe the board is involved in criminal activity.
Generally speaking, however, the law allows informers to read material on electronic bulletin boards if they have the sysop's permission, explicit or implicit, to access the material on the board. Many BBSs, for example, have parts of the board which are open to the public and which require no password or identification for access. Other boards may have isolated directories, known as sub-boards, that are open only to paying subscribers or trusted members, and those individuals must identify themselves with passwords. Some sysops will ask newcomers to "introduce" themselves and will verify the new user's name, address, and other information before granting access with a password. These introductions should follow the same rules that undercover work has traditionally observed. Law enforcement agents need not identify themselves as such, but they must confine their activities to those that are authorized: they should not break into sections of the board for which they have not been given access. Indeed, the Ninth and Tenth Circuits have both written, in dicta, that an undercover participant must adhere scrupulously to the scope of a defendant's invitation to join the organization. United States v. Aguilar, 883 F.2d 662, 705 (9th Cir. 1989), cert. denied, 498 U.S. 1046 (1991); Pleasant v. Lovell, 876 F.2d 787, 803 (10th Cir. 1989). Thus, an informant or undercover agent must not exceed his authorized access, and having been granted access to some "levels" of the board does not give him permission to break into others.
Go to . . . Table of Contents
Updated page March 5, 1998
----- footnotes ------
[2] See also United States v. Talkington, 875 F.2d 591 (7th Cir. 1989)(warrantless entry of residence and seizure of counterfeit money was justified since agents knew that (1) the suspects had previously discussed burning money; (2) there was a fire in the backyard; and (3) the agents were confident that residents were not having a cookout). [Back]