WIXLIB

Where computers are not neareach other, but are connectedelectronically, the originalsearch might justify examiningfiles in computers many milesaway, on a theory that incriminating electronic data couldhave been shuttled and concealed there.21“demands a heightened sensitivity tothe particularity requirement in thecontext of digital searches.”25 Likewise,the District of Kansas in In reApplication for Search Warrants forInfo. Associated with Target EmailAddress refused to issue a warrant thatdid not contain the requisite level ofparticularity. The court explained:CYBERCRIME AND THE FOURTH AMENDMENTDoes the warrant identify any sorting orfiltering procedures for information that doesnot fall within the probable cause statement?The three-judge panel and the enbanc court were concerned with thegovernment’s conduct and the plainview argument it expounded. In fact,one judge asked, “Whatever happenedto the Fourth Amendment? Was it .repealed somehow?”22 While not eliminating the possibility of a plainview argument entirely, the NinthCircuit stated that the process of segregating data that is seizable must be vigilantly maintained in order to strikethe right balance:We recognize the reality thatover-seizing is an inherent partof the electronic search processand proceed on the assumption that, when it comes to theseizure of electronic records,this will be far more commonthan in the days of paperrecords. This calls for greatervigilance on the part of judicialofficers in striking the rightbalance between the government’s interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures. Theprocess of segregating electronic data that is seizable fromthat which is not must notbecome a vehicle for the government to gain access to datawhich it has no probable causeto collect.23It is precisely because of this slippery slope that courts have requiredsearch warrants for electronic searchesto contain sufficient particularity as towhat is to be searched.24 As the SecondCircuit noted in United States v. Galpin,the threat that the government willclaim every file on a hard drive is inplain view once access is gained38W W W. N A C D L . O R GThe court finds the breadth ofthe information sought by thegovernment’s search warrantfor either the fax or emailaccount — including the content of every email or fax sentto or from the accounts — isbest analogized to a warrantasking the post office to provide copies of all mail ever sentby or delivered to a certainaddress so that the governmentcan open and read all the mailto find out whether it constitutes fruits, evidence or instrumentality of a crime. TheFourth Amendment would notallow such a warrant. TheFourth Amendment shouldtherefore not permit a similarlyoverly broad warrant justbecause the informationsought is electronic communications versus paper ones.26Similarly, in United States v.Bonner, the Southern District ofCalifornia implicitly rejected the government’s attempt to claim plain view in anelectronic search case involving a warrant to search for evidence that wouldshow that the defendant “submitted falseclaims for business expenses and falseclaims for lost wages.”27 In reaching thisconclusion, the district court explainedthat “[t]he forensic examination wasoverbroad, and not directed exclusivelyto identify data within the scope of theauthorized search.”28As NACDL detailed in its 2014report, What’s Old Is New Again:Retaining Fourth Amendment Projections in Warranted Digital Searches,courts have taken four differentapproaches with regards to the plainview doctrine in electronic searches —apply it to electronic searches, requirethe discovery be inadvertent, use filterteams, or abandon the use of plain viewentirely.29 A practitioner who has lostthe argument that plain view does notapply to electronic searches at allshould look closely at the proceduresfollowed to segregate irrelevant electronic materials and the authorizationin the search warrant for actual materials that are associated with any allegedcriminal conduct. If proper procedureswere not specified or followed, or if thewarrant was not properly tailored, or ifthe discovery was not inadvertent, thedefense can mount a strong attack onthe government’s plain view argument.Inevitable Discovery inElectronic SearchesLikewise, if the governmentattempts to claim inevitable discovery,this too can be rebuked. The government is required to return the electronicequipment when the search is finishedand should be required to destroy anynonresponsive documents found.30Therefore, if the government is not on afishing expedition and is only searchingdocuments that fall within a carefullytailored warrant and is following theproper protocol, inevitable discoverywill have no application.31In applications for search warrants,courts are insisting that the governmentlet the court know what will happen todata law enforcement seizes that is outside the scope of the warrant. Forexample, in In re Search of BlackiPhone 4, the District Court for theDistrict of Columbia directed as followsfor data that is seized but is outside thescope of the warrant:The government must specifywhat will occur — although it isadmonished that any responseother than “the information willbe returned or, if copies,destroyed” within a promptperiod of time will likely findany revised application denied.32Likewise, on another occasion, in Inre Search of Information Associatedwith the Facebook Account Identified bythe Username Aaron.Alexis that IsStored at Premises Controlled byFacebook, the district court explainedthat “some safeguards must be put inplace to prevent the government fromcollecting and keeping informationindefinitely to which it has no right,” andthere may be secondary orders that“explicitly require that contents andTHE CHAMPION

CYBERCRIME AND THE FOURTH AMENDMENTrecords of electronic communicationsthat are not relevant to an investigationmust be returned or destroyed and cannot be kept by the government.”33Accordingly, a practitioner facing aclaim of inevitable discovery can argueagainst this claim by pointing out thefact that any nonresponsive data was tobe immediately returned and destroyedand, therefore, no inevitable discoverywould have occurred.Jurisprudence relating to electronicsearches also opens the door to gettinginformation returned to the client asquickly as possible that concerns unrelated matters that is of a personal or professional nature. That is, courts havebeen concerned with and even rejectedwarrants when the warrant did not indicate “how the search would occur andhow the government will avoid overseizure by avoiding keeping documentsand other information outside the scopeof [the warrant’s attachments].”34Search of ElectronicsIncident to Arrest andExigent CircumstancesAlthough the government may tryto claim a search incident to an arrestjustified the search of an entire computer or phone, the U.S. Supreme Courthas made clear that this argument willnot succeed. Specifically, in Riley v.California, the Supreme Courtexplained that a search of a cellphonewas not permitted as a search incidentto a lawful arrest because “digital datastored on a cellphone cannot itself beused as a weapon to harm an arrestingofficer or to effectuate the arrestee’sescape” and because after the officerseizes the phone there is little chance ofdestruction of evidence.35 With regardto the destruction of evidence, theCourt rejected the government’s argument that the phone could be encrypted or wiped by a third party after it isseized, explaining that it has “beengiven little reason to believe” that eitherproblem is prevalent, and that officerscan prevent remote wiping by turningthe phone off or removing the battery.36The Court did, however, leave thedoor open for exigent circumstances justifying a search. The Court explained:If “the police are truly confronted with a ‘now or never’situation,” — for example, circumstances suggesting that adefendant’s phone will be thetarget of an imminent remotewipe attempt — they may be40W W W. N A C D L . O R Gable to rely on exigent circumstances to search the phoneimmediately.37.Such exigencies could includethe need to prevent the imminent destruction of evidence inindividual cases, to pursue afleeing suspect, and to assistpersons who are seriouslyinjured or are threatened withimminent injury.38The Court’s specific description ofthe exigencies clearly implies that a general claim that evidence of the crimemay be found on the phone will not prevail. The Court stated:The sources of potential pertinent information are virtuallyunlimited, so applying the Gantstandard to cellphones wouldin effect give “police officersunbridled discretion to rummage at will among a person’sprivate effects.39When facing a claim of exigent circumstances, a practitioner should closely examine the facts to determine if anyreal exigency existed.40 As Riley makesclear, the Court is protective of an individual’s expectation of privacy in electronic devices, and a generic claim ofexigency is vulnerable to a strong attack.Third-PartyForensic SearchesPractitioners should also keep inmind that it can be argued that computer forensic search protocols and specialists should be in place to protect innocent information from being accessed.The Third Circuit noted in In re Searchof Odys Loox Plus Tablet that it expectsa detailed explanation of the search to beconducted:The law enforcement officeraffiant must include details inhis affidavit about how thatcomputer forensics specialistintends to complete his search.The court expects to receive anoverview that uses whatevertechnical terms are necessary toexplain how the search will bedone. No sophisticated searchshould occur without a detailedexplanation of the methodsthat will be used, even if theexplanation is a technical one,and no search protocol will bedeemed adequate without suchexplanation.41It has been pointed out, however,that there are “concerns that the use of afilter team could invite overbroad searches, which would lead to minimization ofthe invasion of privacy and FourthAmendment interests after-the-fact.42Just as in the privilege context, whilesome courts refer to third-party forensicteams or independent experts as desirable, other courts will permit those “filter teams” or “privilege teams” or “taintteams” to be part of the law enforcementagency.43 It is hard to think of a situationin which an independent filter teamwould not be desirable and, therefore, inthe rare instance when a practitioner isaware of a search before it is to takeplace, the practitioner should petitionthe court to require an independent filter team.If the court denies the defenserequest for an independent filter teamand the filter team will be part of thegovernment’s office, it is important toremember the following:(1) the members of the taintteam must not have been andmay not be involved in any wayin the investigation or prosecution of the defendants subjectto indictment — presently orin the future; (2) the taint teammembers are prohibited from(a) disclosing at any time to theinvestigation or prosecutionteam the search terms submitted by the defendants, and (b)disclosing to the investigationor prosecution team any emailsor the information containedin any emails, subject to reviewuntil the taint team process iscomplete and in compliancewith its terms; (3) the defendants must have an opportunity to review the results of thetaint team’s work and to contestany privilege determinationsmade by the taint team before asuperior court judge, if necessary, prior to any emails beingdisclosed to the investigation orprosecution team; and (4) themembers of the taint teammust agree to the terms of theorder in writing.44In the more common occurrence oflearning about the search after it hastaken place, counsel should argue, whenappropriate, that the lack of an indeTHE CHAMPION

A balance must be struckbetween the government’sinvestigatory interests and theright of individuals to be freefrom unreasonable searchesand seizures. Almost everyhard drive encountered by lawenforcement will containrecords that have nothing to dowith the investigation. Tomaintain the balance betweenthe government’s investigatoryinterests and the FourthAmendment, the court is readyto grant the government’sinstant application on the conditions set forth in this opinion. But the government, muchlike it did in the CDT line ofcases, does not seek to performthe search with constitutionalsafeguards, i.e., a filter team orforeswearing reliance on theplain view doctrine. The government’s warrant applicationtherefore does not pass constitutional muster.46Likewise, in Bonner, the SouthernDistrict of California found that a defendant’s Fourth Amendment rights hadbeen violated because “[a] fair reading ofthe warrant did not include authorization to seize any item in defendant’s residence with a date and time stamp orauthorization to seize photographicimages marked with a date and timestamp.” The court also determined that“the forensic analysis employed searchprotocol not directed to identify datawithin the scope of the warrant and violated the defendant’s rights under theFourth Amendment.”47As these cases demonstrate, courtsW W W. N A C D L . O R Gare aware that searches of electronicsmay result in an over-seizure, but theyare wary of allowing it to become a general fishing expedition. Therefore, it isimportant to make sure that the warrant contained proper procedures tolimit the search and that those procedures were followed.Good Faith in SearchingElectronic DevicesOne way courts are upholdingsearches of electronic data is by referencing the good faith exception. Forexample, the District of Oregon inUnited States v. Taylor upheld a searchof a cellphone based on the good faithexception without even examiningwhether the warrant had the requiredspecificity. In refusing to even examinethe warrant, the district court explainedthat “no reasonably well-trained officerwould have known that the search wasillegal in light of all the circumstances[.]”48 The court continued, finding that because the warrant authorizedthe search of the cellphone (not just theseizure), the good faith and plain viewexception applied “despite the lack ofprotocols to limit the scope of thesearch” given the state of the law governing searches of digital devices.49While the good faith exceptionprovides a significant hurdle, it is notinsurmountable. As the Eastern Districtof Virginia recognized in United Statesv. Shanklin, the warrant cannot be “solacking in indicia of probable cause asto render an officer’s belief in its existence unreasonable.”50 In that case, thedetective relied on “conclussory andspeculative assertions” and the districtcourt determined that no reasonableofficer would be able to “infer throughnormal inferences that electronicdevices owned by child abusers in general or the defendant specifically contain evidence related to the criminalactivity being investigated.” The courtsaid there was no evidence that thedefendant had a history of “using multimedia to engage in sexual battery,abduction or child exploitation.”51Further, as the Southern District ofCalifornia recognized in Bonner, theprotocols used to conduct the searchmust be reasonable in light of what isauthorized in the warrant. As that courtexplained in finding that the officer’sconduct was not reasonable,The forensic examination wasoverbroad, and not directedexclusively to identify datawithin the scope of the authorized search. The Court concludes that suppression of anyevidence extracted from all 35items of electronic media,including four computers, 20external hard drives, eight floppy disks, two flash drives, and asmartphone is the proper remedy in this case.52The foregoing cases demonstratethat the clearer the requirement forspecificity in warrant applications forsearches of electronic devices becomesand the more exact the required protocols become to protect from overseizure, the less an officer will be able torely on the good faith exception to theexclusionary rule. Further, if the warrantcontains proper protocols and limits andthe officer ignores them, the good faithexception will fail.53Practice PointersIt is likely that most practitionerswill face a case that involves an electronicsearch. If counsel is lucky enough to beaware of the warrant application beforethe seizure and search has taken place,she should make sure that the warrant isspecific as to what is to be searched andincludes safeguards necessary to ensurethat there is not an over-seizure, such as athird-party forensic team.54 In fact, counsel should argue that the warrant contain“pre-search mandates when necessary toensure particularity of places to besearched or things to be seized[,]” “provisions for the destruction or return of digital information as appropriate[,]” and aprovision that the “[a]gents must retainrecords of the particularities of the digital search, which should be shared withthe defendants[.]”55If counsel only learns of the searchafter it has occurred and has decided tofile a suppression motion, counsel maywant a bifurcated hearing. In the firstpart of this hearing, counsel shouldexamine whether the warrant was validand whether it was specific enough so asnot to be a general fishing expeditionthrough a person’s personal information.56 That is, Fourth Amendment litigation that involves a search of digitaldata should involve a close examinationof the warrant to ensure that it involvesa narrowly tailored description of whatwas to be searched for to exclude anunreasonably high risk of over-seizure.The warrant also needs to be examinedto determine if it contains adequatecyber-specific protocols for searchingJ U LY 2 0 1 6CYBERCRIME AND THE FOURTH AMENDMENTpendent filter team has tainted thesearch in an effort to encourage the useof independent filter teams in thefuture.45 If an attack on the filter teamcannot be mounted, it is important toexamine the warrant and the proceduresfollowed to determine if the government was instructed to follow certainprocedures to avoid over-seizure and ifit followed those procedures. As theWestern District of Washington’s decision denying a warrant application inthe Edward Cunnius case illustrates,courts are increasingly skeptical of warrants that do not provide for safeguardsagainst over-seizures that turn into general fishing expeditions. Recognizingthat over-seizures are an inherent partof electronic searches, the court inEdward Cunnius explained:41

CYBERCRIME AND THE FOURTH AMENDMENTdigital information. As discussed above,courts have indicated that if the warrantis not sufficiently tailored to cyber-information as is necessary to limit the possibility of an over-seizure of sensitive digital information, then the warrant is susceptible to a Fourth Amendment attack.In the second part of the bifurcatedhearing, counsel should examine the protections the government used to ensurethat it did not seize or search data or documents that were beyond the scope of thewarrant.57 If the government did not usethe protections directed by the warrant, ordid not independently use adequate protections, the search is susceptible to aFourth Amendment attack and a practitioner should argue for suppression.58 Apractitioner can also argue that if thesearch uncovered information not coveredunder the warrant, the plain view andinevitable discovery doctrines do not applyand all evidence seized after this discoveryshould be suppressed if law enforcementdid not obtain a second warrant.59Courts are concerned with the personal intrusion that searches of computers and phones and servers will entailbecause of the vast amounts of personalinformation contained on each device.Thus, there is a need for an independentviewing and separation of incriminatingversus other information not subject tosearch or seizure.Practitioners should continue to pushfor protections to ensure that the government does not use a search of a computeras a fishing expedition to find evidence ofan unknown nature about unknowncrimes. Moreover, practitioners shouldcontinue to clarify the law regarding thenecessary specificity and procedures sothat the government may no longer rely onthe good faith exception to justify an overexpansive and intrusive search.Special thanks to attorney ElizabethBrandenburg and Leigh Schrope fortheir research assistance.Notes1. In fact, the Fourth Amendmentapplies even if there is no crime involved aslong as the government is the actor. See,e.g., Hudson v. City of Rivera, 982 F. Supp. 2d1318, 1339 (S.D. Fla. 2014) (“The FourthAmendment protects individuals fromunreasonable searches conducted by thegovernment. It is well settled that theFourth Amendment’s protection “extendsbeyond the sphere of criminal investigations,” ‘without regard to whether the government actor is investigating crime or performing another function.’” (quoting City ofOntario v. Quon, 560 U.S. 746, 130 S. Ct. 2619,2627 (2010))).42W W W. N A C D L . O R G2. See, e.g., Riley v. California, 134 S. Ct.2473 (2014) (under the FourthAmendment, officer safety and preventionof destruction of evidence did not justifywarrantless searches of cellphone data

BY MARCIA G. SHEIN RB AdobeStock WWW.NACDL.ORG THE CHAMPION Cybercrime has become a major problem in the electronic age. Crimes ranging from fraud, to internet hacking, to identity theft, to posses-sion, solicitation and distribution of child pornogra - phy and beyond are being committed on the internet. The prevalence of the internet in current crimes