1 / 28

Federal Search & Seizure Update

Federal Search & Seizure Update. 2010 Financial Crimes & Digital Evidence Conference. Sean B. Hoar Assistant United States Attorney sean.hoar@usdoj.gov. Digital evidence search protocols. United States v. Comprehensive Drug Testing, Inc. (“CDT I “ – filed August 26, 2009)

dacia
Télécharger la présentation

Federal Search & Seizure Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Search & Seizure Update 2010 Financial Crimes & Digital Evidence Conference Sean B. Hoar Assistant United States Attorney sean.hoar@usdoj.gov

  2. Digital evidence search protocols • United States v. Comprehensive Drug Testing, Inc. (“CDT I “ – filed August 26, 2009) • Classic example of bad facts making bad law • CDT I was an en banc decision which affirmed three district court orders • one quashing subpoenas • two ordering return of property seized pursuant to a search warrant • The subpoenas and search warrants emanated from a criminal investigation, but CDT was not a criminal defendant, merely a repository of digital evidence

  3. CDT factual background • The case emanated from an investigation into the use of steroids by professional baseball players – remember Barry Bonds? • In 2002, an investigation commenced into the Bay Area Lab Cooperative (BALCO), which was suspected of providing steroids to professional baseball players. • That year, the Major League Baseball Players Association (MLBPA) entered into a collective bargaining agreement with MLB owners

  4. CDT factual background • The collective bargaining agreement provided for suspicionless drug testing of all players. • Urine samples were to be collected during first year of agreement and tested for banned substances. • Players were assured results would remain anonymous and confidential . . .

  5. CDT factual background • The sole purpose of the testing was to determine whether more than five percent of players tested positive – which would require additional testing in future seasons. • CDT administered the program • collected specimens from players • maintained list of players & test results • Quest Diagnostics performed actual tests

  6. CDT factual background • During the BALCO investigation, ten players were identified as having tested positive in the CDT program. • NDCA issued a grand jury subpoena seeking all “drug testing records and specimens” pertaining to MLB in CDT’s possession. • CDT and MLBPA attempted to negotiate a more limited subpoena, but negotiations failed.

  7. CDT factual background • When negotiations failed, CDT and MLBPA moved to quash the subpoena. • After CDT and baseball players’ union moved to quash the subpoena . . . a search warrant – limited to test results of ten named baseball players - was obtained for CDT’s facilities in Long Beach, California

  8. CDT factual background • And - you guessed it - although the CDT warrant was limited to test results of ten named baseball players, drug testing records of hundreds of MLB players – and many more people - were obtained . . .

  9. CDT factual background • A search warrant was also obtained for the urine samples on which the drug tests had been performed which were kept at Quest Diagnostics’ facilities in Las Vegas. • New subpoenas were then served on CDT and Quest for the same records which had just been seized.

  10. CDT factual background • CDT and MLBPA then moved for return of the property seized from CDT in CDCA • Judge Cooper in CDCA found that government failed to comply with procedures specified in warrant and ordered property returned • CDT and MLBPA also moved for return of property seized from Quest in Nevada • Judge Mahan in Nevada ordered property returned, with exception of ten identified baseball players

  11. CDT factual background • CDT and MLBPA then moved to quash latest round of subpoenas in NDCA • Judge Ilston in NDCA quashed the subpoenas • All three judges expressed grave dissatisfaction with government’s handling of investigation, even going so far as to accuse government of manipulation and misrepresentation.

  12. CDT factual background • The search warrant affidavit • Contained extensive boilerplate about risk of destruction of electronically stored information if search not done off-site • Which supported authorization for off-site search • Contained procedure wherein data would be reviewed and segregated by specially trained computer personnel to restrict access to data by investigating agents • Which supported authorization to examine data

  13. CDT factual background • The search warrant affidavit • Contained procedure wherein if computer personnel determined that data fell outside warrant, the data would be returned within reasonable period of time not to exceed 60 days from date of seizure, absent further authorization • Which supported authorization for seizure

  14. CDT factual background • In executing the search warrant at CDT’s facilities in Long Beach . . . • the agent copied a file directory (the Tracey Directory) off a network server which included, among hundreds of other documents, an Excel spreadsheet that contained the names of many baseball players who tested positive for steroids • The agents took an electronic copy of the entire directory off-site for later review . . .

  15. CDT factual background • The problem . . . • boilerplate about risk of destruction of electronically stored information if search not done off-site wasn’t accurate . . . • The record reflected no forensic lab analysis, no evidence of booby traps, no decryption, no cracking of passwords, no effort by dedicated computer computer specialist to separate data from which government had probable cause from other data . . .

  16. CDT factual background • The problem . . . • procedure wherein data would be reviewed and segregated by specially trained computer personnel to restrict access to data by investigating agents wasn’t followed • The “Tracey Directory” – which had names of all those who tested positive – was immediately provided to case agent who examined entire list • Procedure for return of data wasn’t followed

  17. CDT factual background • Because certain evidence seized was outside the scope of warrant & because procedures specified in warrant not complied with . . . • Two district courts ordered the return of property • District of Nevada (Judge Mahan) • Central District of California (Judge Cooper) • One district court ordered subpoenas quashed • Northern District of California (Judge Illston)

  18. CDT factual background • All three judges expressed “grave dissatisfaction” with government’s handling of investigation • Even accusing it of manipulation & misrepresentation • Government then appealed all three orders • Divided 9th Circuit panel reversed two orders but found appeal from Cooper order untimely • Case then taken en banc . . .

  19. CDT factual background • CDT I affirmed three district court orders • one quashing subpoenas • two ordering return of property seized pursuant to a search warrant

  20. CDT I summary • Chief Judge Kozinski wrote opinion • Concluding: “This was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable cause.” • and taking “the opportunity to guide our district and magistrate judges in the proper administration of search warrants and grand jury subpoenas for electronically stored information . . .”

  21. CDT I “guidance” • Magistrates should insist that government waive reliance upon plain view doctrine in digital evidence cases. • Segregation and redaction must be done by specialized personnel or independent third party. If segregation is done by government computer personnel, it must agree in the warrant application that computer personnel will not disclose to investigators any information other than that which is the target of the warrant. • Warrants and subpoenas must disclose actual risks of destruction of information and prior efforts to seize information in other judicial fora. • Government’s search protocol must be designed to uncover only information for which it has probable cause, and only that information may be examined by the case agents. • Government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept.

  22. CDT I implemented • In Oregon, federal digital evidence searches stopped between August and October, 2009 • October, 2009, Oregon USAO negotiated reasonable application of CDT I • Wall between reviewers (usually computer personnel) & investigators • Data reviewed segregated &/or redacted prior to investigative review • Reasonable time for review (120 days) • Reasonable warrant return procedure • Reasonable device/image retention procedure

  23. CDT II summary • United States v. Comprehensive Drug Testing, Inc. (“CDT I I“ – filed September 13, 2010) • CDT II is an en banc decision which resulted from a rehearing of the CDT I en banc decision • CDT II again affirmed three district court orders • one quashing subpoenas • two ordering return of property seized pursuant to a search warrant • But . . . CDT II eliminated troubling “guidance” requiring filter team search protocol

  24. CDT II summary • Per Curiam Opinion of 11 Circuit judges; • Concurrence by Chief Judge Kozinski joined by four judges (containing “guidance” from CDT I); • Partial Concurrence and Partial Dissent by Judge Bea; • Partial Concurrence and Partial Dissent by Judge Callahan joined by Judge Ikuta; • Dissent by Judge Ikuta • A wall between computer personnel & investigators is no longer required

  25. CDT II implemented • Although a wall between computer personnel & investigators is no longer required, search protocol should be as narrow as possible. • Technological representations in affidavit will be scrutinized; i.e. actual concerns about data corruption should be specifically articulated. • There should be disclosure about attempts to obtain evidence in different judicial fora (i.e. grand jury subpoenas for target information). • Where there may be a heightened privacy interest (third party data repositories), alternate protocol may be developed.

  26. CDT II implemented • Under new Rule 41, return need not list all “data,” only the hardware seized • The plain view doctrine need not be waived • Government is not required to waive plain view doctrine • As usual, second warrant will be sought should initial review reveal evidence of other crimes

  27. Questions?

  28. Federal Search & Seizure Update 2010 Financial Crimes & Digital Evidence Conference Sean B. Hoar Assistant United States Attorney sean.hoar@usdoj.gov

More Related