1 / 46

Electronic Search & Seizure An American Perspective

Electronic Search & Seizure An American Perspective. Workshop for the Judiciary on Cyber Crime Abu Dhabi, United Arab Emirates June 2 nd , 2010. B. Lynn Winmill Chief Judge United States District Court District of Idaho lynn_winmill@id.uscourts.gov. Sean B. Hoar

wei
Télécharger la présentation

Electronic Search & Seizure An American Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Search & SeizureAn American Perspective Workshop for the Judiciary on Cyber Crime Abu Dhabi, United Arab Emirates June 2nd, 2010 B. Lynn Winmill Chief Judge United States District Court District of Idaho lynn_winmill@id.uscourts.gov Sean B. Hoar Assistant United States Attorney United States Department of Justice District of Oregon sean.hoar@usdoj.gov

  2. Text of the Fourth Amendmentto the United States Constitution • “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

  3. The Exclusionary Rule • Evidence seized in violation of a defendant’s rights under the Fourth Amendment is generally not admissible at their criminal trial.

  4. When does a seizure occur under the Fourth Amendment? • A seizure of property occurs when there is some meaningful interference with an individual's possessory interests in that property • A seizure also includes the interception of intangible communications

  5. When does a search occur under the Fourth Amendment? • A search occurs when the government infringes upon a “legitimate expectation of privacy” • The two part test: • A person must have an actual subjective expectation of privacy • Society must be prepared to recognize that expectation as reasonable

  6. When does a search occur under the Fourth Amendment? • If the government’s conduct does not violate a person’s “reasonable expectation of privacy,” then it does not constitute a “search” under the Fourth Amendment and no warrant is required.

  7. When does a search occur under the Fourth Amendment? • No bright line rule indicates whether an expectation of privacy is constitutionally reasonable • A person may have a reasonable expectation of privacy in the following • Property located inside a person's home • “The relative heat of various rooms in the home" revealed through the use of a thermal imager • Conversations taking place in an enclosed phone booth • The contents of opaque containers • In contrast, a person does not have a reasonable expectation of privacy in the following • Activities conducted in open fields • Garbage deposited at the outskirts of real property • In a stranger's house that the person has entered without the owner's consent in order to commit a theft

  8. Generally, a Fourth Amendment search must be pursuant to a warrant • Generally, searches under the Fourth Amendment must be pursuant to a judicially authorized warrant • Judicial authorization must be obtained prior to search • Judicial authorization must be through the detached scrutiny of a neutral magistrate • Judicial authorization must be obtained through a showing of “probable cause” • “a fair probability that contraband or evidence of a crime will be found in a particular place” • There must be precise limits on the search • An accounting of items seized must be made subsequent to the search

  9. A warrantless search may be lawful • While searches under the Fourth Amendment must generally be pursuant to a judicially authorized warrant, a warrantless search will nonetheless be lawful if it falls within an established exception to the warrant requirement

  10. The evolution of the Fourth Amendment • American law is dynamic – it evolves with the American society and with changes in technology. • As an example, in 1928, the United States Supreme Court held that wiretapping of telephone conversations without court authorization did not violate the Fourth Amendment. In 1937, however, the same court held the exact opposite, and the law continues to evolve.

  11. The Fourth Amendment’s expectation of privacy in computer cases • Computers as storage devices • Generally, there is a reasonable expectation of privacy in closed containers, and, therefore, in the data stored in electronic devices • Individuals generally possess a reasonable expectation of privacy in their personal computers • Expectation of privacy in information from a computer is lost, however, when it is openly available to third parties. Examples: • Peer-to-peer file sharing • Information on a “shared drive” of networked computers • Information stolen or obtained by fraud

  12. The Fourth Amendment’s expectation of privacy in computer cases • Computers as storage devices • What a person knowingly exposes to the public, even in his home or office, is not protected by the Fourth Amendment

  13. The Fourth Amendment’s expectation of privacy in computer cases • Information shared with third parties • Generally, one cannot reasonably expect to retain control over information revealed to third parties, even if senders have a subjective expectation that third parties will keep the information confidential • Example: subscriber information • Customers of Internet service providers do not have a reasonable expectation of privacy in customer account records maintained by and for the provider’s business

  14. The Fourth Amendment’s expectation of privacy in computer cases • Private searches • The Fourth Amendment is inapplicable to a search or seizure, even an unreasonable one, conducted by a private individual not acting as an agent of the government • No violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement • Example: An employer searches a laptop computer issued to an employee for their personal use.

  15. The Fourth Amendment’s expectation of privacy in computer cases • Private searches • In determining whether a private party is an instrument or agent of the government, half of the federal courts of appeal have adopted a “totality of the circumstances” approach that examines three factors: • Whether the government knows of or acquiesces in the intrusive conduct; • Whether the party performing the search intends to assist law enforcement efforts at the time of the search; and • Whether the government affirmatively encourages, initiates or instigates the private action

  16. Searches conducted by non-U.S. law enforcement officers • Foreign searches conducted by foreign authorities are generally not subject to the Fourth Amendment, unless: • The foreign search was so extreme as to “shock the judicial conscience.” • American law enforcement significantly participated in the foreign search. • The foreign authorities were essentially acting as agents of their U.S. counterparts.

  17. Exceptions to the warrant requirement in computer cases • Warrantless searches that violate a reasonable expectation of privacy will comply with the Fourth Amendment if they fall within an established exception to the warrant requirement

  18. Exceptions to the warrant requirement in computer cases • Consent • Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search • The authority to consent may be actual or apparent

  19. Exceptions to the warrant requirement in computer cases • Consent • Whether consent is voluntarily given is a question of fact determined by examining all of the circumstances • No single circumstance controls, but the following are important: • The age, education, intelligence, physical and mental condition of person providing consent • Whether the person is under arrest • Whether the person has been advised that they can refuse consent

  20. Exceptions to the warrant requirement in computer cases • Consent • Scope of consent is generally limited by the extent of the consent given • The standard for measuring the scope of consent under the Fourth Amendment is objective reasonableness • What would the typical reasonable person have understood by the exchange between the agent and the person granting consent?

  21. Exceptions to the warrant requirement in computer cases • Consent • Electronic evidence cases often raise the question of whether general consent to search a location or item implicitly include consent to access the memory of electronic storage devices encountered during the search • This resolved by determining whether the particular circumstances of the request for consent limit the scope of the search to a particular type, scope, or duration • The best practice is for agents to use written consent forms that explicitly state that the scope of consent includes consent to search computers and other electronic storage devices

  22. Exceptions to the warrant requirement in computer cases • Third-party consent • General Rules: It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. • In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this “common area” as well.

  23. Exceptions to the warrant requirement in computer cases • Third party consent • Spouses and domestic partners • Parents • Computer repair technicians • System administrators

  24. Exceptions to the warrant requirement in computer cases • Implied consent • Users of computer systems may waive their rights to privacy as a condition of using the systems. • A signed policy or employee manual may waive any privacy interest that an employee or user of a network system may otherwise have in the materials stored on the network • Clicking through a “banner” describing policies of use of network computers and warning that use may be monitored and that there is no privacy interest in the materials stored on the network may waive such an interest

  25. Exceptions to the warrant requirement in computer cases • Exigent circumstances • The exigent circumstances exception to the warrant requirement generally applies when one of the following circumstances is present: • Evidence is in imminent danger of destruction; • A threat puts either the police or the public in danger; • The police are in "hot pursuit" of a suspect; or • The suspect is likely to flee before the officer can secure a search warrant • Of these four factors, the imminent danger of destruction of evidence is generally the most relevant in the context of computer searches

  26. Exceptions to the warrant requirement in computer cases • Exigent circumstances • Exigent circumstances can arise in computer cases before the evidence has been properly secured because electronic data is inherently perishable. • Computer data can be effectively put out of law enforcement reach with widely-available and powerful encryption programs that can be triggered with just a few keystrokes. In addition, computer commands can destroy data in a matter of seconds, as can moisture, high temperature, physical mutilation, or magnetic fields created, for example, by passing a strong magnet over a disk. Exigent circumstances often arise in computer cases because electronic data is perishable. • Each case is fact dependent.

  27. Exceptions to the warrant requirement in computer cases • Search incident to a lawful arrest • Generally, pursuant to a lawful arrest, agents may conduct a search of an arrested person, and a more limited search of his surrounding area, without a warrant. • The purpose is to preserve evidence and prevent harm to the arresting officer • The arrest must be lawful and the search reasonably contemporaneous with the arrest.

  28. Exceptions to the warrant requirement in computer cases • Search incident to a lawful arrest • The permissible scope of the search depends on whether the search is of an item “immediately associated” with the person such as clothing, a wallet, or other personal property like luggage – and whether the search occurs at the same time as the arrest • Example: the person is unsecured, within reach of the evidence, and the evidence is reasonably believed to be relevant to the crime of arrest

  29. Exceptions to the warrant requirement in computer cases • Search incident to a lawful arrest • Smartphones (BlackBerry, iPhone, Droid, etc.): The limit on a search incident to an arrest is that it must be reasonable. While a close examination of physical items found on the arrestee’s person may always be reasonable, more invasive searches in other contexts may violate the Fourth Amendment. • The immense storage capacity of handheld computers may mean that this exception does not apply in the case of electronic search of smartphones. Courts may conclude that a very time-consuming search through a handheld computer that contains large amounts of data may require a warrant. The handheld computer or smartphone may be seized if it is reasonably related to the arrest, but a search of its contents may require the issuance of a search warrant.

  30. Exceptions to the warrant requirement in computer cases • Plain view • To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent. • The plain view doctrine does not authorize agents to open a computer file and view its contents. The contents of an unopened computer file are not in plain view. • However, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine, but any further search for evidence of the unrelated crime must be supported with a new warrant or consent

  31. Exceptions to the warrant requirement in computer cases • Inventory searches • After lawfully taking custody of property, police may conduct a warrantless search of the property to satisfy three purposes: • To protect the owner’s property while it is in police custody • To protect police against claims of lost or stolen property • To protect police from potential danger • The search must serve a legitimate, non-investigatory purpose and must follow standardized procedures. • It is unlikely that the inventory-search exception to the warrant requirement would support a search through computer files or other electronic data.

  32. Exceptions to the warrant requirement in computer cases • Border searches • “Routine searches” at the border or its functional equivalent do not require a warrant, probable cause, or reasonable suspicion that the search may uncover contraband or evidence. • However, searches that are especially intrusive require reasonable suspicion.

  33. Federal statutes governing access to electronic information • Two federal statutes govern real-time electronic surveillance in federal criminal investigations • Wiretap statute regulates access to content • A Wiretap order is generally required to access communication that is intercepted • Pen register & trap and trace statute regulates access to addressing and other non-content • A pen/trap order is generally required to access addressing information associated with communication

  34. Pen Registers & Trap & Trace Devices • A “pen register” is an instrument that records outgoing addressing information, such as the number dialed from a telephone • A “trap and trace device” is an instrument that records incoming addressing information, such as the telephone number associated with an incoming call • In general, the procedures for obtaining either a pen register or trap and trace device are not as demanding, as they are for a wiretap.

  35. Pen Registers & Trap & Trace Devices • A pen/trap order can be obtained when • The information likely to be obtained is relevant to an ongoing criminal investigation • The order must contain • The identity of the applicant • The law enforcement agency conducting the investigation • Certification that the information likely to be obtained is relevant to an ongoing criminal investigation.

  36. The Wiretap statute • The Wiretap statute broadly prohibits the “interception” of “oral communications,” “wire communications,” and “electronic communications” and imposes strict requirements which must be satisfied before an order can be obtained to intercept these communications

  37. The Wiretap statute • To obtain and implement a Wiretap order, the following must occur • Affidavit must be produced showing probable cause and necessity for interception • Prior approval from USDOJ authorities • Prior authorization by a District Judge • Minimization (no interception of unauthorized information) • Sealing (no disclosure without court authorization)

  38. The Wiretap statute • The affidavit must establish • Probable cause to believe that the interception will reveal evidence of a predicate felony offense • That normal investigative procedures have been tried and failed, or that they reasonably appear to be unlikely to succeed or to be too dangerous to employ • That communication facility is being used in a predicate crime • That surveillance will be conducted in manner that minimizes interception of communications that do not relate to predicate crime

  39. The Wiretap statute • A Wiretap order must contain • Applicant’s authority to apply; • Identity of person making application; • Identity of officer authorizing application; • Facts justifying the request (“probable cause for belief”); • Details of the offense being investigated; • Nature and location of the facilities or place from where surveillance will be conducted; • Type of communication to be intercepted; • Identity of person to be overheard; • Inadequacy of alternative investigative procedures (necessity for interception); • Period for which authorization is sought (max 30 days); • Details concerning results of prior orders, if any.

  40. Electronic Communications Privacy Act • In 1986, the Electronic Communications Privacy Act (ECPA) was passed to ensure the security of electronic communications. The ECPA amended the Wiretap statute, and created the Stored Communications Act. • It was created to protect access to electronic communications – to “bridge the gap” between the Fourth Amendment & the Wiretap statute • It is a critical component of the law of electronic surveillance due to reliance upon the Internet and creation of large data repositories • It is the primary statutory scheme governing access by the government to stored electronic communications

  41. Mechanisms for compelled disclosure of information under the ECPA • The following mechanisms may be used to compel disclosure of stored electronic information from public electronic communication services • Subpoena without subscriber notice – for subscriber information • Subpoena with subscriber notice (immediate or delayed) – for certain content and other information • Court order without subscriber notice – for subscriber and transactional information • Court order with subscriber notice – for certain content and other information • Search warrant – for all content and other information

  42. International issues • When United States investigators believe electronic evidence is located outside the borders of the United States • They must seek assistance from law enforcement officials in the foreign country • They must only act with • Consent of the foreign country • Approval of USDOJ Office of International Affairs • But they can access publicly available materials and with voluntary consent of person who has lawful authority to disclose materials

  43. International issues • When informal assistance in a foreign country is not available, requests for evidence will be made under Mutual Legal Assistance Treaties (MLATs) or Mutual Legal Assistant Agreements, or through a Letters Rogatory process.

  44. Post-seizure issues • Permissible time periods for examining seized computers • The forensic examination of seized computers often takes months to complete. However, unless the computer is an instrumentality or subject to forfeiture, a mirror image of any hard drive should be obtained as soon as practicable so that it can be returned within a reasonable period of time. • Search protocol should be as narrow as possible to protect third party privacy rights

  45. Questions?

  46. Electronic Search & SeizureAn American Perspective Workshop for the Judiciary on Cyber Crime Abu Dhabi, United Arab Emirates June 2nd, 2010 B. Lynn Winmill Chief Judge United States District Court District of Idaho lynn_winmill@id.uscourts.gov Sean B. Hoar Assistant United States Attorney United States Department of Justice District of Oregon sean.hoar@usdoj.gov

More Related