Recently, the Ninth Circuit handed down its decision in United States of America v. Comprehensive Drug Testing, Inc., __ F.3d __, No. 05-10067, 2009 WL 2605378 (9th Cir. Aug. 26, 2009). The decision has come under fire from some angles for being light on precedent and heavy on new rules for investigative agencies to follow when searching computers. However, that should not be regarded as a weakness of the decision, but rather a strength. Outlining a new paradigm was the only logical route that the Court could have taken, since the measures necessary to protect the unreasonable search and seizure of data saved on a computer are so different from the measures necessary to protect evidence saved on paper or physically sitting in a room.
Judge Kozinski's new paradigm consists of five instructions for carrying out digital search warrants, which I will address one by one in separate entries. This is the first of the series.
1. Magistrates should insist that the government waive reliance upon the plain view doctrine in digital evidence cases.
I see what the majority is trying to do here, but they approached this point incorrectly. Plain view refers to the doctrine that allows an investigator to use all of his senses when doing a search for material outlined in a warrant. For example, if police are lawfully searching a house for a murder weapon, and there's a stash of crack sitting on the table next to the gun described in the warrant, it was in plain view. The investigators can seize that crack under the plain view doctrine.
The elements of plain view were laid out by the Supreme Court in Horton v. California, 496 U.S. 128, 136-137 (1990). The three things that must be the case for a find to fall under the plain view doctrine include:
- that the officer is lawfully present at the place where the evidence can be plainly viewed
- that the officer must have a lawful right of access to the object
- the incriminating character of the object must be “immediately apparent.”
As Professor Orin Kerr explained in his article Search Warrants in an Era of Digital Evidence, it makes sense to describe the search and seizure of digital data in two phases: the physical phase, and the electronic phase. Orin S. Kerr, Search Warrants in an Era of Digital Evidence, 75 Mississippi Law Journal 85 (Fall 2005) First the government needs to access the hardware with the warranted information on it, and then it needs to actually find the data described on the warrant where it is saved on that hardware.
TheHorton test was designed for the seizure of physical evidence. It makes sense to describe the physical seizure of hardware in plain view in terms of the test, just as it makes sense to describe the seizure of a paper, a weapon, a box, or a bottle of drugs in terms of the test. It's just another physical object.
But, this test breaks down once the agent is inside the seized computer, and rooting through for the data. The first two prongs talk about lawful presence and lawful right of access to the object. What is "presence" with respect to a file--how close do you have to be? On the same piece of hardware? The same directory? The same spreadsheet file? And, lawfully seizing a computer does not imply that the officer has a lawful right of access to any file about anyone--that would be tantamount to saying that in the paper world, an officer has a lawful right to access anything in a data warehouse because the warehouse contains a couple of papers relevant to a suspect's criminal activities.
The test also prescribes that something must have an incriminating character that is "immediately apparent." What is "immediately apparent" in a computer? Is it immediately apparent if the incriminating nature of the file data is reflected in the file name? The directory name? The fact that it's on the same computer with other incriminating data? Is it immediately apparent if it needs only common as opposed to highly customized computer forensics tools in order to find the data? It is hard to tell.
The test breaks down in the arena of digital seizure. Even though Judge Kozinski did not discuss it in such explicit terms of the Horton test, he did write:
"If the government can't be sure whether data may be concealed, compressed, erased, or booby-trapped without carefully examining the contents of every file--and we have no cavil with this general proposition--then everything the government chooses to seize will, under this theory, automatically come into plain view. Since the government agents ultimately decide how much to actually take, this will create a powerful incentive for them to seize more rather than less."
This excerpt presents the fundamental tension: how easy it is to conceal digital data at first glance versus the searching that needs to happen to verify which data on a computer is or is not covered by the bounds of the warrant. No reasonable digital search and seizure ruleset would stop at forcing investigators to take what they saw on the computer at face value, without allowing detailed forensic analysis to ferret out which data is usable in the case at hand. However, reliably determining which data can be used in the investigation requires a detailed investigation not contemplated by plain view jurisprudence.
The majority has at least started to realise that plain view is a poor paradigm for digital searches, and has tried to patch the issue by suggesting that the government waive the doctrine of plain view in digital evidence cases. Such a suggestion is naive. Plain view is a powerful doctrine for investigators, and the government is not likely to consent to waiving it without a fight, and without a lot of technical argument as to when the plain view doctrine does or does not apply in any given case. It would help neither the government's interest in investigation nor the citizen's interest in protection from unreasonable search and seizure to get mired in bickering over the bounds to which plain view applies in every single case involving computers.
Instead, when and if the Supreme Court reviews this case, the Court should go one step further and frame this case in terms of defining the bounds of the plain view doctrine as a whole. It should remove that extra level of discretion, and hold that the plain view doctrine does not apply to electronic searches for digital evidence, period, end of discussion, since it is basically impossible to apply the Horton test in any meaningful manner to digital evidence. This will avoid any questions about whether it has been waived properly, and such a blanket rule is the only way to prevent government investigators from rooting through data, files, directories, and computers in which they don't have specific warrant authorization to be.
Add new comment