Taking the Fourth Amendment to Bits:
The Department of Justice Guidelines for Computer Searches and Seizures


Contents:

Computers and Crime

The Physical Computer

The Functional Computer

The Metaphysical Computer -- Gateway to "Data Space"

The Department of Justice Guidelines

Searches and Seizures of Computers (A Primer)

The Purpose of the Guidelines

A Brief Description of the Guidelines

The Guidelines and the Fourth Amendment

Private Bits: The Fourth Amendment in the Digital Age

How Much Privacy is "Reasonable?"

"Guerrilla Privacy"

A Proposed Statutory Response

Notes


Taking the Fourth Amendment to Bits:
The Department of Justice Guidelines for Computer Searches and Seizures

This is 528 - 5020.

As you are probably aware, on May 8, the Secret Service conducted a series of raids across the country. Early news reports indicate these raids involved people and computers that could be connected with credit card and long distance toll fraud. Although no arrests or charges were made, Ripco BBS was confiscated on that morning. It's [sic] involvement at this time is unknown. Since it is unlikely that the system will ever return, I'd just like to say goodbye, and thanks for your support for the last six and a half years. It's been interesting, to say the least.

Talk to ya later. %Dr. Ripco% (1)

In February, 1990, computer consultant Robert Izenberg returned home from his job with IBM to discover that his computers, along with disks, tapes, and notebooks, were missing. He assumed he had been the victim of theft, until an agent of the U.S. Secret Service appeared at his door minutes later. The agent informed Izenberg that his property had been seized as part of an ongoing investigation. Equipment worth roughly $20,000 was seized, along with approximately 800 megabytes of data -- the equivalent of several books. Izenberg was never charged with any crime, and his property was still in government possession as of January, 1992. (2)

In September, 1994, agents of the Drug Enforcement Administration and the United States Secret Service raided the offices of several criminal defense attorneys in the Miami area, seizing computers (which, according to the attorneys involved, contained documents implicating the attorney - client privilege) from each office. The seizures were conducted pursuant to warrants issued on the basis of anonymous affidavits, which were subsequently sealed. (3)

In June, 1995, officers from the Hamilton County Regional Computer Crimes Task Force, a division of the Hamilton County (Ohio) Sheriff's Department, seized computers and computer data belonging to the "Cincinnati Computer Connection BBS."According to a press release issued by counsel representing users of the BBS in their class action suit against the Task Force, "hundreds of thousands of public and private messages" were seized in an effort to find 45 allegedly obscene graphics files. Affidavits supporting the warrant allegedly conceded that officers from the Task Force had already obtained copies of all 45 files prior to execution of the warrant. (4)

As these examples illustrate, the problem of searches and seizures of computer hardware, software, and data are of more than academic interest. Society expects that law enforcement agencies, at both the state and federal levels, will seek out and prosecute individuals responsible for committing crimes; at the same time, each individual has an interest in assuring that his legitimately asserted privacy is respected. The tensions implicit in these interests are the subject of the Fourth Amendment (5) and the body of case law that provision has spawned. It is not clear, however, that the law as it stands is well suited to the particular problems associated with the search and seizure of computers and computer data.

The immediate topic of this article will be the Federal Guidelines for Searching and Seizing Computers, (6) an attempt by a consortium of federal agencies to "offer some systematic guidance to all federal agents and attorneys as they wrestle with cases in this emerging area of the law." (7) Part I, "Computers and Crime," introduces some important preliminary concepts about computers and computer data, and how they are becoming a part of the routine work of law enforcement and criminal justice.

Part II, "The Department of Justice Guidelines," presents an analysis of the DOJ Guidelines -- the historical background from which they developed, their significance, and what they contain. This portion of the article also incorporates a brief discussion of the developing jurisprudence of the Fourth Amendment, with particular attention to those decisions in which courts have had to face questions raised by new technologies. Two questions are raised within this context: What expectation of privacy in computer data is "reasonable"? And, are searches or seizures under the Guidelines "reasonable" as that word is defined by law, or as it is likely to be commonly understood?

Finally, Part III, "Private Bits: The Fourth Amendment in the Digital Age," argues for liberal Fourth Amendment protection of computer hardware, software, and data. Recognizing that technological methods (such as public - key encryption) exist whereby an individual computer user may take matters of privacy into her own hands, it is nevertheless argued that a statutory approach should be adopted. Suggestions will be offered as to the form such a statutory approach might take.

This is an article about cutting - edge technology, and about notions of privacy that were formulated centuries ago. This is also an article about government, operating within the limits of the Constitution and responding to legitimate threats, and about the security of the information stored on the PC on your desk. This is an article about legal doctrines, developing without much visible self - consciousness, that will shape the relationship between the privacy of citizens and the police power of government in fundamental ways.

The problems discussed below are not easy ones, and there are no easy solutions. Meaningful comment requires that two equally terrifying scenarios be considered -- a future in which criminals roam cyberspace (8) with the impunity of medieval highwaymen, or a future in which no citizen may be assured that his most private information is beyond the reach of the government. What follows is, as are the Guidelines themselves, a serious attempt to reconcile the conflicts between these extremes.

Computers and Crime

In the cop world everything is good and bad, black and white. In the computer world everything is gray. (9)
Computers once roamed the earth very much like dinosaurs -- each weighed several tons, and required a lot of space. (10) Today, computers are carried in briefcases. (11) They are built into a mind - numbing array of products, from automobiles to coffee makers. (12) Corporations use computers to manage their payrolls, (13) individuals use computers to balance their checkbooks. (14) Every day, more and more people use computers to stay connected to a community as real to them as "real life" is to the rest of us. (15)

A computer may become the target of a search or seizure by law enforcement personnel on any one of three theories: there is probable cause to believe the computer is the fruit of a crime, is the instrumentality of a crime, or will yield evidence of a crime. Legal analyses of these theories will be addressed later in this article; for now, it is useful to consider how closely the three theories underlying a lawful search or seizure mirror the three ways one can look at a computer -- what it is, what it does, and what data it contains.

The DOJ Guidelines treat these three aspects of a computer as analytically distinct, and with good cause -- the theory underlying a search or seizure may affect the permissible scope of that search or seizure. This section will therefore concentrate on the nature of the computer, seen from three different perspectives.

First, the relatively simple problem of hardware -- the computer as the fruit of a crime -- will be mentioned. Second, attention will turn to how criminals may employ computers (with the aid of software) to commit crimes. Criminals may employ computers in the commission of "traditional" crimes (for instance, a drug dealer could keep a database of customers, suppliers, and financial records), or they may be involved in what has become known as a computer crime, (16) such as gaining unauthorized access to the use of time and information on someone else's computer. The issues raised by treating a computer as the instrumentality of a crime are somewhat more complex than those raised when the computer is merely the fruit of a crime.

Finally, this section will examine some of the very subtle issues raised when the data stored on a computer is (17) the target of a search or seizure. Leaving the legal analysis aside for now, it is important to touch upon the nature of computer data itself -- what it is, and how it differs from any other sort of evidence. The fact that computers are incapable of "understanding" anything but binary instructions and data -- that is, information that may be represented entirely as ones and zeros -- is an important concept to grasp, and has an enormous (and unsettled) influence on the legal implications to be discussed later.

The Physical Computer

At the most basic level, a computer is nothing more than "a dead collection of sheet metal, plastic, metallic tracings, and tiny flakes of silicon." (18) In this sense, it is simply another electrical appliance, not much different from a television or stereo. Nothing about the physical computer is terribly unique or conceptually difficult.

It is entirely possible that an investigator -- or a criminal -- may have an interest in a computer that goes no deeper than this physical level. Computers have been the target of theft (19) or, more rarely, vandalism. (20) In such cases the computer is a mere object, and no special Fourth Amendment problems follow.

The Functional Computer

"When you hit the On switch, one little burst of electricity -- only about five volts -- starts a string of events that magically bring to life what otherwise would remain an oversize paperweight." (21) What was only a box full of wires now becomes the instrumentality by which words are processed, numbers crunched, and networks accessed; or, depending on the whim of the individual at the keyboard, it may become the instrumentality by which credit card numbers are stolen, viruses spread, (22) and pornography distributed. The functional computer is simply a tool (albeit a powerful one), its uses limited only by the imagination of the user.

The key to the functional computer is software. All of the complex circuitry within the computer itself is little more than a collection of switches. (23) Each switch may express one of two logical states -- conceptually equivalent to "on" or "off," "true" or "false." The functional computer -- hardware combined with software -- possesses the rather remarkable ability to open or close each switch in response to the position of another switch. Thus, we say that the computer is programmable; that is, it can respond in a flexible and predictable manner to the instructions encoded within software.

While the functional computer is merely a tool, it is fundamentally different from other tools in one crucial respect -- while a hammer cannot be "reprogrammed" to saw plywood, nor a pressure cooker modified to freeze ice cream, a computer can easily be transformed at the whim of the user in ways every bit as astounding as these admittedly silly examples, simply by loading new software. As will be demonstrated in the sections that follow, this "metamorphic" quality of the functional computer has potentially serious legal consequences.

The Metaphysical Computer -- Gateway to "Data Space"

As has been shown, a computer (including both hardware and software) is a truly curious device. To appreciate the unique nature of the computer, however, it is necessary to delve yet more deeply. The third component of what we colloquially call a computer is data, the information which the computer reads, manipulates, and stores. It is at this level that the discussion becomes conceptually slippery, or even metaphysical (thus the title of this subsection).

Recall that the circuitry within the physical computer is only a collection of switches, each limited to expressing one of two logical states. An inherent feature of this limitation is that the computer is incapable of "comprehending" data unless it can be reduced to a sequence of expressions equating to the logical states "on" or "off," "open" or "closed." One method might be to store data in the form of ones and zeros, with "one" equating to (say) "on" or "open," and zero equating to "off" or "closed." This is clearly adequate so long as the data is numerical, because numerical expressions can easily be converted from decimal (i.e., base 10) notation into binary (i.e., base 2) notation. (24)

The problem becomes substantially more difficult if the data is intended to represent words, pictures, sounds, and so forth. Reducing the letter "A," the Mona Lisa, or a Buddy Holly recording into a collection of ones and zeros is not a trivial task. Ingenious methods have been devised, however, to do precisely that. The letters of the alphabet (along with the necessary typographic characters), for instance, have been digitally codified into the standard form known as ASCII. (25) More sophisticated procedures are used to "digitize" complex types of data such as pictures (26) or sound. (27) Each one or zero in a digital file (which may, upon translation by software, be a number, a word, a picture, or a sound) is known as a binary digit, or "bit." (28)

It is important to note, however, that a particular collection of bits has no inherent meaning -- the interpretation of a data file into a form that may be grasped by human comprehension depends just as much upon the software employed as upon the content of the file. "[A]ny text (that is encoded in binary digits) of length n contains ... all other texts of length n." (29) In fact, a data file may contain information that is readable by means of one software tool, and also contain other information of an entirely different nature that is readable only by another software tool, through a process known as steganography. (30)

There is yet another respect in which the unique characteristics of digital data impinge upon this discussion, arising from what one commentator has described as "data space." (31) Being nothing more than an assemblage of metal, plastic, and silicon, the computer neither "knows" nor "cares" where (in physical space) data is located, so long as it is within the accessible data space. When a computer is attached to a network, (32) which is the case whenever the user dials into a BBS, an online service, or the international "network of networks" known as the Internet, (33) data may or may not reside in the same physical location as the computer itself. Indeed, it has been said that "the network is the computer." (34) The practical reality of this concept bumps up against a developing Fourth Amendment jurisprudence, with its reliance upon concepts such as expectations of privacy (35) and possessory interests. (36)

Thus, "in some very practical ways electronic evidence is unique: it can be created, altered, stored, copied, and moved with unprecedented ease .... " (37) The unique characteristics of digital data have consequences which bear upon not only the use of that data as evidence (the context in which the Guidelines raise the issue), but also upon the search for, and seizure of, that evidence.

Still, it must be conceded that no matter what else it may be, digital data is capable of representing what is immediately recognizable as evidence of a crime or the fruit of a crime. Stolen software is a violation of applicable copyright laws regardless of whether "software" is defined as a physical object (e.g., a floppy disk) or as a "metaphysical" collection of ones and zeros. Child pornography will be just as repugnant when transmitted in computer readable form as when sent in "hard copy" form through the mail. Businesses and individuals are no more likely to tolerate "virtual" trespass as they would physical trespass. The problems are clearly different, but they are no less significant.

Having thoroughly confused the issue by making what seemed to be a simple subject -- the now - common personal computer -- into a distressingly abstract hierarchy of ideas, this article will now return to Earth by turning its attention to a more concrete subject: the Federal Guidelines for Searching and Seizing Computers. It is hoped, however, that the reader will examine the material which follows in light of the previous discussion.

The Department of Justice Guidelines

[I]t is important to remember throughout the process that as dazzling and confounding as these new age searches and seizures may be, they are in many essential ways just like all other searches. The cause must be just as probable; the description of items, just as particular. (38)
As implied at the outset of this article, to refer to the Federal Guidelines for Searching and Seizing Computers as simply "the DOJ Guidelines" is perhaps overly simplistic -- although the Guidelines were issued under the imprimatur of the Department of Justice, several agencies contributed to their formulation. (39)

The DOJ Guidelines do not have the force of law, (40) but they are not irrelevant. They represent the accumulated experience and analysis of the federal law enforcement community, and may be understood as the State's interpretation of its own rights and responsibilities under the law.

Before examining the specific provisions of the DOJ Guidelines, it will be useful to review some of the high (and low) points in the history of computer searches and seizures -- a history leading to the drafting of the Guidelines. Next, it may be helpful to address in a bit more depth the purposes behind the Guidelines, the roles of the various agencies contributing to their formulation, and the real significance of the Guidelines. This background analysis will be followed by an examination of the Guidelines.

Searches and Seizures of Computers (A Primer)

The earliest case cited within the DOJ Guidelines is Steele v. United States. (41) This Prohibition - era case (predating the invention of the digital computer by many years) does not speak directly to the problem of searches or seizures of computers and computer data. It is, however, relevant to a problem which commonly arises within the context of computer searches (the problem of identifying the "place to be searched"). Steele is thus illustrative of a typical situation -- a case which, while on its face has nothing to do with the issue of computer searches, nevertheless says a great deal about what rule of law is applied.

This section will concentrate on cases which bear directly on the matter of computer searches. As the reader proceeds, however, she will do well to remember the lesson of Steele: the controlling doctrines in this area did not spring into the world fully formed along with the earliest computers; rather, existing doctrine was adapted and applied to computers as courts and investigators muddled along. Therefore, because a particular case responded specifically to the problem of computer searches while another case arose in a completely different context does not mean that the latter case is any less applicable.

A detailed review of the history of computer searches and seizures is beyond the scope of this article. Rather, the purpose here is to demonstrate that the DOJ Guidelines were drafted in response to an uncertain legal climate. If the stated purpose of the Guidelines is to "offer some systematic guidance to all federal agents and attorneys as they wrestle with cases in this emerging area of the law," (42) it is relevant to the present discussion to examine some of the cases from which the controlling doctrine has emerged. One of the described cases went well (from a law enforcement perspective), one went badly, and one went very badly.

The Good. In May, 1978, Leigh Raymond Tamura's secretary informed the Federal Bureau of Investigation that Tamura was involved in an elaborate scheme involving bribes and kickbacks. Tamura's allegedly corrupt business practices led to the Anchorage (Alaska) Telephone Utility's (ATU) awarding over nine million dollars worth of business to Marubeni America Corporation, a division of Hitachi Cable. (43) On June 18, 1978, FBI agents executed a search warrant at Marubeni's Los Angeles offices. The explicit language of the warrant authorized the agents to seize a limited class of records, namely:

1. Records of contracts for the sale of cable from Marubeni to ATU between January 1, 1974 and June 8, 1978.

2. Records of payments to McBride and Ellis [two of Tamura's codefendants] during the same four and one-half year period.

3. Records of travel by McBride, Ellis, Tamura, and two other individuals between Los Angeles, Anchorage, and the Republic of Panama for the period February 1, 1976 to June 8, 1978. (44)

It became obvious to the agents, as they sifted through the company's voluminous records, that conducting the search on - site without cooperation from the company's employees was impractical. They asked the employees for help, but the employees refused. As a result, the agents seized
11 cardboard boxes of computer printouts, which were bound in 2000 page volumes; 34 file drawers of vouchers, also bound in 2000 page volumes; and 17 drawers of canceled checks, which were bundled into files. The agents hauled all these records to another location, where they sifted through them and extracted the relevant documents. (45)
Tamura contested the scope of the search, on the basis that it exceeded the bounds of the (admittedly proper) warrant. He argued that "the FBI agents either should have remained on the premises until they had extracted all the relevant documents or should have obtained a warrant to seize the additional documents." (46)

Although the court held that it was "highly doubtful whether the wholesale seizure by the Government of documents not mentioned in the warrant comported with the requirements of the fourth amendment," (47) it nonetheless refused to vacate Tamura's conviction. "Generally, the exclusionary rule does not require the suppression of evidence within the scope of a warrant simply because other items outside the scope of the warrant were unlawfully taken as well." (48) Thus, according to the DOJ Guidelines, Tamura stands for the proposition that in the case of "commingled documents" (a common problem when dozens or perhaps hundreds of files are stored on the same computer disk), a narrowly limited search may justify a broad seizure. (49)

The Bad. In United States v. David, (50) the court was confronted with an altogether different problem: if a criminal suspect has consented to the search of his palmtop computer, but has refused to reveal his password (necessary to read encrypted files), may the investigating officer use a password obtained by watching over the suspect's shoulder, in the absence of a warrant?

The answer, according to the court in David, is no. In a terse opinion, the court held simply that "information which the Government obtained from Defendant David's computer memo book from that point forward at which Agent Peterson first accessed the book in David's presence is hereby suppressed." (51) In what appears to be an attempt to put the best possible face on an otherwise less than useful opinion, the DOJ Guidelines cite David as standing for the proposition that although a warrant may be required to conduct a search, exigency (52) may permit the warrantless seizure of a computer. (53)

The Ugly. Perhaps no case of computer search and seizure has been analyzed and dissected in as much detail as the case of Steve Jackson Games v. United States. (54) Steve Jackson Games involved a search conducted as part of "Operation Sun Devil" -- the same nationwide operation which shut down the "Dr. Ripco BBS," (55) and which formed the basis of Bruce Sterling's book The Hacker Crackdown. (56)

In Steve Jackson Games, the court was confronted with a case in which a single employee of the plaintiff publisher was suspected of involvement in the distribution of an allegedly stolen document belonging to AT&T (the so called "E911 document"). (57) Pursuant to a warrant, the Secret Service seized three computers (two of which were functional and one of which was disassembled for repair) as well as "a large number of floppy disks, a printer, other computer components, and computer software documentation" (58) from the business premises of Steve Jackson Games. The plaintiffs (the entity known as Steve Jackson Games, Steve Jackson as an individual, and several users of a BBS housed on one of the seized computers) sought, and received, civil damages.

With all the attention given the Steve Jackson Games case, it is easy to lose sight of the fact that the decision of the district court (which was affirmed by the court of appeals) had little to do with notions of reasonable searches or seizures as regulated by the Fourth Amendment. (59) Rather, the case was decided on the rather narrow grounds of the Privacy Protection Act (60) and of that portion of the Electronic Communications Privacy Act codified in 18 U.S.C. § 2703. (61) Still, the decision in favor of the plaintiffs may be interpreted as a significant embarrassment for the Secret Service in particular, and federal law enforcement in general.

The Purpose of the Guidelines

Although the cases described in the previous subsection are by no means the only ones addressing the subject of computer searches or seizures, they may arguably be described as representative; indeed, the DOJ Guidelines cite each case on several occasions. The authors of the Guidelines had these cases in mind when formulating the substance of that document.

It is useful to note that the Guidelines were issued under the specific imprimatur of the Office of Professional Development and Training of the Department of Justice. That is to say that this is not an academic document; rather, it is reasonable to presume that the Guidelines are intended as a statement of the Department of Justice's interpretation of the rights and liabilities of federal investigators under the law with respect to computer searches and seizures. Although the Guidelines are careful to insist that "[t]hey have no regulatory effect, and confer no right or remedy on anyone," (62) it is equally clear that they are intended "to offer some systematic guidance to all federal agents and attorneys." (63) Similarly, it is obvious that the Guidelines are intended to have an impact well beyond the Department of Justice -- given the number of agencies involved in drafting the Guidelines, (64) it is reasonable to assume that the Guidelines represent the collected wisdom and experience of the federal law enforcement community in toto.

In light of the above, two questions suggest themselves: What, exactly, do the Guidelines offer in the way of substantive suggestions? And, are these substantive suggestions responsive to the requirements of the Fourth Amendment? It is these questions to which this article now turns.

A Brief Description of the Guidelines

The DOJ Guidelines begin with a description of "General Principles," (65) which form the conceptual foundation for the specific sections that follow. These subsequent sections address issues arising from the seizure of hardware, (66) search or seizure of information, (67) special problems associated with networks and bulletin board systems, (68) recommended procedures for the drafting of warrants, (69) and post search procedures. (70) In addition, there is a discussion of the special evidentiary issues involved with digital data. (71)

The introductory section of the Guidelines begins by restating the axiomatic proposition that "[t]here is, of course, a 'strong preference for warrants.' " (72) It goes on, however, to delineate some of the well established exceptions to this preference. Among these are "plain view," "exigent circumstances," border searches, and searches pursuant to consent. "Exigent circumstances" and consent, in particular, are analyzed in some detail.

Specifically, the Guidelines assert that "[w]hen destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity." (73) The Guidelines seem to imply that, when a search or seizure of computer data is involved, exigency might be the rule rather than the exception "[i]f a target's screen is displaying evidence which agents reasonably believe to be in danger, the 'exigent circumstances' doctrine would justify downloading the information before obtaining a warrant." (74) Since the investigating officer can have no idea (prior to examining the "data space" (75) addressed by the computer) whether the information on the monitor screen is "in danger" or not, this passage may perhaps be interpreted as carte blanche to conduct a warrantless seizure. However, in deference to David, (76) the Guidelines are careful to note that justification for a warrantless seizure does not necessarily constitute justification for a warrantless search. (77)

The Guidelines' discussion of consent is perhaps even more liberating (from the perspective of the investigating officer). While recognizing that David reinforces the general rule that searches conducted pursuant to consent are limited by the scope of that consent, the text goes on to note that consent may be granted by third parties such as spouses, parents, employers, and network system administrators. (78) Depending on the factual situation surrounding the use of a particular computer, any of these parties might provide wide - ranging consent for the search or seizure of that computer.

The Guidelines follow this description of general principles with examples demonstrating their application to specific problems. Beginning with the seizure of hardware, the Guidelines offer what is described as the "independent component doctrine." Simply stated, "computer systems are really a combination of connected components"; (79) just because "the government has probable cause to seize a 'computer' does not mean it has probable cause to seize the entire computer system (i.e., the computer and all connected peripheral devices)." (80) The Guidelines note that "it is simply unacceptable to suggest that any item connected to the target device is automatically seizable. In an era of increased networking, this kind of approach can lead to absurd results." (81)

This eminently reasonable doctrine is undercut, however, by the Guidelines' suggested application. It is argued, for instance, that "if an individual engaging in wire fraud printed out thousands of phony invoices on his home computer, it would be reasonable to take the computer, monitor, keyboard, and printer." (82) This statement is offered in a conclusory manner, without any explanation of why (for instance) the monitor or keyboard would be independently subject to seizure.

Next, the Guidelines turn to the problems associated with information itself. This discussion is prefaced with the observation that, compared to the seizure of hardware, "[s]earches for data and software are far more complex." (83) As a threshold matter, the Guidelines correctly note that the federal law governing warrants is textually ambiguous with respect to searches for or seizures of information, (84) but that much of this ambiguity has been reconciled (in favor of the government) by judicial decision. (85) Additional problems include the possibility that privileged or confidential information may be involved, (86) or that expert assistance may be necessary to identify and analyze relevant information. (87)

This portion of the Guidelines is among the most troubling, because it implicates most clearly the tension between the legitimate needs of law enforcement and the individual's right to be protected from an intrusive search or seizure. On the one hand, the government's interest is a weighty one -- the Guidelines argue persuasively that information may constitute contraband, (88) the instrumentality of a crime, (89) or evidence of a crime, (90) and that in any of these cases its discovery might be crucial to the investigation of criminal activity. On the other hand, it is precisely when investigators are engaged in rummaging through the myriad files that a typical user has stored on his computer that his expectation of privacy is most infringed.

The privacy issues are most stark when a single computer houses files belonging to several, perhaps even hundreds or thousands, of otherwise unrelated individuals. This is the problem the Guidelines address next, in a section devoted to searches of networks and bulletin boards. Such a search raises a host of legal problems under the Fourth Amendment. It may also raise practical problems resulting from the possibility that a suspect may not have been specifically identified at an early stage in the investigation, or that the information subject to a warrant is thoroughly commingled with other, irrelevant information. (91)

Despite the intrusion on personal privacy implicit in searches or seizures in these complex situations, however, the Guidelines consistently assert that a carefully drafted, properly executed warrant is sufficient to address most Fourth Amendment concerns. This view is probably correct. For no matter how troubling a search or seizure of computers or computer data might seem to someone whose hardware or information is targeted, little relief is offered by the large body of case law interpreting the Fourth Amendment.

The Guidelines and the Fourth Amendment

An excellent example of how courts can be expected to analyze Fourth Amendment concerns with respect to computers may be found in United States v. Maxwell. (92) In a case involving the transmission of child pornography over a computer network, the court prefaced its opinion with the following observation:
[W]e must decide whether the existing law of search and seizure can be appropriately applied to the search of information stored in computers, and to the seizure of electronically retrievable evidence that some contend exists only in "cyberspace." We find the current body of law is well - equipped to deal with this unique scenario. (93)
Responding to the appellant's contention that the seizure of incriminating evidence from his personal computer and from other computers attached to the network violated the Fourth Amendment, the court's analysis began with the proposition that "the key issue is whether the search was reasonable under the totality of the circumstances." (94) Furthermore, "[t]he underlying issue in a case involving an asserted violation of the Fourth Amendment is whether the person making the claim has a legitimate expectation of privacy in the invaded place." (95) Such an expectation will be evaluated by application of a two part test: "First, the person must exhibit an actual (subjective) expectation of privacy[, and second,] that the individual's subjective expectation of privacy is one that society is prepared to recognize as reasonable (objective)." (96)

The court agreed with the appellant (and disagreed with the trial court) that Maxwell had demonstrated a reasonable expectation of privacy in the computer files stored on various computers attached to the network. The opinion goes on, however, to examine whether the violation of the appellant's expectation of privacy was reasonable given the totality of the circumstances. The court reached varying results, depending on the precise nature of the data seized. Some of the information (taken from a particular "mailbox," or directory, located on a networked computer) was found to have been properly seized pursuant to a lawful warrant, issued in response to an adequate showing of probable cause. (97) The warrant was found to be defective with respect to other information (taken from a separate directory), but the evidence was still admissible at trial under the "good faith exception" to the exclusionary rule. (98) Finally, the appellant's argument that the seizure of data stored in his personal computer was illegal (because the warrant was too broad to meet the Fourth Amendment's particularity requirement) also failed; the court held simply that "[g]iven the nature and complexity of the case, we are convinced the search authorization described with sufficient particularity the items to be seized." (99)

The Fourth Amendment analysis presented in the Maxwell opinion is largely consistent with that offered within the Guidelines. For instance, the Guidelines seem to accept that there is a reasonable expectation of privacy in the content of computer files, as evidenced by the heavy emphasis on obtaining and executing warrants. (100) In this respect, the Guidelines, and the Maxwell opinion, may be even more solicitous of privacy than is actually required by law. An argument can be made that data stored on networked computers are revealed to third parties, and thus that any expectation of privacy has been relinquished. (101)

Even if a court accepts that the person challenging a search for computer data can claim a reasonable expectation of privacy, circumstances may be such that the aggrieved individual lacks standing to challenge the search of the media containing that data, or even the seizure of the data itself, if that data resides on a multiuser networked computer. (102) It is ironic that, while the physical location of data may be technically irrelevant to the computer operator in normal use, (103) it may be of overwhelming legal significance.

Another area in which the Maxwell opinion closely parallels the Guidelines' analysis relates to the particularity requirement. The Fourth Amendment directs that a warrant authorizing a search or seizure must "particularly describ[e] the place to be searched, and the persons or things to be seized." (104) Thus, what is commonly described as "the particularity requirement" is actually two independent requirements -- both the place to be searched and the persons or things to be seized must be particularly described.

The court in Maxwell was primarily concerned with the question of whether the search authorization at issue described the items to be seized with sufficient particularity to meet the requirements of the Fourth Amendment. It is interesting to note the language employed by the court in deciding that the authorization was sufficiently particular: the instrument was held to be sufficient "[g]iven the nature and complexity of the case." (105)

This short phrase neatly encapsulates the situation faced by investigators in many cases of computer searches and seizures, and the Guidelines are not blind to this fact. In deference to established Fourth Amendment principles, the Guidelines note that "the warrant cannot include items for which there is no probable cause .... Thus, generic classifications in a warrant are acceptable only when a more precise description is not possible." (106) However, "given the nature and complexity" of a typical search for computer data, a strictly limited warrant may nonetheless justify a broad seizure.

For example, the Guidelines cite the situation faced by investigators in United States v. Henson. (107) Authorized to search for information regarding an elaborate odometer roll - back scheme, the agents were confronted with a significant volume of data. Rather than sort the data at the scene of the search they elected to seize it all and search for the relevant information at a more convenient time and place. The court held the seizure to be reasonable under the circumstances. (108) Moreover, the "nature and complexity" of a computer search or seizure may give rise to a reasonable basis for broad seizure of more than information -- it may extend to the seizure of hardware, printed documentation, and handwritten notes. (109)

The Maxwell decision also grappled with the problem of describing with particularity the place to be searched. And once again, this question is also raised within the Guidelines. When computers are linked together as part of a network, and when a single user's files may be stored within different directories physically located on different machines, it may be difficult for an investigator to set out in a warrant application precisely where evidence might be found. Recall that in Maxwell, the Fourth Amendment analysis led to different results when target files were located in different directories. (110)

In this regard, the authors of the Guidelines display remarkable savvy, (111) noting that "computers create a 'virtual' world where data exists 'in effect or essence though not in actual fact or form.' " (112) Leaving aside the philosophical implications, the Guidelines take a pragmatic approach to this problem; their principal concern is in resolving the tension between the "virtual" nature of computer data and the legal requirement that a warrant be issued by a court within the district where the search will occur. (113) But according to the Guidelines, the problem may easily be solved whenever investigators are aware of the additional locations by the simple expedient of obtaining a second warrant; (114) in those cases where there is reason to think that data is stored at another location but that location is unknown, the magistrate should be informed of the fact and urged that a sufficiently broad warrant is reasonable under the circumstances. (115)

Before leaving this discussion of Fourth Amendment principles and their application to the Guidelines, two other points should be briefly mentioned. The first of these is the Guidelines' analysis of "no - knock" warrants. In general, officers executing a warrant must announce their purpose for intruding upon the premises to be searched, and reveal their authority for conducting the search. (116) "This knock - and - announce requirement, although statutory, has been incorporated into the Fourth Amendment." (117) There are established exceptions to this rule, however, including instances in which an officer reasonably believes that compliance will lead to the destruction of evidence. The Guidelines suggest that the mere fact that the evidence is digital in form creates such a likelihood in practically every computer search. (118) While conceding that the possibility that evidence may be destroyed is not by itself sufficient to defeat the knock - and - announce rule (and that the rule serves a valuable safety function, especially if the suspect is presumed to be armed), some commentators have nevertheless inferred from the tone of the text that the Guidelines advocate the use of no - knock warrants in a wide variety of cases. (119) If issuing magistrates can be convinced that the use of no knock warrants is "reasonable under the circumstances", the requirements of the Fourth Amendment are likely satisfied.

The second point relates to an issue that is given only passing mention in a footnote within the Guidelines: "Experts can often recover data which has been deleted or overwritten." (120) At first blush, this comment may seem to be the stuff of spy novels, but in fact it is a very real consideration. Already, at least one defendant has been sentenced to death for kidnapping and murder, convicted in large part on the basis of ransom notes recovered from deleted computer files. (121) And again, there is no reason to think that the recovery of deleted files is at all repugnant to the Fourth Amendment; an analogous situation was present in United States v. Scott, (122) in which IRS agents reassembled documents that had been shredded into strips only 5/32 - inch wide. Still, it is perhaps somewhat awe - inspiring to consider that deleted computer files, which most users probably assume are truly deleted, may be reconstructed and used as evidence.

If this examination of the Fourth Amendment, the DOJ Guidelines, and the relevance of established doctrines to new technologies has been less than completely satisfactory, perhaps some of the blame may be shifted from this author and onto the subject matter itself. As Laurence Tribe has said:

Our constitutional law evolves through judicial interpretation, case by case, in a process of reasoning by analogy from precedent. At its best, that process is ideally suited to seeing beneath the surface and extracting deeper principles from prior decisions. At its worst, though, the same process can get bogged down in superficial aspects of preexisting examples, fixating upon unessential features while overlooking underlying principles and values.

When the Supreme Court in 1928 first confronted wiretapping and held in Olmstead v. United States that such wiretapping involved no "search" or "seizure" within the meaning of the Fourth Amendment's prohibition of "unreasonable searches and seizures," the majority of the Court reasoned that the Fourth Amendment "itself shows that the search is to be of material things -- the person, the house, his papers or his effects," and said that "there was no searching" when a suspect's phone was tapped because the Constitution's language "cannot be extended and expanded to include telephone wires reaching to the whole world from the defendant's house or office." After all, said the Court, the intervening wires "are not part of his house or office any more than are the highways along which they are stretched." Even to a law student in the 1960s, as you might imagine, that "reasoning" seemed amazingly artificial. Yet the Olmstead doctrine still survived. (123)

A complementary view is expressed by Randolph Sergent:
The Court's approach to the scope of the Fourth Amendment makes it extremely difficult to analyze previously unadjudicated situations. Because the Fourth Amendment balances an individual's claim to privacy against the societal need for crime control and security, "every fourth amendment decision chooses, at the margin, which of these opposing values to prefer, and the doctrine reflects and accommodates that choice." (124)
Thus, it is difficult to say exactly how closely the Fourth Amendment analysis presented within the Guidelines will compare to the case law governing searches and seizures of computers and computer data as it develops over time. On the basis of the abundant authority offered within the Guidelines, however, it seems unlikely that the mark has been missed by much, if at all.

Consequently, this article will proceed under the assumption that the Guidelines generally meet the requirements set out in the Fourth Amendment. However, that assumption does not dispose of two fundamental questions -- whether the protection of computers and computer data offered by the Fourth Amendment is adequate to assure a level of privacy that is "reasonable" in the eyes of the public, and if not, what additional protection may be available?

Private Bits: The Fourth Amendment in the Digital Age

Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Can it be that the Constitution affords no protection against such invasions of individual security? (125)
Given the relative ease with which information may be seized, the potentially sensitive nature of that information, and the almost magical ability to recover information that was long presumed destroyed, the power to search or seize a computer represents a significant tool in the hands of the State; in fact, the State that wields this power may safely abandon other avenues of investigation without losing much. And, of course, power in the hands of the State is power that no longer resides with the individual.

The following section of this article will suggest that the level of privacy in computer data that many citizens are likely to consider "reasonable" is not adequately protected by the Fourth Amendment, as presently interpreted. The sheer volume of personal information that is commonly stored on personal computers and on computer networks, and the sensitivity of much of that information, militates for the strongest possible protection consistent with the state's interest in fighting crime. The procedures prescribed within the Guidelines, while meeting Fourth Amendment requirements, do not meet this proposed higher standard.

Also, this section will survey some of the "extraconstitutional" ways that protection of computers and computer data can be limited in a manner more solicitous of individual privacy. First, some of the methods by which individuals themselves may reassert some of the privacy that has been lost -- especially, public key encryption -- will be mentioned. For lack of a better phrase, these efforts will be described as "guerrilla privacy."

Finally, in spite of (or perhaps because of) the ease with which individuals may defeat a legitimate government interest in searching for evidence stored in digital form, this article proposes a statutory response. It is argued that legislation may be enacted which respects the extraordinary privacy expectations citizens place in their computers, while still responding to the needs of law enforcement.

How Much Privacy is "Reasonable?"

A modern personal computer is capable of storing an immense quantity of information. Even portable computers are commonly available with storage capacities in excess of one billion bytes (i.e., a "gigabyte"). (126) A typical computer user might store hundreds or even thousands of files on his machine. These could include letters, personal logs or diaries, business records (perhaps including trade secrets or client confidences), financial and tax records -- even photographs, works of visual art, or musical compositions. Anything that would traditionally have been recorded on paper, film, or audio tape may now be stored on the hard drive of a computer. Whenever law enforcement officials seize a computer or search its contents, they must be conscious of the fact that the computer may contain deeply personal information, unrelated to the circumstances justifying that search or seizure.

Consider, for example, the case of Steve Brown. Brown operated a computer bulletin board in Cincinnati, which was allegedly used in the distribution of pornography. His equipment was seized by officers from the Hamilton County Regional Computer Crimes Task Force on the same day as the raid on the Cincinnati Computer Connection BBS: (127)

He was at work when his wife called to tell him that police were taking his BBS apart. "I got a sick feeling in my stomach," Brown recalls. "I spoke to the cops on the phone, and they asked me which computer ran the BBS. I told them. Then they asked me where the CD - ROMs were. I told them that too. Then they went to my personal system, which requires a ... password to get in. I explained that it had nothing to do with the BBS. I gave them my password so they could see for themselves. But the guy mistyped it, and he got mad and just said 'Take it.' So they seized that as well. And it's got my finances, my tax records, my whole life in there." (128)
This sort of broad seizure, involving private material unconnected to any suspected criminal activity, is reminiscent of the "general warrants" or "writs of assistance" available to British authorities in colonial times. (129) As described by the Supreme Court in Boyd v. United States, (130) "[t]he practice had obtained in the colonies of issuing writs of assistance to the revenue officers, empowering them, in their discretion, to search suspected places for smuggled goods, which James Otis pronounced 'the worst instrument of arbitrary power, the most destructive of English liberty, and the fundamental principles of law, that ever was found in an English law book'; since they placed 'the liberty of every man in the hands of every petty officer.' " (131) It was the memory of the general warrant and the writ of assistance that led directly to the Fourth Amendment's particularity requirement: "The requirement that warrants shall particularly describe the things to be seized makes general searches under them impossible and prevents the seizure of one thing under a warrant describing another. As to what is to be taken, nothing is left to the discretion of the officer executing the warrant." (132)

Although courts continue to recognize this element of the history of the Fourth Amendment, they have added a potentially crippling gloss to the particularity requirement in certain classes of cases including those involving computers. For instance, in State ex rel. Macy v. One (1) Pioneer CD - ROM Changer (133) (involving the seizure and forfeiture of equipment allegedly used to distribute pornography on a computer bulletin board), the Oklahoma Court of Appeals accepted as axiomatic the proposition that "[t]o ensure that a search does not extend beyond its authorized purpose and that law enforcement officers do not engage in exploratory rummaging through personal belongings, a search warrant must describe with specificity and particularity, the place to be searched and the items to be seized." (134) In upholding the seizure of materials not identified within the warrant, however, the court went on to note that "[a] description is valid if it is as specific as the circumstances and the nature of the activity under investigation permit. The fact that articles outside the scope of the warrant are seized does not necessarily convert it into a general warrant." (135)

There is considerable danger implicit in this sort of analysis. It may be that, in some sense, the general warrants themselves were "as specific as the circumstances and the nature of the activity under investigation" permitted. Crimes such as smuggling or seditious libel (among the crimes which were most often investigated by means of a general warrant (136)) may be extraordinarily difficult to detect and investigate; an effective investigation might require equally extraordinary powers of search and seizure. Still, this justification for wide ranging searches and seizures seems irreconcilable with the Fourth Amendment particularity requirement. As one writer asked (albeit in a different context): "Has our constitutional jurisprudence so devolved as to read into the Fourth Amendment the general warrant and writ of assistance?" (137)

This question may be of great academic interest to scholars and judges. The typical citizen, however, is likely to have more modest concerns. The computer user who finds that some of his data has been properly seized upon probable cause might wonder if the police are then free to rummage through other, unrelated data of a private nature. The user of a computer network might wonder if her electronic mail will be inspected by officials investigating some other user of the network. The business owner who discovers that an employee has stored evidence of a crime on the office computer might wonder if his whole computer system -- and with it, all of his customer accounts and operational software necessary to conduct business -- could be seized by the authorities. In short, citizens might wonder if the level of privacy they expect is what they will actually receive in the event that their computers or computer data is subject to police search or seizure.

It seems that the Fourth Amendment, as interpreted and applied, offers little comfort to individuals in these circumstances. By sanctioning the seizure of whole computer systems (and all data therein) when probable cause exists for perhaps only a few files, the Fourth Amendment standard of "reasonableness under the circumstances" fails to recognize what some users might consider a legitimate degree of privacy. If computer users believe they are entitled to greater protection, they will likely have to find it elsewhere.

"Guerrilla Privacy"

The individual computer user has access to software tools which may render the previous discussion, as well as the DOJ Guidelines themselves, largely moot. In particular, sophisticated encryption software is readily available on the Internet and elsewhere; by employing such software, the user is able to assure that her data is protected from unau- thorized access. (138)

Encryption has been defined as "[t]he transformation of original text (called plaintext) into unintelligible text (called cyphertext)." (139) This definition falls short of the mark, however, in that it fails to describe clearly what is meant by "unintelligible." Put another way, there is cyphertext and there is cyphertext -- cyphertext may be reasonably easy to decrypt, it may be difficult to decrypt, or it may even be mathematically impossible to decrypt.

The distinction arises from the specific encryption algorithm employed. An algorithm is essentially nothing more than a "recipe," (140) a conceptual description of what a particular program actually does. Several different encryption algorithms have been devised, and each one "scrambles" the plaintext in a different way. For example, it would be an easy matter to simply replace each letter in a text with the next letter in the alphabet (replace 'a' with 'b,' 'b' with 'c,' and so forth). Despite the elegance of its simplicity, this sort of algorithm would have a number of shortcomings. For instance, it does not disguise numbers, punctuation, typographical characters, or spaces. The greatest weakness of such a scheme, however, is its lack of security -- it could be "cracked" with ease.

At the other extreme, the encryption algorithm commonly referred to as the "one time pad" is absolutely secure as a matter of mathematical certitude, assuming that the "key" is secure. (141) Unless the "key" (that is, the password) is available, there is simply no way that anyone -- even assuming infinite computing power and infinite time -- can ever decrypt the encoded material, except by blind luck.

There are several shortcomings of the "one time pad" algorithm (for instance, it requires a key of the same length as the data to be encrypted). (142) Its greatest weakness, however, is that it depends on the security of the key for its unbreakable character. If an individual hopes to employ this method to assure the security of her digital files, she may never reveal the key to anyone who might divulge it. Of course, this fact is no deterrent to the computer user who intends simply to secure the data on her own computer. Often, however, a computer user may want to assure the security of information that is intended to be shared with one or more trusted individuals (as in, for instance, the case of files transmitted by electronic mail). In this case, another encryption algorithm -- one that is secure, but more flexible than the "one time pad" -- will have to be employed.

Several options are available to a computer user in this situation. One example is known as "public key cryptography." (143) This scheme allows the user to generate two keys -- a public key and a private key. The public key is freely distributed, and anyone who wishes to communicate securely with the original user simply encrypts the plaintext with the public key. The information may then be decrypted only with the private key, which the user has kept secret. Data that has been encrypted with public key encryption is not as secure as if a one time pad had been employed, but it is still remarkably secure; it is not unlikely that decoding the encrypted information might take "a top - speed supercomputer as long as several centuries to complete." (144)

From the perspective of law enforcement agencies, the difficulty created by the widespread application of such technologies is obvious: "With ever more secure methods of encryption becoming easier to use, U.S. residents can protect their electronic communications and records so well that they are able to frustrate interception attempts by even the most sophisticated government agencies." (145) The federal government has responded to this risk by suggesting that a "key escrow" system be implemented; such a system would assure that, upon a court order following a particularized showing of need, investigators could gain access to an individual's private key. (146) Several proposals along these lines have been offered, some of them voluntary in nature, (147) others mandatory. (148)

In the current absence of a key escrow system, however, law enforcement officials are forced to carry on as best they can. It is therefore somewhat puzzling that the Guidelines treat the problem of encrypted data as an apparent afterthought. While recognizing that data encryption may give rise to both legal and practical problems, (149) only five paragraphs of text are devoted to analyzing these problems. Legally, the Guidelines note that

[a]lthough an encrypted computer file has been analogized to a locked file cabinet (because the owner is attempting to preserve secrecy), it is also analogous to a document written in a language which is foreign to the reader. As both of these metaphors demonstrate, the authority granted by the warrant to search for and seize encrypted information also brings the implied authority to decrypt: to "break the lock" on the cabinet or to "translate" the document. Indeed, a warrant to seize a car and its contents implicitly authorizes agents to unlock it. (150)
This analysis, although brief, is probably correct. Similarly, the equally short discussion of practical difficulties presented by data encryption is also correct as far as it goes, but appears to be woefully inadequate. The discussion begins by mentioning that the encryption scheme may be "breakable," and that crime lab experts or software manufacturers may be able to decrypt the files. (151) It is certainly possible that this may be the case, but as illustrated above, it is just as possibly not the case. The message the Guidelines offers to the investigator confronted with encrypted files is essentially "hope for the best": "Investigators should not be discouraged by claims that the password 'can't be broken' as this may simply be untrue." (152)

If sheer optimism does not prevail, however, the Guidelines are unable to offer many additional suggestions. Noting that the password may be written on a scrap of paper or in the margin of a software manual, (153) the only additional advice is to pursue the possibility that the password may be obtained from a third person or from the suspect himself. The Guidelines point out that the suspect might be compelled to provide the password in response to a subpoena, perhaps in return for limited immunity. This notion is probably legally sound (although it ignores some of the more subtle Fifth Amendment issues that are arguably involved and appear to remain unsettled, judging by dicta in Supreme Court decisions such as Doe v. United States (154) and United States v. Doe (155)), but one may question how realistic it is to expect that the suspect will not simply "forget" his password.

Legal and technical problems aside, there are deeper issues raised by the subject of encryption that deserve attention. Is the need (whether real or perceived) to take precautions of this sort in order to keep private information out of government hands consistent with the American tradition of liberty? Can a government that inspires its citizens to employ sophisticated encryption software retain its legitimacy? Might the job of law enforcement not actually become more difficult in this climate of distrust? These concerns lead to the suggestion to which this article now turns -- a statutory guarantee of reasonable privacy in computers and computer data.

A Proposed Statutory Response

Although the Fourth Amendment establishes the minimum level of security for personal effects and information tolerable under our Constitution, Congress is certainly free to do more. If one accepts the premise that individuals are entitled to expect the highest degree of privacy in the information stored on their computers, and that the Fourth Amendment does not guarantee that privacy, then the conclusion that additional protection ought to be created by statute has considerable appeal. (156)

Of course, any such legislative response must also weigh the legitimate needs of law enforcement. Although it is true that a computer can contain all of an individual's most sensitive and personal information, it is equally true that the same computer can contain evidence of a crime -- evidence which investigators need if they are to fulfill their duty to the public. The task, then, is to strike the appropriate balance between the individual's interest in privacy and the public's interest in punishing criminal behavior. It is hoped that the following suggestions are sufficiently responsive to each of these competing interests.

Reject the idea that a search for information, with no other independent basis, justifies the seizure of hardware. Citizens have a right to expect that their possessions will not be subject to government seizure except upon probable cause. If computer hardware is the fruit or instrumentality of a crime, the government has a clear right to seize and retain that hardware. When, however, probable cause extends only to the data stored on a computer, it is no more reasonable for the government to seize the computer than it would be for the government to seize a citizen's home simply because paper records constituting evidence of tax evasion were stored somewhere within the home.

The Guidelines maintain, however, that the circumstances surrounding a search for information on a computer often require seizure of hardware -- either because the specific hardware involved is necessary to gain access to the information, (157) or because of the volume of data and its commingling with other data. (158) The former case, when demonstrated by adequate evidence, would certainly justify the addition of needed hardware to a warrant authorizing the seizure. The latter case, however, constitutes little more than the claim that a general warrant, authorizing investigators to rummage through an individuals "papers," is typically "reasonable under the circumstances."

In response, Congress should amend the rules governing the issuance of search warrants (159) to explicitly proscribe the seizure of computer hardware, without independent warrant authority supported by probable cause. Such a rule is necessary if warrants for computer data are to be meaningfully distinct from general warrants. The rule would also assure that businesses and individuals who rely on their computers (and lawfully possessed data) are not subjected to unreasonable hardship.

Do not assume the existence of exigencies without specific evidence. In a communiqué delivered to the ABA Criminal Justice Section, representatives of the Electronic Frontier Foundation made special note of the growing belief that the volatility of computerized information creates a presumption of exigency. (160) "First, we are not aware of any data showing that a device like a degausser is frequently or commonly used to destroy evidence during a search. Second, the only data that can be destroyed 'at the flip of a [power] switch' is the relatively small amount of information in the internal memory (RAM) of a computer, and not information stored on an internal hard disc. Information is only contained in RAM when a computer is being actively operated, and then only information about the current application the computer is running." (161)

The Guidelines suggest that "no - knock" warrants may be justified by the ease with which computer data may be destroyed, but recognize that proceeding in such a manner is potentially dangerous. (162) It is interesting to bear these conflicting concerns in mind while considering the following:

Secret Service hacker raids tend to be swift, comprehensive, and well manned (even overmanned); agents generally burst through every door in the home at once, sometimes with drawn guns. Any potential resistance is quelled swiftly. Hacker raids are usually raids on people's homes. It can be a very dangerous business to raid an American home; people can panic when strangers invade their sanctum. Statistically speaking, the most dangerous thing a police officer can do is to enter someone's home. (The second most dangerous thing is to stop a car in traffic.) People have guns in their homes. More cops are hurt in homes than are ever hurt in biker bars or massage parlors. (163)
In short, it is in the interest of safety for the officers executing a warrant to identify themselves and announce their intentions. It is also consistent with the freedom from unreasonable government intrusion guaranteed by the Fourth Amendment to all citizens. Therefore, this practice should be followed in all but the most extraordinary circumstances. The mere fact that computer data may be destroyed ought not be justification, without more, for a "no - knock" warrant, and Congress ought to enforce this policy by means of a statutory exclusionary rule. Exceptions must be available, of course, in cases presenting positive evidence that a particular target is especially equipped to destroy evidence quickly and easily (in which case the warrant should explicitly authorize an unannounced entry), or when the officers executing a warrant encounter circumstances leading to a reasonable belief that evidence is being destroyed. Exceptions should not be routinely granted, however, simply because the evidence to be seized resides on a computer.

It is reasonable to recognize that "data space" is not congruent with physical space, and modify the rules governing issuance of warrants accordingly; however, the privacy of innocent third parties must be respected. The Guidelines identify a legitimate and difficult problem surrounding the search for evidence in a networked environment -- data may be stored on another computer, perhaps even in a geographically distant location, as easily as it may be stored on the user's own computer. (164) This fact conflicts with the present requirement that a warrant be issued by a magistrate or judge in the judicial district in which it will be executed. (165)

In a search for digital information, this requirement places an unreasonable burden upon law enforcement personnel. It is not difficult to imagine circumstances in which the police could not possibly know where information is stored in physical space until a search of the target's computer had already occurred. The law should be changed to allow more flexibility to investigators in such a case.

It is important, however, that any such change in the law is properly protective of innocent third parties. In a networked environment, hundreds or even thousands of users may store their data in private "spaces" located on the same physical machine. These innocent parties must be assured that their private data remains private. If the target of the search has been assigned exclusive use of one or more directories on the network computer, the search should be strictly confined to the information contained in those directories. If the target's files are commingled with the files of other users, it may be more appropriate to proceed by means of a subpoena (served upon the network administrator, who has no incentive to destroy evidence), subject to close judicial oversight, rather than by means of a warrant.

Promptly return seized hardware and data that is not needed. The Guidelines devote several pages to the issue of returning seized property that is not needed in the continuing course of an investigation. (166) Although slightly different issues are raised with respect to the return of hardware and data, the Guidelines generally recognize that unneeded material should be returned "as soon as practicable." (167) It is not clear, however, that law enforcement personnel are always prompt in doing so. In Steve Jackson Games, for instance, the district court noted that "it was months ... before the majority of the seized materials was returned." (168) Even this delay was short, compared to the time that some individuals have had to wait for the return of their property. (169) The Guidelines clearly do not sanction the retention of unneeded property for months or years:

Agents and prosecutors must remember that while a computer may be analogous to a filing cabinet for the agents who search it, it is much more to most computer users. It can be a data processor, graphics designer, publisher, and telecommunications center. Courts will no doubt recognize the increasingly important role computers play in our society, and the public's extensive reliance on these computers to support the way we live and do business. (170)
Still, the admonition that property should be returned "as soon as practicable" lacks the necessary specificity to assure individuals that the government will not retain unneeded material on a timely basis. A specific statutory time limit (subject to extension for good cause shown) should be imposed; the presumptively reasonable period allowed for preliminary investigation should be established on the basis of testimony from law enforcement specialists and private computer forensic experts, but probably should not exceed two weeks.

Establish procedures for assuring that copied data is admissible in court (and, consider whether deleted data should be admissible as a matter of course). Another problem, closely related to the previous one, arises from the status of digital data as evidence. Because information in digital form may be altered without a trace, its authenticity as evidence is always subject to question. This is one reason why officials may be loathe to return seized hardware and retain only copies of the data; it is much easier to argue that evidence is authentic when it has been left untouched on a hard drive or other storage medium. The Guidelines suggest the following approach:

[U]sing careful scientific protocols and keeping exact records, an analyst can make printouts from the hard drives to have "original" records to admit in court. Following the same process, the analyst can then make a mirror image (or "bit stream") data copy of the hard drives for later analysis. Before returning the computers, the agents should explain the printout and copying process used, and give the defense an opportunity to object to the integrity and admissibility of the printouts and copies at that time. Best practice is to ask the defense counsel to sign an explicit waiver of those issues at the time the computer is returned and to stipulate that printouts and electronic copies will be admissible .... If the defense refuses to concede the accuracy and admissibility of the printouts and copies, the government should keep the computer. (171)
Not only does this passage describe a policy which comes perilously close to extortion (the computer will only be returned if the defense relinquishes any right to challenge the authenticity of the evidence -- which may, after all, have been altered while the computer was in government hands), it is unnecessary. The "bit stream" data copy mentioned can easily be authenticated by means of a "digital signature," (172) which employs encryption techniques to absolutely guarantee the integrity of the data and may include incontrovertible proof of the time and date on which the copy was made. Congress should modify the rules of evidence to provide that a data copy, accompanied by a digital signature, is admissible as conclusive evidence that the information has not been altered since the time indicated by the signature. To further assure the integrity of the evidence, any such copies should be made in the presence of defense counsel (accompanied by independent experts, if necessary) or a neutral magistrate. This practice would accomplish the same goals as the passage cited from the Guidelines, but would still preserve the right of the defense to challenge the handling of the evidence prior to making the copy (without allowing the government to effectively hold the computer itself hostage).

Congress should also examine the propriety of using deleted data in evidence. It seems inappropriate to allow the presentation of deleted information in those cases where mere possession of the information (for instance, pornography or pirated software) is the crime under investigation. These cases are distinguishable from situations in which the information is evidence of some other crime; it may not be troubling to allow the use of (for example) deleted ransom notes, or financial records indicative of fraud. When possession of information is itself a crime, however, there is a grave risk of injustice in allowing deleted data to be used against someone who may simply have downloaded the offending material accidentally, or even received it in unsolicited electronic mail.


The suggestions offered above are not intended to be exhaustive, and in many cases ought to be considered by the legislature in a deliberative process involving the solicitation of expert opinion. The technical issues surrounding computers and computer data are at least as complex as the legal issues, and subject to rapid change.

The key point, however, is that the law must examine the fundamental difficulties presented by the proliferation of computers throughout society. Although this article has offered a very different perspective in some regards than that embodied in the DOJ Guidelines, it shares with that document a respect for the challenge that computers represent to our system of criminal justice, and to the men and women charged with enforcing the law.

It is also important, however, to recognize that computers present a challenge to our traditional notions of privacy and that privacy is a crucial element of our culture:

[I]n the United States, we do not practice what we preach. We claim that we have religious, political, sexual, and racial freedom, but we do not. If we really had that freedom, then maybe we would not need so much privacy. Regardless of what the laws state, people's lives would become intolerable if others knew certain information. Democratic voting policies for political candidates illustrate the point. Why secret ballots? Is it because people are afraid of their votes, because some would prefer to say one thing in public and act another way in private, or because of the fear of pressure being applied to individuals if their voting patterns could be established? The answer is probably "all of the above." Similar situations arise in all aspects of life. (173)
The Fourth Amendment speaks to the need for privacy, but perhaps it does not go far enough. If that is the case, we must look to Congress to bridge the gap.

Last updated Thursday, October 17, 1996
Copyright© 1996 Roderick T. McCarvel
Created with the help of HTML Writer version 0.9 beta 4a.

rod@seanet.com

Return to Law (And Other Curiosities) Home Page