home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
miscpub1
/
effss.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
35KB
|
596 lines
Article 8 of comp.org.eff.news:
Xref: vpnet comp.org.eff.news:8 comp.org.eff.talk:868 misc.legal:1503
Path: vpnet!tellab5!laidbak!ism.isc.com!ispd-newsserver!rpi!usc!elroy.jpl.nasa.gov!decwrl!world!eff!mnemonic
From: mnemonic@eff.org (Mike Godwin)
Newsgroups: comp.org.eff.news,comp.org.eff.talk,misc.legal
Subject: Less intrusive, more efficient searches and seizures
Summary: Need suggestions in response to Virus Conference paper
Message-ID: <1991Apr3.161113.21048@eff.org>
Date: 3 Apr 91 16:11:13 GMT
Followup-To: comp.org.eff.talk
Organization: The Electronic Frontier Foundation
Lines: 577
Approved: mnemonic@eff.org
Mitch Kapor and I submitted the following paper to the
Fourth Annual Computer Virus and Security Conference in
New York earlier in March. Since then, discussions of the paper
have led to two main lines of feedback: a) law enforcement
needs *technical* guidance about gathering computer evidence
without being overinclusive, yet meeting the requirements of
the rules of evidence, and b) civil-liberties and law-enforcement
needs converge on the need for less intrusive searches, since
LE would like to be able to search efficiently and not have to
scan whole hard disks for information.
In the interest of being able to develop these technical guidelines,
which should supplement and help implement the legal guidelines
discussed in the paper, we publish the paper here, and ask for your
responses.
---------------------------------------------------------
Civil Liberties Implications of Computer Searches and
Seizures:
Some Proposed Guidelines for Magistrates Who Issue Search
Warrants
Submitted by:
Mitchell Kapor, B.A. Yale (1971), M.A. Beacon College (1978)
President, The Electronic Frontier Foundation
Mike Godwin, B.A. University of Texas at Austin (1980), J.D. (1990)
Staff Counsel, The Electronic Frontier Foundation
I. Introduction.
We are now about a decade and a half into the era of affordable
desktop computers. Yet for most people--and especially for the legal
community--the civil-liberties implications of this new consumer
technology have only barely begun to register. Only by acquiring a
knowledge of the new technology, of its uses, and of its importance to
traditional civil liberties can we guarantee the protection of those civil
liberties in the future.
Currently, the Electronic Frontier Foundation (EFF) is focusing
on two major aspects of this failure of the law-enforcement
community to fully incorporate civil-liberties awareness in its
investigations of computer-related crime:
1) When law enforcement officials lack understanding both of
the new technology and--just as important--of how it is normally used,
they simply cannot conduct the discretion-less, "particular" searches
and seizures required by the Fourth Amendment1 when those searches
and seizures involve computer equipment and data.
2) The electronic conferencing systems offered by computer-
based electronic bulletin-board systems (BBSs), commercial
information services, and noncommercial computer networks--which
may, to various degrees, be subject to law-enforcement searches and
seizures--have created an environment for some of the most vigorous
exercise of First Amendment prerogatives this nation has ever seen.
When law enforcement does not routinely recognize the First
Amendment significance of BBSs and other forms of electronic speech
and publishing, its broad searches and seizures can "chill" the free
exercise of those First Amendment rights.
This paper is adapted from the EFF's response to the American
Bar Association Criminal Justice Section's suggested guidelines for the
issuance of search warrants relating to business records (July 1990)2.
The guidelines seemed to be based in large part on J. McEwan,
Dedicated Computer Crime Units (1989), D. Parker, Computer Crime:
Criminal Justice Resource Manual (1989), and C. Conly, Organizing for
Computer Crime Investigation and Prosecution. Published by the
National Institute of Justice, all three publications were oriented
toward informing law enforcement of the kinds of abuses to which
computer technology potentially lends itself.
But while such a focus may be useful for prosecutors, who may
need to be brought up to speed on the technology, it is not a good focus
for magistrates, who must evaluate law enforcement's claims that
there is probable cause for particular searches and seizures in particular
cases. For example, it may be useful for prosecutors to know that "the
data in the storage device or media can be erased, replaced with other
data, hidden, encrypted, modified, misnamed, misrepresented,
physically destroyed, or otherwise made unusable."3 But this does not
mean that the magistrate should always find probable cause to believe
that a particular computer owner or operator has done so, and then
authorize a highly intrusive and disruptive seizure of a BBS so that
investigators can do a low-level search for hidden or encrypted data.
Similarly, the fact that a clever hobbyist can find criminal uses
for all sorts of equipment does not create probable cause to believe that
every piece of electronic property that could conceivably be used in any
type of computer crime -- or that could conceivably be evidence in
some type of computer crime -- should be seized in every
investigation.4
Moreover, the kind of exhaustive listing of potential computer-
crimes and crime techniques in these references, together with their
instructive but not particularly representative anecdotal evidence,
cannot help but give both law-enforcement agents and magistrates the
impression that BBSs and similar systems are likely to be used for
computer-related crimes of various sorts.
Our criticism of the original ABA Criminal Justice Section
suggested guidelines was basically threefold:
1) There was no guidance to the magistrate as to when the
computer or related equipment should not be seized, either because it
is not necessary as evidence or because such a seizure would intolerably
"chill" the lawful exercise of First Amendment rights or abridge a
property owner's Fourth Amendment rights.
2) There was inadequate recognition of the business or
individual computer owner's interest in continuing with lawful
commercial business, which might be hindered or halted by the seizure
of an expensive computer.
3) There was no effort to measure the actual likelihood that
investigators would find computers equipped with such justice-
obstructing measures as automatic-erasure software or "degausser"
boobytrap hardware, the presence of which might justify a "no-knock"
search and seizure, among other responses.
Section II of this paper, infra, contains the EFF's general
comments on the suggested guidelines. while Section III contains our
amended version of those guidelines.
II. Comments on Proposed Guidelines on Searches and Seizures
A. Searches and seizures of computers used for publishing or
electronic bulletin boards.
While the same legal principles apply to searches and seizures of
computerized records as to other records, when the search is of records
on a computer used for publishing or for operating an electronic
bulletin board system (BBS), the need for particularity is heightened
since the material to be searched may be protected by the First
Amendment. Particularity is also needed because First Amendment
rights of association and statutory rights of privacy may be impinged by
seizure of electronic mail or other private and third-party
correspondence.
Also, seizure of a computer used by a publication or for running
an electronic bulletin board system (BBS) may violate the First
Amendment by acting as a prior restraint on future speech and by
interfering with the rights of expression and association of the operator
and users of the system.
B. No-knock entries because of risk of destruction of data.
We believe the concern with possible destruction of data,
whether stored internally or externally, is overstated in the proposed
commentary. Such a concern can justify a "no-knock" entry only in
rare circumstances on a strong factual showing by law enforcement
personnel. First, we are not aware of any data showing that a device
like a degausser is frequently or commonly used to destroy evidence
during a search. Second, the only data that can be destroyed "at the flip
of a [power] switch" is the relatively small amount of information in
the internal memory (RAM) of a computer, and not information
stored on an internal hard disc. Information is only contained in RAM
when a computer is being actively operated, and then only information
about the current application the computer is running.
Thus, in order for a no-knock entry to be warranted, there must
be credible evidence presented to the judicial officer either that (l) it is
likely that the suspects have a device like a degausser by which data
will be destroyed, or (2) the computer user will be using the computer
for illegal purposes at the time of the search, e.g., when a warrant is
sought at the moment a telephone tap demonstrates that computer
user is in the act of using the computer to illegally access a computer
database without authorization.
C. Searches and seizures when the computer is used for electronic
communications (e-mail).
E-mail and other stored electronic communications are protected
by the Electronic Communications Privacy Act, 18 U.S.C. 2701-2711. E-
mail should thus be protected from search and seizure, unless there is
probable cause to search and seize a specific electronic communication.
Accordingly, if a search is likely to take place of a computer which
provides an e-mail service to users, such as most BBSs, the affiant
should inform the judicial officer of this possibility so that the judicial
officer can establish procedures to ensure that the officers executing the
warrant do not view e-mail for which no probable cause exists, and to
ensure that the BBS computer is not seized unnecessarily as this will
prevent the authorized access of users to their e-mail.
D. Search vs. seizure
We suggest that the commentary make a stronger distinction
between the factors applicable to searches of computers, and those
which demonstrate that the seizure itself of a computer or of discs is
warranted. Because of this, we propose that several of the paragraphs
be rearranged.
E. Seizure of computer discs.
Often, warrants have provided for the wholesale seizure of all
computer discs, without any requirement that the officers executing the
warrant review the data contained on each disc and seize copies only of
relevant files. Because of the voluminous amount of materials that
can be stored on a computer disc, such a seizure is often equivalent to a
prohibited general search, as it permits the seizure of a great many files
for which there is no probable cause to seize. The commentary does
mention the possibility of establishing a procedure to ensure that not
all files on a disc are seized, but we believe this should be further
emphasized.
We believe that that only in the situation where an entire
organization is permeated with fraud or other misconduct is the
wholesale seizure of computer discs appropriate. In all other
circumstances, the search of the computer discs for seizable data should
be conducted on the organization's premises. While this type of on-
premises search may be time-consuming, the same exact procedure is
followed when officers executing a warrant are searching through
hard-copy files for seizable material. The judicial officer should allow
the wholesale seizure of discs and a search off-premises of these discs
for seizable material only if the affiant can present specific factors
which demonstrate a necessity for an off-premises search. Further, if
the judicial officer does permit an off-premises search of the computer
discs, the warrant should require that such a search take place promptly
(presumptively within a matter of days), and that the officers executing
the warrant then promptly copy only the relevant parts of the discs and
immediately return the originals to the owner or custodian.
The citation to Voss v. Bergsgaard, 774 F.2d 402 (10th Cir. 1985),
does not support the proposition it is cited for, in that it suggests the
description there was sufficiently particular when in fact the Court held
the warrant unconstitutionally overbroad.
F. Seizure of computer where isolated information or records stored on
the computer is the object of the search.
While the seizure of a computer should be authorized when the
computer is the instrumentality of a crime, in most other
circumstances, where officials seek isolated information or records
stored on the computer, seizure should not be authorized. In the first
place, such a seizure would violate the particularity requirement as
many non-seizable records would be seized. Secondly, the seizure may
force a halt to legitimate business operations.
In such circumstances, the judicial officer should require that the
search of the computer hard drive take place at the organization's
premises, and that the officers executing the warrant make copies only
of the seizable files or data.
III. Revisions to Business Record Guidelines and Guideline
Commentary
The original ABA Criminal Justice Section Suggested Guideline
appeared in the form of a two-paragraph "Guideline" articulating the
general principles underlying Constitutional searches and seizures of
business records, followed by four pages of "Commentary" laying out
the legal issues raised by business-record searches and seizures, with a
particular focus on computer-based records. We prepared suggested
modifications to the guideline and to the commentary which
incorporates the discussion in Sections I and II.
A. As to the guideline, the first two paragraphs read as follows:
As is the case generally, the description for searches and seizures
of business records should be so definite that it eliminates officer
discretion in determining which items are covered, which are
not, and when the search must come to an end. However,
because it is not always possible to meet this standard, the
particularity requirement may be applied with less rigidity than
in other settings. The judicial officer, in assessing particularity,
must determine if the description of the records (whether in
writing or electronically maintained) is as specific as the
circumstances allow -- or, in the alternative, whether the
description is sufficiently specific to prevent the searching party
from unnecessarily examining non-relevant records in order to
find the desired records.
The particularity requirement is most likely to be met when (1)
probable cause exists to seize all the items within a particular
category, as when the entire enterprise is permeated with fraud
or other misconduct, or (2) when the warrant sets out some
objective standard, a limiting feature, that allows the officers to
differentiate between what can and cannot be seized, or (3) when
the application describes as fully as possible, in light of what the
investigators know, what is to be seized, or (4) when the warrant
spells out a method for executing the search that limits the
exposure of non-relevant materials, such as appointing a third-
party monitor.
To this Guideline EFF proposed adding the following paragraph:
"Warrants for computerized records must be drawn narrowly
and with enough specificity to eliminate or minimize the researchers'
discretion and intrusion into other materials stored on the computer.
Seizure of the computer itself, while proper in the limited
circumstances where it is the instrumentality of a crime (as when the
computer is itself a tool directly used to commit telecommunications
fraud), is generally not justified when the object of the search is
evidence stored on the computer, particularly since seizure of the
computer may force a legitimate business to cease operations. Where
the computer being searched is used in the publication or
communication of information, warrants must be drawn even more
narrowly to avoid infringing on First Amendment rights of expression
and association, and seizures of such computers may also violate First
Amendment rights unless the computer is the instrumentality of a
crime."
In the commentary, the additions we suggested are underlined, and at
any point where we suggest deleting some material we have indicated
this by brackets ([]). In addition, our proposal rearranged several of the
paragraphs:
(Beginning after Second Paragraph on p. 39)
When the records are electronically stored in a computer, as is
frequently the situation, the same legal principles apply. [] In most
respects, search and seizure issues in computer cases are like those in
other criminal cases. J. McEWAN, DEDICATED COMPUTER CRIME
UNITS 55-56 (189); CF. D. PARKER, COMPUTER CRIME: CRIMINAL
JUSTICE RESOURCE MANUAL (1989).
When computerized records are sought, they must be described,
as in the case with written records, with enough specificity to eliminate
or minimize the searchers' discretion as to what may be examined and
seized. When the information sought can be made definite (e.g., a
memorandum from sales manager Jones to field agent Smith, dated
March 11, 1980, concerning the sale of certain chemicals), the
particularity requirement is easily satisfied whether the record is in
writing or electronically stored. If it is likely that the record of this
document exists only in electronic form, the particular computer and
storage media should be identified, and the affidavit should be clear
that the searchers have the technical capacity to access the information.
The need for particularity is heightened where the computer to
be searched is used for a newspaper, magazine, electronic publishing or
to operate an electronic bulletin board.5 There are "special restraints
upon searches for and seizures of material arguably protected by the
First Amendment." Lo-Ji Sales, Inc. v. New York, 442 U.S. 319, 326 n.5
(1970). Where the materials to be seized may be protected by the First
Amendment, both the particularity requirement and the probable
cause requirement must be met with "scrupulous exactitude." See, e.g.,
Voss v. Bergsgaard, 774 F.2d 402, 405 (10th Cir. 1985) (quoting Stanford
v. Texas, 379 U.S. 476, 485 (1965) and citing Zurcher v. Stanford Daily,
436 U.S. 547, 565 (1978).
In addition, when a computer used to operate a BBS is searched,
there is significant danger that First Amendment rights of association
and statutory rights of privacy may be impinged by seizure of electronic
mail (e-mail) or other private communications which have no relation
to the alleged criminal activity justifying the search. Seizure and
search of e-mail isgoverned by the procedures of the Electronic
Communications Privacy Act, 18 U.S.C. 2701-2711. Similarly, seizure
of material on a BBS meant for publication or dissemination which is
not related to the alleged crime may violate First Amendment rights of
free expression.
When the affiant describes [] the records to be seized only in
general terms, such as "books, letters, papers, memoranda, contracts,
files, computer tape logs, computer operation manuals, and computer
tape printouts," there is a likelihood that the particularity
requirements have not been met. In such a circumstance, the judicial
officer should question the affiant to see whether any additional
limiting standards -- time period, authorship, transaction, or offense,
for example -- can be established. The more limitations in the affidavit,
the more likely that Fourth Amendment particularity exists.6
In some instances, the affidavit may contemplate so extensive a
seizure of computerized data that a successful search would cripple the
business. Under these circumstances,the judicial officer should explore
with the applicant the feasibility of copying or otherwise acquiring the
information sought without depriving the owner or custodian of its
use. Since the justification for a search is to gather evidence, not close a
business, it is important that the seizure be no more intrusive than
necessary. To this end, the judicial officer may require the applicant to
demonstrate technical expertise or access to such.
One troubling problem arises from the way computerized
records are stored. Because computer discs have such a large storage
capacity, it is common to store unrelated data on the same disc. This
means that a seizure of an entire disc may involve substantial amounts
of information that is not relevant to the inquiry. When the discs are
maintained by an innocent third party, such as a large accounting firm,
the invasion of privacy is compounded, since the relevant discs may
also contain data for other clients of the firm. To protect the rights of
these third parties, special procedures may be necessary.
Similarly, the wholesale seizure of a large number of computer
discs would appear to violate the particularity requirement, and be a
prohibited general search, in a situation where the entire organization
is not permeated with fraud or other misconduct.7 In such cases, the
search of the computer discs for seizable items preferably should be
conducted on the organization's premises. Wholesale removal of discs
for off-premises searches should be authorized only if identifiable
particular circumstances so mandate, and in such case the officers
executing the warrant should promptly copy only relevant parts of the
discs and promptly return the discs to the owner or custodian.
To limit the scope of the seizure and the invasion of the rights of
the third parties, and to protect the owner's rights (and the custodian as
well), the judicial officer should consider (1) appointing an expert to
accompany the law enforcement officers on the search to provide
guidance to them in identifying the named items; (2) directing that all
searches of discs for seizable items be conducted on the organization's
premises, and (3) in situations where an on-premise search of the discs
is not feasible because of specific reasons, establishing a procedure
whereby the relevant parts of the disc may be promptly copied and then
the original returned to the owner or custodian within a reasonable
period of time, presumptively no longer than several days.
The computer itself may be subject to seizure when it is an
instrumentality for the commission of an offense, for example when it
is employed to commit a host of illegal acts: software piracy,
embezzlement, and telecommunications fraud are among these.8 For
a fuller description of offenses committed with computers, see
McEWAN, DEDICATED COMPUTER CRIME, Units 1-5, 38 (1989).
Computers may also serve criminal enterprises by maintaining
databases of, for example, drug distributions or customers for child
pornography. In terms of establishing probable cause and particularity,
the affidavit must, as is generally true, provide reason to believe that
an offense has been committed, and that the object to be seized -- the
computer -- is implicated. The computer should be identified as fully
as possible, i.e., by manufacturer, model number and serial number to
meet the particularity requirement.
Seizure of the computer itself should not be authorized where
information or records stored on the computer are the only object of
the search. Such computer seizures and the attendant seizure of all
data on the computer's hard drive would not meet the particularity
requirement. In addition, as with the wholesale seizure of
computerized records, the seizure of the computer will often make it
impossible for a lawful business to continue operating. If the computer
is used for publishing or communicating information, e.g., if it is used
by a newspaper, publication or for running a BBS, seizure may violate
the First Amendment, because the seizure may act as a prior restraint
on future speech or may interfere with the rights of expression and
association of the operator and users of the system.
Because a computer is actually a system of several parts, the
affidavit should specify what exactly is to be seized. An expert may be
necessary in order to ensure a complete and precise listing.
When the affidavit, of necessity, employs technical language to
explain the offense involved, such as "patching a long distance phone
call to avoid paying the toll," See Ottensmeyer v. Chesapeake and
Potomac Tel. Co., 756 F.2d 986 (4th Cir. 1985), the affiant's credentials,
training, and education in computer sciences should be set forth so that
the judicial officer has a basis for evaluating the analysis and
interpretation in the affidavit. In unusual situations when the judicial
officer has difficulty comprehending the nature of the offense alleged,
or questions the expertise of the affiant or the affiant's witnesses, the
judicial officer can summon an expert witness to provide additional
testimony. Ordinarily, however, the procedure is to require the affiant
to further supplement the affidavit, or attempt to rewrite it to meet the
judicial officer's objections. The judicial officer may also require an
expert to accompany the affiant in order to insure that the seizable
items are properly identified and removed in a reasonable manner to
avoid injury to property, [] needless exposure of unrelated records, or
infringement of First Amendment rights. In Ottensmeyer, 756 F.2d at
986, an expert accompanied the searching party. Cf. De Massa v.
Nunez, 747 F.2d 1283 (9th Cir. 1984) (special master appointed to
supervise the seizure of documents during execution of warrant at
attorney's office); Forro Precision Inc. v. International Business
Machine Corp., 673 F.2d 1045 (9th Cir. 1982) (discussing the role of an
expert during the execution of the warrant).
Because computer systems increasingly rely on complicated
access procedures and may also have the capacity to destroy data when
an unauthorized user attempts to access them there is an additional
need for expertise. The judicial officer should make sure that the
officers executing the warrant have the capacity to make the seizure
without destroying data or damaging property unnecessarily, and thus
may appoint an outside expert to monitor or supervise the execution of
the warrant. The appointment of an expert provides added assurance
that (1) there will not be an inadvertent interruption in the electric
power during data manipulation by the officers that could result in the
loss of information, (2) that if there is a hard disc drive, the heads on
the drive will be "parked" before moving the system to avoid
destroying stored information, (3) that when such equipment as
telephone modems, auto-dialers, and printers are connected to the
computer, they will be disconnected without loss of information, and
(4) that the officers executing the search warrant will not
unintentionally change data while collecting evidence. See generally,
C. CONLY, ORGANIZING FOR COMPUTER CRIME INVESTIGATION
AND PROSECUTION 22 (1989).
IV. Conclusion.
These suggestions were submitted to the ABA through Judge
William R. McMahon of Ohio, who chairs the ABA, NCSCJ committee
on Modern Technology and the Courts. It is the EFF's hope that these
suggestions can also be used as a resource by state and federal
legislatures, by state and federal judiciaries, and--perhaps most
importantly--by the front-line law-enforcement officials and
prosecutors whose job it is to integrate the enforcement of the law with
the preservation of our civil liberties.
1The Fourth Amendment to the U.S. Constitution states that "The
right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon probable cause,
supported by Oath or affirmation, and particularly describing the
place to be searched, and the persons or things to be seized."
2Sections II and III of this paper were originally researched and
written for EFF by Nick Poser, Esq., and Terry Gross, Esq., of
Rabinowitz, Boudin, Standard, Krinsky & Lieberman. Harvey
Silverglate, Esq., and Sharon Beckman, Esq., of Silverglate & Good
reviewed these sections and offered valuable suggestions and
comments.
3D. Parker, Computer Crime: Criminal Justice Resource Manual
(1989), page 68.
4 A "sample" search warrant in Conly, Organizing for Computer
Crime Investigation and Prosecution includes the following
language:
"In the County of Baltimore, there is now property subject to
seizure, such as computers, keyboards, central processing units,
external and/or internal drives, internal and/or external
storage devices such as magnetic tapes and/or disks, terminals
and/or video display units and/or receiving devices and
peripheral equipment such as, but not limited to, printers,
automatic dialers, modems, acoustic couplers, and or [sic] direct
line couplers, peripheral interface boards and connecting cables
or ribbons, diaries, logs, and other records, correspondence,
journals, ledgers memoranda [sic], computer software,
programs and source documentation, computer logs, magnetic
audio tapes and recorders used in the obtaining, maintenance,
and or [sic] dissemination of information obtained from the
official files and computers of the [sic] MCI
Telecommunications Inc. and other evidence of the offense."
Although clearly taken from a warrant drafted for a specific
crime involving MCI, this language is frequently copied almost
verbatim in warrants involving far different crimes. Moreover, the
drafters, perhaps afraid that their language was not sufficiently
inclusive, made sure to add the phrase "such as, but not limited to"
in reference to what qualifies as a "peripheral" for the purposes of the
warrant. One may wonder how such a broad description meets the
"particularly describing" clause of the Fourth Amendment, or how it
limits the discretion of the executing officer as to which property he
or she will seize.
5 There is growing recognition that bulletin board systems (BBSs) are
a form of press. See, e.g., An Electronic Soapbox: Computer Bulletin
Boards and the First Amendment, 39 Fed. Com. L. J. 217, 240 (1988),
citing Legi-Tech, Inc. v. Keiper, 766 F.2d 728, 734-36 (2d Cir. 1985).
6Two problems, unrelated to particularity, may arise with respect to
the seizure of computerized data. [] First, in certain circumstances,
affiants may have specific information that the suspects have devices
by which computerized data may be rapidly destroyed, and in such
cases affiants may seek permission to enter the premises without
announcing their authority and purpose. Affiants may also seek such
permission in cases where it is known that the suspect will be using
the computer for illegal purposes at the time of the search, e.g., when
a warrant is sought at the moment a telephone tap demonstrates that
the computer user is in the act of illegally accessing a computer
database over the telephone lines, as evidence of the crime could be
lost if the computer user shuts off the computer. For an analysis of
the standard for "no-knock" entries in business premises see
Guideline 10.3 infra.
The second problem relates to the time period in which the
computerized data are stored. In addition, unlike written records,
data internal to the system are not likely to be so maintained for long
periods. Although computers commonly have book-length or longer
storage capacity, the typical procedure is to transfer the data to
external storage, typically in the form of a disc or tape. Given the
practice, the judicial officer must evaluate the affidavit with care to
ascertain the likelihood that the data is in the computer and has not
been transferred to a different location or erased. If electronic
communications are maintained on the computer, such as with
computers operating electronic bulletin boards, reference must be
made to the Electronic Communications Privacy Act, 18 U.S.C. 2701-
2711, and the affiants should inform the judicial officer, so that he can
establish procedures to ensure that the privacy of these
communications is protected, and that no communications are
searched unless probable cause exists as to that communication.
7 Generic listings which would permit the seizure of virtually all
computer related materials fail to meet the particularity requirement.
See, e.g., Voss v. Bergsgaard, 774 F.2d 402, 407 (10th Cir. 1985), []
(affidavit held insufficient which described the computer records and
materials to be seized as follows: "One Alpha Micro computer
processing unit, approximately four Alpha Micro computer
terminals, computer printers, and computer manuals, logs, printout
files, operating instructions, including coded and handwritten
notations, and computer storage materials, including magnetic tapes,
magnetic discs, floppy discs, programs and computer source
documents"
8A computer is certainly "property" and hence theoretically might be
subject to seizure if it is forfeitable pursuant to a specific statute
authorizing such forfeiture, e.g., the Racketeer Influenced and
Corrupt Organizations Act, 18 U.S.C. $ 1913. Because a computer is
also a communications device much as a typewriter or printing press
is, however, seizure of the computer raises First Amendment issues
not present in other types of forfeitures. For this reason, the better
procedure when dealing with an arguably forfeitable computer
system is not to seize it, which raises First Amendment and prior-
restraint problems, but to allow the government to proceed instead by
subpoena or motion, where the delicate issues can be litigated
without the prior restraint that seizure pendente lite would cause.
--
Mike Godwin, (617) 864-0665 | "You gotta put down the ducky
mnemonic@eff.org | if you wanna play the saxophone."
Electronic Frontier |
Foundation |
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+