Fascinating New Case on Legal Standards for Searching a Remote Computer With Unknown Location

Here’s a fascinating issue that just led to an unusual opinion by Magistrate Judge Stephen Wm. Smith of the Southern District of Texas, who is no stranger to the Volokh Conspiracy for his, um, unusual opinions. The issue: What are the legal standards for the government to search a hacker’s remote computer to determine the hacker’s identity and location? In this case, someone hacked the e-mail account of a victim in Texas and used the e-mail account to access the victim’s bank account. After the unauthorized access to the account was blocked, the hacker set up an e-mail address almost (not not quite) identical to the real e-mail account and tried to wire money to a foreign bank. The location of the hacker is unknown, although there are signs that he is abroad: The most recent IP address resolved to a country in Southeast Asia. In this case, the government applied for a search warrant to remotely access the intruder’s computer and search it for evidence of who the intruder is and where he located.

I. Magistrate Judge Smith’s Denial of the Warrant Application

The application went before Magistrate Judge Smith, who denied the application for a warrant. As his occasional practice, Smith authored a published opinion, forthcoming in the F. Supp.2d., explaining the different reasons why he denied the warrant application. As far as I can tell, he did not ask for briefing on the issue; he just issued the opinion based on his own research. Anyway, here are the three reasons he offers for denying the application:

1) Rule 41 of the Federal Rules of Criminal Procedure generally only authorizes warrants to search property inside the magistrate’s own district. Because the location of the computer that will be searched is unknown, the magistrate does not have sufficient assurance that the warrant will be executed in his own district and therefore that he has authority to issue the warrant.

2) The applicaton does not explain how the government will execute the warrant. Judge Smith notes that executing the warrant requires a two stage search: first, the government will have to first go and find the computer — presumably by sending some sort of virus to the second e-mail account — and second, the government will have to search the computer that is found. Judge Smith concludes that the warrant application fails because it has not specified a sufficiently careful way of conducting the first search sufficient to persuade Judge Smith that the government is really going to search the correct computer and not accidentally interfere with the rights of innocent users. Because the government has not specified the way that it will find the target’s computer, the warrant application is insufficient. (“There may well be sufficient answers to these questions, but the Government’s application does not supply them.”).

3) The warrant application requests permission to monitor the computer for 30 days to monitor some ways in which it is used, including taking photographs of the users to catch them “in the act” of using the machine and therefore identify them. According to Judge Smith, the warrant application is inadequate because this sort of monitoring will amount to video surveillance, and the application does not satisfy the heightened standards for video surveillance adopted under Fifth Circuit precedent.

II. My Analysis

Was Magistrate Judge Smith right or wrong to deny the application? I’m going to focus on the first two arguments, because the third argument (about the heightened standards for video surveillance in the Fifth Circuit) is pretty technical, not specific to the issue of when the government can get a standard to remotely search a computer, and easy for the government to correct. [See the update for an analysis of the third issue.] The first two issues are much more fundamental, so I’ll analyze them in detail. In short, I think Smith’s analysis of these two issues is mistaken. Here’s why.

Issue 1: Extraterritoriality Of Remote Computer Searches

Magistrate Judge Smith’s first argument is that he lacks the authority to issue the warrant because Rule 41 is territorial. Generally speaking, magistrates are only allowed to issue warrants to search property in their own districts. Because the computer isn’t known to be in Smith’s district, he denies the application. I think this is a tricky issue, but that ultimately Smith was wrong to deny the warrant application on this basis.

For starters, Smith is absolutely right about the general principle that he normally only can authorize searches to be executed in his district. But while that’s true, Smith overlooks the really interesting and important issue: If agents in one district install a remote listening device elsewhere, record information remotely, and only review when in the home district, where does the “search” occur? Does the search occur only in the physical place where the computer was located? Or does the search also occur in the home district where the agents first viewed the information? Judge Smith assumes that the search only occurs where the computer is located. Seeing no assurance that the remote computer would be in his district, he denies the application. But I tend to think his assumption is wrong.

Here’s why I think it’s wrong. It often happens that the government makes an electronic copy of information without a person seeing it, such as when agents “image” a hard drive, and only later the agents look through the copy. In those cases, courts always treat looking through the image as a “search” just as they would treat looking through the original. (And correctly so, as I argued in this 2005 article.) As a result, computer searches can occur in two places. If the government searches a home in one district, finds a computer and images it, and then searches the image in another district, then we would say that searches occurred in two districts: First, the district in which the physical search occurred, and second, the district in which the electronic search of the image occurred. So it seems to me that if the computer is located in one place but the agents are in another, the searches will have occurred in both districts, not just one.

This same issue has arisen often in the context of the Wiretap Act. In that setting, most courts have held that the search (in Title III parlance, the “intercept”) occurs in both the district where the call is actually monitored and the district where the agents sit and listen to the call. Because the new decision arose in the Fifth Circuit, it’s worth pointing out the Fifth Circuit precedent, United States v. Denman, 100 F.3d 399 (5th Cir. 1996). In Denman, a judge issued a Title III warrant to intercept communications in its district. The calls were actually intercepted in another district, but the agents listened to the calls in the home district where the warrant was issued. The Fifth Circuit agreed with a Second Circuit precedent that this was fine because the location of a Wiretap Act intercept included the place where the agents listened to the recorded calls:

[I]nterception includes both the location of a tapped telephone and the original listening post, and [] judges in either jurisdiction have authority under Title III to issue wiretap orders. As the Rodriguez court noted, this interpretation aids an important goal of Title III, to protect privacy interests, by enabling one judge to supervise an investigation that spans more than one judicial district.

Now that brings us to a tricky question: If a search occurs in multiple districts, can a single Rule 41 warrant authorize a search in those multiple districts? That’s the rule in the Wiretap Act setting, as seen in Denman. If that same principle applies to Rule 41, then I would think that the application should have been signed and Smith was wrong to deny it on this ground. At the same time, it’s not at all clear that the same “either district suffices” rule applies to Rule 41. I don’t know of any caselaw on the issue. So it may be that Rule 41 has a different rule: Perhaps it only allows the part of the search that is in the home district, and it does not allow the part of the search that is outside the home district.

But even if that is the case, that doesn’t mean that Magistrate Judge Smith was right to deny the application. The reasons why require a bit of underlying Fourth Amendment law to understand. From a territorial perspective, there are three basic “places” that the computer could be located: 1) Inside the home district; 2) In another district; and 3) Outside the territory of the United States. It seems likely that the physical computer that will be searched in this case is overseas; as I mentioned earlier, the last known IP address is traced back to somewhere in Southeast Asia. That’s important because existing caselaw indicates that the warrant requirement does not apply outside the United States. See In re Terrorist Bombings of U.S. Embassies in East Africa, 552 F.3d 157 (2d Cir. 2008). This makes sense of the fact that Rule 41 does not authorize searches outside the United States (with a few narrow exceptions): The government doesn’t need warrants to search outside the United States, so there is no need to ask a magistrate judge to conduct searches there. So if the computer is located outside the United States, the government does not need a warrant to conduct the search of the physical computer: It only needs a warrant to conduct the search inside the United States after the information is retrieved. And even that generously presupposes that the person outside the United States has sufficient contacts to the United States to have Fourth Amendment rights in the first place. It is overwhelmingly likely that a person outside the U.S. has no Fourth Amendment rights in the first place under United States v. Verdugo-Urquidez, 494 U.S. 259 (1990).

In short, it is likely that the only part of the “search” that requires a warrant is the part that will occur in Smith’s home district. Given that, I would think that the proper thing to do is for Smith to issue the warrant. If it turns out that Rule 41 only authorizes the part of the search that occurs in his home district, then the warrant will only authorize the part of the acts that occur in his district. But that’s fine, as the high likelihood is that no warrant will be needed for the rest of the search given that the warrant requirement does not apply outside the United States.

Issue 2: Failure to Specify How the Surveillance Tool Will Be Installed

Now I’ll turn to Smith’s second reason to deny the application: the failure of the application to explain how the surveillance tool would be installed. I think this part of the opinion is wrong because the Supreme Court rejected a very similar argument in Dalia v. United States, 441 U.S. 238 (1979). Dalia involved a Title III warrant to install a bugging device. Like the surveillance device here, the bugging device in Dalia required a two-step search: first, a covert entry to install the bugging device, and second, use of the bug to monitor the place searched over time. The defendant argued that the warrant was improper because it didn’t say anything about the way in which the first step would be executed. The Supreme Court rejected this position:

Nothing in the language of the Constitution or in this Court’s decisions interpreting that language suggests that . . . search warrants also must include a specification of the precise manner in which they are to be executed. On the contrary, it is generally left to the discretion of the executing officers to determine the details of how best to proceed with the performance of a search authorized by warrant — subject, of course, to the general Fourth Amendment protection “against unreasonable searches and seizures.”

Recognizing that the specificity required by the Fourth Amendment does not generally extend to the means by which warrants are executed, petitioner further argues that warrants for electronic surveillance are unique because often they impinge upon two different Fourth Amendment interests: the surveillance itself interferes only with the right to hold private conversations, whereas the entry subjects the suspect’s property to possible damage and personal effects to unauthorized examination. This view of the Warrant Clause parses too finely the interests protected by the Fourth Amendment. Often, in executing a warrant, the police may find it necessary to interfere with privacy rights not explicitly considered by the judge who issued the warrant. For example, police executing an arrest warrant commonly find it necessary to enter the suspect’s home in order to take him into custody, and they thereby impinge on both privacy and freedom of movement. See, e.g. United States v. Cravero, 545 F.2d 406, 421 (CA5 1976) (on petition for rehearing). Similarly, officers executing search warrants on occasion must damage property in order to perform their duty. See, e.g., United States v. Brown, 556 F.2d 304, 305 (CA5 1977); United States v. Gervato, 474 F.2d 40, 41 (CA3), cert. denied, 414 U.S. 864 (1973).

It would extend the Warrant Clause to the extreme to require that, whenever it is reasonably likely that Fourth Amendment rights may be affected in more than one way, the court must set forth precisely the procedures to be followed by the executing officers. Such an interpretation is unnecessary, as we have held — and the Government concedes — that the manner in which a warrant is executed is subject to later judicial review as to its reasonableness.

It seems to me that Magistrate Judge Smith’s argument is pretty much the same argument that was raised and rejected in Dalia. So Smith’s argument seems pretty unpersuasive on this issue, too.

Anyway, it’s a fascinating case. The territorial question is complicated and likely to reoccur, so it’s particularly worth watching. It will be interesting to see if the government appeals the denial, or, perhaps more likely, if the government amends the application to make extra sure they’re covered on the video surveillance issue and then tries again (perhaps before another magistrate judge in the district, cough, cough?). Also, it’s worth noting that the Fifth Circuit is still working on the appeal from Smith’s order on the Fourth Amendment and cell-site surveillance. Oral argument was held on October 2, 2012, and the opinion has not yet issued. The amicus brief I filed in that case is here.

UPDATE: My former colleague and electronic surveillance guru Mark Eckenwiler writes in with his thoughts on Smith’s third argument, which he also finds unpersuasive:

I agree that the application should be analyzed under the video surveillance precedents, given that the FBI is asking to take recurring photographs. However, Magistrate Judge Smith goes astray in applying that precedent.

Specifically, the controlling authority (Cuevas-Sanchez, 1987) holds that video surveillance warrants embody certain requirements borrowed from the Wiretap Act (Title III), including that

the warrant must require that the interception “be conducted in such a way as to minimize the interception of communications not otherwise subject to interception under [Title III]”….

In that case, the Fifth Circuit upheld the warrant used, which the court describes as merely “directing the police to minimize observation of innocent conduct.”

By contrast, Magistrate Judge Smith characterizes Cuevas-Sanchez as requiring that the warrant contain “a statement of the steps to be taken to assure that the surveillance will be minimized ….” (P. 11; emphasis added.) He then finds the affidavit’s promise—that “[s]teps will be taken to assure that data gathered through the technique will be minimized”—inadequate and denies the application on that ground.

This is wrong for two separate reasons. First, as noted, Magistrate Judge Smith invents an additional “steps” requirement nowhere found in the Fifth Circuit test. Indeed, cases construing the Wiretap Act (from which the minimization requirement is borrowed) do not require particular steps to be laid out in the order; rather, the test is whether the actual conduct of the agents is reasonable overall in light of several factors, including the nature and scope of the criminal enterprise and the inferences that may be drawn about a conversation by the identity of the participants. See United States v. Brown, 303 F.3d 582, 604 (5th Cir. 2002). In this regard, Judge Smith also wrongly denies the application on the grounds that the minimization may be imperfect: “there remains a non-trivial possibility that the remote camera surveillance may well transmit images of persons not involved in the illegal activity under investigation.” It is well established that Title III, and thus the parallel standard for video surveillance warrants,

does not “require[ ] government agents to avoid intercepting all nonrelevant conversations when conducting a wiretap investigation.” On the contrary, the practical necessities of conducting a wiretap may, in some circumstances, inevitably lead to the interception of some conversations outside the scope of the wiretap order ….

303 F.3d at 604 (footnote citation omitted).

Second, Judge Smith wrongly focuses on the agent’s affidavit. What matters, however, is the language of the warrant, which (like a wiretap order) need only command generally that minimization occur. It is curious that he does not quote the proposed warrant’s minimization language.

Powered by WordPress. Designed by Woo Themes