pageok
pageok
pageok
Virtual Analogies, Physical Searches, and the Fourth Amendment:
The Tenth Circuit has handed down an opinion on how the Fourth Amendment applies to computers that raises a fascinating clash between virtual analogies and physical facts. The case involves the effect of user profiles and password protection on third-party consent rights, which turns out to be an issue that has a lot of practical importance for computer forensic searches; it's certainly come up in discussions within the government, and now for the first time a court has suggested the framework for an answer. The case is United States v. Andrus.

  Here's the quick version of the facts. The cops think that Ray Andrus may have downloaded child pornography onto his home computer, so they go to his house to do a "knock and talk." Andrus lives with his elderly parents, and Andrus's elderly father is the only one home. The father consents to the cops searching his home and any computers there. The cops take away a computer, and then search it off-site using computer forensic software. They quickly find child pornography.

  Okay, now here's the interesting twist. After the agents discover the child pornography, they learned that the child pornography files were accessible to users only using the son's user profile, which was protected by a password that the father did not know. That is, a user wanting to find the file would need to know the son's password to see it; to another user, the file would be hidden. How could that happen? As I have explained in this article, there are two basic ways to search a computer:
[D]igital evidence searches generally occur at both a "logical" or "virtual" level and a "physical" level. The distinction between physical searches and logical searches is fundamental in computer forensics: while a logical search is based on the file systems found on the hard drive as presented by the operating system, a physical search identifies and recovers data across the entire physical drive without regard to the file system.
  Most users think of computer searches as occuring at the virtual level, because that's the user experience. But computer forensic software works at the physical level: it treats the hard drive as a physical device that contains millions of zeros and one, not as a virtual "box" of information accessed through an operating system. User profiles and most password protection operate only at a virtual level, so a goverment forensic analyst operating at a physical level wouldn't even notice the difference unless he was specifically looking for it.

  Why does it matter? Well, it matters because the answer to the legal question seems to hinge on whether you apply the Fourth Amendment from a virtual perspective or a physical perspective. From a virtual user's perspective, the child pornography was hidden to the father; it was behind a password-protected gate. Under these facts, the father couldn't consent to a search because he would lack common authority over it. From a physical perspective, however, the file was present on the hard drive just like all the other information. Under these facts, the father could consent to the search because he had access rights to the machine generally. It's the classic problem of perspective that I wrote about in the Georgetown Law Journal in 2003: the facts hinge on whether you take a physical (external) or virtual (internal) perspective.

  The Court divided on which perspective to take. The majority (Judge Murphy, joined by the recently-arrived Judge Gorsuch) did not directly address the question of "common authority," relying instead on the "apparent authority" doctrine. Under the apparent authority doctrine, officers can rely on third-party consent if they reasonably conclude that a person has the right to provide consent even if later turns out that he doesn't. This was a sensible move by the majority, because the apparent authority doctrine focuses more on the physical perspective that the officers have rather than a virtual perspective that a user has. Viewed from the physical perspective, the investigators reasonably did not know about the user profile and reasonably believed that the father had rights to consent to that part of the hard drive.

  Judge McKay dissented, and instead adopted a virtual perspective. To Judge McKay, the virtual perspective was the only one that mattered: a computer file was a container, and a password-protected computer file was a locked container. Using forensic software to look at a computer from a physical perspective was therefore avoiding the virtual locks. Judge McKay argued that officers should not be allowed to rely on the apparent authority from the physical perspective without first making an inquiry into whether there might be password protection of some kind from a virtual perspective.

  I think the majority is probably right, but it's a tremendously interesting case either way. How do you measure the reasonableness of a belief when understandings of what computers are and how they work are so different among typical users and forensic analysts? Should the law follow the understandings of the experts who understand the techology or the general users who don't?

  Thanks to Howard for the link.

Related Posts (on one page):

  1. Another Clash Between Virtual And Physical Perspectives in Internet Law:
  2. Virtual Analogies, Physical Searches, and the Fourth Amendment:
David Chesler (mail) (www):
What do the existing analogous physical 4th Amendment cases say about locked-away parts of things that are generally under common authority?

Not so much the son's separate apartment within the big house he shares with his father, but the locked box he's put in the steamer trunk that father and son keep in the living room and both use for storing various odd items? If the father consents to a search of the steamer trunk, is he also consenting to a search of that portable volume which is enclosed by both the steamer trunk and the safe box? (Assume the safe box has a level of authority comparable to the disk drive, for instance it has a cypher lock, and the police have a device which can sequentially [and thus non-destructively] punch every combination in turn until the box opens.)
4.26.2007 2:35pm
Mark Seecof (mail):
I can't add much right here to your analysis of the legal question (though I intend to think about it!), but I think each user should encrypt his files (perhaps the operating system could do so automatically by default, so even unsophisticated users would have encrypted files). If that were done, the next inquiry might be whether the police could retain encrypted files they had seized under apparent authority, based on suspicions about them.
4.26.2007 2:39pm
PDXLawyer (mail):
I don't do criminal law, but it seems to me that "apparent authority" in this case can only be a fiction. Its akin to saying that the father had "apparent authority" over the contents of the son's locked safe because the *police* have expert safecrackers. The father *could* have accessed the computer on a physical level if he had the requisite skills, but all that proves is that no privacy protection is foolproof.

Can defendants in unauthorized access cases use this reasoning against the government? That is, if it is possible to circumvent password protection, does that mean that any access achieved that way has been implicitly consented to? Somehow I doubt that'd fly too far.
4.26.2007 2:41pm
Mark Seecof (mail):
You know, this case can be analogized to Kyllo v. United States (the police spied through dwelling walls with infrared viewer, Supreme Court ruled 4th Amendment violation).

Kyllo stands for the proposition that the common man's notion of what will prevent snooping (e.g., the opaque walls of his dwelling) supersedes (at law) the experts' understanding of the problem (that common house walls are not opaque to infrared imaging devices). So one could argue that the common man's notion of restricting access to his computer files should override (at law) the experts' understanding that "virtual" protection will not fence out "computer forensics tools."
4.26.2007 2:49pm
Bret Cohen (mail):
The problem I see is, even in applying the apparent authority doctrine, which law enforcement officers need to "reasonably conclude" that they had consent to search the entire computer? If it's the officer or detective who arrived on the scene to confiscate the computer, the perhaps they could make this reasonable conclusion. But if it's the forensic technician, who at least should be aware that a computer shared by multiple users could or does have multiple profiles, then would that technician "reasonably conclude" that they had authority from one user to search the entire computer? I think such a ruling could have dangerous consequences, encouraging willful blindness when the confiscating officers hand the computer over to the technicians. With a wink-wink and a nod-nod, they can say, "oh, we got permission to search this computer," without mentioning that the computer was jointly used, thus sanctioning a complete search under Andrus. Either that, or the officers might not even think to mention that there were multiple users.

There are other contexts in which computer forensic technicians are able to actively screen out material during a search, such as the FBI's use of CARNIVORE's filters. And in any operating system, especially for these specially trained technicians, it's easy to locate and segregate information pertaining to separate user profiles. Admission of evidence under "mistaken officer" searches, like those under apparent authority, are inherently suspect to begin with, as they encourage these "oops, my bad, but we'll admit the evidence" moments. (I worked as a judicial intern this past summer, and saw a case where the police tried to use mistaken identity to justify a search of an apartment for which they didn't have a warrant, only to have it thrown out by the judge when the defendant introduced a picture of his door which had the apartment number clearly marked in large numbers). This decision would seem to add another manifestation of this type of search into the Fourth Amendment doctrine, and it's one we should view with skepticism.
4.26.2007 2:56pm
Stryker:
David,
I think it's much more like, "We always run steamer trunks through a cat scan. We didn't realize there was anything in there that was locked" Which goes to Mark's point that *most* people think that if data is password protected, the password must be given up or cracked to get to the data. The follow up question is WHY do agents use the physical search when a logical search is so much easier? hmmm?
4.26.2007 3:00pm
DJR:
I was thinking the same thing as Mark PDXLawyer. It seems to me that apparent authority is a meaningless fiction when it comes to physical layer searching. It's as if the police ask the father whether they may conduct infrared surveillance of the house (Kyllo) to determine if the son is growing marijuana, without bothering to ask if there are any areas of the house to which the son does not have access. In either case there is simply not enough information to determine whether the father has authority, and the additional required information is readily available.
4.26.2007 3:01pm
Tomm:
How far can the "apparent authority" doctrine go? How much evidence do they need to reasonably conclude that someone has the right to consent?

For example, if I stand next to someone else's car, claim it is mine and permit police to search it, does that allow police to use any evidence they find it?
4.26.2007 3:02pm
DJR:
I like Stryker's analogy better than mine.

"Sir, do you have access to this steamer trunk?"

"Yes I do, along with my son."

"May we search it?"

"Of course. It is unlocked, please proceed. Hey what's that?"

"This is a magnetic resonance imager. This is just how we do these searches nowadays."
4.26.2007 3:05pm
John C (mail):
It seems to me that adopting a "physical" level analysis means that it is impossible for anyone to protect any files on their computer from being subject to a consent search by a co-occupant.

Actually, I suppose you could concoct some scenario in which the son physically locks the computer in a non-shared closet or something everytime he leaves the house, protecting it from being subject to consent. . .but that just demonstrates that this decision is silly, like much of the Court's 4th Amd. search and seizure jurisprudence. Isn't the better answer that people who are denied access to property by the owner cannot consent to the search of the "property" in which access has been denied? That answer is simpler, comports with what most people's expectations of the manner in which to decide the issue, doesn't lead to absurd conclusions, and avoids this sort of willful-ignorance type behavior by police.
4.26.2007 3:10pm
whit:
it's ridiculous to think the father had apparent authority to all the files in the computer.

that would be (among) my first questions to him.

the evidence should be suppressed.

anybody with even a cursory knowledge of computers (and anybody doing a knock and talk for computer forensics evidence should definitely have this knowledge) should know that computers often contained password differentiated information, and one user's consent =/= all users consent.

as for the question about encrypting (why don't child porn offenders encrypt?) ?

because they are idiots. like most criminals that get caught

it's like asking why do burglars not wear gloves when fingerprint evidence has been around for many many years.

i rarely see encryption, let alone strong encryption.

it's frigging publically available, and you would think somebody (especially registered sex offenders on parole etc.) would take the extra step to encrypt files that could land them years in prison

but they don't. cause they are idiots.

it's that simple
4.26.2007 3:13pm
Bret Cohen (mail):
The problem I mention with regard to apparent authority is further exemplified once they find the child porn. So in the search phase, the forensic technicians will be allowed to ignore (perhaps willfully) the separate user profiles relying in relying on the apparent consent. But once they find it, they have to make a case against a defendant. And since it's the computer of both the father and the son, they're going to have to go back and look at the user profiles they ignored in the first place to find on whose partition the child porn appeared. And voila, they "discover" it's on the son's profile, which they couldn't have searched in the first place if they knew of the separate use profiles. Case closed!
4.26.2007 3:15pm
Chuck Jackson (mail):
Of course, if the father had bothered to download an ISO image of a live Linux distribution, say Knoppix (see http://www.knoppix.org/), burn a CD or DVD, and then boot from the CD, he could read those files. Similarly, any computer service person could read the files.

The father might have had a Knoppix disk on hand to use in case the copy of the operating system on the machine became corrupted.

Chuck
4.26.2007 3:19pm
whit:
chuck, i don't see how that's relevant

the point is that the son clearly expected privacy in his files vs. the father's access, and the father did not have apparent authority. whether the father could have used forensic tools to access them is irrelevant imo
4.26.2007 3:21pm
Stryker:
Chuck,
One can get a Crowbar or a hairpit at the 5 and dime. Does that make the use thereof upon a roomate's lock acceptable?
4.26.2007 3:26pm
Stryker:
I don't know about a hairpit, but at least a hairpin.
4.26.2007 3:27pm
David Chesler (mail) (www):
Tomm talks about "Apparent Authority":
For example, if I stand next to someone else's car, claim it is mine and permit police to search it, does that allow police to use any evidence they find it?

What if I'm standing next to a suitcase that's blocking the aisle of the train, and the conductor tells me to move it? I tell him to move it himself. He says "Passengers are responsible for their own luggage. Move the suitcase." I tell him that I won't. He tells me that if I don't move the suitcase he will throw it off the train. I tell him to do what he wants, but I won't move it. He throws it from the train, and then asks me why I didn't just move it. And I of course reply...


"That's not my suitcase!"
4.26.2007 3:28pm
David W. Hess (mail):
John C:
It seems to me that adopting a "physical" level analysis means that it is impossible for anyone to protect any files on their computer from being subject to a consent search by a co-occupant.


Routine encryption of personal files which is supported in most operating systems can make it impossible for a third party to successfully consent to a search of your files unless that third party has your login credentials. Windows Vista for example has expanded support for this although it can be done with Windows XP and is an even more routine operation in Linux or BSD.

More specifically, it is possible to set the computer up using encryption in such a way that without the appropriate login credentials, namely the user name and password, it is not possible to recover the user's files no matter what level of physical access exists.

I have been watching for but not yet found any case where computer data has been seized through third party consent where encryption was used to prevent access. Both third party consent and routine use of encryption seem relatively rare so I would expect a case with both to be even less likely.
4.26.2007 3:30pm
whit:
or there's the old inspector clouseau thing

"i thought you said your dog won't bite!"

"it is not my dog"
4.26.2007 3:31pm
logicnazi (mail) (www):
Chuck, Stryker,

Well I think the level of protection used makes some difference. These 'hidden' files are about as protected as the built in 'locks' some houses have on the master bedroom that opens with any object that fits in the key slot. Now imagine that a young man lives with his parents and siblings (say just 18). He may very well use that 'lock' to convey the message to his brothers that they can't just wander into his room but yet understand that whenever his parents need to do the laundry they must pass through his room. If he had put a hardcore padlock that was hard to break on the door it would indicate a very different level of privacy.

Similarly the problem here is that many OS's do this by default and the owner of the computer often is understood to have the power to format the drive or otherwise do OS level things to the computer as a whole and that programs they run may read that 'private' info. I don't think it makes a difference in this case but merely casual protections can often indicate a lower degree of privacy than strong protections.

Unfortunately this case is a perfect example of the effect of judicial ignorance of technology on the law. The judge is never going to strike down the police officer's apparent authority because he likely doesn't understand computers well enough to think it's obvious that different users might have protected files.

Anyway as far as encryption goes plenty of OS's do come so equipped. OS X has a very simple pref that keeps your whole home directory (places normal users save things) encrypted. Windows Vista (and some earlier windows) have some similar technologies. Usually not good enough encryption to stop the NSA or otherwise endanger national security but probably more than enough to deal with the cops.

Though then you run the risk of having what happened to Mitnick happen to you. The prosecution refused to turn over the encrypted data on his HD during discovery claiming that it hadn't been shown to be exculpatory or some sneaky trick that meant he couldn't use it to defend himself unless he gave them the key to all of it.
4.26.2007 3:40pm
cathyf:
This is off-topic, but how do you prove that the son actually possessed the files?

I mean, think about it, if you were going to run a business selling child pornography, wouldn't you keep the actual files on zombie servers that you had hacked into over the internet? This would allow you to not only distribute the files over stolen bandwidth, but also to sell the pictures without having them reside on your computer.

Usually people think of zombies as being used to run denial-of-service attacks, or to be assembled into clusters to crack passwords. But you could certainly use them as remote storage devices. And we have seen music and video pirates shanghei computers to host their content in just this way.

The technical details of how the father's consent led to the son's files also tell you that you have no way of knowing beyond reasonable doubts that they really are the son's files. In fact, I think that the only people that you can prove saw the files are the cops who were running the forensic software.
4.26.2007 3:49pm
David Chesler (mail) (www):
clouseau

While we're throwing things from trains, I usually think of the boy standing at the back of train. His father snatches the cap from his head and hides it. The boy thinks it has blown off, and his father says "If we whistle for it, it will come back." They whistle and the father sneaks it back onto his head. The boy is amazed, so he takes the cap, throws it out the door, and says "Let's do that again, Dad!"

(I think I first read this in French as an exercise in high school. That nobody in class laughed after a few minutes of working through the passage spoke more to our ability in the language than to the humor.)
4.26.2007 3:51pm
Bill Sommerfeld (www):
The question that I haven't seen answered yet: did the son actually have explicit permission from the father to create a password-protected account or profile on the father's computer? It is at least plausible that the father had less of a grip on the care and feeding of computers than the son, and thus the father may not have given informed consent to the son.

Even if you take the virtual/inside view, you still need to determine how the "inside" entities relate to the "outside" entities, especially when the users may be exceeding their actual authority to use a system by exploiting misunderstandings, misconfigurations, bugs, and security holes.
4.26.2007 3:55pm
Lior:
From a practical standpoint, if you control the physical computer you control the data in it. Whether the existing software configuration allows access to the data is irrelevant. In certain cases this isn't true -- some hardware is built to self-destruct when tampered with (cryptographic processors in ATMs are the obvious example) -- but for most home (and business) systems one can (and should!) equate physical access to the machine with complete control over it.

Thus I don't see any meaningful practical distinction between consent to touch the computer and consent to read every bit off the harddrive. I must admit that I disagree with Kyllo for similar reasons (I am not a lawyer).
4.26.2007 4:08pm
Lior:
As a non-lawyer I wanted to ask the experts here: say the government seize my computer and find encrypted files.

1. If they believe that the data will provide evidence in a case where I am not a suspect, may the force me to reveal the encryption keys?

2. In general, may the government claim (have they claimed?) that the use of encryption implies criminal motivation?
4.26.2007 4:14pm
Bill Sommerfeld (www):
Answered my own question by reading the beginning of the decision: the computer was used exclusively by the son and was present in the son's room, but its internet connectivity was paid for by the father; confusing matters further, the son used an email account registered in the name of the father.
4.26.2007 4:17pm
John C (mail):

More specifically, it is possible to set the computer up using encryption in such a way that without the appropriate login credentials, namely the user name and password, it is not possible to recover the user's files no matter what level of physical access exists.


That is irrelevant, even if it is true. It is the reasonable expectation of privacy of the suspect (in this case the son) that determines the level of Fourth Amendment protection. Passwords are the virtual equivalent of a lock on a door - easily breakable (by crowbar or virtual crowbar), but a clear indication that the owner is attempting to exclude others. By allowing for a digital evidence search on a "physical" level, the court in this case essentially said that a computer owner who leaves the house cannot protect his files, because if someone else is approached by police, they can consent to removal of the computer, which can then be searched by the police.

Now, I don't know a lot about computers, but I suspect that somewhere, a government agency exists that can read everything on my computer regardless of whatever encryption I place on my files. If it's not the local police, it is certainly the FBI, CIA, NSA, etc. The existance of any sort of program or whatever on my operating system offers me no comfort against physical inspection of my hard drive. Nor should it need to - I should be able to put up a common, reasonably simple barrier to access to remove others from being able to consent to search. Whether it is a cheap padlock on a door or a easily breached password, doesn't matter for Fourth Amendment purposes.
4.26.2007 4:27pm
Stryker:
Also as a non-lawyer,
What does the existing case law say about non-locked-away things that are generally under common authority, but otherwise inaccessible? That is, if I journal in German, it is inaccessible to my wife. If the police come and "knock and ask" and get permission from her to search the home, may they photograph the notebook for analysis later? I exect that anything in my home written in German is secure, but is that a reasonable assumption?
Similarly, if the father is not computer savy, could that not be seen as a barrier to his admitting the police to search it?
4.26.2007 4:32pm
David W. Hess (mail):
Bill Sommerfeld:
Answered my own question by reading the beginning of the decision: the computer was used exclusively by the son and was present in the son's room, but its internet connectivity was paid for by the father; confusing matters further, the son used an email account registered in the name of the father.


So the father may or may not have purchased the computer but the son was the exclusive user?

For the email account, that sounds like the father paid for internet access and the email account was provided by the ISP. It is routine for an ISP to provide multiple separate user configurable email accounts for each subscriber with only one person listed at the owner because that one person is the one being billed. Further, the master email account information can often be used to access and change any of the other email accounts although I am not aware if that is universal. If they automatically configure the first email account for the person being billed, I have always created a separate email account for normal activities.
4.26.2007 4:35pm
Lior:
John C: I would say that there is no additional expectation of privacy in computer data beyond the expectations pertaining to physical access to the computer. That is, a reasonable person would assume that anyone who has physical access to the computer can read any information contained in the computer. You should not treat a computer any different from a closed (but unsealed) envelope -- the contents are not in the open, but anyone with unhindered physical access can read them more-or-less without being detected.

Regarding the government reading your files: I would be amazed if the NSA can factor integers asmyptotically faster than anyone else (I wouldn't be surprised if they can do it 10 times faster using better heuristics, tricks and dedicated hardware). Since there are cryptosystems that are provably as secure as factoring the keys, I'd say you can encrypt your data and keep your privacy. Note that as computers become more powerful you may have to re-encrypt your data with longer keys to preserve its secrecy.
4.26.2007 4:37pm
whit:
as to whether there is a supercomputer that can break strong encryption...

if there is, the govt. isn't saying, but i have spoken to a mathemetician who thinks its impossible

as for evidentiary search, you can use a sort of electron microscope to reveal wiped data (sometimes)

i've seen the process done

a DOD level wipe goes over the data i think about 8 times to try to eliminate that possibility

and yes you can get DOD level wipe programs

do child porn perv's use them? rarely.

just like they rarely encrypt their files
4.26.2007 4:38pm
K Parker (mail):
What cathyf said.

A strict proof of how the current state of a hard drive got to be that way would require access to an archive of the entire history of actions taken upon it. How far out into the internet, or other networks that the computer was attached to, the archive would need to extend would depend on your need to prove the source of those changes.
4.26.2007 4:41pm
Stryker:
Tomm,
According to this decision, if the police ask to search a car you are standing next to, and you say "sure," they can search it as long as they don't have to ask you for a key.
p 24-- "Even if Dr. Andrus had no actual ability to use the computer and the computer was password protected, these mistakes of fact do not negate a determination of Dr. Andrus' apparent authority."
4.26.2007 4:54pm
Kelvin McCabe:
Apparant authority problems are always tricky, mainly because the doctrine itself is but an expedient to let cops do what they want to do sans warrant. After reading the facts of the case, it strikes me as odd that most people are not seizing upon the fact that the adult son, living in his 91 year old fathers home to care for him, kept the computer in his own bedroom and that the 91 yr old father had never used the computer, had never turned it on, etc...

Apparant authority doctrine rests upon an assumption that cops act reasonably when determining whether the person consenting has the actual authority to make the determination. In this case, the guy who answered the door was 91 yrs old, told the officers that while he had access to his son's room, he would not bother the room if the door was closed, and had never used the computer. The only real connection (beside the fact that the computer was within the home itself) between the father and the computer itself was the fact that the internet connection was paid through the cable service, likely in the fathers' name. Additionally, it was the only computer in the premises and was obviously the son's.

Regardless of all that, the police investigation in this case was quite long, encompassing months of investigation. The cops specifically went to the residence in the hopes of getting consent because they didnt have enough for a warrant. (from the opinion) But they knew a)who and b)where the son was, where he worked, his drivers license, car, etc... Why didnt they just wait for the son before entering once they realized the computer was in all respects only the son's?

I realize the son, like most defendants unaware of their rights, consented later as well, but it doesnt change the fact that the reasonbleness of the officer's actions in the beginning wasn't entirely all that reasonable in my opinion. Getting a 91 yr old man to allow police officers into his home to "search" the computer gizmo in the adult son's bedroom??? A computer the old man told the police he never used? Isnt it just as reasonable to conclude that the son wouldnt need to keep the computer under lock and key precisely because the old man never used it in the first place? Its not like the son was 13. Cmonnnnn.

Im not saying the old man, who was a Dr., wasnt all there upstairs, but when was the last time anyone had seen anyone over 85 not cooperate with police? I bet the police timed their "knock and interview" precisely at a time when jr. would be at work so they could confirm their initial suspicion. Even if the son after arriving would have objected to the search, they would then already have the probable cause to secure a warrant and could continue searching the computer and preserving the evidence. This case reeks on more levels than one. And is yet another costly 70 month (during which time dad's caregiver is gone, and dad will likely die with his son in prison) lesson in why not knowing basic constitutional rights is a cops best friend.
4.26.2007 4:56pm
whit:
two things.

1) kelvin, as somebody who gets consent to search frequently, and understands apparent authority - i think this evidence is bad here, and should be suppressed for the reasons mentioned

2) it does NOT follow , as you claim, that the son "unaware of his rights" consented etc. the assumption is that the son consented THEREFORE he must be unaware of his rights

rubbish

as ANYBODY familiar with consent, psychology, etc. in the field knows - people who are WELL AWARE of their right NOT to consent will often do so , and even when it incriminates them

that['s a psychology thang that you don't understand if you make that assumption. much as many defense attorneys assume cops are lying when they present evidence based on consent. shows like cops go a long way towards proving that people consent ALL THE TIME.

basically, i see your whole post as one big slag on cops. cops are (imo) far more concerned with constitutional rights than the average person. it's just that the average attorney (especially defense attorney mindset) is that anytime evidence is gotten against their client, it's a violation of rights. that's the prejudice i see here.

but i agree that the father did NOT have apparent authority in this case, and a good investigator would have recognized that
4.26.2007 5:02pm
David W. Hess (mail):
John C:
That is irrelevant, even if it is true. It is the reasonable expectation of privacy of the suspect (in this case the son) that determines the level of Fourth Amendment protection. Passwords are the virtual equivalent of a lock on a door - easily breakable (by crowbar or virtual crowbar), but a clear indication that the owner is attempting to exclude others. By allowing for a digital evidence search on a "physical" level, the court in this case essentially said that a computer owner who leaves the house cannot protect his files, because if someone else is approached by police, they can consent to removal of the computer, which can then be searched by the police.


I agree that the use of an access control system is equivalent to a lock and key and the legal implications of such. My point is that the use of a secure encryption system removes all doubt about who has access and has no real world equivalent unless you compare it to something like law enforcement attempting to break into a bank vault with a plastic eating utensil and drinking straw. With some encrypted file systems, it may not even be possible to prove that data exists never mind recover it making a comparison to something in the real world even more difficult.

John C:
Now, I don't know a lot about computers, but I suspect that somewhere, a government agency exists that can read everything on my computer regardless of whatever encryption I place on my files. If it's not the local police, it is certainly the FBI, CIA, NSA, etc. The existence of any sort of program or whatever on my operating system offers me no comfort against physical inspection of my hard drive.


Here is where it gets tricky. With a well designed and implemented encrypted file system, there are three ways to defeat the encryption and access the plain text data:

1. Recover the password or encryption key. This would include intercepting it while the user unknowingly uses it either on the computer directly or outside of it, searching and finding it where it is stored outside of the user's own mind, and recovering it via a legal process from the user. The last one is not fool proof because some encryption systems provide the means to use multiple keys to recover different sets of data while denying the ability to prove the existence of further hidden data. These types of systems are specifically useful against rubber hose type interrogations not that any law enforcement agencies in the US would do such a thing.

2. Brute force the encryption key. If the system is designed and implemented correctly, this will only be possible if the user selected a weak key which granted is surprisingly common. Otherwise it becomes an "age of the universe" type of problem.

3. Find a weakness in the encryption itself or in the specific implementation and the way it is used. This is actually a common problem. The well known WAP encryption for wireless networking used a secure algorithm in a way that almost completely compromised its effectiveness. A lot of cell phone systems suffer from this as well.

With all due respect to the FBI, CIA, NSA, and other government organizations, there is no evidence that a well designed system using something like AES, Blow-Fish, Two-Fish, or any number of other peer reviewed algorithms is not completely secure against a brute force or other attack when used correctly. The same cannot be said for systems using DES or 40 bit SSL which are either outdated or were subject to artificial restrictions.

John C:
Nor should it need to - I should be able to put up a common, reasonably simple barrier to access to remove others from being able to consent to search. Whether it is a cheap padlock on a door or a easily breached password, doesn't matter for Fourth Amendment purposes.


I agree. For myself I have adopted a strategy where third party consent can not be used to subvert my privacy.
4.26.2007 5:23pm
TechieLaw (mail) (www):
I think Justice Douglas said it best:


We are rapidly entering the age of no privacy, where everyone is open to surveillance at all times; where there are no secrets from government. The aggressive breaches of privacy by the Government increase by geometric proportions.

Osborn v. United States, 385 U.S. 323 (Douglas, J., dissenting). I think Douglas' dissent as applied to the facts of Osborn was misplaced (regarding whether a voluntary informant could tape Osborn talking to him about contact with Jimmy Hoffa's jurors), but I think Douglas' dissent rings quite true when you consider how much our lives have become dependent on technology, and how easily technology's security may be breached.

In some ways, we place entire lives on computers; it's a situation which would have been unimaginable decades ago. Browsing the contents of a hard drive can reveal somebody's literary interests, the identities of their friends and possibly even the contents of conversations with those friends, bank account information, and so on. In a world without computers, obtaining each of these would take many different steps, each of which would have to be weighed against the Fourth Amendment.

It's supremely convenient for law enforcement to be able to find all of this in one place, rather than going through the motions for each one. But by making this too easy -- for example, by viewing a computer as a single "physical" device rather than by asking whether a user had an expectation of privacy in a password -- we strip away all of the protections that we may have had in the past.

Tell me -- is there any reason that the police couldn't have obtained permission from a court to search the protected files? I see nothing wrong with maintaining that formality of protection.
4.26.2007 6:48pm
Hattio (mail):
whit,
When you say that law enforcement are far more concerned with const. rights than your average person, what exactly do you mean? If you mean, that it's a part of their jobs to know where the line is, know exactly what crossing the line is, and what they can get away with, then yeah. Just like your average mechanic is "more concerned" with the proper care and maintenance of cars than your average joe. If your claiming that the average law enforcement officer has a high respect for the invocation of constitutional rights, I have to disagree. I've heard far too many contacts with police where the police keep asking and pressing for consent. Well, if you make us we're going to have to go to the judge, but you could save us all a lot of time. Regardless, we are going to be thorough. etc. Or the one I really love, ask for consent, get refused, then say on tape, well, because I'm worried about the destruction of evidence, I'm going to search anyway.
4.26.2007 7:21pm
Tomm:
So with all the exceptions to the 4th amendment like probable cause ("he was acting suspicious and smelled like marijuana"), inevitable discovery ("we would have found it when we got a warrant, so let's just pretend we did"), and apparent authority ("I swear I thought that computer belonged to the Mennonite who consented"), is there anything to stop law enforcement from doing whatever they want and explaining it away later?
4.26.2007 7:34pm
margate (mail):
In Illinois v. Rodriguez, 497 U.S. 177, 188 (1990), the Court framed the test for whether a warrentless search based on apparent authority is unreasonable this way: "As with other factual determinations bearing upon search and seizure, determination of consent to enter must be judged against an objective standard: would the facts available to the officer at the moment warrant a man of reasonable caution in the belief that the consenting party had authority over the premises?" (Internal quotation marks omitted.)

Accepting that a physical, and not virtual, computer search is a reasonable means to investigate the hard drive's contents, my question for Orin is this: during the course of such a physical search, would it become apparent to the forensic searcher that files are pass-word protected? In other words, are there any conclusive clues that data is protected in this form of sweep?
4.26.2007 7:41pm
Imbiber:
This case is exceptionally interesting, but not terribly instructive because the house belonged solely to the father. Have sole property rights, I think the majority got it right. The police can reasonably assume that the owner of a home can consent to a search of the belongings therein. A more theoretically instructive case is a shared office space with individual, padlocked lockers and a shared computer with multiple user profiles. Certainly the co-tenant can consent to a search of the common areas, but not to the other tenants personal locker (even if he secretly knows the combination). I view the shared computer the same way. Each person has a reasonable expectation of privacy in his password protected computer files, and that expectation should be protected.

As an aside, I always love the circular nature of any debate about what is a "reasonable expectation" since it is the courts that determine what is reasonable. If the courts allow searches at the virtual level, that is what's reasonable. If at the physical level, then what is "reasonable" has instantly changed.
4.26.2007 8:28pm
just my thoughts:
Interesting concept. Do we have individual rights to be free from searchs absent a warrant and (assuming we do) how can ANYONE else override that on our behalf? A third party shouldn't IMHO be able to waive my Constitutional rights.

In this case, it worked. The guy had child porn, he was a sleeze, he SHOULD be in jail. But, I still hesitate when I think about the way the search was done.
4.26.2007 8:41pm
whit:
"Do we have individual rights to be free from searchs absent a warrant and (assuming we do) "

no. we have a presumption that searches conducted without a warrant are "unreasonable", but there are obviously a host of factors and exceptions to that (search incident to arrest, plain view, consent, exigency, etc. etc. etc.)

iow, a search w/o a warrant is presumptively unreasonable. the burden is on the govt. to overcome that burden. case law has established these exceptions, and many more.
4.26.2007 9:45pm
whit:
hattio,

i mean exactly what i say. in my experience, cops are far more concerned (and educated) about constitutional rights than the average person is. it's that simple.
4.26.2007 9:47pm
ReaderY:
If the pornography was in a safe protected by a combination lock not known to the father, would searchers be entitled to smash or pick the lock?

A combination, like a password, is a logical rather than a physical access device, and safe-crackers have skills similar to computer hard drive searchers in terms of their ability to bypass purely logical barriers and use physical meas to access data which is at all times physically available to someone with the right tools (in both cases) but, due to purely logical barriers, is not generally available to the public. (If logical barriers "don't exist" to a computer hard drive dissambler, why should they be considered to exist to a safe dissassembler? Physical dissassemby is required in both cases to bypass the logical barriers. What's the difference?)
4.26.2007 9:58pm
We need more facts!:
If the files are not encrypted anyone with physical access to the computer, irrespective of the password has access.
- Just because windows hides them from other users does not make them private (if I throw a blanket over something it suddenly doesn't become reasonable that someone with access to the room cannot lift the blanket).
- If the files are encrypted (any ordinary person can't get at them just by booting from a different disk), then the lock analogies actually matter. Now we would be talking about some kind of reasonable expectation of privacy and would need to analyze the actual techniques used by the gov't.
4.27.2007 1:21am
Paul Ohm (mail) (www):
I have a real problem with the majority's reasoning and with Orin's invocation of his physical/virtual thesis in this case: they both treat the forensic software used here, EnCase, like it does computer forensics the only way it can be done, as if it were discovered under a bush or handed down from on high. On the contrary, EnCase doesn't respect Windows passwords and dedicated user directories (at least not by default) simply because its programmers have never implemented that "feature." Why not? Because law enforcement agencies don't want that feature? Why not? Because it would hinder investigations like this one.

That's the problem with calling this the "physical view" of the world. Orin says that, "User profiles and most password protection operate only at a virtual level, so a goverment forensic analyst operating at a physical level wouldn't even notice the difference unless he was specifically looking for it." But, again, this isn't because that's the only way forensics can be done. It's because that's the way the people who made EnCase and FTK and iLook have designed their tools to work.

In other words, there are many possible "physical views" of the world of computer forensics, and we happen to live in a world in which forensics examiners and forensics toolmakers have chosen to "treat[] the hard drive as a physical device that contains millions of zeros and ones." Other commenter's comparisons to heat sensors and MRIs are appropriate. If cops claimed that they had to view every physical closed container with an X-ray machine, because "that's the tool we have," courts would tell them go find another tool.

Courts in cases like this should be free to consider the possibility that forensics tools can be easily reshaped to comply with any restrictions a court decides the Fourth Amendment imposes. What if a court ruled today that, given the widespread use of user passwords for Windows XP and OS X, no consent search of a computer could be conducted unless the forensics tool first looked to see if passwords were used? Law enforcement would wail about such a result, but it wouldn't be because it ran afoul of some intrinsic feature of the physical world. No, if such a case ever arose, EnCase would become "user password aware" overnight, I bet.
4.27.2007 1:50am
Kelvin McCabe:
Interesting comment whit - although i think you picked the wrong set of facts to make the case that cops are "concerned" with suspects constitutional rights - considering the whole reason the police went there to do the "knock and interview" in the first place was precisely because they didn't have Prob Cause for a warrant and wanted an exception to the warrant requirement to get around this silly ol' relic of the past. What aspect of the suspects fourth amendment rights were the police protecting then, officer whit? I'll state again, this motivation on behalf of the police is right in the opinion, so must have been in the record from the suppression motion (i.e, one of the cops stated that was the reason they went to the home). If you havent read the opinion yet, perhaps now would be a good time.

Assuming as true the fact the police didnt have P.C. and wanted to get around the whole 4th amend. search in a home warrant thing, which WAS IN FACT the motivation in the first place, why not think the cops would rather talk to captain geriatric as opposed to his son? Who would be an easier target for your so called psychology? I can't tell you why the son, an educated person, knowing he had child pornography in his computer, would simply let the cops have the computer and sign a form consenting to a search of it. He may be a colossal f-in idiot,or maybe he was so devastated at the reality of his entire life flushing down the toilet, that he simply didn't care. Or, like many people who have little to no contact with or knowledge of criminal arrest/procedure until they are a defendant for the first time, simply didnt think long and hard enough about what he was doing. Cops, experienced in such situations as a matter of course, take full advantage of that inexperience, anxiety, fear, etc... and you would be a fool, a liar, or both to deny the same.

I am A-1 positive that when the defense lawyer told him and his father what could have been done to avoid the arrest and charges in the first instance,(after of course telling them not to d-load child porn) by simply asserting their 4th and 5th amend. rights, the guy probably wishes he could go back in time and tell the police to go suck a railroad spike and come back with a warrant.

I admit i have criminal defense bias, (working in Chicago doesnt help) but any libertarian, conservative or liberal can see the weakening of many of our core constitutional rights and i attribute it just as much to the judges who uphold questionable (in a constitutional sense) police tactics on a routine basis, as i do the cops who are involved in the warrantless searches/arrests that get appealed to the appellate courts.

However, you, who apparantly must be a cop of some sort yourself since you are involved in this consent business routinely, should recognize your own bias and know that if all criminal suspects religously and stubbornly asserted their constitutional rights YOUR JOB WOULD GET HARDER while i would have less clients and less $. Why would i advocate a position that isnt in my own best interest?

Because i care about a concept called liberty, not the generic liberty =freedom crap, but liberty = freedom from government intrusion and interference in the citizens' life type liberty that this country was founded upon.

I do agree with you that psychology plays a role, but for different reasons. I suggest you re-read the oft hated Miranda decision. Not for its holding, which im sure the pseudo police you refer to embraced with open arms, but rather for its enlightening discussion of proven police methods and strategies to take advantage of the criminal suspect using whatever advantage the cop can gain. If psychological coercion, however subtle and from whatever source, can be used to get a guy to confess, surely it could be just as useful, and likely easier, to get him to simply sign a consent. Better yet, do the consent first, get some dirt on the guy, then use that to get a signed confession!

Then, you can talk over beers with your buddies about how "observant" of the suspects rights you were as you simultaneously got him to piss them all away. Want to know whats real perplexing, but unholy funny? Experienced beat cops, who turn crooked and break the law in some minor fashion, like pocketing cash stolen from suspects, who are confronted with said actions by other cops, and who then waives his 4th amend rights and consents, and then waives the 5th amend and confesses when they pull cash out of his locker or patrol car, and then gets convicted and then loses his job. You know why its so funny? Because these guys are the loudest to claim they were coerced and didnt waive their rights voluntarily! HA! Well maybe that joke wont be so funny to you, but others here may enjoy it :)
4.27.2007 2:36am
Reasoner:
I think this quote of Illinois v Rodriquez by margate, makes it clear what the call in this case should be.

>"would the facts available to the officer at the moment warrant a man of reasonable caution in the belief that the consenting party had authority over the premises?"

The key here is that the searchers must use "reasonable caution". They can't carelessly accept the legitimacy of the consent to search. Although the officers at the scene may not have been expert on the issue of user accounts on the computer, the forensics expert should have pointed it out and confirmed with the officers that he had legitimate authorization to conduct the analysis of the hard drive.

The analogies given above of the MRI and the trunk, inspired in me another analogy. Imagine if the police asked for permission to search the house, and when given permission, to the surprise of the owner, they brought in a giant X-ray machine to take an image of the contents of the entire house from the outside. In such a situation the police should know that they would need to check if there were any rooms in the house that the owner didn't have authority to consent to search.

Stryker wrote:
>I expect that anything in my home written in German is secure, but is that a reasonable assumption?

The police would have no way of knowing that you intended the German to be a security measure and they would therefore be perfectly justified in bringing in a translator to break your "security".

"We need more facts!" wrote:
>Just because windows hides them from other users does not make them private (if I throw a blanket over something it suddenly doesn't become reasonable that someone with access to the room cannot lift the blanket).

It's not a question of how secure the security measure really is, what matters is that the subject of the search thought that it would be private. A blanket isn't a security measure in anybody's mind, but a password is. Against a novice like perhaps his father, the password might even be truly effective. Many locks can be bypassed just as easily as the windows password can, yet those locks are still recognized for their intended purpose. Also, if the BIOS was locked and the system set to boot only from the hard drive, then barring some security flaw, you couldn't access the hard drive with Knoppix or any way except to breach the case of the computer. That would be analogous to removing the hinges from a locked door. If the BIOS was not locked then that would just be a security oversight of the novice user, not an acknowledgment of the lack of privacy.
4.27.2007 5:15am
martinned (mail) (www):
L.S.,

The father was 91 years old, and did not even know how a computer works. How did that not cast doubt on his apparent authority to consent to search of the computer???
4.27.2007 9:22am
carpundit (www):
The only thing good about this decision is the court's citation of Orin's Searches and Seizures In a Digital World (p.15).

Did anyone else notice that the son -who will be in prison for the next 6 years- was the caretaker for the 91 year-old father?

The old man's consent will turn out to be devastating to his own life.

I hate child sexual exploitation to be sure. But I can't help but see some measure of injustice in this justice.

CP
4.27.2007 10:33am
Rod T (mail):
Fascinating case. While not a lawyer, I have a dozen years experience with both computer security and reasonable searches.

From an IT perspective the court got it right. If someone obtains physical access to your computer, it's "game over". They can gain complete access everything on the hard drive, often that also applies to encrypted files (usually due to poor security practices).

From the stand point of what constitutes a reasonable expectation of privacy - you can debate it now, but looking at the number of media stories about computer identity theft, lost laptops personal data, etc; there is a growing sense that computers are not inherently secure and that a reasonable person would know this. I believe that within 5 years there will be settled consensus in that regard.

Isn't the father's age irrelevant from the issue? Until he is declared incompetent, shouldn't he be presumed competent? It seems to me that those commentators relying on the father not understanding about computers are arguing that it was an unreasonable search because the father could not be considered a 'reasonable man'. If true, shouldn't that invalidate the search of the house too?
4.27.2007 10:34am
whit:
rod, i think that's a little off. this computer was in his home, in his room.

i think he did have a reasonable expectation that files under his login, in his computer, in his room that he had in a house with his 91 yr old computer illiterate dad, would be private
4.27.2007 11:58am
Dave N (mail):
Interesting--I just attended a symposium on Cyber Crime. Everyone in attendance was a prosecutor. The consensus appeared to be in a scenario similar to this case's that while the father would not have the authority to consent to searches of portions of the computer that the son had kept hidden from him--any more than the father would have authority for police to search his son's bedroom if the son's bedroom was ordinarily the son's private area to which the father did not have access.
4.27.2007 3:16pm