pageok
pageok
pageok
An Interesting Consequence of United States v. Comprehensive Drug Testing:
Am I right that the Ninth Circuit's Fourth Amendment decision in United States v. Comprehensive Drug Testing has rendered every computer search warrant that has ever been obtained — and every offsite search — unconstitutional? I've been working in this area for over a decade, and I have never heard of a case that satisfies the Ninth Circuit's new procedural standards.

  I suppose it's possible that the Ninth Circuit will create a new retroactivity jurisprudence to go along with its new Fourth Amendment jurisprudence. If so, the Ninth Circuit might hold that its new rules don't apply to past warrants or past searches that have occurred. But unless or until it does, I would think that every criminal case in the Ninth Circuit with a search warrant involving computers has just been given a new suppression issue: None of the cases will have followed the protocols that the Ninth Circuit just said the Fourth Amendment requires, as no one could have predicted these new protocols.

  Or perhaps the Ninth Circuit will conclude that there is no suppression remedy for past searches that violated the new requirements? This is really new territory, so it will be interesting to see how it plays out. I suspect we'll find out soon, as there are a lot of these cases.
Dave N (mail):
I made this comment on another thread (towards its end), but it seemed appropriate on this one too.

Three thoughts:

1) I suspect this case has a better than even chance that certiorari will be granted, should the government seek it.

2) In the event cert. is either denied or not sought, unscrupulous federal agents will do "joint investigations" with their state counterparts and get state warrants, since the 9th Circuit has no authority over state courts.

3) If the gambit in my second thought is tried, and the feds seek a federal prosecution based on a state warrant, will this rule then be found applicable to state search warrants as well? As a follow up question, will THAT analysis change if it is primarily a state investigation turned over to the feds for prosecution for one reason or another?
8.27.2009 12:43am
OrinKerr:
Dave N,

1) I would say better than better than even: This is unprecedented on a lot of levels.

2) If this is a constitutional rule -- which I think it is, although it's kinda hard to tell -- then it applies to both state and federal cases equally.

3) If the DOj doesn't petition for cert, they'll just wait a few weeks until the chaos becomes clear, other circuits reject this, and they get a case with better facts (from the government's standpoint). This is gonna happen fast, I think; it's sort of the Blakeley of computer search and seizure.
8.27.2009 12:48am
MJD:
I saw in your other post you said that this was a workaround for plain view, and that you had even advocated for (possibly, one day) abolishing plain view in computer search cases. I agree with both your characterization and your sentiment about where the law is, and ought to.

You also mentioned that the Ninth Circuit was constrained from announcing plain view dead in this case because no search had in fact occurred. Other than the admittedly novel approach they took, what options did the Ninth Circuit have (particularly judges sympathetic to the idea that a search like the ones considered would be out of bounds)? I guess just wait and see, but that leads me to whether the Ninth Circuit, in the absence of Supreme Court precedent, would have the authority to eliminate plain view. It's always strange when the Court has announced a rule of general application, but a lower court, maybe for good reason, doesn't think it should apply to a new scenario. It puts the lower court in a tricky position. They are bound by precedent, but does that precedent apply to a new situation? No doubt strong-form language can be found about all cases, though that referred to N set of cases, and now we have N+1.... and so. If they were so constrained I can understand the...impulse to create these rules.

Anyway, I'm still not sure what would constrain the Ninth from making these rules, but I'm not a true expert on federal supervisory power. I'm certain Congress could enact these rules for federal courts/officers. I'm pretty sure the Supreme Court could do so, so long as Congress had been silent, as a matter of its supervisory power. If both Congress and the Supreme Court had been silent, why can't a Court of Appeals adopt a prudential rule as a matter of its supervisory power? Or does the Supreme Court hold that power uniquely and away from lower courts. (Which does not seem correct to me, considering the lines of habeas and habeas retroactivity questions where the rules bubbled up from lower federal courts).

That said I agree that the Ninth does not explicitly source their rule in any supervisory power. I think the decision far less defensible if it is intended as an interpretation of the fourth amendment. And even if not, that still invites tinkering from One First Street.
8.27.2009 1:02am
OrinKerr:
Other than the admittedly novel approach they took, what options did the Ninth Circuit have (particularly judges sympathetic to the idea that a search like the ones considered would be out of bounds)

They could have just followed the law. But then they don't call it the Ninth Circus for nothing.
8.27.2009 1:27am
2cents (mail):
Orin:

I do not agree that the CDT decision has retroactive application.

I think the opinion did two things:

Ruled on the various orders (the Cooper Order, Mahan Order and the Illston Quashal).

Set out a prospective rule on how magistrates should issue warrants (The CDT Rule?).


"We believe it is useful, therefore, to update Tamura... In general, we adopt Tamura's solution to the problem of necessary over-seizing of evidence: When the government wishes to obtain a warrant to examine a computer hard drive or electronic storage medium in searching for certain incriminating files, or when a search for evidence could result in the seizure of a computer, see, e.g., United States v. Giberson, 527 F.3d 882 (9th Cir. 2008), magistrate judges must be vigilant in observing the guidance we have set out throughoutour opinion, which can be summed up as follows:...


This part of the opinion appears to be separate from the determination of the disposition of the Orders that are the subject of the appeal. It is interesting that it is set out in the Conclusion.


Just as Tamura has served as a guidepost for decades, we
trust that the procedures we have outlined above will prove a useful tool for the future.

So, it appears that the authority for the CDT Rule is the same as the authority for Tamura. I assume this is supervisory in nature. It appears clear that this is a prospective rule by the use of "future" in the above quote.

I am not a Fed. Crim Law guru (and even less so a 9th Cir. Crim Law guru). But I think my read of the case makes sense. Sounds clear that later courts will clarify the contours of all of this.
8.27.2009 1:32am
OrinKerr:
2cents,

That's an interesting theory. I'm curious, do you see the case as a fourth amendment decision, or do you see it as a case about the federal supervisory powers? I gather the latter, but I just want to be clear.
8.27.2009 1:34am
2cents (mail):
Orin:

I think there is some of both here. The review of the various orders seems more of a 4th Amendment analysis. The CDT Rule, being prospective in nature (and without an apparent case or controversy to support its announcement) must almost certainly be a federal supervisory powers case.

But, heed my earlier caveats, I am an admin law attorney now and have been out of the Crim law arena for some time, so I could be missing the nuances and finer points. Thanks for posting this, though, it is very interesting stuff.
8.27.2009 1:48am
OrinKerr:
2cents,

That may be right. On the other hand, if it's a supervisory powers case, I'm not sure how it is allowed in light of United States v. Payner, where the Supreme Court held that the supervisory powers cannot be used "as a substitute for established Fourth Amendment doctrine."
8.27.2009 1:57am
intelectual honesty:
OrinKerr:

2) If this is a constitutional rule -- which I think it is, although it's kinda hard to tell -- then it applies to both state and federal cases equally.


orin you competently missed his point (intentionally as usual)

it would be a constitutional rule onyl according to the 9th circuit-which has no biding authority over state courts. the state is only bound byt its interpretation and the SCOTUS interpretation (with exceptions for direct orders in specific cases by feral courts eg habeus)
8.27.2009 2:02am
OrinKerr:
Orin you competently missed his point (intentionally as usual)

Well, if I missed it, at least I did so competently! Seriously, though, of course it's not binding on state courts. But my sense is that state courts in the CA9 are going to pay a lot of attention to a Ninth Circuit constitutional ruling, while they generally would just ignore a Ninth Circuit supervisory powers ruling.
8.27.2009 2:10am
intelectual honesty::
i am satisfied. thank you
8.27.2009 2:14am
2cents (mail):
Orin,

If my read is right, that CDT has two parts, the review of the orders under 4th amendment analysis and the announcement of a prospective rule, then Payner would seem not to be a barrier to the validity of the "CDT Rule."

It appears to me that Payner would not permit application of the CDT Rule to suppress evidence gathered against a third party in a criminal prosecution. But, that is a different question than if the 9th Cir. has the power to create such a rule in the first place.

Now, I think you may be suggesting that CDT and the Players Association (PA) are akin to the Respondent in Payner. But I think CDT is distinguishable because CDT and the PA are not criminal defendants. I also think the issue preclusion based on untimely appeal of Cooper and Illston Orders change the landscape quite a bit.
8.27.2009 2:40am
Dave N (mail):
Orin,

While it would be persuasive precedent for states in the Ninth Circuit, it would not be binding--particularly since 4th Amendment cases are outside the scope of federal habeas corpus review (Stone v. Powell). As a result, I suspect states would be much more likely to ignore it and wait for the Supremes to speak--particularly given the Ninth Circuit's track record when certiorari is granted.
8.27.2009 3:44am
common sense (www):
Would previous searches get a good faith exemption from the requirement?
8.27.2009 5:40am
wolfwalker (mail):
Full disclosure to start with: I'm not a lawyer or anything close, just an educated layman who thinks (perhaps wrongly) that he understands the law fairly well. I am, however, something of a computer expert.

I really don't see the problem with the 9th Circuit decision. Rather, I see what you all say is the problem, I just don't understand why it's a problem. According to the facts as given in the decision, the government case agent obtained a legal warrant that specified "information on these ten individual players." He then used that warrant and the plain-view exception as carte blanche to search CDT's computer files for all information on testing of sports players, and go after other players who had tested positive. Right?

Okay, here is what I think is the key question: what is "plain view" on a computer? As a computer power user, I would say that any time you have to know in advance how to find, open, and read a file or a set of data, "plain view" doesn't apply. If it's encrypted, if it's in a proprietary format, if it has a misleading name or is tucked away deep in an otherwise-innocuous folder tree -- it's not in plain view. To give an example, if you start up a computer and see a folder on its desktop labeled "Positive Drug Tests MLB 2008," that's plain view; if you see a folder labeled "MLB 2008" and you have to open that folder, then log into some proprietary program to read the data files in that folder, and then run a data query to distinguish positive from negative test results -- then that is not plain view. Since it appears that's what the case agent did, the data seized wasn't in plain view.

Am I missing something?
8.27.2009 8:39am
Ben P:

Am I missing something?


From what I'm aware of only the searching.

To borrow from your example and apply the law in a rough fashion. The search warrant gives police the right to look in any place the information they're looking for might reasonably be held.

So, police are looking for computer data. They take the hard drive and image it. They run a broad search over the entire hard drive for "drug tests" and it comes back with a file labeled "MLB Test Results 2008."

They could probably open that file, but

1. is the search itself a search or is looking at the titles and other meta data on the files plain view.


2. To modify an example my crim pro professor used to love to throw into discussions, Suppose they load up the drive and right there on the desk top is a file labeled "Cocaine buys 2008" or "Murder Cover Up Files Sept, 2004."

Is the criminality of those files "immediately apparent?" or do they need a warrant to open the files to see if they are what the title says they are?
8.27.2009 8:59am
John M. Perkins (mail):
The warrant limits a search.
If the warrant was written to get all MLB tests, then ok.
If the warrant is limited to 10 related Bonds tests, then that's all you get. Not hard to administer if you the investigators are competent and honest.

Incompetent and dishonest investigators are much what the 4th A is about. Novitzy should be jailed.
8.27.2009 9:29am
Anderson (mail):
I suppose it's possible that the Ninth Circuit will create a new retroactivity jurisprudence to go along with its new Fourth Amendment jurisprudence.

The best snark is the snark with a potentially literal, non-snarky meaning. Well done, sir.

I hope the 9th will take some interest in the opinions of the guy who wrote the book on computer crime law.
8.27.2009 9:55am
Anderson (mail):
(Which I see is assigned this semester at Ole Miss btw, though the price tag made it a bit steep for casual reading.)
8.27.2009 10:03am
wolfwalker (mail):
Ben P.: Good questions. My (non-lawyerly) opinion as to the answers:

1. is the search itself a search or is looking at the titles and other meta data on the files plain view.

My common-sense answer would be that the file-manager search function is in fact a search under the 4th Amendment. In my mind, any action you have to intentionally take in order to find the file(s) you want qualifies as a search. Does established caselaw say otherwise? If you want to find one specific paper file in a room with ten file cabinets, and you methodically look at every folder label in every one of those cabinets even though you already know exactly where the file you want is -- is that still a legal search?

2. To modify an example my crim pro professor used to love to throw into discussions, Suppose they load up the drive and right there on the desk top is a file labeled "Cocaine buys 2008" or "Murder Cover Up Files Sept, 2004."

Again, my common-sense answer is that the file names are in plain view. Those specific names create a reasonable belief that the contents may be evidence of criminal activity, and that justifies a closer look.
8.27.2009 10:47am
dangerous lack of something something:
Again people, if we are looking at computers specifically, and someone just looks in a file folder with View > Tiles, any present images will display or create thumbnails of what the image looks like. This will happen if you search a file folder, and I believe the forensic software will work in a similar manner (ECase I believe).

Considering that many of these issues are arising from images being found and considered evidence of a crime, that singular function of most computers should be addressed in some detail.

Try it on your file explorer sometime; you don't have to click on the file itself for this function to occur and that picture comes into "plain view" as a layman like myself would understand the term.
8.27.2009 10:56am
TRO (mail):
"In the event cert. is either denied or not sought, unscrupulous federal agents will do "joint investigations" with their state counterparts and get state warrants, since the 9th Circuit has no authority over state courts."

What you call "unscrupulous" I call thinking outside the box.
8.27.2009 11:00am
ShelbyC:
Anybody have a guess as to the odds of a summary reversal?

I wish courts would stick to deciding cases and controversies. The constitution says they're not supposed to legislate.
8.27.2009 11:15am
Oren:

2. To modify an example my crim pro professor used to love to throw into discussions, Suppose they load up the drive and right there on the desk top is a file labeled "Cocaine buys 2008" or "Murder Cover Up Files Sept, 2004."

Get a second warrant. What reasonable magistrate would deny such an application?

The right to search a computer implies (IMO, YMMV) the right to list all the files present on the system.
8.27.2009 11:32am
einhverfr (mail) (www):
Wolfwalker:
I don't know how EnCase does it, but TCT allows you to take a datastream (including a hard drive in an unknown but unencrypted filesystem) and reconstruct segments of files and, in most cases, complete files. It is absolutely impressive to see what it can do. Besides hard drives, you can reconstruct file information from swap space a well so this is not limited to what was saved to the filesystem (if you have access to some systems while they are running, you can even dump memory and reconstruct files from that).

What you get out aren't pretty names like "Positive_drug_test_results.xls" but rather something like 0a0123dfe.jpg and 0b235fda.xls. These then have to be further analyzed to get the information needed.

Typically, though, I would expect EnCase to first do file-system-level searches.

Hope this helps.
8.27.2009 12:20pm
JM Hanes:
I'd be interested in knowing how, or whether, this decision would have an impact on the actual seizure of computers when such searches are warranted.

I'm thinking of a recent case (in Texas?) in which several independent businesses were apportioned use on a common server. In the course of investigating the activities of only one of those users, law enforcement seized the server, effectively denying all the unrelated parties' access to records essential to the lawful conduct of their businesses as well.

In addition to that immediate and continuing (and in at least one case, permanent) collateral damage, there was apparently no obvious basis upon which the innocent parties could seek a remedy, and certainly no speedy remedy in the offing. The costs of doing so were further exacerbated when law enforcement proved entirely unsympathetic to their plight.
8.27.2009 12:23pm
ShelbyC:

I'm thinking of a recent case (in Texas?) in which several independent businesses were apportioned use on a common server. In the course of investigating the activities of only one of those users, law enforcement seized the server, effectively denying all the unrelated parties' access to records essential to the lawful conduct of their businesses as well.

In addition to that immediate and continuing (and in at least one case, permanent) collateral damage, there was apparently no obvious basis upon which the innocent parties could seek a remedy, and certainly no speedy remedy in the offing. The costs of doing so were further exacerbated when law enforcement proved entirely unsympathetic to their plight.


I don't think search and siesures have anything to do with guilt or innocence. If the cops have PC to believe that someone threw a body into your woodchipper, even without your knowelege, they can get a warrant to search your property for the woodchipper, and sieze your woodchipper, even if you are completely innocent.
8.27.2009 1:53pm
Mike& (mail):
Federal prosecutors gamed the system - perhaps acting unethically in the process. The Ninth Circuit changed the rules of the game to prevent unscrupulous prosecutors from continuing to game the system. Sounds like a good development to me.
8.27.2009 1:56pm
einhverfr (mail) (www):
JM Hanes:


I'm thinking of a recent case (in Texas?) in which several independent businesses were apportioned use on a common server. In the course of investigating the activities of only one of those users, law enforcement seized the server, effectively denying all the unrelated parties' access to records essential to the lawful conduct of their businesses as well.


If it's the case I am thinking of, they didn't just seize "the computer" but rather all the computers whose hosting was handled by that company in the server room. This meant among other things they seized the E911 systems and the like. This was due to some sort of investigation regarding the hosting company related to telecom fraud.

That sounds a lot like the sort of search warrants the 4th Amendment was designed to protect us against.
8.27.2009 2:26pm
einhverfr (mail) (www):
(For the Texas case, see the news coverage.)
8.27.2009 2:30pm
just a country lawyer:
David O. Markus has challenged the good professor to a debate on this decision.
http://sdfla.blogspot.com
8.27.2009 2:30pm
einhverfr (mail) (www):
Hmmm... On reading the affidavit, the investigation regarding the Core IP seizure was not against the company but against the company's former customer....
8.27.2009 2:41pm
einhverfr (mail) (www):
(also see this collection of docs relating to the colo seizure. Heavy stuff regarding computing, hosting, and the 4th Amendment.)
8.27.2009 2:57pm
einhverfr (mail) (www):
In case someone thinks my last few posts are sort of off-topic, let me explain the connection. In the CDT case, the agents conducted a seizure that was far wider than it needed to be, which is one reason for the 9th circuit's concern here.

In Core IP Networks, the FBI seized over fifty customer-owned servers including systems used to run 911 systems for about 100k residents. The reason for the search was to obtain bandwidth history information relating to an investigation of someone else, on the chance that the CEO of the company MIGHT have been colluding with scammers. There was no reason listed on the affidavit why the customers' systems would have had such evidence on them. The affidavit doesn't show any probable cause to suggest that Core IP Networks or their customers were involved in illegal activity, just that there might have been some evidence on billing systems from the company relating to another party.

In a lot of ways, this seems very similar to strip searching all guests of a house who happen to be there when a search warrant for narcotics is served on that location.

These sorts of cases raise substantial questions of reasonableness and the fourth amendment. Courts seem to have let a lot of things slip and the sort of danger that occurs when a business is searched is becoming evident.
8.27.2009 6:08pm
ShelbyC:

The affidavit doesn't show any probable cause to suggest that Core IP Networks or their customers were involved in illegal activity, just that there might have been some evidence on billing systems from the company relating to another party.


Keep in mind that that's all that is required. There's no 4A requirement that an affidavit show PC that the owner of the property to be searched or siezed be involved in illegal activity, just that the search will yield evidence of illegal activity.
8.27.2009 6:31pm
einhverfr (mail) (www):
ShelbyC:


Keep in mind that that's all that is required. There's no 4A requirement that an affidavit show PC that the owner of the property to be searched or siezed be involved in illegal activity, just that the search will yield evidence of illegal activity.


Understood, but in this case, remember that they shutdown the Emergency 911 system, and confiscated servers from 50 customers (and owned by them) to look for billing data.

My point is that this doesn't seem very particular as far as servers go.

We don't offer search warrants for "every residence within one mile of X" because we believe evidence to be somewhere in that area.
8.27.2009 6:47pm
einhverfr (mail) (www):
In short if I put MY server in a colo there is NO probable cause to seize it when you are looking for billing data from the hosting provider.
8.27.2009 6:48pm
David Schwartz (mail):
Keep in mind that that's all that is required. There's no 4A requirement that an affidavit show PC that the owner of the property to be searched or siezed be involved in illegal activity, just that the search will yield evidence of illegal activity.
That's not quite the law. The affidavit must show probable cause to invade the specific privacy interests that are to be invaded. Those privacy interests may well be specific to each property owner. (Ybarra v. Illinois)

A warrant that provides probable cause to breach one privacy interest cannot be used to breach others, even if it otherwise fits within the four corners of the warrant.
8.27.2009 7:51pm
Oren:

In short if I put MY server in a colo there is NO probable cause to seize it when you are looking for billing data from the hosting provider.

In the case cited by OK in the OP, the host of the business refused to help the LEOs find the particular thing to be seized, forcing them to seize all the documents (in that case, dead tree) and sort them later (since it would be infeasible to sort through them all on-site).

By almost perfect analogy, the colo employees could easily point out which servers belong to you and which are billing data. If they refuse, I don't see any reasonable way for the LEOs executing the warrant to figure it out on-the-spot.

It would be folly to allow the colo to frustrate a lawful warrant for their billing data in such a fashion.
8.27.2009 11:42pm
einhverfr (mail) (www):
Oren:

In the Dallas case, the affidavit made no mention of past failures to cooperate and the warrant was served for ALL computing and telephone equipment at a time other than business hours.

This was made on the basis that there was a possibility of some personal association between the Colo and the target of the investigation and on the basis that a surety payment had been made to Verizon on behalf of the subject of the investigation by the Colo company several years prior. The company that ran the whole data center however stated that to their knowledge the subject of the investigation had been evicted from hosting for nonpayment. Furthermore the agent knew where the subject's own servers were hosted since those were mentioned separately on the affidavit.

It is still a terrible abuse of power.
8.28.2009 1:26pm
einhverfr (mail) (www):
Also the FBI, in defending the colo raid released a statement suggesting that billing data relating to old customers could have been on any system on the place because they were all interconnected.

In short it was a whaling expedition.
8.28.2009 1:28pm
JM Hanes:
Many thanks for the links and the discussion of the Dallas case! I first heard about it when I came across an article/blog post about one outfit which was essentially being put out of business as a result. As striking as the nature of the seizure itself, was the apparent lack of available recourse.
8.29.2009 12:49am

Post as: [Register] [Log In]

Account:
Password:
Remember info?

If you have a comment about spelling, typos, or format errors, please e-mail the poster directly rather than posting a comment.

Comment Policy: We reserve the right to edit or delete comments, and in extreme cases to ban commenters, at our discretion. Comments must be relevant and civil (and, especially, free of name-calling). We think of comment threads like dinner parties at our homes. If you make the party unpleasant for us or for others, we'd rather you went elsewhere. We're happy to see a wide range of viewpoints, but we want all of them to be expressed as politely as possible.

We realize that such a comment policy can never be evenly enforced, because we can't possibly monitor every comment equally well. Hundreds of comments are posted every day here, and we don't read them all. Those we read, we read with different degrees of attention, and in different moods. We try to be fair, but we make no promises.

And remember, it's a big Internet. If you think we were mistaken in removing your post (or, in extreme cases, in removing you) -- or if you prefer a more free-for-all approach -- there are surely plenty of ways you can still get your views out.