Thursday, September 22, 2011

Reasonableness of length of time in consent search examined

A recent Eleventh Circuit case found that it was reasonable for law enforcement to wait nearly 11 months to search a computer that was obtained by consent. After signing a consent statement, Philip Edwards said he would like to have the computer back "sooner than later." At no point thereafter did he try to revoke consent.

As a result of various delays, a search warrant was not obtained for 34 days, and the computer was not analyzed until ten months later. The court held that because there was no revocation of consent and since Philip did not provide a specific amount of time, the timeliness was reasonable and within the consent.

I bring this case up not because it has anything unique about it, but to hopefully ignite discussion. I realize this is rather common place in child pornography and other cybercrime cases. Cybercrime units across the country are faced with budgets that hardly meet demand, often forcing long wait times. And obviously there an amount of time that should be considered de minimis, but eleven months seems be an unreasonable amount of time. The Sixth Amendment right to speedy trial exists, in part, to eliminate the distress of a defendant having to experience the uncertainty associated with the trial process. Certainly a similar protection should apply after a search. Due process? Cruel and unusual punishment?

Or is the key here consent? Should Emanuel have known that he could revoke his consent?

The case is United States v. Emanuel, 2011 WL 4376191 (11th Cir. 2011).

Sunday, September 18, 2011

PA appeals court finds text messages not properly authenticated

In Commonwealth v. Koch, 2011 WL 4336634 (Pa. Super. Ct. 2011), the court held that text messages were not properly authenticated and should not have been admitted as evidence. The detective "testified that he transcribed the text messages, together with identifying information, from the cellular phone belonging to Appellant. He acknowledged that he could not confirm that Appellant was the author of the text messages and that it was apparent that she did not write some of the messages. Regardless, the trial court found that the text messages were sufficiently authenticated to be admissible." Neither the alleged sender or recipient testified at trial to authenticate the messages.

Courts often require a heightened standard for admission of electronic evidence because of the ease of falsifying this information, and a phone number or e-mail address tying it to the supposed sender is insufficient. Parties must take it further in order to show the alleged author was, in fact, the author. Other courts have shown admission of text messages by:

  • Testimony from cell phone company, investigator, and co-conspirators (United States v. Hunter, 266 Fed.Appx. 619 (9th Cir. 2008))
  • Recipient testifying that messages were received on his phone under the author's name and that each contained the author's unique signature (State v. Thompson, 777 N.W.2d 617 (N.D. 2010)) (Note, however, that the issue in Koch was that the cell phone was used by multiple people. Thus, a unique signature may not be influential.)
  • Text messages contained details only the defendant would know (Massimo v. State, 144 S.W.3d 210, 216 (Tex. App. 2004))
  • Author providing their car model and name (State v. Taylor, 632 S.E.2d 218 (N.C. Ct. App. 2006))
  • Message showing up under saved number on witness's phone, victim's phone was found near her body, and evidence suggested no one had used her phone that day (State v. Damper, 225 P.3d 1148 (Ariz. Ct. App. 2010))
Many cases look to authentication requirements of electronically stored information (ESI) generally and do not apply specific rules for a specific type device. Therefore, authentication rules applying to e-mails or Facebook posts might also work for text messages. For example, a text message from Author saying he will go to a certain place at a certain time and evidence showing that he was there at that time, would be properly authenticated. Commonwealth v. Amaral, 78 Mass. App. Ct. 671 (2011).

Wednesday, September 14, 2011

Arguments that just don't cut it

There are arguments in every case that won't hold up, but there are others that are downright laughable. Here are a few of those not worthy of an entire post. (I'm paraphrasing these, of course.)
  • "It wasn't me that downloaded the child pornography. It was my Internet Service Provider (ISP). You should have suspected them from the beginning." (United States v. Larson, 2011 WL 3837540 (W.D. Miss. 2011))
  • "Since I purchased someone else's passport and Social Security card, it wasn't “without lawful authority” for me to try to get a US passport with it." (U.S. v. Ozuna-Cabrera, 663 F.3d 496 (1st. Cir. 2011))
  • "You can't search my home for child pornography just because my IP address shared it. Why? Because someone could have connected to my wireless network." (United States v. Gillman, 432 Fed.Appx. 513 (6th Cir. 2002))
  • "Someone guessed my password and accessed my computer, and it's unfortunate that I can't prove it because the security records just happen to be missing for the day in question." (United States v. Winkler, 639 F.3d 692 (5th Cir. 2011))
  • "I didn't distribute child pornography because I only e-mailed it from my phone to my personal e-mail account." Wait... what? No, the court actually bought this argument despite the statute defining distribution to be "any act ... related to the transfer of material involving the sexual exploitation of a minor." (United States v. Merrill, 578 F.Supp.2d 1144 (N.D. Iowa 2008))

Friday, September 9, 2011

Tech Watch: BitTorrent to release television

BitTorrent, a peer-to-peer networking service that uses "advanced, innovative technologies to efficiently move large files across the Internet," is releasing a television that will allow users to find, download, and play media found on the BitTorrent network.

The computer software has been around for years, but is a little complicated for the average user. After installing the software, the user must find and download a torrent for the file they want, open the torrent, and then download the file. This new system will simplify the process.

BitTorrent, I'm sure as an intended consequence, makes it easy to download items such as copyrighted movies and child pornography. Of course it has other legitimate uses, though I the only ones I can think of are entirely hypothetical. At least now, someone will be able to download illegal Disney movies and watch it from the comfort of their recliner.

Friday, September 2, 2011

FYI: Metadata not found on VHS tapes

In search for child pornography, an ICE agent obtained a search warrant for "any computer, computer system and related peripherals; tapes, cassettes." When the search warrant was executed, he found that the suspect used WebTV instead of a computer to access the Internet. The agent confiscated VHS tapes, believing that they would contain metadata. At trial, the agent "admit[ted] it never occurred to him that VHS tapes were analog tapes and that they would not contain metadata." The court held that taking the tapes did not violate the defendant's rights, for various reasons including good faith.

The court went on with its discussion, essentially calling on those presenting cybercrime trainings to do a better job. "Other than trial lawyers, forensic specialists, and IT professionals, few people could define what metadata is and where it could be found. While [the agent] took classes related to child pornography investigations that discussed metadata, it is highly unlikely that any of those classes discussed the nature of VHS tapes and how the recording system works."

Metadata is certainly important evidence, but it seems that it must be explained better. Investigators need to know where it can and cannot be found. It's a tough concept to understand, and trainers must do a better job of demystifying it.

The case is United States v. Hager, 2011 WL 3862072 (D.N.D. 2011).

Thursday, September 1, 2011

Court finds warrant needed in memory card search

A district court held that a search of a memory card was unconstitutional after the card was found in the arrestee's pocket upon arrest. United States v. Jenkins, 2011 U.S. Dist. LEXIS 96296 (N.D.W.V. 2011).

Police were following the defendant, believing he had stolen a four-wheeler. He was ultimately caught, and law enforcement noticed a digital camera nearby. The defendant immediately declared that it was not his. The court found a search of the camera and the memory card inside to be constitutional because the camera had been abandoned.

Upon arrest for fleeing an officer and DUI, police located a second memory card in the defendant's pocket which was found to contain child pornography. The defense argued that because the crime of the stolen four-wheeler had already been solved and because the card was not connected to the camera, the defendant had a reasonable expectation of privacy in the memory card. The court agreed, finding that a search was only permissible with a warrant.