The recent case of United States v. Johnston, 2012 U.S. Dist. LEXIS 53323 (E.D. Cal.), raised some thought-provoking questions. Essentially, it is a run of the mill CP motion to suppress - with one twist. The defendant had used his email address to register for a CP website, and an e-mail giving him access was “intercepted.” A search warrant was obtained and during the first search of the defendant’s hard drive plenty of CP was found, and a search for relevant communications turned up “some ‘emails of interest’ and chat logs.”
A second search nearly five years later revealed more emails and CP. On the third search, an agent claimed he did some keyword searches for typical terms related to CP again, but failed to do one important thing – keep a record of what he was doing. As an aside, typically you are taught that when conducting forensics investigations of computers, you record every command that you use to examine the drive (or have a program do that for you), so that you can retrace your steps (and essentially assert that you were remaining within the scope of the warrant). The agent admittedly did not do that here.
The defendant argued in his motion that the searches exceeded the warrant, requiring suppression. Additionally, he argued that the agent’s failure to keep track of his actions were fatal because “it is not possible to determine clearly that the agent acted only within the bounds laid out by the warrant's terms.”
The defendant equated this to “the government[] ‘rummaging’ indiscriminately through [the] defendant's computer in violation of the Fourth Amendment.” (I loved the “rummaging” part). In clearer terms, the defendant is arguing that failure to take those steps turned the particularity of the warrant on its head and the search became a dragnet-type search. The Court reviewed two previous cases that were semi-analogous, and then summed up the review of precedent:
Because "[t]he difficulties of examining and separating electronic media at the scene are well known," a warrant's authorizing "seizure of intermingled materials that are difficult and time-consuming to separate on-site" is reasonable and permissible. The intermingled nature of materials, however, does not justify a detailed examination of the entire content of those materials in the form of "an investigatory dragnet."
any information [the agent’s] searches returned that was not limited precisely to possession or receipt of images of child pornography was located by searching only for this kind of material. As in Giberson, although the government here did not seek an additional warrant after the agent discovered the travel information and the chats, the agent continued his search by looking only for evidence of child pornography. There is no indication that he ever diverted his search to areas of inquiry outside the scope of the warrant, conducting the kind of "investigatory dragnet" operation that would violate the Fourth Amendment. (emphasis added)There is no evidence of diversion, because the government failed to collect the evidence in a forensically sound way, and that failure provided the defendant with no argument and no evidence to prove his version of the facts. While this certainly isn’t a case worth appealing on its particular facts, I could think of one that would be.
Suppose the exact same facts except the evidence of a crime obtained during the third search was wholly unrelated to CP and was, for example, related to federal tax evasion. In that circumstance, the suppression motion should be granted for failure to stay within the scope of the warrant. Here’s why: in Johnston, all of the information that was revealed was ultimately related to the same subject, pedophilia, and was likely to be intermingled – also, it was the target of a child porn investigation. Thus, string searches for words such as “lolita,” “child porn,” “pedo,” etc., are likely to reveal this type of information. But in the federal tax evasion case, would the same be true? Herein lies the conundrum.
The failure of the agent to disclose his steps to discover that information in the third search should be fatal to the government’s case in this hypothetical. Without evidence of the steps of the searches, and what commands were issued during the search, there could be no proof that the government wasn’t using a dirty word list that included phrases outside the scope of the crime they were investigating. The assumption would then be pushed to a “dragnet”- type search – say searching for CP words plus “money laundering,” “cocaine,” “botnet.” Because of the amount of information on a computer hard drive, we have to expect that we retain privacy to some degree in that information. Obviously the Ninth Circuit’s precedent reveals this to some extent, but the cases have not really delved into the Fourth Amendment intricacies of hard drive mechanics and data storage.
Additionally, can plain view even really be applied in these types of situations? Or, more specifically, who is to determine how that works on a hard drive? Under the Wong test used here to analyze plain view, one of the requirements is that the “items incriminating nature was ‘immediately apparent.’” In Johnston, the court is making the assumption that this is true based on the agent’s testimony; however, a court would likely defer to such testimony of plain view by the agent, regardless of whether they know he is telling the truth. Once again, failure to record his actions makes this deference shaky. Also, I’m sure most people would agree that child porn is “immediately apparent” in the sense that you’ll know it when you see it. Can the same be true of evidence of tax evasion? I don’t think I would know tax evasion was staring me in the face from string-based searches of a hard drive.
In sum, it must be decided if a warrant allows anything to be done to a hard drive, or are there strictures? What if it was a shared computer in a family? In my view, the Johnston case (maybe) and surely the hypothetical would be analogous to the cops looking for a hidden gun in your house, but stopping to read your daughter’s diary. We’re essentially confronted with a line-drawing problem. The court has escaped the “dragnet” trap here because of the interrelatedness of the crimes and the ability to draw a conclusion not from a strong footing of evidentiary sufficiency but a favorable factual outcome. But that trap isn’t avoidable forever. When you are conducting a search for evidence of an alleged crime, you are searching for relevant evidence of that crime - not all crimes. The only way to determine if this has been followed is to know what steps the government took to get where they ended up. This case was properly decided, but I think the court should not have given such short shrift to the evidentiary failings because the facts fell in line.
0 comments:
Post a Comment