Wednesday, December 5, 2012

Weindl (FBI agent's spyware vs. principal) - Why the court got it wrong

In this second post, I will explain my reasons for believing the court's reasoning in Weindl was flawed. The Weindl case, as a quick recap, involved a principal (Weindl) who was caught with child pornography after using a laptop assigned to the son of an FBI agent (Auther); the laptop was returned by Auther with spyware on it. For my original write-up of the facts of the case, see: Principal caught with CP when FBI agent returns son's school laptop with spyware still on it; court denies suppression. I also wrote a quick follow-up post about the coverage and misinformation regarding the case after I wrote about it. That can be found here: Weindl - FBI agent spyware v. principal attracts attention and misinformation.

First, let me address the "smell test." It seems extremely odd that when Auther took the computer to the FBI and asked "fellow agents for advice on how to wipe it clean" they "tried to remove all the files but were unsuccessful." Two things: (1) the FBI investigates a significant number of "cyber" cases using forensics techniques to recover deleted files and search through hard drives, uncover steganography, and analyze complex network traffic. Yet, they can't wipe a hard drive - something that a simple Google search will tell you how to do? Also, (2) Auther paid for and installed the spyware, knew the "hot-keys" to access the information it collected, and set it up to email him reports. Yet, once again, he could not uninstall that program, the most cognizable change he made to a machine he did not own?

In addition, he took it to a computer store to wipe all of the files, with a service order showing "reimage" and "clean out files" as the work to be done. I accept that a local service may not have been aware of the spyware to look for it in the first place, but reimage means just that, start all over again.  And, more interestingly, Auther did not even mention that he installed spyware on the computer to the computer shop. Wouldn't that program be the first thing you would mention when cleaning up a computer?

Also, the court seemed to be quite deferential to Auther when it accepted the argument that he was more concerned about leaving than investigating the principal. Perhaps that is true, but is it not equally likely that he suspected the principal of questionable activities and, before leaving, wanted to confirm his suspicions? After all, the FBI agent did say that he was aware of the Sandusky case and that what happened at Penn State motivated some of his later actions. That coupled with the two-time failure to remove the spyware smells funny.

But lets assume that all of the facts are true - just as the court did. I find it questionable that the court omitted any discussion regarding the license agreement of eBlaster, which requires you to agree to "use [eBlaster] only on a computer you own," an agreement Auther clearly violated when he installed it on a school-loaned laptop. The court also breezes over the likelihood that Auther violated policies of the school or the PSS laptop loaner program. I point this out because Auther is permitted to walk all over policies and procedures carte blanche, but Weindl's use of the laptop in likely violation of the rules of the loaner program was sufficient to wipe out his expectation of privacy completely. More on that later.

I think one of the most glaring errors of the court is the reasoning that opening the first four emails was not a search and instead was inadvertent conduct not under the color of law.  First, the court found that the search was only the activity of the spyware program collecting the data, and did not include the person on the other end viewing that information. I am not convinced you can draw such a black and white line. The Fourth Amendment (and by proxy the protection of privacy) has been held to protect against the intrusion of the process of a search as well as the discovery of the information it provides. If the latter were not an aim, the Fourth Amendment would never have been extended outside of property notions, as it was in Katz.

Thus, Auther's decision to open an email with a subject line that clearly indicated the email regarded information collected after he had returned the PC should have been held a search. Moreover, knowledge that the email could not regard his own or his son's activity does not make opening the email inadvertent. The definition of inadvertent is: "not focusing the mind on a matter : inattentive." The case indeed indicated that Auther recognized that the emails were providing information they should not have been because he believed the program had been removed and the computer was no longer in his possession. An example is illustrative: If I move into a new house on Royal Avenue on Tuesday, and on Friday I get a package addressed to "our lifelong neighbors on Royal Avenue," opening that package would not be inadvertent. I clearly know that I do not constitute the "neighbor" the package was intended for, since I moved in three days prior. Auther's opening of the email is no different. The subject line contained prima facie evidence that it was not intended for him and arose from improper means. Thus, the only reason he could have to open it would be to pry.

I am willing to concede, however, that one might reasonably argue that opening the first email would be inadvertent. Maybe he wasn't paying attention to the subject line. But, after reading the first, he should have known something was awry. To open the other three emails, after reading the first, would indicate one very important thing: that he was now acting as an officer of the law because of the information the email contained (evidence of someone accessing child pornography). To go back to my example, if I opened the first package without paying particular attention to the address line that said "to our lifelong neighbors on Royal Avenue," it may be reasonable to say I was just careless (or it was inadvertent). However, if inside that box are pictures of a family that I don't know, then when three more packages arrive addressed the same way and similar in appearance, a reasonable person would not open them. They would instead return them to whomever delivered them. Or, in Auther's case, contact the principal or the PSS program and indicate that the spyware he installed without authorization from either the school program or the software author was in fact still installed and had generated an email to him. An interesting question raised by the case is: if the spyware email hadn't contained evidence of CP access, would he have called the school to raise the flag on the spyware? One would think so.

The last significant problem with the case is the court's decision to deny standing to Weindl on the reasonable expectation of privacy issue. The court stated:

Sometimes, people delude themselves into thinking that they have a right to things that don't belong to them. . . . No evidence indicates that Weindl had a right to use, or himself had permission to use, a PSS laptop, even for school-related activities. Auther turned his son's laptop in to Weindl in Weindl's capacity as an agent for the school, not for Weindl's personal use.
Even if Weindl had a subjective (albeit unrealistic) expectation of privacy in the PSS laptop, it was not an expectation that society is prepared to endorse. An expectation of privacy does not become objectively reasonable just because a person hides someone else's property away in his office desk and does not let anyone else use it. A person cannot have a reasonable expectation of privacy in a computer he stole or obtained by fraud. 
The court justifies the last paragraph on two reasonable expectation of privacy cases: one involving a stolen computer (Wong), and one involving a computer obtained by fraud (Caymen). The court then states that "Weindl's case is similar to Wong and Caymen. Weindl misappropriated school property for his own personal use. Whatever expectation of privacy he developed in the contents of the laptop's hard drive and the keystrokes of Internet searches is not a legitimate one that society is prepared to accept. . . . The laptop was not assigned to Weindl and was not his office computer." I find the comparison to Wong and Caymen to be ill-advised. In both cases, the individual had either been convicted, or charged with obtaining the device by illegal means. Weindl did nothing of the sort, here. Additionally, in Caymen, where the defendant obtained the laptop by fraud, the court based its holding on cases from sister circuits regarding stolen cars. There is a theme here: stolen. Weindl did not steal, nor obtain anything by fraud. While he may not have had permission, he certainly was not doing anything illegal.

The Caymen court pointed out that a person who has stolen something lacks the property interests an owner has (the bundle of sticks) that define property ownership. Can the same be said for the laptop, here? Arguably, no. Weindl was permitted to have constructive possession of the laptop - something a thief would never have. Also, if the laptop had been stolen from the FBI agent's son and then recovered, it would likely have been returned to the principal (or someone under his authority). Granted, he lacked other property rights like the right to sell, but to analogize the computer to stolen property is off target.

Lastly, I believe the court was correct, technically, about the application of the Federal Wiretap Act: namely, that suppression is only for wire and aural communications in criminal cases. However, I find it fantastical to argue that placing spyware on an individual's computer isn't wiretapping. That the court had to cite to a 1978 case in support of this part of the holding is a clear illustration of the lack of coverage in this area. I hope that these facts present an opportunity for the 9th Circuit to directly address the issue and clarify that a "wire" communication should include such conduct. (Although maybe it is a legislative task, since to include what could be characterized as "electronic communications" within "wire communications" would arguably construe the civil portion of the law addressing "electronic communications" superfluous, something courts are reticent to do).

I am excited to see how the 9th Circuit handles this case. The facts of Weindl illustrate, as many other technologically centered cases do, the "play in the joints" of the law. And, with respect to the Wiretap Act, reflects the anachronistic nature of some federal statutes as applied to emerging technologies.

9 comments:

  1. There's one very important flaw in your logic. It is a longstanding legal tradition that the presence of naked kids negates any arguments in support of the defendant or civil rights in general.

    ReplyDelete
  2. I wouldn't call that a flaw in my logic. Society's distaste for crimes involving "the presence of naked kids" is an institutional bias that should not "negate[] any arguments in support of the defendant or civil rights in general." I would never argue that any crime involving the exploitation of children is acceptable, but I will always argue that at the end of the Fourth Amendment it does not say "except when the crime involves children."

    ReplyDelete
    Replies
    1. In case it was not apparent, that was said tongue firmly planted in cheek.

      Delete
  3. What kind of moron uses school property to commit crimes? He should have anticipated that his employer (and not the FBI) would have been monitoring the use of school computers for activity such as this. And his employer would have brought in the FBI. The principal fails the stupid test. Of course, CP is stupid period.

    ReplyDelete
  4. Curious as to whether your analysis would hold had the Auther been a private individual and not a member of law enforcement. If any other parent had monitored the information, by curiosity or concern for a couple of days and then turned the information over to law enforcement, would the emails still be considered poison fruit?

    ReplyDelete
    Replies
    1. The analysis is completely different for a private search...

      Delete
  5. Let the lawyers and court worry about the fine points of what evidence can be admitted. If the school principal was guilty of child pornography, THANK GOD he was caught and removed from a position of high trust.

    ReplyDelete
    Replies
    1. The point of this blog is to influence lawyers and courts. Your argument essentially asserts that to argue against the court is futile because the court is the ultimate arbitrer. It is a circular argument. Yes, I'm glad he was caught. That doesn't mean that I think he should lose the right to argue for suppression on Fourth Amendment grounds.

      Delete
  6. The court got it right.

    ReplyDelete