Breaking: 9th Circuit holds reasonable suspicion needed for forensic search of laptop at US border

The decision is United States v. Cotterman, __ F.3d __ (9th Cir. 2013), and the case summary is below:

The en banc court reversed the district court’s order suppressing evidence of child pornography obtained from a forensic examination of the defendant’s laptop, which was seized by agents at the U.S.-Mexico border in response to an alert based in part on a prior conviction for child molestation. 

The en banc court explained that a border search of a computer is not transformed into an “extended border search” requiring particularized suspicion simply because the device

is transported and examined beyond the border. The en banc court wrote that the fact that the forensic examination occurred 170 miles away from the border did not heighten the

interference with the defendant’s privacy, and the extended border search doctrine does not apply, in this case in which the defendant’s computer never cleared customs and the defendant never regained possession. 

The en banc court held that the forensic examination of the defendant’s computer required a showing of reasonable suspicion, a modest requirement in light of the Fourth Amendment. The en banc court wrote that it is the comprehensive and intrusive nature of forensic examination– not the location of the examination – that is the key factor triggering the requirement of reasonable suspicion here. The en banc court wrote that the uniquely sensitive nature of data on electronic devices, which often retain information far beyond the perceived point of erasure, carries with it a significant expectation of privacy and thus renders an exhaustive exploratory search more intrusive than with other forms of property.  

The en banc court held that the border agents had reasonable suspicion to conduct an initial search at the border (which turned up no incriminating material) and the forensic

examination. The en banc court wrote that the defendant’s Treasury Enforcement Communication System alert, prior child-related conviction, frequent travels, crossing from a country known for sex tourism, and collection of electronic equipment, plus the parameters of the Operation Angel Watch program aimed at combating child sex tourism, taken collectively, gave rise to reasonable suspicion of criminal activity.  

The en banc court wrote that password protection of files, which is ubiquitous among many law-abiding citizens, will not in isolation give rise to reasonable suspicion, but that

password protection may be considered in the totality of the circumstances where, as here, there are other indicia of criminal activity. The en banc court wrote that the existence

of password-protected files is also relevant to assessing the reasonableness of the scope and duration of the search of the defendant’s computer. The en banc court concluded that the examination of the defendant’s electronic devices was supported by reasonable suspicion and that the scope and manner of the search were reasonable under the Fourth Amendment.  

Concurring in part, dissenting in part, and concurring in the judgment, Judge Callahan (with whom Judge Clifton joined and with whom Judge M. Smith joined as to all but Part II.A) wrote that the majority’s new rule requiring reasonable suspicion for any thorough search of electronic devices entering the United States flouts more than a century

of Supreme Court precedent, isunworkable and unnecessary, and will severely hamstring the government’s ability to protect our borders. 

Judge M. Smith (with whom Judges Clifton and Callahan joined with respect to Part I) dissented. Judge Smith wrote that the majority’s decision to create a reasonable suspicion

requirement for some property searches at the border so muddies current border search doctrine that border agents will be left to divine on an ad hoc basis whether a property search is sufficiently “comprehensive and intrusive” to require suspicion, or sufficiently “unintrusive” to come within the traditional border search exception. Judge Smith also wrote that the majority’s determination that reasonable suspicion exists under the exceedingly weak facts of this case undermines the liberties of U.S. citizens generally – not just at the border, and not just with regard to our digital data – but on every street corner, in everyvehicle, and wherever else we rely on the doctrine of reasonable suspicion to safeguard our legitimate privacy interests.

Read More

Computer forensic delays a growing problem?

It is hard not to notice the growing number of cases that revolve around or discuss the delays associated with processing computer forensic evidence. Is there a growing problem? The short answer is yes, but it is hard to determine the scope and depth of the problem merely by analyzing disparate court opinions and news stories. It does appear to be a systemic problem, both at the federal, state, and local level. Here is some evidence:

Recent cases

(January 3rd, 2013) United States v. Montgomery, __ F.3d __ (10th Cir. 2013) - after obtaining documents through a FOIA request, the defendant alleged as part of his defense that "forensic analysis had not been done because the FBI's . . . CART . . . office in Oklahoma City was backlogged for over 6 months."

United States v. Lovvorn, 2012 WL 3743975 (M.D. Ala. April 24, 2012) - "Finally, Lovvorn argues that an unreasonable delay between the seizure and the subsequent search of his computer is a violation of the Fourth Amendment. . . . The property was taken to the Coffee County Police Station, and then turned over to the Alabama Bureau of Investigation ("ABI"). The ABI returned the results of their forensic investigation nineteen months after the seizure from Lovvorn's residence occurred. There was no evidence presented that Lovvorn sought to have his property returned or was prejudiced in any way, nor has there been any assertions against the chain of custody or the authenticity of the evidence. The ABI has only one location in the state. The court therefore finds it is reasonable to believe that the delay was caused by nothing more than a backlog of cases."

News Stories

General Dynamics Awarded $42 Million to Support FBI Computer Forensic Networks

Previous posts

Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure

District court orders suppression after lengthy delay for cell phone search (3 month delay)

In Paypal DDOS case, government reprimanded for failure to analyze and return data in a timely fashion - In that post, I wrote: "To me, it's hard not to wonder if there is a systemic problem going on with how the government is handling cybercrime cases and the plethora of evidence that they tend to produce - according to this transcript, there were at least 9 terabytes of data that had to be analyzed.  That is certainly a lot of data, but as the court in Metter stated, there has to be a line drawn somewhere when retention of data transforms from investigatory to a violation of the Fourth Amendment."

Comments

The underlying legal implications of such backlogs are numerous, but include: (1) the suppression of evidence (as seen in a few cases above) due to the delay, as a violation of the Fourth Amendment, (2) delay in prosecution of child pornography and similar child predator cases, which has the potential to provide time/opportunity to commit additional offenses, and (3) the likelihood that evidence in lesser cases will be skipped over for more high-profile cases, driving up the bar that must be reached to consider a case worthy of prosecution.

I'd appreciate any comments from practitioners in the field who have seen similar delays and can attest to them, or alternatively, stories indicating a trend in the opposite direction.

Read More