 |
Computer Crime and |
|
Computer Crime and |
Computer Crime and Intellectual Property Section
Criminal Division
United States Department of Justice
January 2001
This publication supersedes
Federal Guidelines for Searching and Seizing Computers (1994), as well as the
Guidelines’ 1997 and 1999 Supplements. Although the interagency group
that produced the Guidelines achieved its goal of offering “systematic guidance
to all federal agents and attorneys” in the law of computer search and seizure,
intervening changes in law and the dramatic expansion of the Internet since
1994 have fostered the need for fresh guidance. This manual is designed to combine
an updated version of the Guidelines’ advice on searching and seizing computers
with guidance on the statutes that govern obtaining electronic evidence in cases
involving computer networks and the Internet. Of course, this manual is
intended to offer assistance, not authority. Its analysis and conclusions
reflect current thinking on difficult areas of law, and do not represent the
official position of the Department of Justice or any other agency. It
has no regulatory effect, and confers no rights or remedies.
This publication was
written by Orin S. Kerr of the Computer Crime and Intellectual Property Section
of the U.S. Department of Justice, under the supervision of Martha Stansell-Gamm,
Chief of the Computer Crime and Intellectual Property Section. The author
gratefully acknowledges the assistance of Mark Eckenwiler, Scott Charney, David
Green, Jennifer Martin, Chris Painter, the members of the 1999 CTC Working Group
(especially Stephen Heymann), Jeff Singdahlsen, Mark Pollitt, Thos. Gregory
Motta, Joanne Pasquerelli, and summer interns Dan Jackson and Avi Ionescu.
Electronic copies of this document are available from the Computer Crime and
Intellectual Property Section’s web site, www.cybercrime.gov. Inquiries,
comments, and corrections should be directed to Orin S. Kerr at (202) 514-1026.
Requests for paper copies or written correspondence should be sent to the following
address:
Attn: Search and Seizure Manual
Computer Crime and
Intellectual Property Section
United States Department of Justice
P.O. Box 887
Ben Franklin Station
Washington, DC 20044-0887
TABLE OF CONTENTS
I. SEARCHING AND SEIZING COMPUTERS WITHOUT
A WARRANT
A. Introduction
B. The Fourth Amendment’s
“Reasonable Expectation of Privacy” in Cases Involving Computers
1.
General Principles
2.
Reasonable Expectation of Privacy in Computers as Storage Devices
3.
Reasonable Expectation of Privacy and Third-Party Possession
4.
Private Searches
C. Exceptions to the Warrant
Requirement in Cases Involving Computers
1.
Consent
a)
Scope of Consent
b)
Third-Party Consent
c)
Implied Consent
2.
Exigent Circumstances
3.
Plain View
4.
Search Incident to a Lawful Arrest
5.
Inventory Searches
6.
Border Searches
7.
International Issues
D. Special Case: Workplace Searches
1.
Private Sector Workplace Searches
a)
Reasonable Expectation of Privacy in Private-Sector Workplaces
b)
Consent in Private Sector-Workplaces
c)
Employer Searches in Private-Sector Workplaces
2.
Public-Sector Workplace Searches
a)
Reasonable Expectation of Privacy in Public Workplaces
b)
“Reasonable” Workplace Searches Under O’Connor v. Ortega
c)
Consent in Public-Sector Workplaces
II. SEARCHING AND SEIZING COMPUTERS WITH A
WARRANT
A. Introduction
B. Planning the Search
1.
Basic Strategies for Executing Computer Searches
a)
When Hardware Is Itself Contraband, Evidence, or an Instrumentality or
Fruit of Crime
b)
When Hardware is Merely a Storage Device for Evidence of Crime
2.
The Privacy Protection Act
a)
A Brief History of the Privacy Protection Act
b)
The Terms of the Privacy Protection Act
c)
Application of the PPA to Computer Searches and Seizures
3.
Civil Liability Under the Electronic Communications Privacy Act
4.
Considering the Need for Multiple Warrants in Network Searches
5.
No-Knock Warrants
6.
Sneak-and-Peek Warrants
7.
Privileged Documents
a)
The Attorney General's Regulations Relating to Searches of Disinterested
Lawyers, Physicians, and Clergymen
b)
Strategies for Reviewing Privileged Computer Files
C. Drafting the Warrant
and Affidavit
Step
1: Accurately and Particularly Describe the Property to be Seized in the
Warrant and/or Attachments
to the Warrant
Step
2: Establish Probable Cause in the Affidavit
Step
3: In the Affidavit Supporting the Warrant, Include an Explanation of the
Search Strategy
(Such as the Need to Conduct an Off-site Search) as
Well as the Practical and Legal Considerations
That Will Govern the Execution of the Search
D. Post-Seizure
Issues
1.
Searching Computers Already in Law Enforcement Custody
2.
The Permissible Time Period For Examining Seized Computers
3.
Rule 41(e) Motions for Return of Property
III. THE ELECTRONIC COMMUNICATIONS PRIVACY
ACT
A. Introduction
B. Providers
of Electronic Communication Service vs. Remote Computing Service
“Electronic
communication service”
“Electronic
storage”
“Remote
computing service”
C. Classifying
Types of Information Held by Service Providers
1.
Basic Subscriber Information Listed in 18 U.S.C. § 2703(c)(1)(C)
2.
Records or Other Information Pertaining to a Customer or Subscriber
3.
Contents
D. Compelled
Disclosure Under ECPA
1.
Subpoena
2.
Subpoena with Prior Notice to the Subscriber or Customer
3.
Section 2703(d) Order
4.
§ 2703(d) Order with Prior Notice to the Subscriber or Customer
5.
Search Warrant
E. Voluntary
Disclosure
1.
Contents
2.
Records Other than Contents
F. Quick
Reference Guide
G. Working
with Network Providers: Preservation of Evidence, Preventing Disclosure
to Subjects, and
Cable
Act Issues
1.
Preservation of Evidence under 18 U.S.C. § 2703(f)
2.
Orders Not to Disclose the Existence of a Warrant, Subpoena, or Court Order
3.
Possible Conflicts with the Cable Act, 47 U.S.C. § 551
H. Remedies
1.
Suppression
2.
Civil Actions
IV. ELECTRONIC SURVEILLANCE IN COMMUNICATIONS
NETWORKS
A. Introduction
B. The Pen/Trap
Statute, 18 U.S.C. §§ 3121-27
C. The Wiretap
Statute, Title III, 18 U.S.C. §§ 2510-22
1.
Introduction: The General Prohibition
2.
Key Phrases
“Wire
communication”
“Electronic
communication”
“Intercept”
3.
Exceptions to Title III
a) Interception Authorized by a Title III Order, 18 U.S.C.
§ 2518
b) Consent of a Party to the Communication, 18 U.S.C.
§ 2511(2)(c)-(d)
c) The Provider Exception, 18 U.S.C. § 2511(2)(a)(i)
d) The Extension Telephone Exception, 18 U.S.C. §
2510(5)(a)
e) The ‘Inadvertently Obtained Criminal Evidence’ Exception
18 U.S.C. § 2511(3)(b)(iv)
f) The ‘Accessible to the Public’ Exception,18 U.S.C.
§ 2511(2)(g)(i)
D.
Remedies For Violations of Title III and the Pen/Trap Statute
1.
Suppression Remedies
a) Statutory Suppression Remedies
b) Constitutional Suppression Remedies
2.
Defenses to Civil and Criminal Actions
a) Good-Faith Defense
b) Qualified Immunity
V. EVIDENCE
A. Introduction
B. Authentication
1.
Authenticity and the Alteration of Computer Records
2.
Establishing the Reliability of Computer Programs
3.
Identifying the Author of Computer-Stored Records
C. Hearsay
1.
Inapplicability of the Hearsay Rules to Computer-Generated Records
2.
Applicability of the Hearsay Rules to Computer-Stored Records
D. Other Issues
1.
The Best Evidence Rule
2.
Computer Printouts as “Summaries”
VI. APPENDICES
Appendix A:
Sample Network Banner Language
Appendix B:
Sample 18 U.S.C. § 2703(d) Application and Order
Appendix C:
Sample Language for Preservation Request Letters under 18 U.S.C. §
2703(f)
Appendix D:
Sample Pen Register /Trap and Trace Application and Order
Appendix E:
Sample Subpoena Language
Appendix F:
Sample Language for Search Warrants and Accompanying Affidavits
to Search and Seize Computers
Appendix G:
Sample Letter for Provider Monitoring
In the last decade, computers and the Internet have entered the mainstream of American life. Millions of Americans spend several hours every day in front of computers, where they send and receive e-mail, surf the Web, maintain databases, and participate in countless other activities.
Unfortunately, those who commit crime have not missed the computer revolution. An increasing number of criminals use pagers, cellular phones, laptop computers and network servers in the course of committing their crimes. In some cases, computers provide the means of committing crime. For example, the Internet can be used to deliver a death threat via e-mail; to launch hacker attacks against a vulnerable computer network; to disseminate computer viruses; or to transmit images of child pornography. In other cases, computers merely serve as convenient storage devices for evidence of crime. For example, a drug kingpin might keep a list of who owes him money in a file stored in his desktop computer at home, or a money laundering operation might retain false financial records in a file on a network server.
The dramatic increase in computer-related crime requires prosecutors and law enforcement agents to understand how to obtain electronic evidence stored in computers. Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government with important (and sometimes essential) evidence in criminal cases. The purpose of this publication is to provide Federal law enforcement agents and prosecutors with systematic guidance that can help them understand the legal issues that arise when they seek electronic evidence in criminal investigations.
The law governing electronic evidence in criminal investigations has two primary sources: the Fourth Amendment to the U.S. Constitution, and the statutory privacy laws codified at 18 U.S.C. §§ 2510-22, 18 U.S.C. §§ 2701-11, and 18 U.S.C. §§ 3121-27. Although constitutional and statutory issues overlap in some cases, most situations present either a constitutional issue under the Fourth Amendment or a statutory issue under these three statutes. This manual reflects that division: Chapters 1 and 2 address the Fourth Amendment law of search and seizure, and Chapters 3 and 4 focus on the statutory issues, which arise mostly in cases involving computer networks and the Internet.
Chapter 1 explains the restrictions that the Fourth Amendment places on the warrantless search and seizure of computers and computer data. The chapter begins by explaining how the courts apply the “reasonable expectation of privacy” test to computers; turns next to how the exceptions to the warrant requirement apply in cases involving computers; and concludes with a comprehensive discussion of the difficult Fourth Amendment issues raised by warrantless workplace searches of computers. Questions addressed in this chapter include: When does the government need a search warrant to search and seize a suspect's computer? Can an investigator search without a warrant through a suspect's pager found incident to arrest? Does the government need a warrant to search a government employee's desktop computer located in the employee’s office?
Chapter 2 discusses the law that governs the search and seizure of computers pursuant to search warrants. The chapter begins by reviewing the steps that investigators should follow when planning and executing searches to seize computer hardware and computer data with a warrant. In particular, the chapter focuses on two issues: first, how investigators should plan to execute computer searches, and second, how they should draft the proposed search warrants and their accompanying affidavits. Finally, the chapter ends with a discussion of post-search issues. Questions addressed in the chapter include: When should investigators plan to search computers on the premises, and when should they remove the computer hardware and search it later off-site? How should investigators plan their searches to avoid civil liability under the Privacy Protection Act, 42 U.S.C. § 2000aa? How should prosecutors draft search warrant language so that it complies with the particularity requirement of the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure? What is the law governing when the government must search and return seized computers?
The focus of Chapter 3 is the stored communications portion of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-11 (“ECPA”). ECPA governs how investigators can obtain stored account records and contents from network service providers, including Internet service providers (ISPs), telephone companies, cell phone service providers, and satellite services. ECPA issues arise often in cases involving the Internet: any time investigators seek stored information concerning Internet accounts from providers of Internet service, they must comply with the statute. Topics covered in this section include: How can the government obtain e-mails and network account logs from ISPs? When does the government need to obtain a search warrant, as opposed to 18 U.S.C. § 2703(d) order or a subpoena? When can providers disclose e-mails and records to the government voluntarily? What remedies will courts impose when ECPA has been violated?
Chapter 4 reviews the legal framework that governs electronic surveillance, with particular emphasis on how the statutes apply to surveillance on the communications networks. In particular, the chapter discusses Title III as modified by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-22 (referred to here as “Title III”)1, as well as the Pen Register and Trap and Trace Devices statute, 18 U.S.C. §§ 3121-27. These statutes govern when and how the government can conduct real-time surveillance, such as monitoring a computer hacker's activity as he breaks into a government computer network. Topics addressed in this chapter include: When can victims of computer crime monitor unauthorized intrusions into their networks and disclose that information to law enforcement? Can network “banners” generate implied consent to monitoring? How can the government obtain a pen register/trap and trace order that permits the government to collect packet header information from Internet communications? What remedies will courts impose when the electronic surveillance statutes have been violated?
Of course, the issues discussed in Chapters 1 through 4 can overlap in actual cases. An investigation into computer hacking may begin with obtaining stored records from an ISP according to Chapter 3, move next to an electronic surveillance phase implicating Chapter 4, and then conclude with a search of the suspect's residence and a seizure of his computers according to Chapters 1 and 2. In other cases, agents and prosecutors must understand issues raised in multiple chapters not just in the same case, but at the same time. For example, an investigation into workplace misconduct by a government employee may implicate all of Chapters 1 through 4. Investigators may want to obtain the employee's e-mails from the government network server (implicating ECPA, discussed in Chapter 3); may wish to monitor the employee's use of the telephone or Internet in real-time (raising surveillance issues from Chapter 4); and at the same time, may need to search the employee's desktop computer in his office for clues of the misconduct (raising search and seizure issues from Chapters 1 and 2). Because the constitutional and statutory regimes can overlap in certain cases, agents and prosecutors will need to understand not only all of the legal issues covered in Chapters 1 through 4, but will also need to understand the precise nature of the information to be gathered in their particular cases.
Chapters 1 through 4 are followed by a short Chapter 5, which discusses evidentiary issues that arise frequently in computer-related cases. The publication concludes with appendices that offer sample forms, language, and orders.
Computer crime investigations raise many novel issues, and the courts have only begun to interpret how the Fourth Amendment and federal statutory laws apply to computer-related cases. Agents and prosecutors who need more detailed advice can rely on several resources for further assistance. At the federal district level, every U.S. Attorney’s Office has at least one Assistant U.S. Attorney who has been designated as a Computer and Telecommunications Coordinator (“CTC”). Every CTC receives extensive training in computer-related crime, and is primarily responsible for providing expertise relating to the topics covered in this manual within his or her district. CTCs may be reached in their district offices. Further, several sections within the Criminal Division of the U.S. Department of Justice in Washington, D.C., have expertise in computer-related fields. The Office of International Affairs ((202) 514-0000) provides expertise in the many computer crime investigations that raise international issues. The Office of Enforcement Operations ((202) 514-6809) provides expertise in the wiretapping laws and other privacy statutes discussed in Chapters 3 and 4. Also, the Child Exploitation and Obscenity Section ((202) 514-5780) provides expertise in computer-related cases involving child pornography and child exploitation.
Finally, agents
and prosecutors are always welcome to contact the Computer Crime and Intellectual
Property Section (“CCIPS”) directly both for general advice and specific
case-related assistance. During regular business hours, at
least two CCIPS attorneys are on duty to answer questions and provide assistance
to agents and prosecutors on the topics covered in this document, as well
as other matters that arise in computer crime cases. The main number
for CCIPS is (202) 514-1026.
I. SEARCHING AND SEIZING COMPUTERS
WITHOUT A WARRANT
The Fourth Amendment limits the ability of government agents to search for evidence without a warrant. This chapter explains the constitutional limits of warrantless searches in cases involving computers.
The Fourth Amendment states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.According to the Supreme Court, a warrantless search does not violate the Fourth Amendment if one of two conditions is satisfied. First, if the government’s conduct does not violate a person’s “reasonable expectation of privacy,” then formally it does not constitute a Fourth Amendment “search” and no warrant is required. See Illinois v. Andreas, 463 U.S. 765, 771 (1983). Second, a warrantless search that violates a person’s reasonable expectation of privacy will nonetheless be “reasonable” (and therefore constitutional) if it falls within an established exception to the warrant requirement. See Illinois v. Rodriguez, 497 U.S. 177, 183 (1990). Accordingly, investigators must consider two issues when asking whether a government search of a computer requires a warrant. First, does the search violate a reasonable expectation of privacy? And if so, is the search nonetheless reasonable because it falls within an exception to the warrant requirement?
B. The Fourth Amendment’s “Reasonable Expectation
of Privacy” in Cases Involving Computers
A search is constitutional if it does not violate a person’s “reasonable” or “legitimate” expectation of privacy. Katz v. United States, 389 U.S. 347, 362 (1967) (Harlan, J., concurring). This inquiry embraces two discrete questions: first, whether the individual’s conduct reflects “an actual (subjective) expectation of privacy,” and second, whether the individual’s subjective expectation of privacy is “one that society is prepared to recognize as ‘reasonable.’” Id. at 361. In most cases, the difficulty of contesting a defendant’s subjective expectation of privacy focuses the analysis on the objective aspect of the Katz test, i.e., whether the individual’s expectation of privacy was reasonable.
No bright line rule indicates whether an expectation of privacy is constitutionally reasonable. See O’Connor v. Ortega, 480 U.S. 709, 715 (1987). For example, the Supreme Court has held that a person has a reasonable expectation of privacy in property located inside a person’s home, see Payton v. New York, 445 U.S. 573, 589-90 (1980); in conversations taking place in an enclosed phone booth, see Katz, 389 U.S. at 358; and in the contents of opaque containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982). In contrast, a person does not have a reasonable expectation of privacy in activities conducted in open fields, see Oliver v. United States, 466 U.S. 170, 177 (1984); in garbage deposited at the outskirts of real property, see California v. Greenwood, 486 U.S. 35, 40-41 (1988); or in a stranger’s house that the person has entered without the owner’s consent in order to commit a theft, see Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978).
2. Reasonable Expectation of Privacy in Computers as Storage Devices
When confronted with this issue, courts have analogized electronic storage devices to closed containers, and have reasoned that accessing the information stored within an electronic storage device is akin to opening a closed container. Because individuals generally retain a reasonable expectation of privacy in the contents of closed containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982), they also generally retain a reasonable expectation of privacy in data held within electronic storage devices. Accordingly, accessing information stored in a computer ordinarily will implicate the owner’s reasonable expectation of privacy in the information. See United States v. Barth, 26 F. Supp.2d 929, 936-37 (W.D. Tex. 1998) (finding reasonable expectation of privacy in files stored on hard drive of personal computer); United States v. Reyes, 922 F. Supp. 818, 832-33 (S.D.N.Y. 1996) (finding reasonable expectation of privacy in data stored in a pager); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995) (same); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993) (same); United States v. Blas, 1990 WL 265179, at *21 (E.D. Wis. 1990) (“[A]n individual has the same expectation of privacy in a pager, computer, or other electronic data storage and retrieval device as in a closed container.”). But see United States v. Carey,172 F.3d 1268, 1275 (10th Cir. 1999) (dicta) (analogizing a computer hard drive to a file cabinet in the context of a search pursuant to a warrant, but then stating without explanation that “the file cabinet analogy may be inadequate”).
Although individuals
generally retain a reasonable expectation of privacy in computers under
their control, special circumstances may eliminate that expectation.
For example, an individual will not retain a reasonable expectation of
privacy in information from a computer that the person has made openly
available. In United States v. David, 756 F. Supp. 1385 (D.
Nev. 1991), agents looking over the defendant’s shoulder read the defendant’s
password from the screen as the defendant typed his password into a handheld
computer. The court found no Fourth Amendment violation in obtaining
the password, because the defendant did not enjoy a reasonable expectation
of privacy “in the display that appeared on the screen.” Id.
at 1389. See also Katz v. United States, 389
U.S. 347, 351 (1967) (“What a person knowingly exposes to the public, even
in his own home or office, is not a subject of Fourth Amendment protection.”).
Nor will individuals generally enjoy a reasonable expectation of privacy
in the contents of computers they have stolen. See United
States v. Lyons, 992 F.2d 1029, 1031-32 (10th Cir. 1993).
3. Reasonable Expectation of Privacy and Third-Party Possession
Individuals who retain a reasonable expectation of privacy in stored electronic information under their control may lose Fourth Amendment protections when they relinquish that control to third parties. For example, an individual may offer a container of electronic information to a third party by bringing a malfunctioning computer to a repair shop, or by shipping a floppy diskette in the mail to a friend. Alternatively, a user may transmit information to third parties electronically, such as by sending data across the Internet. When law enforcement agents learn of information possessed by third parties that may provide evidence of a crime, they may wish to inspect it. Whether the Fourth Amendment requires them to obtain a warrant before examining the information depends first upon whether the third-party possession has eliminated the individual’s reasonable expectation of privacy.
To analyze third-party possession issues, it helps first to distinguish between possession by a carrier in the course of transmission to an intended recipient, and subsequent possession by the intended recipient. For example, if A hires B to carry a package to C, A’s reasonable expectation of privacy in the contents of the package during the time that B carries the package on its way to C may be different than A’s reasonable expectation of privacy after C has received the package. During transmission, contents generally retain Fourth Amendment protection. The government ordinarily may not examine the contents of a package in the course of transmission without a warrant. Government intrusion and examination of the contents ordinarily violates the reasonable expectation of privacy of both the sender and receiver. See United States v. Villarreal, 963 F.2d 770, 774 (5th Cir. 1992); but see United States v. Walker, 20 F. Supp.2d 971, 973-74 (S.D.W. Va. 1998) (concluding that packages sent to an alias in furtherance of a criminal scheme do not support a reasonable expectation of privacy). This rule applies regardless of whether the carrier is owned by the government or a private company. Compare Ex Parte Jackson, 96 U.S. (6 Otto) 727, 733 (1877) (public carrier) with Walter v. United States, 447 U.S. 649, 651 (1980) (private carrier).
A government “search” of an intangible electronic signal in the course of transmission may also implicate the Fourth Amendment. See Berger v. New York, 388 U.S. 41, 58-60 (1967) (applying the Fourth Amendment to a wire communication in the context of a wiretap). The boundaries of the Fourth Amendment in such cases remain hazy, however, because Congress addressed the Fourth Amendment concerns identified in Berger by passing Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (“Title III”), 18 U.S.C. §§ 2510-22. Title III, which is discussed fully in Chapter 4, provides a comprehensive statutory framework that regulates real-time monitoring of wire and electronic communications. Its scope encompasses, and in many significant ways exceeds, the protection offered by the Fourth Amendment. See United States v. Torres, 751 F.2d 875, 884 (7th Cir. 1985). As a practical matter, then, the monitoring of wire and electronic communications in the course of transmission generally raises many statutory questions, but few constitutional ones. See generally Chapter 4.
If the sender cannot reasonably expect to retain control over the item in the third party’s possession, however, the sender no longer retains a reasonable expectation of privacy in its contents. For example, in United States v. Horowitz, 806 F.2d 1222 (4th Cir. 1986), the defendant e-mailed confidential pricing information relating to his employer to his employer’s competitor. After the FBI searched the competitor’s computers and found the pricing information, the defendant claimed that the search violated his Fourth Amendment rights. The Fourth Circuit disagreed, holding that the defendant relinquished his interest in and control over the information by sending it to the competitor for the competitor’s future use. See id. at 1225-26. See also United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (holding that defendant does not retain reasonable expectation of privacy in contents of e-mail message sent to America Online chat room after the message has been received by chat room participants) (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). In some cases, the sender may initially retain a right to control the third party’s possession, but may lose that right over time. The general rule is that the sender’s Fourth Amendment rights dissipate along with the sender’s right to control the third party’s possession. For example, in United States v. Poulsen, 41 F.3d 1330 (9th Cir. 1994), computer hacker Kevin Poulsen left computer tapes in a locker at a commercial storage facility but neglected to pay rent for the locker. Following a warrantless search of the facility, the government sought to use the tapes against Poulsen. The Ninth Circuit held that the search did not violate Poulsen’s reasonable expectation of privacy because under state law Poulsen’s failure to pay rent extinguished his right to access the tapes. See id. at 1337.
An important line of Supreme Court cases states that individuals generally cannot reasonably expect to retain control over mere information revealed to third parties, even if the senders have a subjective expectation that the third parties will keep the information confidential. For example, in United States v. Miller, 425 U.S. 435, 443 (1976), the Court held that the Fourth Amendment does not protect bank account information that account holders divulge to their banks. By placing information under the control of a third party, the Court stated, an account holder assumes the risk that the information will be conveyed to the government. Id. According to the Court, “the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” Id. (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). See also Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (finding no reasonable expectation of privacy in phone numbers dialed by owner of a telephone because act of dialing the number effectively tells the number to the phone company); Couch v. United States, 409 U.S. 322, 335 (1973) (holding that government may subpoena accountant for client information given to accountant by client, because client retains no reasonable expectation of privacy in information given to accountant).
Because computer data is “information,” this line of cases suggests that individuals who send data over communications networks may lose Fourth Amendment protection in the data once it reaches the intended recipient. See United States v. Meriwether, 917 F.2d 955, 959 (6th Cir. 1990) (suggesting that an electronic message sent via a pager is “information” under the Smith/Miller line of cases); Charbonneau, 979 F. Supp. at 1184 (“[A]n e-mail message . . . cannot be afforded a reasonable expectation of privacy once that message is received.”). But see C. Ryan Reetz, Note, Warrant Requirement for Searches of Computerized Information, 67 B.U. L. Rev. 179, 200-06 (1987) (arguing that certain kinds of remotely stored computer files should retain Fourth Amendment protection, and attempting to distinguish United States v. Miller and Smith v. Maryland). Of course, the absence of constitutional protections does not necessarily mean that the government can access the data without a warrant or court order. Statutory protections exist that generally protect the privacy of electronic communications stored remotely with service providers, and can protect the privacy of Internet users when the Fourth Amendment may not. See 18 U.S.C. §§ 2701-11 (discussed in Chapter 3, infra).
Defendants will occasionally
raise a Fourth Amendment challenge to the acquisition of account records and
subscriber information held by Internet service providers using less process
than a full search warrant. As discussed in a later chapter, the Electronic
Communications Privacy Act permits the government to obtain transactional records
with an “articulable facts” court order, and basic subscriber information with
a subpoena. See 18 U.S.C. §§ 2701-11 (discussed in Chapter
3, infra). These statutory procedures comply with the Fourth Amendment
because customers of Internet service providers do not have a reasonable expectation
of privacy in customer account records maintained by and for the provider’s
business. See United States v. Hambrick, 55 F. Supp.2d 504,
508 (W.D. Va. 1999), aff’d, 225 F.3d 656, 2000 WL 1062039 (4th Cir. 2000)
(unpublished opinion) (finding no Fourth Amendment protection for network account
holder’s basic subscriber information obtained from Internet service provider);
United States v. Kennedy, 81 F. Supp.2d 1103, 1110) (D. Kan. 2000) (same).
This rule accords with prior cases considering the scope of Fourth Amendment
protection in customer account records. See, e.g., United
States v. Fregoso, 60 F.3d 1314, 1321 (8th Cir. 1995) (holding that a telephone
company customer has no reasonable expectation of privacy in account information
disclosed to the telephone company); In re Grand Jury Proceedings, 827
F.2d 301, 302-03 (8th Cir. 1987) (holding that customer account records maintained
and held by Western Union are not entitled to Fourth Amendment protection).
In United States v. Jacobsen, 466 U.S. 109 (1984), the Supreme Court presented the framework that should guide agents seeking to uncover evidence as a result of a private search. According to Jacobsen, agents who learn of evidence via a private search can reenact the original private search without violating any reasonable expectation of privacy. What the agents cannot do without a warrant is “exceed[] the scope of the private search.” Id. at 115. See also United States v. Miller, 152 F.3d 813, 815-16 (8th Cir. 1998); United States v. Donnes, 947 F.2d 1430, 1434 (10th Cir. 1991). But see United States v. Allen, 106 F.3d 695, 699 (6th Cir. 1999) (dicta) (stating that Jacobsen does not permit law enforcement to reenact a private search of a private home or residence). This standard requires agents to limit their investigation to the precise scope of the private search when searching without a warrant after a private search has occurred. So long as the agents limit themselves to the scope of the private search, the agents’ search will not violate the Fourth Amendment. However, as soon as agents exceed the scope of the private warrantless search, any evidence uncovered may be suppressed. See United States v. Barth, 26 F. Supp.2d 929, 937 (W.D. Tex. 1998) (suppressing evidence of child pornography found on computer hard drive after agents viewed more files than private technician had initially viewed during repair of defendant’s computer). In computer cases, this aspect of Jacobsen means that private searches will often be useful partly as opportunities to provide the probable cause needed to obtain a warrant for a further search. The fact that a private person has uncovered evidence of a crime on another person’s computer does not permit agents to search the entire computer. Instead, the private search permits the agents to view the evidence that the private search revealed, and, if necessary, to use that evidence as a basis for procuring a warrant to search the rest of the computer.2
Although most private search issues arise when private third parties intentionally examine property and offer evidence of a crime to law enforcement, the same framework applies when third parties inadvertently expose evidence of a crime to plain view. For example, in United States v. Procopio, 88 F.3d 21 (1st Cir. 1996), a defendant stored incriminating files in his brother’s safe. Later, thieves stole the safe, opened it, and abandoned it in a public park. Police investigating the theft of the safe found the files scattered on the ground nearby, gathered them, and then used them against the defendant in an unrelated case. The First Circuit held that the use of the files did not violate the Fourth Amendment, because the files were made openly available by the thieves’ private search. See id. at 26-27 (citing Jacobsen, 466 U.S. at 113).
Importantly, the fact
that the person conducting a search is not a government employee does not
necessarily mean that the search is “private” for Fourth Amendment purposes.
A search by a private party will be considered a Fourth Amendment government
search “if the private party act[s] as an instrument or agent of the Government.”
Skinner
v. Railway Labor Executives’ Ass’n, 489 U.S. 602, 614 (1989).
The Supreme Court has offered little guidance on when private conduct can
be attributed to the government; the Court has merely stated that this
question “necessarily turns on the degree of the Government’s participation
in the private party’s activities, . . . a question that can only be resolved
‘in light of all the circumstances.’” Id. at 614-15 (quoting
Coolidge
v. New Hampshire, 403 U.S. 443, 487 (1971)). In the absence of
a more definitive standard, the various federal Courts of Appeals have
adopted a range of approaches for distinguishing between private and government
searches. About half of the circuits apply a ‘totality of the circumstances’
approach that examines three factors: whether the government knows of or
acquiesces in the intrusive conduct; whether the party performing the search
intends to assist law enforcement efforts at the time of the search; and
whether the government affirmatively encourages, initiates or instigates
the private action. See, e.g.,
United States v.
Pervaz, 118 F.3d 1, 6 (1st Cir. 1997); United States v. Smythe,
84 F.3d 1240, 1242-43 (10th Cir. 1996); United States v. McAllister,
18 F.3d 1412, 1417-18 (7th Cir. 1994); United States v. Malbrough,
922 F.2d 458, 462 (8th Cir. 1990). Other circuits have adopted more
rule-like formulations that focus on only two of these factors. See,
e.g.,
United
States v. Miller, 688 F.2d 652, 657 (9th Cir. 1982) (holding that private
action counts as government conduct if, at the time of the search, the
government knew of or acquiesced in the intrusive conduct, and the party
performing the search intended to assist law enforcement efforts); United
States v. Paige, 136 F.3d 1012, 1017 (5th Cir. 1998) (same); United
States v. Lambert, 771 F.2d 83, 89 (6th Cir. 1985) (holding that a
private individual is a state actor for Fourth Amendment purposes if the
police instigated, encouraged or participated in the search, and the individual
engaged in the search with the intent of assisting the police in their
investigative efforts).
C. Exceptions to the Warrant Requirement in Cases Involving Computers
Warrantless searches
that violate a reasonable expectation of privacy will comply with the Fourth
Amendment if they fall within an established exception to the warrant requirement.
Cases involving computers often raise questions relating to how these “established”
exceptions apply to new technologies.
Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search. See Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973). This consent may be explicit or implicit. See United States v. Milian-Rodriguez, 759 F.2d 1558, 1563-64 (11th Cir. 1985). Whether consent was voluntarily given is a question of fact that the court must decide by considering the totality of the circumstances. While no single aspect controls the result, the Supreme Court has identified the following important factors: the age, education, intelligence, physical and mental condition of the person giving consent; whether the person was under arrest; and whether the person had been advised of his right to refuse consent. See Schneckloth, 412 U.S. at 226. The government carries the burden of proving that consent was voluntary. See United States v. Price, 599 F.2d 494, 503 (2d Cir. 1979).
In computer crime cases,
two consent issues arise particularly often. First, when does a search
exceed the scope of consent? For example, when a target consents
to the search of a machine, to what extent does the consent authorize the
retrieval of information stored in the machine? Second, who is the
proper party to consent to a search? Do roommates, friends, and parents
have the authority to consent to a search of another person’s computer
files?3
“The scope of a consent to search is generally defined by its expressed object, and is limited by the breadth of the consent given.” United States v. Pena, 143 F.3d 1363, 1368 (10th Cir. 1998). The standard for measuring the scope of consent under the Fourth Amendment is objective reasonableness: “What would the typical reasonable person have understood by the exchange between the [agent] and the [person granting consent]?” Florida v. Jimeno, 500 U.S. 248, 251 (1991). This requires a fact-intensive inquiry into whether it was reasonable for the agent to believe that the scope of consent included the items searched. Id. Of course, when the limits of the consent are clearly given, either before or during the search, agents must respect these bounds. See Vaughn v. Baldwin, 950 F.2d 331, 333 (6th Cir. 1991).
Agents should be especially
careful about relying on consent as the basis for a search of a computer when
they obtain consent for one reason but then wish to conduct a search for another
reason. In two recent cases, the Courts of Appeals suppressed images of
child pornography found on computers after agents procured the defendant’s consent
to search his property for other evidence. In United States v. Turner,
169 F.3d 84 (1st Cir. 1999), detectives searching for physical evidence of an
attempted sexual assault obtained written consent from the victim’s neighbor
to search the neighbor’s “premises” and “personal property.” Before the neighbor
signed the consent form, the detectives discovered a large knife and blood stains
in his apartment, and explained to him that they were looking for more evidence
of the assault that the suspect might have left behind. See id.
at 86. While several agents searched for physical evidence, one detective
searched the contents of the neighbor’s personal computer and discovered stored
images of child pornography. The neighbor was charged with possessing
child pornography. On interlocutory appeal, the First Circuit held that
the search of the computer exceeded the scope of consent and suppressed the
evidence. According to the Court, the detectives’ statements that they
were looking for signs of the assault limited the scope of consent to the kind
of physical evidence that an intruder might have left behind. See id.
at 88. By transforming the search for physical evidence into a search
for computer files, the detective had exceeded the scope of consent. See
id. See alsoCarey, 172 F.3d at 1277 (Baldock, J., concurring)
(concluding that agents exceeded scope of consent by searching computer after
defendant signed broadly-worded written consent form, because agents told defendant
that they were looking for drugs and drug-related items rather than
computer files containing child pornography) (citing Turner).
i) General Rules
It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this “common area” as well.
The watershed case in this area is United States v. Matlock, 415 U.S. 164 (1974). In Matlock, the Supreme Court stated that one who has “common authority” over premises or effects may consent to a search even if an absent co-user objects. Id. at 171. According to the Court, the common authority that establishes the right of third-party consent requires
mutual use of the property by persons generally having joint access or control for most purposes, so that it is reasonable to recognize that any of the co-inhabitants has the right to permit the inspection in his own right and that the others have assumed the risk that one of their number might permit the common area to be searched.Id. at 171 n.7.
Under the Matlock approach, a private third party may consent to a search of property under the third party’s joint access or control. Agents may view what the third party may see without violating any reasonable expectation of privacy so long as they limit the search to the zone of the consenting third party’s common authority. See United States v. Jacobsen, 466 U.S. 109, 119 (1984) (noting that the Fourth Amendment is not violated when a private third party invites the government to view the contents of a package under the third party’s control). This rule often requires agents to inquire into third parties’s rights of access before conducting a consent search, and to draw lines between those areas that fall within the third party’s common authority and those areas outside of the third party’s control. See United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (holding that a mother could consent to a general search of her 23-year-old son’s room, but could not consent to a search of a locked footlocker found in the room). Because the joint access test does not require a unity of interests between the suspect and the third party, however, Matlock permits third-party consent even when the target of the search is present and refuses to consent to the search. See United States v. Sumlin, 567 F.2d 684, 687 (6th Cir. 1977) (holding that woman had authority to consent to search of apartment she shared with her boyfriend even though boyfriend refused consent).
Courts have not squarely addressed whether a suspect’s decision to password-protect or encrypt files stored in a jointly-used computer denies co-users the right to consent to a search of the files under Matlock. However, it appears likely that encryption and password-protection would in most cases indicate the absence of common authority to consent to a search among co-users who do not know the password or possess the encryption key. Compare United States v. Smith, 27 F. Supp.2d 1111, 1115-16 (C.D. Ill. 1998) (concluding that a woman could consent to a search of her boyfriend’s computer located in their house, and noting that the boyfriend had not password-protected his files) with Block, 590 F.2d at 541 (concluding that a mother could not consent to search of a locked footlocker in her son’s room where she did not possess the key). Conversely, if the co-user has been given the password or encryption key by the suspect, then she probably has the requisite common authority to consent to a search of the files under Matlock. See United States v. Murphy, 506 F.2d 529, 530 (9th Cir. 1974) (per curiam) (concluding that an employee could consent to a search of an employer’s locked warehouse because the employee possessed the key, and finding “special significance” in the fact that the employer had himself delivered the key to the employee).
As a practical matter, agents
may have little way of knowing the precise bounds of a third party’s common
authority when the agents obtain third-party consent to conduct a search.
When queried, consenting third parties may falsely claim that they have common
authority over property. In Illinois v. Rodriguez, 497 U.S. 177
(1990), the Supreme Court held that the Fourth Amendment does not automatically
require suppression of evidence discovered during a consent search when it later
comes to light that the third party who consented to the search lacked the authority
to do so. See id. at 188-89. Instead, the Court
held that agents can rely on a claim of authority to consent if based on “the
facts available to the officer at the moment, . . . a man of reasonable caution
. . . [would believe] that the consenting party had authority” to consent to
a search of the premises. Id. (internal quotations omitted) (quoting
Terry v. Ohio, 392 U.S. 1, 21-22 (1968)). When agents reasonably
rely on apparent authority to consent, the resulting search does not violate
the Fourth Amendment.
ii) Spouses and Domestic Partners
iii) Parents
When the sons and daughters
who reside with their parents are legal adults, however, the issue is more complicated.
Under Matlock, it is clear that parents may consent to a search of common
areas in the family home regardless of the perpetrator’s age. See,
e.g., United States v. Lavin, 1992 WL 373486, at *6 (S.D.N.Y.
1992) (recognizing right of parents to consent to search of basement room where
son kept his computer and files). When agents would like to search an
adult child’s room or other private areas, however, agents cannot assume that
the adult’s parents have authority to consent. Although courts have offered
divergent approaches, they have paid particular attention to three factors:
the suspect’s age; whether the suspect pays rent; and whether the suspect has
taken affirmative steps to deny his or her parents access to the suspect’s room
or private area. When suspects are older, pay rent, and/or deny
access to parents, courts have generally held that parents may not consent.
See United States v. Whitfield, 939 F.2d 1071, 1075 (D.C. Cir.
1991) (holding “cursory questioning” of suspect’s mother insufficient to establish
right to consent to search of 29-year-old son’s room); United States v. Durham,
1998 WL 684241, at *4 (D. Kan. 1998) (mother had neither apparent nor
actual authority to consent to search of 24-year-old son’s room, because son
had changed the locks to the room without telling his mother, and son also paid
rent for the room). In contrast, parents usually may consent if their
adult children do not pay rent, are fairly young, and have taken no steps to
deny their parents access to the space to be searched. See United
States v. Rith, 164 F.3d 1323, 1331 (10th Cir. 1999) (suggesting that parents
are presumed to have authority to consent to a search of their 18-year-old son’s
room because he did not pay rent); United States v. Block, 590 F.2d 535,
541 (4th Cir. 1978) (mother could consent to police search of 23-year-old son’s
room when son did not pay rent).
iv) System Administrators
Every computer network is managed by a “system administrator” or “system operator” whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have “root level” access to the systems they administer, which effectively grants them master keys to open any account and read any file on their systems. When investigators suspect that a network account contains relevant evidence, they may feel inclined to seek the system administrator’s consent to search the contents of that account.
As a practical matter, the primary barrier to searching a network account pursuant to a system administrator’s consent is statutory, not constitutional. System administrators typically serve as agents of “provider[s] of electronic communication service” under the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2701-11. ECPA regulates law enforcement efforts to obtain the consent of a system administrator to search an individual’s account. See 18 U.S.C. § 2702-03. Accordingly, any attempt to obtain a system administrator’s consent to search an account must comply with ECPA. See generally Chapter 3, “The Electronic Communications Privacy Act,” infra.
To the extent that ECPA authorizes system administrators to consent to searches, the resulting consent searches will in most cases comply with the Fourth Amendment. The first reason is that individuals may not retain a reasonable expectation of privacy in the remotely stored files and records that their network accounts contain. See generally Reasonable Expectation of Privacy and Third Party Possession, supra. If an individual does not retain a constitutionally reasonable expectation of privacy in his remotely stored files, it will not matter whether the system administrator has the necessary joint control over the account needed to satisfy the Matlock test because a subsequent search will not violate the Fourth Amendment.
In the event that a court holds that an individual does possess a reasonable expectation of privacy in remotely stored account files, whether a system administrator’s consent would satisfy Matlock should depend on the circumstances. Clearly, the system administrator’s access to all network files does not by itself provide the common authority that triggers authority to consent. In the pre-Matlock case of Stoner v. California, 376 U.S. 483 (1964), the Supreme Court held that a hotel clerk lacked the authority to consent to the search of a hotel room. Although the clerk was permitted to enter the room to perform his duties, and the guest had left his room key with the clerk, the Court concluded that the clerk could not consent to the search. If the hotel guest’s protection from unreasonable searches and seizures “were left to depend on the unfettered discretion of an employee of the hotel,” Justice Stewart reasoned, it would “disappear.” Id. at 490. See also Chapman v. United States, 365 U.S. 610 (1961) (holding that a landlord lacks authority to consent to search of premises used by tenant); United States v. Most, 876 F.2d 191, 199-200 (D.C. Cir. 1989) (holding that store clerk lacks authority to consent to search of packages left with clerk for safekeeping). To the extent that the access of a system operator to a network account is analogous to the access of a hotel clerk to a hotel room, the claim that a system operator may consent to a search of Fourth Amendment-protected files is weak. Cf. Barth, 26 F. Supp.2d at 938 (holding that computer repairman’s right to access files for limited purpose of repairing computer did not create authority to consent to government search through files).
Of course, the hotel clerk
analogy may be inadequate in some circumstances. For example, an employee
generally does not have the same relationship with the system administrator
of his company’s network as a customer of a private ISP such as AOL might have
with the ISP’s system administrator. The company may grant the system
administrator of the company network full rights to access employee accounts
for any work-related reason, and the employees may know that the system administrator
has such access. In circumstances such as this, the system administrator would
likely have sufficient common authority over the accounts to be able to consent
to a search. See generally Note, Keeping Secrets in Cyberspace:
Establishing Fourth Amendment Protection for Internet Communication, 110
Harv. L. Rev. 1591, 1602-03 (1997). See also United States
v. Clarke, 2 F.3d 81, 85 (4th Cir. 1993) (holding that a drug courier hired
to transport the defendant’s locked toolbox containing drugs had common authority
under Matlock to consent to a search of the toolbox stored in the courier’s
trunk). Further, in the case of a government network, the Fourth Amendment
rules would likely differ dramatically from the rules that apply to private
networks. See generally O’Connor v. Ortega, 480 U.S. 709
(1987) (explaining how the Fourth Amendment applies within government workplaces)
(discussed infra).
Individuals often enter into agreements with the government in which they waive some of their Fourth Amendment rights. For example, prison guards may agree to be searched for drugs as a condition of employment, and visitors to government buildings may agree to a limited search of their person and property as a condition of entrance. Similarly, users of computer systems may waive their rights to privacy as a condition of using the systems. When individuals who have waived their rights are then searched and challenge the searches on Fourth Amendment grounds, courts typically focus on whether the waiver eliminated the individual’s reasonable expectation of privacy against the search. See, e.g., American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Service, 871 F.2d 556, 56-61 (6th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in government lockers after signing waivers).
A few courts have approached the same problem from a slightly different direction and have asked whether the waiver established implied consent to the search. According to the doctrine of implied consent, consent to a search may be inferred from an individual’s conduct. For example, in United States v. Ellis, 547 F.2d 863 (5th Cir. 1977), a civilian visiting a naval air station agreed to post a visitor’s pass on the windshield of his car as a condition of bringing the car on the base. The pass stated that “[a]cceptance of this pass gives your consent to search this vehicle while entering, aboard, or leaving this station.” Id. at 865 n.1. During the visitor’s stay on the base, a station investigator who suspected that the visitor had stored marijuana in the car approached the visitor and asked him if he had read the pass. After the visitor admitted that he had, the investigator searched the car and found 20 plastic bags containing marijuana. The Fifth Circuit ruled that the warrantless search of the car was permissible, because the visitor had impliedly consented to the search when he knowingly and voluntarily entered the base with full knowledge of the terms of the visitor’s pass. See id. at 866-67.
Ellis notwithstanding,
it must be noted that several circuits have been critical of the implied consent
doctrine in the Fourth Amendment context. Despite the Fifth Circuit’s
broad construction, other courts have proven reluctant to apply the doctrine
absent evidence that the suspect actually knew of the search and voluntarily
consented to it at the time the search occurred. See McGann v. Northeast
Illinois Regional Commuter R.R. Corp., 8 F.3d 1174, 1179 (7th Cir. 1993)
(“Courts confronted with claims of implied consent have been reluctant to uphold
a warrantless search based simply on actions taken in the light of a posted
notice.”); Securities and Law Enforcement Employees, District Council 82
v. Carey, 737 F.2d 187, 202 n.23 (2d Cir. 1984) (rejecting argument that
prison guards impliedly consented to search by accepting employment at prison
where consent to search was a condition of employment). Absent such evidence,
these courts have preferred to examine general waivers of Fourth Amendment rights
solely under the reasonable-expectation-of-privacy test. See id.
Under the “exigent circumstances” exception to the warrant requirement, agents can search without a warrant if the circumstances “would cause a reasonable person to believe that entry . . . was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequence improperly frustrating legitimate law enforcement efforts.” See United States v. Alfonso, 759 F.2d 728, 742 (9th Cir. 1985). In determining whether exigent circumstances exist, agents should consider: (1) the degree of urgency involved, (2) the amount of time necessary to obtain a warrant, (3) whether the evidence is about to be removed or destroyed, (4) the possibility of danger at the site, (5) information indicating the possessors of the contraband know the police are on their trail, and (6) the ready destructibility of the contraband. See United States v. Reed, 935 F.2d 641, 642 (4th Cir. 1991).
Exigent circumstances often arise in computer cases because electronic data is perishable. Computer commands can destroy data in a matter of seconds, as can humidity, temperature, physical mutilation, or magnetic fields created, for example, by passing a strong magnet over a disk. For example, in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his computer memo book, and seized the computer immediately. The district court held that the agents did not need a warrant to seize the memo book because the defendant’s acts had created exigent circumstances. See id. at 1392. Similarly, in United States v. Romero-Garcia, 991 F. Supp. 1223, 1225 (D. Or. 1997), aff’d on other grounds 168 F.3d 502 (9th Cir. 1999), a district court held that agents had properly accessed the information in an electronic pager in their possession because they had reasonably believed that it was necessary to prevent the destruction of evidence. The information stored in pagers is readily destroyed, the court noted: incoming messages can delete stored information, and batteries can die, erasing the information. Accordingly, the agents were justified in accessing the pager without first acquiring a warrant. See id. See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (in conducting search incident to arrest, agents were justified in retrieving numbers from pager because pager information is easily destroyed). Of course, in computer cases, as in all others, the existence of exigent circumstances is absolutely tied to the facts. Compare Romero-Garcia, 911 F. Supp. at 1225 with David, 756 F. Supp at 1392 n.2 (dismissing as “lame” the government’s argument that exigent circumstances supported search of a battery-operated computer because the agent did not know how much longer the computer’s batteries would live) and United States v. Reyes, 922 F. Supp. 818, 835-36 (S.D.N.Y. 1996) (concluding that exigent circumstances could not justify search of a pager because the government agent unlawfully created the exigency by turning on the pager).
Importantly, the existence
of exigent circumstances does not permit agents to search or seize beyond what
is necessary to prevent the destruction of the evidence. When the exigency
ends, the right to conduct warrantless searches does as well: the need to take
certain steps to prevent the destruction of evidence does not authorize agents
to take further steps without a warrant. See United States v.
Doe, 61 F.3d 107, 110-11 (1st Cir. 1995). Accordingly, the seizure
of computer hardware to prevent the destruction of information it contains will
not ordinarily support a subsequent search of that information without a warrant.
See David, 756 F. Supp. at 1392.
Evidence of a crime may be seized without a warrant under the plain view exception to the warrant requirement. To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent. See Horton v. California, 496 U.S. 128 (1990). For example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine.
United States v.
Carey, 172 F.3d 1268, 1273 (10th Cir. 1999), provides a useful example.
In Carey, a police detective searching a hard drive with a warrant
for drug trafficking evidence opened a “jpg” file and instead discovered
child pornography. At that point, the detective abandoned the search
for drug trafficking evidence and spent five hours accessing and downloading
several hundred “jpg” files in a search for more child pornography.
When the defendant moved to exclude the child pornography files on the
ground that they were seized beyond the scope of the warrant, the government
argued that the detective had seized the “jpg” files properly because the
contents of the contraband files were in plain view. The Tenth Circuit
rejected this argument with respect to all of the files except for the
first “jpg” file the detective discovered. See id.
at 1273, 1273 n.4. Although the court’s reasoning is somewhat opaque,
this aspect of Carey seems sensible. The plain view exception
permits agents to seize property found in plain view, not to infringe a
suspect’s right to privacy until his property comes into plain view.
As a result, the detective could seize the first “jpg” file that came into
plain view when the detective was executing the search warrant, but could
not rely on the plain view exception to justify the search for additional
“jpg” files on the defendant’s computers that were beyond the scope of
the warrant.
4. Search Incident to a Lawful Arrest
Pursuant to a lawful arrest, agents may conduct a “full search” of the arrested person, and a more limited search of his surrounding area, without a warrant. See United States v. Robinson, 414 U.S. 218, 235 (1973); Chimel v. California, 395 U.S. 752, 762-63 (1969). For example, in Robinson, a police officer conducting a patdown search incident to an arrest for a traffic offense discovered a crumpled cigarette package in the suspect’s left breast pocket. Not knowing what the package contained, the officer opened the package and discovered fourteen capsules of heroin. The Supreme Court held that the search of the package was permissible, even though the officer had no articulable reason to open the package. See id. at 234-35. In light of the general need to preserve evidence and prevent harm to the arresting officer, the Court reasoned, it was perse reasonable for an officer to conduct a “full search of the person” pursuant to a lawful arrest. Id. at 235.
Due to the increasing use of handheld and portable computers and other electronic storage devices, agents often encounter computers when conducting searches incident to lawful arrests. Suspects may be carrying pagers, Personal Digital Assistants (such as Palm Pilots), or even laptop computers when they are arrested. Does the search-incident-to-arrest exception permit an agent to access the memory of an electronic storage device found on the arrestee’s person during a warrantless search incident to arrest? In the case of electronic pagers, the answer clearly is “yes.” Relying on Robinson, courts have uniformly permitted agents to access electronic pagers carried by the arrested person at the time of arrest. See United States v. Reyes, 922 F. Supp. 818, 833 (S.D.N.Y. 1996) (holding that accessing numbers in a pager found in bag attached to defendant’s wheelchair within twenty minutes of arrest falls within search-incident-to-arrest exception); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995); Yu v. United States, 1997 WL 423070 (S.D.N.Y. 1997); United States v. Thomas, 114 F.3d 403, 404 n.2 (3d Cir. 1997) (dicta). See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (same holding, but relying on an exigency theory).
Courts have not yet addressed whether Robinson will permit warrantless searches of electronic storage devices that contain more information than pagers. In the paper world, certainly, cases have allowed extensive searches of written materials discovered incident to lawful arrests. For example, courts have uniformly held that agents may inspect the entire contents of a suspect’s wallet found on his person. See, e.g., United States v. Castro, 596 F.2d 674, 676 (5th Cir. 1979); United States v. Molinaro, 877 F.2d 1341, 1347 (7th Cir. 1989) (citing cases). Similarly, one court has held that agents could photocopy the entire contents of an address book found on the defendant’s person during the arrest, see United States v. Rodriguez, 995 F.2d 776, 778 (7th Cir. 1993), and others have permitted the search of a defendant’s briefcase that was at his side at the time of arrest. See, e.g., United States v. Johnson, 846 F.2d 279, 283-84 (5th Cir. 1988); United States v. Lam Muk Chiu, 522 F.2d 330, 332 (2d Cir. 1975). If agents can examine the contents of wallets, address books, and briefcases without a warrant, it could be argued that they should be able to search their electronic counterparts (such as electronic organizers, floppy disks, and Palm Pilots) as well. Cf. United v. Tank, 200 F.3d 627, 632 (9th Cir. 2000) (holding that agents searching a car incident to a valid arrest properly seized a Zip disk found in the car, but failing to discuss whether the agents obtained a warrant before searching the disk for images of child pornography).
The limit on this argument
is that any search incident to an arrest must be reasonable. See
Swain v. Spinney, 117 F.3d 1, 6 (1st Cir. 1997). While a search
of physical items found on the arrestee’s person may always be reasonable, more
invasive searches in different circumstances may violate the Fourth Amendment.
See, e.g. Mary Beth G. v. City of Chicago, 723 F.2d 1263,
1269-71 (7th Cir. 1983) (holding that Robinson does not permit strip
searches incident to arrest because such searches are not reasonable in context).
For example, the increasing storage capacity of handheld computers suggests
that Robinson’s bright line rule may not always apply in the case of
electronic searches. Courts may conclude that a quick search through a
pager that stores a few phone numbers is reasonable incident to an arrest, but
that a very time-consuming search through a handheld computer that contains
an entire warehouse of information presents a different case. Cf. United
States v. O’Razvi, 1998 WL 405048, at *7 n.7 (S.D.N.Y. 1998).
When in doubt, agents should obtain a search warrant before examining the contents
of electronic storage devices that might contain large amounts of information.
Law enforcement officers routinely inventory the items they have seized. Such “inventory searches” are reasonable — and therefore fall under an exception to the warrant requirement — when two conditions are met. First, the search must serve a legitimate, non-investigatory purpose (e.g., to protect an owner’s property while in custody; to insure against claims of lost, stolen, or vandalized property; or to guard the police from danger) that outweighs the intrusion on the individual’s Fourth Amendment rights. See Illinois v. Lafayette, 462 U.S. 640, 644 (1983); South Dakota v. Opperman, 428 U.S. 364, 369 (1976). Second, the search must follow standardized procedures. See Colorado v. Bertine, 479 U.S. 367, 374 n.6 (1987); Florida v. Wells, 495 U.S. 1, 4-5 (1990).
It is unlikely that
the inventory-search exception to the warrant requirement would support
a search through seized computer files. See O’Razvi,
1998 WL 405048, at *6-7 (noting the difficulties of applying the inventory-search
requirements to computer disks). Even assuming that standard procedures
authorized such a search, the legitimate purposes served by inventory searches
in the physical world do not translate well into the intangible realm.
Information does not generally need to be reviewed to be protected, and
does not pose a risk of physical danger. Although an owner could
claim that his computer files were altered or deleted while in police custody,
examining the contents of the files would offer little protection from
tampering. Accordingly, agents will generally need to obtain a search warrant
in order to examine seized computer files held in custody.
In order to protect the government’s ability to monitor contraband and other property that may enter or exit the United States illegally, the Supreme Court has recognized a special exception to the warrant requirement for searches that occur at the border of the United States. According to the Court, “routine searches” at the border or its functional equivalent do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence. United States v. Montoya De Hernandez, 473 U.S. 531, 538 (1985). Searches that are especially intrusive require at least reasonable suspicion, however. See id.. at 541. These rules apply to people and property both entering and exiting the United States. See United States v. Oriakhi, 57 F.3d 1290, 1297 (4th Cir. 1995).
At least one court has interpreted the border search exception to permit a warrantless search of a computer disk for contraband computer files. In United States v. Roberts, 86 F. Supp.2d 678 (S.D. Tex. 2000), United States Customs Agents learned that William Roberts, a suspect believed to be carrying computerized images of child pornography, was scheduled to fly from Houston, Texas to Paris, France on a particular day. On the day of the flight, the agents set up an inspection area in the jetway at the Houston airport with the sole purpose of searching Roberts. Roberts arrived at the inspection area and was told by the agents that they were searching for “currency” and “high technology or other data” that could not be exported legally. Id. at 681. After the agents searched Roberts’ property and found a laptop computer and six Zip diskettes, Roberts agreed to sign a consent form permitting the agents to search his property. A subsequent search revealed several thousand images of child pornography. See id. at 682. When charges were brought, Roberts moved for suppression of the computer files, but the district court ruled that the search had not violated the Fourth Amendment. According to the court, the search of Roberts’ luggage had been a “routine search” for which no suspicion was required, even though the justification for the search offered by the agents merely had been a pretext. See id. at 686 (citing Whren v. United States, 517 U.S. 806 (1996)). The court also concluded that Roberts’ consent justified the search of the laptop and diskettes, and indicated that even if Roberts had not consented to the search, “[t]he search of the defendant’s computer and diskettes would have been a routine export search, valid under the Fourth Amendment.” See Roberts, 98 F. Supp.2d at 688.
Importantly, agents
and prosecutors should not interpret Roberts as permitting the interception
of data transmitted electronically to and from the United States.
Any real-time interception of electronically transmitted data in the United
States must comply strictly with the requirements of Title III, 18 U.S.C.
§§ 2510-22. See generally Chapter 4.
Further, once electronically transferred data from outside the United States
arrives at its destination within the United States, the government ordinarily
cannot rely on the border search exception to search for and seize the
data because the data is no longer at the border or its functional equivalent.
Cf.Almeida-Sanchez
v. United States, 413 U.S. 266, 273-74 (1973) (concluding that a search
that occurred 25 miles from the United States border did not qualify for
the border search exception, even though the search occurred on a highway
known as a common route for illegal aliens, because it did not occur at
the border or its functional equivalent).
Outside the United States border, searching and seizing electronic evidence raises difficult questions of both law and policy. Because the Internet is a global network, international issues may arise in many cases; even a domestic investigation may involve a computer system, data, witness or subject located in a foreign jurisdiction. In such cases, the Fourth Amendment may or may not apply, depending on the circumstances. See generally United States v. Verdugo-Urquidez, 494 U.S. 259 (1990) (considering the extent to which the Fourth Amendment applies to searches outside of the United States). However, international policies regarding sovereignty and privacy may require the United States to take actions ranging from informal notice to a formal request for assistance to the country concerned.
This manual will not attempt to provide detailed guidance on how to resolve international issues that arise in such cases. Investigators and prosecutors should contact the Office of International Affairs at (202) 514-0000 for assistance. However, a few basic principles can be stated here. The United States maintains approximately 40 bilateral mutual legal assistance treaty relationships and many other relationships pursuant to letters rogatory or other longstanding means of cooperation. While cooperation with respect to computer and electronic evidence is under further development internationally, these treaty structures and ongoing relationships continue to provide the legal and practical means by which the United States both seeks and provides legal assistance. When agents learn prior to a search that some of all of the data to be searched is located in a foreign jurisdiction, they should seek advice from the Office of International Affairs as to the need for and appropriate means to seek assistance from that country.
When immediate international assistance is required, the international network of 24-hour Points of Contact established by the High-tech Crime Subgroup of the G-8 countries can provide assistance, such as preserving data and assisting in real-time tracing of cross-border communications. See generally Michael A. Sussmann, The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium, 9 Duke J. Comp. & Int’l L. 451, 484 (1999). The network is available twenty-four hours a day to respond to urgent requests for assistance in international high-tech crime investigations, or cases involving electronic evidence. The membership currently includes Australia, Brazil, Canada, Denmark, Finland, France, Germany, Italy, Japan, Republic of Korea, Luxembourg, Russia, Spain, Sweden, United Kingdom, and the United States, and continues to grow. The Point of Contact for the United States is CCIPS, which can be contacted at (202) 514-1026 during regular business hours, or, after hours, through the DOJ Command Center at (202) 514-5000. CCIPS also has computer crime law enforcement contacts in countries beyond members of the network; agents and prosecutors can call CCIPS for assistance.
Finally, international
issues may also arise when the United States responds to foreign requests
for international legal assistance for computer and electronic evidence.
Investigators and prosecutors can the Office of International Affairs ((202)
514-0000) or CCIPS for additional advice.
D. Special Case: Workplace Searches
Warrantless workplace searches deserve a separate analysis because they occur often in computer cases and raise unusually complicated legal issues. The primary cause of the analytical difficulty is the Supreme Court’s complex decision in O’Connor v. Ortega, 480 U.S. 709 (1987). Under O’Connor, the legality of warrantless workplace searches depends on often-subtle factual distinctions such as whether the workplace is public sector or private sector, whether employment policies exist that authorize a search, and whether the search is work-related.
Every warrantless workplace search must be evaluated carefully on its facts. In general, however, law enforcement officers can conduct a warrantless search of private (i.e., non-government) workplaces only if the officers obtain the consent of either the employer or another employee with common authority over the area searched. In public (i.e., government) workplaces, officers cannot rely on an employer’s consent, but can conduct searches if written employment policies or office practices establish that the government employees targeted by the search cannot reasonably expect privacy in their workspace. Further, government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees’ reasonable expectation of privacy.
One cautionary note
is in order before we proceed. This discussion evaluates the legality
of warrantless workplace searches of computers under the Fourth Amendment.
In many cases, however, workplace searches will implicate federal privacy
statutes in addition to the Fourth Amendment. For example, efforts
to obtain an employee’s files and e-mail from the employer’s network
server raise issues under the Electronic Communications Privacy Act, 18
U.S.C. §§ 2701-11 (discussed in Chapter 3), and workplace monitoring
of an employee’s Internet use implicates Title III, 18 U.S.C. §§
2510-22 (discussed in Chapter 4). Before conducting a workplace search,
investigators must make sure that their search will not violate either
the Fourth Amendment or relevant federal privacy statutes. Investigators
should contact CCIPS at (202) 514-1026 or the CTC in their district for
further assistance.
1. Private Sector Workplace Searches
The rules for conducting
warrantless searches and seizures in private-sector workplaces generally
mirror the rules for conducting warrantless searches in homes and other
personal residences. Private company employees generally retain a
reasonable expectation of privacy in their workplaces. As a result, private-workplace
searches by law enforcement will usually require a warrant unless the agents
can obtain the consent of an employer or a co-worker with common authority.
a) Reasonable Expectation of Privacy in Private-Sector Workplaces
Private-sector employees will
usually retain a reasonable expectation of privacy in their office space.
In Mancusi v. DeForte, 392 U.S. 364 (1968), police officers conducted
a warrantless search of an office at a local union headquarters that defendant
Frank DeForte shared with several other union officials. In response to
DeForte’s claim that the search violated his Fourth Amendment rights, the police
officers argued that the joint use of the space by DeForte’s co-workers made
his expectation of privacy unreasonable. The Court disagreed, stating
that DeForte “still could reasonably have expected that only [his officemates]
and their personal or business guests would enter the office, and that records
would not be touched except with their permission or that of union higher-ups.”
Id. at 369. Because only a specific group of people actually enjoyed
joint access and use of DeForte’s office, the officers’ presence violated DeForte’s
reasonable expectation of privacy. See id. See also
United States v. Most, 876 F.2d 191, 198 (D.C. Cir. 1989) (“[A]n individual
need not shut himself off from the world in order to retain his fourth amendment
rights. He may invite his friends into his home but exclude the police;
he may share his office with co-workers without consenting to an official search.”);
United States v. Lyons, 706 F.2d 321, 325 (D.C. Cir. 1983) (“One may
freely admit guests of one’s choosing — or be legally obligated to admit specific
persons — without sacrificing one’s right to expect that a space will remain
secure against all others.”). As a practical matter, then, private employees
will generally retain an expectation of privacy in their work space unless that
space is “open to the world at large.” Id. at 326.
b) Consent in Private Sector-Workplaces
Although most non-government workplaces will support a reasonable expectation of privacy from a law enforcement search, agents can defeat this expectation by obtaining the consent of a party who exercises common authority over the area searched. See Matlock, 415 U.S. at 171. In practice, this means that agents can often overcome the warrant requirement by obtaining the consent of the target’s employer or supervisor. Depending on the facts, a co-worker’s consent may suffice as well.
Private-sector employers and supervisors generally enjoy a broad authority to consent to searches in the workplace. For example, in United States v. Gargiso, 456 F.2d 584 (2d Cir. 1972), a pre-Matlock case, agents conducting a criminal investigation of an employee of a private company sought access to a locked, wired-off area in the employer’s basement. The agents explained their needs to the company’s vice-president, who took the agents to the basement and opened the basement with his key. When the employee attempted to suppress the evidence that the agents discovered in the basement, the court held that the vice-president’s consent was effective. Because the vice-president shared supervisory power over the basement with the employee, the court reasoned, he could consent to the agents’ search of that area. Id. at 586-87. See also United States v. Bilanzich, 771 F.2d 292, 296-97 (7th Cir. 1985) (holding that the owner of a hotel could consent to search of locked room used by hotel employee to store records, even though owner did not carry a key, because employee worked at owner’s bidding); J.L. Foti Constr. Co. v. Donovan, 786 F.2d 714, 716-17 (6th Cir. 1986) (per curiam) (holding that a general contractor’s superintendent could consent to an inspection of an entire construction site, including subcontractor’s work area). In a close case, an employment policy or computer network banner that establishes the employer’s right to consent to a workplace search can help establish the employer’s common authority to consent under Matlock. See Appendix A.
Agents should be careful about
relying on a co-worker’s consent to conduct a workplace search. While
employers generally retain the right to access their employees’ work spaces,
co-workers may or may not, depending on the facts. When co-workers do
exercise common authority over a workspace, however, investigators can rely
on a co-worker’s consent to search that space. For example, in United
States v. Buettner-Janusch, 646 F.2d 759 (2d Cir. 1981), a professor and
an undergraduate research assistant at New York University consented to a search
of an NYU laboratory managed by a second professor suspected of using his laboratory
to manufacture LSD and other drugs. Although the search involved opening
vials and several other closed containers, the Second Circuit held that Matlock
authorized the search because both consenting co-workers had been authorized
to make full use of the lab for their research. See id.
at 765-66. See also United States v. Jenkins, 46
F.3d 447, 455-58 (5th Cir. 1995) (allowing an employee to consent to a
search of the employer’s property); United States v. Murphy, 506 F.2d
529, 530 (9th Cir. 1974) (per curiam) (same); United States v. Longo,
70 F. Supp.2d 225, 256 (W.D.N.Y. 1999) (allowing secretary to consent to search
of employer’s computer). But see United States v. Buitrago
Pelaez, 961 F. Supp. 64, 67-68 (S.D.N.Y. 1997) (holding that a receptionist
could consent to a general search of the office, but not of a locked safe to
which receptionist did not know the combination).
c) Employer Searches in Private-Sector Workplaces
Warrantless workplace
searches by private employers rarely violate the Fourth Amendment.
So long as the employer is not acting as an instrument or agent of the
Government at the time of the search, the search is a private search and
the Fourth Amendment does not apply. See Skinner v. Railway
Labor Executives’ Ass’n, 489 U.S. 602, 614 (1989).
2. Public-Sector Workplace Searches
Although warrantless
computer searches in private-sector workplaces follow familiar Fourth Amendment
rules, the application of the Fourth Amendment to public-sector workplace
searches of computers presents a different matter. In O’Connor
v. Ortega, 480 U.S. 709 (1987), the Supreme Court introduced a distinct
framework for evaluating warrantless searches in government workplaces
that applies to computer searches. According to O’Connor,
a government employee can enjoy a reasonable expectation of privacy in
his workplace. See id. at 717 (O’Connor, J., plurality
opinion); Id. at 721 (Scalia, J., concurring). However, an
expectation of privacy becomes unreasonable if “actual office practices
and procedures, or . . . legitimate regulation” permit the employee’s supervisor,
co-workers, or the public to enter the employee’s workspace. Id.
at 717 (O’Connor, J., plurality opinion). Further, employers can
conduct “reasonable” warrantless searches even if the searches violate
an employee’s reasonable expectation of privacy. Such searches include
work-related, noninvestigatory intrusions (e.g., entering an employee’s
locked office to retrieve a file) and reasonable investigations into work-related
misconduct. See id. at 725-26 (O’Connor, J., plurality
opinion); Id. at 732 (Scalia, J., concurring).
a) Reasonable Expectation of Privacy in Public Workplaces
The reasonable expectation of privacy test formulated by the O’Connor plurality asks whether a government employee’s workspace is “so open to fellow employees or to the public that no expectation of privacy is reasonable.” O’Connor, 480 U.S. at 718 (plurality opinion). This standard differs significantly from the standard analysis applied in private workplaces. Whereas private-sector employees enjoy a reasonable expectation of privacy in their workspace unless the space is “open to the world at large,” Lyons, 706 F.2d at 326, government employees retain a reasonable expectation of privacy in the workplace only if a case-by-case inquiry into “actual office practices and procedures” shows that it is reasonable for employees to expect that others will not enter their space. See O’Connor, 480 U.S. at 717 (plurality opinion); Rossi v. Town of Pelham, 35 F. Supp.2d. 58, 63 (D.N.H. 1997). See also O’Connor, 480 U.S. at 730-31 (Scalia, J., concurring) (noting the difference between the expectation-of-privacy analysis offered by the O’Connor plurality and that traditionally applied in private workplace searches). From a practical standpoint, then, public employees are less likely to retain a reasonable expectation of privacy against government searches at work than are private employees.
Courts evaluating public employees’ reasonable expectation of privacy in the wake of O’Connor have considered the following factors: whether the work area in question is assigned solely to the employee; whether others have access to the space; whether the nature of the employment requires a close working relationship with others; whether office regulations place employees on notice that certain areas are subject to search; and whether the property searched is public or private. See Vega-Rodriguez v. Puerto Rico Tel. Co., 110 F.3d 174, 179-80 (1st Cir. 1997) (summarizing cases); United States v. Mancini, 8 F.3d 104, 109 (1st Cir. 1993). In general, the courts have rejected claims of an expectation of privacy in an office when the employee knew or should have known that others could access the employee’s workspace. See e.g., Sheppard v. Beerman, 18 F.3d 147, 152 (2d Cir. 1994) (holding that judge’s search through his law clerk’s desk and file cabinets did not violate the clerk’s reasonable expectation of privacy because of the clerk’s close working relationship with the judge); Schowengerdt v. United States, 944 F.2d 483, 488 (9th Cir. 1991) (holding that civilian engineer employed by the Navy who worked with classified documents at an ordinance plant had no reasonable expectation of privacy in his office because investigators were known to search employees’ offices for evidence of misconduct on a regular basis). But see United States v. Taketa, 923 F.2d 665, 673 (9th Cir. 1991) (concluding in dicta that public employee retained expectation of privacy in office shared with several co-workers). In contrast, the courts have found that a search violates a public employee’s reasonable expectation of privacy when the employee had no reason to expect that others would access the space searched. See O’Connor, 480 U.S. at 718-19 (plurality) (holding that physician at state hospital retained expectation of privacy in his desk and file cabinets where there was no evidence that other employees could enter his office and access its contents); Rossi, 35 F. Supp.2d at 64 (holding that town clerk enjoyed reasonable expectation of privacy in 8' x 8' office that the public could not access and other town employees did not enter).
While agents must evaluate whether a public employee retains a reasonable expectation of privacy in the workplace on a case-by-case basis, official written employment policies can simplify the task dramatically. See O’Connor, 480 U.S. at 717 (plurality) (noting that “legitimate regulation” of the work place can reduce public employees’ Fourth Amendment protections). Courts have uniformly deferred to public employers’ official policies that expressly authorize access to the employee’s workspace, and have relied on such policies when ruling that the employee cannot retain a reasonable expectation of privacy in the workplace. See American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Serv., 871 F.2d 556, 56-61 (6th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in contents of government lockers after signing waivers stating that lockers were subject to inspection at any time, even though lockers contained personal items); United States v. Bunkers, 521 F.2d 1217, 1219-1220 (9th Cir. 1975) (same, noting language in postal manual stating that locker is “subject to search by supervisors and postal inspectors”). Of course, whether a specific policy eliminates a reasonable expectation of privacy is a factual question. Employment policies that do not explicitly address employee privacy may prove insufficient to eliminate Fourth Amendment protection. See, e.g., Taketa, 923 F.2d at 672-73 (concluding that regulation requiring DEA employees to “maintain clean desks” did not defeat workplace expectation of privacy of non-DEA employee assigned to DEA office).
In general, government employees who are notified that their employer has retained rights to access or inspect information stored on the employer’s computers can have no reasonable expectation of privacy in the information stored there. For example, in United States v. Simons, 206 F.3d 392 (4th Cir. 2000), computer specialists at a division of the Central Intelligence Agency learned that an employee named Mark Simons had been using his desktop computer at work to obtain pornography available on the Internet, in violation of CIA policy. The computer specialists accessed Simons’ computer remotely without a warrant, and obtained copies of over a thousands picture files that Simons had stored on his hard drive. Many of these pi
