Clancy
Fall 2012
Cybercrime
I. 4th Amendment Analysis
a. First, does the 4th Amendment apply?
i. Must be a government activity that is a “search” or “seizure”
ii. You must have a protected interest: liberty, possession, privacy
Objects Protected
By Search
By Seizure
People
REP analysis
Liberty
Houses
REP
Possession
Paper
REP
Possession
Effects
REP
Possession
b. Second, is it satisfied?
i. Was the search or seizure reasonable?
1. Governs the initial intrusion and
2. The scope of the intrusion
ii. Warrant clause requirements
1. Under oath, probable cause, neutral & detached magistrate, etc.
II. Federal Statutes
a. Wiretap Act, which governs interception of the contents of communications in real time
b. Pen/Trap, which governs interception of the non-content aspects of communications in real time
c. Stored Communications Act, which regulates access to the content and non-content of records held in electronic storage by certain entities
i. The Electronic Communications Privacy Act (ECPA), party of the Stored Comm. Act regulates disclosure of electronic communications & subscriber information
ii. IP addresses are unique to a computer
iii. 18 U.S.C. 2703 is the core provision that authorizes the government to require disclosure of stored communications and transaction records by third-party service providers
1. Must provide the (1) name (2) address (3) telephone or instrument # or other subscriber number or identity, including any temporarily assigned network address of a subscriber to or customer of such service
iv. Under the ECPA, though, we need a certain level of process
v. Violations of ECPA does not warrant exclusion of evidence
III. 4th Amendment Expectation of Privacy Analysis
a. You must have
i. A subjective expectation of privacy, and
ii. Society must recognize this expectation as reasonable
b. When does a person have REP in data on computer?
i. Important to distinguish b/w exterior of the computer (incl what is visible on the monitor’s screen) and its contents
ii. Private Computers
iii. Work & Gov’t Computers
1. Gov’t employees may have legitimate REP, but it is a Case by Case Analysis; Factors
a. Context of employment relation
b. Access of other employees/public
c. Office policies, practices, or regulation
i. Practice of monitoring, for example
ii. These may reduce or eliminate any expectation
iv. No REP in laptop provided by an employer based on the employer’s reserving the right to inspect
v. A person who has no ownership in a computer that has been assigned by a company to another user has no standing to challenge its search
vi.
c. Quon Case:
i. Formal written policy saying user had no REP; Quon was aware & signed
ii. The Gov’t here obtained the information from a third party, i.e. outside his box
iii. No real answers in this case, but possible factors:
1. Informal policy that if you pay overages, will not audit
2. Public vs. Private Employer
3. Gov’t has interest in reviewing messages
a. Performance evaluations
b. Litigation on police actions
c. Comply with open record laws
IV. Private Searches & Seizures
a. S. Ct. Test: Totality of the Circumstances
b. 4th Am applicable only to gov’t activity, but 3 situations for private searches that may work:
i. Who is a Gov’t Agent? Turns on 2 Factors
1. Whether the government knew or acquiesced in the private party’s conduct; and
a. Generally Gov’t needs to encourage or instigate
2. Whether the private party’s purpose was to assist LE efforts or to further his or her own ends
ii. Computer Technicians/Repairmen
1. Usually does not implicate 4th Am unless at request of law enforcement
iii. Hackers
1. This hacker got access via Trojan horse and hacker finds a bunch of child porn and he calls up the FBI; private person
2. “If you want to bring other information forward, I am available” = not a gov’t agent; not enough.
3. Proverbial “wink and nod” though, no prosecution for hacking…=gov’t agent
c. Replicating Private Search
i. Replication
1. If private parties have searched something, the gov’t one is not a “search” as long as it does not exceed the scope of the private one b/c you’re reasonable expectation of privacy has been extinguished.
ii. Context
1. Example: private party opens folder & opens 3 CP pics, what if gov’t opens more in this folder?
a. Courts are split, but generally, the rule is that opening a container that was not opened by private searchers would not necessarily be problematic if the police knew with substantial certainty, based on the (1) statements of the private searchers, (2) their replication of the private search, and their (3) expertise, what they would find inside
2. Depends on what is a container in the comp
either by specialized personnel or an independent third party.
i. If the segregation is to be done by gov’t computer personnel, gov’t must agree in warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant.
c. Warrants & subpoenas must disclose actual risks of destruction of information as well as prior efforts to seize that info in other judicial fora.
d. Gov’t’s search protocol must be designed to uncover only the info for which it has probable cause, and only that information may be examined by the case agents.
e. Gov’t must destroy or return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept
iii. Plain View Doctrine
1. Requirements
a. Prior Valid Intrusion
b. Observing Object in Plain View from lawful vantage point to seize the object
c. Incriminating character of object immediately apparent (court says this is probable cause)
2. Plain View allows everywhere to be searched where the thing in the search warrant could be found.
a. i.e. Hicks case
i. Not in plain view b/c looking for a gun and they moved the stereo equipment to see serial numbers where ot could not have been
3. S. Court rejected ‘inadvertent’ requirement
a. Some courts require this, but this is usually how stuff in plain view is found anyway
4. Distinguishing ‘merely looking’
a. If FBI agent merely looks over suspect’s shoulder why he is typing in a password and he gets it, this is NOT plain view. It is just that he had no REP.
VI. Warrants for Digital Evidence
a. Warrant has 3 requirements (Dalia)
i. Oath or affirmation
ii. Probable Cause to search
iii. Particular description of the place to be searched & the things to be seized
1. Adequacy of description in warrant = Does it enable officer to identify with reasonable certainty person to arrest, place to be searched, items to seize? Maryland v. Garrison
b. Search Warrant Documents
i. Application
ii. Attachment to application – underlying facts
iii. Warrant