I recently answered the following question:
“I’m 46 yrs old. Moved out of my childhood home and into a home with my wife in another town two years ago, leaving my 48 year old brother and mom still living at the residence. Left behind my old pc since I didn’t really have room for it. Haven’t used it hardly in the past two years except for a handful of days when due to inclement weather it was easier to crash there for the night. Last week my brother’s laptop and other electronics were seized from the home due to a report of questionable photos on his computer. While searching his room they went to the back room and took my computer as well. Were they lawful in seizing my computer since I had nothing to do with these complaints or any of this fiasco for that matter?”
Generally my answer hinged on whether there was a warrant or a subpoena or was this a warrantless search. Now I would like to explore this question giving some more detail. However, there is no way I can explore all the areas of this complex issue here. If the police have seized or are searching your computer, I strongly urge you to contact me immediately so I can put my years of experience to work to protect you.
The same Fourth Amendment principles that apply to other kinds of searches apply to computer searches. The search and seizure must not only be reasonable, but must be performed pursuant to a warrant, issued on probable cause and particularly describing the place to be searched and the things to be seized. In a rare case, one of the few exceptions to the warrant requirement may apply. In other words, there are two steps in a search and seizure of computerized information, each of which must comply with the Fourth Amendment: (1) the search for and (possible) seizure of the hardware or other media (e.g., thumb drives etc) upon which the information described in the warrant is believed to be stored, and (2) the search for and seizure of the particular files or data specified in the warrant.
The Supreme Court told us of the “grave danger” to privacy inherent in a search and seizure of a person’s papers — that private documents for which there is no probable cause may be examined in the course of searching for documents described in a warrant. The privacy threat is heightened in searches of computers because of the broad nature of what is stored there. Individuals and businesses use computers to create, store, and communicate every type of information imaginable, from the most public to the most sensitive, including trade secrets, privileged communications, private correspondence, pictures, and stray thoughts never intended to see the light of day. Any given hard drive is full of information the average user assumes never was or is no longer there — the content of Web sites visited, e-mails sent off and forgotten, documents deleted or never deliberately saved. Furthermore, embedded in any computerized document is information that can appear to be damning evidence that a specific person downloaded, wrote, modified or viewed the document at a certain time, i.e., Tommy wrote the threatening email on July 10, 2014 between 3:02 and 3:10 A.M., though in fact it may have been his new roommate Jill who wrote it or the dates and times may have been altered because Jill was jealous of the time Tommy was spending with the ex because of the kids on July 4th. And even Tommy did write the email, what was his intent? Was he drunk or high when he wrote it?
Compared to a physical environment, there is much less control over what data is stored on a computer. In the context of a physical environment, items can be positively destroyed. In contrast, files marked for deletion on computers can still be recovered by investigators; as long as a user does not reuse a particular “cluster” of data, the file marked for deletion will remain undisturbed, and “slack space” on a hard drive can even save this information after reuse. Temporary files created by programs like Microsoft Word and the automatic data retention of
Internet browsers also add to this confusion. And as computers become integrated in businesses and people’s daily lives, it is more often necessary in normal criminal investigations that do not involve cyber-crimes to search a suspect’s computer. The question of what rules should govern these searches is of utmost importance.
Computers are thus tempting and frequent search targets in criminal investigations. Fortunately, the technical means exist to search computers for particular information by keyword searches without rummaging through private information not described in a warrant. In an internet threat case, the prosecution can search for files with certain words or even pictures without the need to look at any text file. The constraints of physical environments make it unreasonable to search for a stolen car inside a house, or for any number of items that cannot physically be in the area searched. This consideration is not present with the fungibility of computer files. However, one court has noted the inherent problem of limiting computer searches where evidence “could be nearly anywhere on … [a] computer” because of “manipulation to hide [file] contents.” Mann, 592 F.3d 779 (7th Cir. 2010)
For a good start on the case law and a look at Office of Legal Educ., Exec. Office for U.S. Attorneys, Searching and Seizing Computers and Obtaining Electronic Evidence In Criminal Investigations 62 (2009), available at http://www.cybercrime.gov/ssmanual/ssmanual2009.pdf.