Computers and electronic storage media can hold massive quantities of data. At approximately 30,000 pages per gigabyte, a low-end laptop computer with a 250 gigabyte hard drive can store the equivalent of more than 7 million pages of paper. That’s thousands of bankers’ boxes worth, or as many pages as you’d find at a branch library with 30,000 books.
When a law enforcement officer searches a computer, whether under a search warrant or a warrant exception, the officer typically searches the entire computer. At one level, this makes perfect sense, because although the officer may be looking for, say, evidence of tax evasion, the officer can’t trust file names and file extensions: critical evidence of unreported income won’t necessarily be saved under the name “secrettransaction.doc.” It might be instead be stored under the name “cookierecipe.doc” or “familyphoto.jpg.”
At another level, though, this means that computer searches can be incredibly extensive, in a way that arguably runs afoul of the Fourth Amendment’s particularity requirement, or at least risks rendering the Fourth Amendment impotent when it comes to protecting privacy. This is especially so because, when the officer finds child pornography on the computer — in addition to or instead of evidence of tax evasion — the prosecution is likely to argue that the images were in “plain view” and therefore admissible.
As Chief Judge Alex Kozinski of the Ninth Circuit put it recently, “[t]he pressing need of law enforcement for broad authorization to examine electronic records . . . creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant.” United States v. Comprehensive Drug Testing, Inc., __ F.3d __, 2009 WL 2605378 (9th Cir. Aug. 26, 2009) (en banc).
Courts don’t agree on how serious this problem is. Some see it as a critical concern, others believe that computer searches are not dramatically more extensive or intrusive than, for example, a search of the paper records maintained by a large business. Further, courts and commentators who belive that this is a serious issue don’t agree on how to address it. Some suggest limiting the plain view doctrine in the context of computer searches; others suggest requiring officers to use a computer search protocol designed to find only evidence of the type for which the search is authorized. The most detailed treatment of the issue is in Comprehensive Drug Testing, a BNA summary and analysis of which is available here. The nutshell version is that the Ninth Circuit now requires (1) the government to waive the plain view doctrine as a condition of obtaining a computer search warranty, (2) the government to use a “search protocol . . . designed to uncover only the information for which it has probable cause,” and (3) the government to conduct computer searches using “specialized personnel or an independent third party,” not the case agents.)
Before you say, oh, that’s just the nutty Ninth Circuit, remember that Chief Judge Kozinski is a Reagan appointee and one of the most influential conservatives on the federal bench. Still, the opinion puts the Ninth Circuit alone in uncharted territory — whether it is leading the way or simply getting lost remains to be seen. North Carolina’s appellate courts haven’t weighed in on this issue yet, but I’d appreciate it if readers would weigh in — for example, by posting comments.
I was planning on writing a law review article on this exact topic. Do you know if anyone at UNC plans to do the same? Thanks,
Clayton Byrd
Campbell Law Review Staff Member
I don’t think anyone at the School of Government is planning to do so. I don’t know about the law school. Richard Myers is the most likely candidate over there.
I would analogize the discovery of information found in a computer search that was not listed as an item to be seized as the an item that would be subject to plain view seizure.
First, the officer would have to be in a place where he is lawfully entitled to be. That means the officer can search only those places within the placed named to be searched where the officer might reasonably expect to find the items named to be seized. In the computer search, that would be on any part of the computer where information of the type to be seized might be stored, including: the hard drive, memory cards installed or attached, RAM, and probably any storage device directly attached (but probably excluding network storage). As noted in the blog article, that would include any file located because of the ability to name or rename a file with any name and any extension.
However, this does not give unfettered authority to search (scrutinize) every file. As with the ordinary plain view seizure, the item seized, if not named in the search warrant, must be instantly identifiable as contraband. Any need to manipulate the item would require a separate warrant. Thus, any file, once opened, must be either instantly identified as contraband, or it must fit the specific description of an item listed as an item to be seized in the warrant.
In other words, if you have a warrant specifying widgets as the items to be seized, and you stumble across a stereo while you are searching an area where a widget might reasonably be expected to be found, you cannot turn the stereo to examine the serial number without a new search warrant based upon probable cause. Similarly, if you are looking for files with information about widgets, and you are lawfully examining every file on the computer, you can examine no further than is necessary to determine it does not contain information about widgets. If the file you open is immediately identifiable as contraband without examination beyond the scope necessary to determine if it has information about widgets, then the file is subject to seizure (admissible), otherwise it is not.
Now, having laid this foundation, what about this? In a search of files containing information about widgets, how extensively may that file be examined looking for that information. Consider the search of a video tape for child pornography.
Any videotape found must be examined regardless of how it is labeled because it could very reasonably be expected to be one of the tapes which might contain the child pornography found. But simply popping the tape into a VCR and watching the first 10 seconds would not be sufficient to determine if the tape contains child pornography. Most persons who would maintain tapes with child pornography would most likely bury the pertinent recording within other non-harmful material hoping the viewer will not have the patience to examine the entire tape.
Does this authorize a more thorough search of the file on the computer in order to find the information buried within? Probably, but here is where the protocol becomes important. The more efficient the protocol for searching the file in a manner which finds the relevant information but shields the irrelevant information, the more reasonable the search. This would be seem to be a matter to be reviewed on a case by case basis, deeply dependent on the facts of the case regarding the protocol.
I believe this leaves us at the point at which we started.
Dan Nagle