I’ve had the same question several times recently: can a magistrate issue a search warrant for a computer or a cell phone? The answer is yes. This post explains why that’s so, and why there’s some confusion about the issue. Continue reading
Tag Archives: computers
Last week, I blogged about the application of the private search doctrine in child pornography cases. I noted that one recent case began when a computer repair technician contacted police to report child pornography on a computer he was repairing. A story about the case stated that “North Carolina law requires computer technicians to report any such images found during the course of their work to local law enforcement or the National Center for Missing and Exploited Children.” I didn’t know that, so I did some research. Continue reading →
Years ago, the School of Government did quite a bit of training for the Highway Patrol and other law enforcement officers. These days, we focus most of our criminal law courses on judges, lawyers, and magistrates. But I still view officers as an important audience for our work, and I recently wrote an article for Police Chief magazine that is meant to help officers obtain valid search warrants for digital devices.
More and more criminal investigations involve searches of computers and other digital devices. It is sometimes difficult to apply long-established search and seizure law to the practical realities of digital investigations. One example of this phenomenon concerns the preparation of the return and the inventory after the execution of a search warrant, a topic of persistent confusion among law enforcement officers and others.
The return and inventory requirements. Under G.S. 15A-257, an officer who executes a search warrant must return the warrant to the clerk without unnecessary delay. The return normally is indicated on the warrant itself. (The AOC search warrant form is AOC-CR-119.) The officer must also provide the clerk with “a written inventory of the items seized,” G.S. 15A-257, and a list of the items seized must likewise be provided to the person from whom they were taken, G.S. 15A-254. Form AOC-CR-206 may be used for creating an inventory.
How do these requirements apply to computer searches? With computer searches, a timing issue frequently arises. Suppose that a warrant authorizes officers to search a defendant’s home and computer for evidence of a crime, and further allows the officers to conduct the computer search off-site. The search of the home and the seizure of the computer typically will take place shortly after the issuance of the warrant, but the search of the computer may not take place until days or weeks later. (The propriety of a forensic analysis outside the 48-hour window is a topic for another time, but the short version is that it’s almost always OK.) Should the warrant be returned after the search of the home, or should it wait until the search of the computer is complete? And should the inventory list the computer itself, or the files and data within the computer?
Filing the return. The prevailing practice appears to be to return the warrant after the initial search, even if the computer has not yet been subjected to an off-site examination. One justification for this practice is that it provides evidence of compliance with the requirement that a warrant be executed within 48 hours of issuance. Although no North Carolina case addresses the issue, courts elsewhere have generally approved of this procedure. See Com. v. Kaupp, 899 N.E.2d 809 (Mass. 2009) (sufficient to return warrant shortly after initial search and prior to forensic examination “listing the devices” seized); United States v. Hernandez, 183 F.Supp.2d 468 (D. Puerto Rico 2002) (“[B]ecause off-site computer searches are reasonable, it may be necessary . . . for the return of the warrant to be filed with the court before such off-site searching can be completed.”).
Preparing the inventory. An inventory is normally provided at the same time, simply listing the computer as an item seized, and making no reference to specific data or files within the computer. This is probably sufficient, notwithstanding the fact that the ultimate objects of most computer search warrants are files and data rather than hardware. A cautious officer might file a supplemental inventory listing the data or files seized after the off-site search of the computer. In any event, however, imperfect compliance with the return and inventory requirements is unlikely to require the suppression of evidence. State v. Nadeau, 1 A.3d 445 (Me. 2010) (computer search warrant provided that the search was to be conducted, and an inventory returned, within 10 days; no inventory was ever prepared, but this was a “ministerial” failure that did not warrant suppression of evidence); State v. Fruitt, 35 N.C. App. 177 (1978) (officer’s failure to comply strictly with inventory requirement did not require suppression of evidence).
What am I missing? Let me know if there are wrinkles to this scenario that I haven’t addressed. I’m working on a longer manuscript about digital search and seizure and so am keenly interested in what’s happening in the field.
In State v. Cooper, issued last week, the Court of Appeals reversed the defendant’s conviction for first-degree murder of his wife and ordered a new trial. The case has drawn considerable media attention; recent news reports indicate that the State intends to petition the state Supreme Court for review. This blog post focuses on one aspect of the decision by the Court of Appeals—the constitutional limits on discovery sanctions against the defendant, which previous North Carolina decisions had not closely examined.
In Taylor v. Illinois, 484 U.S. 400 (1988), the U.S. Supreme Court considered the appropriateness of sanctions against the defendant for discovery violations. The Court recognized that the Compulsory Process Clause of the Sixth Amendment gives defendants the right to present a defense. The Court then found that preclusion of a defense witness’s testimony as a sanction for a discovery violation may violate this right (rejecting the State’s argument that a discovery sanction would never violate the right to present a defense) but that preclusion is not automatically a violation (rejecting the defendant’s argument that preclusion would never be an appropriate sanction). The Court declined to announce a “comprehensive set of standards to guide the exercise of discretion in every possible case” (id. at 414), but it provided some direction about when preclusion, perhaps the most drastic sanction against the defense, may be permissible. In upholding the sanction imposed by the trial court, the Court stated that this “case fits into the category of willful misconduct in which the severest sanction is appropriate.” Id., 484 U.S. at 417.
In Cooper, the appropriateness of discovery sanctions against the defendant arose in connection with evidence obtained from the defendant’s laptop computer. Forensic examiners for the State testified that they had recovered temporary internet files from the defendant’s laptop, which showed that the day before his wife’s death someone had conducted a Google map search from the defendant’s home to the place where his wife’s body was later found. In response, the defendant attempted to call an expert to testify that the internet files had been planted, but the State objected that the expert did not have sufficient training and experience to give this opinion and the trial court allowed the expert to give only general testimony about the ease with which computer files could be altered or planted. The defendant immediately located a second computer expert, who reviewed the first expert’s work and was prepared to give a similar opinion. The State objected to the second expert, however, arguing that the defendant had violated the discovery statutes by failing to list the second expert on his witness list and failing to provide a copy of the second expert’s report and qualifications to the State before trial. The trial court agreed and precluded the second expert from testifying as a sanction for the discovery violation. As a result, the defendant was unable to present any expert testimony that the Google map files were corrupted or tampered with. The Court of Appeals reversed, finding among other things that the trial court erred by precluding the second expert from testifying as a discovery sanction. (The Court of Appeals also found merit in the defendant’s arguments that the trial court erred by limiting the first expert’s testimony and by denying the defendant’s motion to compel information about FBI computer protocols used in analyzing the defendant’s computer.)
Relying on Taylor v. Illinois and other decisions, the Court of Appeals in Cooper recognized that the sanction of preclusion against the defendant should be reserved for the most serious discovery violations. The Court found that the defendant sought out a second expert only after the State objected, for the first time at trial, to the qualifications of the defendant’s first expert. The defendant was not seeking a tactical advantage, and the record showed no willful misconduct. In finding the preclusion sanction disproportionate to the alleged discovery violation, the Court considered the fundamental nature of the right to present a defense, the importance of the excluded testimony to the issues in the case, and the minimal prejudice to the State by a lesser sanction, such as a continuance or recess. The Court concluded that the trial court abused its discretion in imposing the “harsh sanction” of preclusion. The Court found in the alternative that the sanction violated the defendant’s rights under the United States and North Carolina constitutions.
Some North Carolina decisions, without discussing constitutional considerations, have taken a similar approach in assessing the appropriateness of sanctions, examining the seriousness of the violation and weighing it against other interests. For example, in State v. Lane, 365 N.C. 7 (2011), in which the court upheld the trial court’s exclusion of the defendant’s expert testimony, the defendant failed to provide a report of his expert to the State despite repeated requests, orders by the court, and extensions of time to produce the report. The trial judge also found that the expert’s testimony was irrelevant. In State v. McDonald, 191 N.C. App. 782 (2008), the court upheld the trial court’s exclusion of two of four defenses for the defendant’s failure to give any notice of defenses despite repeated motions by the State. The defendant’s counsel, who had substituted into the case, professed not to have been served with any of the motions, but the State produced four or five motions, some of which had been served on counsel. The court found that the two excluded defenses would have required substantial, unanticipated preparation by the State. In State v. Gillespie, 180 N.C. App. 514 (2006), aff’d as modified, 362 N.C. 150 (2008), the Court of Appeals found that the preclusion sanction imposed against the defendant exceeded constitutional limits, but on appeal the Supreme Court reversed the sanction on statutory grounds and found that it was unnecessary for the Court of Appeals to have reached the constitutional issues.
Some North Carolina decisions have upheld preclusion sanctions for what appear to be lesser violations, but the results may be explainable by other aspects of those cases. See State v. Pender, ___ N.C. App. ___, 720 S.E.2d 836 (2012) (defendant not entitled to jury instruction on involuntary manslaughter based on imperfect self-defense where defendant did not provide State with notice of intent to assert self-defense; appellate court concluded in alternative that evidence was insufficient to support an instruction so any error in precluding defense was harmless); see also State v Leyva, 181 N.C. App. 491 (2007) (trial court did not abuse discretion in denying defendant’s request to allow him to call expert on reliability of confidential informants whom defendant failed to include on witness list; appellate court rejected defendant’s claim that he needed expert because of officers’ testimony about reliability of informant, finding that potential testimony was not required by interest of justice).
Ultimately, the best protection against discovery sanctions for both the defendant and the State is to use their best efforts to comply with discovery requirements. The cases suggest an additional caution for defense counsel. If the trial court is considering discovery sanctions against the defendant, defense counsel should raise any constitutional issues with the trial court; otherwise, the appellate court may decline to consider those issues on appeal. See State v. McDonald, 191 N.C. App. at 785 (so ruling).
A caller recently asked this: If a defendant throws another person’s computer against the wall and breaks it, can the defendant be charged with the felony of Damaging a Computer?
We probably all agree that this conduct constitutes injury to personal property. The question about the computer offense however sent me running to my book, NC Crimes (No, I can’t remember everything in it either!).
G.S. 14-455(a) makes it a crime to:
(1) willfully and
(2) without authorization
(3) alter, damage, or destroy
(4) a computer, computer program, computer system, computer network, or any part thereof.
The base offense is a Class 1 misdemeanor. G.S. 14-455(a). However, if the damage is more than $1,000, the offense is a Class G felony. Id. And of course, if the felony version is charged, the relevant amount of damage has to be alleged in the charging instrument and proved at trial.
So back to our example. The defendant willfully and without authorization altered, damaged, or destroyed a computer. I think that the General Assembly probably had viruses and hacking in mind when the statute was enacted, but there is nothing in the statute’s language that so limits its application.
Assuming that the misdemeanor version of the offense has been committed, there has to be alteration, damage, or destruction of more than $1,000 to make a felony. If the computer was destroyed and it was worth more than $1,000, that will probably do it. If it was damaged and there is a repair estimate at over $1,000, that will probably do it as well. In the caller’s example, the victim presented evidence that the original purchase price of the computer was more than $1,000. Given that we measure value for purposes of felony larceny by fair market value at the time of the offense, I’m not sure that evidence will suffice, particularly when new models and software quickly depreciate the value of even relatively new computers.
I don’t know of any cases on point so these are just my musings. Let me know if you have thoughts on the issue.
Last week I wrote about the North Carolina law that makes it a crime for any registered sex offender to use a commercial social network, G.S. 14-202.5. In that post I noted that similar laws in other states have been overturned or limited on First Amendment grounds, and that litigation on the constitutionality of our law is pending before the court of appeals. Today’s post considers the related issue of what computer restrictions can apply to sex offenders who are on probation or post-release supervision. Those offenders are subject to different statutes and, ultimately, a more limited version of certain fundamental constitutional rights. Those rights can be diminished during the offender’s period of supervision as long as the limits are “designed to meet the ends of rehabilitation and protection of the public” and “reasonably related to such ends.” See State v. Strickland, 169 N.C. App. 193 (2005) (upholding against a due process challenge the statutory probation condition prohibiting a sex offender, convicted of an offense involving sexual abuse of a minor, from living with his own minor child during his period of supervision).
In North Carolina, a person on probation for a reportable crime or a crime that involved the physical, mental, or sexual abuse of a minor is subject to additional special conditions of probation. G.S. 15A-1343(b2). One of those conditions requires the probationer to submit to warrantless searches reasonably related to the probation supervision, expressly providing that “warrantless searches of the probationer’s computer or other electronic mechanism which may contain electronic data shall be considered reasonably related to the probation supervision.” G.S. 15A-1343(b2)(9). Another condition says that the offender may not “communicate with . . . the victim of the offense.” G.S. 15A-1343(b2)(3). That condition would prohibit a probationer from contacting his or her victim through a website like Facebook. Those are the only conditions that bear on the offender’s ability to use computers or the Internet. Identical conditions apply to sex offenders on post-release supervision. G.S. 15A-1368.4(b1)(8) and (3).
Could a judge order more restrictive conditions limiting Internet use or computer access? Almost certainly. Under G.S. 15A-1343(b2)(6) the court is expressly authorized to order any other conditions determined by the court to be reasonably related to the defendant’s probation. In fact, up until fairly recently, Community Corrections routinely asked courts to impose a battery of 18 additional conditions on sex offenders, referred to collectively as the Sex Offender Control Program. Those conditions (listed on now-discontinued form DCC-40) specifically prohibited contact with a victim through the Internet and the possession of any pornography—including non–child pornography—from the Internet. Community Corrections discontinued the program several years ago, but a judge could consider adding similar conditions on a case by case basis.
Exactly how far a court may go in limiting a defendant’s computer use is an open question in North Carolina. In general, our appellate courts give trial judges broad discretion in tailoring a judgment to fit a particular offender and offense. See State v. Cooper, 304 N.C. 180 (1981) (upholding a special condition prohibiting a defendant, convicted of possession of stolen credit cards, from operating a vehicle between midnight and 5:30 a.m.); State v. Harrington, 78 N.C. App. 39, 48 (1985) (collecting cases on ad hoc conditions of probation); see also this prior post.
Cases from other jurisdictions are divided, as courts struggle to balance the need for public safety in light of the “strong link between child pornography and the Internet” against the “virtually indispensable nature of the Internet in today’s world.” United States v. Rearden, 349 F.3d 608 (9th Cir. 2003). No universal legal test has emerged, but courts typically consider three factors when determining whether a particular restriction goes too far. They are:
- The duration of the restriction. Compare United States v. Voelker, 489 F.3d 139 (3d Cir. 2007) (vacating a lifetime ban on all computer use and Internet access as a condition of supervised release, concluding that it imposed a greater deprivation of liberty than necessary), with United States v. Crandon, 173 F.3d 139 (3d Cir. 1999) (upholding a 3-year restriction).
- The scope of the restriction, especially whether it is an absolute bar or whether the offender can use a computer or the Internet with a probation officer’s permission. Compare United States v. Miller, 665 F.3d 114 (5th Cir. 2011) (upholding a 25-year limit on all computer use and Internet access, including smartphones, without prior written permission from a probation officer), with United States v. Albertson, 645 F.3d 191 (3d Cir. 2011) (vacating a 20-year prohibition that allowed Internet use when preapproved by a probation officer because it still made modern life—with the expansion of online commerce and things like electronic filing of taxes—“exceptionally difficult” (quoting United States v. Holm, 326 F.3d 872 (7th Cir. 2003)).
- The nature of the defendant’s crime, especially whether it involved use of the Internet as a direct instrument of harm beyond possession of child pornography. Compare United States v. Love, 593 F.3d 1 (D.C. Cir. 2010) (upholding an Internet restriction on a defendant who “not only distributed child pornography but . . . also solicited sex” online), with United States v. Heckman, 592 F.3d 400 (3d Cir. 2010) (vacating a lifetime ban on Internet use for a defendant who “had never been convicted of criminal behavior that involved the use of the Internet . . . to lure a minor . . .”).
There is no published case from the Fourth Circuit, but an unpublished case upheld a three-year prohibition on the defendant’s use of any networked computer. United States v. Granger, 117 Fed. Appx. 247 (4th Cir. 2004) (unpublished).
Those are all federal cases, largely turning on whether the condition in question satisfies the requirement in 18 U.S.C. § 3583(d)(2) that it “involve no greater deprivation of liberty than is reasonably necessary.” But the analysis strikes me as helpful to determining what limits would be permissible as a matter of state statute and within the constitutional limits discussed in State v. Strickland.
Last week, I posted a paper about warrantless searches of computers and electronic devices. Today, I’m posting its companion: this paper about warrant searches of computers, which I have just finished updating today. Although the paper focuses on computers, the principles discussed in the paper apply equally to other electronic devices.
It turns out that North Carolina has a significant case regarding warrant searches: State v. Peterson, 179 N.C. App. 437 (2006), aff’d, 361 N.C. 587 (2007), which holds that, on the facts of that case, although there was probable cause to search a residence for evidence of a homicide, there was no probable cause to search computers at the residence. The court of appeals emphasized that “[t]he affidavit does not include any indication . . . that would suggest a search of defendant’s computer would lead to information regarding the potential homicide.” But while Peterson is a helpful starting point for analyzing some computer search warrant issues, there are many, many issues on which we have no North Carolina cases. The paper collects relevant cases from across the country and should be useful to anyone thinking about these matters.
As with the previous paper, if you think that I’ve overlooked or omitted cases that should be included, please let me know.
I keep a list of cases from across the country on warrantless searches of computers and other electronic devices. It covers topics like searches of cellular phones incident to arrest, whether consent to search a residence includes consent to search the computers therein, and whether there is a reasonable expectation of privacy in an employer-issued laptop. We don’t have many in-state cases on searches of electronic devices yet, so looking at other courts is helpful.
Anyhow, in connection with a session I’ll be teaching next week, I’ve updated the list. The current version is available here. If you’re aware of significant cases that I should include, please call or email me to let me know. At this point, there are enough decisions coming out that I’m mostly interested in published cases from the federal circuit courts and state supreme courts.
As I noted in a previous post, it is a crime under G.S. 14-454(b) “willfully and without authorization . . . [to] access . . . any computer.” I posed a few scenarios in that earlier post, including one in which a judge tells a law clerk not to use the internet during business hours for non-work-related purposes, but the law clerk nonetheless looks at a sports web site during ACC basketball season. I asked if the law clerk had committed a crime, and suggested that the answer appears to be yes, much to the dismay of law clerks — and other office workers — everywhere.
No state cases address this issue, but thanks to a blog post by Professor Orin Kerr, I recently came across a relevant federal case. (A federal statute, 18 U.S.C. § 1030, makes it a crime to “exceed authorized access” to a computer.) The case is United States v. Rodriguez, __ F.3d __ (11th Cir. Dec. 27, 2010), and the basic holding is that a Social Security Administration employee violated the federal unauthorized access statute when he looked up the Social Security records of some acquaintances for personal reasons, in violation of the Administration’s policy about data access. The court rejected the defendant’s argument that the statute only applies when a person makes criminal or fraudulent use of the information accessed.
Rodriguez isn’t quite analogous to the law clerk hypothetical, because it involves an employee accessing his employer’s own database rather than an outside website. And the facts of Rodriguez are also much creepier than the law clerk example — it sounds like the defendant in Rodriguez was using the information he obtained to pursue women to whom he was romantically attracted. But the court’s endorsement of the simple rule that violating an employer’s limitations on computer use amounts to unauthorized access supports the conclusion that the law clerk committed a crime by checking the web site.
Professor Kerr thinks that Rodriguez is “right on its specific facts,” but is perhaps understandably troubled by the implications for cases like the law clerk hypothetical. He suggests that vagueness doctrine, which requires criminal statutes to delineate clearly between permitted and prohibited conduct, might be a way to restrict the reach of the federal unauthorized access statute. I’m a little skeptical about that with respect to the federal law, and the idea strikes me as a complete non-starter as to the state statute. A very plain definition of “authorization” appears in G.S. 14-453: as it relates to using computers, it means accessing a computer “in a manner not exceeding the consent or permission” of the person in control of the computer. So whether the law clerk’s conduct ought to be criminal or not, under current law, it pretty clearly is criminal.
One last thought. The computer trespass statute, G.S. 14-458, makes it a crime to “use a computer . . . without authority and with the intent to” do several enumerated things, generally involving harm to the computer or theft of data. It’s a Class 3 misdemeanor if no damage is done, and a Class 1 misdemeanor if there’s under $2,500 of damage. Given that G.S. 14-454 makes it a Class 1 misdemeanor to access a computer without authorization, with no proof of purpose required, it seems like prosecutors would be well advised to charge that offense rather than computer trespass. It’s easier to prove — essentially, it’s a lesser included — yet it has at least as strong a penalty. So maybe it should be called a “greater included,” or something.