Legality question concerning computer searches.

Something I’ve been curious about. If the police come into your house with a warrant for, say, illegal assault weapons, and find a vial of crack in the salt shaker it won’t be admissable because they could not have reasonably looked in the salt shaker for an AK-47. Maybe I’ve seen too many episodes of “Law and Order”, but I believe this principal has some basis in reality. I seem to recall someone on this board mentioning that police try to get warrants issued which include small objects just so they can look in more places.

My question is, has anybody established an extension to computer searches? Hypothetically, suppose they come to search my computer for, say, kiddie porn, and don’t find any, can they still use the spreadsheet they found which is evidence of tax evasion? Or could I say that an Excel spreadsheet is obviously not child pornography, and therefore they didn’t have any right to peruse it further under their search warrant? I suppose they could say they were looking at it for evidence of my having purchased child pornography in that specific case, but what I’m looking for here is a discussion of the general parameters computer searches operate under, not a specific example.

My “off the top” reaction is that the search warrant would normally authorise a search of the hard drive and related storage media, without limiting it to specific file types. The reason is that I would think that a skilled computer person could disguise the icon/descriptor of a file to look like an Excel file, to take your example, when really it has other stuff hidden in it. (I’m not very computer savy myself, so bear with me.)

For example, can’t you clip and paste an image into an Excel spread-sheet, or a Word document? If so, there could well be kiddie porn lurking in a file labelled “accounts receivable, 2000.”

It’s the computer equivalent of “you can’t judge a book by its cover.” Assuming valid reasons for the warrant, then the police have the power to poke through all files on the hard drive.

I’m assuming the search wouldn’t be limited by the file extension. Of course, I could rename my .jpg’s to look like something else, and many document types allow you to embed images. I could encrypt stuff, too, which I have a strong suspicion would avoid most computer searches if files were also disguised to look like some obscure binary data file used by an unknown (perhaps removed) application. On a Windows box, I’d park 'em in the temp directory, a directory obviously used to run installs from, C-drive root, or under the system directory. These places tend to accumulate trash that the average user doen’t know the nature of. Hell, half the techs in the world don’t know what half the junk likely to be deposited in the system or root directories by various applications is.

But how far can they go having determined that my “Accounts Receivable, 2000” file is, in fact, just accounting records if that’s not what they are looking for? One assumes they’d actually have to read it in detail to use it, and obviously know that it’s not a filthy picture at that point.

That encryption point raises another question: If the police have a warrent to search your hard drive, and they discover that there’s a significant ammount of encrypted information on it, can they legally require you to turn over the decryption key? I suppose that the physical equivalent of this would be requiring a homeowner to open a safe in a house that’s being searched.

What if you forgot the key for the encryption. I have signed up for sites or have made a file and passcoded it and forgot the passcode.

Chronos, again, “top of my head,” but if a properly drafted warrant can let them into a locked house, I don’t see why a warrant couldn’t be drafted to let them see encrypted data. I don’t know whether a failure to co-operate by not turning over the encryption key would be obstruction or contempt or something along those lines - would depend on the criminal law of the particular jurisdiction.

Was thinking about this one, and something else came to mind.

How would you draft a search warrant to access someone’s Hotmail™ account?

Physically, the data are not located on the person’s own PC, they’re on Hotmail’s server, whereever in the world that may be. The local court process may not be effective in that other jurisdiction. As well, can Hotmail access the data, even if the police serve them with a subpoena or search warrant?

Would you have to get an order of some kind against the person, ordering him/her to reveal the password?


Most providers will cooperate with law enforecment without a warrant. I assume that hotmail, owned by microcrap would be the same. A couple of providers recently came under fire for this. Yes, mail admins can read anything on the server.

Depending on how bad they want it, I’m sure the NSA can get into anything encrypted or not.


Don’t bet on it. The current world record for cracking a shortkey encryption is somewhere in the neighborhood of four months, and for a long key, a safe estimate would be in the trillions of years. I’m not saying that the NSA wouldn’t be able to get the data, but they wouldn’t be able to get it by just cracking the encryption.

If you live in England you are required by law to give them the keys to encryption. I don’t think there are specific laws about handing over the keys in the US but I am sure the could throw you in jail for contempt of court.

What what I have read in the literature strongly sugests that the NSA cannot crack encryption that is available if you use long enough keys. PGP and others are available for free over the internet.

Not by brute-forcing the keyspace, anyway. The only way the NSA could decrypt data encrypted with a very long key would be with an algorithmic attack.

And the NSA is not chartered for domestic surveilence. They could not be called in to decrypt something in a criminal case.

In the case of Kevin Mitnik, the famous hacker who was recently released from jail, the government is still in possession of a hard drive owned by him that they refuse to return until he provides the decryption key. It would appear that the government cannot compel you to provide they key, but can keep possession of a confiscated drive indefinetly if you don’t.

what about requests from law enforcement from outside the US? would they be so cooperative if the request came from the RCMP? Scotland Yard? the Russian Federal Police?

Something else on people running servers - there are news servers and proxy web servers that advertise that they protect your privacy because they don’t log anything, and haven’t the faintest idea of what you are doing. Obviously used by people who wish to view really nasty pornography, in hopes they aren’t leaving tracks. Assuming that the server administrators actually do this, could this run them afoul of “deliberate ignorance” provisions? Again, I may be watching too much “Law and Order”, but if they are running one the standard news software versions, they have to take extra steps when configuring it in order NOT to log. My understanding of “deliberate ignorance” is that it is intended to cover cases where one cooperates with a criminal act by just shutting the eyes, stopping the ears, and saying “go ahead, but whatever you’re really doing, don’t tell me - I don’t WANT to know”.

Since this has segued into a discussion of legal authorities obtaining encryption keys, another point:

It seems to me that unless you have voluminous amounts of sensitive stuff to hide, part of the security would be hiding it in an innocent looking place, as I indicated. I’m no PGP expert, so maybe somebody knows this - just looking at the encrypted bytes, is it obvious that the data is, in fact, a result of PGP encryption of something rather than just binary data in no discernable format? Weaker encrypters like the UNIX crypt utility have totally random looking output, but are breakable with relatively little work, and not very robust in the sense that one goofed up byte in the stream and the thing is totally hosed for reconstruction.

I was thinking a bit about this. If I wanted to hide something of reasonable size on a Windows machine, I think I’d make it look like a DLL - write a little utility that you would provide the data file, an encryption key, a DLL file name, and a symbol name. It would read or write a legitimate DLL which stashed the encrypted info as data inside it, addressed by your provided symbol, maybe even creating a few more symbols to make the DLL look like it meant something. Drop the DLL into the system “ghetto” along with the ones installed by various and sundry forgotten applications. For good measure, I would keep the executable and source for my utility strictly on removable media, like a ZIP drive, physically well hidden in a place seperate from the PC.

Anything found during a legal search can be used against you. Dumping out a salt shaker to find a vial of crack, while actually looking for an assault rifle would probably be excessive. Finding the vial of crack on a counter top would not be.

If they are looking on your computer for files, they can look at all of the files. In your kiddie porn example, you can put pictures into Word files and probably Excel files, so they can look at them, not just .jpg files. Also you could have mailing lists, email, etc that could be used as evidence. If they see a file about your tax evasion, drug dealing, etc, they can use that too.

For encrypted files, they can not force you to give them the password. It’s like a locked safe or door. If you want to open it for them, you can, but you don’t have to. If their search covers it, they can always have it opened, though it might get damaged. They will just keep the computer, or just the hard drive, until they can examine the files; so you will loose the files.

If they do give the computer back, they could put a keystroke logging program on it in an attempt to get your password. That might require a court order, but so did their initial search so they can get one easily.

Just one brief bit, I work for an isp owned by Microsoft (so many MS bashers out there). We will not turn over an user information, including allowing access to Hotmail account, without a subpeona. This is MS policy. We do this to cover ourselves in case the user wants to sue for allowing the access. Very interesting thread.

They’re private companies, so they can do whatever the heck they want–but at the risk of civil lawsuits filed by account holders. My guess is that a subpoena or warrant from a U.S. court would cover American admins’ butts a lot more effectively than one from a foreign country, since the jurisdiction of those foreign courts certainly doesn’t reach to America.

As for the OP, I haven’t seen any Fourth Amendment case law on the scope of search warrants for computer searches, although starfish and jti are probably correct in their basic analysis of the problem. It’ll reach the courts soon enough, I’m sure.