Obama wants expanded computer search rules

[sleestak]

Link here.

Basically the issue was that federal prosecutors had a warrant to find information about 10 baseball players from a computer. The prosecutors copied a spreadsheet and took it to their office. They then found data on over 100 players in the spreadsheet. The court ruled that the government should only collect data described in the warrant. If that is not possible the government is supposed to use an independent third party to sift the data and provide what the government asks for and only that data.

The government is trying to claim that the data in the spreadsheet was ‘in plain sight’*. The court rule that since the agents had to scroll through the document the plain sight argument didn’t work.

I am very concerned about this. If Obama and the government win it would basically mean that any data stored on another computer (like a server at a hosting company or your email at an ISP) would be open game if the government got a search warrant for that server.

Thoughts? Any legal folks got an opinion on this?

Slee

*IANAL, if my reading of this is incorrect, apologies.

[Leaper]

I’m a little unsure about my stand on this. A Slashdot reader summed up my misgivings best: “Scrolling to the right breaks the Fourth Amendment?”

[Bryan_Ekers]

If the warrant called for the search of a filing cabinet for printed documents, would officers be able to go through all the folders?

[Oakminster]

I think this is a hard case for the court to decide, but if it goes to SCOTUS, it will be reversed and the Obama administration will win. My reasoning is that traditionally, when executing a warrant, the police are allowed to search anywhere the items covered by the warrant might reasonably be. If they were searching a filing cabinet full of paper files, it is possible that documents might be misfiled either intentionally or accidentally, so I think they could examine all the paper files in the filing cabinet, and anything they found would be seizable under the Plain View doctrine, as they argue. Otherwise, the criminal could hide incriminating evidence…perhaps by having one file with non-incriminating stuff in an obvious location, and another, with incriminating stuff, in a non-obvious location. I could be wrong. Will be interesting to see how the case comes out.

[Dr.Love]

It is my understanding that warrants have to be fairly specific in what investigators are allowed to look for, e.g., if they warrant says to search for illegal drugs, the police aren’t allowed to come back with documents showing tax evasion. Could this turn every warrant into a search for evidence of any illegal activities, whether there is probable cause to suspect them or not?

[Oakminster]

If the warrant says search for weapons, and the cops see drugs on the table, they can seize the drugs, because they were lawfully entitled to look on the table, and the drugs were in plain view.

Here, the feds are arguing the extra names were like drugs on the table. A panel of judges from 9th Circuit says no, the extra names were in a place the feds were not lawfully allowed to look. Extending traditional notions of scope of searches to computers is harder than it looks. I can see valid arguments either way, but I think the present SCOTUS would ultimately uphold the search. At this point, the feds are asking for the entire 9th Circuit, all 27 judges, re-hear the case and decide it as a group, called en banc. If the 9th Circuit declines, or affirms the panel, the next step would be to ask SCOTUS to hear an appeal.

[sleestak]

I agree that it is a hard case to decide.

The issue that I have is that the very nature searching a computer for a specific item listed in a warrant is going to basically open up everything on that computer.

For example, say the police get a warrant to search a server because they think Bob is engaged in mopery. In the warrant they are allowed to look for spreadsheets, docs, etc relating to mopery. So they go to a dos prompt and do dir *.xls /s/p >catchthesucker.txt

While reviewing the list of spreadsheets they find a dopery.xls in a directory that holds data for Sam. Since dopery is illegal and they found it in plain sight they open it up. Inside is a list of all the acts of dopery that Sam committed. They then arrest Sam and Bob.

It gets even more complex in that if the user has any kind of clue they could be doing things like changing file extensions, changing the attributes, putting the files in unexpected directories, etc.

Of course, I am not a lawyer, just a computer geek. I recently had to go through a similar process at work. The GM called me in to check the computer of an employee who had been fired for certain information. Basically they thought the guy was stealing data and giving it to a competitor. Anyway, I had to search the whole damned thing and in the process found violations for other users. Most of that was web surfing crap, minor but still against policy*.

On a side note, doesn’t the 9th have one of the highest overturn rates?

Slee

*I let the other users know that what they were doing was against policy and they needed to stop. It became trivial as we added a website filtering package a little after that.

[Chronos]

It is possible to password-protect data on a computer, and it’s even possible to password-protect different pieces of data with different passwords. I would presume that a password-protected file would not be considered “in plain sight”, and that the police would need a warrant to attempt to crack the protection. So there is recourse here, which was not taken. Given that the data could have been put unambiguously out of plain sight, I can’t see how “scroll through the document” could be considered not plain sight.

[Magiver]

I see multiple items to discuss but the plain sight rule would have to have some definition and I imagine that it is litterally something deliberately displayed in plain sight. Anything obtained by warrant would in most cases not fall into this category (thus the need for a warrant in the first place). Computer files represent an electronic 4th dimension of space where an almost limitless amount of information can be held in a personal vault.

If this is a case of drug sales to atheletes or game fixing then the warrant should be able to be written in such a way as to search for all those involved in a specific illegal act. If, while investigating illegal drugs they find out that an athelete is also buying hookers then I don’t see this as part of “in plain sight”. That would (IMO) be part of a fishing expedition.

[sleestak]

Chronos:

It is possible to password-protect data on a computer, and it’s even possible to password-protect different pieces of data with different passwords. I would presume that a password-protected file would not be considered “in plain sight”, and that the police would need a warrant to attempt to crack the protection. So there is recourse here, which was not taken. Given that the data could have been put unambiguously out of plain sight, I can’t see how “scroll through the document” could be considered not plain sight.

Yeah, it is easy enough to password protect files but that kind of misses the point. The nature of a computer search is different than the nature of a physical search. Unless the file is named something obvious like HeyPoliceDoNotReadThis.xls the police are going to have to open every spread sheet and document on the PC.

If I am understanding the article correctly, the government copied the hard drive then went through the whole damned thing. I can agree that scrolling in a spreadsheet may (read probably) fall into ‘in plain sight’, but it is copying the full drive that bothers me. (Guess my OP could have been clearer)

If the nature of the search is such that the searchers have to open everything to find what they are looking for then everything becomes plain sight and the idea of a specific warrant is pretty useless.

The only reasonable way I can see out of this is to have a verified independent third party to search for the info in the warrant which is what the court recommended.

Slee

[Digital_Stimulus]

sleestak:

If I am understanding the article correctly, the government copied the hard drive then went through the whole damned thing.

From a computer forensics perspective, they pretty much have to clone the disk, if only to eliminate claims of data tampering. So, they’ll have the data no matter what. Whether it’s permissible as courtroom evidence is, of course, a slightly different question.

[Chronos]

There we get into precisely what the warrant authorized them to search. If the warrant authorized them to search the entire disk, and in the process of doing so they find something else, that’s no different than if the warrant had authorized search of a physical vault, and they found something else in the vault. If the warrant only authorized the search of a specific file on the disk, then the police overstepped their bounds in searching the entire disk, but I can’t see a judge writing out a warrant that was that restrictive.

[The_Tao_s_Revenge]

Holy fucking hell you’d think the police computer forensics people wouldn’t be complete fucking idiots.

It’d be so easy to display only the 10 records it’d sound like an informcial pitch “just filter it and forget it”. The filter command comes to mind. Basically you just uncheck select all from the name column heading, blanking everything, then check only the names you’'re warranted to see. Simple. Also it’s just as easy to query ranges of cells like a database, hiding the non matches. The point is there’s no reason they’d have to look at the data for the 90 or so unwarranted names. Further Open Office can do the same stuff.

Why would officers interested following the spirit of the law, the Constitution, and the court ordered scope of the warrant want to see any records beyond those 10? Why when it’s trivially easy to not have to look?

[Enderw24]

In my mind, there are three different examples that can be used that each lead to its own conclusion.

1. You wish to search a computer to find files pertaining to X (i.e. child porn). They may or may not be on the computer and, if they are, they may or may not be labelled properly or stored in the locations you’d expect them to be located. In this instance, I see no other alternative than to obtain a warrant that allows a search of the entire hard drive because the information you’re seeking could literally be anywhere on the computer.

2. You wish to search for concrete information that is a subset of identifiable information (i.e. proof of embezzlement in 2008). In this case, the authorities know what information they’re looking for, know when they’ve collected the complete contents of the information, and know there’s a high probability that pertinent information will not be mislabelled or misplaced (for instance, put in the FY 2007 folder so they’d better go search there too).

3. You wish to search for concrete information that’s part of a single file which has additional information not originally part of the search. That’s what appears to be happening in this case. All the players were on one database, but somehow to authorities were to shield their eyes or put a paper in front of the screen or use white out on the monitor or something to ensure they don’t look from one line to the next. This seems unduly unreasonable of a burden. I think it’s as easy to comply with as a warrant that says you can search the right half of a car trunk.

[The_Tao_s_Revenge]

Enderw24:

3. You wish to search for concrete information that’s part of a single file which has additional information not originally part of the search. That’s what appears to be happening in this case. All the players were on one database, but somehow to authorities were to shield their eyes or put a paper in front of the screen or use white out on the monitor or something to ensure they don’t look from one line to the next. This seems unduly unreasonable of a burden. I think it’s as easy to comply with as a warrant that says you can search the right half of a car trunk.

Hey you down in front, scroll up. Hiding nonrelevent information in a spreadsheet isn’t technically onerous or even tricky.

[Projammer]

The_Tao_s_Revenge:

Hey you down in front, scroll up. Hiding nonrelevent information in a spreadsheet isn’t technically onerous or even tricky.

But the Catch-22 is that you have to see the information to know that it’s not relevent.

Your target is Jonathan Smith.

Is he in the spreadsheet as Jonathan Smith?

How about Jon Smith? J Smith? John Smith? Jonathon Smith?

How about every possible misspelling?

What’s the difference between this and the police looking at a ledger with all the same names on it?

[sleestak]

Chronos:

There we get into precisely what the warrant authorized them to search. If the warrant authorized them to search the entire disk, and in the process of doing so they find something else, that’s no different than if the warrant had authorized search of a physical vault, and they found something else in the vault. If the warrant only authorized the search of a specific file on the disk, then the police overstepped their bounds in searching the entire disk, but I can’t see a judge writing out a warrant that was that restrictive.

Lets say that the government got a warrant to search a locked fling cabinet for files regarding Bob. According to the argument that the government is putting forward in this case, once the filing cabinet is opened then *all *the files in the filing cabinet are in plain view and therefore can be searched. If that is the case, what is the point of a restricted search warrant?

From the actual decision:

The day that the motion to quash was filed, the government
obtained a warrant in the Central District of California authorizing
the search of CDT’s facilities in Long Beach. Unlike
the subpoena, the warrant was limited to the records of the ten
players as to whom the government had probable cause.
When the warrant was executed, however, the government
seized and promptly reviewed the drug testing records for
hundreds of players in Major League Baseball (and a great
many other people).

From here. Warning PDF.

Digital Stimulus, I understand cloning the disk for chain of custody reasons. However cloning the disk and searching the whole thing and using everything found on the disk when the warrant was looking for specific data for specific players seems to be going to far.

The government argues that it did comply with the procedures
articulated in Tamura, but was not required to return
any data it found showing steroid use by other baseball players
because that evidence was in plain view once government
agents examined the Tracey Directory. Officers may lawfully
seize evidence of a crime that is in plain view, the government
argues, and thus it had no obligation under Tamura to return
that property. The warrant even contemplated this eventuality,
says the government, when it excluded from the obligation to
return property any that was “otherwise legally seized.”

Putting aside the fact that Judges Cooper and Illston,
whose courts issued the warrants and whose orders are now
final, rejected this argument, it is at any rate too clever by
half. The point of the Tamura procedures is to maintain the
privacy of materials that are intermingled with seizable materials,
and to avoid turning a limited search for particular information
into a general search of office file systems and
computer databases. If the government can’t be sure whether
data may be concealed, compressed, erased or booby-trapped
without carefully examining the contents of every file—and
we have no cavil with this general proposition—then everything
the government chooses to seize will, under this theory,
automatically come into plain view. Since the government
agents ultimately decide how much to actually take, this will
create a powerful incentive for them to seize more rather than less: Why stop at the list of all baseball players when you can
seize the entire Tracey Directory? Why just that directory and
not the entire hard drive? Why just this computer and not the
one in the next room and the next room after that? Can’t find
the computer? Seize the Zip disks under the bed in the room
where the computer once might have been. See United States
v. Hill, 322 F. Supp. 2d 1081 (C.D. Cal. 2004). Let’s take
everything back to the lab, have a good look around and see
what we might stumble upon.

[7] This would make a mockery of Tamura and render the
carefully crafted safeguards in the Central District warrant a
nullity. All three judges below rejected this construction, and
with good reason. One phrase in the warrant cannot be read
as eviscerating the other parts, which would be the result if
the “otherwise legally seized” language were read to permit
the government to keep anything one of its agents happened
to see while performing a forensic analysis of a hard drive.
The phrase is more plausibly construed as referring to any
evidence that the government is entitled to retain entirely
independent of this seizure.
[8] To avoid this illogical result, the government should, in
future warrant applications, forswear reliance on the plain
view doctrine or any similar doctrine that would allow it to
retain data to which it has gained access only because it was
required to segregate seizable from non-seizable data. If the
government doesn’t consent to such a waiver, the magistrate
judge should order that the seizable and non-seizable data be
separated by an independent third party under the supervision
of the court, or deny the warrant altogether.

The above is from the 9th regarding this case from the link I posted above. It seems reasonable. The nature of a search warrant for data is different than a physical search. When physically searching a location you just search only the area the warrant says you can. If there is evidence of a crime in plain sight that is acceptable. However, you can’t search a disk that way. Well, you can only look in certain directories and such but that won’t work if the people have any clue. So to search for specific information on a drive you have to search the whole drive. It is like saying 'We have a warrant to search the disk for specific evidence of a crime in a certain file. We have to open every file on the disk to find this information thus every file is in plain sight. Therefore everything on the disk is subject to the search even though the warrant is restricted to certain files". It makes the whole idea of restricted searches pointless.

Slee

P.S. Chronos, from what I have read password protecting does not place the file out of plain sight. The investigators can just crack it. It is rather trivial these days for most file types.

[The_Tao_s_Revenge]

Projammer:

But the Catch-22 is that you have to see the information to know that it’s not relevent.

Your target is Jonathan Smith.

Is he in the spreadsheet as Jonathan Smith?

How about Jon Smith? J Smith? John Smith? Jonathon Smith?

How about every possible misspelling?

What’s the difference between this and the police looking at a ledger with all the same names on it?

Simple. Use a wild card character.

jon* smith

The ledger doesn’t have same abilities as a computer. Surely you agree the search should stick as close as possible to the scope of the warrant yea? Also as mentioned up thread what’s wrong with a trusted third party extracting the warranted information and keeping the rest sealed?

[Projammer]

The_Tao_s_Revenge:

Simple. Use a wild card character.

jon* smith

Spoken like a true disciple of CSI:Miami. The real world isn’t nearly that “simple”.

The_Tao_s_Revenge:

The ledger doesn’t have same abilities as a computer. Surely you agree the search should stick as close as possible to the scope of the warrant yea? Also as mentioned up thread what’s wrong with a trusted third party extracting the warranted information and keeping the rest sealed?

Real computers don’t have the same abilities as the ones on TV either. This is coming from experience. I have done data mining and blending of disparate databases from multiple unrelated applications. Maybe when we develop a true AI, but not today.

Sure, I can filter on j* smith. I can even create a filter on Soundex (sounds like) Jon Smith that will catch most, or even all, relevent records. But to have performed due diligence to the task I still have to check all records to make sure one wasn’t missed.

Contracting out to a third party is an acceptable solution even though I don’t believe the ruling would withstand a SCOTUS challenge.

[sleestak]

Projammer:

Spoken like a true disciple of CSI:Miami. The real world isn’t nearly that “simple”.

Real computers don’t have the same abilities as the ones on TV either. This is coming from experience. I have done data mining and blending of disparate databases from multiple unrelated applications. Maybe when we develop a true AI, but not today.

Sure, I can filter on j* smith. I can even create a filter on Soundex (sounds like) Jon Smith that will catch most, or even all, relevent records. But to have performed due diligence to the task I still have to check all records to make sure one wasn’t missed.

Contracting out to a third party is an acceptable solution even though I don’t believe the ruling would withstand a SCOTUS challenge.

I’ve done a reasonable amount of DB work as well. Checking all records will be a must but the issue really isn’t if they check all records, it is if the records they find that are not in the warrant are considered in plain sight or not.

I think (and hope) that the Supremes realize what this would mean for privacy concerns if they over rule the 9th. Looking isn’t necessarily bad, acting on the information is a different story however and I believe the plain sight rule in this case shouldn’t apply. Why, because the nature of the search rules out plain sight. If you search everything then plain sight doesn’t exist nor make sense.

If the government got a warrant for a server, by my reading of this, they can search everything on that server. That is bad because they will be invading the privacy of everyone else storing data on that server regardless of if they are named in the warrant or not. That is a giant fishing expedition.

If this ruling gets overturned by the Supremes then storing data anywhere just became open to police search at any time. Suddenly data privacy wouldn’t exist anymore. That is bad.

Slee