- Remember the argument that a computer search should be limited by an appropriate search protocol where possible, so files not within the scope of the search don’t get examined.
- A recent Second Circuit case vacated the denial of a suppression motion and remanded for a further hearing on “whether the forensic examiner’s search was even directed – much less properly limited – to those files that would substantiate” the suspected offense conduct.
- The Second Circuit also read Ninth Circuit case law as “requir[ing] specific search protocols or minimization undertakings as basic predicates for upholding digital search warrants.”
NOW THE BLOG:
This week, I want to go back to another favorite topic of mine – computer searches (yes, that “Brave New World”) – and touch on a case that came to my attention a couple of months back. It’s a Second Circuit case, not a Ninth Circuit case, but it’s an interesting holding reminding us that a government agent or expert who’s searching a computer for some particular type of evidence can’t just freely explore everything and anything in the computer. You may recall that I flagged this issue of whether there’s a need for a search “protocol” – in the actual conduct of the search, if not specified ahead of time in the warrant – in some of my prior posts on computer searches. (See my first post in this area, “The Brave New Fourth Amendment World of Computer Searches,” in the July 2012 link at the right, and a later post, “Another Visit to the Brave New World of Computer Searches,” in the January 2013 link at the right.)
The recent Second Circuit case that came to my attention isUnited States v. Galpin, 720 F.3d 436 (2d Cir. 2013). It’s a somewhat complicated case factually, but the basic facts are that (1) the defendant was suspected of child abuse, or at least soliciting minors for child abuse, and (2) there was probable cause to think that some evidence was on his computer and so probable cause to issue a warrant allowing some search, but (3) the evidence there was probable cause to think was on the computer was a rather narrow category of information and the warrant swept much more broadly than that narrow category. The broad search authorized by the warrant revealed – you guessed it – child pornography, and the client ended up in federal court and sentenced to 572 months in prison (which, if I’m dividing right, equals 47-2/3 years).
One of the issues presented when the reviewing courts invalidated the search warrant was whether everything the agents looked at in conducting the overly broad search authorized by the warrant would have been seen in plain view even during a properly limited, more narrow search. The district court ruled that the agents would have been required and/or allowed to open all of the computer files in conducting even the more limited search for which there was probable cause. But the court of appeals questioned this and remanded for a further hearing. In so doing, it considered the question of search protocols and indicated that the lower court should consider the impact of search protocols in reconsidering its plain view rationale.
The Second Circuit began by reading the Ninth Circuit’s computer search cases – in particular, United States v. Comprehensive Drug Testing, 621 F.3d 1162 (9th Cir. 2010) (en banc) – as “requir[ing] specific search protocols or minimization undertakings as basic predicates for upholding digital search warrants.” Galpin, 720 F.3d at 451. It then explained in considering the effect of search protocols on use of the plain view exception in the case before it:
Unlike the Ninth Circuit, we have not required specific search protocols or minimization undertakings as basic predicates for upholding digital search warrants, and we do not impose any rigid requirements in that regard at this juncture. See United States v. Comprehensive Drug Testing, 621 F.3d 1162 (9th Cir. 2010) (en banc). However, the district court’s review of the plain view issue should take into account the degree, if any, to which digital search protocols target information outside the scope of the valid portion of the warrant. To the extent such search methods are used, the plain view exception is not available.
As the record is currently constituted, there is little indication as to whether the forensic examiner’s search was even directed – much less properly limited – to those files that would substantiate a registration violation [the only evidence for which there was probable cause to search]. The district court held that the redacted warrant authorized the forensic examiner to open and seize any image file because digital pictures “would be relevant to whether it was actually defendant who was using an unregistered user name or an e-mail account.” The district court’s speculation as to the probative value of the digital pictures is unsupported by the record developed below and appears somewhat strained, . . . . The record indicates, moreover, that the investigator opened and played video image files in order to determine whether they contained sexual content. Nothing in the record is indicative of any possible evidentiary connection between the content of video files and the possession of an unregistered internet service provider account, internet communication identifier, or e-mail address. On remand, the district court must determine whether a search limited to evidence of a registration violation would have necessitated the opening of image files or the playing of video files.
Galpin, 720 F.3d at 451-52.
So we have here another example of a case (for the first example, see the district court case discussed in the January 2013 post noted above, “Another Visit to the Brave New World of Computer Searches”) recognizing how search protocols can and should be used to confine computer searches to the files that might actually have the evidence for which there’s probable cause. Keep these cases – and more important, the general issue – in mind when considering a computer search, especially one that turns up evidence other than what the warrant was aimed at.