Legal Affairs

Current Issue


printer friendly
email this article

space space space
Debate Club


Orin Kerr and Susan Brenner debate.

This Week's Entries: Monday | Tuesday | Wednesday | Thursday

The Fourth Amendment guarantees Americans the right "to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures," but it doesn't say anything about the data stored in their computers.

In a forthcoming article in the Harvard Law Review, George Washington University professor Orin Kerr argues that courts need to address, among other things, the legality of the government retrieving digital evidence from computer hard-drives. "Computers are like wallets in a physical sense, homes in a virtual sense, and vast warehouses in an analogical sense," writes Kerr. Since data is not physical, he says, it challenges "basic assumptions underlying most Fourth Amendment doctrine."

How does the amendment apply in the digital world?

Orin Kerr is Associate Professor of Law at the George Washington University Law School. Susan Brenner is Professor of Law at the University of Dayton Law School.

Kerr: 8/8/05, 09:06 AM
In the last century, the Supreme Court has decided hundreds of Fourth Amendment cases that tell us when and how the police can search homes and cars looking for evidence of crime. The rules governing home searches and car searches are pretty clear by now. In contrast, the legal rules that govern computer searches are mostly a mystery. The Supreme Court hasn't decided a single case on when and how the police can search a computer.

It's probably only a matter of time before they do, however. Computer searches are occurring more and more often in an increasingly wide range of cases. Our computers store a remarkable amount of information about us, ranging from what we have written to what websites we have visited. As a result, computers are a potential goldmine of evidence for the police. That's good news for the police, of course. But it also raises concerns that the police may have too much power to grab our computers and search them.

In a forthcoming article called "Searches and Seizures in a Digital World," I explore how courts should apply the Fourth Amendment's prohibition against unreasonable searches and seizures to searches of personal computers. Here's a quick summary. First, the government ordinarily should need a search warrant to retrieve evidence from a personal computer. Computer owners have a "reasonable expectation of privacy" in the contents of their computers, and the police need a warrant or an exception to the warrant requirement to retrieve evidence from a computer. The framework ends up treating the search of a computer as something akin to searching a house. In the case of a house search, a search occurs when the police enter a suspect's home and observe what's inside. Police don't actually enter a computer, of course, but they do take steps to retrieve the data stored inside it. We should treat the act of retrieving data as the virtual equivalent of physical entrance.

The second half of the article explores ways legal rules can limit the scope of computer searches authorized by warrants. My concern is that computers store so much stuff that police may try to access a suspect's computer using a warrant for one crime as a pretext to search it for other evidence. This may not be a big problem today, but I expect it will be as computer technologies advance. Computers record a growing proportion of our lives, and computer searches tend to be very invasive. Under the so-called "plain view" exception, the police are allowed to use evidence of unrelated crimes discovered during a legitimate search so long as the incriminating nature of the unrelated evidence is readily apparent. I worry that the tremendous and ever-increasing storage capacity of modern computers may encourage the police to obtain a warrant for one low-level offense and then to use that authority to look for evidence of other types of crimes stored inside the suspect's machine. The law could respond in a number of ways. For example, one approach I explore in the article would be tightening or even eliminating the plain view exception for digital evidence searches.

Brenner: 8/8/05, 01:34 PM
I think your article touches on some very important issues, and I look forward to our discussion.

I agree that the digital environment poses challenges for our application of the Fourth Amendment, which was devised at a time when police conduct was limited to kicking down doors and, infamously, rummaging through "papers." One of the problems we have, as you note, is coming up with appropriate analogies. Currently, the analogy courts tend to use for hard drives and other computer storage media is that of a "container," so they analogize a hard drive to, say, a piece of luggage or an opaque chest.

The problem with that—and it surfaces in various ways in magistrate's attitudes toward the "container" analogy—is, of course, that a hard drive is much, much more complex than a piece of luggage or a chest. Hard drives already store vast amounts of information and, as we all know, that capacity will only keep expanding. So, as you note in the article, magistrates are grappling with how to approve a search of a computer-as-container but keep the scope of the search within some "reasonable" limits.

A related issue, which I believe you mention in the article but I don't know if we'll get into this week, is how we go beyond the "hard-drive-as-container" analogy and deal with "computer-as-link-to-the-world." That is, how do we adapt Fourth Amendment principles to deal with a "container" that is permeable—that is actively linked to other "containers" located in the U.S. and abroad?

As a general matter, I think we want to keep our analogies as fluid as possible, so they remain useful even when the notion of a hard drive seems as quaint as the five and a quarter inch floppy disks IBM PCs used twenty years ago. That, of course, is much easier said than done . . . but we perhaps we can kick it around.

Finally, I'd like to pick up on something you said in your post: "We should treat the act of retrieving data as the virtual equivalent of physical entrance." "Retrieving data" can involve several steps, the first of which is usually making a copy of the data source. I believe copying data is a seizure within the scope of the Fourth Amendment. Do you see it as neither a seizure nor a search and therefore quite outside the Fourth Amendment?

This Week's Entries: Monday | Tuesday | Wednesday | Thursday

Kerr: 8/9/05, 01:53 PM
Susan, you raise two very interesting issues.

The first issue is how the Fourth Amendment should apply to government copying of computer files. In view, the right approach is to follow the Supreme Court's 1987 decision in Arizona v. Hicks. In Hicks, a police officer was searching a home and came across what he thought might be a stolen turntable. He picked up the turntable, looked underneath it, and saw a serial number. He then copied the serial number and reported the number to the police station to confirm it was stolen. The Supreme Court held that manipulating the stereo to see the serial number was a search, but that the copying of the number itself was not a seizure.

I think this approach makes sense when applied to the copying of computer files. The interference with and manipulation of the machine that is needed to create the copy will generally be a search, but the actual act of copying the data is not itself a seizure. I realize that this is a somewhat different approach than the one you take, Susan, in that you believe that the act of copying constitutes a seizure. But my sense is that we end up in the same place.

Use of the container analogy is another interesting question. Early cases applying the Fourth Amendment to computers analogized computers to closed containers, and applied the well-established rules for searching closed containers to searching computers. In my view, this analogy is useful in some contexts, but not others. I think the analogy is right for determining whether a person has a reasonable expectation of privacy in the contents of their computers. The courts have held that we normally have a reasonable expectation of privacy in our closed containers, and I think the same rule is properly applied to our computers.

At the same time, analogizing a computer to a simple container seems improper in other contexts. The process of retrieving evidence from a computer is different from the process of retrieving evidence from a physical container, and courts need to see those differences. For example, I disagree with a recent Fifth Circuit case that equated searching one file on a computer with searching the entire computer. The court analogized the computer to a container, and didn't see the vast difference between retrieving one piece of information from the machine and spending weeks or even longer searching through the hard drive for evidence. I see the two as different. If we need to find an analogy, perhaps the better analogy is to a warehouse, not just a container.

Brenner: 8/9/05, 05:39 PM
You, Orin, have a very interesting take on both issues.

So, here are my thoughts on your thoughts . . . .

As to the copying of a file, I do not think Arizona v. Hicks is or should be dispositive of the issue. I could distinguish Hicks on the grounds that a serial number is not really "property" belonging to the turntable owner, since it was included by the manufacturer for its own purposes (analogous to a Vehicle Identification Number, say). But I think that ducks the issue.

The Fourth Amendment does not apply to police conduct unless there is a "search" or a "seizure." Searches violate one's privacy; I do not think copying data is a search because there is no inspection of the data and therefore no compromise of its privacy. Seizures interfere with one's possession and use of property; I think copying data is a seizure because there is an "interference," though not the kind we are accustomed to.

Traditionally, seizures have been zero-sum. In Soldal v. Cook County, the Supreme Court held that, yes, indeed, it was a "seizure" for law enforcement to tow a gentleman's mobile home. That is a zero-sum seizure because tangible property can only be possessed by A or by B, not by both; if the police have the mobile home, Soldal does not. In a digital environment, nothing needs to be zero-sum.

Police can copy my data, take the copy and leave me with my data. Have I suffered a seizure? I think I have and to explain that I need to use an analogy.

In criminal law we recognize that copying data is a form of theft. This became an issue in an Oregon case, State v. Schwartz. Schwartz copied a password file belonging to his employer, Intel; Intel discovered what had happened and Schwartz was charged with "computer theft," i.e., with stealing the data in the file. He argued that he did not "steal" the data because Intel still had it; he was using a zero-sum conception of theft, which has traditionally been our conception of theft (you take my laptop, I lose it, that is theft). The court rejected Schwartz's argument, noting that Intel had in fact "lost" something—the exclusive right to possess and utilize the information in the file. There had been a non-zero-sum theft, i.e., the loss of an incremental possessory interest in the data.

I think the same thing happens when data is copied. Before the data was copied, I am the only one who had it. After police copy my data, they have it, too. I have lost that exclusivity.

The loss of exclusivity justifies treating the copying of data as a seizure. I also think it is important to bring the copying of data within the Fourth Amendment.

And I used up all my space on the first issue. . .

This Week's Entries: Monday | Tuesday | Wednesday | Thursday

Kerr: 8/10/05, 09:04 AM
Susan, I think you and I agree on an important point. People have a right to control their property, and this means that they have a right to control access to their computers. We both agree that governmental access to our computers should be regulated by law, both in terms of the substantive criminal law and the Fourth Amendment. My sense is that our disagreement is on a relatively narrow and technical point: Should the law block governmental copying of a person's computer files because taking control of a person's computer constitutes a search or seizure, or because the act of generating a copy constitutes a Fourth Amendment seizure? I explain in my article (on pages 30 to 35) why I prefer the former approach. At the same time, I think it's helpful to realize that we're taking two paths to the same conclusion.

I suspect we have more disagreement on the question of how the law can limit the scope of searches through computers conducted pursuant to a warrant. There are two basic approaches. First, magistrate judges could require the police to agree to a specific search protocol before approving and issuing the warrant. The warrant itself could explain the specific steps the police can take using forensics tools to identify the information sought. Alternatively, a rule could be imposed that limits the admissibility of evidence discovered beyond the scope of the warrant. The idea would be to reconfigure the existing "plain view" exception for the context of digital evidence.

In my view, requiring a specific search protocol doesn't work. The computer forensics process is an art, not a science. No one can predict what kinds of steps will be needed to find the evidence in the computer before the computer is even seized. Judges are particularly unlikely to understand the technical difficulties, as most magistrate judges are not computer experts. In my view, the better approach is to let investigators conduct the search they feel they need to locate the evidence described in the warrant. To the extent we worry about investigators using such a broad authority to conduct pretext searches, the better response is to limit the admissibility of evidence discovered beyond the warrant. Under this approach, the law would allow the police to take the steps they need to find evidence within the scope of the warrant, but then place limits on the admissibility of any evidence found outside the scope of the warrant.

Brenner: 8/10/05, 01:24 PM
Yes, Orin, I think our points of disagreement are actually quite minor.

One more comment on the seizure issue and then I really will get to the protocols.

Officers come to John's home with a warrant for his laptop. He gives them the laptop. They see a PC in the corner and ask if they can copy its hard drive; he agrees. Halfway through, he says, "I changed my mind. Stop." If they stop, can they use the data they've already copied?

As to search protocols, I'd like to begin with a question. The Department of Justice's manual on searching and seizing computers recommends including a protocol in a warrant: "The third step in drafting a . . . computer search warrant is to explain . . . the search strategy. . . . The affidavit should . . . explain what techniques the agents expect to use to search the computer for specific files that represent evidence of crime and may be intermingled with entirely innocuous documents." I wonder why the recommendation was included, if protocols are, as you say, impracticable?

As to the desirability of requiring a protocol, I think the argument that judges are not technically savvy enough to appreciate what is involved is both true and transient. It is true that, currently, most judges are not computer experts; I suspect this will change as new judges take the bench over the next five or ten years.

And I am not sure this is a fatal objection, even now. Judges rules on many complex issues despite the fact that they have no particular substantive expertise in those areas. They rely on litigants to educate them; seems to me we could rely on a similar process here, i.e., prosecutors and agents educating judges as to what is "reasonable" and what is not.

The Fourth Amendment, after all, only requires reasonableness, not perfection. I think judges see protocols as providing an assurance of "reasonableness," in the same way a search warrant "greatly reduces the perception of unlawful or intrusive police conduct," as the Supreme Court held in Illinois v. Gates. I take your point about eliminating the plain view doctrine, but like many judges, I am more comfortable with channeling the search in such a way as to "reasonably" ensure it does not exceed appropriate limits. That helps avoid the difficult issue of sacrificing inadvertently discovered evidence of a serious crime.

This Week's Entries: Monday | Tuesday | Wednesday | Thursday

Kerr: 8/11/05, 12:26 PM
Susan, let me press you on whether judicial inability to articulate useful computer search protocols is merely a "transient" problem. You suggest that over time, more computer-savvy judges will be on the bench and will be better at articulating protocols. I disagree. The problem with protocols isn't lack of familiarity with how computers work in general. Rather, the problem is that even judges who are computer whizzes can't know how information on a particular computer is going to be stored. Every computer and every case is different, and technologies of storage and analysis change quickly over time.

As a result, computer-savvy judges are only more likely to realize that they can't usefully limit the scope of computer searches through warrant protocols. It seems worth noting that one of the most computer-savvy judges on the federal bench, Alex Kozinski, also wrote a recent opinion rejecting the use of computer search protocols. In United States v. Hill, the defendant argued that the government should have used search protocols to avoid rummaging through his computer in a search for images of child pornography. Judge Kozinski rejected the argument, noting that "Criminals will do all they can to conceal contraband, including the simple expedient of changing the names and extensions of files to disguise their content from the casual observer. . . . There is no way to know what is in a file without examining its contents, just as there is no sure way of separating talcum from cocaine except by testing it."

Finally, I think it's also important to note that the Supreme Court has rejected the idea of requiring search protocols in warrants. In Dalia v. United States, the court wrote that "Nothing in the language of the Constitution or in this Court's decisions interpreting that language suggests that . . . search warrants also must include a specification of the precise manner in which they are to be executed. On the contrary, it is generally left to the discretion of the executing officers to determine the details of how best to proceed with the performance of a search authorized by warrant . . ." That seems like a wise approach, especially in the context of computer warrants.

Susan, this has been a very helpful discussion. I've enjoyed it. I think you'll agree that regardless of how the courts resolve these issues, we're just scratching the surface of a very interesting and important set of questions. It will be fascinating to see how these issues play out in the future.

Brenner: 8/11/05, 01:34 PM
Orin, to begin with your last point: I, too, am enjoying our discussions; I think they point up how complex the issues are that already arise from digital evidence. And things can only become more interesting.

I know the Hill case. A Washington court said pretty much the same thing in State v. DeGroff.

Protocols raise two issues: the practicability of implementing them and the magistrate's authority to require them. I actually find the second issue more interesting because I think the first one is transient. Judges will not become computer forensics experts; they will never be able to devise protocols. But as I said in my last post, I still think a judge will be able to determine if the experts searching a computer have articulated a protocol that "reasonably" circumscribes the scope of the search. As I see it, the process is one of negotiation and re-negotiation, with the warrant's specifying an initial protocol that can be adjusted as the search proceeds. I think I find that approach attractive because digital evidence searches will only become more complex, and I am hesitant to rely on the uncanalized discretion of agents.

I'd like to raise another, related issue: We've been talking about the searches and seizures conducted with a warrant. Let's try an exception to the warrant requirement: A few courts have considered the applicability of the border search exception to laptop computers. As you know, this exception lets Customs agents search the persons and effects of travelers entering or leaving the U.S.; the purpose is to determine if the person is carrying impermissible items or if there is an immigration issue.

In U.S. v. Irving, the Southern District of New York held that the exception applies to diskettes so, by extension, it would presumably apply to a laptop. If it does, what do you think is the proper scope of the search? Can agents look through all the files on the laptop or just do a cursory review, say, of the directory? (This is one of those complex-container problems.) And what about the plain view doctrine? Once the agents can get into the hard drive, is anything they see "in plain view"? Or would you hold that it is not applicable in this context, as well as in the context of warrant searches?

This Week's Entries: Monday | Tuesday | Wednesday | Thursday

printer friendly email this article letter to the editor
space space space

Contact Us