Searches of computers

Many courts treat the computer as filing cabinets containing many discrete file folders and documents and demand that the police show probable cause and a warrant, or justification for the lack of a warrant, to search each path, directory, folder, and file name within the computer.

Treating a computer as just another container has its disadvantages: warrants to search for a particular item, such as a document or photograph, generally permit search of any place or container within the area that might contain the item. Computers are unique in the volume and variety of personal information they may hold. Searches of computers therefore often involve a much greater degree of intrusion than searches of other containers. Recognizing this, some courts have ruled that absent special circumstances, search of a computer without explicit authorization in a warrant violates the Fourth Amendment standard of reasonableness.

Challenge based on the file name

Your attorney should carefully check what the warrant or the justification for the search authorized. If the police claim that they encountered incriminating files in plain view while searching your computer for other files, your criminal attorney can argue that there must be probable cause to believe the folder and file contain contraband or evidence based solely on the name of the file or folder.

Most data files bear extensions that identify them as one type of file or another, and files bearing different extensions will not be found in the same folder. For example, a search for e-mails, which bear an “eml” extension, should not wander through folders containing picture files, identified by a “jpg” or “tiff” extension. Similarly, document files often end with the extensions “pdf,” “rtf,” “wpd,” or “doc.” If a search for documents is authorized and the officers review files ending in “jpg,” they should know they are viewing picture files and exceeding the warrant’s scope.

Challenge based on the search method

You can demand precision in executing a search of computer files.

The police can and should use a key-word search and other technological search methods without unnecessary review of material for which there is no probable cause. They should not open each file on the computer and inspect its contents, as they might do when rummaging through a file cabinet to find documents responsive to a warrant.

Preserve the evidence

Nowadays, the police either make a mirror-image of the computer’s hard drive and leave the computer itself, or they make the image rather quickly back at the station and return the computer.

Your criminal defense attorney should take steps to preserve the electronic evidence to make sure that the police do not alter it. He or she should engage a computer technician to make your own mirror-image of the hard drive before the computer is used again to preserve an image of the files at the time of the search and to compare that image to the files the police present as evidence.

Move for the return of the property

When the police seize files, especially computer files, that may have intermingled in them documents covered by the warrant and others beyond the warrant’s scope, your criminal attorney should do one of the following:

  • Move promptly for the return of the property.
  • Demand that the files be sealed and provided to an independent magistrate or special master for review.

Plain view and computer searches

The plain view exception eliminates the need for a warrant only if the evidence and its incriminating character are “immediately apparent” while looking for the authorized objects of the search.

A crucial question is whether the police action necessary to “look” at a computer file constitutes a further intrusion of privacy—a search. Some recent court decisions show uneasiness at the sweeping intrusions that the plain view doctrine authorizes unless applied with sensitivity to the unique nature of forensic computer examinations. For example, one court decided that a hash-value analysis of a computer, in which an examiner copies the hard drive and, using forensic software such as EnCase, applies an algorithm to the drive to produce a string of digits that uniquely identifies the underlying data, constitutes a search requiring a warrant.

Recognizing that most computer searches might expose every bit of information on the computer to plain view, the Ninth Circuit Court of Appeals instituted strict guidelines for computer searches:

1. Magistrates should insist that the government waive reliance on the plain view doctrine in digital evidence cases.

2. Segregation and redaction must be done either by specialized personnel or an independent third party. If the segregation is to be done by government computer personnel, it must agree in the warrant application that the computer personnel will not disclose to the investigators any information other than information that is the target of the warrant.

3. Warrants and subpoenas must disclose the actual risks of destruction of information as well as prior efforts to seize that information in other courts.

4. The government’s search protocol must be designed to uncover only the information for which it has probable cause, and only that information may be examined by the case agents.

5. The government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept.

These apply in cases in federal court in the following states: Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington.