Searching Computers

Generally, warrants are required for searches of computers unless there is a recognized exception to the warrant requirement. The guidelines recommend that law enforcement agents use utility programs to conduct limited searches for specific information, both because the law prefers warrants that are narrowly tailored and for reasons of economy. “The power of the computer allows analysts to design a limited search in other ways as well . . . by a specific name, words, places. . . .”

For computer systems used by more than one person, the guidelines state that the consent of one user is enough to authorize a search of the entire system, even if each user has a different directory. However, if users have taken “special steps” to protect their privacy, such as passwords or encryption, a search warrant is necessary. The guidelines suggest that users do not expect privacy on commercial services and large mainframe systems because users should know that system operators have the technical ability to read all files on such systems. They recommend that the most prudent course is to obtain a warrant but suggest that in the absence of a warrant, prosecutors should argue that “reasonable users will also expect system administrators to be able to access all data on the system.” Employees may also expect privacy in their computers that would prohibit employers from consenting to police searches. Public employees are protected by the Fourth Amendment, and searches of their computers are prohibited except for “ non-investigatory, work-related intrusions” and “investigatory searches for evidence of suspected work-related employee misfeasance.”

The guidelines discuss the Privacy Protection Act of 1980, which was successfully used in the Steve Jackson Games case against federal agents. They recommend that “before searching any BBS, agents must carefully consider the restrictions of the PPA.” Citing the Jackson case, they leave open the question of whether BBS’s by themselves are subject to the PPA and state that “the scope of the PPA has been greatly expanded as a practical consequence of the revolution in information technology — a result which was probably not envisioned by the Act’s drafters.” Under several DOJ memos issued in 1993, all applications for warrants under the Privacy Protection Act must be approved by a Deputy Assistant Attorney General of the Criminal Division or the supervising DOJ attorney.

For computers that contain private electronic mail protected by the Electronic Communications Privacy Act of 1986, prosecutors are advised to inform the judge that private email may be present and avoid reading communications not covered in the warrant. Under the ECPA, a warrant is required for email on a public system stored for less than 180 days. If the mail is stored for more than 180 days, law enforcement agents can obtain it either by using a subpoena (if they inform the target beforehand) or using a warrant without notice.

For computers that contain confidential information, the guidelines recommend that forensic experts minimize their examination of irrelevant files. It may also be possible to appoint a special master to search systems containing privileged information.

One important section deals with issues relating to encryption and the Fifth Amendment’s protection against self-incrimination. The guidelines caution that a grant of limited immunity may be necessary before investigators can compel disclosure of an encryption key from a suspect.