Latest USDOJ "Guidelines Manual" For Confiscation of our Personal Computers, Intellectual Property and other Electronic Property...  Your Property, Work and Technology is No Longer Your Own  

They can:

Searching and Seizing Computers

and Obtaining Electronic Evidence

in Criminal Investigations

________________

Computer Crime and Intellectual Property Section

Criminal Division

United States Department of Justice

________________

January 2001

PREFACE

This publication supersedes Federal Guidelines for Searching and Seizing Computers (1994), as well as the Guidelines' 1997 and 1999 Supplements. Although the interagency group that produced the Guidelines achieved its goal of offering "systematic guidance to all federal agents and attorneys" in the law of computer search and seizure, intervening changes in law and the dramatic expansion of the Internet since 1994 have fostered the need for fresh guidance.

This manual is designed to combine an updated version of the Guidelines' advice on searching and seizing computers with guidance on the statutes that govern obtaining electronic evidence in cases involving computer networks and the Internet. Of course, this manual is intended to offer assistance, not authority. Its analysis and conclusions reflect current thinking on difficult areas of law, and do not represent the official position of the Department of Justice or any other agency. It has no regulatory effect, and confers no rights or remedies.

This publication was written by Orin S. Kerr of the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, under the supervision of Martha Stansell-Gamm, Chief of the Computer Crime and Intellectual Property Section. The author gratefully acknowledges the assistance of Mark Eckenwiler, Scott Charney, David Green, Jennifer Martin, Chris Painter, the members of the 1999 CTC Working Group (especially Stephen Heymann), Jeff Singdahlsen, Mark Pollitt, Thos. Gregory Motta, Joanne Pasquerelli, and summer interns Dan Jackson and Avi Ionescu. Electronic copies of this document are available from the Computer Crime and Intellectual Property Section's web site, www.cybercrime.gov. Inquiries, comments, and corrections should be directed to Orin S. Kerr at (202) 514-1026. Requests for paper copies or written correspondence should be sent to the following address:

Attn: Search and Seizure Manual

Computer Crime and

Intellectual Property Section

United States Department of Justice

P.O. Box 887

Ben Franklin Station

Washington, DC 20044-0887

TABLE OF CONTENTS

INTRODUCTION vii

I. SEARCHING AND SEIZING COMPUTERS WITHOUT A WARRANT 1

A. Introduction 1

B. The Fourth Amendment's "Reasonable Expectation of Privacy"

in Cases Involving Computers 1

1. General Principles 1

2. Reasonable Expectation of Privacy in Computers as Storage Devices 2

3. Reasonable Expectation of Privacy and Third-Party Possession 3

4. Private Searches 6

C. Exceptions to the Warrant Requirement in Cases Involving Computers 9

1. Consent 9

a) Scope of Consent 9

b) Third-Party Consent 11

c) Implied Consent 16

2. Exigent Circumstances 17

3. Plain View 18

4. Search Incident to a Lawful Arrest 19

5. Inventory Searches 20

6. Border Searches 21

7. International Issues 22

D. Special Case: Workplace Searches 23

1. Private Sector Workplace Searches 24

a) Reasonable Expectation of Privacy in Private-Sector Workplaces 24

b) Consent in Private Sector-Workplaces 25

c) Employer Searches in Private-Sector Workplaces 26

2. Public-Sector Workplace Searches 26

a) Reasonable Expectation of Privacy in Public Workplaces 26

b) "Reasonable" Workplace Searches Under O'Connor v. Ortega 29

c) Consent in Public-Sector Workplaces 33

II. SEARCHING AND SEIZING COMPUTERS WITH A WARRANT 34

A. Introduction 34

B. Planning the Search 37

1. Basic Strategies for Executing Computer Searches 37

a) When Hardware Is Itself Contraband, Evidence,

or an Instrumentality or Fruit of Crime 39

b) When Hardware is Merely a Storage Device for Evidence of Crime
39

2. The Privacy Protection Act 41

a) A Brief History of the Privacy Protection Act 42

b) The Terms of the Privacy Protection Act 43

c) Application of the PPA to Computer Searches and Seizures 44

3. Civil Liability Under the Electronic Communications Privacy Act 47

4. Considering the Need for Multiple Warrants in Network Searches 49

5. No-Knock Warrants 51

6. Sneak-and-Peek Warrants 52

7. Privileged Documents 53

a) The Attorney General's Regulations Relating to Searches of Disinterested Lawyers, Physicians, and Clergymen 53

b) Strategies for Reviewing Privileged Computer Files 54

C. Drafting the Warrant and Affidavit 55

Step 1: Accurately and Particularly Describe the Property to be Seized in the Warrant and/or Attachments to the Warrant 55

Step 2: Establish Probable Cause in the Affidavit 61

Step 3: In the Affidavit Supporting the Warrant, Include an Explanation of the Search Strategy (Such as the Need to Conduct an Off-site Search) as Well as the Practical and Legal Considerations That Will Govern the Execution of the Search 63

D. Post-Seizure Issues 68

1. Searching Computers Already in Law Enforcement Custody 68

2. The Permissible Time Period For Examining Seized Computers 70

3. Rule 41(e) Motions for Return of Property 72

III. THE ELECTRONIC COMMUNICATIONS PRIVACY ACT 75

A. Introduction 75

B. Providers of Electronic Communication Service vs. Remote Computing Service 77

"Electronic communication service" 78

"Electronic storage" 79

"Remote computing service" 79

C. Classifying Types of Information Held by Service Providers 82

1. Basic Subscriber Information Listed in 18 U.S.C. § 2703(c)(1)(C) 82

2. Records or Other Information Pertaining to a Customer or Subscriber 83

3. Contents 83

D. Compelled Disclosure Under ECPA 84

1. Subpoena 85

2. Subpoena with Prior Notice to the Subscriber or Customer 86

3. Section 2703(d) Order 87

4. § 2703(d) Order with Prior Notice to the Subscriber or Customer 88

5. Search Warrant 89

E. Voluntary Disclosure 90

1. Contents 90

2. Records Other than Contents 91

F. Quick Reference Guide 94

G. Working with Network Providers: Preservation of Evidence, Preventing Disclosure to Subjects, and Cable Act Issues 95

1. Preservation of Evidence under 18 U.S.C. § 2703(f) 95

2. Orders Not to Disclose the Existence of a Warrant, Subpoena, or Court Order
96

3. Possible Conflicts with the Cable Act, 47 U.S.C. § 551 97

H. Remedies 98

1. Suppression 98

2. Civil Actions 100

IV. ELECTRONIC SURVEILLANCE IN COMMUNICATIONS NETWORKS 101

A. Introduction 101

B. The Pen/Trap Statute, 18 U.S.C. §§ 3121-27 102

C. The Wiretap Statute, Title III, 18 U.S.C. §§ 2510-22 104

1. Introduction: The General Prohibition 104

2. Key Phrases 105

"Wire communication" 105

"Electronic communication" 106

"Intercept" 107

3. Exceptions to Title III 108

a) Interception Authorized by a Title III Order, 18 U.S.C. § 2518. 109

b) Consent of a Party to the Communication,

18 U.S.C. § 2511(2)(c)-(d) 110

c) The Provider Exception, 18 U.S.C. § 2511(2)(a)(i) 113

d) The Extension Telephone Exception, 18 U.S.C. § 2510(5)(a) 117

e) The 'Inadvertently Obtained Criminal Evidence' Exception,

18 U.S.C. § 2511(3)(b)(iv) 119

f) The 'Accessible to the Public' Exception,

18 U.S.C. § 2511(2)(g)(i) 119

D. Remedies For Violations of Title III and the Pen/Trap Statute 119

1. Suppression Remedies 120

a) Statutory Suppression Remedies 120

b) Constitutional Suppression Remedies 123

2. Defenses to Civil and Criminal Actions 124

a) Good-Faith Defense 125

b) Qualified Immunity 126

V. EVIDENCE 127

A. Introduction 127

B. Authentication 129

1. Authenticity and the Alteration of Computer Records 130

2. Establishing the Reliability of Computer Programs 130

3. Identifying the Author of Computer-Stored Records 132

C. Hearsay 133

1. Inapplicability of the Hearsay Rules to Computer-Generated Records 133

2. Applicability of the Hearsay Rules to Computer-Stored Records 135

D. Other Issues 136

1. The Best Evidence Rule 136

2. Computer Printouts as "Summaries" 137

VI. APPENDICES 138

Appendix A: Sample Network Banner Language 138

Appendix B: Sample 18 U.S.C. § 2703(d) Application and Order 141

Appendix C: Sample Language for Preservation
Request Letters under 18 U.S.C. § 2703(f) 152

Appendix D: Sample Pen Register /Trap
and Trace Application and Order 155

Appendix E: Sample Subpoena Language 145

Appendix F: Sample Language for Search Warrants
and Accompanying Affidavits to Search and Seize Computers 147

Appendix G: Sample Letter for Provider Monitoring 160

INDEX 161

INTRODUCTION

In the last decade, computers and the Internet have entered the mainstream of American life. Millions of Americans spend several hours every day in front of computers, where they send and receive e-mail, surf the Web, maintain databases, and participate in countless other activities.

Unfortunately, those who commit crime have not missed the computer revolution. An increasing number of criminals use pagers, cellular phones, laptop computers and network servers in the course of committing their crimes. In some cases, computers provide the means of committing crime. For example, the Internet can be used to deliver a death threat via e-mail; to launch hacker attacks against a vulnerable computer network; to disseminate computer viruses; or to transmit images of child pornography. In other cases, computers merely serve as convenient storage devices for evidence of crime. For example, a drug kingpin might keep a list of who owes him money in a file stored in his desktop computer at home, or a money laundering operation might retain false financial records in a file on a network server.

The dramatic increase in computer-related crime requires prosecutors and law enforcement agents to understand how to obtain electronic evidence stored in computers. Electronic records such as computer network logs, e-mails, word processing files, and ".jpg" picture files increasingly provide the government with important (and sometimes essential) evidence in criminal cases. The purpose of this publication is to provide Federal law enforcement agents and prosecutors with systematic guidance that can help them understand the legal issues that arise when they seek electronic evidence in criminal investigations.

The law governing electronic evidence in criminal investigations has two primary sources: the Fourth Amendment to the U.S. Constitution, and the statutory privacy laws codified at 18 U.S.C. §§ 2510-22, 18 U.S.C. §§ 2701-11, and 18 U.S.C. §§ 3121-27. Although constitutional and statutory issues overlap in some cases, most situations present either a constitutional issue under the Fourth Amendment or a statutory issue under these three statutes. This manual reflects that division: Chapters 1 and 2 address the Fourth Amendment law of search and seizure, and Chapters 3 and 4 focus on the statutory issues, which arise mostly in cases involving computer networks and the Internet.

Chapter 1 explains the restrictions that the Fourth Amendment places on the warrantless search and seizure of computers and computer data. The chapter begins by explaining how the courts apply the "reasonable expectation of privacy" test to computers; turns next to how the exceptions to the warrant requirement apply in cases involving computers; and concludes with a comprehensive discussion of the difficult Fourth Amendment issues raised by warrantless workplace searches of computers. Questions addressed in this chapter include: When does the government need a search warrant to search and seize a suspect's computer? Can an investigator search without a warrant through a suspect's pager found incident to arrest? Does the government need a warrant to search a government employee's desktop computer located in the employee's office?

Chapter 2 discusses the law that governs the search and seizure of computers pursuant to search warrants. The chapter begins by reviewing the steps that investigators should follow when planning and executing searches to seize computer hardware and computer data with a warrant. In particular, the chapter focuses on two issues: first, how investigators should plan to execute computer searches, and second, how they should draft the proposed search warrants and their accompanying affidavits. Finally, the chapter ends with a discussion of post-search issues. Questions addressed in the chapter include: When should investigators plan to search computers on the premises, and when should they remove the computer hardware and search it later off-site? How should investigators plan their searches to avoid civil liability under the Privacy Protection Act, 42 U.S.C. § 2000aa? How should prosecutors draft search warrant language so that it complies with the particularity requirement of the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure? What is the law governing when the government must search and return seized computers?

The focus of Chapter 3 is the stored communications portion of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-11 ("ECPA"). ECPA governs how investigators can obtain stored account records and contents from network service providers, including Internet service providers (ISPs), telephone companies, cell phone service providers, and satellite services. ECPA issues arise often in cases involving the Internet: any time investigators seek stored information concerning Internet accounts from providers of Internet service, they must comply with the statute. Topics covered in this section include: How can the government obtain e-mails and network account logs from ISPs? When does the government need to obtain a search warrant, as opposed to 18 U.S.C. § 2703(d) order or a subpoena? When can providers disclose e-mails and records to the government voluntarily? What remedies will courts impose when ECPA has been violated?

Chapter 4 reviews the legal framework that governs electronic surveillance, with particular emphasis on how the statutes apply to surveillance on the communications networks. In particular, the chapter discusses Title III as modified by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-22 (referred to here as "Title III"), ⁽¹⁾ as well as the Pen Register and Trap and Trace Devices statute, 18 U.S.C. §§ 3121-27. These statutes govern when and how the government can conduct real-time surveillance, such as monitoring a computer hacker's activity as he breaks into a government computer network. Topics addressed in this chapter include: When can victims of computer crime monitor unauthorized intrusions into their networks and disclose that information to law enforcement? Can network "banners" generate implied consent to monitoring? How can the government obtain a pen register/trap and trace order that permits the government to collect packet header information from Internet communications? What remedies will courts impose when the electronic surveillance statutes have been violated?

Of course, the issues discussed in Chapters 1 through 4 can overlap in actual cases. An investigation into computer hacking may begin with obtaining stored records from an ISP according to Chapter 3, move next to an electronic surveillance phase implicating Chapter 4, and then conclude with a search of the suspect's residence and a seizure of his computers according to Chapters 1 and 2. In other cases, agents and prosecutors must understand issues raised in multiple chapters not just in the same case, but at the same time. For example, an investigation into workplace misconduct by a government employee may implicate all of Chapters 1 through 4. Investigators may want to obtain the employee's e-mails from the government network server (implicating ECPA, discussed in Chapter 3); may wish to monitor the employee's use of the telephone or Internet in real-time (raising surveillance issues from Chapter 4); and at the same time, may need to search the employee's desktop computer in his office for clues of the misconduct (raising search and seizure issues from Chapters 1 and 2). Because the constitutional and statutory regimes can overlap in certain cases, agents and prosecutors will need to understand not only all of the legal issues covered in Chapters 1 through 4, but will also need to understand the precise nature of the information to be gathered in their particular cases.

Chapters 1 through 4 are followed by a short Chapter 5, which discusses evidentiary issues that arise frequently in computer-related cases. The publication concludes with appendices that offer sample forms, language, and orders.

Computer crime investigations raise many novel issues, and the courts have only begun to interpret how the Fourth Amendment and federal statutory laws apply to computer-related cases. Agents and prosecutors who need more detailed advice can rely on several resources for further assistance. At the federal district level, every U.S. Attorney's Office has at least one Assistant U.S. Attorney who has been designated as a Computer and Telecommunications Coordinator ("CTC"). Every CTC receives extensive training in computer-related crime, and is primarily responsible for providing expertise relating to the topics covered in this manual within his or her district. CTCs may be reached in their district offices. Further, several sections within the Criminal Division of the U.S. Department of Justice in Washington, D.C., have expertise in computer-related fields. The Office of International Affairs ((202) 514-0000) provides expertise in the many computer crime investigations that raise international issues. The Office of Enforcement Operations ((202) 514-6809) provides expertise in the wiretapping laws and other privacy statutes discussed in Chapters 3 and 4. Also, the Child Exploitation and Obscenity Section ((202) 514-5780) provides expertise in computer-related cases involving child pornography and child exploitation.

Finally, agents and prosecutors are always welcome to contact the Computer Crime and Intellectual Property Section ("CCIPS") directly both for general advice and specific case-related assistance. During regular business hours, at least two CCIPS attorneys are on duty to answer questions and provide assistance to agents and prosecutors on the topics covered in this document, as well as other matters that arise in computer crime cases. The main number for CCIPS is (202) 514-1026.

I. SEARCHING AND SEIZING COMPUTERS WITHOUT A WARRANT

A. Introduction

The Fourth Amendment limits the ability of government agents to search for evidence without a warrant. This chapter explains the constitutional limits of warrantless searches in cases involving computers.

The Fourth Amendment states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

According to the Supreme Court, a warrantless search does not violate the Fourth Amendment if one of two conditions is satisfied. First, if the government's conduct does not violate a person's "reasonable expectation of privacy," then formally it does not constitute a Fourth Amendment "search" and no warrant is required. See Illinois v. Andreas, 463 U.S. 765, 771 (1983). Second, a warrantless search that violates a person's reasonable expectation of privacy will nonetheless be "reasonable" (and therefore constitutional) if it falls within an established exception to the warrant requirement. See Illinois v. Rodriguez, 497 U.S. 177, 183 (1990). Accordingly, investigators must consider two issues when asking whether a government search of a computer requires a warrant. First, does the search violate a reasonable expectation of privacy? And if so, is the search nonetheless reasonable because it falls within an exception to the warrant requirement?

B. The Fourth Amendment's "Reasonable Expectation of Privacy" in Cases Involving Computers

1. General Principles

A search is constitutional if it does not violate a person's "reasonable" or "legitimate" expectation of privacy. Katz v. United States, 389 U.S. 347, 362 (1967) (Harlan, J., concurring). This inquiry embraces two discrete questions: first, whether the individual's conduct reflects "an actual (subjective) expectation of privacy," and second, whether the individual's subjective expectation of privacy is "one that society is prepared to recognize as 'reasonable.'" Id. at 361. In most cases, the difficulty of contesting a defendant's subjective expectation of privacy focuses the analysis on the objective aspect of the Katz test, i.e., whether the individual's expectation of privacy was reasonable.

No bright line rule indicates whether an expectation of privacy is constitutionally reasonable. See O'Connor v. Ortega, 480 U.S. 709, 715 (1987). For example, the Supreme Court has held that a person has a reasonable expectation of privacy in property located inside a person's home, see Payton v. New York, 445 U.S. 573, 589-90 (1980); in conversations taking place in an enclosed phone booth, see Katz, 389 U.S. at 358; and in the contents of opaque containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982). In contrast, a person does not have a reasonable expectation of privacy in activities conducted in open fields, see Oliver v. United States, 466 U.S. 170, 177 (1984); in garbage deposited at the outskirts of real property,see California v. Greenwood, 486 U.S. 35, 40-41 (1988); or in a stranger's house that the person has entered without the owner's consent in order to commit a theft, see Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978).

2. Reasonable Expectation of Privacy in Computers as Storage Devices

To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer without a warrant if it would be prohibited from opening a closed container and examining its contents in the same situation.

The most basic Fourth Amendment question in computer cases asks whether an individual enjoys a reasonable expectation of privacy in electronic information stored within computers (or other electronic storage devices) under the individual's control. For example, do individuals have a reasonable expectation of privacy in the contents of their laptop computers, floppy disks or pagers? If the answer is 'yes,' then the government ordinarily must obtain a warrant before it accesses the information stored inside.

When confronted with this issue, courts have analogized electronic storage devices to closed containers, and have reasoned that accessing the information stored within an electronic storage device is akin to opening a closed container. Because individuals generally retain a reasonable expectation of privacy in the contents of closed containers, see United States v. Ross, 456 U.S. 798, 822-23 (1982), they also generally retain a reasonable expectation of privacy in data held within electronic storage devices. Accordingly, accessing information stored in a computer ordinarily will implicate the owner's reasonable expectation of privacy in the information. See United States v. Barth, 26 F. Supp.2d 929, 936-37 (W.D. Tex. 1998) (finding reasonable expectation of privacy in files stored on hard drive of personal computer); United States v. Reyes, 922 F. Supp. 818, 832-33 (S.D.N.Y. 1996) (finding reasonable expectation of privacy in data stored in a pager); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995) (same); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993) (same); United States v. Blas, 1990 WL 265179, at *21 (E.D. Wis. 1990) ("[A]n individual has the same expectation of privacy in a pager, computer, or other electronic data storage and retrieval device as in a closed container."). But see United States v. Carey,172 F.3d 1268, 1275 (10^th Cir. 1999) (dicta) (analogizing a computer hard drive to a file cabinet in the context of a search pursuant to a warrant, but then stating without explanation that "the file cabinet analogy may be inadequate").

Although individuals generally retain a reasonable expectation of privacy in computers under their control, special circumstances may eliminate that expectation. For example, an individual will not retain a reasonable expectation of privacy in information from a computer that the person has made openly available. In United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents looking over the defendant's shoulder read the defendant's password from the screen as the defendant typed his password into a handheld computer. The court found no Fourth Amendment violation in obtaining the password, because the defendant did not enjoy a reasonable expectation of privacy "in the display that appeared on the screen." Id. at 1389. Seealso Katz v. United States, 389 U.S. 347, 351 (1967) ("What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection."). Nor will individuals generally enjoy a reasonable expectation of privacy in the contents of computers they have stolen. See United States v. Lyons, 992 F.2d 1029, 1031-32 (10^th Cir. 1993).

3. Reasonable Expectation of Privacy and Third-Party Possession

Individuals who retain a reasonable expectation of privacy in stored electronic information under their control may lose Fourth Amendment protections when they relinquish that control to third parties. For example, an individual may offer a container of electronic information to a third party by bringing a malfunctioning computer to a repair shop, or by shipping a floppy diskette in the mail to a friend. Alternatively, a user may transmit information to third parties electronically, such as by sending data across the Internet. When law enforcement agents learn of information possessed by third parties that may provide evidence of a crime, they may wish to inspect it. Whether the Fourth Amendment requires them to obtain a warrant before examining the information depends first upon whether the third-party possession has eliminated the individual's reasonable expectation of privacy.

To analyze third-party possession issues, it helps first to distinguish between possession by a carrier in the course of transmission to an intended recipient, and subsequent possession by the intended recipient. For example, if A hires B to carry a package to C, A's reasonable expectation of privacy in the contents of the package during the time that B carries the package on its way to C may be different than A's reasonable expectation of privacy after C has received the package. During transmission, contents generally retain Fourth Amendment protection. The government ordinarily may not examine the contents of a package in the course of transmission without a warrant. Government intrusion and examination of the contents ordinarily violates the reasonable expectation of privacy of both the sender and receiver. See United States v. Villarreal, 963 F.2d 770, 774 (5^th Cir. 1992); but see United States v. Walker, 20 F. Supp.2d 971, 973-74 (S.D.W. Va. 1998) (concluding that packages sent to an alias in furtherance of a criminal scheme do not support a reasonable expectation of privacy). This rule applies regardless of whether the carrier is owned by the government or a private company. Compare Ex Parte Jackson, 96 U.S. (6 Otto) 727, 733 (1877) (public carrier) with Walter v. United States, 447 U.S. 649, 651 (1980) (private carrier).

A government "search" of an intangible electronic signal in the course of transmission may also implicate the Fourth Amendment. See Berger v. New York, 388 U.S. 41, 58-60 (1967) (applying the Fourth Amendment to a wire communication in the context of a wiretap). The boundaries of the Fourth Amendment in such cases remain hazy, however, because Congress addressed the Fourth Amendment concerns identified in Berger by passing Title III of the Omnibus Crime Control and Safe Streets Act of 1968 ("Title III"), 18 U.S.C. §§ 2510-22. Title III, which is discussed fully in Chapter 4, provides a comprehensive statutory framework that regulates real-time monitoring of wire and electronic communications. Its scope encompasses, and in many significant ways exceeds, the protection offered by the Fourth Amendment. SeeUnited States v. Torres, 751 F.2d 875, 884 (7^th Cir. 1985). As a practical matter, then, the monitoring of wire and electronic communications in the course of transmission generally raises many statutory questions, but few constitutional ones. See generally Chapter 4.

Individuals may lose Fourth Amendment protection in their computer files if they lose control of the files.

Once an item has been received by the intended recipient, the sender's reasonable expectation of privacy generally depends upon whether the sender can reasonably expect to retain control over the item and its contents. When a person leaves a package with a third party for temporary safekeeping, for example, he usually retains control of the package, and thus retains a reasonable expectation of privacy in its contents. See, e.g., United States v. Most, 876 F.2d 191, 197-98 (D.C. Cir. 1989) (finding reasonable expectation of privacy in contents of plastic bag left with grocery store clerk); United States v. Barry, 853 F.2d 1479, 1481-83 (8^th Cir. 1988) (finding reasonable expectation of privacy in locked suitcase stored at airport baggage counter); United States v. Presler, 610 F.2d 1206, 1213-14 (4^th Cir. 1979) (finding reasonable expectation of privacy in locked briefcases stored with defendant's friend for safekeeping). Seealso United States v. Barth, 26 F. Supp.2d 929, 936-37 (W.D. Tex. 1998) (holding that defendant retains a reasonable expectation of privacy in computer files contained in hard drive left with computer technician for limited purpose of repairing computer).

If the sender cannot reasonably expect to retain control over the item in the third party's possession, however, the sender no longer retains a reasonable expectation of privacy in its contents. For example, in United States v. Horowitz, 806 F.2d 1222 (4^th Cir. 1986), the defendant e-mailed confidential pricing information relating to his employer to his employer's competitor. After the FBI searched the competitor's computers and found the pricing information, the defendant claimed that the search violated his Fourth Amendment rights. The Fourth Circuit disagreed, holding that the defendant relinquished his interest in and control over the information by sending it to the competitor for the competitor's future use. See id. at 1225-26. See also United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (holding that defendant does not retain reasonable expectation of privacy in contents of e-mail message sent to America Online chat room after the message has been received by chat room participants) (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). In some cases, the sender may initially retain a right to control the third party's possession, but may lose that right over time. The general rule is that the sender's Fourth Amendment rights dissipate along with the sender's right to control the third party's possession. For example, in United States v. Poulsen, 41 F.3d 1330 (9^th Cir. 1994), computer hacker Kevin Poulsen left computer tapes in a locker at a commercial storage facility but neglected to pay rent for the locker. Following a warrantless search of the facility, the government sought to use the tapes against Poulsen. The Ninth Circuit held that the search did not violate Poulsen's reasonable expectation of privacy because under state law Poulsen's failure to pay rent extinguished his right to access the tapes. See id. at 1337.

An important line of Supreme Court cases states that individuals generally cannot reasonably expect to retain control over mere information revealed to third parties, even if the senders have a subjective expectation that the third parties will keep the information confidential. For example, in United States v. Miller, 425 U.S. 435, 443 (1976), the Court held that the Fourth Amendment does not protect bank account information that account holders divulge to their banks. By placing information under the control of a third party, the Court stated, an account holder assumes the risk that the information will be conveyed to the government. Id. According to the Court, "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." Id. (citing Hoffa v. United States, 385 U.S. 293, 302 (1966)). See also Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (finding no reasonable expectation of privacy in phone numbers dialed by owner of a telephone because act of dialing the number effectively tells the number to the phone company); Couch v. United States, 409 U.S. 322, 335 (1973) (holding that government may subpoena accountant for client information given to accountant by client, because client retains no reasonable expectation of privacy in information given to accountant).

Because computer data is "information," this line of cases suggests that individuals who send data over communications networks may lose Fourth Amendment protection in the data once it reaches the intended recipient. See United States v. Meriwether, 917 F.2d 955, 959 (6^thCir. 1990) (suggesting that an electronic message sent via a pager is "information" under theSmith/Miller line of cases); Charbonneau, 979 F. Supp. at 1184 ("[A]n e-mail message . . . cannot be afforded a reasonable expectation of privacy once that message is received."). But seeC. Ryan Reetz, Note, Warrant Requirement for Searches of Computerized Information, 67 B.U. L. Rev. 179, 200-06 (1987) (arguing that certain kinds of remotely stored computer files should retain Fourth Amendment protection, and attempting to distinguish United States v. Miller andSmith v. Maryland). Of course, the absence of constitutional protections does not necessarily mean that the government can access the data without a warrant or court order. Statutory protections exist that generally protect the privacy of electronic communications stored remotely with service providers, and can protect the privacy of Internet users when the Fourth Amendment may not. See 18 U.S.C. §§ 2701-11 (discussed in Chapter 3, infra).

Defendants will occasionally raise a Fourth Amendment challenge to the acquisition of account records and subscriber information held by Internet service providers using less process than a full search warrant. As discussed in a later chapter, the Electronic Communications Privacy Act permits the government to obtain transactional records with an "articulable facts" court order, and basic subscriber information with a subpoena. See 18 U.S.C. §§ 2701-11 (discussed in Chapter 3, infra). These statutory procedures comply with the Fourth Amendment because customers of Internet service providers do not have a reasonable expectation of privacy in customer account records maintained by and for the provider's business. See United States v. Hambrick, 55 F. Supp.2d 504, 508 (W.D. Va. 1999), aff'd, 225 F.3d 656, 2000 WL 1062039 (4^thCir. 2000) (unpublished opinion) (finding no Fourth Amendment protection for network account holder's basic subscriber information obtained from Internet service provider); United States v. Kennedy, 81 F. Supp.2d 1103, 1110) (D. Kan. 2000) (same). This rule accords with prior cases considering the scope of Fourth Amendment protection in customer account records. See, e.g.,United States v. Fregoso, 60 F.3d 1314, 1321 (8^th Cir. 1995) (holding that a telephone company customer has no reasonable expectation of privacy in account information disclosed to the telephone company); In re Grand Jury Proceedings, 827 F.2d 301, 302-03 (8^th Cir. 1987) (holding that customer account records maintained and held by Western Union are not entitled to Fourth Amendment protection).

4. Private Searches

The Fourth Amendment does not apply to searches conducted by private parties

who are not acting as agents of the government.

The Fourth Amendment "is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official." United States v. Jacobsen, 466 U.S. 109, 113 (1984). As a result, no violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement. See id. For example, in United States v. Hall, 142 F.3d 988 (7th Cir. 1998), the defendant took his computer to a private computer specialist for repairs. In the course of evaluating the defendant's computer, the repairman observed that many files stored on the computer had filenames characteristic of child pornography. The repairman accessed the files, saw that they did in fact contain child pornography, and then contacted the state police. The tip led to a warrant, the defendant's arrest, and his conviction for child pornography offenses. On appeal, the Seventh Circuit rejected the defendant's claim that the repairman's warrantless search through the computer violated the Fourth Amendment. Because the repairman's search was conducted on his own, the court held, the Fourth Amendment did not apply to the search or his later description of the evidence to the state police. See id. at 993. See also United States v. Kennedy, 81 F. Supp.2d 1103, 1112 (D. Kan. 2000) (concluding that searches of defendant's computer over the Internet by an anonymous caller and employees of a private ISP did not violate Fourth Amendment because there was no evidence that the government was involved in the search).

In United States v. Jacobsen, 466 U.S. 109 (1984), the Supreme Court presented the framework that should guide agents seeking to uncover evidence as a result of a private search. According to Jacobsen, agents who learn of evidence via a private search can reenact the original private search without violating any reasonable expectation of privacy. What the agents cannot do without a warrant is "exceed[] the scope of the private search." Id. at 115. See also United States v. Miller, 152 F.3d 813, 815-16 (8th Cir. 1998); United States v. Donnes, 947 F.2d 1430, 1434 (10th Cir. 1991). But see United States v. Allen, 106 F.3d 695, 699 (6^th Cir. 1999) (dicta) (stating that Jacobsen does not permit law enforcement to reenact a private search of a private home or residence). This standard requires agents to limit their investigation to the precise scope of the private search when searching without a warrant after a private search has occurred. So long as the agents limit themselves to the scope of the private search, the agents' search will not violate the Fourth Amendment. However, as soon as agents exceed the scope of the private warrantless search, any evidence uncovered may be suppressed. See United States v. Barth, 26 F. Supp.2d 929, 937 (W.D. Tex. 1998) (suppressing evidence of child pornography found on computer hard drive after agents viewed more files than private technician had initially viewed during repair of defendant's computer). In computer cases, this aspect of Jacobsen means that private searches will often be useful partly as opportunities to provide the probable cause needed to obtain a warrant for a further search. The fact that a private person has uncovered evidence of a crime on another person's computer does not permit agents to search the entire computer. Instead, the private search permits the agents to view the evidence that the private search revealed, and, if necessary, to use that evidence as a basis for procuring a warrant to search the rest of the computer. ⁽²⁾

Although most private search issues arise when private third parties intentionally examine property and offer evidence of a crime to law enforcement, the same framework applies when third parties inadvertently expose evidence of a crime to plain view. For example, in United States v. Procopio, 88 F.3d 21 (1^st Cir. 1996), a defendant stored incriminating files in his brother's safe. Later, thieves stole the safe, opened it, and abandoned it in a public park. Police investigating the theft of the safe found the files scattered on the ground nearby, gathered them, and then used them against the defendant in an unrelated case. The First Circuit held that the use of the files did not violate the Fourth Amendment, because the files were made openly available by the thieves' private search. See id. at 26-27 (citing Jacobsen, 466 U.S. at 113).

Importantly, the fact that the person conducting a search is not a government employee does not necessarily mean that the search is "private" for Fourth Amendment purposes. A search by a private party will be considered a Fourth Amendment government search "if the private party act[s] as an instrument or agent of the Government." Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 614 (1989). The Supreme Court has offered little guidance on when private conduct can be attributed to the government; the Court has merely stated that this question "necessarily turns on the degree of the Government's participation in the private party's activities, . . . a question that can only be resolved 'in light of all the circumstances.'" Id. at 614-15 (quoting Coolidge v. New Hampshire, 403 U.S. 443, 487 (1971)). In the absence of a more definitive standard, the various federal Courts of Appeals have adopted a range of approaches for distinguishing between private and government searches. About half of the circuits apply a 'totality of the circumstances' approach that examines three factors: whether the government knows of or acquiesces in the intrusive conduct; whether the party performing the search intends to assist law enforcement efforts at the time of the search; and whether the government affirmatively encourages, initiates or instigates the private action. See, e.g., United States v. Pervaz, 118 F.3d 1, 6 (1^st Cir. 1997); United States v. Smythe, 84 F.3d 1240, 1242-43 (10^th Cir. 1996); United States v. McAllister, 18 F.3d 1412, 1417-18 (7^th Cir. 1994); United States v. Malbrough, 922 F.2d 458, 462 (8th Cir. 1990). Other circuits have adopted more rule-like formulations that focus on only two of these factors. See, e.g., United States v. Miller, 688 F.2d 652, 657 (9^th Cir. 1982) (holding that private action counts as government conduct if, at the time of the search, the government knew of or acquiesced in the intrusive conduct, and the party performing the search intended to assist law enforcement efforts); United States v. Paige, 136 F.3d 1012, 1017 (5^th Cir. 1998) (same); United States v. Lambert, 771 F.2d 83, 89 (6^th Cir. 1985) (holding that a private individual is a state actor for Fourth Amendment purposes if the police instigated, encouraged or participated in the search, and the individual engaged in the search with the intent of assisting the police in their investigative efforts).

C. Exceptions to the Warrant Requirement in Cases Involving Computers

Warrantless searches that violate a reasonable expectation of privacy will comply with the Fourth Amendment if they fall within an established exception to the warrant requirement. Cases involving computers often raise questions relating to how these "established" exceptions apply to new technologies.

1. Consent

Agents may search a place or object without a warrant or even probable cause if a person with authority has voluntarily consented to the search. See Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973). This consent may be explicit or implicit. See United States v. Milian-Rodriguez, 759 F.2d 1558, 1563-64 (11th Cir. 1985). Whether consent was voluntarily given is a question of fact that the court must decide by considering the totality of the circumstances. While no single aspect controls the result, the Supreme Court has identified the following important factors: the age, education, intelligence, physical and mental condition of the person giving consent; whether the person was under arrest; and whether the person had been advised of his right to refuse consent. See Schneckloth, 412 U.S. at 226. The government carries the burden of proving that consent was voluntary. See United States v. Price, 599 F.2d 494, 503 (2d Cir. 1979).

In computer crime cases, two consent issues arise particularly often. First, when does a search exceed the scope of consent? For example, when a target consents to the search of a machine, to what extent does the consent authorize the retrieval of information stored in the machine? Second, who is the proper party to consent to a search? Do roommates, friends, and parents have the authority to consent to a search of another person's computer files? ⁽³⁾

a) Scope of Consent

"The scope of a consent to search is generally defined by its expressed object, and is limited by the breadth of the consent given." United States v. Pena, 143 F.3d 1363, 1368 (10th Cir. 1998). The standard for measuring the scope of consent under the Fourth Amendment is objective reasonableness: "What would the typical reasonable person have understood by the exchange between the [agent] and the [person granting consent]?" Florida v. Jimeno, 500 U.S. 248, 251 (1991). This requires a fact-intensive inquiry into whether it was reasonable for the agent to believe that the scope of consent included the items searched. Id. Of course, when the limits of the consent are clearly given, either before or during the search, agents must respect these bounds. See Vaughn v. Baldwin, 950 F.2d 331, 333 (6th Cir. 1991).

The permitted scope of consent searches depends on the facts of each case.

Computer cases often raise the question of whether consent to search a location or item implicitly includes consent to access the memory of electronic storage devices encountered during the search. In such cases, courts look to whether the particular circumstances of the agents' request for consent implicitly or explicitly limited the scope of the search to a particular type, scope, or duration. Because this approach ultimately relies on fact-driven notions of common sense, results reached in published opinions have hinged upon subtle (if not entirely inscrutable) distinctions. Compare United States v. Reyes, 922 F. Supp. 818, 834 (S.D.N.Y. 1996) (holding that consent to "look inside" a car included consent to retrieve numbers stored inside pagers found in car's back seat) with United States v. Blas, 1990 WL 265179, at *20 (E.D. Wis. 1990) (holding that consent to "look at" a pager did not include consent to activate pager and retrieve numbers, because looking at pager could be construed to mean "what the device is, or how small it is, or what brand of pager it may be"). See also United States v. Carey, 172 F.3d 1268, 1274 (10^th Cir. 1999) (reading written consent form extremely narrowly, so that consent to seizure of "any property" under the defendant's control and to "a complete search of the premises and property" at the defendant's address merely permitted the agents to seize the defendant's computer from his apartment, but did not permit them to search the computer off-site because it was no longer located at the defendant's address). Prosecutors can strengthen their argument that the scope of consent included consent to search electronic storage devices by relying on analogous cases involving closed containers. See, e.g., United States v. Galante, 1995 WL 507249, at *3 (S.D.N.Y. 1995) (holding that general consent to search car included consent to have officer access memory of cellular telephone found in the car, relying on circuit precedent involving closed containers); Reyes, 922 F. Supp. at 834.

Agents should be especially careful about relying on consent as the basis for a search of a computer when they obtain consent for one reason but then wish to conduct a search for another reason. In two recent cases, the Courts of Appeals suppressed images of child pornography found on computers after agents procured the defendant's consent to search his property for other evidence. In United States v. Turner, 169 F.3d 84 (1^st Cir. 1999), detectives searching for physical evidence of an attempted sexual assault obtained written consent from the victim's neighbor to search the neighbor's "premises" and "personal property." Before the neighbor signed the consent form, the detectives discovered a large knife and blood stains in his apartment, and explained to him that they were looking for more evidence of the assault that the suspect might have left behind. See id. at 86. While several agents searched for physical evidence, one detective searched the contents of the neighbor's personal computer and discovered stored images of child pornography. The neighbor was charged with possessing child pornography. On interlocutory appeal, the First Circuit held that the search of the computer exceeded the scope of consent and suppressed the evidence. According to the Court, the detectives' statements that they were looking for signs of the assault limited the scope of consent to the kind of physical evidence that an intruder might have left behind. See id. at 88. By transforming the search for physical evidence into a search for computer files, the detective had exceeded the scope of consent. See id. See also Carey, 172 F.3d at 1277 (Baldock, J., concurring) (concluding that agents exceeded scope of consent by searching computer after defendant signed broadly-worded written consent form, because agents told defendant that they were looking for drugs and drug-related items rather than computer files containing child pornography) (citing Turner).

It is a good practice for agents to use written consent forms that state explicitly that the scope of consent includes consent to search computers and other electronic storage devices.

Because the decisions evaluating the scope of consent to search computers have reached sometimes unpredictable results, investigators should indicate the scope of the search explicitly when obtaining a suspect's consent to search a computer.

b) Third-Party Consent

i) General Rules

It is common for several people to use or own the same computer equipment. If any one of those people gives permission to search for data, agents may generally rely on that consent, so long as the person has authority over the computer. In such cases, all users have assumed the risk that a co-user might discover everything in the computer, and might also permit law enforcement to search this "common area" as well.

The watershed case in this area is United States v. Matlock, 415 U.S. 164 (1974). InMatlock, the Supreme Court stated that one who has "common authority" over premises or effects may consent to a search even if an absent co-user objects. Id. at 171. According to the Court, the common authority that establishes the right of third-party consent requires

mutual use of the property by persons generally having joint access or control for most purposes, so that it is reasonable to recognize that any of the co-inhabitants has the right to permit the inspection in his own right and that the others have assumed the risk that one of their number might permit the common area to be searched.

Id. at 171 n.7.

Under the Matlock approach, a private third party may consent to a search of property under the third party's joint access or control. Agents may view what the third party may see without violating any reasonable expectation of privacy so long as they limit the search to the zone of the consenting third party's common authority. See United States v. Jacobsen, 466 U.S. 109, 119 (1984) (noting that the Fourth Amendment is not violated when a private third party invites the government to view the contents of a package under the third party's control). This rule often requires agents to inquire into third parties's rights of access before conducting a consent search, and to draw lines between those areas that fall within the third party's common authority and those areas outside of the third party's control. See United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (holding that a mother could consent to a general search of her 23-year-old son's room, but could not consent to a search of a locked footlocker found in the room). Because the joint access test does not require a unity of interests between the suspect and the third party, however, Matlock permits third-party consent even when the target of the search is present and refuses to consent to the search. See United States v. Sumlin, 567 F.2d 684, 687 (6th Cir. 1977) (holding that woman had authority to consent to search of apartment she shared with her boyfriend even though boyfriend refused consent).

Courts have not squarely addressed whether a suspect's decision to password-protect or encrypt files stored in a jointly-used computer denies co-users the right to consent to a search of the files under Matlock. However, it appears likely that encryption and password-protection would in most cases indicate the absence of common authority to consent to a search among co-users who do not know the password or possess the encryption key. Compare United States v. Smith, 27 F. Supp.2d 1111, 1115-16 (C.D. Ill. 1998) (concluding that a woman could consent to a search of her boyfriend's computer located in their house, and noting that the boyfriend had not password-protected his files) with Block, 590 F.2d at 541 (concluding that a mother could not consent to search of a locked footlocker in her son's room where she did not possess the key). Conversely, if the co-user has been given the password or encryption key by the suspect, then she probably has the requisite common authority to consent to a search of the files under Matlock. See United States v. Murphy, 506 F.2d 529, 530 (9^th Cir. 1974) (per curiam) (concluding that an employee could consent to a search of an employer's locked warehouse because the employee possessed the key, and finding "special significance" in the fact that the employer had himself delivered the key to the employee).

As a practical matter, agents may have little way of knowing the precise bounds of a third party's common authority when the agents obtain third-party consent to conduct a search. When queried, consenting third parties may falsely claim that they have common authority over property. In Illinois v. Rodriguez, 497 U.S. 177 (1990), the Supreme Court held that the Fourth Amendment does not automatically require suppression of evidence discovered during a consent search when it later comes to light that the third party who consented to the search lacked the authority to do so. See id. at 188-89. Instead, the Court held that agents can rely on a claim of authority to consent if based on "the facts available to the officer at the moment, . . . a man of reasonable caution . . . [would believe] that the consenting party had authority" to consent to a search of the premises. Id. (internal quotations omitted) (quoting Terry v. Ohio, 392 U.S. 1, 21-22 (1968)). When agents reasonably rely on apparent authority to consent, the resulting search does not violate the Fourth Amendment.

ii) Spouses and Domestic Partners

Most spousal consent searches are valid.

Absent an affirmative showing that the consenting spouse has no access to the property searched, the courts generally hold that either spouse may consent to search all of the couple's property. See, e.g., United States v. Duran, 957 F.2d 499, 504-05 (7th Cir. 1992) (concluding that wife could consent to search of barn she did not use because husband had not denied her the right to enter barn); United States v. Long, 524 F.2d 660, 661 (9th Cir. 1975) (holding that wife who had left her husband could consent to search of jointly-owned home even though husband had changed the locks). For example, in United States v. Smith, 27 F. Supp.2d 1111 (C.D. Ill. 1998), a man named Smith was living with a woman named Ushman and her two daughters. When allegations of child molestation were raised against Smith, Ushman consented to the search of his computer, which was located in the house in an alcove connected to the master bedroom. Although Ushman used Smith's computer only rarely, the district court held that she could consent to the search of Smith's computer. Because Ushman was not prohibited from entering the alcove and Smith had not password-protected the computer, the court reasoned, she had authority to consent to the search. See id. at 1115-16. Even if she lacked actual authority to consent, the court added, she had apparent authority to consent. See id. at 1116 (citing Illinois v. Rodriguez).

iii) Parents

Parents can consent to searches of their children's rooms when the children are under 18 years old. If the children are 18 or older, the parents may or may not be able to consent, depending on the facts.

In some computer crime cases, the perpetrators are relatively young and reside with their parents. When the perpetrator is a minor, parental consent to search the perpetrator's property and living space will almost always be valid. See 3 W. LaFave, Search and Seizure: A Treatise on the Fourth Amendment § 8.4(b) at 283 (2d ed. 1987) (noting that courts have rejected "even rather extraordinary efforts by [minor] child[ren] to establish exclusive use.").

When the sons and daughters who reside with their parents are legal adults, however, the issue is more complicated. Under Matlock, it is clear that parents may consent to a search of common areas in the family home regardless of the perpetrator's age. See, e.g., United States v. Lavin, 1992 WL 373486, at *6 (S.D.N.Y. 1992) (recognizing right of parents to consent to search of basement room where son kept his computer and files). When agents would like to search an adult child's room or other private areas, however, agents cannot assume that the adult's parents have authority to consent. Although courts have offered divergent approaches, they have paid particular attention to three factors: the suspect's age; whether the suspect pays rent; and whether the suspect has taken affirmative steps to deny his or her parents access to the suspect's room or private area. When suspects are older, pay rent, and/or deny access to parents, courts have generally held that parents may not consent. See United States v. Whitfield, 939 F.2d 1071, 1075 (D.C. Cir. 1991) (holding "cursory questioning" of suspect's mother insufficient to establish right to consent to search of 29-year-old son's room); United States v. Durham, 1998 WL 684241, at *4 (D. Kan. 1998) (mother had neither apparent nor actual authority to consent to search of 24-year-old son's room, because son had changed the locks to the room without telling his mother, and son also paid rent for the room). In contrast, parents usually may consent if their adult children do not pay rent, are fairly young, and have taken no steps to deny their parents access to the space to be searched. See United States v. Rith, 164 F.3d 1323, 1331 (10th Cir. 1999) (suggesting that parents are presumed to have authority to consent to a search of their 18-year-old son's room because he did not pay rent); United States v. Block, 590 F.2d 535, 541 (4th Cir. 1978) (mother could consent to police search of 23-year-old son's room when son did not pay rent).

iv) System Administrators

Every computer network is managed by a "system administrator" or "system operator" whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have "root level" access to the systems they administer, which effectively grants them master keys to open any account and read any file on their systems. When investigators suspect that a network account contains relevant evidence, they may feel inclined to seek the system administrator's consent to search the contents of that account.

As a practical matter, the primary barrier to searching a network account pursuant to a system administrator's consent is statutory, not constitutional. System administrators typically serve as agents of "provider[s] of electronic communication service" under the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. §§ 2701-11. ECPA regulates law enforcement efforts to obtain the consent of a system administrator to search an individual's account. See 18 U.S.C. § 2702-03. Accordingly, any attempt to obtain a system administrator's consent to search an account must comply with ECPA. See generally Chapter 3, "The Electronic Communications Privacy Act," infra.

To the extent that ECPA authorizes system administrators to consent to searches, the resulting consent searches will in most cases comply with the Fourth Amendment. The first reason is that individuals may not retain a reasonable expectation of privacy in the remotely stored files and records that their network accounts contain. See generally Reasonable Expectation of Privacy and Third Party Possession, supra. If an individual does not retain a constitutionally reasonable expectation of privacy in his remotely stored files, it will not matter whether the system administrator has the necessary joint control over the account needed to satisfy the Matlock test because a subsequent search will not violate the Fourth Amendment.

In the event that a court holds that an individual does possess a reasonable expectation of privacy in remotely stored account files, whether a system administrator's consent would satisfyMatlock should depend on the circumstances. Clearly, the system administrator's access to all network files does not by itself provide the common authority that triggers authority to consent. In the pre-Matlock case of Stoner v. California, 376 U.S. 483 (1964), the Supreme Court held that a hotel clerk lacked the authority to consent to the search of a hotel room. Although the clerk was permitted to enter the room to perform his duties, and the guest had left his room key with the clerk, the Court concluded that the clerk could not consent to the search. If the hotel guest's protection from unreasonable searches and seizures "were left to depend on the unfettered discretion of an employee of the hotel," Justice Stewart reasoned, it would "disappear." Id. at 490. See also Chapman v. United States, 365 U.S. 610 (1961) (holding that a landlord lacks authority to consent to search of premises used by tenant); United States v. Most, 876 F.2d 191, 199-200 (D.C. Cir. 1989) (holding that store clerk lacks authority to consent to search of packages left with clerk for safekeeping). To the extent that the access of a system operator to a network account is analogous to the access of a hotel clerk to a hotel room, the claim that a system operator may consent to a search of Fourth Amendment-protected files is weak. Cf.Barth, 26 F. Supp.2d at 938 (holding that computer repairman's right to access files for limited purpose of repairing computer did not create authority to consent to government search through files).

Of course, the hotel clerk analogy may be inadequate in some circumstances. For example, an employee generally does not have the same relationship with the system administrator of his company's network as a customer of a private ISP such as AOL might have with the ISP's system administrator. The company may grant the system administrator of the company network full rights to access employee accounts for any work-related reason, and the employees may know that the system administrator has such access. In circumstances such as this, the system administrator would likely have sufficient common authority over the accounts to be able to consent to a search. See generally Note, Keeping Secrets in Cyberspace: Establishing Fourth Amendment Protection for Internet Communication, 110 Harv. L. Rev. 1591, 1602-03 (1997). See also United States v. Clarke, 2 F.3d 81, 85 (4^th Cir. 1993) (holding that a drug courier hired to transport the defendant's locked toolbox containing drugs had common authority under Matlock to consent to a search of the toolbox stored in the courier's trunk). Further, in the case of a government network, the Fourth Amendment rules would likely differ dramatically from the rules that apply to private networks. See generally O'Connor v. Ortega, 480 U.S. 709 (1987) (explaining how the Fourth Amendment applies within government workplaces) (discussed infra).

c) Implied Consent

Individuals often enter into agreements with the government in which they waive some of their Fourth Amendment rights. For example, prison guards may agree to be searched for drugs as a condition of employment, and visitors to government buildings may agree to a limited search of their person and property as a condition of entrance. Similarly, users of computer systems may waive their rights to privacy as a condition of using the systems. When individuals who have waived their rights are then searched and challenge the searches on Fourth Amendment grounds, courts typically focus on whether the waiver eliminated the individual's reasonable expectation of privacy against the search. See, e.g., American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Service, 871 F.2d 556, 56-61 (6^th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in government lockers after signing waivers).

A few courts have approached the same problem from a slightly different direction and have asked whether the waiver established implied consent to the search. According to the doctrine of implied consent, consent to a search may be inferred from an individual's conduct. For example, in United States v. Ellis, 547 F.2d 863 (5th Cir. 1977), a civilian visiting a naval air station agreed to post a visitor's pass on the windshield of his car as a condition of bringing the car on the base. The pass stated that "[a]cceptance of this pass gives your consent to search this vehicle while entering, aboard, or leaving this station." Id. at 865 n.1. During the visitor's stay on the base, a station investigator who suspected that the visitor had stored marijuana in the car approached the visitor and asked him if he had read the pass. After the visitor admitted that he had, the investigator searched the car and found 20 plastic bags containing marijuana. The Fifth Circuit ruled that the warrantless search of the car was permissible, because the visitor had impliedly consented to the search when he knowingly and voluntarily entered the base with full knowledge of the terms of the visitor's pass. See id. at 866-67.

Ellis notwithstanding, it must be noted that several circuits have been critical of the implied consent doctrine in the Fourth Amendment context. Despite the Fifth Circuit's broad construction, other courts have proven reluctant to apply the doctrine absent evidence that the suspect actually knew of the search and voluntarily consented to it at the time the search occurred. See McGann v. Northeast Illinois Regional Commuter R.R. Corp., 8 F.3d 1174, 1179 (7th Cir. 1993) ("Courts confronted with claims of implied consent have been reluctant to uphold a warrantless search based simply on actions taken in the light of a posted notice."); Securities and Law Enforcement Employees, District Council 82 v. Carey, 737 F.2d 187, 202 n.23 (2d Cir. 1984) (rejecting argument that prison guards impliedly consented to search by accepting employment at prison where consent to search was a condition of employment). Absent such evidence, these courts have preferred to examine general waivers of Fourth Amendment rights solely under the reasonable-expectation-of-privacy test. See id.

2. Exigent Circumstances

Under the "exigent circumstances" exception to the warrant requirement, agents can search without a warrant if the circumstances "would cause a reasonable person to believe that entry . . . was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequence improperly frustrating legitimate law enforcement efforts." See United States v. Alfonso, 759 F.2d 728, 742 (9th Cir. 1985). In determining whether exigent circumstances exist, agents should consider: (1) the degree of urgency involved, (2) the amount of time necessary to obtain a warrant, (3) whether the evidence is about to be removed or destroyed, (4) the possibility of danger at the site, (5) information indicating the possessors of the contraband know the police are on their trail, and (6) the ready destructibility of the contraband. See United States v. Reed, 935 F.2d 641, 642 (4th Cir. 1991).

Exigent circumstances often arise in computer cases because electronic data is perishable. Computer commands can destroy data in a matter of seconds, as can humidity, temperature, physical mutilation, or magnetic fields created, for example, by passing a strong magnet over a disk. For example, in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his computer memo book, and seized the computer immediately. The district court held that the agents did not need a warrant to seize the memo book because the defendant's acts had created exigent circumstances. See id. at 1392. Similarly, in United States v. Romero-Garcia, 991 F. Supp. 1223, 1225 (D. Or. 1997), aff'd on other grounds 168 F.3d 502 (9^th Cir. 1999), a district court held that agents had properly accessed the information in an electronic pager in their possession because they had reasonably believed that it was necessary to prevent the destruction of evidence. The information stored in pagers is readily destroyed, the court noted: incoming messages can delete stored information, and batteries can die, erasing the information. Accordingly, the agents were justified in accessing the pager without first acquiring a warrant. See id. See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (in conducting search incident to arrest, agents were justified in retrieving numbers from pager because pager information is easily destroyed). Of course, in computer cases, as in all others, the existence of exigent circumstances is absolutely tied to the facts. Compare Romero-Garcia, 911 F. Supp. at 1225 with David, 756 F. Supp at 1392 n.2 (dismissing as "lame" the government's argument that exigent circumstances supported search of a battery-operated computer because the agent did not know how much longer the computer's batteries would live) and United States v. Reyes, 922 F. Supp. 818, 835-36 (S.D.N.Y. 1996) (concluding that exigent circumstances could not justify search of a pager because the government agent unlawfully created the exigency by turning on the pager).

Importantly, the existence of exigent circumstances does not permit agents to search or seize beyond what is necessary to prevent the destruction of the evidence. When the exigency ends, the right to conduct warrantless searches does as well: the need to take certain steps to prevent the destruction of evidence does not authorize agents to take further steps without a warrant. See United States v. Doe, 61 F.3d 107, 110-11 (1st Cir. 1995). Accordingly, the seizure of computer hardware to prevent the destruction of information it contains will not ordinarily support a subsequent search of that information without a warrant. See David, 756 F. Supp. at 1392.

3. Plain View

Evidence of a crime may be seized without a warrant under the plain view exception to the warrant requirement. To rely on this exception, the agent must be in a lawful position to observe and access the evidence, and its incriminating character must be immediately apparent. See Horton v. California, 496 U.S. 128 (1990). For example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine.

The plain view doctrine does not authorize agents to open a computer file and view its contents. The contents of an unopened computer file are not in plain view.

Importantly, the plain view exception cannot justify violations of an individual's reasonable expectation of privacy. The exception merely permits the seizure of evidence that has already been viewed in accordance with the Fourth Amendment. In computer cases, this means that the government cannot rely on the plain view exception to justify opening a closed computer file. ⁽⁴⁾ The contents of a file that must be opened to be viewed are not in 'plain view.' See United States v. Maxwell, 45 M.J. 406, 422 (C.A.A.F. 1996). This rule accords with decisions applying the plain view exception to closed containers. See, e.g., United States v. Villarreal, 963 F.2d 770, 776 (5^th Cir. 1992) (concluding that labels fixed to opaque 55-gallon drums do not expose the contents of the drums to plain view). ("[A] label on a container is not an invitation to search it. If the government seeks to learn more than the label reveals by opening the container, it generally must obtain a search warrant.").

United States v. Carey, 172 F.3d 1268, 1273 (10^th Cir. 1999), provides a useful example. In Carey, a police detective searching a hard drive with a warrant for drug trafficking evidence opened a "jpg" file and instead discovered child pornography. At that point, the detective abandoned the search for drug trafficking evidence and spent five hours accessing and downloading several hundred "jpg" files in a search for more child pornography. When the defendant moved to exclude the child pornography files on the ground that they were seized beyond the scope of the warrant, the government argued that the detective had seized the "jpg" files properly because the contents of the contraband files were in plain view. The Tenth Circuit rejected this argument with respect to all of the files except for the first "jpg" file the detective discovered. See id. at 1273, 1273 n.4. Although the court's reasoning is somewhat opaque, this aspect of Carey seems sensible. The plain view exception permits agents to seize property found in plain view, not to infringe a suspect's right to privacy until his property comes into plain view. As a result, the detective could seize the first "jpg" file that came into plain view when the detective was executing the search warrant, but could not rely on the plain view exception to justify the search for additional "jpg" files on the defendant's computers that were beyond the scope of the warrant.

4. Search Incident to a Lawful Arrest

Pursuant to a lawful arrest, agents may conduct a "full search" of the arrested person, and a more limited search of his surrounding area, without a warrant. See United States v. Robinson, 414 U.S. 218, 235 (1973); Chimel v. California, 395 U.S. 752, 762-63 (1969). For example, inRobinson, a police officer conducting a patdown search incident to an arrest for a traffic offense discovered a crumpled cigarette package in the suspect's left breast pocket. Not knowing what the package contained, the officer opened the package and discovered fourteen capsules of heroin. The Supreme Court held that the search of the package was permissible, even though the officer had no articulable reason to open the package. See id. at 234-35. In light of the general need to preserve evidence and prevent harm to the arresting officer, the Court reasoned, it wasper se reasonable for an officer to conduct a "full search of the person" pursuant to a lawful arrest. Id. at 235.

Due to the increasing use of handheld and portable computers and other electronic storage devices, agents often encounter computers when conducting searches incident to lawful arrests. Suspects may be carrying pagers, Personal Digital Assistants (such as Palm Pilots), or even laptop computers when they are arrested. Does the search-incident-to-arrest exception permit an agent to access the memory of an electronic storage device found on the arrestee's person during a warrantless search incident to arrest? In the case of electronic pagers, the answer clearly is "yes." Relying on Robinson, courts have uniformly permitted agents to access electronic pagers carried by the arrested person at the time of arrest. See United States v. Reyes, 922 F. Supp. 818, 833 (S.D.N.Y. 1996) (holding that accessing numbers in a pager found in bag attached to defendant's wheelchair within twenty minutes of arrest falls within search-incident-to-arrest exception); United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993); United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995); Yu v. United States, 1997 WL 423070 (S.D.N.Y. 1997); United States v. Thomas, 114 F.3d 403, 404 n.2 (3d Cir. 1997) (dicta). See also United States v. Ortiz, 84 F.3d 977, 984 (7th Cir. 1996) (same holding, but relying on an exigency theory).

Courts have not yet addressed whether Robinson will permit warrantless searches of electronic storage devices that contain more information than pagers. In the paper world, certainly, cases have allowed extensive searches of written materials discovered incident to lawful arrests. For example, courts have uniformly held that agents may inspect the entire contents of a suspect's wallet found on his person. See, e.g., United States v. Castro, 596 F.2d 674, 676 (5^th Cir. 1979); United States v. Molinaro, 877 F.2d 1341, 1347 (7^th Cir. 1989) (citing cases). Similarly, one court has held that agents could photocopy the entire contents of an address book found on the defendant's person during the arrest, see United States v. Rodriguez, 995 F.2d 776, 778 (7^th Cir. 1993), and others have permitted the search of a defendant's briefcase that was at his side at the time of arrest. See, e.g., United States v. Johnson, 846 F.2d 279, 283-84 (5^th Cir. 1988); United States v. Lam Muk Chiu, 522 F.2d 330, 332 (2d Cir. 1975). If agents can examine the contents of wallets, address books, and briefcases without a warrant, it could be argued that they should be able to search their electronic counterparts (such as electronic organizers, floppy disks, and Palm Pilots) as well. Cf. United v. Tank, 200 F.3d 627, 632 (9^thCir. 2000) (holding that agents searching a car incident to a valid arrest properly seized a Zip disk found in the car, but failing to discuss whether the agents obtained a warrant before searching the disk for images of child pornography).

The limit on this argument is that any search incident to an arrest must be reasonable. See Swain v. Spinney, 117 F.3d 1, 6 (1^st Cir. 1997). While a search of physical items found on the arrestee's person may always be reasonable, more invasive searches in different circumstances may violate the Fourth Amendment. See, e.g. Mary Beth G. v. City of Chicago, 723 F.2d 1263, 1269-71 (7^th Cir. 1983) (holding that Robinson does not permit strip searches incident to arrest because such searches are not reasonable in context). For example, the increasing storage capacity of handheld computers suggests that Robinson's bright line rule may not always apply in the case of electronic searches. Courts may conclude that a quick search through a pager that stores a few phone numbers is reasonable incident to an arrest, but that a very time-consuming search through a handheld computer that contains an entire warehouse of information presents a different case. Cf. United States v. O'Razvi, 1998 WL 405048, at *7 n.7 (S.D.N.Y. 1998). When in doubt, agents should obtain a search warrant before examining the contents of electronic storage devices that might contain large amounts of information.

5. Inventory Searches

Law enforcement officers routinely inventory the items they have seized. Such "inventory searches" are reasonable -- and therefore fall under an exception to the warrant requirement -- when two conditions are met. First, the search must serve a legitimate, non-investigatory purpose (e.g., to protect an owner's property while in custody; to insure against claims of lost, stolen, or vandalized property; or to guard the police from danger) that outweighs the intrusion on the individual's Fourth Amendment rights. See Illinois v. Lafayette, 462 U.S. 640, 644 (1983); South Dakota v. Opperman, 428 U.S. 364, 369 (1976). Second, the search must follow standardized procedures. See Colorado v. Bertine, 479 U.S. 367, 374 n.6 (1987); Florida v. Wells, 495 U.S. 1, 4-5 (1990).

It is unlikely that the inventory-search exception to the warrant requirement would support a search through seized computer files. See O'Razvi, 1998 WL 405048, at *6-7 (noting the difficulties of applying the inventory-search requirements to computer disks). Even assuming that standard procedures authorized such a search, the legitimate purposes served by inventory searches in the physical world do not translate well into the intangible realm. Information does not generally need to be reviewed to be protected, and does not pose a risk of physical danger. Although an owner could claim that his computer files were altered or deleted while in police custody, examining the contents of the files would offer little protection from tampering. Accordingly, agents will generally need to obtain a search warrant in order to examine seized computer files held in custody.

6. Border Searches

In order to protect the government's ability to monitor contraband and other property that may enter or exit the United States illegally, the Supreme Court has recognized a special exception to the warrant requirement for searches that occur at the border of the United States. According to the Court, "routine searches" at the border or its functional equivalent do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence. United States v. Montoya De Hernandez, 473 U.S. 531, 538 (1985). Searches that are especially intrusive require at least reasonable suspicion, however. See id. at 541. These rules apply to people and property both entering and exiting the United States. SeeUnited States v. Oriakhi, 57 F.3d 1290, 1297 (4^th Cir. 1995).

At least one court has interpreted the border search exception to permit a warrantless search of a computer disk for contraband computer files. In United States v. Roberts, 86 F. Supp.2d 678 (S.D. Tex. 2000), United States Customs Agents learned that William Roberts, a suspect believed to be carrying computerized images of child pornography, was scheduled to fly from Houston, Texas to Paris, France on a particular day. On the day of the flight, the agents set up an inspection area in the jetway at the Houston airport with the sole purpose of searching Roberts. Roberts arrived at the inspection area and was told by the agents that they were searching for "currency" and "high technology or other data" that could not be exported legally. Id. at 681. After the agents searched Roberts' property and found a laptop computer and six Zip diskettes, Roberts agreed to sign a consent form permitting the agents to search his property. A subsequent search revealed several thousand images of child pornography. See id. at 682. When charges were brought, Roberts moved for suppression of the computer files, but the district court ruled that the search had not violated the Fourth Amendment. According to the court, the search of Roberts' luggage had been a "routine search" for which no suspicion was required, even though the justification for the search offered by the agents merely had been a pretext. Seeid. at 686 (citing Whren v. United States, 517 U.S. 806 (1996)). The court also concluded that Roberts' consent justified the search of the laptop and diskettes, and indicated that even if Roberts had not consented to the search, "[t]he search of the defendant's computer and diskettes would have been a routine export search, valid under the Fourth Amendment." See Roberts, 98 F. Supp.2d at 688.

Importantly, agents and prosecutors should not interpret Roberts as permitting the interception of data transmitted electronically to and from the United States. Any real-time interception of electronically transmitted data in the United States must comply strictly with the requirements of Title III, 18 U.S.C. §§ 2510-22. See generally Chapter 4. Further, once electronically transferred data from outside the United States arrives at its destination within the United States, the government ordinarily cannot rely on the border search exception to search for and seize the data because the data is no longer at the border or its functional equivalent. Cf.Almeida-Sanchez v. United States, 413 U.S. 266, 273-74 (1973) (concluding that a search that occurred 25 miles from the United States border did not qualify for the border search exception, even though the search occurred on a highway known as a common route for illegal aliens, because it did not occur at the border or its functional equivalent).

7. International Issues

Outside the United States border, searching and seizing electronic evidence raises difficult questions of both law and policy. Because the Internet is a global network, international issues may arise in many cases; even a domestic investigation may involve a computer system, data, witness or subject located in a foreign jurisdiction. In such cases, the Fourth Amendment may or may not apply, depending on the circumstances. See generally United States v. Verdugo-Urquidez, 494 U.S. 259 (1990) (considering the extent to which the Fourth Amendment applies to searches outside of the United States). However, international policies regarding sovereignty and privacy may require the United States to take actions ranging from informal notice to a formal request for assistance to the country concerned.

This manual will not attempt to provide detailed guidance on how to resolve international issues that arise in such cases. Investigators and prosecutors should contact the Office of International Affairs at (202) 514-0000 for assistance. However, a few basic principles can be stated here. The United States maintains approximately 40 bilateral mutual legal assistance treaty relationships and many other relationships pursuant to letters rogatory or other longstanding means of cooperation. While cooperation with respect to computer and electronic evidence is under further development internationally, these treaty structures and ongoing relationships continue to provide the legal and practical means by which the United States both seeks and provides legal assistance. When agents learn prior to a search that some of all of the data to be searched is located in a foreign jurisdiction, they should seek advice from the Office of International Affairs as to the need for and appropriate means to seek assistance from that country.

When immediate international assistance is required, the international network of 24-hour Points of Contact established by the High-tech Crime Subgroup of the G-8 countries can provide assistance, such as preserving data and assisting in real-time tracing of cross-border communications. See generally Michael A. Sussmann, The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium, 9 Duke J. Comp. & Int'l L. 451, 484 (1999). The network is available twenty-four hours a day to respond to urgent requests for assistance in international high-tech crime investigations, or cases involving electronic evidence. The membership currently includes Australia, Brazil, Canada, Denmark, Finland, France, Germany, Italy, Japan, Republic of Korea, Luxembourg, Russia, Spain, Sweden, United Kingdom, and the United States, and continues to grow. The Point of Contact for the United States is CCIPS, which can be contacted at (202) 514-1026 during regular business hours, or, after hours, through the DOJ Command Center at (202) 514-5000. CCIPS also has computer crime law enforcement contacts in countries beyond members of the network; agents and prosecutors can call CCIPS for assistance.

Finally, international issues may also arise when the United States responds to foreign requests for international legal assistance for computer and electronic evidence. Investigators and prosecutors can the Office of International Affairs ((202) 514-0000) or CCIPS for additional advice.

D. Special Case: Workplace Searches

Warrantless workplace searches deserve a separate analysis because they occur often in computer cases and raise unusually complicated legal issues. The primary cause of the analytical difficulty is the Supreme Court's complex decision in O'Connor v. Ortega, 480 U.S. 709 (1987). Under O'Connor, the legality of warrantless workplace searches depends on often-subtle factual distinctions such as whether the workplace is public sector or private sector, whether employment policies exist that authorize a search, and whether the search is work-related.

Every warrantless workplace search must be evaluated carefully on its facts. In general, however, law enforcement officers can conduct a warrantless search of private (i.e., non-government) workplaces only if the officers obtain the consent of either the employer or another employee with common authority over the area searched. In public (i.e., government) workplaces, officers cannot rely on an employer's consent, but can conduct searches if written employment policies or office practices establish that the government employees targeted by the search cannot reasonably expect privacy in their workspace. Further, government employers and supervisors can conduct reasonable work-related searches of employee workspaces without a warrant even if the searches violate employees' reasonable expectation of privacy.

One cautionary note is in order before we proceed. This discussion evaluates the legality of warrantless workplace searches of computers under the Fourth Amendment. In many cases, however, workplace searches will implicate federal privacy statutes in addition to the Fourth Amendment. For example, efforts to obtain an employee's files and e-mail from the employer's network server raise issues under the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701-11 (discussed in Chapter 3), and workplace monitoring of an employee's Internet use implicates Title III, 18 U.S.C. §§ 2510-22 (discussed in Chapter 4). Before conducting a workplace search, investigators must make sure that their search will not violate either the Fourth Amendment or relevant federal privacy statutes. Investigators should contact CCIPS at (202) 514-1026 or the CTC in their district for further assistance.

1. Private Sector Workplace Searches

The rules for conducting warrantless searches and seizures in private-sector workplaces generally mirror the rules for conducting warrantless searches in homes and other personal residences. Private company employees generally retain a reasonable expectation of privacy in their workplaces. As a result, private-workplace searches by law enforcement will usually require a warrant unless the agents can obtain the consent of an employer or a co-worker with common authority.

a) Reasonable Expectation of Privacy in Private-Sector Workplaces

Private-sector employees will usually retain a reasonable expectation of privacy in their office space. In Mancusi v. DeForte, 392 U.S. 364 (1968), police officers conducted a warrantless search of an office at a local union headquarters that defendant Frank DeForte shared with several other union officials. In response to DeForte's claim that the search violated his Fourth Amendment rights, the police officers argued that the joint use of the space by DeForte's co-workers made his expectation of privacy unreasonable. The Court disagreed, stating that DeForte "still could reasonably have expected that only [his officemates] and their personal or business guests would enter the office, and that records would not be touched except with their permission or that of union higher-ups." Id. at 369. Because only a specific group of people actually enjoyed joint access and use of DeForte's office, the officers' presence violated DeForte's reasonable expectation of privacy. See id. See also United States v. Most, 876 F.2d 191, 198 (D.C. Cir. 1989) ("[A]n individual need not shut himself off from the world in order to retain his fourth amendment rights. He may invite his friends into his home but exclude the police; he may share his office with co-workers without consenting to an official search.");United States v. Lyons, 706 F.2d 321, 325 (D.C. Cir. 1983) ("One may freely admit guests of one's choosing -- or be legally obligated to admit specific persons -- without sacrificing one's right to expect that a space will remain secure against all others."). As a practical matter, then, private employees will generally retain an expectation of privacy in their work space unless that space is "open to the world at large." Id. at 326.

b) Consent in Private Sector-Workplaces

Although most non-government workplaces will support a reasonable expectation of privacy from a law enforcement search, agents can defeat this expectation by obtaining the consent of a party who exercises common authority over the area searched. See Matlock, 415 U.S. at 171. In practice, this means that agents can often overcome the warrant requirement by obtaining the consent of the target's employer or supervisor. Depending on the facts, a co-worker's consent may suffice as well.

Private-sector employers and supervisors generally enjoy a broad authority to consent to searches in the workplace. For example, in United States v. Gargiso, 456 F.2d 584 (2d Cir. 1972), a pre-Matlock case, agents conducting a criminal investigation of an employee of a private company sought access to a locked, wired-off area in the employer's basement. The agents explained their needs to the company's vice-president, who took the agents to the basement and opened the basement with his key. When the employee attempted to suppress the evidence that the agents discovered in the basement, the court held that the vice-president's consent was effective. Because the vice-president shared supervisory power over the basement with the employee, the court reasoned, he could consent to the agents' search of that area. Id. at 586-87. See also United States v. Bilanzich, 771 F.2d 292, 296-97 (7th Cir. 1985) (holding that the owner of a hotel could consent to search of locked room used by hotel employee to store records, even though owner did not carry a key, because employee worked at owner's bidding);J.L. Foti Constr. Co. v. Donovan, 786 F.2d 714, 716-17 (6th Cir. 1986) (per curiam) (holding that a general contractor's superintendent could consent to an inspection of an entire construction site, including subcontractor's work area). In a close case, an employment policy or computer network banner that establishes the employer's right to consent to a workplace search can help establish the employer's common authority to consent under Matlock. See Appendix A.

Agents should be careful about relying on a co-worker's consent to conduct a workplace search. While employers generally retain the right to access their employees' work spaces, co-workers may or may not, depending on the facts. When co-workers do exercise common authority over a workspace, however, investigators can rely on a co-worker's consent to search that space. For example, in United States v. Buettner-Janusch, 646 F.2d 759 (2d Cir. 1981), a professor and an undergraduate research assistant at New York University consented to a search of an NYU laboratory managed by a second professor suspected of using his laboratory to manufacture LSD and other drugs. Although the search involved opening vials and several other closed containers, the Second Circuit held that Matlock authorized the search because both consenting co-workers had been authorized to make full use of the lab for their research. See id.at 765-66. See also United States v. Jenkins, 46 F.3d 447, 455-58 (5^th Cir. 1995) (allowing an employee to consent to a search of the employer's property); United States v. Murphy, 506 F.2d 529, 530 (9^th Cir. 1974) (per curiam) (same); United States v. Longo, 70 F. Supp.2d 225, 256 (W.D.N.Y. 1999) (allowing secretary to consent to search of employer's computer). But seeUnited States v. Buitrago Pelaez, 961 F. Supp. 64, 67-68 (S.D.N.Y. 1997) (holding that a receptionist could consent to a general search of the office, but not of a locked safe to which receptionist did not know the combination).

c) Employer Searches in Private-Sector Workplaces

Warrantless workplace searches by private employers rarely violate the Fourth Amendment. So long as the employer is not acting as an instrument or agent of the Government at the time of the search, the search is a private search and the Fourth Amendment does not apply. See Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 614 (1989).

2. Public-Sector Workplace Searches

Although warrantless computer searches in private-sector workplaces follow familiar Fourth Amendment rules, the application of the Fourth Amendment to public-sector workplace searches of computers presents a different matter. In O'Connor v. Ortega, 480 U.S. 709 (1987), the Supreme Court introduced a distinct framework for evaluating warrantless searches in government workplaces that applies to computer searches. According to O'Connor, a government employee can enjoy a reasonable expectation of privacy in his workplace. See id. at 717 (O'Connor, J., plurality opinion); Id. at 721 (Scalia, J., concurring). However, an expectation of privacy becomes unreasonable if "actual office practices and procedures, or . . . legitimate regulation" permit the employee's supervisor, co-workers, or the public to enter the employee's workspace. Id. at 717 (O'Connor, J., plurality opinion). Further, employers can conduct "reasonable" warrantless searches even if the searches violate an employee's reasonable expectation of privacy. Such searches include work-related, noninvestigatory intrusions (e.g., entering an employee's locked office to retrieve a file) and reasonable investigations into work-related misconduct. See id. at 725-26 (O'Connor, J., plurality opinion); Id. at 732 (Scalia, J., concurring).

a) Reasonable Expectation of Privacy in Public Workplaces

The reasonable expectation of privacy test formulated by the O'Connor plurality asks whether a government employee's workspace is "so open to fellow employees or to the public that no expectation of privacy is reasonable." O'Connor, 480 U.S. at 718 (plurality opinion). This standard differs significantly from the standard analysis applied in private workplaces. Whereas private-sector employees enjoy a reasonable expectation of privacy in their workspace unless the space is "open to the world at large," Lyons, 706 F.2d at 326, government employees retain a reasonable expectation of privacy in the workplace only if a case-by-case inquiry into "actual office practices and procedures" shows that it is reasonable for employees to expect that others will not enter their space. See O'Connor, 480 U.S. at 717 (plurality opinion); Rossi v. Town of Pelham, 35 F. Supp.2d. 58, 63 (D.N.H. 1997). See also O'Connor, 480 U.S. at 730-31 (Scalia, J., concurring) (noting the difference between the expectation-of-privacy analysis offered by the O'Connor plurality and that traditionally applied in private workplace searches). From a practical standpoint, then, public employees are less likely to retain a reasonable expectation of privacy against government searches at work than are private employees.

Courts evaluating public employees' reasonable expectation of privacy in the wake ofO'Connor have considered the following factors: whether the work area in question is assigned solely to the employee; whether others have access to the space; whether the nature of the employment requires a close working relationship with others; whether office regulations place employees on notice that certain areas are subject to search; and whether the property searched is public or private. See Vega-Rodriguez v. Puerto Rico Tel. Co., 110 F.3d 174, 179-80 (1^st Cir. 1997) (summarizing cases); United States v. Mancini, 8 F.3d 104, 109 (1^st Cir. 1993). In general, the courts have rejected claims of an expectation of privacy in an office when the employee knew or should have known that others could access the employee's workspace. See e.g., Sheppard v. Beerman, 18 F.3d 147, 152 (2d Cir. 1994) (holding that judge's search through his law clerk's desk and file cabinets did not violate the clerk's reasonable expectation of privacy because of the clerk's close working relationship with the judge); Schowengerdt v. United States, 944 F.2d 483, 488 (9^th Cir. 1991) (holding that civilian engineer employed by the Navy who worked with classified documents at an ordinance plant had no reasonable expectation of privacy in his office because investigators were known to search employees' offices for evidence of misconduct on a regular basis). But see United States v. Taketa, 923 F.2d 665, 673 (9^th Cir. 1991) (concluding indicta that public employee retained expectation of privacy in office shared with several co-workers). In contrast, the courts have found that a search violates a public employee's reasonable expectation of privacy when the employee had no reason to expect that others would access the space searched. See O'Connor, 480 U.S. at 718-19 (plurality) (holding that physician at state hospital retained expectation of privacy in his desk and file cabinets where there was no evidence that other employees could enter his office and access its contents); Rossi, 35 F. Supp.2d at 64 (holding that town clerk enjoyed reasonable expectation of privacy in 8' x 8' office that the public could not access and other town employees did not enter).

While agents must evaluate whether a public employee retains a reasonable expectation of privacy in the workplace on a case-by-case basis, official written employment policies can simplify the task dramatically. See O'Connor, 480 U.S. at 717 (plurality) (noting that "legitimate regulation" of the work place can reduce public employees' Fourth Amendment protections). Courts have uniformly deferred to public employers' official policies that expressly authorize access to the employee's workspace, and have relied on such policies when ruling that the employee cannot retain a reasonable expectation of privacy in the workplace. See American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Serv., 871 F.2d 556, 56-61 (6^th Cir. 1989) (holding that postal employees retained no reasonable expectation of privacy in contents of government lockers after signing waivers stating that lockers were subject to inspection at any time, even though lockers contained personal items); United States v. Bunkers, 521 F.2d 1217, 1219-1220 (9th Cir. 1975) (same, noting language in postal manual stating that locker is "subject to search by supervisors and postal inspectors"). Of course, whether a specific policy eliminates a reasonable expectation of privacy is a factual question. Employment policies that do not explicitly address employee privacy may prove insufficient to eliminate Fourth Amendment protection. See, e.g., Taketa, 923 F.2d at 672-73 (concluding that regulation requiring DEA employees to "maintain clean desks" did not defeat workplace expectation of privacy of non-DEA employee assigned to DEA office).

When planning to search a government computer in a government workplace, agents should look for official employment policies or "banners" that can eliminate a reasonable expectation of privacy in the computer.

Written employment policies and "banners" are particularly important in cases that consider whether government employees enjoy a reasonable expectation of privacy in government computers. Banners are written notices that greet users before they log on to a computer or computer network, and can inform users of the privacy rights that they do or do not retain in their use of the computer or network. See generally Appendix A.

In general, government employees who are notified that their employer has retained rights to access or inspect information stored on the employer's computers can have no reasonable expectation of privacy in the information stored there. For example, in United States v. Simons, 206 F.3d 392 (4^th Cir. 2000), computer specialists at a division of the Central Intelligence Agency learned that an employee named Mark Simons had been using his desktop computer at work to obtain pornography available on the Internet, in violation of CIA policy. The computer specialists accessed Simons' computer remotely without a warrant, and obtained copies of over a thousands picture files that Simons had stored on his hard drive. Many of these picture files contained child pornography, which were turned over to law enforcement. When Simons filed a motion to suppress the fruits of the remote search of his hard drive, the Fourth Circuit held that the CIA division's official Internet usage policy eliminated any reasonable expectation of privacy that Simons might otherwise have in the copied files. See id. at 398. The policy stated that the CIA division would "periodically audit, inspect, and/or monitor [each] user's Internet access as deemed appropriate," and that such auditing would be implemented "to support identification, termination, and prosecution of unauthorized activity." Id. at 395-96. Simons did not deny that he was aware of the policy. See id. at 398 n.8. In light of the policy, the Fourth Circuit held, Simons did not retain a reasonable expectation of privacy "with regard to the record or fruits of his Internet use," including the files he had downloaded. Id. at 398.

Other courts have agreed with the approach articulated in Simons and have held that banners and policies generally eliminate a reasonable expectation of privacy in contents stored in a government employee's network account. See Wasson v. Sonoma County Junior College, 4 F. Supp.2d 893, 905-06 (N.D. Cal. 1997) (holding that public employer's computer policy giving the employer "the right to access all information stored on [the employer's] computers" defeats an employee's reasonable expectation of privacy in files stored on employer's computers);Bohach v. City of Reno, 932 F. Supp. 1232, 1235 (D. Nev. 1996) (holding that police officers did not retain a reasonable expectation of privacy in their use of a pager system, in part because the Chief of Police had issued an order announcing that all messages would be logged); United States v. Monroe, 52 M.J. 326 (C.A.A.F. 2000) (holding that Air Force sergeant did not have a reasonable expectation of privacy in his government e-mail account because e-mail use was reserved for official business and network banner informed each user upon logging on to the network that use was subject to monitoring). But see DeMaine v. Samuels, 2000 WL 1658586, at *7 (D. Conn. 2000) (suggesting that the existence of an employment manual explicitly authorizing searches "weighs heavily" in the determination of whether a government employee retained a reasonable expectation of privacy at work, but "does not, on its own, dispose of the question").

Of course, whether a specific policy eliminates a reasonable expectation of privacy is a factual question. Agents and prosecutors must consider whether a given policy is sufficiently broad that it reasonably contemplates the search to be conducted. If the policy is narrow, it may not waive the government employee's reasonable expectation of privacy against the search that the government plans to execute. For example, in Simons, the Fourth Circuit concluded that although the CIA division's Internet usage policy eliminated Simons' reasonable expectation of privacy in the fruits of his Internet use, it did not eliminate his reasonable expectation of privacy in the physical confines of his office. See Simons, 206 F.3d at 399 n.10. Accordingly, the policy by itself was insufficient to justify a physical entry into Simons' office. See id. at 399. See alsoTaketa, 923 F.2d at 672-73 (concluding that regulation requiring DEA employees to "maintain clean desks" did not def