[comp.org.eff.talk] Less intrusive, more efficient searches and seizures

mnemonic@eff.org (Mike Godwin) (04/04/91)

Mitch Kapor and I submitted the following paper to the 
Fourth Annual Computer Virus and Security Conference in
New York earlier in March. Since then, discussions of the paper
have led to two main lines of feedback: a) law enforcement
needs *technical* guidance about gathering computer evidence
without being overinclusive, yet meeting the requirements of
the rules of evidence, and b) civil-liberties and law-enforcement
needs converge on the need for less intrusive searches, since
LE would like to be able to search efficiently and not have to
scan whole hard disks for information.

In the interest of being able to develop these technical guidelines,
which should supplement and help implement the legal guidelines 
discussed in the paper, we publish the paper here, and ask for your
responses.

---------------------------------------------------------
 
Civil Liberties Implications of Computer Searches and 
Seizures:
Some Proposed Guidelines for Magistrates Who Issue Search 
Warrants

Submitted by:

Mitchell Kapor, B.A. Yale (1971), M.A. Beacon College (1978)
	President, The Electronic Frontier Foundation

Mike Godwin, B.A. University of Texas at Austin (1980), J.D. (1990)
	Staff Counsel, The Electronic Frontier Foundation


I. Introduction.

We are now about a decade and a half  into the era of affordable 
desktop computers. Yet for most people--and especially for the legal 
community--the civil-liberties implications of this new consumer 
technology have only barely begun to register. Only by acquiring a 
knowledge of the new technology, of its uses, and of its importance to 
traditional civil liberties can we guarantee the protection of those civil 
liberties in the future.
	Currently, the Electronic Frontier Foundation (EFF) is focusing 
on two major aspects of this failure of the law-enforcement 
community to fully incorporate civil-liberties awareness in its 
investigations of computer-related crime:

	1) When law enforcement officials lack understanding both of 
the new technology and--just as important--of how it is normally used, 
they simply cannot conduct the discretion-less, "particular" searches 
and seizures required by the Fourth Amendment1 when those searches 
and seizures involve computer equipment and data.

	2) The electronic conferencing systems offered by  computer-
based electronic bulletin-board systems (BBSs), commercial 
information services, and noncommercial computer networks--which 
may, to various degrees, be subject to law-enforcement searches and 
seizures--have created an environment for some of the most vigorous 
exercise of First Amendment prerogatives this nation has ever seen. 
When law enforcement does not routinely recognize the First 
Amendment significance of BBSs and other forms of electronic speech 
and publishing, its broad searches and seizures can "chill" the free 
exercise of those First Amendment rights.

	This paper is adapted from the EFF's response to the American 
Bar Association Criminal Justice Section's suggested guidelines for the 
issuance of search warrants relating to business records (July 1990)2. 
The guidelines seemed to be based in large part on J. McEwan, 
Dedicated Computer Crime Units (1989), D. Parker, Computer Crime: 
Criminal Justice Resource Manual (1989), and C. Conly, Organizing for 
Computer Crime Investigation and Prosecution. Published by the 
National Institute of Justice, all three publications were oriented 
toward informing law enforcement of the kinds of abuses to which 
computer technology potentially lends itself.
	But while such a focus may be useful for prosecutors, who may 
need to be brought up to speed on the technology, it is not a good focus 
for magistrates, who must evaluate law enforcement's claims that 
there is probable cause for particular searches and seizures in particular 
cases. For example, it may be useful for prosecutors to know that "the 
data in the storage device or media can be erased, replaced with other 
data, hidden, encrypted, modified, misnamed, misrepresented, 
physically destroyed, or otherwise made unusable."3  But this does not 
mean that the magistrate should always find probable cause to believe 
that a particular computer owner or operator has done so, and then 
authorize a highly intrusive and disruptive seizure of a BBS so that 
investigators can do a low-level search for hidden or encrypted data.
	Similarly, the fact that a clever hobbyist can find criminal uses 
for all sorts of equipment does not create probable cause to believe that 
every piece of electronic property that could conceivably be used in any 
type of computer crime -- or that could conceivably be evidence in 
some type of computer crime -- should be seized in every 
investigation.4 
	Moreover, the kind of exhaustive listing of potential computer-
crimes and crime techniques in these references, together with their 
instructive but not particularly representative anecdotal evidence, 
cannot help but give both law-enforcement agents and magistrates the 
impression that BBSs and similar systems are likely  to be used for 
computer-related crimes of various sorts.
	Our criticism of the original ABA Criminal Justice Section 
suggested guidelines was basically threefold:
	1) There was no guidance to the magistrate as to when the 
computer or related equipment should not be seized, either because it 
is not necessary as evidence or because such a seizure would intolerably 
"chill" the lawful exercise of First Amendment rights or abridge a 
property owner's Fourth Amendment rights.
	2) There was inadequate recognition of the business or 
individual computer owner's interest in continuing with lawful 
commercial business, which might be hindered or halted by the seizure 
of an expensive computer.
	3) There was no effort to measure the actual likelihood that 
investigators would find computers equipped with such justice-
obstructing measures as automatic-erasure software or "degausser" 
boobytrap hardware, the presence of which might justify a "no-knock" 
search and seizure, among other responses. 
	Section II of this paper, infra, contains the EFF's general 
comments on the suggested guidelines. while Section III contains our 
amended version of those guidelines.


 II. Comments on Proposed Guidelines on Searches and Seizures

A.  Searches and seizures of computers used for publishing or 
electronic bulletin boards.

	While the same legal principles apply to searches and seizures of 
computerized records as to other records, when the search is of records 
on a computer used for publishing or for operating an electronic 
bulletin board system (BBS), the need for particularity is heightened 
since the material to be searched may be protected by the First 
Amendment.  Particularity is also needed because First Amendment 
rights of association and statutory rights of privacy may be impinged by 
seizure of electronic mail or other private and third-party 
correspondence.
	Also, seizure of a computer used by a publication or for running 
an electronic bulletin board system (BBS) may violate the First 
Amendment by acting as a prior restraint on future speech and by 
interfering with the rights of expression and association of the operator 
and users of the system.

 B. No-knock entries because of risk of destruction of data.

	We believe the concern with possible destruction of data, 
whether stored internally or externally, is overstated in the proposed 
commentary.  Such a concern can justify a "no-knock" entry only in 
rare circumstances on a strong factual showing by law enforcement 
personnel.  First, we are not aware of any data showing that a device 
like a degausser is frequently  or commonly used to destroy evidence 
during a search.  Second, the only data that can be destroyed "at the flip 
of a [power] switch" is the relatively small amount of information in 
the internal memory (RAM) of a computer, and not information 
stored on an internal hard disc.  Information is only contained in RAM 
when a computer is being actively operated, and then only information 
about the current application the computer is running.  
	Thus, in order for a no-knock entry to be warranted, there must 
be credible evidence presented to the judicial officer either that (l) it is 
likely that the suspects have a device like a degausser by which data 
will be destroyed, or (2) the computer user will be using the computer 
for illegal purposes at the time of the search, e.g., when a warrant is 
sought at the moment a telephone tap demonstrates that computer 
user is in the act of using the computer to illegally access a computer 
database without authorization.

 C. Searches and seizures when the computer is used for electronic 
communications (e-mail).

	E-mail and other stored electronic communications are protected 
by the Electronic Communications Privacy Act, 18 U.S.C.  2701-2711.  E-
mail should thus be protected from search and seizure, unless there is 
probable cause to search and seize a specific electronic communication.  
Accordingly, if a search is likely to take place of a computer which 
provides an e-mail service to users, such as most BBSs, the affiant 
should inform the judicial officer of this possibility so that the judicial 
officer can establish procedures to ensure that the officers executing the 
warrant do not view e-mail for which no probable cause exists, and to 
ensure that the BBS computer is not seized unnecessarily as this will 
prevent the authorized access of users to their e-mail.

 D. Search vs. seizure

	We suggest that the commentary make a stronger distinction 
between the factors applicable to searches of computers, and those 
which demonstrate that the seizure itself of a computer or of discs is 
warranted.  Because of this, we propose that several of the paragraphs 
be rearranged.

E. Seizure of computer discs.

	Often, warrants have provided for the wholesale seizure of all 
computer discs, without any requirement that the officers executing the 
warrant review the data contained on each disc and seize copies only of 
relevant files.  Because of the voluminous amount of materials that 
can be stored on a computer disc, such a seizure is often equivalent to a 
prohibited general search, as it permits the seizure of a great many files 
for which there is no probable cause to seize.  The commentary does 
mention the possibility of establishing a procedure to ensure that not 
all files on a disc are seized, but we believe this should be further 
emphasized.
	We believe that that only in the situation where an entire 
organization is permeated with fraud or other misconduct is the 
wholesale seizure of computer discs appropriate.  In all other 
circumstances, the search of the computer discs for seizable data should 
be conducted on the organization's premises.  While this type of on-
premises search may be time-consuming, the same exact procedure is 
followed when officers executing a warrant are searching through 
hard-copy files for seizable material.  The judicial officer should allow 
the wholesale seizure of discs and a search off-premises of these discs 
for seizable material only if the affiant can present specific factors 
which demonstrate a necessity for an off-premises search.  Further, if 
the judicial officer does permit an off-premises search of the computer 
discs, the warrant should require that such a search take place promptly 
(presumptively within a matter of days), and that the officers executing 
the warrant then promptly copy only the relevant parts of the discs and 
immediately return the originals to the owner or custodian.
	The citation to Voss v. Bergsgaard, 774 F.2d 402 (10th Cir. 1985), 
does not support the proposition it is cited for, in that it suggests the 
description there was sufficiently particular when in fact the Court held 
the warrant unconstitutionally overbroad.

F. Seizure of computer where isolated information or records stored on 
the computer is the object of the search.

	While the seizure of a computer should be authorized when the 
computer is the instrumentality of a crime, in most other 
circumstances, where officials seek isolated information or records 
stored on the computer, seizure should not be authorized.  In the first 
place, such a seizure would violate the particularity requirement as 
many non-seizable records would be seized.  Secondly, the seizure may 
force a halt to legitimate business operations.  
	In such circumstances, the judicial officer should require that the 
search of the computer hard drive take place at the organization's 
premises, and that the officers executing the warrant make copies only 
of the seizable files or data.


III. Revisions to Business Record Guidelines and Guideline 
Commentary

The original ABA Criminal Justice Section Suggested Guideline 
appeared in the form of a two-paragraph "Guideline" articulating the 
general principles underlying Constitutional searches and seizures of 
business records, followed by four pages of "Commentary" laying out 
the legal issues raised by business-record searches and seizures, with a 
particular focus on computer-based records. We prepared suggested 
modifications to the guideline and to the commentary which 
incorporates the discussion in Sections I and II.

A. As to the guideline, the first two paragraphs read as follows:

As is the case generally, the description for searches and seizures 
of business records should be so definite that it eliminates officer 
discretion in determining which items are covered, which are 
not, and when the search must come to an end. However, 
because it is not always possible to meet this standard, the 
particularity requirement may be applied with less rigidity than 
in other settings. The judicial officer, in assessing particularity, 
must determine if the description of the records (whether in 
writing or electronically maintained) is as specific as the 
circumstances allow -- or, in the alternative, whether the 
description is sufficiently specific to prevent the searching party 
from unnecessarily examining non-relevant records in order to 
find the desired records.

The particularity requirement is most likely to be met when (1) 
probable cause exists to seize all the items within a particular 
category, as when the entire enterprise is permeated with fraud 
or other misconduct, or (2) when the warrant sets out some 
objective standard, a limiting feature, that allows the officers to 
differentiate between what can and cannot be seized, or (3) when 
the application describes as fully as possible, in light of what the 
investigators know, what is to be seized, or (4) when the warrant 
spells out a method for executing the search that limits the 
exposure of non-relevant materials, such as appointing a third-
party monitor.

To this Guideline EFF proposed adding the following paragraph:

	"Warrants for computerized records must be drawn narrowly 
and with enough specificity to eliminate or minimize the researchers' 
discretion and intrusion into other materials stored on the computer. 
Seizure of the computer itself, while proper in the limited 
circumstances where it is the instrumentality of a crime (as when the 
computer is itself a tool directly used to commit telecommunications 
fraud), is generally not justified when the object of the search is 
evidence stored on the computer, particularly since seizure of the 
computer may force a legitimate business to cease operations. Where 
the computer being searched is used in the publication or 
communication of information, warrants must be drawn even more 
narrowly to avoid infringing on First Amendment rights of expression 
and association, and seizures of such computers may also violate First 
Amendment rights unless the computer is the instrumentality of a 
crime."

 In the commentary, the additions we suggested are underlined, and at 
any point where we suggest deleting some material we have indicated 
this by brackets ([]).  In addition, our proposal rearranged several of the 
paragraphs:

(Beginning after Second Paragraph on p. 39)
	When the records are electronically stored in a computer, as is 
frequently the situation, the same legal principles apply.  []  In most 
respects, search and seizure issues in computer cases are like those in 
other criminal cases.  J. McEWAN, DEDICATED COMPUTER CRIME 
UNITS 55-56 (189); CF. D. PARKER, COMPUTER CRIME:  CRIMINAL 
JUSTICE RESOURCE MANUAL (1989).
	When computerized records are sought, they must be described, 
as in the case with written records, with enough specificity to eliminate 
or minimize the searchers' discretion as to what may be examined and 
seized.  When the information sought can be made definite (e.g., a 
memorandum from sales manager Jones to field agent Smith, dated 
March 11, 1980, concerning the sale of certain chemicals), the 
particularity requirement is easily satisfied whether the record is in 
writing or electronically stored.  If it is likely that the record of this 
document exists only in electronic form, the particular computer and 
storage media should be identified, and the affidavit should be clear 
that the searchers have the technical capacity to access the information.
	The need for particularity is heightened where the computer to 
be searched is used for a newspaper, magazine, electronic publishing or 
to operate an electronic bulletin board.5  There are "special restraints 
upon searches for and seizures of material arguably protected by the 
First Amendment."  Lo-Ji Sales, Inc. v. New York, 442 U.S. 319, 326 n.5 
(1970).  Where the materials to be seized may be protected by the First 
Amendment, both the particularity requirement and the probable 
cause requirement must be met with "scrupulous exactitude."  See, e.g., 
Voss v. Bergsgaard, 774 F.2d 402, 405 (10th Cir. 1985) (quoting Stanford 
v. Texas, 379 U.S. 476, 485 (1965) and citing Zurcher v. Stanford Daily, 
436 U.S. 547, 565 (1978).
	In addition, when a computer used to operate a BBS is searched, 
there is significant danger that First Amendment rights of association 
and statutory rights of privacy may be impinged by seizure of electronic 
mail (e-mail) or other private communications which have no relation 
to the alleged criminal activity justifying the search.  Seizure and 
search of e-mail isgoverned by the procedures of the Electronic 
Communications Privacy Act, 18 U.S.C.  2701-2711.  Similarly, seizure 
of material on a BBS meant for publication or dissemination which is 
not related to the alleged crime may violate First Amendment rights of 
free expression.
	When the affiant describes [] the records to be seized only in 
general terms, such as "books, letters, papers, memoranda, contracts, 
files, computer tape logs, computer operation manuals, and computer 
tape printouts," there is a  likelihood that the particularity 
requirements have not been met.  In such a circumstance, the judicial 
officer should question the affiant to see whether any additional 
limiting standards -- time period, authorship, transaction, or offense, 
for example -- can be established.  The more limitations in the affidavit, 
the more likely that Fourth Amendment particularity exists.6
	In some instances, the affidavit may contemplate so extensive a 
seizure of computerized data that a successful  search would cripple the 
business.  Under these circumstances,the judicial officer should explore 
with the applicant the feasibility of copying or otherwise acquiring the 
information sought without depriving the owner or custodian of its 
use.  Since the justification for a search is to gather evidence, not close a 
business, it is important that the seizure be no more intrusive than 
necessary.  To this end, the judicial officer may require the applicant to 
demonstrate technical expertise or access to such.
	One troubling problem arises from the way computerized 
records are stored.  Because computer discs have such a large storage 
capacity, it is common to store unrelated data on the same disc.  This 
means that a seizure of an entire disc may involve substantial amounts 
of information that is not relevant to the inquiry.  When the discs are 
maintained by an innocent third party, such as a large accounting firm, 
the invasion of privacy is compounded, since the relevant discs may 
also contain data for other clients of the firm.  To protect the rights of 
these third parties, special procedures may be necessary.
	Similarly, the wholesale seizure of a large number of computer 
discs would appear to violate the particularity requirement, and be a 
prohibited general search, in a situation where the entire organization 
is not permeated with fraud or other misconduct.7  In such cases, the 
search of the computer  discs for seizable items preferably should be 
conducted on the organization's premises.  Wholesale removal of discs 
for off-premises searches should be authorized only if identifiable 
particular circumstances so mandate, and in such case the officers 
executing the warrant should promptly copy only relevant parts of the 
discs and promptly return the discs to the owner or custodian.
	To limit the scope of the seizure and the invasion of the rights of 
the third parties, and to protect the owner's rights (and the custodian as 
well), the judicial officer should consider (1) appointing an expert to 
accompany the law enforcement officers on the search to provide 
guidance to them in identifying the named items; (2) directing that all 
searches of discs for seizable items be conducted on the organization's 
premises, and (3) in situations where an on-premise search of the discs 
is not feasible because of specific reasons, establishing a procedure 
whereby the relevant parts of the disc may be promptly copied and then 
the original returned to the owner or custodian within a reasonable 
period of time, presumptively no longer than several days.
	The computer itself may be subject to seizure when it is an 
instrumentality for the commission of an offense, for  example when it 
is employed to commit a host of illegal acts:  software piracy, 
embezzlement, and telecommunications fraud are among these.8  For 
a fuller description of offenses committed with computers, see 
McEWAN, DEDICATED COMPUTER CRIME, Units 1-5, 38 (1989).  
Computers may also serve criminal enterprises by maintaining 
databases of, for example, drug distributions or customers for child 
pornography.  In terms of establishing probable cause and particularity, 
the affidavit must, as is generally true, provide reason to believe that 
an offense has been committed, and that the object to be seized -- the 
computer -- is implicated.  The computer should be identified as fully 
as possible, i.e., by manufacturer, model number and serial number to 
meet the particularity requirement.
	Seizure of the computer itself should not be authorized where 
information or records stored on the computer are the only object of 
the search.  Such computer seizures and the attendant seizure of all 
data on the computer's hard drive would not meet the particularity 
requirement.  In addition, as with the wholesale seizure of 
computerized records, the seizure of the computer will often make it 
impossible for a lawful business to continue operating.  If the computer 
is used for publishing or communicating information, e.g., if it is used 
by a newspaper, publication or for running a BBS, seizure may violate 
the First Amendment, because the seizure may act as a prior restraint 
on future speech or may interfere with the rights of expression and 
association of the operator and users of the system.
 	Because a computer is actually a system of several parts, the 
affidavit should specify what exactly is to be seized.  An expert may be 
necessary in order to ensure a complete and precise listing.  
	When the affidavit, of necessity, employs technical language to 
explain the offense involved, such as "patching a long distance phone 
call to avoid paying the toll," See Ottensmeyer v. Chesapeake and 
Potomac Tel. Co., 756 F.2d 986 (4th Cir. 1985), the affiant's credentials, 
training, and education in computer sciences should be set forth so that 
the judicial officer has a basis for evaluating the analysis and 
interpretation in the affidavit.  In unusual situations when the judicial 
officer has difficulty comprehending the nature of the offense alleged, 
or questions the expertise of the affiant or the affiant's witnesses, the 
judicial officer can summon an expert witness to provide additional 
testimony.  Ordinarily, however, the procedure is to require the affiant 
to further supplement the affidavit, or attempt to rewrite it to meet the 
judicial officer's objections.  The judicial officer may also require an 
expert to accompany the affiant in order to insure that the seizable 
items are properly identified and removed in a reasonable manner to 
avoid injury to property, [] needless exposure of unrelated records, or 
infringement of First Amendment rights.  In Ottensmeyer, 756 F.2d at 
986, an expert accompanied the searching party.  Cf. De Massa v. 
Nunez, 747 F.2d 1283 (9th Cir. 1984) (special master appointed to 
supervise the seizure of documents during execution of warrant at 
attorney's office);  Forro Precision Inc. v. International Business 
Machine Corp., 673 F.2d 1045 (9th Cir. 1982) (discussing the role of an 
expert during the execution of the warrant).
	Because computer systems increasingly rely on complicated 
access procedures and may also have the capacity to destroy data when 
an unauthorized user attempts to access them there is an additional 
need for expertise.  The judicial officer should make sure that the 
officers executing the warrant have the capacity to make the seizure 
without destroying data or damaging property unnecessarily, and thus 
may appoint an outside expert to monitor or supervise the execution of 
the warrant.  The appointment of an expert provides added assurance 
that (1) there will not be an inadvertent interruption in the electric 
power during data manipulation by the officers that could result in the 
loss of information, (2) that if there is a hard disc drive, the heads on 
the drive will be "parked" before moving the system to avoid 
destroying stored information, (3) that when such equipment as 
telephone modems, auto-dialers, and printers are connected to the 
computer, they will be disconnected without loss of information, and 
(4) that the officers executing the search warrant will not 
unintentionally change data while collecting evidence.  See generally, 
C. CONLY, ORGANIZING FOR COMPUTER CRIME INVESTIGATION 
AND PROSECUTION 22 (1989).


IV. Conclusion.

	These suggestions were submitted to the ABA through Judge 
William R. McMahon of Ohio, who chairs the ABA, NCSCJ committee 
on Modern Technology and the Courts.  It is the EFF's hope that these 
suggestions can also be used as a resource by state and federal 
legislatures, by state and federal judiciaries, and--perhaps most 
importantly--by the front-line law-enforcement officials and 
prosecutors whose job it is to integrate the enforcement of the law with 
the preservation of our civil liberties.
1The Fourth Amendment to the U.S. Constitution states that "The 
right of the people to be secure in their persons, houses, papers, and 
effects, against unreasonable searches and seizures, shall not be 
violated, and no Warrants shall issue, but upon probable cause, 
supported by Oath or affirmation, and particularly describing the 
place to be searched, and the persons or things to be seized."
2Sections II and III of this paper were originally researched and 
written for EFF by Nick Poser, Esq., and Terry Gross, Esq., of 
Rabinowitz, Boudin, Standard, Krinsky & Lieberman. Harvey 
Silverglate, Esq., and Sharon Beckman, Esq., of Silverglate & Good 
reviewed these sections and offered valuable suggestions and 
comments.
 
3D. Parker, Computer Crime: Criminal Justice Resource Manual 
(1989), page 68.
4 A  "sample" search warrant  in Conly, Organizing for  Computer 
Crime Investigation and Prosecution includes the following 
language:

"In the County of Baltimore, there is now property subject to 
seizure, such as computers, keyboards, central processing units, 
external and/or internal drives, internal and/or external 
storage devices such as magnetic tapes and/or disks, terminals 
and/or video display units and/or receiving devices and 
peripheral equipment such as, but not limited to, printers, 
automatic dialers, modems, acoustic couplers, and or [sic] direct 
line couplers, peripheral interface boards and connecting cables 
or ribbons, diaries, logs, and other records, correspondence, 
journals, ledgers memoranda [sic], computer software, 
programs and source documentation, computer logs, magnetic 
audio tapes and recorders used in the obtaining, maintenance, 
and or [sic] dissemination of information obtained from the 
official files and computers of the [sic] MCI 
Telecommunications Inc. and other evidence of the offense."

	Although clearly taken from a warrant drafted for a specific 
crime involving MCI, this language is frequently copied almost 
verbatim in warrants involving far different crimes. Moreover, the 
drafters, perhaps afraid that their language was not sufficiently 
inclusive, made sure to add the phrase "such as, but not limited to" 
in reference to what qualifies as a "peripheral" for the purposes of the 
warrant. One may wonder how such a broad description meets the 
"particularly describing" clause of the Fourth Amendment, or how it 
limits the discretion of the executing officer as to which property he 
or she will seize.
5   There is growing recognition that bulletin board systems (BBSs) are 
a form of press.  See, e.g., An Electronic Soapbox: Computer Bulletin 
Boards and the First Amendment, 39 Fed. Com. L. J. 217, 240 (1988), 
citing Legi-Tech, Inc. v. Keiper, 766 F.2d 728, 734-36 (2d Cir. 1985).
6Two problems, unrelated to particularity, may arise with respect to 
the seizure of computerized data.  [] First, in certain circumstances, 
affiants may have specific information that the suspects have devices 
by which computerized data may be rapidly destroyed, and in such 
cases affiants may seek permission to enter the premises without 
announcing their authority and purpose.  Affiants may also seek such 
permission in cases where it is known that the suspect will be using 
the computer for illegal purposes at the time of the search, e.g., when 
a warrant is sought at the moment a telephone tap demonstrates that 
the computer user is in the act of illegally accessing a computer 
database over the telephone lines, as evidence of the crime could be 
lost if the computer user shuts off the computer.  For an analysis of 
the standard for "no-knock" entries in business premises see 
Guideline 10.3 infra.

    The second problem relates to the time period in which the 
computerized data are stored.  In addition, unlike written records, 
data internal to the system are not likely to be so maintained for long 
periods.  Although computers commonly have book-length or longer 
storage capacity, the typical procedure is to transfer the data to 
external storage, typically in the form of a disc or tape.  Given the 
practice, the judicial officer must evaluate the affidavit with care to 
ascertain the likelihood that the data is in the computer and has not 
been transferred to a different location or erased.  If electronic 
communications are maintained on the computer, such as with 
computers operating electronic bulletin boards, reference must be 
made to the Electronic Communications Privacy Act, 18 U.S.C.  2701-
2711, and the affiants should inform the judicial officer, so that he can 
establish procedures to ensure that the privacy of these 
communications is protected, and that no communications are 
searched unless probable cause exists as to that communication.
7 Generic listings which would permit the seizure of virtually all 
computer related materials fail to meet the particularity requirement.  
See, e.g., Voss v. Bergsgaard, 774 F.2d 402, 407 (10th Cir. 1985), [] 
(affidavit held insufficient which described the computer records and 
materials to be seized as follows:  "One Alpha Micro computer 
processing unit, approximately four Alpha Micro computer 
terminals, computer printers, and computer manuals, logs, printout 
files, operating instructions, including coded and handwritten 
notations, and computer storage materials, including magnetic tapes, 
magnetic discs, floppy discs, programs and computer source 
documents"
8A computer is certainly "property" and hence  theoretically might be 
subject to seizure if it is forfeitable pursuant to a specific statute 
authorizing such forfeiture, e.g., the Racketeer Influenced and 
Corrupt Organizations Act, 18 U.S.C. $ 1913. Because a computer is 
also a communications device much as a typewriter or printing press 
is, however, seizure of the computer raises First Amendment issues 
not present in other types of forfeitures. For this reason, the better 
procedure when dealing with an arguably forfeitable computer 
system is not to seize it, which raises First Amendment and prior-
restraint problems, but to allow the government to proceed instead by 
subpoena or motion, where the delicate issues can be litigated 
without the prior restraint that seizure pendente lite would cause.


-- 
Mike Godwin, (617) 864-0665 | "You gotta put down the ducky
mnemonic@eff.org            |  if you wanna play the saxophone."
Electronic Frontier         |  
Foundation                  |                  

mvp@hsv3.UUCP (Mike Van Pelt) (04/06/91)

In article <1991Apr3.161113.21048@eff.org> mnemonic@eff.org (Mike Godwin) writes:
>Mitch Kapor and I submitted the following paper to the 
>Fourth Annual Computer Virus and Security Conference in
>New York earlier in March.

Good work!  

It's even readable.  (Are you *sure* you're a lawyer?  :-)

-- 
"Ain't nothin' in the middle                  Mike Van Pelt
o' the road, 'cept a yellow                   Headland Technology/Video 7
line and dead 'possums."                      ...ames!vsi1!v7fs1!mvp