Monday, August 03, 2015

The Laptop, Slack Space and Child Pornography

After James Paul Lowe was convicted in the U.S. District Court for the Eastern District of Tennessee of “knowingly receiving, distributing, and possessing child pornography in violation of 18 U.S. Code § 2252(a)”, he appealed.  U.S. v. Lowe, 2015 WL 4529516 (U.S. Court of Appeals for the 6th Circuit 2015).  In his appeal, Lowe “concede[d] that a laptop computer found in his home contained hundreds of image and video files depicting child pornography but maintains that no rational juror could find beyond a reasonable doubt that he knew about those files or placed them there.”  U.S. v. Lowe, supra.  
The Court of Appeals began its analysis of Lowe’s argument on appeal by explaining how the conviction arose:
Between March and August 2011, a user downloaded child pornography to a laptop found in the home James Lowe shared with his wife, Stacy Lowe. The Lowes lived at 2204 Robin Street in Athens, Tennessee. Michael Lowe, a minor relative described by one witness as James Lowe's `adopted child,’ lived with James and Stacy at some point during 2011 but moved out before agents searched the home in August.

Four government witnesses testified at Lowe's trial. Bradley County Sheriff's Office Detective J.P. Allman recounted learning in early 2011 that someone was using a particular Internet Protocol (IP) address to share child pornography. On May 23, he searched for that IP address and discovered a computer sharing files with names consistent with child pornography over a peer-to-peer network. He downloaded one video and two still images of child pornography from the computer's shared folder.

Detective Allman subpoenaed AT & T for information about the account associated with the IP address. AT & T's records listed James Lowe as the account holder, 2204 Robin Street as the billing address, and Lowe. Stacy as the email address associated with the account. Detective Allman conducted surveillance and determined that, as of August 2011, James and Stacy Lowe were the sole residents of 2204 Robin Street.

Detective Allman and other officers executed a search warrant on August 8. Stacy was home during the search but James was not. Law enforcement officers seized three computers: a Dell Inspiron laptop with the username `Stacy’ found in the bedroom, an HP Pavilion laptop with the username `Jamie’ found in the office, and a desktop that was also located in the office. Detective Allman testified that his role during the search was `speaking with Ms. Lowe.’ . . . He later told the jury that he learned that the laptop found in the office belonged to James Lowe. Agents also found a form on the desk in the office that listed James's name, social security number, date of birth, and the email address

FBI Special Agent Stephen McFall told the jury that he examined the three hard drives and discovered that only the HP Pavilion laptop contained child pornography. Agent McFall found 639 image files and 176 video files depicting child pornography on the device.
U.S. v. Lowe, supra.
The court also noted that
[a] user named the HP Pavilion laptop `Jamie–PC’ and created a single user account, `Jamie.’ The laptop's settings did not require users to enter a password to access the `Jamie’ account or any of the laptop's files and programs. And while the Lowes password-protected their residence's wireless-internet account, the laptop automatically connected to the internet through a stored wireless password.

The laptop's desktop screen included the following shortcuts, icons, and files: the computer's recycling bin, an internet browser, iTunes, Shareaza (a peer-to-peer file-sharing program), a media player, a folder labeled Microsoft Office Programs, a PDF file labeled `2011—Auhto . . .,’ four Microsoft Excel spreadsheets labeled `Copy of Service Aut . . .,’ an MP3 music file, and what appeared to be a computer game. [At Lowe’s trial,] Agent McFall told the jury that the spreadsheets `looked like they were authorization agreements for business.’ . . .
U.S. v. Lowe, supra.
The opinion goes on to explain that Agent McFall
testified at length about the Shareaza peer-to-peer file-sharing program used to download child pornography to the HP Pavilion laptop.  Someone installed the program on February 24, 2011. Because no one overrode the program's default username setting, the Shareaza account adopted the laptop's username, `Jamie.’ But someone altered the default for the program's chat-feature username and instead entered `JA.’

Shareaza was not password-protected, and it automatically started running in the background whenever someone switched the computer on. But users had to open the program to search for files and initiate downloads.

The Shareaza home screen—which any user would see upon opening the program—showed that someone searched for terms consistent with child pornography such as `young mama’ and `PTHC’ (which stands for `pre-teen hard core’), and non-pornographic terms such as `Oceans 11,’ `Ellie Goulding,’ and `Tron.’ The list of downloads on the home screen included files named `PTHC Pedoland Frifam Heidi,’ `11 yo sleeping kid,’ and `new girl img–0063–r10.’

Files were stored in an `incomplete’ folder within Shareaza until they finished downloading, at which point they would appear in the laptop's `downloads’ folder. Agent McFall testified that files could `take a very long time to download’ and that downloading time depended on factors such as the internet connection's speed. . . .

Most of the laptop's images and videos depicting child pornography were stored in Shareaza libraries. Agent McFall also found evidence of images, some of which had been deleted, elsewhere on the laptop's hard drive. For instance, the recycling bin contained a video titled `Lolita PTHC 2011 3yo Ariel part 1.’ Agent McFall found references to the three files Detective Allman downloaded on May 23 through a text-string search, but someone deleted the actual files before agents seized the computer. He never specified whether the `downloads’ folder contained child-pornography files.
U.S. v. Lowe, supra.
The Court of Appeals continued summarizing the evidence in the case, explaining that
Agent McFall admitted that he could not pinpoint when someone searched for or initiated downloads of child pornography. But forensic analysis revealed the date and time on which partial or completed downloads appeared on the laptop's hard drive. Microsoft Windows registry data revealed that a user opened files depicting child pornography as recently as August 4.

Agent McFall also testified about the laptop's internet-usage history as recorded through `cookies.’ On numerous occasions between March and August, downloads completed within minutes of someone accessing a web-based email service or one of several retail, banking, appliance-repair, and travel websites. Agent McFall identified one date—March 10—on which a user appeared to log in to Yahoo!'s email service. When the government's attorney asked if he recalled `what the log-in was,’ he replied, `For the Yahoo mail, I don't remember exactly. I think Jamie or jame dog was part of the, part of the e-mail address.’ . . . In general, however, Agent McFall attributed no special significance to the laptop's browsing history.

Agent McFall also told jurors that a user opened an `East Tennessee Appliance Services’ invoice listing 2204 Robin Street as the business address about forty minutes before a child-pornography video finished downloading on March 3. No witness testified about what James and Stacy Lowe did for a living or whether the other two computers also contained business documents.
U.S. v. Lowe, supra.
After the prosecution had finished presenting the evidence in its case, Lowe moved        
for a judgment of acquittal at the close of the government's case and rested without putting on his own evidence. The court denied his motion but expressed some misgivings about the government's proof:

`I have to say, in this case, it has been particularly difficult, even though it's my job to do so, to discern where that line [between speculation and reasonable inference] is and where what might be a reasonable inference that can be drawn from the record evidence becomes nothing more than an invitation for the jury to speculate as to what the evidence may be or what it may show.’

. . . . After the jury found Lowe guilty on all three counts, the district court denied his post-trial motion for a judgment of acquittal. It sentenced Lowe to 150 months' imprisonment, varying significantly below the guidelines range of 210 to 240 months.
U.S. v. Lowe, supra.
The Court of Appeals began its analysis of Lowe’s arguments on appeal by explaining that it reviews
de novo the district court's judgment denying Lowe's motion for acquittal. U.S. v. Blanchard, 618 F.3d 562 (U.S. Court of Appeals for the 6th Circuit 2010). In considering Lowe's sufficiency-of-the-evidence challenge, we `view[ ] the evidence in the light most favorable to the prosecution’ and must affirm if `any rational trier of fact could have found the essential elements of the crime beyond a reasonable doubt.’ U.S. v. Washington,715 F.3d 975 (U.S. Court of Appeals for the 6th Circuit 2013) (quoting Jacksonv. Virginia, 443 U.S. 307 (1979)). . . .

`Circumstantial evidence alone is sufficient to sustain a conviction and such evidence need not remove every reasonable hypothesis except that of guilt.’ U.S. v. Algee, 599 F.3d 506 (U.S. Court of Appeals for the 6th Circuit 2010) (quoting U.S. v. Kelley, 461 F.3d 817 (U.S. Court of Appeals for the 6th Circuit 2006)) . . . ; see also U.S. v. Garcia, 758 F.3d 714 (U.S. Court of Appeals for the 6th Circuit 2014) (affirming a firearm-possession conviction where `circumstantial evidence and a chain of inferences’ would permit a jury to conclude that the defendant actually possessed the weapon). `A convicted defendant bears ‘a very heavy burden’ to show that the government's evidence was insufficient.’ U.S. v. Tragas, 727 F.3d 610 (U.S. Court of Appeals for the 6th Circuit 2013) (quoting U.S. v. Kernell, 667 F.3d 746 (U.S. Court of Appeals for the 6th Circuit 2012)).
U.S. v. Lowe, supra (emphasis in the original).
The court then began its analysis of Lowe’s arguments, noting that
[n]otwithstanding Lowe's heavy burden, we agree with his argument that no rational juror could find him guilty beyond a reasonable doubt based on the evidence presented at trial. A juror could reasonably infer that James owned and occasionally used the laptop from (1) the device's sole username, `Jamie,’ a common diminutive of James; (2) Detective Allman's testimony that the laptop `belonged to’ James; and (3) Agent McFall's testimony about the March 10 visits to the Yahoo! email log-in page. But, without improperly stacking inferences, no juror could infer from such limited evidence of ownership and use that James knowingly downloaded, possessed, and distributed the child pornography found on the laptop.

James shared his home with two other people, both of whom could access the HP Pavilion laptop's `Jamie’ account and Shareaza file-sharing program without entering passwords. We need not decide if Detective Allman's testimony that Michael Lowe moved out in `early 2011’ and Agent McFall's testimony that someone at 2204 Robin Street used the laptop to view images as late as August 4 permitted the jury to conclude that someone other than Michael placed images on the computer. Even if a juror reasonably could rule out Michael's responsibility for at least some of the images, the remaining evidence provided no basis to determine whether James or Stacy (or both) knowingly possessed child pornography. Compare U.S. v. Moreland, 665 F.3d 137 (U.S. Court of Appeals for the 5th Circuit 2011) (reversing conviction in light of evidence that three people used the defendant's user account and the absence of evidence specifically linking the defendant to the images), with U.S. v. Koch, 625 F.3d 470 (U.S. Court of Appeals for the 8th Circuit 2010) (sustaining conviction where the defendant lived alone and the username of the computer seized from his bedroom matched his first name).
U.S. v. Lowe, supra.
It went on to point out that,
[i]mportantly, the government presented no evidence from which a juror could infer that Stacy did not use the laptop over the five-month period. First, although a juror reasonably could infer that Stacy used the `Stacy’ laptop from evidence that she was home alone during the search and that agents found that laptop powered on, the juror could not draw the additional inference that Stacy did not use the `Jamie’ laptop.

Second, no juror reasonably could conclude that James and not Stacy used the HP Pavilion laptop to save business records, open an invoice listing 2204 Robin Street as the return address, and access banking, retail, travel, and appliance-repair websites on dates when partial or complete child-pornography files appeared on the hard drive. The government presented no evidence of what James and Stacy did for a living, whether they worked inside or outside of the home, their interests and hobbies, or where they banked. Further, Agent McFall attributed no special significance to the pattern of internet activity during the period in question. Although a juror might infer from visits to appliance-repair and banking websites that an adult primarily used the computer, she could only speculate about whether the adult was James or Stacy Lowe.  See U.S. v. Moreland, supra (reversing conviction where a forensic expert admitted that the computer's internet-usage patterns did not show who visited the websites in question).
 U.S. v. Lowe, supra (emphasis in the original).
The Court of Appeals then pointed out that,
[i]n sum, the evidence presented here fell well short of what we have found sufficient to convict in other cases involving multiple possible users of a single device. In U.S. v. Oufnac, 449 F. App'x 472 (U.S. Court of Appeals for the 6th Circuit 2011), for instance, `ample other evidence’ linked the defendant to images found on a shared device. U.S. v. Oufnac, supra. Although the computer in question had three user accounts, pornographic images appeared only in Oufnac's personal `My Documents’ folder within his password-protected account. U.S. v. Oufnac, supra. Oufnac's former girlfriend testified about finding child pornography on his computer on several previous occasions. When she confronted him, he said the images were `none of her business’ but admitted that they aroused him, and, on one occasion, he agreed to destroy a compact disc on which she found `files and files and files and files’ of child pornography. U.S. v. Oufnac, supra. Oufnac also admitted to law enforcement that he recently viewed child pornography, although he later claimed that the images were `fake.’ U.S. v. Oufnac, supra.

Similarly, in U.S. v. Mellies, 329 F. App'x 592 (U.S. Court of Appeals for the 6th Circuit 2009), we sustained a defendant's conviction for possessing child pornography found on a laptop and compact discs in his home office, notwithstanding evidence that his wife and stepson occasionally used the laptop. U.S. v. Mellies, supra. The images were primarily stored in password-protected files and folders. U.S. v. Mellies, supra. Mellies was `associated with’ all but two of the hundreds of documents and thousands of emails stored on the laptop, and he was the only member of the household whose fingerprints appeared on compact discs containing child pornography. U.S. v. Mellies, supra. Further, a detective testified that Mellies told arresting officers: `I'm not a part of some sort of a ring’ and `[T]his is something that doesn't have anything to do with anybody else at all.’ U.S. v. Mellies, supra.

Of course, Oufnac and Mellies do not establish a minimum threshold for proving knowing possession of child pornography with circumstantial evidence. They do, however, identify the types of evidence on which a jury reasonably may rely to convict an individual of possessing child pornography found on a shared device. The jury heard no such evidence in Lowe's case, despite the fact that the non-password-protected laptop containing pornographic images was found in a common area of a home shared by three individuals.
U.S. v. Lowe, supra.
The Court of Appeals then outlined its conclusions and holding in this case:
Along with the lack of proof concerning who downloaded the images in the first instance, the evidence did not permit a juror to conclude that James knew the HP Pavilion laptop contained child-pornography files and permitted them to remain on the computer. Most of the images and videos depicting child pornography were stored in Shareaza libraries. Without more information about James's computer use, no juror reasonably could infer that he opened Shareaza during the five-month period in question. Further, the evidence did not suggest that someone using the laptop for innocent purposes would know about ongoing child-pornography downloads if he or she did not open Shareaza.

With respect to images stored outside of Shareaza, the evidence showed that, at most, images and videos temporarily appeared in the computer's `downloads’ folder and recycling bin. Although a juror might be able to infer that a defendant knows about pornography stored in her personal files, especially if the files contain recently opened or created documents, he could not draw the same conclusion about pornography that automatically appears in the “downloads” folder or that a user moved to the recycling bin. U.S. v. Oufnac, supra (explaining that a reasonable juror could conclude that a defendant either saved ninety-six images and videos to his personal `My Documents’ folder within his password-protected account or `at least knew of and permitted their continued existence’), with U.S. v. Moreland, supra (noting the lack of a `circumstantial indicium that established that [the defendant] knew of the images or had the ability to access them’ when images were found primarily in the hard drive's `unallocated slack spaces’).

In sum, no juror could conclude beyond a reasonable doubt from the evidence presented at trial that James Lowe knowingly received, possessed, and distributed the images and videos depicting child pornography found on the HP Pavilion laptop seized from his home.
U.S. v. Lowe, supra.
It therefore reversed Lowe’s conviction and remanded the case “for further proceedings consistent with this opinion.”  U.S. v. Lowe, supra.
You can, if you are interested, read more about the facts and outcome in this case in the news story you can find here.

Friday, July 31, 2015

Consent, the External Hard Drive and the 4th Amendment

Paul Beckmann
pled guilty to one count of possession of child pornography after having been previously convicted and sentenced for possession of child pornography in 2001. See 18 U.S. Code §2252A(a)(5)(B), (b)(2). The [U.S. District Court Judge] sentenced Beckmann to 120 months of imprisonment, a lifetime of supervised release, and ordered him to pay $9,000 of restitution.
U.S. v. Beckman, 786 F.3d 672 (U.S. Court of Appeals for the 8th Circuit 2015).
Beckman appealed, arguing, among other things, that the U.S.District Court Judge erred by “denying his motion to suppress evidence found on an external hard drive as the result of an illegal search under the 4th Amendment.”  U.S. v. Beckman, supra.  The Court of Appeals began its analysis of his argument by explaining what happened in the investigation that led to his being charged and convicted:
Since Beckmann's conviction for possession of child pornography in 2001, Beckmann has been required to register as a sex offender. On August 2, 2011, as part of a routine sex offender verification through the United States Marshal's Office, Jefferson County Deputies Barbato and Thebeau visited Beckmann's home. The purpose of the visit was to verify Beckmann's address and to ensure that he was complying with any conditions related to his status as a sex offender. Upon arrival, the deputies knocked on Beckmann's door, told him they were there for sex offender verification and asked to enter his home. Beckmann consented. Once inside, the deputies observed a laptop computer on the coffee table. Beckmann informed the officers that he was under no supervised release conditions and that he was lawfully allowed to have a computer and internet access. Deputy Barbato asked to look through the contents of Beckmann's laptop in order to `make sure he was not accessing any content he's not supposed to be accessing.’ Beckmann consented.
 While Deputy Barbato searched the laptop, Beckmann showed Deputy Thebeau around the rest of the residence. Deputy Thebeau alerted Deputy Barbato that there was another computer in the upstairs office. He then obtained permission to use the upstairs restroom. Deputy Barbato proceeded upstairs partially for safety reasons and partially because he wanted to make sure Defendant was not `going through anything he shouldn't be.’ When Deputy Barbato arrived upstairs and looked into the office where Beckmann went, he saw a computer desk with a monitor on it and Beckmann underneath messing with wires/cords. To alert Beckmann to his presence, Deputy Barbato asked Beckmann if this was the `other’ computer. Beckmann seemed startled and responded yes. Deputy Barbato then asked if he could take a look at that computer, as well. Beckmann consented. Deputy Barbato sat down and observed one computer tower and two external hard drives underneath the desk. Both of the external hard drives were connected to the tower but the power cord to one of them was unplugged from the wall. Deputy Barbato believed that these were the cords Beckmann was manipulating, and he believed that Beckmann had been trying to shut off the computer. The deputy plugged the power cord to the unplugged external hard drive back into the wall and began to search the computer, including the external hard drives.
 By this time, Beckmann had exited the office. The deputy admitted he did not get specific consent to search the external hard drives nor did he get consent to plug the one external hard drive back into the wall; however, he considered the external drives to be a part of the `computer’ because they were plugged into the computer. During his search, Deputy Barbato discovered file names suggesting child pornography. The deputy asked Beckmann about the suspicious files and Beckmann stated that he did not wish to answer. The officers then placed Beckmann into investigative detention. After speaking with his attorney, Beckmann signed a consent form allowing the officers to seize the laptopcomputer, and external hard drives pending application for a search warrant.
U.S. v. Beckman, supra.  You can, if you are interested, find a law enforcement consent to search form here, as a sample. Beckman would have signed a similar form. t
The Court of Appeals goes on to explain that the
government obtained a search warrant on August 15, 2011 to copy and search the property seized. The warrant specified that it was to be executed on or before August 29, 2011. `Execution’ of the search warrant required a forensic analyst to copy and search existing and deleted computer files. The investigator began analyzing the seized computers in November of 2011 and the external hard drives on January 24, 2012.
 The analyst located over 2,000 images of child pornography on the external hard drive. On April 25, 2012, a report was prepared documenting what was found on the computer media. A return of inventory was filed with the district court on November 15, 2013. The sergeant handling the case stated that he did not intend to prejudice Beckmann or delay the proceedings but merely forgot to return the warrant.
U.S. v. Beckman, supra.   Rule41(f)(1)(D) of the Federal Rules of Criminal Procedure, which you can find here, explains what “executing” a warrant and “returning” an inventory mean.
The next thing that happened was that, on July 24, 2013, a Missouri federal grand jury
returned a one-count indictment against Beckmann for possession of child pornography. Beckmann filed a motion to suppress certain evidence and statements. The magistrate judge held two evidentiary hearings on Beckmann's motion before issuing a report and recommendation.  Beckmann filed objections to the report and recommendation, and the district judge reviewed the issues de novo.
 The district judge sustained, adopted, and incorporated the magistrate's report and recommendation with the exception of two factual findings. The district court granted Beckmann's motion to suppress certain statements made by Beckmann but denied the motion as to other statements and the physical evidence. Beckmann elected not to proceed to trial and instead entered a plea of guilty, reserving his right to appeal the order on his motion to suppress.
U.S. v. Beckman, supra. 
As Wikipedia explains, in the federal system U.S. Magistrate Judges “are appointed to assist United States district court judges in the performance of their duties” by, for example, holding hearings on motions to suppress.  The magistrate judge then issues a “report and recommendation” which does just that, i.e., it reports on the evidentiary and other factual issues the magistrate investigated and reports his/her conclusion as to how an outstanding issue (such as suppression) should be resolved.
Getting back to the appeal, Beckman argued that the District Court Judge
erred by denying his motion to suppress the incriminating evidence found on his external hard drive as the fruit of an illegal search under the 4th Amendment. `When reviewing the denial of a motion to suppress, we review the district court's factual findings for clear error and its legal conclusions de novo.’ U.S. v. Anderson, 688 F.3d 339, 343 (U.S. Court of Appeals for the 8th Circuit 2012). We will affirm the denial of a motion to suppress unless we find that the district court's decision `is unsupported by the evidence, based on an erroneous view of the law, or the Court is left with a firm conviction that a mistake has been made.’ U.S. v. Riley, 684 F.3d 758 (U.S. Court of Appeals for the 8th Circuit 2012).
U.S. v. Beckman, supra.  
The Court of Appeals went on to explain that the District Court Judge
found that Beckmann gave the officers consent to search his computer. Consensual searches are reasonable under the 4th Amendment. Florida v. Jimeno, 500 U.S. 248 (1991). The standard for measuring the scope of a person's consent is `objective reasonableness,’ which asks what the typical, reasonable person would have understood from the exchange between the officer and the suspect. Florida v. Jimeno, supra. While the voluntariness of a defendant's consent to search is a question of fact that is reviewed for clear error, U.S. v. Quintero, 648 F.3d 660 (U.S. Court of Appeals for the 8th Circuit 2011), the reasonableness of an officer's reliance on such consent is a question of law that is reviewed de novo. U.S. v. James, 353 F.3d 606 (U.S. Court of Appeals for the 8th Circuit 2003).
U.S. v. Beckman, supra.  
As Wikipedia explains, if someone consents to a law enforcement officer’s searching his or her property, such as a computer, then the officer can proceed without having to have probable cause or a search warrant, because the consent effectively waives the person’s 4th Amendment right to privacy in his/her property.  As Wikipedia also explains, officers do not have to tell someone that he/she has the right not to consent to a search for a consent to be valid.
In this case, Beckman argued that it was
unreasonable for Deputy Barbato to rely on Beckmann's consent to search the computer in order to justify his search of the external hard drive. The scope of a consensual search is “generally defined by its expressed object.” Florida v. Jimeno, supra. For example, where an officer asks to search a car for suspected narcotics, and the occupant agrees without explicit limitation on the scope of the search, the officer may search the entire car including containers therein that may hold narcotics. Florida v. Jimeno, supra.
 If the consent `would reasonably be understood to extend to a particular container’ then `the 4th Amendment provides no grounds for requiring a more explicit authorization.’ Florida v. Jimeno, supra. Reasonableness is measured in objective terms based on the totality of the circumstances. Ohio v. Robinette, 519 U.S. 33 (1996). Where a person is present and fails to object to the continuation of a search, courts consider such circumstantial evidence to provide proof that the search conducted was within the scope of consent. See  U.S. v. Lopez–Mendoza, 601 F.3d 861 (U.S. Court of Appeals for the 8th Circuit 2010).
U.S. v. Beckman, supra.  
The Court of Appeals than began its analysis of Beckman’s argument:
Applying these standards, Deputy Barbato's belief that consent to search the computer included consent to search the connected but unplugged external hard drive was not objectively unreasonable. Deputy Barbato testified that he believed he had consent to search the external hard drive based on his understanding of the word `computer’ and the fact that the external drive was attached to the computer tower. The deputy's belief is not objectively unreasonable in light of the common understanding that the term `computer’ encompasses the collection of component parts involved in a computer's operation. See, e.g., U.S. v. Herndon, 501 F.3d 683 (U.S. Court of Appeals for the 6th Circuit 2007).
 Beckmann did not explicitly limit the scope of his consent to search the computer, nor did he object when Deputy Barbato plugged the external hard drive into the electrical outlet and began searching. Based on the totality of the circumstances presented here, Deputy Barbato had an objectively reasonable basis to conclude that Beckmann consented to the search of the external hard drive.
U.S. v. Beckman, supra.  
In a footnote to the comment about the Deputy’s plugging the external drive into the outlet and searching, the Court of Appeals explains that
Beckmann argues that he was not in the room at the time Deputy Barbato plugged the external hard drive into the wall in order to have had the opportunity to withdraw or limit his consent. The magistrate judge stated: `After he plugged in the power cord, Deputy Barbato got up and sat in the chair at the desk. He then used the computer mouse with the monitor to activate the computer. Barbato thought the computer desktop displayed on the monitor looked normal, although it had icons he was unfamiliar with. By this time Beckmann had walked out of the room.Report & Recommendation ¶ 18.
 Even assuming Beckmann was not present in the room at the time Deputy Barbato plugged the external hard drive's power cord into the wall, `[w]e have not, to date, found that officers have a duty to ensure that an individual has an opportunity to withdraw or limit consent.’ U.S. v. Guevara, 731 F.3d 824 (U.S. Court of Appeals for the 8th Circuit 2013).
U.S. v. Beckman, supra.  
The Court of Appeals goes on to explain that Beckman argued that Deputy Barbato's
belief was unreasonable because an external hard drive cannot reasonably be interpreted to constitute a `component part involved in the computer's operation.’ He argues that merely plugging a device into a computer does not render the device a part of the computer's operation, and he analogizes an external hard drive to a cellular telephone. He warns that the district court's order sets `dangerous precedent for law enforcement to be able to search anything and everything that can be plugged into a computer[.]’ We disagree.
 First and foremost, the scope of the consent to search here, as in all cases, is based on the totality of the circumstances including the interaction between the parties, the purpose of the search, and the circumstantial evidence surrounding the search. Second, a typical, reasonable person is more likely to consider a connected external hard drive a `component part involved in a computer's operation’ as compared to a connected cellular telephone. Unlike a cellular telephone, the sole purpose of an external hard drive is to store computer data. Additionally, external hard drives, unlike cellular telephones, are functionally inoperable—and their contents unreviewable—when unplugged from a computer. Thus, Deputy Barbato's belief that the attached external hard drive constituted a `component part involved in the computer's operation’ was not objectively unreasonable.
U.S. v. Beckman, supra.  
If you wonder why the court repeatedly refers to whether the search was “reasonable,” it does so because “reasonableness” is the touchstone for determining whether the 4th Amendment has been violated.  As Wikipedia notes, the 4th Amendment bans “unreasonable” searches and seizures”, which means “reasonable searches and seizures are constitutional.
Getting back to this case, again, Beckman also argued that
Deputy Barbato's belief was unreasonable because the deputy witnessed Beckmann attempt to unplug the external hard drive from its power source, which effectively limited the scope of the consent. The Court finds Beckmann's argument unpersuasive. Beckmann provided explicit, unlimited consent to search his computer after the deputy witnessed him manipulating wires under the desk.
 Beckmann could have denied consent to search the upstairs computer or limited the scope of the consent, but he did not. The evidence demonstrates that Beckmann knew how to limit his consent, and did so during other situations that day, but he did not do so in this instance.
 Where a suspect provides general consent to search, only an act clearly inconsistent with the search, an unambiguous statement, or a combination of both will limit the consent.  See U.S. v. Lopez–Mendoza, 601 F.3d 861 (U.S. Court of Appeals for the 8th Circuit 2010). A subtle indication that a suspect wishes to limit the scope of a search is insufficient to render the search unreasonable. See, e.g., U.S. v. Siwek, 453 F.3d 1079 (U.S. Court of Appeals for the 8th Circuit 2006) (suspect's statement that he lacked key to tonneau cover did not amount to denial of consent); U.S. v. Gray, 369 F.3d 1024 (U.S. Court of Appeals for the 8th Circuit 2004) (suspect's statements that length of search was `ridiculous’ and he was `ready to go now’ did not amount to withdraw of consent). Here, Beckmann provided general consent to search his computer and he did not object when Deputy Barbato plugged the external hard drive into the wall and began searching it. These facts support the conclusion that the search conducted was within the scope of Beckmann's consent.
U.S. v. Beckman, supra.  In a footnote to the court’s comment that Beckman knew how to withdraw consent, it explains that
[a]fter being placed into investigative detention, Beckmann advised that he would answer some questions and not others and he agreed to give certain permissions and not others. For example, he agreed to answer questions about his computer but refused to answer any questions about downloading child pornography. He also refused to allow the computer forensic analyst to verify the titles of the files discovered.
U.S. v. Beckman, supra. 
For these and other reasons, the Court of Appeals affirmed Beckman’s conviction and sentence.  U.S. v. Beckman, supra.  

Wednesday, July 29, 2015

Stalking, the "Work Email Address" and "Place of Employment"

This post examines an opinion the Criminal Court – City of New York issued on July 14, 2015:  People v. Marian, 2015 WL 4231664.  The opinion begins by noting that
[t]his Court occasionally is presented with an accusatory instrument that alleges the use of electronic technology in a way that is not covered by the particular Penal Law section charged. See, e.g., People v. Stone, 43 Misc.3d 705, 982 N.Y.S.2d 733 (Criminal Court -- New York County 2014) (no `display’ of a weapon where defendant texted a picture of himself holding a knife); People v. Barber, 42 Misc.3d 1225(A), 992 N.Y.S.2d 159 (Criminal Court - New York County 2014) (dismissing `revenge porn’ prosecution). The information here, albeit in a small way, presents the same type of issue.
People v. Marian, supra.
The Criminal Court went on to explain that on
January 23, 2015, [Monique Marian] accused the complainant, her former girlfriend, of assaulting her. [Marian] later admitted that the accusation was untrue and the assault charge against the complainant was dismissed and sealed.

Between January and April of 2015, [Marian] bombarded the complainant with text messages, Instagram messages and emails, both to the complainant's personal and work email addresses, all asserting her desire to be with the complainant.

During this same period, the complainant saw [Marian] waiting outside of the complainant's apartment building and, on three different occasions, [Marian] found the complainant in a bar, even though the complainant had not told [Marian] she would be there. On one of those occasions, the complainant grabbed [Marian] by the neck and, after the complainant asked [her] to leave, [Marian] waited outside the bar for two hours then followed the complainant for two blocks. On another occasion, [Marian] again followed the complainant for two blocks after the complainant left the bar, telling her, `I won't leave you alone. I'll never stop.’
[Marian’s] conduct caused the complainant to fear for her safety.
People v. Marian, supra.
The court then outlines the “legal proceedings” in the case, which led to this appeal:
[Marian] was arraigned April 9, 2015, on a misdemeanor complaint charging her with two counts of stalking in the fourth degree, in violation of [New York] Penal Law § 120.45(2) and § 120.45(3). The Court released [Marian] on her own recognizance and adjourned the case for conversion.

On April 27, 2015, the People filed a superseding information charging [Marian] with falsely reporting an incident in the third degree, [New York] Penal Law § 240.50(3)(a), and two counts of stalking in the fourth degree, in violation of [New York] Penal Law § 120.45(2) and § 120.45(3).

[Marian] filed the instant motion on May 18, 2015. The People declined to respond, and the matter has been sub judice since then.
People v. Marian, supra. 
The “instant motion” was a motion to dismiss the New York Penal Law § 120.45(3) charge against Marian.  People v. Marian, supra. 
The Criminal Court then analyzed the “superseding information, sworn out by the complainant,” which was the focus of the motion to dismiss.  People v. Marian, supra.  It began by explaining that the superseding information provided that
[o]n January 23, 2015, at approximately 10:00 PM, I was arrested because [Marian] claimed I assaulted her. I was arraigned in New York County Criminal Court on January 24, 2015, before Judge Sokoloff. [Marian] later admitted that no assault had occurred and that she made the report so that I would not get an order of protection against her. On March 30, 2015, the District Attorney's Office dismissed the assault case against me, and it was immediately sealed.

From January 17, 2015 to April 17, 2015, I have received over 100 Instagram messages from [Marian].  Specifically, one of the messages stated, `I wish you would let me find you tonight’ and `I'll always be by your side.’ From January 17, 2015 to April 8, 2015, I have received approximately 10–15 emails from [Marian] at both my work and personal email addresses. From January 17, 2015 to January 19, 2015, I have received approximately 80 [calls] from a phone number which I know belongs to [Marian].

On February 25, 2015, at approximately 11:00PM, I entered the Bowery Electric at 327 Bowery. [Marian] arrived approximately one hour later and grabbed me by the neck, startling me. I did not tell [her] I was at that location. After I asked [Marian] to leave, she waited for me outside the location for approximately two hours. When I attempted to leave, [Marian] followed me for approximately two blocks.

On March 24, 2015, at approximately 9:00PM, I entered Hotel Chantelle located at 92 Ludlow Street. [Marian] arrived at 10:00PM and approached me inside the bar. I did not tell [her] I was at that location and when I attempted to leave the bar, [Marian] followed me for approximately two blocks. [She] stated to me in substance, ‘I won't leave you alone. I'll never stop.’

On March 30, 2015, at approximately 1:15AM, [Marian] came to my apartment building and stood outside waiting on me.

On April 8, 2015, at approximately 8:50PM, at 106 Norfolk Street, I entered the bar at that location to meet a friend. [Marian] entered at approximately 10:00PM. I did not tell [her] I was at that location.

[Marian’s] above described conduct has caused me to fear for my physical health and safety.
People v. Marian, supra. 
The Criminal Court then began its analysis of Marian’s motion to dismiss.  People v. Marian, supra.  It began by explaining that the
Court agrees with [Marian] that the information does not make out a prima facie case of stalking in the third degree under N.Y. Penal Law § 120.45(3). The conduct alleged in the information fails to make out the statutory requirement that the conduct take place at the complainant's `place of employment or business.’ The remaining counts, however, are facially sufficient.
People v. Marian, supra. 
The Criminal Court began its analysis of why the stalking in the third degree count was not sufficient by explaining that
a misdemeanor information serves the same role in a misdemeanor prosecution that an indictment serves in a felony prosecution: It ensures that a legally sufficient case can be made against the defendant. People v. Dumay, 23 NY3d 518 (Court of Appeals of New York 2014); People v. Alejandro, 70 N.Y.2d 133, 511 N.E.2d 71 (Court of Appeals of New York 1987). Accordingly, a misdemeanor information must set forth `nonhearsay allegations which, if true, establish every element of the offense charged and the defendant's commission thereof.’ People v. Kalin, 12 NY3d 225, 906 N.E.2d 381 (Court of Appeals of New York 2009). . . . This is known as `the prima facie case requirement.’ People v. Kalin, supra.

The prima facie case requirement does not necessitate that an information allege facts that would prove a defendant's guilt beyond a reasonable doubt. People v. Jennings, 69 N.Y.2d 103, 504 N.E.2d 1079 (1986). Rather, the information need only contain allegations of fact that `give an accused sufficient notice to prepare a defense and are adequately detailed to prevent a defendant from being tried twice for the same offense.’ People v. Casey, 95 N.Y.2d 354, 740 N.E.2d 233, 236 (Court of Appeals of New York 2000). A court reviewing for facial insufficiency must subject the allegations in the information to a `fair and not overly restrictive or technical reading,’ People v. Casey, supra, assume that those allegations are true, and consider all reasonable inferences that may be drawn from them. [N.Y.Criminal Procedure Law] §§ 100.40, 100.15 People v. Jackson, 18 NY3d 738, 967 N.E.2d 1160, 1166–67 (2012). . . .
People v. Marian, supra. 
The court then applied the above analysis to the facts in this case, noting that the
only conduct alleged in the information that has anything at all to do with the complainant's employment, the gravamen of the offense made out by Penal Law § 120.45(3), is the allegation that [Maria] sent ten to fifteen emails to the complainant's work email address. This does not make out a violation of Penal Law § 120.45(3), which requires the People to establish that the

`defendant intentionally, and for no legitimate purpose, engages in a course of conduct directed at a specific person, and knows or reasonably should know that such conduct ... is likely to cause such person to reasonably fear that his or her employment, business or career is threatened, where such conduct consists of appearing, telephoning or initiating communication or contact at such person's place of employment or business, and the actor was previously clearly informed to cease that conduct.’

Emphasis added. Penal Law provisions are to be construed `according to the fair import of their terms to promote justice and effect the objects of the law.’ N.Y. Penal Law § 5.00. It would be contrary to the required method of statutory interpretation to find that a person's work email address is her `place of employment or business.’
People v. Marian, supra. 
The Criminal Court then explained why it was finding that “an email address is not a place of employment or a business.” People v. Marian, supra.  It began by noting that
[t]he `fair import’ of the phrase `place of employment or business’ is that it refers to an actual, physical location. New York courts consistently use the phrases `place of employment’ and `place of business’ in this way. Thus, for example, in Rosario v. NES Medical Services of New York, P.C., 105 AD3d 831, 963 N.Y.S .2d 295 (N.Y.Supreme Court – Appellate Division 2013), the court noted that a person's `actual place of business’ for service of a summons and complaint under [NewYork Civil Practice Law and Rules] 308(2) is `where the person is physically present with regularity, and that person must be shown to regularly transact business at that location.’

Similarly, in Hille v. Gerald Records, 23 N.Y.2d 135, 242 N.E.2d 816, 295 N.Y.S.2d 645 (Court of Appeals of New York 1968), a record executive's home was his `place of employment’ for purposes of a workers' compensation claim because he frequently took tapes home for editing. Such actual, physical locations are simply not the same as an email address. In fact, New York courts occasionally allow service to an email address as an alternative method of service, under [New York Civil Practice Law and Rules] 308(5), which indicates that an email address is treated as something distinct from an actual, physical location. E.g., Keith X. v. Kristin Y., 124 Appellate Division 3d 1056, 2 N.Y.S.3d 268 (New York Supreme Court – Appellate Division 2015).
People v. Marian, supra. 
It went on to explain that
[a]lthough this Court has concluded that the [New York Civil Practice Law and Rules]  does not apply in criminal cases, People v. DeFreitas, 2015 WL 1897624 (Criminal Court – New York County April 27, 2015), it nevertheless makes good sense, absent a contrary instruction from the Legislature, to interpret the same phrase in the same way across all areas of practice.

Thus, given New York courts' consistent view that the phrases `place of employment’ and `place of business’ refer only to a physical location, this Court will apply that same definition here. It would stretch the “fair import” of the phrase beyond all recognition to consider a complainant's work email address as her `place of employment or business’ for purposes of New York Penal Law § 120.45(3).

Nor would likening an email address to an actual, physical location either `promote justice’ or `effect the objects’ of § 120.45(3). Section 120.45 was added to the Penal Law in 1999 because `criminal stalking behavior, including threatening, violent or other criminal conduct’ had by then “become more prevalent in New York state in recent years.’ L.1999, c. 635, § 2 (discussing the Legislature's intent).

While the inclusion of a provision dealing with stalking in connection with the victim's employment is not specifically discussed in the legislative history to § 120.45, the overall goal of the legislation was to `recognize the damage to public order and individual safety caused by’ stalkers, in terms of both the `emotional and physical harm’ caused to the victims. L.1999, c. 635, § 2.
People v. Marian, supra. 
The Criminal Court then noted that it
recognizes that stalking behavior in connection with a persons' employer can poses risks of emotional and physical harm to the victim equivalent to the other forms of stalking covered by the other subsections of § 120.45.

Nevertheless, including an email address within the purview of the phrase a `place of employment or business’ does not specifically further either justice or the statute's goals. The conduct of repeatedly emailing a person with no legitimate purpose other than to cause her emotional harm is completely subsumed within the conduct specified in § 120.45(2), which covers `telephoning or initiating communication or contact with’ the victim, including contact by email, irrespective of whether the email is sent to a personal or a work email address.

Accordingly, for these reasons, the Court concludes that a person's work email address is not her `place of employment or business’ for purposes of the stalking statute.
People v. Marian, supra. 
The Criminal Court therefore granted Marian’s “motions to dismiss the count charging her with violating New York Penal Law § 120.45(3)” but denied the motion  “with respect to the remaining counts” in the information filed against her. People v. Marian, supra. 
You can, if you are interested, read more about the case in the news story you can find here