Monday, April 21, 2014

Lavabit, Encryption and Contempt


This post examines an opinion the U.S. Court of Appeals for the 4th Circuit recently issued in a case involving a criminal investigation and the imposition of sanctions for contempt:  In re Under Seal, 2014 WL 1465749 (2014).  The judge who wrote the opinion for the court begins by outlining how the case arose:

Lavabit LLC is a limited liability company that provided email service. Ladar Levison is the company's sole and managing member.  

In 2013, the United States sought to obtain certain information about a target in a criminal investigation. To further that goal, the Government obtained court orders under both the Pen/Trap Statute, 18 U.S. Code §§ 3123 - 3137, and the Stored Communications Act, 18 U.S. Code §§ 2701 - 2712 requiring Lavabit to turn over particular information related to the target. When Lavabit and Levison failed to comply with those orders, the district court held them in contempt and imposed monetary sanctions. Lavabit and Levison now appeal the sanctions.

In re Under Seal, supra.  In a footnote, the judge explains that “[b]ecause of the underlying criminal investigation, portions of the record, including the target’s identity, are sealed.”  In re Under Seal, supra. 

The judge then explains that the case concerns the encryption processes Lavabit

used while providing its email service. Encryption describes the process through which readable data, often called `plaintext,’ is converted into `ciphertext,’ an unreadable jumble of letters and numbers. Decryption describes the reverse process of changing ciphertext back into plaintext. Both processes employ mathematical algorithms involving `keys,’ which facilitate the change of plaintext into ciphertext and back again.

Lavabit employed two stages of encryption for its paid subscribers: storage encryption and transport encryption. Storage encryption protects emails and other data that rests on Lavabit's servers. Theoretically, no person other than the email user could access the data once it was so encrypted. By using storage encryption, Lavabit held a unique market position in the email industry, as many providers do not encrypt stored data.

Although Lavabit's use of storage encryption was novel, this case primarily concerns Lavabit's second stage of encryption, transport encryption. This more common form of encryption protects data as it moves in transit between the client and the server, creating a protected transmission channel for internet communications. Transport encryption protects not just email contents, but also usernames, passwords, and other sensitive information as it moves. Without this type of encryption, internet communications move exposed en route to their destination, allowing outsiders to `listen in.’ Transport encryption also authenticates-that is, it helps ensure that email clients and servers are who they say they are, which in turn prevents unauthorized parties from exploiting the data channel.

Like many online companies, Lavabit used an industry-standard protocol called SSL (short for `Secure Sockets Layer’) to encrypt and decrypt its transmitted data. SSL relies on public-key or asymmetric encryption, in which two separate but related keys are used to encrypt and decrypt the protected data. One key is made public, while the other remains private. In Lavabit's process, email users would have access to Lavabit's public keys, but Lavabit would retain its protected, private keys. This technology relies on complex algorithms, but the basic idea is akin to a self-locking padlock: if Alice wants to send a secured box to Bob, she can lock the box with a padlock (the public key) and Bob will open it with his own key (the private key). Anyone can lock the padlock, but only the key-holder can unlock it.

The security advantage that SSL offers disappears if a third party comes to possess the private key. . . . [A] third party holding a private key could read the encrypted communications tied to that key as they were transmitted. In some circumstances, a third party might also use the key to decrypt past communications (although some available technologies can thwart that ability). And, with the private key in hand, the third party could impersonate the server and launch a man-in-the-middle attack.

When a private key becomes anything less than private, more than one user may be compromised. Like some other email providers, Lavabit used a single set of SSL keys for all its various subscribers for technological and financial reasons. Lavabit in particular employed only five key-pairs, one for each of the mail protocols it supported. As a result, exposing one key-pair could affect all of Lavabit's estimated 400,000–plus email users.

In re Under Seal, supra. 

That brings us to the case itself.  The opinion explains that on June 28, 2013, the

Government sought and obtained an order (`the Pen/Trap Order’) from a magistrate judge authorizing the placement of a pen register and trace-and-trap device on Lavabit's system. This `pen/trap’ device is intended to allow the Government to collect certain information, on a real-time basis, related to the specific investigatory target's Lavabit email account. In accordance with the Pen/Trap Statute, . . .  the Pen/Trap Order permitted the Government to `capture all non-content dialing, routing, addressing, and signaling information . . . sent from or sent to’ the target's account. . . . 

In other words, the Pen/Trap Order authorized the Government to collect metadata relating to the target's account, but did not allow the capture of the contents of the target's emails. The Pen/Trap Order further required Lavabit to `furnish [to the Government] . . . all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device unobtrusively and with minimum interference.’ . . .

On the same day the Pen/Trap Order issued, FBI agents met with Levison, who indicated he did not intend to comply with the order. Levison informed the agents he could not provide the requested information because the target-user `had enabled Lavabit's encryption services,’ presumably referring to Lavabit's storage encryption. . . . But, at the same time, Levison led the Government to believe he `had the technical capability to decrypt the [target's] information.’ . . . Nevertheless, Levison insisted he would not exercise that ability because `Lavabit did not want to “defeat [its] own system. . . . ”’

[T]he Government obtained an additional order that day compelling Lavabit to comply with the Pen/Trap Order. This `June 28 Order,’ again issued by a magistrate judge, instructed Lavabit to `provide the [FBI] with unencrypted data pursuant to the [Pen/Trap] Order’ and reiterated that Lavabit was to provide `any information, facilities, or technical assistance . . . under the control of Lavabit . . .  [that was] needed to provide the FBI with the unencrypted data.’ . . . Further, the June 28 Order put Lavabit and Levison on notice that any `[f]ailure to comply’ could result in `any penalty within the power of the Court, including the possibility of criminal contempt of Court.’ . . .

In re Under Seal, supra. 

The opinion says that “[o]ver the next eleven days, the Government attempted to talk with Levison about implementing the Pen/Trap Order”, but Levison “ignored the FBI's repeated requests to confer and did not give the Government the unencrypted data the June 28 Order required.” In re Under Seal, supra.  As each day passed, the Government lost forever the ability to collect the target-related data for that day.” In re Under Seal, supra.  Because Lavabit refused to comply with the prior orders,” the

Government obtained an order to show cause from the district court on July 9. The show cause order directed Lavabit and Levison, individually, to appear and `show cause why Lavabit LLC ha[d] failed to comply with the orders entered June 28, 2013[ ] in this matter and why [the] Court should not hold Mr. Levison and Lavabit LLC in contempt for its disobedience and resist[a]nce to these lawful orders.’ . . .

Entry of the show cause order spurred a conference call between Levison, his counsel, and representatives from the Government on July 10. During that call, the parties discussed how the Government could install the pen/trap device, what information the device could capture, and how the Government could view and preserve that information. In addition, the Government asked whether Levison would provide the keys necessary to decrypt the target's encrypted information. Although the Government again stressed that it was permitted to collect only non-content data, neither Levison nor his counsel indicated whether Lavabit would allow the Government to install and use the pen/trap device.

On July 13, 2013, four days after the show cause order issued, Levison contacted the Government with his own proposal as to how he would comply with the court's orders. In particular, Levison suggested that Lavabit would itself collect the Government's requested data:

I now believe it would be possible to capture the required data ourselves and provide it to the FBI. Specifically the information we'd collect is the login and subsequent logout date and time, the IP address used to connect to the subject email account and [several] non-content headers . . . from any future emails sent or received using the subject account. . . .Note that additional header fields could be captured if provided in advance of my implementation effort.

. . . Levison conditioned his proposal with a requirement that the Government pay him $2,000 for his services. More importantly, [he] intended to provide the data only `at the conclusion of the 60[-]day period required by the [Pen/Trap] Order . . . [ or] intermittently . . . as [ his] schedule allow[ed].’ If the Government wanted daily updates, Levison demanded an additional $1,500.

The Government rejected Levison's proposal, explaining that it needed `real-time transmission of results.’ . . . Moreover, the Government would have no means to verify the accuracy of the information Lavabit proposed to provide -- a concerning limit given Lavabit's apparent hostility toward the Government. Levison responded by insisting that the Pen/Trap Order did not require real-time access, but did not otherwise attempt to comply with the Pen/Trap Order or the June 28 Order.

In re Under Seal, supra. 

On July 26, Levison “appeared [for the show cause hearing] before the district court pro se, on behalf of himself and Lavabit”. In re Under Seal, supra.  When he was asked if he intended to “comply with the Pen/Trap Order,” Levison said “he had `always agreed to the installation of the pen register device.’” In re Under Seal, supra.  But he “objected to turning over his private SSL encryption keys `because that would compromise all of the secure communications in and out of [his] network, including [his] own administrative traffic.’” ” In re Under Seal, supra. He also “maintained [t]here was never an explicit demand [from the Government] that [he] turn over the keys.’” In re Under Seal, supra. 

After the show cause hearing, Lavabit did permit the Government to install a pen/trap device. But, without the encryption keys, much of the information transmitted to and from Lavabit's servers remained encrypted, indecipherable, and useless. The pen/trap device was therefore unable to identify what data within the encrypted data stream was target-related and properly collectable.

In re Under Seal, supra. 

On August 1, the U.S. District Court Judge who had the case held another hearing and “entered an order . . . directing Lavabit to turn over its encryption keys” “5:00 pm on August 2, 2013.”  In re Under Seal, supra.  The opinion says Lavabit “dallied and did not comply” with the order until “[j]ust before the 5:00 pm August 2 deadline” when Levison gave “the FBI with an 11–page printout containing largely illegible characters in 4–point type, which he represented to be Lavabit's encryption keys.” In re Under Seal, supra. 

“The Government instructed [him] to provide the keys in an industry-standard electronic format by the morning of August 5” but he “did not respond.”  In re Under Seal, supra.  On August 5, the government moved for sanctions against Levison and Lavabit for their “continuing `failure to comply’” with the judge’s order.  In re Under Seal, supra.  The motion asked the court to award “penalties of $5,000 a day” until Lavabit provided the encryption keys to the Government.  In re Under Seal, supra.  Levison turned over the keys two days later, by which time “six weeks of data regarding the target had been lost.”  In re Under Seal, supra. 

Lavabit and Levison appealed the order to the Court of Appeals for the 4th Circuit, but they lost.  In re Under Seal, supra.  The court began its analysis of their argument on appeal by noting that when they were before the district court judge,

Lavabit failed to challenge the statutory authority for the Pen/Trap Order, or the order itself, in any way. Yet on appeal, Lavabit suggests that the district court's demand for the encryption keys required more assistance from it than the Pen/Trap Statute requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below, much less the district court's authority to act under that statute. In fact, with the possible exception of an undue burden argument directed at the seizure warrant, Lavabit never challenged the district court's authority to act under either the Pen/Trap Statute or the [Stored Communications Act].

In re Under Seal, supra. 

The Court of Appeals then explained that “[o]ur settled rule is simple: `[a]bsent exceptional circumstances, . . . we do not consider issues raised for the first time on appeal.’” In re Under Seal, supra (quoting Robinson v. Equifax Info. Services, LLC, 560 F.3d 234 (U.S. Court of Appeals for the 4th Circuit 2009)).  It noted that it follows this rule because holding that the failure to raise an issue below waives the litigant’s right to raise it on appeal fosters “respect for the lower court”, “avoids unfair surprise to the other party”, and “acknowledges the need for finality in litigation and conservation of judicial resources.”  In re Under Seal, supra.  It also agreed with the U.S. Court of Appeals for the 3rd Circuit, which held that issue waiver rules “`prevent parties from getting two bites at the apple by raising two distinct arguments’” before two different courts.  In re Under Seal, supra (quoting In re Diet Drugs Product Liability Litigation, 706 F.3d 217 (U.S. Court of Appeals for the 3rd Circuit 2013)).

The Court of Appeals for the 4th Circuit also pointed out that

. . . waiver principles apply with equal force to contempt proceedings. . . . If anything, `[t]he axiom that an appellate court will not ordinarily consider issues raised for the first time on appeal takes on added significance in the context of contempt.’ In re Bianchi, 542 F.2d 98 (U.S. Court of Appeals for the 1st Circuit 1976). After all, `[d]enying the court of which [a party] stands in contempt the opportunity to consider the objection or remedy is in itself a contempt of [that court's] authority and an obstruction of its processes.’  In re Bianchi, supra.  

The Court of Appeals therefore rejected Lavabit’s/Levison’s argument that “it preserved an appellate challenge to the Pen/Trap Order when Levison objected to turning over the encryption keys at the initial show cause hearing.”  In re Bianchi, supra.  It noted that

[i]n making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: `I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.’ . . .

This statement -- which we recite here verbatim -- constituted the sum total of the only objection Lavabit ever raised to the turnover of the keys under the Pen/Trap Order.

We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court's fundamental authority under the Pen/Trap Statute. Levison's statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all.

In re Bianchi, supra.  

For these and other reasons, the Court of Appeals held that

[i]n view of Lavabit's waiver of its appellate arguments by failing to raise them in the district court, and its failure to raise the issue of fundamental or plain error review, there is no cognizable basis upon which to challenge the Pen/Trap Order. The district court did not err, then, in finding Lavabit and Levison in contempt once they admittedly violated that order. The judgment of the district court is therefore . . . AFFIRMED.

In re Bianchi, supra.  


As this story notes, Lavabit was Edward Snowden’s email provider.  You can read more about the court’s decision here, and you can find the opinion here.

Friday, April 18, 2014

Child Pornography, RoundUp and the Franks hearing

-->
After the federal government charged Paul Case with distribution and possession of child pornography in violation of 18 U.S. Code §§ 2252(a)(2) and 2252(a)(4)(B), he



[moved, pursuant] to Franks v.Delaware, 438 U.S. 154 (1978), to suppress evidence obtained pursuant to a search warrant, arguing that the agent who applied for the warrant misled the issuing magistrate judge by failing to disclose the FBI's use of an automated computer program to discover child pornography files on defendant's computer available for download through a peer-to-peer (`P2P’) file sharing network. 



U.S. v. Case, 2014 WL 1052946 (U.S. District Court for the Eastern District of Wisconsin 2014). Case also argued, in his motion, that “the program may have infiltrated non-shared, private portions of his computer, in violation of the 4th Amendment.”  U.S. v. Case, supra.  



The U.S. District Court Judge who had the case began his opinion by explaining that



[s]earch warrants enjoy a presumption of validity. See Franks v. Delaware, supra. . . . A defendant is entitled to an evidentiary hearing to examine the sufficiency of a search warrant only if he makes a `substantial preliminary showing’ that the warrant application contained a materially false statement made by law enforcement with deliberate or reckless disregard for the truth and that the false statement was necessary for the finding of probable cause. U.S. v. Williams, 718 F.3d 644, 649 (U.S. Court of Appeals for the 7th Circuit 2013). . . .



A defendant may also challenge an affidavit by demonstrating that the affiant intentionally or recklessly omitted material information. U.S. v. Hoffman, 519 F.3d 672 (U.S. Court of Appeals for the 7th Circuit 2008).



The court need not hold a Franks hearing based on conclusory or generalized assertions. See U.S. v. Currie, 739 F.3d 960 (U.S. Court of Appeals for the 7th Circuit 2014); United States v. Taylor, 154 F .3d 675, 680 (U.S. Court of Appeals for the 7th Circuit 1998). Rather, the defendant must offer direct evidence of the affiant's state of mind or inferential evidence that the affiant had obvious reasons for omitting facts in order to prove deliberate falsehood or reckless disregard. U.S. v. Souffront, 338 F.3d 809 (U.S. Court of Appeals for the 7th Circuit 2003).



Finally, if the allegedly false statements are excluded -- or the omitted facts are included -- and the affidavit still supports a finding of probable cause, no hearing is required. U.S. v. Souffront, supra. . . . See also Betker v. Gomez, 692 F.3d 854, 862 (U.S. Court of Appeals for the 7th Circuit 2012) (`We eliminate the alleged false statements, incorporate any allegedly omitted facts, and then evaluate whether the resulting ‘hypothetical’ affidavit would establish probable cause’).



U.S. v. Case, supra.  If you would like to read about the process a U.S. officer uses to get a search warrant, check out this source.  And if you are interested, you can read more about the process of obtaining a Franks hearing here.



The judge then began his analysis of Case’s arguments, which he outlined here:



[Case’s] argument has evolved throughout the course of these proceedings. In his original objection, supporting materials, and proposed statement, [h]e appeared to make two claims: (1) that the agent lied about the existence of the online covert employee (OCE5023) in order to conceal the use of RoundUp; and (2) that RoundUp allows law enforcement to invade the private spaces of a suspect's computer.



In his reply brief in support of the objection, he appears to abandon the first claim and raises a third—that RoundUp may not be sufficiently reliable. I address each of these three claims in turn.



U.S. v. Case, supra.  



The judge then addressed all three arguments, in order:



Citing other search warrant applications in this district, [Case] contends an FBI directive prevents the disclosure of RoundUp in such affidavits and requires its use be concealed by alleging the participation of a fictitious online covert employee. 

In its response to the objection, the government indicates that OCE–5023 is a real person, whose name is not disclosed given his/her role in covert investigations; the government denies any deception in the warrant affidavit.



[Case] presents no evidence refuting the government's assertion; indeed, in his reply brief he appears to accept it, which dooms his request for a Franks hearing based on deception. . . . 

Instead, he indicates that RoundUp may have been running unattended at the time of the downloads from his computer and argues that an evidentiary hearing is required to determine the reach of this program, how it was used in his case, and whether it is reliable.



U.S. v. Case, supra.  



He then addressed Case’s argument regarding RoundUp’s invading private spaces:



Relying on the articles written by RoundUp's creators, [he] contends that the program surreptitiously enters the private spaces of a target's computer and inserts data into those private spaces. I cannot find any support for that claim in the articles. The authors state: `No unauthorized access to the target's machine is required; tags are inserted in the normal function of a system.’ . . .  



The authors also suggest that the hash value of the tag be provided to the magistrate as part of the search warrant application . . . which controverts [Case’s] claim that agents using the program are instructed to conceal their activities. The articles provide no non-speculative basis for believing that RoundUp may be used to invade private spaces. Nor do the articles discuss tagging in relation to the `Ares’ P2P network, which was used in the present case.



Based on materials defendant previously submitted, it appears that RoundUp for Ares was developed by the Ontario Provincial Police, rather than the computer science professors who wrote the articles upon which [Case] now relies. . . .



In any event, even if RoundUp could be used improperly, [he] makes no claim that the government invaded the private spaces of his computer, to insert tags or to search for evidence, despite the fact that he had forensic experts examine the computer. He admits that he does not know whether tagging was even being used at the time his computer was accessed



[Case] asks for a hearing so the court can determine whether agents used the program to enter the unshared space on his computer, but the district court is required to hold a hearing on a motion to suppress only if the defendant's allegations are sufficiently definite, specific, non-conjectural, and detailed. U.S. v. Curlin, 638 F.3d 562 (U.S. Court of Appeals for the 7th Circuit 2011).



Given the speculative nature of [Case’s] claims, there is no need to hold a hearing and no basis for concluding that illegally obtained evidence was used to obtain the warrant. . . .



U.S. v. Case, supra (footnotes omitted).



[Case] notes that, according to the search warrant affidavit, OCE5023 downloaded files from [his] computer between 2:11 a.m. and 3:33 a.m. on November 25, 2012. [He] presents an affidavit from his computer expert, who indicates that the agent-affiant admitted to him that the computer program was running unattended during the time of the downloads. . . .



Even assuming that the program was running unattended at the time of the downloads, [Case] provides no authority in support of his claim that this precludes a finding of probable cause. 

Nor does he claim that the FBI failed to confirm that the material downloaded was, in fact, child pornography. The warrant affidavit includes a detailed description of three of the files. . . .



This is not a situation where a computer program downloaded material believed to be contraband (based on, say, a keyword search or hash values) and no human being looked at the material before a warrant was sought.



The affidavit further indicates that, after the images were downloaded and confirmed to be child pornography, the FBI identified the IP address from which the images were downloaded and, pursuant to a subpoena to the internet service provider, identified defendant as the subscriber. 

This process is sufficiently reliable to support the issuance of the warrant. . . .



Finally, I decline to hold an evidentiary hearing to explore the reliability and capabilities of RoundUp. Hearings on motions to suppress are not granted as a matter of course. U.S. v. Villegas, 388 F.3d 317 (U.S. Court of Appeals for the 7th Circuit 2004).



District courts are required to conduct evidentiary hearings only when a substantial claim is presented, there are disputed issues of material fact that will affect the outcome of the motion, and the defendant's allegations are sufficiently specific and non-conjectural. . . . . Here, [Case] offers only speculation about RoundUp. Accordingly, there is no basis for holding a hearing.



U.S. v. Case, supra.  



The judge therefore denied Case’s motion to suppress.  U.S. v. Case, supra.  The article you can find here, discusses the use of RoundUp in child pornography investigations.

Wednesday, April 16, 2014

Copying Data as a 4th Amendment Seizure


In this post, I return to an issue I did several posts on, early in the career of this blog: “Seizure,” “Copying as a Seizure (Again)” and “Copying as Search and Seizure.”

I am returning to the issue because a U.S. Magistrate Judge who sits in the U.S. District Court for the District of Columbia recently issued an opinion in which he addressed the copying-as-seizure issue:  In the Matter of the Search of Information Associated with [redacted]@mac.com that is Stored at Premises Controlled by Apple, Inc. (hereafter, “In the Matter of the Search”), 2014 WL 1377793.  He begins the opinion by explaining that

[p]ending before the Court is a Renewed Application for a search and seizure warrant pursuant to Rule 41 of the Federal Rules of Criminal Procedure and 18 U.S. Code § 2703 . . . to disclose certain records and contents of electronic communications relating to an Apple email address. See Affidavit in Support of an Application for a Search Warrant [# 5–1] (sealed) at 1 (hereinafter Affidavit). 

In a previous Memorandum Opinion and Order, this Court denied the government's original application for a search and seizure warrant for the same e-mail address without prejudice both because it failed to clearly specify which e-mails it sought to seize and because it sought authorization to seize e-mails for which it had not established probable cause to seize. . . . The government's Renewed Application does not address these concerns and ignores the substance of this Court's previous rulings. The government persists in its attempt to seize an entire e-mail account and search through all of it.

In the Matter of the Search, supra (emphasis in the original).

As to the case itself, the Magistrate Judge notes that

[t]his is the government's second attempt to obtain a search and seizure warrant for a specific Apple e-mail address as part of its investigation of a possible violation of 41 U.S. Code § 8702 (Solicitation and Receipt of Kickbacks) and 18 U.S. Code § 371 (Conspiracy) involving a defense contractor. . . . For purposes of this opinion, the details of the investigation–which remain under seal on the Court's docket–are irrelevant. . . .

In the Matter of the Search, supra.  If you would like to read an overview of how agents of the government apply for a search warrant, check out Chapter 2 of this manual.

Here, the judge next notes that “[i]n an `Attachment A,’ titled `Place to Be Searched,’ the “government specifies the location of Apple, Inc. and indicates that the `warrant applies to information associated with the e-mail account [redacted]@mac.com dating from [January], 2014, to the present.’”  In the Matter of the Search, supra.  He also noted that in an “`Attachment B,’ titled `Particular things to be seized by the government’”, the government says it will seize:

[a]ll emails, including email content, attachments, source and destination addresses, and time and date information, that constitute evidence and instrumentalities of violations of 41 U.S. Code § 8702 . . . and 18 U.S. Court § 371 . . . dated between [January], 2014, to the present, including emails referring or relating to a government investigation involving any or all of the following: [Redacted list of names of companies and individuals in the form of `John Smith, John Smith, Inc., any current or former John Smith employees, etc.’].

In the Matter of the Search, supra. 

The Magistrate Judge then began his analysis of the problems with the government’s application by explaining why the application for the search and seizure warrant violated the requirements of the 4th Amendment, most notably the concern with general warrants:

The Supreme Court has recognized two constitutional protections served by the warrant requirement of the 4th Amendment. `First, the magistrate's scrutiny is intended to eliminate altogether searches not based on probable cause. The premise here is that any intrusion in the way of search or seizure is an evil, so that no intrusion at all is justified without a careful prior determination of necessity.’ Coolidge v. New Hampshire, 403 U.S. 443 (1971).

Thus, it is this Court's duty to reject any applications for search warrants where the standard of probable cause has not been met. Second, `those searches deemed necessary should be as limited as possible. Here, the specific evil is the ‘general warrant’ abhorred by the colonists, and the problem is not that of intrusion per se, but of a general, exploratory rummaging in a person's belongings.’ Coolidge v. New Hampshire, supra.  To follow the dictates of the 4th Amendment and to avoid issuing a general warrant, a court must be careful to ensure that probable cause exists to seize each item specified in the warrant application.

In the Matter of the Search, supra.  As Wikipedia notes, the 4th Amendment outlaws “unreasonable” searches and seizures, which means you have to have a search and/or a seizure in order to implicate the provisions of the Amendment.

The Magistrate Judge then took up the issue of copying the emails:

As this Court has previously noted, any e-mails that are turned over to the government are unquestionably `seized’ within the meaning of the 4th Amendment. See In re Search of Apple E-mail, 2014 WL 945563 (U.S. District Court for the District of Columbia 2014)  (noting a `seizure’ occurs when there is `an intentional acquisition of physical control’). Although the Supreme Court has never specifically defined what constitutes a seizure in the electronic world, it has stated that, with regard to physical items, `a ”seizure” of property only occurs when there is some meaningful interference with an individual's possessory interests in that property.’ U.S. v. Jacobsen, 466 U.S. 109 (1984).

In this Court's view, a seizure of property occurs when e-mails are copied and taken by the government without the owner's consent because an individual's `possessory interest [in the e-mails] extends to both the original and any copies made from it.’ Orin Kerr, 4th Amendment Seizures of Computer Data,119 Yale L.J. 700 (2010). After all, when a copy is made, `the person loses exclusive rights to the data,’ 4th Amendment Seizures of Computer Data, supra, and it is at that time that the owner's property interest in the e-mail is affected. This reality has been assumed, if not stated outright, in the numerous cases that acknowledge that e-mails turned over to the government by an electronic communications service provider are `seized.’ . . .

In the Matter of the Search, supra. 

The judge then explains that to decide otherwise

would yield unsatisfactory results. First, if copying were not considered `seizing,’ that would suggest the irrelevance of the 4th Amendment to that act:

`If copying data is not a seizure, then copying cannot logically be regarded as a search and it does not violate an expectation of privacy. It is possible to copy files without examining the files. Therefore, if copying is not a seizure, it is outside the scope of the 4th Amendment's reasonableness requirements and is an activity which can be conducted at will, requiring neither the justification of a warrant nor an exception to the warrant requirement. This is not a satisfactory result. Copying has an effect upon the `ownership’ rights of the party whose information is copied.’

Susan W. Brenner and Barbara Frederiksen, Computer Searches and Seizures: Some Unresolved Issues, 8 Mich. Telecomm. & Tech. L.Rev. 39 (2002). Thus, this Court would have to believe that, if the act of copying e-mail is not a seizure, then the 4th Amendment is powerless to prevent the wholesale copying of every single e-mail ever sent, a result that no court could ever reasonably embrace. It would also render hollow the [U.S. Court of Appeals for the] Sixth Circuit's holding in U.S. v. Warshak, 631 F.3d 266 (U.S. Court of Appeals for the Sixth Circuit 2010), that there is a reasonable expectation of privacy with respect to one's e-mails–even though those e-mails were copied by an electronic communications service provider and given to the government. . . .

In the Matter of the Search, supra. 

The judge also noted two other related issues, the first of which was that this

approach suggests that a seizure could only occur if the actual hard drive that contains the target e-mail account, which is presumably in a server farm operated by Apple, is physically taken by the government. This ignores the reality that`“[h]ardware is increasingly fungible’ and that what really matters -- and what the owner of the e-mails actually has a possessory interest in -- `is the data.’ 4th Amendment Seizures of Computer Data, supra.  A focus on hardware instead of data, in determining when a seizure occurs, would therefore miss the mark and ignore fundamental realities about how computers are actually used. See In re Southeastern Equipment Co. Search Warrant, 746 F. Supp. 1563 (U.S. District Court for the Southern District of Georgia 1990) (`As the LeClair Court pointed out, it is the information itself, not the paper and ink or tape recorder or other copying utensil, that is actually seized’) (citing LeClair v. Hart, 800 F.2d 692, 696 n.5 (U.S. Court of Appeals for the 7th Circuit 1986)).

In the Matter of the Search, supra. 

The other issue was that

the government itself characterizes the act of copying e-mails as a seizure by noting that it will `seize’ some of the copied e-mails after the search is complete. . . . It is, after all, seeking a `search and seizure warrant.’ See Rule 41 of the Federal Rules of Criminal Procedure. Thus, even though the e-mails are only being copied by Apple (with other copies remaining on Apple's servers), a seizure is occurring.

Because there is no principled distinction that suggests that copying data once is not a seizure but copying data twice is a seizure, it follows that the e-mails are seized the first time they are copied by Apple and given to the government. Any other position is unsatisfactory because the property interest in e-mails certainly suffers `meaningful interference’ when a third party has unauthorized access to those e-mails.’ Thus, emails are seized when Apple gives them to the government as surely as a physical letter is if it is taken by the postal service and given to the government. . . .

In the Matter of the Search, supra. 

The Magistrate Judge then returned to the real issue: the 4th Amendment implications of what the government was asking him for:

The problem with the government's Renewed Application is not that it fails to specify with particularity what it intends to seize -- and not that it suggests a seizure will not occur  -- but that it will actually seize large quantities of e-mails for which it has not established probable cause and which are outside the scope of Attachment B. The government asks Apple `to disclose the following information to the government for the account listed in Attachment A: all emails, including attachments, associated with the account, dating from [January], 2014, to the present. . . .’ Affidavit at 14.

This Court has an affirmative obligation to `prevent[ ] the seizure of one thing under a warrant describing another.’ See Andresen v. Maryland, 427 U.S. 463 (1976). . . . Here, the warrant describes only certain emails that are to be seized -- and the government has only established probable cause for those emails. Yet it seeks to seize all e-mails by having them `disclosed’ by Apple. This is unconstitutional because `[t]he government simply has not shown probable cause to search the contents of all emails ever sent to or from the account.’ See In re Search of Target Email Address, 2012 WL 4383917 (U.S. District Court for the District of Kansas 2012).

As Judge David J. Waxse wisely analogized, if this were the physical world, it would be akin to `a warrant asking the post office to provide copies of all mail ever sent by or delivered to a certain address so that the government can open and read all the mail to find out whether it constitutes fruits, evidence or instrumentality of a crime. The 4th Amendment would not allow such a warrant.’  In re Search of Target Email Address, supra.

In the Matter of the Search, supra. 

For these and other reasons, the U.S. Magistrate Judge denied the government’s application for the search and seizure warrant.  In the Matter of the Search, supra.