Wednesday, April 29, 2009

Private Stingers

This post is basically about stings -- the ruses police use to catch people who are committing a crime. I got a question from someone who was curious about the use of “stings” in the online context. He wondered if it’s legal for an officer to go into a chat room or use some other online resource to engage in conversation with someone while pretending to be a child or a parent of a child who’s offering the child for sex.

Many people, I suspect, think it is illegal for officers to trick people in order to gather evidence of a crime (or, as some argue, to create the conduct that’s later charged as a crime). It isn’t.

This post is about why it isn’t illegal for law enforcement officers to do this . . . or for private citizens to do it and then take the evidence to law enforcement.
To explain that, I’m going to use the facts in U.S. v. Morris, 549 F.3d 548 (U.S. Court of Appeals for the Seventh Circuit 2008). Here they are:
In October of 2007 [Morris] attempted to contact a minor at the minor's MySpace page. The minor's mother, Mrs. [X], responded to this unwelcome development by creating her own MySpace page, in which she pretended to be a 15 year old named `Kandice’ (not her daughter's name). On October 22, [Morris] began emailing `Kandice’ and they began chatting online on almost a daily basis. He asked her to have sex with him, and she agreed. On November 2, Mrs. [X] reported him to the FBI. Two days later he bought a bus ticket for `Kandice’ to travel to meet him, and mailed it to her. The FBI picked up the ticket and assumed `Kandice's’ identity and continued the online chats. On November 19 . . . the Bureau arrested [him].
U.S. v. Morris, supra. Morris was charged with attempting to transport a minor across state lines to engage in illegal sexual conduct in violation of 18 U.S. Code § 2423. He pled guilty but reserved his right to challenge the district court’s refusal to dismiss the charges against him.

Morris argued that the charges should be dismissed because “the person he thought was a minor was neither a minor nor a law enforcement officer posing as one but was instead a private citizen.” U.S. v. Morris, supra. The Court of Appeals rejected the first part of his argument, noting that “case law uniformly holds that the fact that a defendant is mistaken in thinking that the person he is trying to entice is underage is not a defense to a charge of attempted illegal sexual contact with a minor.” U.S. v. Morris, supra.

The reason the law takes this position is that a defendant in this situation has shown he has the capacity to commit the crime and would have committed it, but for circumstances beyond his control; the theory is that since he’s demonstrated that he’s dangerous, it’s appropriate to punish this defendant to discourage him from doing the same thing again and to discourage others from doing the same thing.


The Court of Appeals then addressed the other issue Morris raised: the fact that he was the victim of a sting run by a private citizen, not by a police officer. It noted that there is a
legitimate concern with vigilantism -- with private citizens conducting stings without the knowledge or authorization of the authorities. The vigilantes' aim might be to blackmail any offender whom they detect rather than to turn him over . . . for prosecution. . . . But stings, including private ones, must be distinguished from entrapment. Stings are schemes for getting a person who is predisposed to criminal activity to commit a crime at a time or place in which he can be immediately apprehended; they are an essential tool of law enforcement against crimes that have no complaining victim.
Entrapment refers to the use of inducements that cause a normally law-abiding person to commit a crime, and is a defense when the entrapment is conducted by law enforcement officers. . . .`For . . . targets of stings all that must be shown to establish predisposition and defeat the defense of entrapment is willingness to violate the law without extraordinary inducements. . . .'
U.S. v. Morris, supra. If the sting that caught Morris had been conducted by a law enforcement officer, he could have argued that he was entrapped, which is a defense to a criminal charge. To show he was entrapped, Morris would have had to show he was not predisposed to commit the crime, i.e., was neither interested in nor willing to violate the law without the government’s using “extraordinary inducements” to get him to do so. Defendants usually have a hard time making this showing, but some do succeed.

In Jacobsen v. U.S., 503 U.S. 540 (1992) the U.S. Supreme Court reversed Jacobsen’s conviction for receiving child pornography because it found the government had not rebutted his defense of entrapment. In 1984, Jacobsen, “a 56-year-old veteran-turned-farmer who supported his elderly father in Nebraska, ordered two magazines . . . from a California adult bookstore.” The magazines were entitled “Bare Boys I and Bare Boys II and “contained photographs of nude preteen and teenage boys. The contents . . . startled [Jacobsen], who . . . expected to receive photographs of `young men 18 years or older.’” U.S. v. Jacobsen, supra. The boys in the magazines “were not engaged in sexual activity and [his] receipt of the[m] was legal under” federal and Nebraska law. Three months later, Congress made the “receipt through the mails of sexually explicit children a crime.” U.S. v. Jacobsen, supra.

Postal inspectors found Jacobsen’s name on the mailing list of the bookstore that sent him Bare Boys I and II and for 34 months postal inspectors unsuccessfully bombarded him with mail offering to let him order child pornography. The Customs Service made its own, unsuccessful attempt at that point, followed by yet another effort from the Postal Service. This time Jacobsen ordered Boys Who Love Boys and was arrested “after a controlled delivery" of the magazine. U.S. v. Jacobsen, supra. When asked at trial why he ordered the magazine, Jacobsen said, “the statement was made of all the . . . hysteria over pornography and I wanted to see what the material was. . . . I didn’t know for sure what kind of sexual action they were referring to”. U.S. v. Jacobsen, supra.

He relied on the defense of entrapment at trial, but lost. The U.S. Supreme Court found that the government failed to prove beyond a reasonable doubt that Jacobsen had been predisposed to order child pornography:
Petitioner's ready response to these solicitations cannot be enough to establish beyond reasonable doubt that he was predisposed, prior to the Government acts intended to create predisposition, to commit the crime of receiving child pornography through the mails. The evidence that petitioner was ready and willing to commit the offense came only after the Government had devoted 2 1/2 years to convincing him that he had or should have the right to engage in the very behavior proscribed by law. Rational jurors could not say beyond a reasonable doubt that petitioner possessed the requisite predisposition prior to the Government's investigation and that it existed independent of the Government's many and varied approaches to petitioner. As was explained in Sherman, . . . `the Government [may not] pla[y] on the weaknesses of an innocent party and beguil[e] him into committing crimes which he otherwise would not have attempted.’

Because. . . the prosecution failed, as a matter of law, to adduce evidence to support the jury verdict that petitioner was predisposed, independent of the Government's acts and beyond a reasonable doubt, to violate the law by receiving child pornography through the mails, we reverse the . . . the conviction of Keith Jacobson.
U.S. v. Jacobsen, supra. To prevail on an entrapment defense, Morris would have to show his situation was analogous to that of Jacobsen. From the few facts we have, it appears he would have had a difficult time doing that, but his point was that he should have had the opportunity to try. Morris claimed he should not be prevented from raising entrapment simply because the sting was not run by a law enforcement officer.

The Court of Appeals didn’t buy his argument. It explained that there is no “defense of private entrapment.” U.S. v. Morris, supra. The court also noted that private stings have become much more significant in the online world than they are in the real world:
[W]e read that `the inexpensive, relatively invisible nature of [Internet sting operations] . . . permits private entrapment to become rampant, which is not the case in off-line settings. . . . On-line vigilantism against pedophiles has taken on unexpected proportions. Traditional entrapment rules do not allow consideration of “private entrapment.” Individuals . . . induced or set up by anyone besides a state agent cannot raise an entrapment defense to criminal charges. Historically this was not a problem because most individuals, even if they had the motivation to entrap others, did not have the resources to orchestrate a sting while protecting themselves from retaliation if caught. Private entrapment was therefore a rare occurrence. The Internet has changed this, for better or worse, at least for the crimes perpetrated partly on-line.’ Dru Stevenson, Entrapment by Numbers, 16 U. Fla. J.L. & Public Policy 1, 70 (2005).
U.S. v. Morris, supra.

The court then returned to the point it made earlier -- that private stings can be legally problematic. Those who run private stings may use them to blackmail the targets or may “botch their investigation, alerting the offender in time for him to elude justice.” U.S. v. Morris, supra. The court noted that private stings can be problematic for yet another reason: the stinger may commit a crime “in his attempt to catch others.” U.S. v. Morris, supra. It cited two cases in which those who claimed to have been operating private stings were charged with possessing child pornography. U.S. v. Morris, supra. Ultimately, though, this Court of Appeals found that none of these concerns justified a private entrapment defense:
[I]f the law wants to deter private sting operations, . . . the way to do that is `by imposing criminal liability on private parties who encourage crimes . . .’ rather than by letting another guilty person -- the object of the successful sting -- get away with his crime. Just as there is no defense of private entrapment, so there is no exclusionary rule applicable to evidence obtained improperly by private persons. . . .
U.S. v. Morris, supra.

So if you're the victim of a government sting, you might be able to use entrapment as a defense, but you're going to have to show, essentially, the the idea of committing the crime originated with the government, not you. If you're the victim of a private sting, under this decision, anyway, you can't raise the defense of entrapment . . . but you may be able to get the stinger prosecuted if he or she violated the law by, say, sending you child pornography.

Monday, April 27, 2009

Medieval

Not long ago, something I’d written was peer-reviewed as part of being vetted for publication. In it, I wrote about the problem of keeping order in cyberspace, and one reviewer criticized me for not analogizing cyberspace to the Old West.

I submitted my response to that reviewer’s comments – and the comments of the other reviewers – to the press considering my manuscript. The editors were apparently happy with my response, at least happy enough to publish what I’d written. What I found a little unsatisfactory is that my response didn’t make its way to the person who’d advocated the Old West analogy.

I didn’t find it unsatisfactory out of pique, at least I don’t think that was the reason. I think I was aggravated because I didn’t get the chance to respond to the person and debate the utility of the Old West analogy. So I decided to do a blog post on the issue.

I don’t know who first came up with the idea of analogizing cyberspace to the Old West (a/k/a Wild West). I did some searches and found that the analogy was being used in articles at least as far back as 1995. Maybe it was in use before that, maybe not. It’s been around for a long time, and still crops up in articles about cyberspace, usually articles dealing with the presumed lawlessness of cyberspace.

My first question is why do we need to analogize cyberspace to anything? Why can’t we just approach cyberspace as . . . cyberspace?

I think our inclination to analogize cyberspace to the Old West – or some other place – is a function of how we experience it. As we know, cyberspace isn’t a “place” at all, at least not in the physical sense. It’s an experiential reality, not a physical reality. That is, it’s made up of the sum – and often transient – total of our experiences, which take the form of digital communications (oral, visual and text). We use those communications to interact with each other – and sometimes with automated systems – and, in so doing, “experience” cyberspace as a distinct and discrete part of our lives.

Which brings me back to my question: Why do we need to analogize our experiencing cyberspace to being in a specific physical place? I think it’s because we have a rather limited conceptual repertoire. Except for cyberspace, all the experiences I will have in my life will occur in a given place; it may be a mundane place (my home, my office) or a more or less exotic place (a foreign country, a domestic location I don’t/can’t frequent except once, say) or a transitory place (an airplane or train or hotel). When I think of an experience, I inevitably think of a place; our experiences are grounded in, and consequently associated with, “places.”

We see that in our dreams. Conceptually, I suppose, we could have perfectly abstract dreams . . . dreams in which our experiences were not situated in dream spaces, the more or less skewed versions of physical reality that serve as the stage for whatever goes on in a particular dream. People may or may not dream in color, but I suspect we all dream of places. As I write this, I’m trying to conceptualize an experience that would not be grounded in a place, and I find I can’t. Maybe it’s just me, but I suspect not.

It follows, then, that we analogize our experiences in – and of – cyberspace to being in a particular physical place. To paraphrase William Gibson, cyberspace is a consensual hallucination orchestrated and shared by millions of people. More precisely, cyberspace is the sum total of discrete hallucinations that are orchestrated by congeries of people, congeries that shift in size and constituency. When we contribute to orchestrating the hallucinations that create and sustain cyberspace, we need a way to think about what we’re doing . . . and that brings us back to the spatial analogy.

Think about it: How do we refer to our participation in cyberspace? We say we’re “going online” or we’re “in cyberspace”. “Going” and “in” are terms we use to refer to action that is grounded in physical reality. I go to work; I’m in my office.

Why do we analogize cyberspace to physical reality when we don’t use a spatial analogy for the comparable experience of talking on the phone? I don’t say I’m “going into phone space” when I’m making a call or joining a teleconference (I hate teleconferences). We seem to experience telephone communication differently from cyberspace, at least for as long as the two remain separate experiences. I’m not sure why that is.

Part of it probably derives from the fact that for over a century a phone call only involved two people. So a phone call was really just a conversation, a remote conversation but still a conversation between two people, both of whom were situated in discrete parts of physical space.

I wonder if things would have been different if the phone had not evolved as a one-to-one mode of communication. When telephones were new, in the mid- to late-nineteenth century, they were used to broadcast news and music. You could sign up to listen to an orchestra playing (live, of course) or to get news via your phone. For some reason, that broadcast use of the telephone never caught on, maybe because radio came along and seemed to do the same things much more efficiently.

Somehow I doubt that phones could ever have evolved into a version of cyberspace, even if the notion of using them for more than one-to-one (or teleconferences) had caught on. You wouldn’t have had the visual aspect, which I think is an important element in experiencing communicative reality as an analog of physical reality. And I don’t think purely oral communication could have sustained an experiential reality of the complexity that we see in cyberspace; oral communications are, after all, transient.


I digress. I need to get back to my real point – the Old West analogy for cyberspace. I’ve made my argument as to why we seem to need to analogize cyberspace to A place. That brings us to my second question: Why the Old West?

I think people tended to analogize cyberspace to the Old West because it was a familiar analogy (especially to those of us in the U.S.) and because it captures the notion of being in an experiential environment in which the rules that govern us in the real-world either don’t apply at all or are relaxed. So, as I recall, many of the early articles written about cyberspace analogized it to the U.S.’ Western frontier on the grounds that, like the Old West, it was a place (the term is inevitable) where there wasn’t much, if any law . . . or, maybe, where there wasn’t much in the way of law enforcement.

As I’m sure we all know, cyberspace is pretty lawless compared to the contemporary physical world. Many people, including me, have written about why law enforcement finds it difficult to deal effectively with many of the things that go on “in” cyberspace. It’s much easier to be anonymous or assume a pseudonym in cyberspace than in the real world; and cyberspace transcends the boundaries of nation-states, which hampers law enforcement’s ability to pursue law-breakers even if they are able to identify them.

I could go on about the challenges cyberspace creates for law enforcement, but that’s not my point in this post. If you want to read more about that, check out some of my articles or my latest book.

My point finally, is that while I think spatial analogies are inevitable, I don’t think the Old West is the best spatial analogy for cyberspace. The Old West analogy assumes that cyberspace is a frontier, like the Western part of the U.S. in the nineteenth century or like Australia during the early years of its colonization. Dictionary.com defines a frontier as “the land or territory that forms the furthest extent of a country’s settled . . . regions.” That’s what the Old West was: The Eastern and Southern U.S. states had been settled and civilized for a long time. The challenge the U.S. faced was extending the law that applied in the Eastern and Southern states to the Western areas of the country. That process was facilitated by the fact that the people who lived on the frontier had come from the settled parts of the country where the law was enforced; they had experience with the rule of law and, for the most part, wanted to see that rule applied to the areas where they now lived.

I think all of that makes the Old West analogy inapt: it’s a lot easier to expand law and law enforcement into areas that are owned by and therefore under the absolute control of a sovereign nation than it is to institute law and law enforcement in a “place” – a world” -- that has neither. I don’t see cyberspace as a frontier than can be civilized by exporting U.S. law or European law or Asian law or an amalgam of global law (assuming such a thing could be created) “into” cyberspace because I see cyberspace as a vacuum when it comes to law and law enforcement.

The analogy I prefer – and it has its own imperfections – is to Europe in the early Middle Ages, what some have called the Dark Ages. It’s not a perfect analogy because it was an environment in which law and law enforcement had existed but disintegrated with the collapse of the Roman Empire. The reason I prefer the medieval analogy is because the world that evolved (or devolved) after the Empire collapsed was one in which there was no generalized governing structure and therefore no consistent, reliable order; there was law, but it was parochial, just as governance was parochial.

The medieval analogy is far from perfect, but since I can’t come up with a real-world analogy based on a “place” in which there had never been any source of law and law enforcement, it’s the best I can do. As I argued in an article I published a few years ago, I don’t think any human grouping can exist and survive without having some system of law and law enforcement to guarantee the stability people need to carry out the activities essential to their survival and the survival of their group.

At least that has always been true in the physical world; since cyberspace is in a sense a luxury, in that we inhabit it by choice rather than by necessity, perhaps my argument does not apply there. Perhaps cyberspace can – and should – survive in a state of greater or lesser chaos, in which people depend on themselves and perhaps some associates for their security. That’s pretty much what it came to in the Middle Ages.

Friday, April 24, 2009

Spyware, Divorce and the Law Firm

This post is about a federal civil case in Louisiana. Becker v. Toca, Civil Action No. 07-7202 (U.S. District Court for the Eastern District of Louisiana).

I’m doing a post on this civil case because it arose from the defendant’s allegedly installing a Trojan horse on a law firm’s computers. Here are the facts alleged in the plaintiff’s complaint, i.e., the pleading that got the case started:
Plaintiff, PHILLIP M. BECKER individually operates his law firm in Lake Charles, Louisiana, with the use of tools and equipment including computer hardware and software, which is connected to the Internet by typical means. . . .

Prior to 25th of October, 2006, BECKER . . . and personnel employed by his law firm, began to experience considerable difficulties in both their home and office computers. This consisted of error messages, slow processing, and other indicators of technical problems with the operations of the computers.

BECKER . . .retained the services of WebTronics LLC, a third party contractor with expertise in computer operation, to evaluate both his home and office computers.

After an extensive evaluation, WebTronics . . . identified . . .spyware and viruses on two Compaq computers and one Toshiba laptop . . . and advised BECKER . . . to take further action with an Internet forensic team located in Baton Rouge.

Upon further examination, it became apparent the computers . . . were infected with an interest `Trojan Horse’ virus named `Infostealer.’ Infostealer is used to detect and steal passwords from computers . . . by gathering the passwords from the compromised computer and sending them to a remote computer by email or other means.

The Infostealer virus was sent to BECKER and to his law firm by the Defendant, TOCA by means of various emails and attachments.

The Defendant, TOCA knew that the use of the Infostealer Trojan Horse virus would give her unauthorized access to her ex-husband's personal and business computers.

The actions of . . . TOCA were . . . done . . . in the hopes that private information disseminated to her by means of the Infostealer . . . would provide her with some kind of . . . advantage in ongoing domestic litigation . . . between the two parties.
Becker v. Toca, Complaint (October 23, 2007), 2007 WL 4546306 (E.D.La.).

Becker claimed the installation and use of the Trojan violated three federal statutes: the Wiretap Act, 18 U.S. Code § 2510, the Stored Communications Act, 18 U.S. Code § 2701 and the Computer Fraud and Abuse Act, 18 U.S. Code § 1030. Becker v. Toca, 2008 WL 4443050 (U.S. District Court for the Eastern District of Lousiana).

Toca responded by filing a motion to dismiss all three claims. When a defendant files a motion to dismiss civil claims, he/she says that even if the facts alleged in the plaintiff’s complaint are true, they don’t establish a valid claim under the law the plaintiff is relying on. So in ruling on her motion to dismiss, the judge had to assume – for the limited purpose of ruling on the motion – that the facts alleged in the complaint were true.

Toca’s first argument was that sending a “virus to detect and steal passwords . . . on a computer does not constitute an attempt to `intercept’ an “electronic communication” for purposes of the Federal Wiretap Act.” Becker v. Toca, supra. In ruling on this argument, the federal judge noted that the “The Federal Wiretap Act subjects to criminal liability any person who `intentionally intercepts . . . any wire, oral or electronic communication,’ except as otherwise permitted by law.” Becker v. Toca, supra (quoting 18 U.S. Code § 2511(1)(a). The Wiretap Act makes it permissible to intercept communications in certain circumstances – such as when someone is a party to the communication or when they are a law enforcement officer who has a court order authorizing the interception – but none of them applied to Toca.

The issue was whether the Infostealer Trojan “intercepted” electronic communications. The opinion doesn’t tell me what Toca’s argument was, but I assume she claimed the information the Trojan detected was stored on the computers it targeted; courts have found that to “intercept” a communication, you have to capture its contents while it is “in flight,” i.e., while it is traveling from one person to another. If the Trojan simply took data that was stored on the computers, it didn’t “intercept” a communication.

The federal judge rejected Toca’s effort to have the Wiretap Count dismissed, at least as this point in the litigation. The complaint said the targeted computers were “`connected to the Internet by typical means’”. Becker v. Toca, supra. Given that allegation, which the court had to assume was true for the purpose of ruling on the motion to dismiss, the judge found it was “reasonable at this time to infer that the Trojan Horse program may have collected information contemporaneous to its transmission over the internet.” So that claim is still live; once she’s able to introduce evidence to support her argument, Toca may be able to show there was no interception of an electronic communication, but the claim survives unless and until she does.

Toca’s second argument was that “the Stored Communications Act (SCA) does not apply to the instant case because the Plaintiff's computers are not `facilit[ies] through which an electronic communication service is provided.’” Becker v. Toca, supra. The Wiretap Act makes it a crime to intercept data while it is in transmission; the SCA makes it a crime to intentionally access “without authorization a facility through which an electronic communication service is provided” and obtain, alter or prevent “authorized access to a wire or electronic communication while it is in electronic storage in such system.” Becker v. Toca, supra (quoting 18 U.S. Code § 2701(a)). The SCA defines an electronic communication service as “any service which provides to users . . . the ability to send or receive . . . electronic communications.” 18 U.S.. Code § 2510(15). It defines electronic storage as “any temporary, intermediate storage of a[n] . . . electronic communication incidental to the electronic transmission thereof; and [ ] any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18 U.S. Code § 2510(17).

The federal judge held that he could not dismiss the SCA claim at this point in the case
because it is unclear to what extent the program may have accessed . . . information stored with an electronic communication service provider. Although the Plaintiff does not allege that his personal or office computers were `facilities through which an electronic communication service is provided,’ the computers may qualify as such because the Plaintiff does allege that he used the computers to run his business. Further, the Plaintiff alleges that the Defendant transmitted the Trojan Horse program to him via email and that the program sent information back to the Defendant `by email or other means.’ It is therefore unclear whether the program may have accessed files stored with an electronic service provider during its transmission of data. Finally, the Plaintiff alleges that the Trojan Horse program targeted passwords, and it is unclear . . . whether the targeted passwords were system passwords saved on the Plaintiff's hard drive or web-based passwords captured during transmission over the internet.
Becker v. Toca, supra. Again, the court was not saying that Toca was liable for violating the SCA. All he’s saying is that he can’t dismiss this claim at this point; later, she may be able to produce evidence at trial showing that she did not, in fact, violate the statute.

Finally, Toca argued that the Computer Fraud and Abuse Act (CFAA) did “not apply because the Plaintiff only alleges the Defendant sought to recover passwords and did not intend to `harm’ the Plaintiff's computer.” Becker v. Toca, supra. As I noted in an earlier post, the CFAA – or, as I prefer, 18 U.S. Code § 1030 – creates a number of federal computer crimes and creates a civil cause of action for people who have been the victim of such a crime.

Becker’s claim under § 1030 alleges Toca violated the statute, which gives him the right to sue for “damage” he sustained as a result of the violation. 18 U.S. Code § 1030(g). In moving to dismiss this claim, Toca argued that Becker had “failed to establish that the Defendant intentionally caused `damage’ to the Plaintiff's computers. Specifically, the Defendant argues that a person cannot simultaneously seek to damage a computer and gather passwords from the computer, because a person cannot recover passwords from a non-functioning computer.” Becker v. Toca, supra.

Once again, Toca lost. The federal judge explained that § 1030 does not, as Toca
suggests, apply only in the instance that a person intends to render a computer completely inoperable. Rather, the statute defines `damage’ as `any impairment to the integrity or availability of data, a program, a system, or information.’ 18 U.S. Code § 1030(e)(8). The Plaintiff alleges that his computers presented `error messages, slow processing, and other indicators of technical problems.’ . . . Error messages and slow processing constitute impairments to the integrity or availability of data. Therefore, assuming that all of the Plaintiff's allegations are true, it is reasonable to infer that the Defendant may have intended to cause such limited damage to the computers at issue, even if she did not intend to render them completely inoperable. Accordingly, the Court finds that the Plaintiff has stated a valid claim under the Computer Fraud and Abuse Act.
Becker v. Toca, supra.

So there you have it. I don’t know if the case has since settled or will wend its way to trial at some point. It’s not the first use of spyware I’ve seen in “domestic litigation,” but it’s the first time I’ve seen it used against a law firm.

Wednesday, April 22, 2009

Gant

On April 21, the U.S. Supreme Court decided a case that significantly reduces a police officer’s ability to conduct a search incident to arrest when the person arrested was in a vehicle. The case is Arizona v. Gant.

As I’ve explained before, search incident to arrest is an exception to the 4th Amendment’s warrant requirement. The 4th Amendment requires that searches be reasonable, and the reasonableness requirement can be satisfied either by a warrant (a search warrant, in this instance) or by an exception to the warrant requirement.

The search incident exception lets a police officer search the person being arrested and the area immediately around the person (the lunge area) to find weapons and evidence. The rationale for letting an officer search has two parts: The first premise is that when an officer takes someone into custody, that creates a potentially dangerous situation; it is therefore reasonable to let the officer search for and seize any weapons that could be used against the officer (or anyone else). The other premise is that it is reasonable to let the officer search the person for evidence of crime to prevent him from destroying it.

Gant isn’t about the part of search incident that lets an officer search the person being arrested; it’s about the scope of a search of the area around the person being arrested. For arrests that are made anywhere other than in a vehicle, the Supreme Court uses a fact-sensitive test. That is, in each case the officer has to justify why he searched a particular area. So if, say, an officer arrests someone in a small motel room and then searches under the bed, claiming it’s part of search incident to arrest, the officer will have to convince the court that he had good reason to search under the bed. If, say, the suspect didn’t have shoes on and the officer were going to let him reach under the bed to get his shoes, then it would be reasonable for the officer to check under the bed.

Until yesterday, when an officer arrested someone in a vehicle, a special rule – called the Belton rule – applied to the scope of the search incident of the lunge area. In the Belton case, the Supreme Court held that a standard test defines the lunge area when someone is arrested in a car. Under Belton, an officer could search the passenger compartment of the vehicle – including the glove compartment and console – plus any containers in the passenger compartment. Containers included anything that could hold evidence or a weapon . . . bottles, a jacket pocket, a purse, etc.

The U.S. Supreme Court didn’t explicitly address this issue, but over the years most lower courts held that the officer could conduct a Belton search even though the person being arrested was in handcuffs in the back of a patrol car. Some state courts said that didn’t make any sense, because if the person isn’t going to get back in the car, there’s no reason to let the officer do a Belton search because the person can’t grab any weapons in the car or destroy evidence in it. Most courts, though, held that Belton applied even if the person was in a police cruiser and was not getting back into the car. Indeed, that’s what happened in the Belton case; Belton was under arrest and in handcuffs and definitely not getting back in the car, but the Court said the search was a valid search incident to arrest.

For several years, I’ve been speculating about whether Belton could be used to justify a search of the files on a laptop that was in the passenger compartment of the vehicle in which the driver was arrested. I found a lower-court case in which the court said the government argued that such a search would be proper . . . but since that issue really wasn’t before this court, it didn’t rule on whether such a search would be proper under Belton or not.

Well, Belton’s gone . . . that’s what Gant has done. The Gant Court held that
[p]olice may search a vehicle incident to a recent occupant’s arrest only if the arrestee is within reaching distance of the passenger compartment at the time of the search or it is reasonable to believe the vehicle contains evidence of the offense of arrest. When these justifications are absent, a search of an arrestee’s vehicle will be unreasonable unless police obtain a warrant or show that another exception to the warrant requirement applies.
Arizona v. Gant, supra.

That’s going to make things interesting. Under Belton, officers could open a container in a vehicle without having probable cause to believe it contained evidence; the Supreme Court has held that in the context of arrests, we need “bright line” rules, i.e., rules that are standardized. The rationale was that arrests can be dangerous, fluid situations and we don’t want officers having to figure out whether they can search an area or not. Now they’re going to have to do just that.

I assume (and I’d hope) that officers aren’t going to leave arrestees in a vehicle just so they can search it; that seems a very dangerous thing to do. So pretty much the only time they’ll be able to do a search incident of the vehicle is when they have reason to believe there’s evidence of the crime for which the person has been arrested. (I assume reason to believe is less than probable cause because officers can search a vehicle under a different exception, the vehicle exception, if they have probable cause to believe it contains evidence of a crime.) That’s significant: it means that if someone is arrested on a traffic violation, it’s going to be very hard for an officer to search a vehicle under the search incident exception . . . because as many defendants have pointed out, it isn’t likely that evidence of the traffic violation (not having an operator’s license, for example) will be found in the vehicle.

So where does that leave us with the laptop in the vehicle of someone who’s been arrested? It looks like it’s going to be hard to search the laptop under this exception. I suppose if an officer arrested someone for having such perpetrated a terrorist bombing, the officer MIGHT be able to search the laptop he/she found in the arrestee’s car. I’m really not sure. I am sure that this is going to make it much, much harder to use the vehicle search incident exception to search a laptop.

Mixing Metaphors

Last year I did a post in which I talked about how the use of cyberspace challenges the efficacy of the law enforcement model in dealing with crime and terrorism.

In this post, I want to talk about how, and why, cyberspace can blur the distinctions between the three categories of threats nation-states have to deal with if they are to survive and prosper.


The three categories are crime, terrorism and war and the distinctions between each are reasonably well defined and reasonably stable in the physical world. The definitional clarity and empirical stability of the threat categories is a function of the fact that the physical environment is far less malleable and therefore far less ambiguous than the conceptual environment of cyberspace.

Three years ago, I did a post analyzing how our use of cyberspace can erode the distinctions between crime, terrorism and warfare.
In this post, I want to address a related issue: how cyberspace erodes the assumption that is responsible for our dividing threats in to the three categories noted above. To do that, I need to briefly review the differences between the three categories. (If you want to read more on that issue, check out my prior post on cyberthreats.)

A crime consists of someone’s violating a law forbidding certain conduct and/or the infliction of certain harm. The crime of murder prohibits one person’s intentionally causing the death of another person; the crime of theft outlaws one person’s taking another person’s property without their permission and with the intention to deprive them of that property. Crimes are committed by people. The purpose of criminal law, as I’ve noted hear and elsewhere, is to maintain the baseline of order within a society that is essential if the members of that society are to be able to carry out the activities (e.g., procure food, clothing and shelter, reproduce the population, etc.) essential to ensure their own survival and that of the society. A society cannot, as I’ve noted elsewhere, survive if its members are free to prey on each other in ways that would undermine the critical level of order needed to fend off chaos.

Societies control crime by using two sets of rules: One is a set of civil rules. So every society has civil rules that deal with status (when people become adults, which adults have which rights, etc.), property (who can own property, how one acquires, maintains and transfers ownership, etc.), familial bonds (kinship, marriage, divorce, custody, etc.) and other critical matters. Some of these civil rules are informal norms; most of us internalize those norms and that keeps our behavior within socially acceptable bounds. Some of these civil rules are laws, the enforcement of which falls to civil courts and civil litigation (suits between individuals).

Societies also use criminal rules to maintain order. As I’ve explained elsewhere, while other biological systems (e.g., ants, termites) can get along with just civil rules, humans cannot because we have the ability to deviate. That is, because of our individual intelligence, humans can simply decide not to follow a civil rule; most of us cannot, or do not, make such a decision, but there is always a subset of people who do. Criminal law is intended to keep them in line by letting the state impose sanctions – punishment – on those who violate criminal laws that are designed to discourage conduct that seriously challenges a society’s ability to maintain order.

So when Jane Doe murders John Doe, the society she belongs to will convict her of murder and impose a sanction which, in the modern world, is usually incarceration (or perhaps execution). The primary purpose of this is to deter Jane from breaking any more criminal rules; a secondary purpose is to deter others from following her example. Criminal trials are a type of theater – a public denunciation of the conduct criminals like Jane engage in. The punishment imposed on Jane underscores the unacceptability of engaging in such conduct and implicitly threatens the imposition of similar consequences on those who follow Jane’s example.

Implicit in all of that is a basic assumption: Individuals commit crimes. That assumption also applies to terrorism, which is essentially the commission of crime(s) for ideological reasons. Criminals commit crimes for financial reasons (e.g., fraud, theft, extortion) and for what I call passion (e.g., anger, sexual/emotional pressures). The motive behind the commission of crimes is personal: I steal to benefit myself, directly or indirectly; I murder out of revenge or jealousy or some psychological need or to eliminate someone who is a threat to me. Terrorists commit crimes (they kill and injure people, damage and destroy property) but for different reasons; terrorists commit their crimes to promote a particular ideology, usually by trying to coerce or intimidate the population of a particular society.

This brings us to the third category: war. War is, and has always been, waged not by discrete individuals but by a society . . . by nation-states in our world. War is a struggle between two collective entities; while it is wages by discrete individuals, the players are the nation-states (or other sovereign entities) who are engaged in a struggle, usually a struggle for the survival. War has historically been a zero-sum affair in which one state or sovereign entity wins and the other loses; the loser has traditionally lost its identity and either been subsumed by the victorious state or eliminated (think Carthage).

War is and has been a struggle between nation-states for at least two reasons: One is that it is transnational. War by definition transcends national boundaries; civil war, of course, occurs within the territory of a nation-state but I don’t include civil war in the concept of war I’m using in this post. Civil wars display many of the characteristics of war (e.g., carnage), but are more properly understood as an internal struggle; civil wars occur when some part of the citizenry of a nation-state rebel against its established government, as happened in the U.S. Civil War. War, as such, is a struggle between two sovereigns; since nation-states are the sovereigns in our world, war in our world consists of a struggle between two nation-states, e.g., between two territorially-based governing entities.

The other reason war is a struggle between two nation-states is that only nation-states have been able to summon the resources needed to wage war. Al Qaeda has for some time considered itself to beat war with the United States, but no group of individuals can truly wage war in the physical world. Al Qaeda’s attacks are terrorism, not war; the 911 attacks were terrible things, but isolated, low-level attacks like those cannot constitute war because they do not pose a serious threat to the survival of the United States as a sovereign entity. When Hitler invaded Poland in 1939, that was clearly the onset of war between two sovereign entities; the invasion required Poland to reciprocate with force that was commensurate with the force used by the invaders and was quite beyond the capability of any individual or group of individuals.

So, to recapitulate, crime and terrorism are committed by individuals and take place inside the territory of a specific nation-state. War, on the other hand, is committed by nation-states and necessarily involves a struggle that transcends national boundaries.

I want to use something that didn’t happen to illustrate how cyberspace erodes the distinctions between crime/terrorism and war. In 2001, Interior Minister Otto Schily said it might be necessary for Germany to use “denial-of-service attacks . . . to shut down some sites based in the United States.” Wired (January 10, 2002). The sites in question were neo-Nazi sites operated by Gary Lauck of Nebraska. They distribute pro-Nazi material; distributing such material is a crime in Germany, so if Lauck were in Germany, he could be prosecuted for violating German law. Since Lauck is in the United States, he and his websites are protected by our First Amendment. Since the First Amendment gives him the right to distribute the material, he has not committed any crimes in the U.S. and therefore cannot be extradited to Germany to stand trial for violating German law. (Extradition requires that the person’s conduct have been a crime in both countries.)

Let’s start with Lauck. He didn’t commit any crimes in the U.S. Did he commit a crime, terrorism or war in Germany? Distributing neo-Nazi material is a crime “in” Germany; if Lauck was handing out neo-Nazi literature in Berlin, he would clearly be committing a crime “in” Germany. Lauck’s use of cyberspace muddies the analysis because it means his conduct simultaneously occurs “in” the U.S. and “in” Germany. If we approach crime as a unitary construct in which all the elements of a crime must occur in a nation-state for the activity to constitute a crime there, Luack would not have committed a crime in Germany. Modern criminal law, though, says you can be prosecuted in a jurisdiction if you cause “harm” there by engaging in activity outside that jurisdiction. Under that theory, Lauck committed a crime “in” Germany (if the Germans can show he intentionally distributed the material in Germany, as opposed to putting it online for anyone to see.)

What about Schily’s proposal (which he later retreated from)? If Germany had launched a DDoS attack on the Nebraska servers hosting Lauck’s websites, would that be war? Crime? Terrorism? It wouldn’t be terrorism, for the simple reason that Germany would not be launching such an attack to coerce the U.S. civilian population into, what?, repealing the First Amendment. That leaves us with crime and war.

Would it be an act of war for Germany to launch such an attack? It would, in a sense, be an invasion . . . a kind of digital analogue of Japan’s attack on Pearl Harbor . . . without, of course, the intention to start an armed conflict between the two countries. It would not be a physical invasion of U.S. territory, but a DDOS attack could certainly be seen as a hostile act by the targeted country. I suspect that if the CIA launched such an attack on a North Korean facility, the North Koreans would consider it an act of war.

It looks more like a crime, though, because Germany would be targeting an individual, not the United States. And in the U.S. federal law and the laws of many states define DDoS attacks as a crime, as do the laws of other countries. But can a country commit a crime? Crimes are committed by individuals; war crimes prosecutions target the acts of specific individuals, not the country of which they were citizens. if we assume a country can commit a crime, how would we handle that? Would the U.S. prosecute Germany (something that, as far as I know, is simply not possible under existing law)? Or would the U.S. ask German authorities to hand over Mr. Schily and the individuals who executed the DDoS attack so we could prosecute them for a crime? Since it looks to me like § 303b of the German Penal Code makes a DDoS attack a crime, they might be subject to extradition under the principle I noted earlier, i.e., DDoS attacks are a crime in the U.S. and in Germany. I suspect, though, that the German authorities would not be inclined to turn them over to us, even if extradition was permissible under the law.

My point simply is that cyberspace makes threats more complex: Individuals can launch attacks (like DDoS attacks on facilities in another country) that have at least some of the characteristics of an act of war (e.g., transnational, ability to launch repeated attacks that shut down essential systems). And countries can engage in activity that looks a lot like crime. And then there’s terrorism . . . .

Monday, April 20, 2009

Boston College Case

Maybe you’ve read about this: On March 30, Kevin Christopher, a Detective for the Boston College Police Department, executed a search warrant at a BC dorm room that was occupied by Riccardo Calixte.

If you want to know more about the warrant and why it was issued, the Electronic Frontier Foundation has information about the search, including court filings, on its website.


As we’ll get to in a minute, Calixte has moved to quash the search warrant. According to a memorandum filed in support of that motion, on January 27 a Boston College
a Boston College police officer filed a report regarding two students who were having `domestic issues.’ The complaining student was identified . . ., and the other student was identified as . . . Calixte. . . . Christopher was familiar with the reporting student because he had been a reliable witness in another unnamed investigation. . . . The day after the `domestic issues’ incident . . . Christopher met with the student. . . .
Memorandum in Support of Motion for Emergency Relief to Quash the Warrant and for Return of Property, In Re Matter of Search Warrant (Mass. Trial Court – Newton Division Docket No. 0912SW03) (hereafter, “Memo in Support”).

According to the Memo in Support, the informant told Christopher the following things about Calixte; he was a computer science major who a “`master of the trade’” and had a “reputation” as a “hacker;” he had “at some unspecified time and place” hacked the College computer system professors use to change grades and had illegally downloaded movies, music and software on his computer. The informant also told Christopher that Calixte “uses two different operating systems” (Windows and Linux) to “`hide his illegal activities.’” Memo in Support, supra. Finally, the informant said he suspected “Calixte was somehow causing the student’s computer to `crash’”. Memo in Support, supra.

In early March, the student who’d been involved in the “`domestic issues’” matter with Calixte was the subject of a mass email sent to the Boston College community
in which he was reported to be gay and coming out of the closet. A profile from a gay-oriented website (`adam4adam.com’) including a photograph of the student was attached to the emails. The emails were sent from Google’s gmail service and Yahoo! mail to a Boston College email list. . . . The student suffered stress due to these emails, so a non-police Administrator asked Boston College Director of Security David Escalante to try to find out who sent the emails. Mr. Escalante advised the Detective that he traced the emails back to Calixte.
Memo in Support, supra.

Detective Christopher used this and other information to get the warrant to search Calixte’s dorm room. Application for Search Warrant (Mass. Trial Court – Newton Division, Docket No. 0912SW03). The warrant authorized the officers to search for and seize the following items (among others): all objects capable of storing digital data in any form; all computer system documentation, including “access codes, passwords and/or protocols”; and “[a]ll evidence of ownership of, access to, and/or control over the Computer System” on March 1 and 7, 2009. Application for Search Warrant, supra. As I noted above, they executed the warrant on March 30. They seized Calixte’s cell phone, iPod, computers and disks. Memo in Support, supra.

On April 10, Calixte filed his motion to quash the warrant, as I noted earlier. He argues that the warrant issued in violation of the 4th Amendment and therefore was invalid:
The March 30th search and seizure were illegal, and the ongoing retention and analysis of Mr. Calixte’s property . . . violate his . . . constitutional rights. . . . Therefore, this Court should issue emergency relief by (1) quashing the warrant (2) ordering officers to cease searching and analysis the items seized (3) order the return of all property and data seized and (4) order that any stored copies of Mr. Calixte’s data be deleted.
Memo in Support, supra.

Calixte is claiming the warrant was invalid because it was not based on probable cause to believe he had committed a particular crime or crimes(s). If the warrant was not based on probable cause, then it did not comply with the requirements of the 4th Amendment, which means that the search of Calixte’s dorm room and the seizure of his property violated the 4th Amendment. In other words, if the warrant was not based on probable cause, the officers in effect searched his dorm room and seized his property without having ANY 4th Amendment authorization to do so.

Was the warrant based on probable cause? Well, I’m not really sure.

In the warrant application, Christopher says he’s looking for property that is (i) evidence of criminal activity and/or (ii) has been used as in committing a crime. He also says he has “probable cause to believe” that the items he seeks authorization to search for and seize “all constitute evidence of the crime of `Obtaining computer services by Fraud or Misrepresentation’ . . . and `Unauthorized access to a computer System’” Application for Search Warrant, supra. Both are crimes under Massachusetts law, so this is a state search, not a federal one.

So to be valid, the application for the warrant had to demonstrate that there was probable cause to believe evidence of either or both crimes would be found in Calixte’s dorm room. As Wikipedia notes, probable cause is evidence that is sufficient to justify a reasonable person’s belief that evidence of a crime will be found in a particular place. It is a lower standard of proof than the preponderance of the evidence (more likely than not) test used in civil trials, and a much lower standard than the beyond a reasonable doubt test used in criminal trials. The purpose is to ensure that a search warrant is not based on the perhaps subjective conclusions of an officer who is actively involved in an investigation; instead, it must be issued by a magistrate who must make the probable cause determination himself or herself, based on the information the officer seeking the warrant has provided.

That brings us back to Christopher’s application for the Calixte search warrant, which relies heavily on the allegations made by the student informant, the ones outlined above. It’s perfectly proper for an officer to rely on information from an informant in seeking a warrant, but when the officer relies on an informant, he has to be able to show both that the informant is credible and that he has good reason to know what he’s talking about. Since Christopher doesn’t identify the student informant, we don’t know if he’s a credible person or not; the magistrate can’t assume credibility in making her determination. The officer has to provide facts showing the informant is credible.

Here, Christopher relied on the investigation Escalante conducted, in which he traced the “suspect e-mails” to Calixte’s dorm room computer. Application for Search Warrant, supra. In the memorandum he submitted in support of his motion to quash the warrant, Calixte does not challege “the veracity of” Escalante’s conclusion or the investigation that led him to that conclusion. Memo in Support, supra. So we’ll assume Escalante correctly identified Calixte as the person who sent the emails that claimed the student informant was gay.

The results of Escalante’s investigation therefore corroborate what the student told Christopher, which both supports the student’s credibility (he was right) and shows he knows what he’s talking about. Since the focus of the investigation seems to be those emails, I can see a good argument that the warrant was supported by probable cause. Calixte’s attorneys argue that it was not, for two reasons: One is that the informant “has an ax to grind” with Calixte, which gives him a reason to lie to the officer. The other is that the corroboration of the student’s information did not extend to his claims that Calixte altered grades or was a hacker. Memo in Support, supra.

I’d argue that even if the student does have an ax to grind, the corroboration showed Calixte sent the emails that are the focus of the investigation. Since those emails are the focus of the investigation (at least that’s what I gather from the affidavit in support of the application for the search warrant), it’s immaterial that the other claims were not corroborated. (And even though they weren’t, a magistrate might be justified in finding that since the informant was right about the emails, he is likely to have been right about the other things, as well.)


Calixte’s lawyers spend most of their time arguing that nothing in the facts establishes probable cause to believe Calixte obtained computer services by fraud or gained access to a computer without being authorized to do so. Memo in Support, supra. I really don’t know enough about the facts in this case to say whether they’re right or not, but I can see a theory under which Calixte (assuming he did what he’s alleged to have done) can be held liable for committing either crime: If he used an alias to send out the emails in question, that may constitute fraudulently obtaining service from a commercial computer service. And the same premise could (I’m not saying it does, I’m saying could) support the charge that he gained access to the system without being authorized to do so; under this theory, the argument would be that even though Calixte was authorized to use the system under his own name because he was a BC student, he was not authorized to use it while employing an alias.

As I said, I don’t know -- and don’t have the facts to be able to determine -- if the evidence Christopher sought can support either or both charges. I can, though, see that as a possibility, which I think forecloses the court from granting Calixte’s motion and quashing the warrant at this point in the proceedings.

Before I quit, I want to address a claim I’ve seen in some stories, i.e., that “using Linux is a crime at Boston College.” According to the warrant application, the computer Calixte registered on the BC network and the computer that sent the emails both “ran the Ubuntu Linux operating system” which “is an uncommon operating system on the BC network.” Application for Search Warrant, supra. Escalante found that in “the five days prior to the incident only two users in [Calixte’s dorm] had computers running Ubuntu Linux.” Application for Search Warrans, supra. So his use of Linux is not being defined as a crime; instead, it’s simply evidence that connects Calixte to the emails at issue.

Friday, April 17, 2009

Reply E-Mail Doctrine?

As I explained in an earlier post, evidence has to be authenticated before it can be admitted in a trial or other legal proceeding. As I also explained there, authentication is intended to sure that the evidence to be admitted is what the proponent of the evidence (the party offering it) claims it is.

The federal system and all of the states state have rules that are used to determine when evidence can be admitted, and all of them deal with authentication. Rule 901(1) of the Federal Rules of Evidence, for example, says that the “requirement of authentication” of evidence “is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” Rule 901(4) of the Federal Rules of Evidence says one way evidence can be authenticated is by using its “[a]ppearance, contents, substance, internal patterns, or other distinctive characteristics, taken in conjunction with circumstances.”
And again, all the states have essentially identical provisions.


This post is about a particular application of the “distinctive characteristics” method of authenticating evidence. The issue we’ll be dealing with came up in Varkonyi v. State, 276 S.W.3d 27 (Texas Court of Appeals 2008). This is how the case began:
In July 2004, David Bazan and John Robert Armendariz, El Paso police officers, participated in an undercover operation involving [Varkonyi]. The investigation began when the police received information that a female student at El Paso Community College had applied for a job offered by [Varkonyi] but when she went to his home, he solicited her . . . to be featured on a pornographic website. Bazan . . . and Armendariz. . . .contacted [Varkonyi] and pretended to be customers who wanted assistance in developing a website involving cameras and pictures. They went to [his] home, spoke with him about launching the website, and explained that they wanted him to work as a consultant in setting up the computers and cameras. They also asked [Varkonyi] to show them how to operate the computer and the cameras. [Varkonyi] quoted them a fee for these services. Initially, they did not tell [him] they wanted to set up a pornographic website but [Varkonyi] asked several times what the website would involve. Finally, Armendariz asked [Varkonyi] if he objected to pornography.
Varkonyi v. State, supra.

Varkonyi said he did not object to pornography and proceeded to show the undercover officers “various images on his computer,” including one involving bestiality. Varkonyi v. State, supra. A week after this meeting, Armendariz, “using an address he set up as part of his undercover identity,” sent Varkonyi this email:
I'm just keeping in touch. . . . We're still working out the financial situation . . .but we are still moving forward with the plan. I'm still looking at an all Latina site with member wish list on videos and pics. . . . I've been looking at several sites to get ideas. By the way I've been searching for the . . .movie you showed us and wondering where you found it or if you can send me files. I have a girl I'd like to introduce you to . . . and we'll talk some trade offs at a later time. Can you give me a quote on a website construction base on the information I gave to you? And can we [illegible] another meeting at your best chance to talk some more ideas? If [illegible] would like we can meet at a club and get some drinks and see some ladies and get some more contacts.
Varkonyi v. State, supra. Armendariz then gets this email from Varkonyi’s email address:
I can't really quote you on the cost of designing your website without more specific info on what exactly you wish to show on each page, how different links/pages to determine bandwidth and space required number of DNS (Domain Names) you will want to use. Each name will have [illegible] registered and renewed yearly about $20/name. Monthly fees for [illegible] hosting and upkeep can be $30-$100/months plus shopping cart fees, depending on what you will choose to host. I attached one clip of the Pony enjoying himelf, on good faith. [illegible] can have more when I get to enjoy one of the ladies you offered to introduce to me. You can call me anytime for more info or to set-up another meeting.
Varkonyi v. State, supra. The bestiality movie attached was the one Varkonyi had shown the officers at their initial meeting. Varkonyi v. State, supra.

Varkonyi was charged with, and convicted of, promoting obscenity. Varkonyi v. State, supra. On appeal, he argued that the trial court erred in letting the prosecution introduce a printout of the email from Varkonyi and the attached bestiality movie. Varkonyi “objected that they were untrue and unsubstantiated. In support of his argument, [he] introduced evidence showing that it is easy to create an e-mail address using someone else’s name.” Varkonyi v. State, supra. In an effort to prove his point, Varkonyi “created an e-mail address using the prosecutor’s name and sent an obscene picture, purportedly from the prosecutor, to [Varkonyi’s] e-mail address.” Varkonyi v. State, supra.

On appeal, Varkonyi argued that the email and attached video were not properly admitted into evidence at trial “because they were not properly authenticated.” Varkonyi v. State, supra.

In ruling on his argument, the Texas Court of Appeals noted that Texas’ version of Federal Rule of Evidence 901(1) permits evidence to be introduced if it is authenticated under the “distinctive characteristic” principle included in Federal Rule of Evidence 901(4). The Texas Court of Appeals then noted how the “reply-letter doctrine” fits into the “distinctive characteristic” principle of authentication:
[A] letter is properly authenticated under [Texas Rule of Evidence] 901(b)(4) if its appearance, contents, . . . or other distinctive characteristics, taken in conjunction with circumstances, support a finding that the document is what its proponent claims. . . . The Texas Rules of Evidence Handbook identifies [a] traditional method of authentication . . . known as the `reply-letter doctrine.’ . . . [A] letter received in the due course of mail purportedly in answer to another letter is prima facie genuine and admissible without further proof of authenticity. . . . A reply letter needs no further authentication because it is unlikely that anyone other than the purported writer would know of and respond to the contents of the earlier letter addressed to him. . . . Because the reply-letter doctrine has been applied to telegrams, [the author of the Handbook] reasons that it logically would apply to e-mail communications. . . .
Varkonyi v. State, supra.

The Court of Appeals explained that the prosecution had used the reply-letter (or reply-email) doctrine to authenticate Varkonyi’s email and its attachment:
Armendariz testified . . . he received the e-mail and attached video from [Varkonyi] in direct response to an e-mail sent by Armendariz to [Varkonyi] inquiring whether [Varkonyi] would send him the `horse movie’ file. Under the reply letter doctrine, the e-mail is authenticated. . . . The evidence . . . established that [Varkonyi] showed the bestiality video to the officers in his home. In his e-mail sent to [Varkonyi’s] e-mail address, Armendariz stated he had been searching for the horse movie `you showed us’ and asked whether Appellant would either tell him where he found it or send him the file. In direct response to this e-mail, Appellant replied, “I attached one clip of the Pony enjoying himself. . . . Armendariz expressly testified that he received the e-mail with the attached video and the officers identified the video attached to the e-mail as the same one shown to them in Appellant's home. [Varkonyi] was in a unique position of knowing that Armendariz's inquiry about the `horse movie’ concerned the bestiality video seen when the officers were at [Varkonyi’s] home.
Varkonyi v. State, supra.

The Court of Appeals therefore held that the email and attachment were properly authenticated and properly introduced into evidence at trial. Varkonyi v. State, supra. Varkonyi lost on that and the other issues he raised, so the court upheld his conviction. Varkonyi v. State, supra.

The Varkonyi case is the only reported case I can find that specifically upheld the use of the reply-letter doctrine to authenticate email. An Illinois court addressed the issue after a fashion in People v. Downin, 357 Ill.App.3d 193, 828 N.E.2d 341 (Illinois Court of Appeals 2005). In arguing that emails were improperly admitted at his trial, Downin claimed that “the characteristics of e-mails preclude the application of standards used to authenticate reply letters”. People v. Downin, supra.

Instead of directly addressing that issue, the Illinois Court of Appeals found that “the similarities between the two offer guidance in determining the authenticity of the e-mail copies” at issue in the Downin case. People v. Downin, supra. In Downin, a deputy suggested to the victim that she send an email to Downin from the public safety building, presumably to provide a basis for invoking the reply-letter doctrine at trial. People v. Downin, supra. She did, using the email address she had used on

all prior occasions. Jennifer testified she received a reply from Downin's e-mail address at her e-mail address, the same address Downin had previously used to communicate with her. The reply e-mail was responsive to the e-mail Jennifer sent and she testified it contained information known exclusively to her and Downin.
People v. Downin, supra. The Illinois court found that based on this, it was not error for the trial court to have admitted printed versions of two emails Downin had allegedly sent Jennifer on prior occasions. People v. Downin, supra.

Wednesday, April 15, 2009

Substantially Contemporaneous

In an earlier post, I explained that search incident to arrest – usually truncated as “search incident” – is an exception to the 4th Amendment’s requirement that law enforcement officers get a warrant before searching someone or something.

This post was prompted by a question I got recently: whether officers can rely on the search incident exception to search a cell phone AFTER the person has been arrested and taken away.

The specific issue was whether officers can check a cell phone out of the property room at the police station and go through it; the scenario assumes that the cell phone was seized in the course of an arrest that happened hours or even days earlier.


In Shipley v. California, 395 U.S. 818 (1969), the U.S. Supreme Court noted it had “consistently held that a search `can be incident to an arrest only if it is substantially contemporaneous with the arrest’”. That raises the issue of when a search incident is, and is not, “substantially contemporaneous” with the arrest.

The resolution of that issue is complicated by two subsequent Supreme Court decisions. In United States v. Edwards, 415 U.S. 800 (1974), the Court held that the search of an arrestee’s clothing at the jail was valid under the search incident exception. Edwards was arrested “[s]hortly after 11 p.m.”, taken to the jail and put in a cell. U.S. v. Edwards, supra. He was charged with trying to break into the post office; the person who tried to break in used a crowbar on a window and left paint chips on the windowsill. U.S. v. Edwards, supra. The police wanted to check Edwards’ clothes to see if there were paint chips on them, but didn’t have anything for him to wear. The next morning, they bought “trousers and a T-shirt”, had him change into those clothes and took his clothes, which were tested for paint chips. U.S. v. Edwards, supra.

Edwards moved to suppress the paint chips found on the clothes they took from him at the jail. U.S. v. Edwards, supra. The state claimed it was a valid search incident, and the Supreme Court agreed. In upholding the search, the Supreme Court quoted a lower court, which held that “`the legal arrest of a person . . . it does -- for at least a reasonable time and to a reasonable extent -- take his . . . privacy out of the realm of protection from police interest in weapons, means of escape, and evidence.'” U.S. v. Edwards, supra (quoting U.S. v. DeLeo, 422 F.2d 487 (U.S. Court of Appeals for the First Circuit 1970)).

In 1977, the U.S. Supreme Court decided a case that may have added another layer to the search incident analysis. In U.S. v. Chadwick, 433 U.S.1 (1977), federal agents arrested Chadwick and two other people and seized a footlocker they had put into the trunk of a car. The agents took the arrestees and the footlocker to the Federal Building; they finally searched the footlocker an hour and a half after making the arrests. U.S. v. Chadwick, supra. The government claimed the search of the footlocker was valid as a search incident to arrest but the Supreme Court disagreed.

The search incident exception has two parts: officers can search the person who is being arrested; and they can search the area immediately around the person when they are arrested. The justification for both searches is to find weapons the person could use against police or evidence he/she could destroy. U.S. v. Robinson, 414 U.S. 218 (U.S. Supreme Court 1973). The Chadwick Court found that warrantless searches can’t be justified as incident to an
arrest if the `search is remote in time or place from the arrest’ . . . or no exigency exists. Once law enforcement officers have reduced . . . personal property not immediately associated with the person of the arrestee to their exclusive control, and there is no longer any danger the arrestee might gain access to the property to seize a weapon or destroy evidence, a search of that property is no longer an incident of the arrest.
U.S. v. Chadwick, supra.

These cases establish the framework lower courts have applied in deciding whether a search of a cell phone was “substantially contemporaneous” with an arrest. I’ve found a few lower court cases in which this particular issue came up (though it’s come up in a lot of cases involving other types of property).

In U.S. v. Finley. 477 F.3d 250 (U.S. Court of Appeals for the Fifth Circuit 2007), police arrested Finley and his friend Brown while conducting a drug investigation. When they arrested Finley, they seized his cell phone; the officers then took the two men to Brown’s home, where other officers were executing a search warrant as part of the same investigation. While they were at Brown’s home, two officers “interviewed Finley outside the home.” U.S. v. Finley, supra. During the questioning, one of the officers searched his cell phone and found evidence the government wanted to use against Finley. U.S. v. Finley, supra.

When Finley moved to suppress the evidence found on his cell phone, the government claimed the search was valid as a search incident to arrest. Finley apparently relied on Chadwick in arguing it was not a valid search incident, but the Fifth Circuit Court of Appeals distinguished the cell phone search from the search in Chadwick. It found that Chadwick was “inapplicable” to the Finley search: “Finley's cell phone does not fit into the category of `property not immediately associated with [his] person’ because it was on his person at the time of his arrest.” U.S. v. Finley, supra.

A federal district court reached a different conclusion in U.S. v. Park, 2007 WL 1521573 (U.S. District Court for the Northern District of California 2007). In Park, officers executed a search warrant for drugs at an address in San Francisco. They arrested four men who were suspected of being involved in the drug activity being investigated; all either showed up at the premises while the warrant was being executed or, in one instance, tried to leave the premises while the search was going on. U.S. v. Park, supra. The only thing that’s clear about what happened to their cell phones is that officers searched them, at some point (maybe more than once).

When one of the defendants moved to suppress evidence found on his cell phone, the federal court considered statements from the officers involved and from a DEA agent involved in executing the search warrant and arresting the suspects. The federal judge found that the officers and the DEA agent gave conflicting statements as to when the cell phones were searched. From statements summarized in the court’s opinion, it looks like the phones were searched after the men had been booked into the jail and after their phones had been taken from them, sealed into “property envelopes” and taken wherever the jail stored items seized from arrestees. The statements of the officers tended to say that they didn’t recall exactly when they searched the cell phones. U.S. v. Park, supra.

The government seems to have relied on Finley in arguing that the search of Park’s cell phone was a valid search incident to arrest. The federal judge in the Park case did not find Findley to be applicable to the facts in the case before him:
The facts in Finley differ . . . from the facts here, since in Finley the search of defendant's cell phone at the passenger's residence was `substantially contemporaneous’ with defendant's arrest; here, the search of the cell phone was not contemporaneous with arrest. More fundamentally, however, this Court finds . . . that for purposes of Fourth Amendment analysis cellular phones should be considered `possessions within an arrestee's immediate control’ and not part of `the person. Chadwick, [supra]. This is so because modern cellular phones have the capacity for storing immense amounts of private information. Unlike pagers or address books, modern cell phones record incoming and outgoing calls, and can also contain address books, calendars, voice and text messages, email, video and pictures. Individuals can store highly personal information on their cell phones, and can record their most private thoughts and conversations on their cell phones through email and text, voice and instant messages.
U.S. v. Park, supra. The Park court also noted that the searches in the Park case went
far beyond the original rationales for searches incident to arrest, which were to remove weapons to ensure the safety of officers . . . and the need to prevent . . . destruction of evidence. . . . Inspector Martinovich stated that he initiated the searches because `evidence of marijuana trafficking and/or cultivation might be found in each of the cellular telephones.’ . . . Officers did not search the phones out of a concern for officer safety, or to prevent the concealment or destruction of evidence. Instead, the purpose was purely investigatory. Once the officers lawfully seized defendants' cellular phones, officers could have sought a warrant to search the contents of the cellular phones.
U.S. v. Park, supra.

Finally, while an Ohio court acknowledged the Park court’s concern about “the enormous amount of private information subject to a search of cell phones,” it found that Finley controlled the cell phone search at issue in State v. Smith, 2008 WL 2861693 (Ohio Court of Appeals 2008). Local police arrested Smith for trafficking in crack cocaine and searched his cell phone “prior to booking him into jail.” State v. Smith, supra. He later moved to suppress the evidence officers found on the cell. The Court of Appeals denied the motion. It found that while the evidence showed that the officers “obtained Smith’s cell phone immediately from his person” while making the arrest, it was unclear if they searched the phone's
call records and numbers at the scene of the arrest or later at the station when they were securing the evidence. The trial court's decision, to which we agree, implies that both times are substantially contemporaneous to the arrest. This reasoning encompasses the holdings in both Finley and Edwards regarding a search incident . . . of items found on one's person. See Finley (`as long as the administrative process incident to the arrest . . . have not been completed, a search of effects seized from the defendant's person is incident to the defendant's arrest.’). See, also, Edwards (`[S]earches . . . that could be made on the spot at the time of arrest may legally be conducted later when the accused arrives at the place of detention.’).”

Monday, April 13, 2009

Exigent Seizure of a Computer

Last fall, I did a post about how police can lawfully search a computer without getting a search warrant. This post is about how the same principle applies in a different context: seizing computers instead of searching them.

As I’ve noted before, the 4th Amendment gives the right to be free from unreasonable searches (which violate a legitimate expectation of privacy in a place or thing) and seizures (which violate our right to possess and use property).


Searches and seizures usually go together. When police are investigating a crime, they’re usually searching for evidence, which they seize when they find it. As I’ve noted, search warrants really should be called “search and seizure warrants” because when police search for and find evidence, they’re obviously not going to go away and leave it where they found it.

Sometimes, though, the order is reversed. Sometimes police seize something they think contains evidence and search it later. This post is about a case in which a Massachusetts police officer did just that.

The case is Commonwealth v. Kaupp, 453 Mass. 102, 899 N.E.2d 809 (Supreme Court of Massachusetts 2009) and here are the facts that led to the seizure in question:
On May 21, 2002, James Smyth, . . . the technology director at the Northeast Metropolitan Vocational High School . . . , was informed that an unauthorized computer named Joester7437 was connected to the high school's network. James directed Holly Shepardson, a network specialist . . ., to investigate Joester's contents and physical location on the school's premises. From her computer, Shepardson accessed Joester's open share on the high school's network. Shepardson found hacking tools, games, and pirated movies, and reported the same to James, prompting him to report the breach to a school administrator. Shepardson continued to examine Joester's open share and found a file . . . that depicted pornographic images of two females, one of whom appeared to be in her late teens and another who appeared to be between nine and twelve years old. While James was apprising vice-principal Theodore Nickole of the breach, Shepardson informed them of the pornography she found in Joester's open share. James accessed Joester's open share and observed a pornographic image of a girl around ten. Officer Maglio, assigned to the high school,. . . . contacted the Wakefield police . . . for assistance.

Shepardson reported Joester's presence on the network to Timothy Smyth, . . . the school's network manager. While trying to ascertain Joester's physical location . . . Timothy detected what appeared to be five unauthorized computers on the school's network. Within one hour, Timothy told James he was `fairly certain’ the unauthorized computers were in the electronics shop where [Kaupp] was an instructor.

[V]ice-principals Nickole and Antonelli went to the electronics shop and asked the students and [Kaupp] to go to the library. Sometime thereafter, Officer Maglio and Detective James, a member of the Medford police department's computer crime unit, arrived at the electronics shop. Detective James spoke with James and Timothy as to what they observed in Joester's open share. With the permission of Antonelli and James, Detective James, using his own notebook computer, accessed the school's network and opened Joester's open share. He found . . .several movies, including `Spiderman.’ Detective James concluded the copy of `Spiderman’ was unauthorized, as the movie had been released in theaters only recently. Detective James also found a motion picture file titled, `Beautiful Lolita Sandra Masturbates,’ showing what appeared to be a young girl masturbating. With Timothy's assistance, Detective James located the Joester computer in the electronics shop and turned it off. The Joester computer, which was later determined to belong to a student, was seized and transported to the Wakefield police department.

While searching for unauthorized computers in the electronics shop, Timothy came across a school-owned server named Nightcrawler in [Kaupp’s] office, . . . adjacent to the electronics shop. Nightcrawler's screen displayed an open share containing the titles of several movies, including `Spiderman,’ `Top Gun,’ and `A Knight's Tale.’ The source of the open share was Sinister, another unauthorized computer logged onto the high school's network. Timothy did not see any pornographic materials in Sinister's open share. Sinister was also found in [Kaupp’s] office. However, Timothy could not log onto Sinister as it was password protected.

Detective James, having been apprised of Timothy's observations of pirated movies on Sinister's open share, seized Sinister, which belonged to [Kaupp] on probable cause to believe it contained child pornography and copyrighted intellectual property. [He] did not look at the contents of Sinister's open share prior to securing it.
Commonwealth v. Kaupp, supra. They apparently found child pornography on Sinister because Kaupp was charged with possessing child pornography and moved to suppress the evidence found in Sinister. Commonwealth v. Kaupp, supra.

The Massachusetts Supreme Court held that Sinister was properly seized under the exigent circumstances exception to the 4th Amendment’s warrant requirement. As I explained in an earlier post, the exigent circumstances exception lets police search and/or seize without a warrant when they don’t have time to get a search or arrest warrant. If, for example, police know a kidnapper has taken his captive into a building, they don’t have to get a search warrant to be able to go in and get the victim without violating the 4th Amendment. The exigency – the need, in this example, to ensure the safety of the victim – justifies their proceeding without a warrant, as long as they have probable cause to believe that the kidnapper and victim are in the place they intend to enter.

In this case, the Massachusetts Supreme Court held that the seizure of Sinister was justified under the exigent circumstances exception:
Timothy's observation of the then recently released movie `Spiderman’ on Sinister's open share furnished probable cause to believe that Sinister contained pirated movies, prompting Detective James to impound Sinister. Detective James refrained from searching Sinister's contents until the search warrant issued. . . . Given the ease with which computer files may be accessed and deleted, and the disruption that would have been created by posting an officer in the defendant's office and preventing students from entering pending the issuance of a search warrant, we conclude that the seizure was reasonable.
Commonwealth v. Kaupp, supra. The court also found that ONLY the seizure of Sinister was justified under the exception:
The Commonwealth contends, and we agree, that the potential destruction or loss of evidence on Sinister created an exigency justifying the warrantless seizure of Sinister. . . . However, the Commonwealth maintains police did not need a warrant to search Sinister's contents because they seized Sinister pursuant to the exigent circumstances exception to the warrant requirement. We disagree. As we have noted, `an officer's authority to possess a package is distinct from his authority to examine its contents.’ Commonwealth v. Varney, 391 Mass. 34, 39 n. 4, 461 N.E.2d 177 (1984). . . . The exigency necessitating Sinister's seizure dissipated once the computer had been secured, requiring the police to seek a search warrant to conduct a forensic analysis of Sinister's contents.
Commonwealth v. Kaupp, supra.

Kaupp also seems to have argued that the trial court denied his motion to suppress evidence found on Sinister because the school consented to a search of Sinister. The Massachusetts Supreme Court noted that the lower court judge “did not conclude that the school had consented to Sinister's seizure. Rather, she correctly ruled that the school consented to a search of its network, which included Sinister's open share.” Commonwealth v. Kaupp, supra.

The school could not have consented to a search of Sinister because it was password protected. As I’ve explained before, for a consent to search to be valid, the person who gives the consent must have had the authority to authorize a search of the property. As I’ve also explained, your authority to consent to a search of property – a computer, a room, a car – is based on your having the right to use that property. The Supreme Court has said that joint users of property can consent to the search of that property. The high school could consent to a search of its network, but could not consent to a search of Sinister because Sinister was password-protected. Since Sinister was password-protected, school personnel (other than Kaupp) could not access it; since they could not access it, they didn’t have the authority (or the ability) to consent to a search of it.