Friday, May 29, 2009

Inevitable Discovery

This is another post about the rules that dictate what police can and cannot do in seizing evidence, including computers and laptops.

Unlike my earlier posts on this topic, this post is really about the remedy that is used to enforce those rules.

As I’ve explained in earlier posts, the 4th Amendment creates a right to be free from “unreasonable” searches and seizures conducted by law enforcement. As I’ve also explained, in order to be “reasonable” a search or seizure must be authorized either by a search (and seizure) warrant or by an exception to the 4th Amendment’s warrant requirement.

If the police conduct a search and/or seizure without complying with the 4th Amendment requirements, the search/seizure was unreasonable and is unconstitutional. This means the search/seizure violated someone’s 4th Amendment rights, and there has to be some remedy, some sanction, for the violation. If law enforcement officers can violate people’s constitutional rights with no adverse consequences, there is no incentive for them to abide by the law.

Since 1961, the remedy for law enforcement’s violating someone’s 4th Amendment rights is suppression of the evidence resulting from the violation; the U.S. Supreme Court adopted this principle – known as the exclusionary rule – in 1961 in Mapp v. Ohio. The premise behind the exclusionary rule is that if officers know they can’t use the evidence they obtain by violating the 4th Amendment, they will be much less likely to violate it. The assumption is that the only reason officers violate the 4th Amendment is obtain evidence to be used in prosecuting someone for a crime.

As is often true in the law, though, there are exceptions to the exclusionary rule. One of the exceptions is the inevitable discovery principle. As Wikipedia explains, the principle
allows evidence of a defendant's guilt that would otherwise be considered inadmissible under the exclusionary rule to be admitted into evidence in a trial.

The doctrine . . . . holds that evidence obtained through an unlawful search or seizure is admissible in court if it can be established, to a very high degree of probability, that normal police investigation would have inevitably led to the discovery of the evidence.
The rationale for the inevitable discovery principle is, as Wikipedia explains, that since the exclusionary rule was created “to deter police . . . misconduct, excluding evidence that would inevitably . . . have been discovered otherwise would not serve to deter police misconduct.”

The New Jersey Superior Court – Appellate Division recently analyzed the applicability of the inevitable discovery principle in State v. Finesmith, 406 N.J.Super. 510, 968 A.2d 715 (2009). I won’t go into detail on the facts in the case, because a lot was going on, most of which isn’t relevant to the inevitable discovery issue.

Basically, in 2005 the New Jersey State Police received information from the Wyoming Crimes Against Children Task Force that certain IP addresses “located in New Jersey had been making pornographic videos involving children available through peer-to-peer file-sharing networks.” The New Jersey State Police traced one of the IP addresses to the home of Ross Finesmith and his wife, Leslie. Based on that and other evidence, the State Police obtained a warrant to search the home for “computers, pornographic videos involving children and other related materials.” State v. Finesmith, supra.

As the officers prepared to execute the warrant, one of them asked Leslie Finesmith where the computers in the house were located. She told him; she also told him there was another computer Ross Finesmith carried back and forth from his home to his office. She also told the officer that (i) Ross used the laptop to access the Internet from home and (ii) she didn’t know where it was. Later, after officers had found the other computers and found child pornography on one of them, a detective asked Ross where the laptop was. Ross told him it was “`at the office.’” State v. Finesmith, supra. The detective sent an officer to Ross’ office to get the laptop, but it wasn’t there. When the detective told Ross the laptop wasn’t at his office, Ross said “`I forgot. It’s at home in my van.’” The detective asked Ross to consent to a search of the van, which he did; in the interim the officers had finished searching the Ross home and left. After the detective got Ross to sign a form consenting to the search of the van, officers went back to the Ross home, searched the van, found the laptop, seized it and found evidence on it.

The problem was that the detective asked Ross about the laptop after he’d given Ross the Miranda warnings and Ross had asked for a lawyer. Once you’re in police custody, are given the Miranda warnings and ask for a lawyer, police can’t ask you any questions about the crime(s) they’re investigating. If they do, that violates Miranda. After Ross was indicted for endangering the welfare of a child “based on his alleged distribution of child pornography from a computer in his home”, he moved to suppress the evidence found on the laptop, arguing that his consent to search the van was invalid because the police didn’t honor his Miranda right to counsel. State v. Finesmith, supra. The trial court agreed: It held that “because Detective Gorman had failed to honor defendant's request for counsel . . . [his] consent to the search of his van for the laptop was invalid.” State v. Finesmith, supra. Since the consent was invalid, the search of the van violated the 4th Amendment. (As I’ve explained, consent is an exception to the 4th Amendment’s requirement that police get a warrant to search a place and seize items.)

Since the search of the van violated the 4th Amendment, the evidence would have been suppressed, but the trial court held that the inevitable discovery principle applied. To reach that result, it had to deal with another issue: For the inevitable discovery principle to apply, the prosecution has to show it’s very likely that the police would have found the evidence even without the conduct that violated the 4th Amendment.

So for the principle to apply in this case, the police had to show it was very likely they would have found the laptop anyway. Ross said it was not likely because the police had finished searching his home and left; he said since they’d left his home (and the van), there was no way the police would have found the laptop in the van, absent Detective Gorman’s obtaining his consent to a search of the van. The trial court did not agree:
[T]he search for the laptop never really stopped. . . . the reentry to the home was a continuation of the original search. The police were led away from the home . . . because of some misstatements that were offered by the Defendant as to the laptop being in his Morristown office. . .

Had the laptop not been discovered at the home by comments from the Defendant, there's little doubt the investigation would have continued until [it] was recovered. At the end of the first search, it was not only known that the laptop existed, but also that it was used primarily by the Defendant.

Child pornography had already been found on the basement computer. It's apparent to me the police would have continued in searching for the laptop. The exclusionary rule is meant to [e]nsure the State does not profit from illegal activity by the police. However, the rule is not so broad as to make the State worse off than if the illegal activity had not occurred. . . .

It's clear to me that the police knowing the nature of the case, knowing that they had child pornography in the basement, knowing that the laptop existed, knowing that the Defendant used that same laptop to plug into the home system, would have continued. The discovery is inevitable.
State v. Finesmith, supra. Ross Finesmith appealed.

The appellate court noted that at the hearing on Ross’s motion to suppress the laptop it contained, Detective Gorman talked about what he would have done to find it:
I realized that laptop was a critical piece of evidence. . . . Had . . . he not told me where it was . . . we would have taken any necessary steps to locate that laptop. I would have advised everyone on the search [team] that there was a missing piece of evidence, there is something that we missed, most likely at the house. We would have to revisit that. We would have to go back into that house and search the house.
State v, Finesmith, supra. The appellate court upheld the trial court’s ruling:
[T]he trial court correctly concluded that the laptop was admissible under the inevitable discovery exception to the exclusionary rule even though the police determined its location as a result of a suppressed statement by defendant. The execution of a search warrant is . . . a `proper, normal and specific investigatory procedure [ ].’ . . . Moreover, the court's finding that the search pursuant to that warrant would have been continued until the laptop was discovered, regardless of what defendant told the police about its location, is supported by sufficient credible evidence, in particular Detective Gorman's testimony. . . .
State v. Finesmith, supra.

Finesmith was allowed to appeal the trial court’s ruling on the motion to suppress before the case went to trial, probably because the laptop and the evidence on it were essential to the prosecution’s case. His losing on appeal means the case will be going to trial at some point; an article published at the end of April said no trial date had been set, at least not at that point.

Wednesday, May 27, 2009

Virtual Extortion?

Maybe you saw this story: A Chinese man (whose name is not given) has been sentenced to serve three years in prison for extorting “virtual items and currency” from a “fellow Internet café user.” The currency was worth 100,000 yuan or $14,700.

The man who’s sentenced to three years and the three friends who helped him also “extorted virtual equipment for online games” from their victim. The friends only seem to have been given a fine; the primary extortionist got both a fine and a jail time.

The virtual currency was QQ coins, which are sold by Tencent, a Chinese web portal; QQ coins can be used to buy items in online games pay for using Tencent’s chat client, QQ. According to the PC World story, QQ had 377,000,000 active users at the end of last year, so it’s obviously very popular, which presumably means QQ coins are in great demand.

The story also says Chinese law doesn’t protect virtual property – which I assume means Chinese law doesn’t recognize virtual property as something that has value and can be owned – but the court in this case held that the goods these guys took should be protected “because the victim spent time and money” to acquire them.

I did a post on virtual property a couple of years ago. In that post I basically defined virtual property as property that exists only in digital form and is used only in an online world. I also said digital property only has value in an online world, but that’s not really what I meant; if virtual property has value in an online world, you can sell it to someone for real-world currency. As I’m sure all of us know, there’s a thriving market in virtual goods and currency; Linden Lab’s Linden dollars, for example, are traded on several currency exchanges and various game goods and property are sold on eBay and in other online marketplaces. So if someone creates value in a game world – by, say, buying virtual land and building a castle on it – they can trade that value for real world currency (or for in-world currency, or just keep it and use it themselves).

In that post , I also argued that law should – if it already does not – protect the ownership of virtual property just as it protects tangible, real-world and intangible property that is created and used in the real-world (intellectual property, etc.). I’m really not sure how far U.S. law, for example, has progressed in that direction because that issue that falls more in the area of expertise of lawyers who specialize in property and intellectual property than in the area of criminal law.

As I noted in an earlier post, U.S. criminal law has for some time protected certain types of intangible property. There’s an Oregon case, for example, in which the defendant was prosecuted for computer theft based on copying a password file that belonged to his employer. As far as I can tell, the intangible property U.S. criminal law protects is really property that has value only in the real-world: e.g., passwords to access accounts on a corporate computer system, trade secrets, etc. I’m not saying those laws don’t protect what I’m calling virtual property; I’m saying that issue hasn’t come up yet, at least not in the criminal context.

That led me to wonder how the Chinese case would be handled in the U.S. So let’s assume the same thing happened as happened in China: the primary perpetrator (we’ll call him Mr. X) and his three cohorts beat up the victim (John Doe) to get him to turn over his virtual property.

Under the Model Penal Code – a template of criminal laws drafted by the America Law Institute which shaped contemporary U.S. criminal law – extortion is defined as follows: “A person is guilty of theft [by extortion] if he purposely obtains property of another by threatening to inflict bodily injury on anyone”. Model Penal Code § 223.4(1).

Clearly, what Mr. X and his buddies did would qualify as extortion: We know they didn’t just threaten to beat up John Doe; they actually beat him up. I suspect, though, that they may have told him at the outset that they’d beat him up if he didn’t give them what they wanted and when he refused, they beat him up to show they were serious. And a threat was implicit in the beating and in the cessation(s) of the beating that came when they asked John Doe if he’d changed his mind, i.e., if he was now willing to give them the property or face more physical abuse.

(I’m assuming that the beating they gave him and the beating they let him know would follow if he didn’t give them the property inflicted or would have inflicted bodily injury on him. And since it’s clear they beat him and at least implicitly threatened him with more beating in order to get him to give them the property, they clearly acted for the purpose of obtaining property of another . . . so we have the necessary intent, or mens rea.)

The critical question, then, is whether they obtained “property” from him. The Model Penal Code defines property as “anything of value, including real estate, tangible and intangible personal property, contract rights, choses-in-action and other interests in or claims to wealth, admission or transportation tickets, captured or domestic animals, food and drink, electric or other power.” Model Penal Code § 223.0(6). (If you’re wondering, a chose in action is “essentially a right to sue.”)

I can’t find any reported cases in which the defendant was charged with extortion based on his or her using the threat of physical injury to force someone to surrender virtual property. It seems to me the Model Penal Code’s definition of property – especially intangible property – would encompass virtual property. At least a few states have updated the definition of property used in their criminal statutes, including extortion statutes, to make it clear that digital property is included in it. Here’s the New Jersey statute that defines “property” as the term is used in extortion, theft and other property crimes:
`Property’ means anything of value, including real estate, tangible and intangible personal property, trade secrets, contract rights, choses in action and other interests in or claims to wealth, admission or transportation tickets, captured or domestic animals, food and drink, electric, gas, steam or other power, financial instruments, information, data, and computer software, in either human readable or computer readable form, copies or originals.
New Jersey Statutes § 2C:20-1(g). Based on some quick research, it looks like eight or nine other states have added essentially the same language to their definitions of property in their criminal codes.

Do I think the New Jersey legislature meant to include virtual property in this definition? I don’t know, but I’m pretty sure they didn’t, because they added the data and software part of the definition in 1984, long before we had the Internet and, I think, long before even the text-based virtual worlds were popular. It doesn’t really matter whether they meant to include it or not; it looks to me like this language clearly encompasses virtual property.

(Of course, I could see a defense attorney arguing that this definition encompasses only the data that is used to create what we perceive as, and treat as, virtual property. That argument might come up if the defense wanted to show not that virtual property wasn’t property, but that it’s value was much lower than claimed, which could reduce the level of the offense being charged and/or the sentence imposed.)

It looks, then, like what Mr. X and his buddies did could be prosecuted as extortion in the nine or ten states that specifically include data and information within their definitions of property. I they could also be prosecuted in states that still have the basic Model Penal Code definition, too, because I think the intangible property alternative would encompass virtual property. I’m not saying the defense can’t argue otherwise; I’m saying I think the prosecution would have a really good argument that the theft of virtual property like the QQ coins could be prosecuted as extortion.

And that brings me to the final question: What would happen in this country if John Doe went to his local police department and told them some guys had beaten him up and taken his virtual currency and virtual property? Would the police take him seriously? Would they launch an investigation? And what about the prosecutor? Would a country district attorney (or an assistant district attorney) be willing to pursue this case and take it to trial or to a plea?

I don’t know. I remember reading a news story several years ago about a fellow who had something similar happen to his virtual property; he went to the local police and, according to what the told the reporter who wrote the story, they told him there was no crime because nothing “real” had been taken. Now, that was several years ago, and police are probably more aware of online worlds and all of this, or at least some police officers are.

Would that, though, translate into an investigation and prosecution? If you’re a police officer and/or a prosecutor and you’re already overwhelmed with cases in which people are stealing and extorting property and inflicting other harms on their fellow citizens in the real, physical world, would you dedicate some of your resources to pursuing a case like this?

Monday, May 25, 2009

Franks v. Delaware

In Franks v. Delaware, 438 U.S. 154 (1978), the U.S. Supreme Court considered the issue of false information’s being used to get a search warrant. This post is about a case that applied the Franks decision to email, but before we get to that case, I need to provide a little context.

When a police officer wants a warrant to search a particular place for evidence and seize any evidence he finds, he has to go to a federal or state magistrate (a judge). To get the warrant, the officer has to submit an application that explains, in detail, where he wants to search and what he wants to search for and seize. He also has to demonstrate to the magistrate that there is probable cause to believe the items he wants to search for and seize (i) are evidence of a crime and (ii) will be found in the place he wants to search.

To establish probable cause, the officer submits an affidavit (a sworn statement) in which he describes what he’s learned from his investigation and other sources. The officer is presumed to be telling the truth, not because he’s an officer but because he’s making the statements in the affidavit under oath. If the officer includes statements from third-parties, especially unidentified third-parties, he will have to include information that demonstrates why the magistrate should believe them and why the magistrate should decide they know what they’re talking about.

In Franks v. Delaware, Jerome Franks, who was charged with rape, kidnapping and burglary, moved to suppress evidence police had found when they executed a search warrant at his apartment. Franks argued that the affidavit the detective handling the case submitted to get the warrant included false statements, statements that went to the issue of whether there was probable cause to search his apartment. The trial court denied his motion, and when he appealed to the Supreme Court of Delaware, that court held that “a defendant under no circumstances may so challenge the veracity of a sworn statement used by police to procure a search warrant.” Franks v. Delaware, supra. The case went to the Supreme Court, which reversed. The Supreme Court held that when a
defendant makes a substantial . . . showing that a false statement knowingly and intentionally, or with reckless disregard for the truth, was included . . . in the warrant affidavit, and if the allegedly false statement is necessary to the finding of probable cause, the Fourth Amendment requires that a hearing be held at the defendant's request. In the event that at that hearing the allegation of perjury or reckless disregard is established by the defendant by a preponderance of the evidence, and, with the affidavit's false material set to one side, the affidavit's remaining content is insufficient to establish probable cause, the search warrant must be voided and the fruits of the search excluded to the same extent as if probable cause was lacking on the face of the affidavit.
Franks v. Delaware, supra.

That brings us to U.S. v. Hanna, 2008 WL 2478830 (U.S. District Court for the Eastern District of Michigan 2008). Dawn and Darrin Hanna were charged with conspiracy to export telecommunications equipment and global positioning system to Iraq, exporting or attempting to export such equipment and conspiracy to commit money laundering. U.S. v. Hanna, supra.
[F]rom 2001 through 2003, Defendants . . . exported telecommunications and other equipment to Iraq in violation of an economic embargo. . . . Darrin Hanna was the president and owner of TIGS; Dawn Hanna was the vice president of sales. According to its website, TIGS `provides customers with computer systems and software for sales, operations, management information systems, network systems design and administration and product research and development.’ . . . The government contends that Defendants worked with others, including Emad Yawer and his Jordanian company, Advanced Technical Systems (`ATS’), as well as an ATS-affiliated company, Dresser International Group, and its general manger, Walid Al-Ali a/k/a Walied Al-Aly. Defendants also worked with Skyport Freight, a freight forwarder in London. . . .

Defendants purchased equipment from domestic and European suppliers and shipped the equipment to Iraq via Syria. After Defendants had completed four shipments, and received approximately $9.5 million in proceeds, customs officials in England intercepted a shipment. A subsequent shipment was intercepted in Chicago.

The government . . . sought the two search warrants challenged here in June 2004. The facts supporting the requests for the search warrants are detailed in the affidavit of Brian C. Wallace, United States Immigration and Customs Enforcement Special Agent.
U.S. v. Hanna, supra. Agent Wallace used a single affidavit to get both warrants. One of the warrants authorized a search of the Hannas’ “place of business,” TIGS; the other authorized a “search of Dawn Hanna’s America Online e-mail account.” U.S. v. Hanna, supra. After the warrants were executed and the Hannas were indicted, they moved to suppress evidence arguing that there was a Franks problem with part of the information in Wallace’s affidavit. Here’s what became the target of the Franks challenge:
Wallace . . . relies on an undated e-mail/letter found in the July 18, 2003, search of TIG's trash to support the warrant. [It] concerns goods sent to Iraq via Syria, and is authored by Walied Al-Aly, an agent for Dresser International Group and sent to Charles (believed to be . . . the director of Skyport Freight). [It] also discusses a disagreement between Skyport, TIGS, and Global Telecommunications over the payment of funds.
U.S. v. Hanna, supra. The Hannas characterized the inclusion of the Al-Aly email
as a false statement because the signor's name is misspelled, and it does not appear on letterhead of Dresser International Group whereas other documents in the government's possession . . .spell Al-Aly's name correctly and are on letterhead. Defendants conclude that Wallace intentionally misled the magistrate judge in that he advanced the position that Al-Aly was an agent of Dresser International, when the real agent was Al-Ali.
U.S. v. Hanna, supra. The federal judge disagreed:
Wallace correctly quoted the July 2003 e-mail/letter indicating goods have been shipped to Iraq. The affidavit spells the name, `Al-Aly,’ the way it was spelled in the e-mail/letter. Although Defendants assert that letter was a fraud, the two different spellings indicate something less than fraud. First there is no evidence that the affiant noticed the spelling variation or that he thought it was significant. . . . The Government argues that Arabic names are often spelled in a variety of ways when translated in to English, which uses a different alphabet. Thus, the difference between Walid and Walied or Ali and Aly is not so noteworthy or unusual to suggest fraud. Moreover, the difference may merely reflect the e-mail/letter was written by an assistant whose first language was not English. . . .

More important . . . is the content of the letter. The `Charles’ to whom the letter is addressed is thought to be the director of Skyport Freight. Al-Aly thanks Charles for his help and support “in shipping our goods to Iraq via Syria.” The fact that the letter is on plain paper is explained by the fact that the items recovered in the trash were e-mail messages. The informal nature explains the absence of letterhead.
U.S. v. Hanna, supra. So the judge held that the Hannas hadn’t shown that Wallace “knowingly and intentionally” used a false statement in applying for the warrants. That, though, did not completely dispose of the Hannas’ argument: Under Franks, it is also a 4th Amendment violation for an officer to use a false statement “with reckless disregard for the truth.” The judge therefore considered whether “Wallace’s failure to mention the different spelling of Aly’s name” was a violation under this standard:
Defendants . . . have no evidence to suggest anything more than negligence. Wallace quoted the e-mail/letter accurately; his failure to detect or point out the variation in spelling is at most negligent. Notably, he used the same inaccurate spelling when discussing the certificates signed by Al-Aly. This evidences oversight, not a `high degree of awareness’ that two spellings were used. Negligence and innocent mistake are insufficient to overcome the presumption of validity. Therefore, Defendants have not satisfied the first prong of the Franks test.

Even if the Court were to find the omission was more than negligent, Defendant cannot meet the second prong of the . . . test. In making the assessment, the Court considers whether once all of the information regarding the e-mail/letter spelling variations is included in the affidavit, sufficient information connecting Defendants' business activities to Iraq exists to establish probable cause.
U.S. v. Hanna, supra. The judge found that while the email was “a key piece of evidence connecting Defendants to Iraq,” it was “not the only evidence” to do so. U.S. v. Hanna, supra. She reviewed the information in Wallace’s affidavit – including another email “recovered from TIGS’ trash” which showed “that TIGS worked to secure post-embargo contracts in Iraq” – and found that ”the plethora of reasonable expectations for the variations in spelling, combined with the additional facts support a fair probability that evidence of a crime would be found tat TIGS and in Dawn Hanna’s e-mail account.” U.S. v. Hanna, supra. The court therefore denied their motion to suppress.

I’ve found a few other reported cases involving Franks claims related to emails, but this one has a good defense argument plus some unusual facts. As may be apparent from this court’s decisions, it’s very difficult to win on a Franks argument.

Friday, May 22, 2009

Border Search . . . Fails

This post is another in a series of posts I’ve done that deal with Customs agents searching people's laptops at international borders.

As I've explains in several posts, the border search exception is one of the exceptions to the 4th Amendment’s requirement that officers get a warrant before searching someone’s property. Those posts, like this one, focused on the application of the border search exception to laptops people are carrying into or out of the U.S.

As I've explained, so far most federal courts have held that the exception does apply to laptops and other electronic devices that store data. What this means in practice is that Customs officers can treat a laptop like a suitcase, i.e., they can open it up (turn it on) and look through its contents to see if they find anything that is illegal in and of itself (contraband) or anything the person otherwise shouldn’t be carrying across the border.

This post is about a case in which the officers’ reliance on the exception proved to be problematic, according to a U.S. Magistrate Judge: U.S. v. Cotterman, 2009 WL 465028 (U.S. District Court for the District of Arizona 2009). The case began on April 6, 2007 at 9:57 a.m., when Howard and Maureen Cotterman came to the Lukeville Port of Entry (POE) in Lukeville, Arizona seeking admission to the United States:
In primary [inspection], a Treasury Enforcement Communication System (`TECS’) hit was observed based on Mr. Cotterman's convictions for child sex crimes in 1992. Based on the TECS hit, the Cottermans were referred to secondary [inspection]. . . . [T]hey were told to exit the car, leave their belongings. . . . and wait in the small lobby at the POE. They were not handcuffed, but since they could not access their car, for pragmatic purposes they were not free to leave.

Two border inspectors searched the . . . car for one and a half to two hours. . . . [T]hey found . . . two laptop computers which they turned over to Agent Alvarado for inspection. . . .Agent Alvarez examined the . . . laptops, but was unable to discover any contraband. However, on one of the computers, certain files were password protected. Agent Alvarez then went on to attend to other duties.

The TECS hit was . . . assigned to . . . agent Riley. Riley and . . . Agent Brisbine traveled to Lukeville, arriving about 3:30 p.m. . . . Riley interviewed Mr. and Mrs. Cotterman separately. Mr. Cotterman offered to assist in accessing his computer, but Riley declined due to concerns [he] might . . . sabotage [it]. . . . Brisbine drove the laptop[s] . . . to Tucson, arriving between 10:30 p.m. and 11:00 p.m. He turned the[m] over to John Owen for forensic evaluation, which Owen began immediately. The Cottermans were finally allowed to leave Lukeville at approximately 6:00 p.m.

Owen continued the forensic examination on Saturday and Sunday. . . .On Sunday it was determined there was no contraband on Mrs. Cotterman's laptop. . . . [but] 75 images of child pornography were on Mr. Cotterman's laptop in unallocated space.

Mrs. Cotterman's laptop was returned Monday morning. However, a copy of the laptop was made by Owen and is still in his file. . . . Mr. Cotterman was asked to come to the Tucson ICE office and provide the passwords. [He said] he would have to call some business associates to get the password(s), and would be in later. . . . [O]n Monday, [he] boarded a plane for Mexico, ultimately traveling to. . .Australia. . . .

[B]efore she arrived in Lukeville [Riley] determined that . . . computers would be taken to Tucson for forensic evaluation. . . . Brisbine determined that `one way or another’ those computers were going to Tucson because ICE field guidelines required it. . . . Owen was at work in Tucson on April 6, 2007, and was notified at work sometime around lunch that the laptop computers would be brought in. He was not asked to travel to Lukeville.
U.S. v. Cotterman, supra.

Mr. Cotterman was apparently apprehended at some point and charged with a crime (presumably possessing child pornography), because he moved to suppress “all evidence seized from him by Customs Inspections at the Lukeville Point of Entry.” U.S. v. Cotterman, supra. The prosecution argued that the search of both laptops was a legitimate border search. U.S. v. Cotterman, supra. The federal magistrate judge who ruled on the motion found that this case differed in an important regard from the four prior border search of a laptop cases:
In . . . these cases, evidence of child pornography was found at the border inspection station or the international airport and within a matter of hours. In this case, the first evidence of child pornography was discovered 170 miles from the Lukeville port of entry, and at least two days after the Cottermans entered the United States.

This case poses the question, can the government seize property at the border, move it far away from the border and hold the property for days, weeks or months without any heightened scrutiny? Under those circumstances, the law requires the Government to have reasonable suspicion before extending the search in both distance and time away from the border.
U.S. v. Cotterman, supra. As I noted in the earlier posts, there are two kinds of border searches: A routine search does not require that the agent have reasonable suspicion to believe there’s contraband in a container; a nonroutine border search – which is much more intrusive than the routine search – does require reasonable suspicion.

The government claimed this was not a nonroutine border search because it didn’t involve bodily intrusions (body cavity search) or damaging the Cottermans’ property. When the lawyers for the two sides were arguing the issue, the federal prosecutor “warned the Court that a time and distance restriction on border searches would be establishing new law”, which I assume the prosecutor indicated would be a bad idea on this judge’s part. U.S. v. Cotterman, supra.

The judge, though, found that an established rule of law – the extended border search doctrine – applies when agents search property long after it has been seized and at a place “away from the border.” Courts have held that since these searches represent “a greater intrusion on the person”, they must be based on reasonable suspicion of criminal activity. U.S. v. Cotterman, supra. The judge also noted that at some point
[t]he discrepancy in time and distance will become so great it is no longer an extended border search, thus requiring probable cause and a warrant. . . . [H]ad the forensic examiner in this case placed the Cottermans electronics equipment at the end of the queue, conducting the examination in a month or two, it could be argued the search was so removed in time as to no longer be an extended border search. We need not reach that question here, where the facts show reasonable diligence . . . in conducting the . . . examination. Therefore, the Government need only show reasonable suspicion. . . .
U.S. v. Cotterman, supra. As this judge explained, reasonable suspicion is less than probable cause. “Reasonable suspicion exists when an officer is aware of specific, articulable facts, which together with objective and reasonable inferences, form a basis for suspecting that the particular person to be detained has committed or is about to commit a crime.” U.S. v. Cotterman, supra.

The judge found that the officers in this case did not have reasonable suspicion to conduct the nonroutine examination of the Cottermans’ computers because there were only two

circumstances that support any suspicion; the TECS hit reflecting Howard Cotterman's 1992 conviction for child molestation and the . . . password protected files on his laptop computer. After almost two hours of searching the Cotterman's car and electronic equipment, no basis for suspicion was determined, other than the existence of the password protected files. Using password protection can be for legitimate purposes as well as nefarious purposes. In fact, the witnesses at the hearing conceded that legitimate use of password protection on laptop computers was commonplace. . . .

[T[he TECS hit alone does not establish reasonable suspicion. The fact that password protection has innocent explanations does not necessarily negate this from being considered in determining reasonable suspicion. However, in this case, the additional fact of password protected files on Howard Cotterman's computer does not amount to reasonable suspicion for three reasons. First, it is undisputed that Howard Cotterman offered to open the files at the Lukeville port of entry. Second, the facts show that Officer Riley had determined that she was taking both laptops in for a forensic evaluation before she left Sells to travel to Lukeville. Third, perhaps most importantly, the customs officers also seized Mrs. Cotterman's laptop, which was not password protected.
U.S. v. Cotterman, supra.

The judge also found the agents’ intention to seize the laptops was based on ICE field guidelines, which tell agents they can copy, image or seize electronic media if a violation of the law is “immediately apparent” or if they want to have it examined by a technical expert. The judge found that the guidelines do not incorporate the 4th Amendment’s requirement of reasonable suspicion for nonroutine border searches, which makes them problematic in situations like this one.

Finally, the judge found the agents had no 4th Amendment justification for holding onto the copy of Mrs. Cotterman’s hard drive: “At the hearing [on the motion to suppress], Mr. Owen suggested some vague, speculative ways in which the hard drive could possibly, but apparently not actually, contain probative information. If there is probative information on the hard rive, seventeen months is more than enough time to determine that.” U.S. v. Cotterman, supra.

The federal magistrate judge therefore (i) granted Mr. Cotterman’s motion to suppress all of the evidence seized in the border stop and (ii) ordered the government to return the copy of Mrs. Cotterman’s hard drive and “retain no copy of it.” U.S. v. Cotterman, supra.

Wednesday, May 20, 2009

Facebook and Witness Tampering

This post is about a case in which Facebook was implicated in a claim of witness tampering. Before we get to the facts of the case, we need to review the law at issue.

Section 1512(b)(1)- (2) of Title 18 of the U.S. Code makes witness tampering a crime:
Whoever knowingly uses intimidation, threatens, or corruptly persuades another person, or attempts to do so, or engages in misleading conduct toward another person, with intent to. . . cause or induce any person to . . . withhold testimony, or withhold a record, document, or other object, from an official proceeding. . . shall be fined under this title or imprisoned not more than 20 years, or both.
Section 1515 of Title 18 of the U.S. Code defines “official proceeding” as “a proceeding before a judge or court of the United States”, i.e., a federal civil or criminal case.

The case we’re dealing with is Maldonado v. Municipality of Barceloneta, 2009 WL 636016 (U.S. District Court for the District of Puerto Rico 2009). Here’s what it’s about:
The matter before this court is a motion to issue a protective order barring Julio Díaz from having further contact with witness Alma Febus. The request arises from a series of contacts between Díaz, a defendant in a different case borne of the same nucleus of facts, and Febus, witness for the plaintiff in the instant case. On January 14, 2009, Díaz offered an invitation on Facebook to join his Facebook ‘group’. Febus ignored this invitation. On January 30, 2009, Díaz sent a ‘Facebook message’ to Febus. Febus claims that as a result of receiving the message, she is now fearful of Díaz. Plaintiff asserts that this contact violates the federal witness tampering statute and seeks a protective order.
Maldonado v. Municipality of Barceloneta, supra.

The opinion the judge issued on the witness tampering claim doesn’t tell us what that other case is about, but I googled Julio Diaz and Alma Febus, and came up with this:
Puerto Rico Superior Court Judge Nelson Canabal ruled . . . that Julio Diaz and two other Animal Control Solutions employees must stand trial for multiple charges of animal cruelty. The three men stand accused of confiscating approximately 80 pets from the residents of public housing facilities and hurling them from a 50-foot bridge in Barceloneta, Puerto Rico. Few animals survived the fall and those who did received serious injuries.

The incident generated worldwide outrage and a boycott of Puerto Rico, which is a territory of the United States. Officials estimated a loss of $15 million in tourism revenue between October and December 2007.

`What I would like to get is some justice for all the dogs and cat that died October 8, 2007’. . . comments Alma Febus, one of the investigators of this case. . . .
Diaz continues to deny the charges and his lawyer states they will appeal the ruling.
Since the bridge they talk about in this story was in Barceloneta, and since this case involves the Municipality of Barceloneta, I assume the Diaz and Febus whom the story talks about are the same people involved in this witness tampering claim.

The issue the federal magistrate judge had to resolve was whether what Diaz did constituted witness tampering or attempted witness tampering under the federal statute. Here’s the translation of the message:
If you want to see the evidence that exists against the municipality let me know so that you can inform yourself well and please consult with a lawyer your civil responsibilities as far as defamation. Soon we will be filing a lawsuit and you could be included. My only request is that you are objective when mentioning my name.
Maldonado v. Municipality of Barceloneta, supra. Each side had a very different take on what the message meant:
Febus interprets this statement as a veiled threat, causing her `fear and apprehension regarding her safety and of the possible consequences of her providing information regarding her testimony in the instant case.’ Febus remains ready to be a witness at trial. The defense unsurprisingly interprets the message much differently. To them, Díaz' message `in essence, advises her to be better informed, cautions her against future defamation towards him[,] and mentions a potential civil action.’ The defense also appears to assert as a defense to witness tampering Febus' `defamatory’ language on the Facebook group page she subscribes to. Defamation is not a defense to witness tampering, and will not be addressed further.
Maldonado v. Municipality of Barceloneta, supra.

The court noted that there also seemed to be confusion
as to the classification of the message in question. Defendants incorrectly claim the message constitutes a `blog.’ See Quixtar Inc. v. Signature Mgmt. Team, LLC, 566 F.Supp.2d 1205, 1209 n. 3 (D.Nev.2008) (defining a blog as `[a] frequently updated web site consisting of personal observations, excerpts from other sources, etc.') Plaintiffs incorrectly claim the message constitutes an e-mail. . . . This type of communication, a message sent on Facebook, . . . which has not been considered by this circuit or in any other circuit to the court's knowledge, is likely a hybrid of the two. The message in question is clearly in the latter category: messages sent to a user's Facebook inbox are not publicly viewable. Thus, they are not in the `public domain,' where First Amendment rights might attach.
Maldonado v. Municipality of Barceloneta, supra.

The federal magistrate judge ruling on the motion also noted that Diaz’ message “raises issues of hearsay”, but that wasn’t a problem because 18 U.S. Code 1512 specifically allows hearsay and other inadmissible evidence to be considered in assessing a witness tampering claim. Maldonado v. Municipality of Barceloneta, supra.

The judge ultimately held that Ms. Febus was not entitled to a protective order because Diaz’s message did not constitute witness tampering or attempted witness tampering:
Regardless of how the parties choose to construe the message, plaintiff's motion runs afoul of the section 1512 scienter requirement. To violate the statute, it is required that one knowingly use intimidation or physical force, which has been interpreted by the courts to require a culpable mens rea. There is no evidence, neither raised by the plaintiff nor observable through inference, that Díaz intended to intimidate Febus. Plaintiff further fails to provide evidence of a corrupt purpose behind Díaz' words. This court can only see one threat in his Facebook message: the threat of future litigation. This is an insufficient basis for finding witness tampering. Plaintiff fails to provide this court with proof of Díaz' intent to intimidate Febus, a required element of section 1512.
Maldonado v. Municipality of Barceloneta, supra.

This is the only reported case I can find in which a claim of witness tampering was based on the use of Facebook. I don’t see why using Facebook or MySpace can’t provide the basis for a valid witness tampering (or attempted tampering) claim, as long as the facts indicate what just was not present here. If Diaz had sent an overtly threatening or otherwise coercive Facebook message to Ms. Febus, then that would certainly qualify as tampering or attempted tampering.

As I’ve noted here before, the method someone uses to commit a crime should usually be irrelevant. As long as what the defendant did inflicted – or was intended to inflict – the harm the criminal statute outlaws, the defendant has violated the statute and can be held liable (or become the subject of a protective order, I assume).

Monday, May 18, 2009

Marque and Reprisal

As I’ve noted before, cyberspace erodes the importance of territorial boundaries and, in so doing, erodes the efficacy of the approaches we’ve traditionally used for maintaining order within a society (criminal law + law enforcement = controlling crime) and among societies (military forces = repel and discourage military attacks).

That means we need to come up with ways to modify these approaches and/or adopt new approaches that are either added to the ones we currently use or supplant them.

It’s easy to say we need to come up with new approaches, and difficult to actually do so. One of the possibilities I’ve written about in law review articles and in my latest book, is trying to incorporate civilian participation into the law enforcement effort (and maybe into an intermingled law enforcement-military effort to maintain order in cyberspace, but that’s a really challenging possibility).

As I noted in an earlier post, we tried that in the past with spectacularly disappointing results. The problem is that if we delegate law enforcement authority – on even a VERY minor level – to civilians, things can go sadly awry; the obvious solution is to have law enforcement personnel carefully monitor what the civilian deputies (in essence) do, but that pretty much defeats the purpose. In other words, using law enforcement personnel to monitor civilians who are supposed to be helping with the law enforcement effort may not be the best use of law enforcement personnel.

I’ve done presentations recently on topics that touch on these issues, and I’ve had the same proposal come up twice: revive the use of letters of marque and reprisal. As you may know, Article I § 8 of the U.S. Constitution gives Congress the “Power To . . . grant Letters of Marque and Reprisal”. As a recent law review article notes, this power gives Congress sole authority
to commission privateers. `The privateer, as understood at the outbreak of the war for American independence, was a ship armed and fitted out at private expense for the purpose of preying on the enemy's commerce to the profit of her owners, and bearing a commission, or letter of marque [and reprisal], authorizing her to do so, from the Government.’ Although the United States used privateers extensively from the period extending from the Revolutionary War through the War of 1812, Congress did not issue any letters of marque and reprisal after the War of 1812.
William Young, A Check on Faint-Hearted Presidents: Letters of Marque and Reprisal, 66 Washington & Lee Law Review 895, 896 (2009) (footnotes omitted).

In 1856, a treaty known as the Declaration of Paris banned the use of letters of marque and reprisal, but the United States never signed the treaty, and therefore is still not bound by it. A month ago, Representative Ron Paul joined “a growing number of national security experts” to ask Congress to use letters of marque and reprisal as a tool against the Somali pirates. Others, like the author of the article I quoted above, note that issuing letters of marque and reprisal in today’s legal environment “could violate customary international law and the sovereignty of a foreign power, not to mention appearing as an act of aggression”. Young, A Check on Faint-Hearted Presidents, supra.

I can’t assess the merits of this dispute because I know nothing about letters of marque and reprisal. This post, though, isn’t about using letters of marque and reprisal on the high seas, which is how they were historically used. Instead it’s about whether the constitutional power to issue letters of marque and reprisal could be adapted for use in cyberspace.

The first step is parsing what a letter of marque and reprisal really authorizes. According to another law review article, “[m]arque and reprisal evolved from the medieval practice of reprisal, which allowed people to cross borders to obtain redress for a specific injury they suffered at foreign hands.” Eugene Kontorovich, The Piracy Analogy, 45 Harvard Journal of International Law 183, 211 (2004). The letter of marque a reprisal lets the owner pass the border of his country (“marque”) and exact reprisal on the person(s) who caused him injury. According to Professor Kontorovich, what began as a general power had by the 1600’s morphed into “a general license to prey on foreign shipping” on behalf of one’s sovereign. Other sources tend to describe marque and reprisal as purely focused on seizing the assets of citizens who are subjects of a country that is at war with or otherwise feuding with the country that issues the letters.

Since I don’t see how a power that is limited to seizing assets could be particularly useful in the cybersecurity context, I’m going to approach marque and reprisal in the general, medieval sense: as a power to cross national borders to exact reprisal on someone who has injured you. If we construe the constitutional power to issue letters of marque and reprisal in this way, it almost sounds like the strike-back option that has been floated as a way to deal with cybercrime. I wrote about that option in a post I did a couple of years ago; the premise seems to be that just as I have a right to use force to repel someone who is trying to steal or damage my property, I should have a right to use cyberforce to strike back at someone who is attacking or has attacked my computer system.

As I wrote in that post, I see a lot of problems with the strike-back option, the most important of which is that it can be an invitation to vigilantism. I might be tempted to do more than just make the person who hacked my system or is trying to hack my system back off; I might go after them seeking revenge for that and other attacks and go too far. I might also go after the wrong target, which could cause all kinds of problems as well as maybe getting me charged with a crime (unauthorized access + damage to a system).

Marque and reprisal could put a different gloss on strike-back because instead of simply acting on my own, I would be acting with Congressional approval. I would in effect be a soldier – an online privateer – defending the United States from cybercriminals and other cyberthreats. I can see problems with that, though: What if, in my enthusiasm, I were to attack a computer system belonging to another government, North Korea, say?

If I’m acting on my own, that could be a cybercrime and the North Koreans could ask the U.S. government to extradite me so I could be prosecuted in North Korea. If I’m doing in on behalf of the United States, does that transform my conduct into something more . . . into an act of war, perhaps? I don’t think we know the answer to that; when letters of marque and reprisal were used in the eighteenth century, they were issued by a country (the United States) that was at war with another country (England). Since the countries were already at war, you didn’t have the “is this an act of war?” problem.

Let’s assume we could come up with some way to avoid the online-privateeer-starts-a-cyberwar issue and consider the utility of cyber-letters of marque and reprisal. I guess my first question would be about motivation: Letters of marque and reprisal used to be popular with ship owners because they could engage in piracy legally; they could seize ships and cargos and sell both, keeping the money for themselves.

If we were to decide to use cyber-letters of marque and reprisal, I’m not at all sure we should incorporate the “use this power to enrich yourself” aspect of the old letters. I’m quite sure people could use the cyber-letters to enrich themselves by hacking into criminal systems and taking whatever could be sold or redeemed for profit. I’m just not sure it’s a good idea; earlier I noted that the best-intentioned efforts to incorporate civilians into the process of law enforcement can go awry because things get out of hand. (If you haven’t seen it, the movie The Oxbow Incident comes to mind.) It seems to me things could REALLY get out of hand if we add a profit motive into the mix.

Another problem I see with trying to adapt letters of marque and reprisal for use in the cybersecurity arena is the need to define who’s fair game and who isn’t. As I noted above, when the letters were in use three or four hundred years ago, they were used when countries were already at war with each other; so defining who was and who was not fair game was easy. The enemy was the target, the only legitimate target.

There aren’t any (declared) states of cyberwarfare at the moment, so we don’t have that criteria to use in defining who’s fair game and who’s off limits. And even if we are in a state of cyberwarfare at some point, with a declared enemy nation-state, I don’t think it would be a good idea at all to bring civilians into the mix, especially not if they’re motivated by a desire for profit. Entities in cyberspace don’t – to the best of my knowledge – fly flags or do other things that clearly identify who they are, so I can see a real potential for error (and overreaching) by our hypothetical cyber-privateers.

Even if we were to limit the cyber-privateers’ operations to cases of cybercrime, I still see problems (in addition to those noted above). Knowing very little about the old high-seas privateers operating under letters of marque and reprisal, my sense is that one of their strengths was that they were a nimble, evasive force that could attack and defeat civilian shipping with ease, after which they retreated to their home country to sell the booty.

If we were to authorize cyber-privateers to deal with cybercriminals, it seems to me we’d be opening up the possibility of essentially reversing that dynamic: I’m assuming that the cyber-privateers would be representatives of legitimate U.S. businesses and other entities who are going after online criminals as redress (reprisal) for prior attacks on them or on other U.S. businesses or entities. If I’m correct in assuming that, then it seems to me our cyber-privateers could make the entities they work for sitting ducks. The cybercriminals are likely to be the nimble, evasive force in this scenario, while the cyber-privateers are likely to be working for stable, easily identifiable entities . . . and targets. So all they might do is provoke more attacks as a type of counter-revenge.

Friday, May 15, 2009

Parsing Crimes

As I explained in a post I did last year, criminal charges against someone are brought in a charging document, which is usually an indictment (charges returned by a grand jury) or an information (charges brought by a prosecutor without using a grand jury).

As I also explained, each criminal charge – each accusation of violating a specific criminal statute – is brought in a separate “count” of the indictment or information.

That post was about the rules that are used to decide the scope of the charge that can be put in a single count. This post is about a related but different issue: Deciding what crimes arose from a particular course of conduct.

To analyze that issue, we’re going to use the facts and charges in State v. Wolf, 2009 WL 1152183 (Ohio Court of Appeals 2009). Here are the facts, as set out by the court:
Larry Wise, the Superintendent of the Shelby City Wastewater Treatment Plant, was cleaning out some old files from the city-owned computer at the plant during which he found a nude photograph of one of his employees, Richard Lee Wolf. . . . Wise immediately shut down the computer and reported the situation to the Shelby Utilities Director, Brad Harvey. Mr. Harvey . . . contacted the Shelby Police Department, asking to speak to Chief Mike Bennett personally for advice on how to proceed. The chief was unavailable that day, so Mr. Harvey directed Mr. Wise to take the computer, and lock it in the trunk of his car where it would be secured for the weekend.

The following Monday morning, Larry Wise took the computer to the Shelby Police Department and turned it over to Sergeant David Mack, who was assigned to conduct the investigation. Sgt. Mack immediately made contact with [Wolf] . . . and took a statement regarding his activities on the city's computer during working hours. [Wolf] admitted he joined a website called `Adult Friend Finder’ . . . to meet women. Several . . . women asked for his picture, so he bought a digital camera . . . and took some naked pictures of himself. [Wolf] admitted he used the city-owned computer in the wastewater treatment plant to upload and send those photographs while he was on the clock. He also accessed various pornography websites . . . . [Wolf] admitted his conduct was in violation of established work practices, and was `unethical and wrong;’ however, he did not believe that he committed a crime. . . .

Sgt. Mack contacted Detective Scott Dollison of the Westerville Police Department to conduct a forensic analysis of the . . . hard drive. . . . Dollison determined there were several inappropriate web sites that were accessed on the city-owned computer. In the computer's temporary internet files, Detective Dollison located 703 pornographic photos and several sexually explicit e-mails in which [Wolf] was soliciting services from a dominatrix named Madam Patrice. Comparing the dates and times the photographs and e-mails were accessed to the time cards from the wastewater treatment plant, Sgt. Mack determined [Wolf] was working during those times.

Following the forensic analysis of the computer, Sgt. Mack met [Wolf] at the wastewater treatment plant. . . . [and] took another statement from [him]. [Wolf] admitted he used the internet on the City of Shelby's computer during hours he was working for the City of Shelby. [He] estimated that he spent over a hundred hours on the internet for personal business when he should have been performing work for the City of Shelby.

Payroll records maintained by the City of Shelby indicated [Wolf]'s hourly wage in December, 2005 was $17.19 an hour plus benefits. . . . [and, later,] $17.71 an hour, and with benefits it was $23.92. Therefore, for the hundred hours [Wolf] was on the internet while he should have been working, he would have been paid $2,392.00.
State v. Wolf, supra. Wolf “was indicted by the Richland County Grand Jury on one count of theft in office, with a specification that the value of the property or services stolen was more than $500 and less than $5000, in violation of [Ohio Revised Code §] 2921.41(A)(2), a fourth degree felony” and on “one count of unauthorized access to a computer, with a specification that the value of the property or services stolen was more than $500 and less than $5000, in violation of [Ohio Revised Code § 2913.04(B), a fifth degree felony”. State v. Wolf, supra. He pled not guilty, went to trial and was convicted.

On appeal, Wolf argued, among other things, that there was “insufficient evidence to establish the elements” of either crime. State v. Wolf, supra. The Ohio Court of Appeals rather cursorily disposed of his argument that the evidence was not sufficient to support his conviction for unauthorized access to a computer:
Upon review, we find that the crux of the State's `unauthorized use’ case was based on the proposition that [Wolf] was acting outside the scope of his authorization to use the computer by engaging in criminal conduct, i.e. soliciting prostitution.

Having found that the State presented evidence [Wolf] used his computer to upload nude pictures of himself onto adult dating sites and to access certain pornographic websites to support the charge of solicitation. . . we find such conduct was `beyond the scope of the express or implied consent” and the charge of `unauthorized use of a computer’ was based upon sufficient evidence.
State v. Wolf, supra. The Ohio statute, Ohio Revised Code § 2913.04(B), based an unauthorized access charge on the defendant’s accessing a computer or computer system “without the consent of, or beyond the scope of the express or implied consent of, the owner of the computer” or computer system. So the crime Wolf was convicted of is really an exceeding authorized access (insider goes too far in using the system he is authorized to use) crime, rather than an unauthorized access (outsider “breaks into” a system he/she isn’t authorized to use).

I think the Court of Appeals was correct; while I’m sure the City of Shelby didn’t have a policy telling its employees they weren't not to use city computers to access porn sites and/or upload nude pictures of themselves to adult sites, I suspect its employees knew they weren’t supposed to do this. Since Wolf admitted he “established work practices” at the wastewater treatment plant, the evidence proved beyond a reasonable doubt that he knowingly used the city computer in a way he was not authorized to.

Wolf had much better luck with the theft in office charge. As I noted, that charge was brought under Ohio Revised Code § 2913.02, which proves as follows:
(A) No person, with purpose to deprive the owner of property or services, shall knowingly obtain or exert control over either the property or services in any of the following ways:
(1) Without the consent of the owner or person authorized to give consent;
(2) Beyond the scope of the express or implied consent of the owner or person authorized to give consent;
(3) By deception;
(4) By threat;
(5) By intimidation.

(B)(1) Whoever violates this section is guilty of theft.
The Court of Appeals also dealt with this issue cursorily, but this time Wolf came out ahead:
[T]he State is alleging [Wolf] deprived the City of Shelby of his services while he was engaging in the unauthorized use of his computer.

Upon review, we find that while the State presented evidence [Wolf] spent approximately 100 hours over a five month-period utilizing internet websites that were not related to his job, there was no evidence presented that his job performance suffered or that he failed to perform his job duties.

Furthermore, even if it could be shown that [Wolf] failed to perform such job duties, while it could certainly serve as a basis for termination from his employment, such could not be the basis of a criminal theft in office charge.
State v. Wolf, supra. The Court of Appeals therefore affirmed Wolf’s conviction on the unauthorized access charge but reversed his conviction on the charge of theft in office and vacated the sentence the trial court had imposed on him. State v. Wolf, supra.

I’m not sure I agree with that result. One of the judges wrote a dissent, in which he said the other judges had “written an additional element into the theft in office charge that does not exist.” State v. Wolf, supra (Delaney, dissenting). Judge Delaney pointed out that Wolf “spent over 100 hours of his paid work time over a five-month period in which he solicited prostitution, uploaded nude photos of himself and perused pornographic websites on a city-owned computer, Internet, and email system.” He thought, and I tend to agree, that this would qualify as theft of services, since Wolf was getting paid for time he devoted to non-work activities.

I can’t find another case involving similar charges and similar facts, but there are fraud cases in which the fraud consisted of taking a salary while doing something other than working for the person’s employer. It seems to me Wolf did engage in theft of services because his employer “lost” something – the money it paid him to do his job for those hours when he was frolicking on the computer. I don’t see why his not getting his work done changes that, but I could be missing something . . . .

Wednesday, May 13, 2009

Evidence versus Contraband

This post was inspired by a question I got from someone whose computer, computer equipment and storage media were seized by police pursuant to a search warrant.

The police clearly had probable cause to obtain the search warrant and, we’ll assume, were within the scope of the warrant when they seized the computer equipment. So we’ll assume the seizure of the equipment was reasonable under the 4th Amendment.

As I’ve explained in earlier posts, the 4th Amendment creates a right to be free from unreasonable searches and seizures, which means that reasonable searches and seizures do not violate that amendment.

As I’ve also explained in earlier posts, the default way for a search and seizure to be reasonable under the 4th Amendment is for them to have been conducted pursuant to a warrant, which is what happened in the hypothetical case we’re going to analyze.
So there are no 4th Amendment problems with the police’s searching for and seizing the stuff that belonged to the person who asked me the question – John Doe, we’ll call him. And his question didn’t go to the propriety of the seizure of his computer equipment.

It went to a different issue entirely: The search warrant was based on probable cause to believe he had hacked a computer system and done some damage, maybe quite a bit of damage. John Doe said he had “pirated software, movies, music” on the computer, and he wanted to know if the police could keep that material or whether they would have to give it back. His question there was really a scope question; that is, it went to whether the police could lawfully seize – and keep -- this material since it had nothing to do with the hacking allegations that were the basis of the warrant. He also had another, related question: whether the police could use the pirated material they found on the computer to bring charges against him for copyright violations and other crimes.

I responded to John Doe directly, but I’m going to use this post to analyze the issues raised by his two questions. We’ll take them in order.

The first issue is whether the police could lawfully seized the pirated material they found on John Doe’s computer. As I explained in a post I did last year, in executing a search warrant police have to stay within the scope of the warrant; that is, they can only search things that could contain what they’re looking for (so if they’re looking for a stolen big screen TV, they can’t search dresser drawers) and they can only seize items that fall within the scope of the warrant (the big screen TV).

As I also explained, there is a rule – called the “plain view doctrine”—that lets police seize items that are not within the scope of the warrant as long as it is immediately apparent -- when they look at the items -- that they are either contraband or evidence of a crime. So if the officers executing a warrant to search for and seize evidence of hacking saw what they immediately recognized as a bag of cocaine sitting by the computer, they could seize the bag of cocaine; they couldn’t search for any more cocaine or other evidence of drug possession unless they got a search warrant that specifically authorized such a search.

In the Doe case, I’m assuming the circumstances were a little different. I’m assuming the officers executing the warrant seized Doe’s computer and later found the pirated material on it. The plain view doctrine applies when police officers are searching in a computer, as well as when they’re searching for a computer, as long as when they search the computer they stay within the scope of the warrant. In our hypothetical, that means they’d be examining the computer for evidence of hacking; so as long as they found the pirated material while they were searching for evidence of hacking, the plain view doctrine would apply.

What does that mean? It means that if the officer analyzing the hard drive of Doe’s computer saw the pirated material and immediately recognized it as what it was, the officer was legally authorized to seize the material, i.e., make a backup copy of it, say. The officer would not be authorized in searching for more pirated material under the plain view doctrine; he/she would have to get a new search warrant to do that. If, of course, more pirated material popped up as the officer continued to search the hard drive for evidence of hacking, then the plain view doctrine would apply to that material, as well.

Now we come to the question of whether, having lawfully seized the pirated material, the police can keep it or whether they have to return it to John Doe. Lawfully seizing the material means that the officer who found it had probable cause to believe it was either contraband or evidence of a crime. (The Supreme Court has said that the immediately recognized standard just means the officer had probable cause, as soon as he or she looked at the thing, to believe it was contraband or evidence of a crime.)

For the purposes of the 4th Amendment, it really doesn’t matter whether the material was contraband or evidence of a crime. Either works under the plain view doctrine. Whether the material is contraband or evidence of a crime does matter when it comes to deciding if the police can keep it forever or if they have to return it at some point.

To understand why it matters we need to define the terms. Contraband is “any property that is illegal for a person to acquire or possess under a statute, ordinance or rule”. Ohio Revised Code § 2901.01(13). Or as Black’s Law Dictionary says, contraband is “property whose possession is unlawful”. Cocaine and child pornography are both contraband; it is illegal to possess either one. No one, therefore, has the right to possess contraband, under any circumstances. (Police and court systems obviously possess contraband of varying types, but that’s not personal possession; it’s possession for law enforcement purposes, basically, and so is not illegal . . . at least not unless and until a police officer or a member of the court appropriates some of it for personal use).

Contraband is obviously evidence of a crime, but evidence of a crime is not necessarily contraband. All kinds of things can be evidence of a crime: John Doe’s computer, a gun, forged documents, a cell phone, etc. The evidence of a crime category is a residual category that captures items that can be used to convict someone of a crime but the possession of which is not illegal in and of itself.

If, as I assume, John Doe’s pirated material was contraband, then it will never be returned to him, just as child pornography is never returned to the person on whose computer it was found. If we assume, for the purposes of analysis, that it does not constitute contraband but is merely evidence of a crime, then it is possible for John Doe to get it back. As I explained in a post I did a couple of years ago, someone in his position can file a motion for return of property; such a motion asks the court to require the police to give back items they seized as evidence.

To prevail on such a motion, the person filing it has to show either of two things: One is that the property was improperly seized; so John Doe would have to show that the police had no justification for seizing his pirated material. That doesn’t sound likely. The other option is for the property owner to show that the court system and/or the police no longer need the items that were seized, and used, as evidence. In the earlier post, I talked about a case in which the owner of two computers did just this; he had already pled guilty and been sentenced, and asked the court to return the computers to his fiancé. The government opposed the motion, arguing that the case wasn’t over because the guy seeking the return of the computers hadn’t exhausted his right to appeal the conviction or sentence or his right to seek relief in a habeas corpus action. As I recall, the man who owned the computers lost, which is pretty common. It’s difficult to get property seized as evidence of a crime returned to its original owner . . . which, of course, doesn’t mean that John Doe can’t try to get his pirated material back.

Before I quit I should say a few words about John Doe’s other question: whether the police could use the pirated material to bring charges against him for copyright or other crimes. As long as the pirated material was lawfully seized under the 4th Amendment (plain view doctrine, again), the government can use it to charge John Doe with these crimes even though they have nothing to do with the probable cause on which the search warrant was based. Analytically, the government’s seizure of John Doe’s computer equipment was lawful under the 4th Amendment because it was based on a valid search warrant; and the government’s seizure of the pirated material was valid (or so we’re assuming) because it was seized pursuant to the plain view doctrine.

Monday, May 11, 2009

Scope of Consent (2)

This post is a follow up to a post I did last year, which dealt with consents to search a person or property. In that post, I explained that consent is an exception to the 4th Amendment’s requirement that officers get a warrant to search a person or a place.

In that post, I also explained that consent acts like a contract: the officer’s search will not violate the 4th Amendment as long as the search stays within the scope of what I consented to. So if an officer stops my car and says, “Can I search your car for a stolen rifle?” and I say “yes,” the officer can search the car only in places where a rifle could be. The officer could not, for example, open the glove compartment. If the officer goes outside the scope of the search I consented to, that portion of the search violates the 4th Amendment and any evidence the officer found will be suppressed.

This post is about a recent opinion that considered whether the search of a computer exceeded the scope of the owner’s consent to the search. The case is U.S. v. Luken, 2009 WL 875033 (U.S. Court of Appeals for the Eighth Circuit 2009). Here are the facts that led to the court’s considering the scope of consent issue:
An Immigration and Customs Enforcement investigation revealed that two credit card numbers believed to be Luken's were used in 2002 and 2003 to purchase child pornography from a website in Belarus. On July 25, 2006, three law-enforcement officers visited Luken at his place of employment. One of the officers, Agent Troy Boone of the South Dakota Department of Criminal Investigation, informed Luken that the officers believed Luken's credit card had been used to purchase child pornography. Boone told Luken the officers wanted to speak with Luken privately about the matter and look at his home computer. Luken agreed to speak with them at his home and drove himself to his house to meet them.

Upon arriving at Luken's home, Luken allowed the officers to enter his house. Luken's wife was home, so Boone offered to speak with Luken privately in Boone's car. Luken agreed. Once inside the car, Boone informed Luken that Luken did not have to answer any questions, was not under arrest, and was free to leave. Luken nevertheless agreed to speak with Boone. Luken discussed the nature of his computer use and knowledge. He admitted to purchasing and downloading child pornography for several years. He also admitted to looking at child pornography within the previous month. He stated, however, that he believed he had no child pornography saved on his computer.

After Luken admitted to viewing child pornography, Boone asked Luken if officers could examine Luken's computer. Boone explained the nature of computer searches to Luken and told Luken that, even if files had been deleted, police often could recover them with special software. Boone asked Luken if a police search would reveal child pornography in Luken's deleted files. Luken stated that there might be `nature shots’ on his computer, i.e., pictures of naked children not in sexually explicit positions, that he recently viewed for free. Boone then asked Luken to consent to a police search of Luken's computer, and Boone drafted a handwritten consent agreement stating, `On 7-25-06, I, Jon Luken, give law enforcement the permission to seize & view my Gateway computer.’ Luken signed and dated the agreement.

After seizing Luken's computer, Boone obtained a state search warrant to examine it. Boone . . . sought a warrant because he feared Luken would revoke his consent. That warrant, which . . . was good for ten days, gave police permission to search the computer for `[c]ontraband, the fruits of crime, or things otherwise criminally possessed’. . . . Boone removed the hard drive from Luken's computer and sent it to a state laboratory for analysis. He then left the state for computer-forensics training.

When Boone returned to South Dakota in late August, he discovered the state crime lab was backlogged and had not yet analyzed Luken's hard drive. At Boone's request, the lab returned the hard drive to Boone and Boone used forensic software to analyze it. Boone discovered approximately 200 pictures he considered child pornography. After speaking with a federal prosecutor, Boone randomly selected 41 of those pictures for which to prosecute Luken. Based on those 41 pictures, a grand jury indicted Luken for possession of child pornography.
U.S. v. Luken, supra.

Luken moved to suppress the evidence found on his computer, arguing that Boone’s search of the computer hard drive violated the 4th Amendment for either or both of two reasons: (i) It exceeded the scope of the consent he gave Bone; and/or (ii) it was not justified by the search warrant because Boone’s search was conducted weeks after the search warrant expired. Appellant’s Brief, U.S. v. Luken, 2008 WL 822651.

In moving to suppress, Luken argued that he consented to law enforcement’s “viewing” the computer, not searching it. Neither the federal magistrate nor the federal district court judge who each ruled on Luken’s motion bought his argument:
The magistrate held in his report and recommendation that Luken's consent to a `view’ was sufficient to permit a full forensic examination of his computer's hard drive because that is what Boone, who wrote out the consent, assumed it meant. The district court adopted this reasoning. In judging the scope of Luken's consent, however, it is not what Boone believed that mattered but what Luken reasonably intended. Since Boone chose the language and wrote the consent Luken signed, any ambiguity or discrepancy between what Boone thought he had done and what Luken believed he was permitting must be resolved strictly against Boone as the drafter of the document. . . .
Appellant’s Brief, U.S. v. Luken, 2008 WL 822651. (In the federal system, federal magistrates often make the initial decision on a motion to suppress evidence by writing what's called a report and recommendation; a federal district court judge usually reviews the magistrate’s decision and either accepts it or comes up with an alternative decision.)

Luken appealed the federal district court’s denial of his motion to suppress to the U.S. Court of Appeals for the Eighth Circuit. On appeal, he reiterated his argument that he consented to viewing the hard drive, not searching it:
What Boone meant by his use of the term `view’ was unclear. Though Boone claimed it was obvious because he had been talking to Luken about how deleted images could be retrieved from a computer using special software, Boone, for whatever reasons, chose not to make it clear in the consent he drafted that this was actually what he intended to do. Obviously, Boone could have clearly said what he later claimed to have meant. He did not do so, however.

The words chosen by Boone when he drafted the consent are not just words. Those words have a meaning. In common parlance, the term view normally means nothing more than to `look at.’ Any reasonable person would have understood the term `view’ in this context to mean that Boone wanted to turn on Luken's computer and look through the files readily viewable on the machine.

The prosecution must show a reasonable person in Luken's position would have understood Boone, by use of the term `view,’ meant to conduct a full scale forensic examination of the hard drive in Luken's computer using special software not already on the computer to discover hidden files unknown to Luken. This the prosecution did not do. The subsequent forensic examination of the hard drive and discovery of thumbs.db files cannot, therefore, be justified by Luken's consent for Boone to `view’ his computer.
Appellant’s Brief, U.S. v. Luken, 2008 WL 822651.

The Eighth Circuit didn’t buy Luken’s argument:
[W]e agree with the district court that a typical reasonable person would have understood that Luken gave Boone permission to forensically examine Luken's computer. Boone made it apparent to Luken that police intended to do more than merely turn on Luken's computer and open his easily accessible files. Boone explained that police possessed software to recover deleted files and asked Luken specifically if such software would reveal child pornography on Luken's computer. Luken responded by telling Boone such a search would likely reveal some child pornography. He then gave Boone permission to seize and view the computer. In that context, a typical reasonable person would understand the scope of the search that was about to take place.
U.S. v. Luken, supra. The Eighth Circuit also held that since Luken had consented to the search of his computer, there was no need for it to consider his residual argument, i.e., that the search was invalid because the search warrant expired before it was conducted.

Aside from anything else, this case illustrates how important it is for officers to use very precise language when they ask someone to consent to a search (or, to a lesser degree, to a seizure of property). The consent exception works like a contract: I give up my 4th Amendment rights to the extent -- and only to the extent -- that I specifically surrendered those rights to the officer who asked me to do so. If the officer's request isn't clear, that can cause problems for the prosecution down the road.

Here's the example I use to illustrate this in my criminal procedure class: Officer Doe stops Sam Smith's car because Smith is speeding. After Doe gives Smith a ticket for speeding, the stop should be over, but Doe wonders if Smith might have drugs in his car. Since Doe doesn't have probable cause to search the car under the vehicle exception, the only way he can search it is if Smith consents.

So Doe says to Smith, "Mind if I search your car?" If Smith says "no," has he consented to a search of the car? If Smith says "yes," has he consented to a search of the car?

There are a few state cases that deal with this exact issue. The "Smith" in one of them said that when the officer asked, "mind if I search your car?" he said "no," meaning "no I don't want you to search my car." He said that when the officer went ahead and searched the car, he thought he couldn't stop him, because, he claimed, the officer had ignored his original refusal.

Alternatively, if the person says "yes" when the officer asks if he can search the car, that could mean the person is in effect saying "no -- don't search my car" or it could mean "yes -- you can search my car."

If the officer just asks, "can I search your car for drugs?", that avoids any ambiguity and any need to resolve those ambiguities on a motion to suppress and/or on appeals from the denial of a motion to suppress. And the same principle applies whether the officer is asking for consent to search a car, a house or a computer.