Wednesday, November 11, 2009

The Cioffi Email Search Warrant: Residual Issues

My last post was about U.S. v. Cioffi, in which a federal judge held that the search warrant issued for a suspect’s gmail account violated the 4th Amendment’s particularity requirement. The judge therefore granted the suspect’s motion to suppress evidence “seized from his personal email account.” U.S. v. Cioffi, 2009 WL 3416241 (U.S. District Court for the Eastern District of New York 2008).

Taken on its face, Cioffi seems straightforward: an application of basic 4th Amendment principles to an electronic search and seizure. That is probably true . . . but there may be some other, statutory issues lurking in the Cioffi decision. More precisely, the facts in the case may implicate some issues that are neither articulated nor addressed in the Cioffi decision.

Why do I mention statutes when it was argued and decided as a 4th Amendment case? As I mentioned in my first post on the Warshak case, the government uses a federal statute – 18 U.S. Code § 2703 – to get the contents of emails stored on an ISP’s server. The statute is implicitly predicated on the premise that we do not have a 4th Amendment expectation of privacy in emails stored on a third-party’s server; as I noted in an earlier post on the statute, it is, at least by implication, based on the U.S. Supreme Court’s decision in Smith v. Maryland, 442 U.S. 735 (1979).

In Smith, and the companion case of U.S. v. Miller, 425 U.S. 435 (1976), the Supreme Court held that we do not have a 4th Amendment expectation of privacy in information we share with a third-party, like a telephone company (Smith) or a financial institution (Miller). The premise is that by sharing information with a third-party, I assume the risk that this person or entity will share the information with the government; in other words, I assume the risk of betrayal.

As I’ve noted in earlier posts, I don’t agree with that and don’t agree with the current approach of using statutes – instead of the 4th Amendment – to govern law enforcement searches and seizures of emails and other stored content. This post, though isn’t about that; it’s about why the Cioffi court based its decision on the 4th Amendment and not on the statute that governs access to stored emails.

That statute is, as noted above, section 2703 of Title 18 of the U.S. Code. Two sections of § 2703 – sections (a) and (b) -- deal with the government’s gaining access to stored emails. Here is what § 2703(a) says:

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a[n] . . . electronic communication, that is in electronic storage . . . for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure . . . by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a[n] . . . electronic communication that has been in electronic storage . . . for more than one hundred and eighty days by the means available under subsection (b) of this section.

Subsection (b) lets the government obtain emails in storage for more than 180 days by using a search warrant, a subpoena or a court order. So under § 2703(b), an agent CAN use a search warrant to get the emails, but doesn’t have to.

The Cioffi opinion doesn’t explain why the FBI agent in that case sought a search warrant, and I don’t have access to the briefs in the case so I can’t be sure as to why he did. At one point, though, the Cioffi U.S. v. Cioffi, supra. After saying that, the court cites § 2703(b)(1)(A), which is the provision that says an agent can use a search warrant or a subpoena or a court order to get the contents of emails that have been stored with an ISP for over 180 days. U.S. v. Cioffi, supra. opinion says that the affidavit the agent submitted to obtain the search warrant for the gmail account quoted extensively from the statutory scheme of which § 2703 is a part.

Does that matter? . . . and if it does, why? That’s what I’m trying to figure out. In the legislative history relating to the adoption of 18 U.S. Code § 2703, Congress indicated that email content in storage for less than 180 days is entitled to more protection than content stored longer. The premise seems to have been that email stored for shorter periods is analogous to stuff kept in a safe deposit box while email stored for over 180 days is more like the content in Smith and Miller, i.e., is presumptively available to the party with which it’s stored. See Susan Freiwald, Online Surveillance, 56 Alabama Law Review 9 (2004). As many have pointed out, the distinction doesn’t make any sense, especially given how we now use email, but that’s not the issue I want to address here.

We know the agent in Cioffi used a search warrant to access the contents of the suspect’s email account. We don’t know how long the emails had been in storage. If they were stored for 180 days or less, the agent had to get the warrant under § 2703(a). If they were stored for over 180 days, he had the option of using a warrant but could have gone with a subpoena or a court order; since the court cited § 2703(b)(1)(A), I suspect they were stored for over 180 days.

If they were stored for 180+ days, then, as I said, the agent didn’t have to get a search warrant; he could proceed under the statute, instead of the 4th Amendment (because the assumption is that these emails weren’t protected by the 4th Amendment). If he didn’t have to get a warrant because the emails weren’t protected by the 4th Amendment, why did the federal judge analyze, and decide, the case under the 4th Amendment?

I was at a conference not long ago, and a speaker was talking about how a § 2703(b) warrant isn’t a 4th I’d never heard that before; I’d always tended to assume that § 2703(b)(1)(A) incorporates 4th Amendment procedure, which would mean that an agent has to get a warrant that’s supported by the 4th Amendment, particularly describes the place to be searched and the things to be seized. She seemed to think it doesn’t. If it doesn’t, then it would seem that a failure to comply with 4th Amendment procedures doesn’t trigger the exclusionary rule, i.e., if the agent messes up (as the agent apparently did in Cioffi), the evidence can still be used because there was no constitutional violation. Amendment warrant – it’s a statutory warrant.

Even it does, what does this mean when it comes to the applicability of the exclusionary rule? If § 2703(b)(1)(A) incorporates 4th Amendment procedure as an option for gaining authorization to search for and seize electronic evidence, does that mean the statute incorporates the 4th Amendment, so a violation of the statue triggers application of the 4th Amendment’s exclusionary rule? I don’t think that’s the way the statute was intended to work because this interpretation of § 2703(b)(1)(A) would effectively mean it’s applying full 4th Amendment protection to emails that have been stored for 180+ days . . . which clearly does not seem to have been Congress’ intention.

I can’t find a good explanation of any of this . . . but the impression I get is that in adopting § 2703(b)(1)(A), Congress was telling agents (and officers) they could play it safe and get a warrant, but didn’t have to. I suspect the position noted above – that a § 2703(b) warrant isn’t a 4th Amendment warrant – might be correct when it comes to the consequences of going for the warrant option but not adequately complying with the warrant requirements. Maybe the net effect of the § 2703(b)(1)(A) option is that an agent (or officer) can use a warrant to get emails stored 180+ days but not lose the evidence if he/she doesn’t comply with all the procedures needed to get a warrant. (A related statutory provision – 18 U.S. Code § 2708 – says suppression isn’t a remedy for violating § 2703.)

If that’s true, then why did the Cioffi court analyze the case as a straight 4th Amendment case instead of as a § 2703(b)(1)(A) case? If I’m right, and the emails had been stored for 180+ days, then the court seems to have implicitly assumed that the 4th Amendment applies to such emails. Otherwise, why would it have gone with the 4th Amendment analysis . . and applied the exclusionary rule as the remedy?

What if I’m wrong and the emails had been stored for 180 days or less . . . so the agent had to proceed under § 2703(a)? As I understand it – and as I think the Department of Justice would argue – the premise isn’t that § 2703(a) implements full 4th Amendment protection for emails that have been stored for less than 180 days. My understanding is that a warrant is required because Congress believed (based on how email worked in the mid-1980s, when the statute was drafted and adopted) that shorter storage justified greater protection. The greater protection, I think, was intended to be statutory, not 4th So if that’s correct, then it seems the Cioffi judge should have analyzed the propriety of the agent’s actions under § 2703(a), not under the 4th Amendment. Amendment.

I may well be missing some simple, obvious solution to all this. If you know what it is, please share it with the rest of us.

Even if there is some logical, statutorily-based explanation for why the Cioffi court did what it did, I don’t think it matters. As I’ve argued here and elsewhere, I think we need to get rid of these statutes and apply the 4th Amendment to the contents of emails and other electronic communications. Not all electronic communications may be entitled to equal treatment under the 4th Amendment, but that is something we could work out, just as courts have worked out how to apply the 4th Amendment to telephone conversations and cars.

No comments: