Too Much Information: What to do about Data Seizures

In a surprisingly thoughtful post for, Vanessa Blum surveys the problems with the government dealing with excessive data seizures in prosecutions for computer crime.  As one might expect, the government wants the seize and retain everything it can get its hands on, arguing that it’s too much of a burden to sift through data and limit its retention to that which is relevant to their case. 

And as one might similarly expect, the defense position is tough nuggies.

More than a year after federal agents arrested 14 people accused in a cyberattack on PayPal, the high-profile prosecution has ground to a standstill over the handling of computers seized in the investigation.

Searches carried out in a dozen states targeted computers, hard drives, and other digital devices, resulting in an avalanche of electronic material for investigators to sift through.

But intermingled with potential evidence of a crime were millions of irrelevant files, like emails, photographs, medical records, downloaded articles, Internet search histories, and old tax returns.

There is no argument that the government lacks the authority to sift through this morass of data for evidence of a crime. But what of the data that isn’t evidence?  It may be a lot of effort to purge irrelevant data, but does the fact that it can be hard work mean that the government just doesn’t have to do it? That’s the government’s view.

“It’s permeating criminal investigations,” said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation. “What the government is arguing is that people increasingly use computers to further their crime and we have to search through everything, because criminals don’t label their contraband.”

Technology should allow government to more narrowly target searches of electronic data, said Fakhoury, a former federal public defender in Southern California.

“What the government is saying is the exact opposite, that the technology is so complicated, it’s impossible to ferret out what is relevant or irrelevant,” he said.

The government contends that the effort of purging person, non-incriminatory data from seized (actually, mirror imaged) hard drives could “could take ‘literally thousands’ of government employee hours and might harm the government’s case,” in that some issue could be raised at trial, such as the operability of a program, which could be disposed of by running the program for the jury.

The defense, not to mention Magistrate Judge Paul Grewal overseeing discovery in United States v. Collins, the distributed denial of service (DDoS) prosecution of alleged Anonymous members for their attack on Paypal after it closed down Wikileaks account, calls this nonsense. On the one hand, they dispute government claims that it would be an onerous burden to distinguish inculpatory evidence from everything else on a computer.

On the other hand, so what?  So what if it’s a burden for the government to limit its retention of personal information for which there is neither reason nor authority to maintain. 

Fortuitously, the case is being prosecuted in the 9th Circuit, subject to the en banc decision written by Chief Judge Alex Kozinski in Comprehensive Drug Testing, which prosecutors despise.

Defense lawyers say the holdings of Tamura and Comprehensive Drug Testing reign. The intermingled computer files may be taken off-site, but they must be carefully sorted and irrelevant materials must be deleted, destroyed or returned.

Fakhoury of the Electronic Frontier Foundation said there is no national standard for protocols in electronic searches. Prosecutors should be wary of pushing the limits, he said.

“The law doesn’t give prosecutors leeway to take whatever they want and keep it as long as they want,” he said. “The government is trying to expand its search and seizure powers, and I hope that judges are going to be resistant.”

The involvement of computers, data seizures and electronic discovery issues will likely become a part of every significant prosecution in the future, and the battle over what the government can seize and keep is being waged now, while few are paying close attention.  Decisions like Comprehensive Drug Testing, ironically written by one of the few judges who knows what it feels like to get burned by technology, will either form the backbone of limits on government seizures or be discarded in favor of making the government’s burden lighter.

If the rule as to what the government must purge is resolved by the old “law by analogy” paradigm, then what’s happening here is best compared to the government executing a search warrant for drugs in a home and seizing the television and alarm clock as well, just because it’s in the same place as the drugs.  Of course, the argument against this analogy is that it’s easy to tell what’s contraband and what’s not in the physical world, and thus isn’t nearly as burdensome as vetting a computer drive for irrelevant data.

The question is whether it’s really that hard to distinguish inculpatory evidence from the rest of the data.  Left in the hands of judges, this could be a problem, since technological processes tend to make their head hurt, and so they heed the complaints of government “experts” as to what can, and can’t, be easily done.  Bear in mind, reasonableness remains the touchstone for Fourth Amendment limitations.

But the government’s argument as to the need to retain data that happens to be on a drive, aside from its claim that it’s a lot of work, has some significant flaws. First, the government’s obligation begins with a requirement that there is a basis to believe that evidence of a crime exists, and hence the government goes into the search with a claimed knowledge that it knows what it’s looking for. So when it searches and finds the evidence, the government has reached the end of its authority. Take the evidence and purge the rest.

This, of course, isn’t how the government views it. Rather, they want to claim a variation plain view with a computer, just as a search pursuant to a warrant of a home may give rise to spotting an unanticipated bag of pot on a dresser. As long as they have the computer, they want to take a peak at everything else on it for evidence they didn’t know existed.  In the process, there will be an awful lot of personal information, private information, that has no bearing on any crime but nonetheless will be subject to search.

It strikes me that the problem is ultimately resolved by the scope of authority granted the government by the Fourth Amendment.  Where the government finds what it came for, it has maxed out its authority to search and everything else must be purged or returned.  That this may be difficult to do is both disingenuous and, likely, nonsense.  So what if it’s hard work to comply with constitutional limitations? If it’s too difficult, then don’t do it, but if you’re going to undertake the prosecution, then comply with constitutional limitations.

Of course, there is one lingering problem that has yet to be addressed. What happens when the government claims it’s purged the data but, well, there’s no way to know whether they’ve got a full mirror copy of the hard drive sitting in a prosecutor’s desk drawer?