Drawing an interesting distinction between “a review of computer files” and a “forensic examination” of a computer, the long-awaited en banc decision of the 9th Circuit in United State v. Cotterman concluded that reasonable suspicion is required, reflecting a return to the underlying purpose of border searches rather than using them as an excuse for free unlimited criminal searches.
The court rejected the “extended border search” distance argument, where the forensic examination was performed 170 miles from the border, holding that the location isn’t the critical issue. What mattered, the majority held, was that computers were different, representing the “uniquely sensitive nature of the data” which
often retain information far beyond the perceived point of erasure, carries with it a significant expectation of privacy and thus renders an exhaustive exploratory search more intrusive than with other forms of property.
Finally, a court has recognized that computers, devices that contain information about the most private and intimate aspects of a person’s life, do not become fodder for the government under a rule devised to keep infected fruit and untaxed diamonds from crossing the border.
From the majority opinion by Judge Margaret McKeown:
The relevant inquiry, as always, is one of reasonableness. But that reasonableness determination must account for differences in property. Unlike searches involving a reassembled gas tank, or small hole in the bed of a pickup truck, which have minimal or no impact beyond the search itself—and little implication for an individual’s dignity and privacy interests—the exposure of confidential and personal information has permanence. It cannot be undone. Accordingly, the uniquely sensitive nature of data on electronic devices carries with it a significant expectation of privacy and thus renders an exhaustive exploratory search more intrusive than with other forms of property.
After their initial search at the border, customs agents made copies of the hard drives and performed forensic evaluations of the computers that took days to turn up contraband. It was essentially a computer strip search. An exhaustive forensic search of a copied laptop hard drive intrudes upon privacy and dignity interests to a far greater degree than a cursory search at the border. It is little comfort to assume that the government—for now—does not have the time or resources to seize and search the millions of devices that accompany the millions of travelers who cross our borders. It is the potential unfettered dragnet effect that is troublesome.
The point is that the level of intrusiveness involved in what the court describes as a “forensic search,” breaking password protected data and searching the deepest, darkest regions of the hard drive for deleted data, is a probe of a different color than is justified by the border search exception.
This is a critically important analysis for two reasons. First, that it reflects a return to the purpose of border searches rather than an extension of the rule without recognition of the rubric. The border search exception was never meant as a free search for criminal conduct, but as a means of controlling dangerous items that might be brought into the country. As happens so often, the rule swallowed its purpose and became disconnected from the rationale that justified it in the first place.
More importantly, however, the court’s decision recognized that the digital world is different, and searches of computers cannot simply be determined by application of centuries old rules for physical-world things. Indeed, to the extent a fair analogy can be drawn, computers are “akin to reading a diary line by line looking for mention of criminal activity—plus looking at everything the writer may have erased.” It’s been a very long time since a court remembered that personal diaries are sacrosanct.
If there is any problem with the decision, it comes from the option given border guards in determining when a deeper probe is warranted based on the dreaded “totality of the circumstances.” While the majority held that password protection, per se, is not sufficient to create a reasonable suspicion, it is a factor.
The en banc court wrote that password protection of files, which is ubiquitous among many law-abiding citizens, will not in isolation give rise to reasonable suspicion, but that password protection may be considered in the totality of the circumstances where, as here, there are other indicia of criminal activity. The en banc court wrote that the existence of password-protected files is also relevant to assessing the reasonableness of the scope and duration of the search of the defendant’s computer.
This test tends to favor the artful structure of a post hoc argument by the government, taking otherwise insignificant details, breaking them into their smallest components, and creating the appearance of nefarious suspicion from otherwise utterly ordinary human conduct. Indicia of criminal activity is often less a matter of illegal conduct than how deftly a prosecutor can describe it.
In a side issue, the Cotterman decision burned the government’s tactical approach to the case. As Orin Kerr notes at Volokh Conspiracy ,
DOJ has generally refused to argue that there is reasonable suspicion in order to keep open Supreme Court review if/when the Ninth Circuit takes a narrow view of the exception. Specifically, DOJ has wanted to avoid the situation in which the Ninth Circuit establishes a reasonable suspicion standard, finds reasonable suspicion, and thus prevents DOJ from being able to file a cert petition to reverse the Ninth Circuit’s conclusion that reasonable suspicion is required.
In the en banc decision today, however, the Ninth Circuit goes on to determine that there is reasonable suspicion and that DOJ therefore wins the case. That is, after holding that reasonable suspicion is required, the en banc court goes on to say that reasonable suspicion existed to search Cotterman’s computer and thus that DOJ wins and the district court has to deny the suppression motion. Ordinarily, then, this would mean that DOJ cannot seek further review: After all, it won the case.
It’s still possible that the government can seek review of the underlying issue under Camreta v. Greene, where the Supreme Court suddenly ignores the Article III case and controversy concerns for the benefit of sad government officials. If not, then expect this issue to be fought on Second Circuit turf.
Eventually, it will make its way to the Supreme Court, assuming the other circuits recognize the merit of the 9th Circuit’s approach. Hopefully, the justices will finally come to the realization that borders aren’t an excuse for unfettered criminal conduct searches, and that computers are unlike anything that ever existed before in the physical world.
Update: In a new post, Orin raises some very interesting questions about the distinction between what sort of manual search is allows and where the line should be drawn.
Most users think of computer searches as occuring at the virtual level, because that’s the user experience. But computer forensic software works at the physical level: it treats the hard drive as a physical device that contains millions of zeros and one, not as a virtual “box” of information accessed through an operating system. User profiles and most password protection operate only at a virtual level, so a goverment forensic analyst operating at a physical level wouldn’t even notice the difference unless he was specifically looking for it.
So what does the Cotterman decision allow in the absence of reasonable suspicion, and where is the line drawn? Even if it’s a simple division between virtual and physical, just how far can a virtual search go? If there are 50,000 accessible files on a computer, can a border agent look at every one, even if it takes days? If a file is password protected, can he try to crack the password by chance for a week or two? Where is the line drawn? Cotterman leaves that unclear.