Scott Greenfield has an interesting post about how much computerized data the government is allowed to seize when serving a warrant. Current practice is to seize it all and do whatever they want with it. Orin Kerr had proposed allowing the government to continue to seize all the data but putting restrictions on the use of that data so that only data responsive to the warrant can be used.
Scott’s position, if I understand it correctly, is that the warrant limits the scope of the seizure to the data specified in the warrant, and if the government can’t figure out how to limit their seizure to that data alone, then they just don’t get to seize anything. Too bad, so sad.
In my heart, I like Scott’s argument. He’s argued in that past that it’s a bad idea to make rules for the digital world by using analogies with the way we did things in the pre-digital world. That makes a lot of sense to me. We now store far more data in digital form than in the forms of data storage available when the Fourth Amendment was passed — my guess is we have more on our hard drives now than has ever been written down in all of human history — and if we were to make up rules from scratch to keep people secure in their persons, houses, papers, effects, and digitally stored data, against unreasonable searches and seizures, they would be considerably different from the rules we’ve evolved by analogy.
We’ve been witness to a similar situation when applying copyright law to digital data. Historically, copying and distributing creative works has been hard, so it made sense to have rules that govern copying and publication. And in the early years of the digital media revolution, copyright owners and publishers tried to build a virtual digital implementation of the system of rules we had been using for printed and recorded works. But as soon as consumers discovered they could copy digital works quickly, cheaply, and perfectly, they started to abandon the old copying and publication rules as too cumbersome, and we now seem to be evolving toward a system based around convenient access to source materials: If I hear a song on the radio and I want a copy, it’s much easier for me to download it from iTunes for $1.29 than it is to find someone willing to let me copy it for free. (Eventually, we will probably have laws that allow us to do this without 57-page click-to-accept legal agreements.)
Congress and the courts have been damned slow to adapt the search and seizure rules to the digital world in a reasonable way. Between things like the current rules for seizing computers and the third-party doctrine, the government has far too much easy access to our digital data, but I like to think that will eventually change as more people who grew up living in the digital world become judges and members of Congress. Someday they’ll get it, and we’ll get robust protection of digital data. Until then, Orin’s plan is about as good as it’s likely to get.
Still, I have at least three suggestions for improving Orin’s plan:
First and foremost (and least implausible), the government should not be allowed to seize computers for longer than it takes to copy the data and return the computers to the owners. A business without its data is a business that cannot operate, and a warrant to seize data becomes an order to shut a business down. (Even having a personal computer seized is damned inconvenient and expensive.) This is a longstanding problem with seizing evidence, but given that digital copies are quick, cheap, and perfect, it’s an area where seizures in the digital world can and should be less troublesome than in the physical world.
Second, it would be nice for a change if the restrictions on the government came with real teeth. I’m not sure how that could work, however, since the initial seizure would still be legal. But without any punishment for breaking the rules, the government will still try to use everything it has, and the worst that could happen is that a judge will say no. And really, if the government discovers something juicy in the non-responsive seized data that they’re not allowed to use, is it realistic to assume they will simply ignore it? Without serious penalties, what’s to stop them from trying a little “parallel construction” to conceal the fact that they’re using the restricted data?
A similar problem arises in civil lawsuits when one party wants to examine business records from another party, such as all emails relevant to the disputed matter. The party responding to the discovery request doesn’t want to turn over all its email messages, full of sensitive business secrets, to the opposition, but the party requesting the email messages doesn’t trust the provider not to leave out messages that would hurt it in the lawsuit. One common solution to this problem is to have the responding party turn over all email messages to a neutral third party which is responsible for picking out the relevant messages and turning them over to the party requesting them.
So my third suggestion is that perhaps digital data seizures in criminal matters could be filtered through a neutral third party as well. I believe there’s some precedent for this in the way client files are protected when a lawyer is being investigated for a crime: The court appoints a special master to review the files for privileged material. Perhaps that protection could be extended more broadly to include filtering terabytes of non-responsive data down to just the material specified in the warrant. It would be a time-consuming and expensive process, but maybe that would discourage fishing expeditions, especially the fishing expeditions that turn into massive data dredging operations.