LITIGATION SUPPORT TIP OF THE NIGHT

The Department of Justice's Computer Crime and Intellectual Property Section Criminal Division's manual, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, advises agents that electronic media does not have to be searched on-site during the execution of a search warrant. It acknowledges the difficulty of searching hidden directories; encrypted data; intentionally mislabeled files; and slack space. The tendency of operating systems to automatically alter data, and the possibility of the remote deletion of relevant data is also discussed. The manual cites several court decisions which have approved removing hard drives and other devices to off-site locations for review.

"Agents are recommended to consider removing hard drives from computers in order to make an image copy on-site. If the entire computer has to be seized, the need to so should specified in the affidavit for the warrant.

As imaging and/or removal is necessary in nearly every computer search warrant case, it is doubtful that failure to include such a statement in the affidavit constitutes a Fourth Amendment violation. Nevertheless, although explicitly required only by the Ninth Circuit, it is a good practice for every search warrant affidavit to explain why it is necessary to image an entire hard drive (or physically seize it) and later examine it for responsive records." (page 78)

Affidavits are not to specify a protocol for the review of hard drive, but simply note that off-site review may be required.

The government can apply for a court order to collect phone numbers and caller ID info under the Pen/Trap Statute, 18 U.S.C. §§ 3121-3127, when the information may be used for an ongoing criminal investigation. The court does not conduct an independent inquiry. District court rulings have found that this statute can apply to communications across computer networks.

A pen register is a device or process that can record numbers made from a phone, while a trap and trace device records numbers and caller ID sent to a phone. According to the Department of Justice's Computer Crime and Intellectual Property Section Criminal Division's manual, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, "Because Internet headers contain both 'to' and 'from' information, a device that reads the entire header (minus the subject line in the case of email headers) is both a pen register and a trap and trace device, and it is commonly referred to as a pen/trap device." Mobile phones, email accounts, IP addresses, and internet user accounts are covered by the Pen/Trap statute.

An order issued under the Pen/Trap statute can trace communications made through multiple computers that are used in order to transmit data between a victim and a criminal.

An applicant does not need to state specifically what kind of communication information they are seeking, and courts are split over whether an order should specify what types of data (such email subject fields) should not be collected.

18 U.S.C. § 3121 requires that the government use all available technology to avoid collecting the content of communications. The government cannot use any content that it does collect. The courts are also split on whether or not pen/trap devices cannot be used at all if they do collect such content.

'Post-cut-through dialed digits' can be considered content. These are numbers entered after a phone call is connected, such as the password for a voicemail system.

The Free Law Project is a non--profit organization that has assembled an archive of all of the free court orders and opinions available on PACER. The RECAP archive allows you to search by case names, docket numbers, and several other fields. See: https://www.courtlistener.com/recap/ .

The archive is updated on a daily basis.

One of the really neat things about the archive is that it allows you to run a full text search through all of the posted decisions. This is something that the to the best of my knowledge PACER doesn't allow you to do. You can search through the text of federal filings with Lexis Courtlink, but this requires a paid account.