Docstoc

Federal Search Seizure Update

Document Sample
Federal Search Seizure Update Powered By Docstoc
					2010 Financial Crimes & Digital Evidence Conference


                   Sean B. Hoar
         Assistant United States Attorney
               sean.hoar@usdoj.gov
   United States v. Comprehensive Drug Testing, Inc.
    (“CDT I “ – filed August 26, 2009)
   Classic example of bad facts making bad law
   CDT I was an en banc decision which affirmed three
    district court orders
     one quashing subpoenas
     two ordering return of property seized pursuant to a
      search warrant
       The subpoenas and search warrants emanated from a
        criminal investigation, but CDT was not a criminal
        defendant, merely a repository of digital evidence
   The case emanated from an investigation into
    the use of steroids by professional baseball
    players – remember Barry Bonds?
       In 2002, an investigation commenced into the Bay
        Area Lab Cooperative (BALCO), which was
        suspected of providing steroids to professional
        baseball players.
       That year, the Major League Baseball Players
        Association (MLBPA) entered into a collective
        bargaining agreement with MLB owners
   The collective bargaining agreement provided
    for suspicionless drug testing of all players.
       Urine samples were to be collected during first year
        of agreement and tested for banned substances.
       Players were assured results would remain
        anonymous and confidential . . .
   The sole purpose of the testing was to
    determine whether more than five percent of
    players tested positive – which would require
    additional testing in future seasons.
       CDT administered the program
         collected specimens from players
         maintained list of players & test results
       Quest Diagnostics performed actual tests
   During the BALCO investigation, ten players
    were identified as having tested positive in the
    CDT program.
       NDCA issued a grand jury subpoena seeking all
        “drug testing records and specimens” pertaining to
        MLB in CDT’s possession.
       CDT and MLBPA attempted to negotiate a more
        limited subpoena, but negotiations failed.
   When negotiations failed, CDT and
    MLBPA moved to quash the subpoena.
   After CDT and baseball players’ union moved
    to quash the subpoena . . . a search warrant –
    limited to test results of ten named baseball
    players - was obtained for CDT’s facilities in
    Long Beach, California
   And - you guessed it - although the CDT
    warrant was limited to test results of ten
    named baseball players, drug testing
    records of hundreds of MLB players – and
    many more people - were obtained . . .
 A search warrant was also obtained for
  the urine samples on which the drug tests
  had been performed which were kept at
  Quest Diagnostics’ facilities in Las Vegas.
 New subpoenas were then served on CDT
  and Quest for the same records which had
  just been seized.
   CDT and MLBPA then moved for return
    of the property seized from CDT in CDCA
       Judge Cooper in CDCA found that government failed to
        comply with procedures specified in warrant and ordered
        property returned
   CDT and MLBPA also moved for return of
    property seized from Quest in Nevada
       Judge Mahan in Nevada ordered property returned, with
        exception of ten identified baseball players
   CDT and MLBPA then moved to quash
    latest round of subpoenas in NDCA
       Judge Ilston in NDCA quashed the subpoenas
   All three judges expressed grave
    dissatisfaction with government’s
    handling of investigation, even going so
    far as to accuse government of
    manipulation and misrepresentation.
   The search warrant affidavit
       Contained extensive boilerplate about risk of
        destruction of electronically stored information if
        search not done off-site
         Which supported authorization for off-site search
       Contained procedure wherein data would be
        reviewed and segregated by specially trained
        computer personnel to restrict access to data by
        investigating agents
         Which supported authorization to examine data
   The search warrant affidavit
       Contained procedure wherein if computer personnel
        determined that data fell outside warrant, the data
        would be returned within reasonable period of time
        not to exceed 60 days from date of seizure, absent
        further authorization
         Which supported authorization for seizure
   In executing the search warrant at CDT’s
    facilities in Long Beach . . .
       the agent copied a file directory (the Tracey
        Directory) off a network server which included,
        among hundreds of other documents, an Excel
        spreadsheet that contained the names of many
        baseball players who tested positive for steroids
       The agents took an electronic copy of the entire
        directory off-site for later review . . .
   The problem . . .
       boilerplate about risk of destruction of
        electronically stored information if search not
        done off-site wasn’t accurate . . .
         The record reflected no forensic lab analysis, no
          evidence of booby traps, no decryption, no cracking
          of passwords, no effort by dedicated computer
          computer specialist to separate data from which
          government had probable cause from other data . . .
   The problem . . .
       procedure wherein data would be reviewed and
        segregated by specially trained computer
        personnel to restrict access to data by investigating
        agents wasn’t followed
         The “Tracey Directory” – which had names of all
          those who tested positive – was immediately
          provided to case agent who examined entire list
       Procedure for return of data wasn’t followed
   Because certain evidence seized was outside
    the scope of warrant & because procedures
    specified in warrant not complied with . . .
       Two district courts ordered the return of property
         District of Nevada (Judge Mahan)
         Central District of California (Judge Cooper)
       One district court ordered subpoenas quashed
         Northern District of California (Judge Illston)
   All three judges expressed “grave
    dissatisfaction” with government’s handling of
    investigation
       Even accusing it of manipulation &
        misrepresentation
   Government then appealed all three orders
       Divided 9th Circuit panel reversed two orders but
        found appeal from Cooper order untimely
       Case then taken en banc . . .
   CDT I affirmed three district court orders
       one quashing subpoenas
       two ordering return of property seized pursuant to a
        search warrant
   Chief Judge Kozinski wrote opinion
       Concluding: “This was an obvious case of deliberate
        overreaching by the government in an effort to seize
        data as to which it lacked probable cause.”
       and taking “the opportunity to guide our district
        and magistrate judges in the proper administration
        of search warrants and grand jury subpoenas for
        electronically stored information . . .”
   Magistrates should insist that government waive reliance upon plain
    view doctrine in digital evidence cases.
   Segregation and redaction must be done by specialized personnel or
    independent third party. If segregation is done by government computer
    personnel, it must agree in the warrant application that computer
    personnel will not disclose to investigators any information other than
    that which is the target of the warrant.
   Warrants and subpoenas must disclose actual risks of destruction of
    information and prior efforts to seize information in other judicial fora.
   Government’s search protocol must be designed to uncover only
    information for which it has probable cause, and only that information
    may be examined by the case agents.
   Government must destroy or, if the recipient may lawfully possess it,
    return non-responsive data, keeping the issuing magistrate informed
    about when it has done so and what it has kept.
   In Oregon, federal digital evidence searches
    stopped between August and October, 2009
   October, 2009, Oregon USAO negotiated
    reasonable application of CDT I
       Wall between reviewers (usually computer
        personnel) & investigators
       Data reviewed segregated &/or redacted prior to
        investigative review
       Reasonable time for review (120 days)
       Reasonable warrant return procedure
       Reasonable device/image retention procedure
   United States v. Comprehensive Drug Testing, Inc.
    (“CDT I I“ – filed September 13, 2010)
   CDT II is an en banc decision which resulted from a
    rehearing of the CDT I en banc decision
   CDT II again affirmed three district court orders
     one quashing subpoenas
     two ordering return of property seized pursuant to a
      search warrant
   But . . . CDT II eliminated troubling “guidance”
    requiring filter team search protocol
   Per Curiam Opinion of 11 Circuit judges;
     Concurrence by Chief Judge Kozinski joined by four
      judges (containing “guidance” from CDT I);
     Partial Concurrence and Partial Dissent by Judge
      Bea;
     Partial Concurrence and Partial Dissent by Judge
      Callahan joined by Judge Ikuta;
     Dissent by Judge Ikuta

   A wall between computer personnel &
    investigators is no longer required
   Although a wall between computer personnel &
    investigators is no longer required, search
    protocol should be as narrow as possible.
       Technological representations in affidavit will be
        scrutinized; i.e. actual concerns about data corruption
        should be specifically articulated.
   There should be disclosure about attempts to
    obtain evidence in different judicial fora (i.e.
    grand jury subpoenas for target information).
   Where there may be a heightened privacy
    interest (third party data repositories), alternate
    protocol may be developed.
   Under new Rule 41, return need not list all
    “data,” only the hardware seized
   The plain view doctrine need not be waived
     Government is not required to waive plain view
      doctrine
     As usual, second warrant will be sought should
      initial review reveal evidence of other crimes
2010 Financial Crimes & Digital Evidence Conference


                   Sean B. Hoar
         Assistant United States Attorney
               sean.hoar@usdoj.gov

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:1
posted:6/6/2012
language:
pages:28