• United States v. Cotterman, No. 09-10139 (9th Cir. Mar. 30, 2011).

Background

When the colonies adopted a Constitution for these United States a few abuses of government power were of such significant concern that they were singled out as beyond the power of government in the Bill of Rights. Unreasonable searches and seizures were among these abuses and are forbidden by the Fourth Amendment.

The Supreme Court recalled the basis of this concern in its 1886 opinion, Boyd v. United States, 116 U.S. 616 (1886):

In order to ascertain the nature of the proceedings intended by the Fourth Amendment to the Constitution under the terms “unreasonable searches and seizures,” it is only necessary to recall the contemporary or then recent history of the controversies on the subject, both in this country and in England. The practice had obtained in the colonies of issuing writs of assistance to the revenue officers, empowering them, in their discretion, to search suspected places for smuggled goods, which James Otis pronounced “the worst instrument of arbitrary power, the most destructive of English liberty, and the fundamental principles of law, that ever was found in an English law book;” since they placed “the liberty of every man in the hands of every petty officer.” This was in February, 1761, in Boston, and the famous debate in which it occurred was perhaps the most prominent event which inaugurated the resistance of the colonies to the oppressions of the mother country. “Then and there,” said John Adams, “then and there was the first scene of the first act of opposition to the arbitrary claims of Great Britain. Then and there the child Independence was born.”

This history of the origins of the Fourth Amendment stands in stark contrast to its interpretation in the context of searches and seizures at the international border (or its “equivalent”) and this already-broad exception appears to have now “swallowed the rule” especially in digital contexts. The border search “exception” that has grown up in non-digital contexts is sometimes summarized with statements such as,

Generally, “searches made at the border… are reasonable simply by virtue of the fact that they occur at the border…” United States v. Ramsey, 413 U.S. 606, 616 (1977).

This exception for the international border creeps inland with the following sort of reasoning:

Searches of international passengers at American airports are considered border searches because they occur at the “functional equivalent of a border.” Almeida-Sanchez v. United States, 413 U.S. 266, 273 (1973).

And thus, searches of various types of items have been upheld even where those searches were not based on any particularized suspicion:

• the contents of a traveler’s briefcase and luggage. United States v. Tsai, 282 F.3d 690 (9th Cir. 2002);
• a traveler’s “purse, wallet, or pockets,” Henderson v. United States, 390 F.2d 805, 808 (9th Cir. 1967);
• papers found in containers such as pockets. United States v. Grayson, 597 F.2d 1225, 1228-29 (9th Cir. 1979); and
• pictures, films, and other graphic materials. United States v. Thirty-Seven Photographs, 402 U.S. 363, 376 (1971).

While the argument that the border search exception is fundamentally flawed in all contexts is not frivolous, it’s persuasive authority would depend on displacing an extremely long line of precedents. However, more recently a narrower argument has been made that new contexts created by ubiquitous digital devices requires the case law in the border search context to take a new direction. Digital devices such as laptops, and increasingly, smartphones, are capable of massive amounts of storage of all manner of information about the most private areas of one’s life. The argument thus would suggest that this is not merely a change in the degree of the intrusiveness of suspicionless government searches, but a fundamental change of kind that requires a different result.

When applying these non-digital border search precedents to a suspicionless laptop search, the Ninth Circuit recently concluded that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border. United States v. Arnold, 533 F.3d 1003 (9th Cir. 2008).

Cotterman at the District Court

This expansion of the border search exception seemed to finally have found a limit in another laptop case, United States v. Cotterman, No. 07-01207, 2009 WL 465028 (D. Ariz. Feb. 24, 2009) (Order adopting Magistrate’s Recommendation), in which the district court concluded that when a laptop is seized at the border and then a forensic search of the laptop is conducted 170 miles away from the border over a period of four days (without a search warrant) that this constitutes a non-routine border search that requires reasonable suspicion.

Cotterman at the Ninth Circuit

On March 30, 2011, the Ninth Circuit reversed the district court. United States v. Cotterman, No. 09-10139 (9th Cir. 2011). The court summarized,

We find no basis under the law to distinguish the border search power merely because logic and practicality may require some property presented for entry—and not yet admitted or released from the sovereign’s control—to be transported to a secondary site for adequate inspection. The border search doctrine is not so rigid as to require the United States to equip every entry point—no matter how desolate or infrequently traveled—with inspectors and sophisticated forensic equipment capable of searching whatever property an individual may wish to bring within our borders or be otherwise precluded from exercising its right to protect our nation absent some heightened suspicion.

Still, the line we draw stops far short of “anything goes” at the border. The Government cannot simply seize property under its border search power and hold it for weeks, months, or years on a whim. Rather, we continue to scrutinize searches and seizures effectuated under the longstanding border search power on a case-by-case basis to determine whether the manner of the search and seizure was so egregious as to render it unreasonable.

The decision was reached over a vigorous dissent:

I would hold that officers must have some level of particularized suspicion in order to conduct a seizure and search like the one at issue here, because (1) seizing one’s personal property deprives the individual of his valid possessory interest in his property, and (2) authorizing a generalized computer forensic search (untethered to any particularized suspicion) permits the Government to engage in the type of generalized fishing expeditions that the Fourth Amendment is designed to prevent.

With this latest holding, it is unclear whether even time and space can limit the apparently boundless border search exception. Instead, it appears that once again the liberty of every man is in the hands of every petty officer.

See also:

• Howard Fischer, Court ruling backs search of laptop by Arizona customs officers, Arizona Daily Star (Mar. 30, 2011).
• Orin Kerr, Ninth Circuit Decides Cotterman Case, Reversing District Court on Laptop Seizure at the Border, The Volokh Conspiracy (Mar. 30, 2011).

United States v. Warshak, No. 08-3997 (6th Cir. Dec. 14, 2010).

Stop me if you’ve heard this one before…

Under the Stored Communications Act, when a governmental entity seeks disclosure of stored communications it is required by 18 U.S.C. §2703(b) to provide notice to the target.

18 U.S.C. §2705 establishes a process by which they can delay that required notice:

• For a period not to exceed 90 days;
• Only if either a court determines or a supervisory official certifies that one of five adverse results may occur if the required notice is provided; and
• 90 day extensions are allowed only by the court or certification.

Under 18 U.S.C. 2703§(d), the Stored Communications Act allowed government-compelled disclosure of emails on a standard of less than probable cause:

A court order for disclosure… shall issue only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. (emphases added)

Compare this with the probable cause standard for a search warrant of: “information sufficient to warrant a prudent person’s belief that evidence of a crime or contraband would be found in a search.”

When Warshak visited the Sixth Circuit back in 2007 in his civil suit, Warshak v. United States, 490 F.3d 455 (6th Cir. 2007) (now vacated) we learned the following facts:

• The Government got court-ordered access to Warshak’s email accounts without notice to Warshak and violated both the SCA and the Court’s Order by not notifying Warshak for over a year.
• Warshak asked the Government to provide assurances that it would not seek similar orders and the Government refused.
• Warshak sought an injunction prohibiting such future searches.

The now-vacated opinion by the Sixth Circuit from 2007 is a really great read. That panel held that email users always have a reasonable expectation of privacy against the outside world in their email.

However, the Sixth Circuit reheard the case en banc and in a head-scratching 9-5 decision in 2008, Warshak v. United States, 532 F.3d 521 (6th Cir. 2008) (en banc), decided that Warshak’s constitutional claim was not ripe for judicial resolution. The majority wrote, “The question is whether the government will conduct another ex parte search of his emails, a possibility that is exceedingly remote, given that [there is no longer an ongoing investigation.]”

The dissent in that en banc decision was as blistering as it was eloquent:

History tells us that it is not the fact that a constitutional right is at issue that portends the outcome of a case, but rather what specific right we are talking about. If it is free speech, freedom of religion, or the right to bear arms, we are quick to strike down laws that curtail those freedoms. But if we are discussing the Fourth Amendment’s right to be free from unreasonable searches and seizures, heaven forbid that we should intrude on the government’s investigatory province and actually require it to abide by the mandates of the Bill of Rights.

I can only imagine what our founding fathers would think of this decision. If I were to tell James Otis and John Adams that a citizen’s private correspondence is now potentially subject to ex parte and unannounced searches by the government without a warrant supported by probable cause, what would they say? Probably nothing, they would be left speechless.

Warshak’s criminal case continued, and today a Sixth Circuit panel got another shot at this fact pattern in United States v. Warshak, No. 08-3997 (6th Cir. Dec. 14, 2010).

The most striking thing about this opinion is that two of the judges on this panel, Judges Boggs and McKeague, who wrote and joined today’s majority opinion respectively, were formerly part of the en banc majority that found that at that time the issue was not ripe for adjudication. Unless other votes have shifted in the interim, this suggests that, even if this case were to be reheard en banc, there are not likely to be enough votes to undo the result again. This time, email privacy may come out unscathed from the Sixth Circuit.

Today’s panel held that, “Warshak enjoyed a reasonable expectation of privacy in his emails vis-a-vis NuVox, his Internet Service Provider. See Katz v. United States, 389 U.S. 347 (1967). Thus, government agents violated his Fourth Amendment rights by compelling NuVox to turn over the emails without first obtaining a warrant based on probable cause.”

The court wrote,

[T]he very fact that information is being passed through a communications network is a paramount Fourth Amendment consideration…. Second, the Fourth Amendment must keep pace with the inexorable march of technological progress, or its guarantees will wither and perish. See Kyllo v. United States, 533 U.S. 27, 34 (2001) (noting that evolving technology must not be permitted to “erode the privacy guaranteed by the Fourth Amendment”); see also Orin S. Kerr, Applying the Fourth Amendment to the Internet: A General Approach, 62 Stan. L. Rev. 1005, 1007 (2010) (arguing that “the differences between the facts of physical space and the facts of the Internet require courts to identify new Fourth Amendment distinctions to maintain the function of Fourth Amendment rules in an online environment”).

The court continues,

If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call—unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.

The court sums up this portion of the opinion with,

Accordingly, we hold that a subscriber enjoys a reasonable expectation of privacy in the contents of emails “that are stored with, or sent or received through, a commercial ISP.”… The government may not compel a commercial ISP to turn over the contents of a subscriber’s emails without first obtaining a warrant based on probable cause. Therefore, because they did not obtain a warrant, the government agents violated the Fourth Amendment when they obtained the contents of Warshak’s emails. Moreover, to the extent that the SCA purports to permit the government to obtain such emails warrantlessly, the SCA is unconstitutional.

It’s almost enough to make one believe that James Otis and John Adams got their voices back.

See also:

• Kevin Bankston, Breaking News on EFF Victory: Appeals Court Holds that Email Privacy Protected by Fourth Amendment, EFF DeepLinks (Dec. 14, 2010).
• Paul Ohm, Court Rules Email Protected by Fourth Amendment, Freedom to Tinker (Dec. 14, 2010).
• Orin Kerr, Sixth Circuit Rules that E-Mail Protected by the Fourth Amendment Warrant Requirement, The Volokh Conspiracy (Dec. 14, 2010).

United States v. Comprehensive Drug Testing (9th Cir. Sep. 13, 2010).

On August 26, 2009, the United States Court of Appeals for the Ninth Circuit, sitting en banc, issued an opinion in United States v. Comprehensive Drug Testing. On December 18, 2009, the Court issued an order saying,

“The court is considering whether it should grant panel or full-court rehearing in this matter and will issue an order granting or denying rehearing in due course.”

The answer came in the form of a revised en banc opinion issued today accompanied by this order:

“The revised opinion filed concurrently herewith shall constitute the final action of the court. No petitions for rehearing will be considered.”

So this appears to be the Ninth Circuit’s final word on this case. A quick and dirty comparison of the 2009 opinion with today’s revision shows that largely the changes are as follows:

The majority opinion originally authored by Chief Judge Kozinski is now a “Per Curiam” opinion but virtually all of the text of that opinion that sought to give future guidance to magistrate judges on how to handle computer searches was moved (mostly unchanged) to the concurrence by Kozinski, joined by Kleinfeld, W. Fletcher, Paez, and M. Smith.

Here are the main passages removed from the majority opinion and placed into Kozinski’s concurrence:

Throughout, we take the opportunity to guide our district and magistrate judges in the proper administration of search warrants and grand jury subpoenas for electronically stored information, so as to strike a proper balance between the government’s legitimate interest in law enforcement and the people’s right to privacy and property in their papers and effects, as guaranteed by the Fourth Amendment.

…

To avoid this illogical result, the government should, in future warrant applications, forswear reliance on the plain view doctrine or any similar doctrine that would allow it to retain data to which it has gained access only because it was required to segregate seizable from non-seizable data. If the government doesn’t consent to such a waiver, the magistrate judge should order that the seizable and non-seizable data be separated by an independent third party under the supervision of the court, or deny the warrant altogether.

In addition, while it is perfectly appropriate for the warrant application to acquaint the issuing judicial officer with the theoretical risks of concealment and destruction of evidence, the government must also fairly disclose the actual degree of such risks in the case presented to the judicial officer. In this case, for example, the warrant application presented to Judge Johnson discussed the numerous theoretical risks that the data might be destroyed, but failed to mention that Comprehensive Drug Testing had agreed to keep the data intact until its motion to quash the subpoena could be ruled on by the Northern California district court, and that the United States Attorney’s Office had accepted this representation. This omission created the false impression that, unless the data was seized at once, it would be lost. Comprehensive Drug Testing, 513 F.3d at 1132 (Thomas, J., dissenting). Such pledges of data retention are obviously highly relevant in determining whether a warrant is needed at all and, if so, what its scope should be. If the government believes such pledges to be unreliable, it may say so and explain why. But omitting such highly relevant information altogether is inconsistent with the government’s duty of candor in presenting a warrant application. A lack of candor in this or any other aspect of the warrant application shall bear heavily against the government in the calculus of any subsequent motion to return or suppress the seized data.

Finally, the process of sorting, segregating, decoding and otherwise separating seizable data (as defined by the warrant) from all other data must be designed to achieve that purpose and that purpose only. Thus, if the government is allowed to seize information pertaining to ten names, the search protocol must be designed to discover data pertaining to those names only, not to others, and not those pertaining to other illegality. For example, the government has sophisticated hashing tools at its disposal that allow the identification of well-known illegal files (such as child pornography) without actually opening the files themselves. These and similar search tools may not be used without specific authorization in the warrant, and such permission may only be given if there is probable cause to believe that such files can be found on the electronic medium to be seized.

…

To guard against such unlawful conduct in the future, the warrant application should normally include, or the issuing judicial officer should insert, a protocol for preventing agents involved in the investigation from examining or retaining any data other than that for which probable cause is shown. The procedure might involve, as in this case, a requirement that the segregation be done by specially trained computer personnel who are not involved in the investigation. It should be made clear that only those personnel may examine and segregate the data. The government must also agree that such computer personnel will not communicate any information they learn during the segregation process absent further approval of the court.

At the discretion of the issuing judicial officer, and depending on the nature and sensitivity of the privacy interests involved, the computer personnel in question may be government employees or independent third parties not affiliated with the government. The issuing judicial officer may appoint an independent expert or special master to conduct or supervise the segregation and redaction of the data. In a case such as this one, where the party subject to the warrant is not suspected of any crime, and where the privacy interests of numerous other parties who are not under suspicion of criminal wrongdoing are implicated by the search, the presumption should be that the segregation of the data will be conducted by, or under the close supervision of, an independent third party selected by the court.

Once the data has been segregated (and, if necessary, redacted), the government agents involved in the investigation may examine only the information covered by the terms of the warrant. Absent further judicial authorization, any remaining copies must be destroyed or, at least so long as they may be lawfully possessed by the party from whom they were seized, returned along with the actual physical medium that may have been seized (such as a hard drive or computer). The government may not retain copies of such returned data, unless it obtains specific judicial authorization to do so. Also, within a time specified in the warrant, which should be as soon as practicable, the government must provide the issuing officer with a return disclosing precisely what data it has obtained as a consequence of the search, and what data it has returned to the party from whom it was seized. The return must include a sworn certificate that the government has destroyed or returned all copies of data that it is not entitled to keep. If the government believes it is entitled to retain data as to which no probable cause was shown in the original warrant, it may seek a new warrant or justify the warrantless seizure by some means other than plain view.

…

Instead of

“We believe it is useful, therefore, to update Tamura to apply to the daunting realities of electronic searches which will nearly always present the kind of situation that Tamura believed would be rare and exceptional—the inability of government agents to segregate seizable from non-seizable materials at the scene of the search, and thus the necessity to seize far more than is actually authorized.”

The new opinion just says,

“We have updated Tamura to apply to the daunting realities of electronic searches.”

…

In general, we adopt Tamura’s solution to the problem of necessary over-seizing of evidence: When the government wishes to obtain a warrant to examine a computer hard drive or electronic storage medium in searching for certain incriminating files, or when a search for evidence could result in the seizure of a computer, see, e.g., United States v. Giberson, 527 F.3d 882 (9th Cir. 2008), magistrate judges must be vigilant in observing the guidance we have set out throughout our opinion, which can be summed up as follows:

1. Magistrates should insist that the government waive reliance upon the plain view doctrine in digital evidence cases. See p. 11876 supra.

2. Segregation and redaction must be either done by spe cialized personnel or an independent third party. See pp. 11880-81 supra. If the segregation is to be done by government computer personnel, it must agree in the warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant.

3. Warrants and subpoenas must disclose the actual risks of destruction of information as well as prior efforts to seize that information in other judicial for a. See pp. 11877-78, 11886-87 supra.

4. The government’s search protocol must be designed to uncover only the information for which it has probable cause, and only that information may be examined by the case agents. See pp. 11878, 11880-81 supra.

5. The government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept. See p. 11881-82 supra.

Just as Tamura has served as a guidepost for decades, we trust that the procedures we have outlined above will prove a useful tool for the future. In the end, however, we must rely on the good sense and vigilance of our magistrate judges, who are in the front line of preserving the constitutional freedoms of our citizens while assisting the government in its legitimate efforts to prosecute criminal activity.

With all these sections moved to Kozinski’s concurrence, Judge Callahan notes, “The concurrence is not joined by a majority of the en banc panel and accordingly the suggested guidelines are not Ninth Circuit law.”

See Also:

• Orin Kerr, Ninth Circuit Balks in BALCO Case, Denying Super En Banc in United States v. Comprehensive Drug Testing But Amending Opinion to Remove Challenged Section, Volokh Conspiracy (Sep. 13, 2010).

• Jewel v. National Security Agency (N.D. Cal.).
• In re National Sec. Agency Telecom. Records Litig. (N.D. Cal.).
• Hepting v. AT&T Corp. (N.D. Cal.).

Background:

In the fall of 2001, President Bush signed an Executive Order permitting the National Security Agency to intercept certain domestic communications of American citizens.  These interceptions were made without a warrant and without adhering to the procedures set forth in the Foreign Intelligence Surveillance Act.  These communications included a substantial amount of Internet traffic.

In 2005, the New York Times revealed the existence of this program.  Shortly thereafter, a former AT&T engineer named Mark Klein came forward with evidence that the AT&T facility at 600 Folsom Street in San Francisco contained equipment which handed off AT&T customer communications to the NSA.

Based on that evidence, in 2006, the Electronic Frontier Foundation filed a class action lawsuit against AT&T styled Hepting v. AT&T.  The United States intervened, seeking dismissal of the suit on the ground that continued litigation would reveal state secrets and harm national security.  AT&T also moved to dismiss.  In July of 2006, Judge Vaughn R. Walker of the United States District Court for the Northern District of California denied those motions.¹ In 2008, Congress enacted and President Bush signed the FISA Amendments Act of 2008, whose express purpose was to end the Hepting v. AT&T lawsuit by granting immunity to telecommunications companies who cooperated in surveillance activities.  It was successful in that aim; Judge Walker granted the government’s motion to dismiss based on that new statute on June 3, 2009.²

Soon after immunity for telecommunications companies became a real possibility, in fall of 2008, the EFF filed a new lawsuit based on warrantless Internet surveillance, this time directly against the government: Jewel v. National Security Agency. In April of 2009, the government moved to dismiss, primarily on the ground that continued litigation would reveal state secrets and harm national security.  After oral argument on that motion, the parties were ordered to submit supplemental briefing on the issue of to what extent FISA preempts the common law state secrets privilege.  That briefing is ongoing, and the motion to dismiss is currently under submission.

What’s At Stake:

Cyberlaw casebooks and treatises are full of cases dealing with intricate questions of Internet user privacy: what information may or must be provided in response to a civil subpoena, or in response to an informal law enforcement request, or in response to a search pursuant to a warrant.  But none of that matters much if the President can simply issue a secret, unreviewable order requiring telecom companies to give the government a copy of every bit that traverses the Internet, without any limits on the uses to which that information can be put.

If dragnet government surveillance is permitted, do citizens cease to have a reasonable expectation of privacy in their Internet communications? Would that open the door to a weakening or elimination of the warrant requirement even in ordinary criminal cases where the Internet is involved?  Would we ultimately circle back to one of the original cyberlaw dilemmas—the regulation of encryption technology?

In some ways, Jewel presents a classic cyberlaw problem: what do we do as a society now that the Internet makes possible something that was previously impossibly difficult?

See also:

• Greg Nojeim, Surveillance Program Overly Secret and Its Importance Overblown, PolicyBeta (Jul. 10, 2009).
• Hugh D’Andrade, News Round-Up: Jewel v. NSA Hearing, Deeplinks (Jul. 16, 2009).
• Howard Wasserman, Is retroactive telecom immunity unconstitutional? No, Prawfsblog (Aug. 15, 2008).

Footnotes

1. Hepting v. AT&T Corp., 439 F. Supp. 2d 974 (N.D. Cal. 2006).
2. In re National Sec. Agency Telecom. Records Litig., 2009 U.S. Dist. LEXIS 48283 (N.D. Cal. Jun. 3, 2009).