210 likes | 222 Views
This article provides an overview of digital device searches, including the types of devices involved, cloud searches, and the process followed by law enforcement. It also discusses the tools used by police, important case highlights, best practices for judicial oversight, and strategies for challenging digital device searches.
E N D
Digital Device Searches A digital device search is an examination of data stored on a device that uses a computer or microcontroller to record information.
Digital Device Searches Digital devices may include cell phones, tablets, laptops, desktop computers, and medical devices like pacemakers, hearing aids, heart-rate monitors, smartwatches, and smart meters. What do they include?
Cloud Searches Digital device searches may sometimes involve cloud searches where the device is used as a portal for examining digital information and media stored outside the device itself, on remote servers known as the “cloud.”
How do they work? Digital device searches (DDS) may be performed: • Manually – by looking through data on the device as a user would • Forensically – with assistance from other computers or software • Hybrid – using some combination of a manual and forensic search
What do the cops do? • The DOJ’s Manual for Searching and Seizing Computers and Obtaining Evidence in Criminal Investigations (https://eff.org/DOJDSM2009) sets forth a 2-step process for digital device searches: • The “imaging” - where law enforcement makes a complete digital copy of all info on the device • The “analysis” – where govt uses forensic software to examine the digital copy, allowing it to organize, methodically search, and view data – including data the user may have believed was deleted
What do the Cops Know? Review govt training materials: • 2011 - DOJ Guide on Admitting Electronic Evidence from 2011: https://eff.org/DOJOAEE • 2009 –DOJ CCIPS Criminal Division Manual on Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. https://eff.org/DOJDSM2009
What do the Cops Know? • 1994 –NIJ Special Report: Forensic Examination of Digital Evidence: A Guide for Law Enforcement. https://eff.org/DOJNIJ1994 • 1994 –NIJ Special Report: Electronic Crime Scene Investigation: A Guide for First Responders. https://eff.org/DOJNIJ1st
Data Extraction Programs What do the Cops Use? • Police use a variety of extraction programs like: • Cellebrite • Securview • Oxygen • FTK Imager • Encase
Data Extraction Programs What do the Cops Get? These extraction programs have the capacity to: • Collect metadata and content, • help bypass encryption, • classify images, • restore deleted data, • track GPS locations over time, • search for specific keywords, • map relationships
What to look for? • Seizure of your client’s cell phone or other digital device, production of your client’s digital information, and no subpoenas or warrants directed at third party service providers. • Any mention of digital forensics software, like Cellebrite, Secureview, Oxygen, FTK Imager, Encase, MSAB XRY, or E-fense Helix3, or of “images” or “copies” of device contents. • Any mention of bypassed digital security, encryption, or passwords, or attempts to bypass these security features.
DDS Case Highlights • Riley v. CA, 134 S.Ct. 2473, 2493 (2014) – digital device searches require a warrant, even incident to arrest • US v. Griffith, 867 F.3d 1265, 1272-73 (D.C. Cir. 2017) – threshold factors for device seizure • U.S. v. Comprehensive Drug Testing, Inc (CDT), 621 F.3d 1162, 1180 (9th Cir. 2010) – judicial oversight • Review our digital device search case inventory at https://www.eff.org/DDScases
Best Practices for Judicial Oversight • Govt must waive reliance on the plain view doctrine • Forensic analysis should be done by an independent third party. • Govt must disclose actual risks of destruction & other avenues of access • search protocol must be designed to seize only info for which govt has PC • Govt must destroy or return non-responsive data • Time limit for device search execution
How do I challenge DDS? • Advocate for ex-ante search protocol limits, such as: 1. Keywords 2. Date range 3. Time range 4. Specific user account 5. Specific application 6. Communications to/from specific actors 7. File type 8. File size
How do I challenge DDS? • File a motion to suppress. • For warrantless device searches per Riley. • Even if a SW was obtained beforehand, there may still be grounds for suppression: • Failure to Authorize Search (v. Seizure) • Lack of Specificity/Particularity • Lack of Probable Cause • Overbreadth • Flagrant Disregard
Lack of Specificity/Particularity • SW should be as specific as possible about the files to be searches and the locations on a device where those files are likely to be found. • Where the govt uses the device to access content stored remotely in the cloud, object if remote data is not specifically mentioned in the SW or isn’t within the scope of PC articulated
Lack of Probable Cause • IP address alone ≠ PC • Membership in or attempt to access an online group suspected of illegal conduct alone ≠ PC • No Nexus between device and suspect or incident • Search exceeds Scope of SW
Overbreadth • Object to overbroad seizure of: • “any and all” devices • “including, but not limited to” language • Object to initial seizure of device where govt fails to satisfy threshold factors from US v. Griffith: • That client own, use or possess a device • That device will be found at a particular place at a particular time (like client’s home) • That device contains incriminating evidence about the suspected offense
How do I challenge DDS? • Refer to more privacy-protective state laws. • California’s CalECPA requires: • a search warrant (CA Penal Code §§ 1546.1) before obtaining content or location info • notice to the target (CA Penal Code section §§ 1546.2) • statutory suppression (CA Penal Code §§ 638.55, 1546.4) for violation of the state’s warrant requirement.
How do I challenge DDS? • You can learn more about CalECPA by going through this Prezi presentation: https://www.eff.org/CalECPAPrezi • And for a peek at what California police are being told about CalECPA, take a look at this CA Peace Officers’ Association Fact Sheet on CalECPA. https://www.eff.org.CPOACalECPA
Digital Device Searches Where do I learn more? • Visit:https://www.eff.org/criminaldefender/digital-device-searches
Stephanie Lacambra Criminal Defense Staff Attorney 415-436-9333 x130 stephanie@eff.org