Mimesis Law
17 February 2019

FBI Was Right To Follow Up After A Plain View Of Weiner’s Emails

November 8, 2016 (Fault Lines) – Once again the FBI is back in the news regarding the search of data stored on computers or phones. And once again there is a lot of chatter about whether the FBI is right. The commentary ranges from good to crazy. The wide dispersion is due probably to Hillary Clinton’s involvement and the imminent election. Partisanship can bring out the crazy in people.

A law professor and well-known blogger, Orin Kerr, attempted to flesh out some of the Fourth Amendment issues seemingly present in the most recent Hillary flap. If you were sojourning to an alternate dimension, here’s a quick recap. News broke that emails between Hillary and her top aide were found on prolific sexter Anthony Weiner’s computer. There was some thought that this might illuminate the emails Clinton’s tech person “acid washed” off the server.

Here’s where Kerr began his analysis:

If these facts so far are accurate, the FBI may have violated the Fourth Amendment in expanding the investigation from Weiner to Clinton. Here’s the problem. If the FBI was searching Weiner’s computer, it presumably had a warrant authorizing the search of the computer only for Weiner’s communications with underage girls. If that is correct, going from that narrow search to a broader search of Clinton’s emails raises two potential problems for the FBI.

Kerr continues:

The first issue is whether the FBI was permitted to search through Abedin’s email account for records of Weiner’s illegal messages with underage girls. In People v. Herrera, 357 P.3d 1227 (Colo. 2015), the Colorado Supreme Court provided some reason to think that the answer may be “no.”

In Herrera, the police seized a cell phone and later obtained a warrant to search it. For reasons not apparent, the officer engaged in a manual search of the phone. While poking around, the officer saw another folder that was arguably beyond the scope of the warrant and opened it. There the officer found incriminating evidence, but in a matter unrelated to the warrant. The Supreme Court of Colorado held the search of the folder was outside the scope of the warrant. Although Kerr agreed with the result, he did not agree with the reasoning.

Kerr goes on to explain his second concern:

A second issue is whether the FBI was permitted to seize the Abedin emails, which were outside the scope of the warrant, and to use them to reopen the investigation into Clinton’s email server. I think this is the bigger legal issue for the FBI…. I should add that the scope of the plain view doctrine for computer searches is very much in flux, which adds some uncertainty to this issue.

For example, the FBI might argue that using the discovery of the Clinton emails to apply for a second warrant was permitted by the first warrant and is not an additional “seizure” and therefore does not need to be justified. By that reasoning, the FBI is free to scour Weiner’s laptop for evidence of any other crimes for as long as it wants, and to take its time to see if there is enough evidence to justify a second warrant.

I think that’s a somewhat hard argument to make in light of the plain view cases such as Carey and Williams, but it’s at least possible. I should also add that some courts and scholars, myself included, have suggested that the plain view doctrine should be narrowed or even eliminated in computer search cases.

You see, Kerr here is apparently a fan of ex ante warrant restrictions when it comes to searching computers. Basically, it’s a super-duper particularity requirement, although Kerr frames it as principled opposition to general warrants. To ordinarily obtain a warrant to search a home, at its most simple, the officer has to demonstrate probable cause that the crime has been or is being committed and that the house has some nexus to the criminal activity.

The particularity requirement does not mean the officer has to establish that the drugs are kept under the floor boards and cash under the mattress. Nor does this requirement punish the officer who, within in the scope of the search and in addition to finding the sought after marijuana, finds illegally possessed firearms or other types of drugs. Yet, it is this sort of exacting specificity that advocates of the ex ante approach want when it comes to computers.

It is unclear why computer devices should receive protection well beyond what a person’s home gets. Moreover, when the analogy is stretched to its breaking point, it does not favor those who seek narrow warrants. The analogy breaks because objects in a house are tangible, but the data is intangible. If officers want to find a long gun in your house, then they have to look for every place that a gun could be stored. Although a gun can be broken down, it cannot be rendered effectively invisible.

On the other hand, child porn can be saved in the photo gallery, in a folder called “Tax Returns,” or it can be saved somewhere outside the normal and visible file system. Try as you might, you cannot fit a rifle in a wallet. Further, unlike changing a .jpeg into a .zip file, you cannot use software to change heroin into Lucky Charms.

It follows that officers searching for intangible evidence are looking for different sorts of things and in a manner different than a search for a tangible object. In Herrera, the officer—for some reason—appeared to only conduct a manual search of the phone. Unless a compelling reason was present but unmentioned, that was just dumb. Perhaps most importantly, accessing the data can change the data, particularly the metadata. In a true forensic analysis, an image is created and that is what is examined. This avoids inadvertent destruction of evidence.

Moreover, a manual search will miss all the data not visible on the file system. Even if the analyst is working from a copy of the file system (a logical copy), the examiner is not using a different computer’s operating system to find the sought after data. A normal person, who is not doing a forensic analysis and trying to locate a misplaced file, would check all the folders and subfolders until the file is located. In contrast, the forensic examiner is typically using software to find the data sought. And the data searched is extracted from the forensic image and typically less than the full image.

For example, in a counterfeiting case, the image files of the computer would probably be the subject of a search warrant. Depending on the number of image files, the examiner may extract all photos or narrow the number of photos by some criterion like date. The examiner is not going to manually search each folder on the image to find the relevant photos, extracting only the criminally relevant ones.

What could happen during this search is the investigator stumbles upon children porn. Checking the image files with the right criteria will include all images that fit; you cannot make the search too narrow or you’ll never find the sought after evidence. Again, it’s not like the examiner saw a folder called “Best Counterfeit Bills” and clicked instead on the folder called “Child Porn.” In this example, the pornographic pictures were found incidental to the search for other evidence.

It is puzzling why this sort of discovery is somehow considered bad in the digital context only. Let’s say a search warrant was being served on a marijuana grow operation. In the course of the initial sweep, a stockpile of guns were seen in the closet. Most prudent investigators would leave the guns alone and get a second warrant to cover the search and seizure of the new evidence. And that’s exactly the same thing computer analysts do when they stumble upon evidence of a crime outside the warrant.

Most would not say that the initial search warrant permitted the officers to scour the house for evidence of other crimes, including, I think, Kerr. The officer was in a place the officer had a right to be and saw something in plain view. And upon discovery of the guns, obtaining the second warrant, using what was seen in plain view as the basis for that warrant. But somehow, in the case of Hillary’s emails on Weiner’s computer, the discovery of evidence against a third-party with no property interest in the computer or its contents, violates the Fourth Amendment.

Conceptually the plain view doctrine doesn’t fit well with intangible objects; you cannot “see” the contents of file until you open it by using some computer program. But the broader spirit of the doctrine makes sense when applied to computer examinations. And the concern about general warrants is overblown.

The officer has to obtain a warrant to seize and search a computer. This necessarily includes describing how the computer is linked to the criminal offense. At this point the only issue remains is the permissible scope of the search. Only federal agencies like the FBI have budgets that may be able to sustain fishing expeditions. Local and state forensic agencies have far limited resources, which is probably why the Colorado officer played junior forensic analyst. As a practical matter, most investigations won’t have the resources to examine every bit among potentially terabytes of data.

Elsewhere, Kerr has argued for a suppression-type remedy for nonresponsive data. This seems more consistent with the idea that the scope of the warrant is limited by the object sought, e.g. you can’t look for a 50 inch television in a microwave. But the complete elimination of something like “plain view” when stumbling upon new evidence during a forensic examination is unduly harsh.

One Comment

Leave a Reply



Comments for Fault Lines posts are closed here. You can leave comments for this post at the new site, faultlines.us

  • Richard G. Kopf
    8 November 2016 at 8:55 am - Reply


    Last night, before I read your excellent post,I judged the final National Moot Court Competition practice round for the UNL law college moot court team in preparation for their appearance at the regional competition. That competition is sponsored by the New York City Bar Association. One of the two questions presented involved a fact scenario and a Fourth Amendment issue similar to the one you discuss.

    Your post, as well as Professor Kerr’s discussion, highlight an important question. Is the state of Fourth Amendment law sufficiently stable and effective at present when applied to computers such that there is no good reason to develop an esoteric new set of principles? Thanks for an important discussion. My tentative conclusion is that the old is new again and the old is pretty much all we need.

    In any event, you made me less stupid. All the best.