Fourth Amendment

All posts tagged Fourth Amendment

For two years beginning in 2011, Ross William Ulbricht (using the pseudonym Dread Pirate Roberts) ran the Silk Road, an illicit web-based marketplace which specialized in selling illegal drugs.  The FBI eventually caught up with Ulbricht and  arrested him, and he is now on trial in the Southern District of New York.  Ulbricht’s defense attorneys have been arguing that the government violated Ulbricht’s Fourth Amendment rights during their investigation.  Specifically, the defense argues that the government hacked into a Silk Road server in Iceland, and from there obtained information which lead to various pen-trap orders and warrants to seize servers in the United States, as well as Ulbricht’s laptop and Facebook accounts.  But without the initial access to the Iceland server, the government would not have been able to proceed with its investigation.  In other words, the defense alleges, all of the evidence against Ulbricht is fruit of a poisonous tree. silk road      dread pirate roberts

The government responded with an affidavit from an FBI agent which held that the government investigators found the Iceland server through perfectly lawful means.  The affidavit states that “the Internet protocol (“IP”) address of the [Iceland] Server was ‘leaking’ from the site due to an apparent misconfiguration of the user login interface by the site administrator”–that is, a bug in the login interface led the police to the server’s IP address.  The government also argued in its brief that the search of the server was carried out by Icelandic authorities, so the Fourth Amendment does not apply, and that even if the Fourth Amendment did apply, a search of an American citizen’s property overseas need only be “reasonable”–which this was.   Thus, the trial court had a number of interesting factual and legal questions to resolve.

But alas, Ulbricht was unwilling to take the procedural step that is necessary to allow the court to resolve these questions.  Throughout the case, he has refused to acknowledge any personal privacy interest in the Iceland server–that is, he has denied any connection to the Iceland server (and to the Dread Pirate Roberts and the Silk Road).  Thus, he did not have standing to challenge the government’s conduct–whatever it might have been–when it gained access to the server.  In other words, the entire issue ended up being nothing more than a hi-tech version of a defendant’s catch-22–either deny ownership of the contraband and lose your right to challenge the search and/or seizure of the contraband, or admit to owning contraband which establishes your guilt.  The Supreme Court has held that the prosecution cannot use that admission against you (except for impeachment, which is a significant exception)–but especially in a high-profile case like this, a defendant may still not be willing to make that admission.

Ulbricht’s unwillingness to take this step is unfortunate (though understandable), since a full analysis of the case could have led to discussions of a number of important issues.  For example, if the government did indeed hack into the Silk Road login page (as alleged by the defendant), the government had no idea that the server was located outside the United States when it committed that hacking, and so the lower “international” standard should arguably not have applied to the governments actions.

And what type of “hacking” constitutes a search under the Fourth Amendment?  If the government was able to gain access to the server (as it claims) by merely entering random characters into the login until the IP address appeared, wouldn’t this still be a search?  Does a website’s server have to be protected by a certain level of security before its owner can claim a reasonable expectation of privacy in it?  One the one hand, the defendant could argue that a server is like a home or an office, so the government would be conducting a Fourth Amendment search simply by entering the server without permission, even if there was no security preventing them from doing so.  On the other hand, the government could argue that if any Internet user in the world can reach obtain the server’s IP address simply by playing around with the login page for a few minutes, then the owner of the server has revealed the location of the server to the world, and has relinquished all reasonable expectation of privacy in the server.  In other words, when does an individual have a reasonable expectation of privacy in his server?

Professor Orin Kerr has argued that the government might have violated the Computer Fraud and Abuse Act (“CFAA”) when it obtained the IP address of the Iceland server.  In an earlier prosecution under the CFAA, the Department of Justice argued that a defendant violated the CFAA when he obtained information from an AT&T website that “AT&T had not intended for the public to see” and which was “in a place where an ordinary computer user would likely not find it.”  Based on this standard, the FBI in the Silk Road case did violate the CFAA even if we accept the government’s version of how they obtained the IP address.  Professor Kerr acknowledges that the CFAA has an exception for lawful government investigations, but notes that there is still a tension between the government’s position in the Silk Road case and its position in the CFAA prosecution.

Like many users of child pornography, Michael Meister kept his photos and videos on his computer.  When his computer stopped working, he took it into a computer repair store, True North, to transfer the data from the inoperable hard drive to a new computer.  During the transfer process, the technician noticed the child pornography and contacted the police, who immediately seized the computer.  The police also looked  transferred the offending data–now inside True North’s system–onto two separate DVDs, and conducted two separate searches of that data.  Based on the information found on the hard drive, the police obtained a search warrant and then conducted another search of the laptop.

broken laptop

After Meister was arrested, he moved to suppress all the information found on his computer.  Unsurprisingly, the  District Court denied the motion, and the Eleventh Circuit agreed.  The court held that this was a simple application of the third party doctrine:  “The Fourth Amendment only applies to governmental action; ‘it is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.’  Once a private individual, acting of his own accord, conducts a search—even one that frustrates a defendant’s reasonable expectation of privacy—the Fourth Amendment does not forbid the government from replicating the search.”  Furthermore, even if the pre-warrant searches by the police were beyond the scope of the third party doctrine, the police would have found all of the contraband images eventually after they obtained their warrant, and so the searches fell under the inevitable discovery doctrine.

On one level, the Meister case is very straightforward.  But it also raises an interesting issue regarding the third party doctrine.  Today, more and more courts are criticizing the application of the third party doctrine to digital information, arguing that the doctrine should not apply to such data because in modern times so much data is entrusted–sometimes unknowingly, sometimes unavoidably–to third parties.  When computer data is stored in the cloud, or when e-mails in transit pass through remote servers on the way to their recipient, the owner of the data may not have consciously entrusted the data to a third party.  Thus, the argument goes, entrusting digital data to third parties is not at all like the “assumption of risk” that occurs when you give financial records to a bank or confide to a police informant.  This argument was first made well before the computer age, by the dissenting Justices in the much-maligned Smith v. Maryland who decried the application of the third-party doctrine to data about outgoing telephone numbers that were held by a telephone company:

Implicit in the concept of assumption of risk is some notion of choice. At least in the third-party consensual surveillance cases, which first incorporated risk analysis into Fourth Amendment doctrine, the defendant presumably had exercised some discretion in deciding who should enjoy his confidential communications. By contrast here, unless a person is prepared to forgo use of what for many has become a personal or professional necessity, he cannot help but accept the risk of surveillance.  It is idle to speak of “assuming” risks in contexts where, as a practical matter, individuals have no realistic alternative.

No doubt Meister’s actions fall under the category of being a “conscious choice”–he physically took his computer to a repair store and asked them to transfer the data.  But it is not hard to tweak the facts a bit and make the case more like the scenario described by the Smith v. Maryland dissenters.  What if Meister’s data had been corrupted, and so he sent his data electronically to a company to fix it?  Probably still a conscious choice.  What if he stored it in the cloud, and one of the data storage units in the cloud had become damaged, and a technician (without Meister’s knowledge) had to transfer the data from one storage unit to another?  Probably not a conscious choice.  Of course, under current Fourth Amendment law, the mere storing of the data in the cloud would trigger the third party doctrine.  But as the courts are revising the third party doctrine to exclude data that is automatically stored or transferred by third party actors, they will need to refine exactly when (if ever) repair and maintenance of that data might re-invoke the doctrine.

Yesterday the Supreme Court decided the Heien case, and as predicted, the Justices ruled in favor of the government in a very limited holding.  Stating that “[t]o be reasonable is not to be perfect,” the Court allowed for a police officer’s reasonable suspicion to be based on a  reasonable mistake of law, but also pointed out that very few mistakes of law by a police officer will ever be deemed reasonable.  The only real surprise here was the lopsided vote: it was an 8-1 opinion, with only Justice Sotomayor in dissent.  Here is the key passage from the majority opinion:

Contrary to the suggestion of Heien and amici, our decision does not discourage officers from learning the law. The Fourth Amendment tolerates only reasonable mistakes, and those mistakes—whether of fact or of law—must be objectively reasonable. We do not examine the subjective understanding of the particular officer involved.  Cf. Whren v. United States, 517 U. S. 806, 813 (1996). And the inquiry is not as forgiving as the one employed in the distinct context of deciding whether an officer is entitled to qualified immunity for a constitutional or statutory violation. Thus, an officer can gain no Fourth Amendment advantage through a sloppy study of the laws he is duty-bound to enforce.

Indeed, the only two examples that the Court gives of a possible reasonable mistake of law are (1) when an officer relies on a law that is later overturned (as in the DeFillipo case that the Court cites), or (2) when an officer “suddenly confronts a situation in the field as to which the application of a statute is unclear”–such as seeing a Segway “whiz by” in a park and deciding whether the operator is violating a law against “vehicles in the park.”  The fact that the Court chose such an ancient and intractable legal puzzle as the vehicles in the park dilemma indicates that this doctrine will be limited to  truly ambiguous applications of the law.

Justice Kagan’s concurrence emphasizes this limitation, pointing out that the objective nature of the analysis means that “the government cannot defend an officer’s mistaken legal interpretation on the ground that the officer was unaware of or untrained in the law. And it means that, contrary to the dissenting opinion in the court below, an officer’s reliance on ‘an incorrect memo or training program from the police department’ makes no difference to the analysis.”

In her dissent, Justice Sotomayor echoes many of the concerns of the amici briefs in the case: “[o]ne is left to wonder…why an innocent citizen should be made to shoulder the burden of being seized whenever the law may be susceptible to an interpretive question.”  But in doing so she mis-states (perhaps intentionally) the majority’s decision. Heien does not allow police to seize a suspect anytime the law “may be susceptible to an interpretive question”–it will only apply when the law is so ambiguous that a well-informed police officer can make a reasonable mistake as to whether it prohibits certain behavior.

In the end, this case will (hopefully) not fundamentally change the way police activity is conducted, or the way it is reviewed by the courts.  No doubt prosecutors will try to stretch Heien in the coming years, attempting to fit all sorts of ignorant or sloppy police activity into its holding.  Given the language in the Heien decision, the lower courts should have no problem swatting those claims aside and keeping the Heien doctrine strictly limited to truly reasonable mistakes of law.

In one of the first circuit court cases to consider the search of a cell phone incident to arrest in the post-Riley world, the Ninth Circuit firmly rejected all of the government’s attempts to make an end-run around the Riley case.  In United States v. Camou, a police officer arrested Chad Camou and  his girlfriend Ashley Lundy for smuggling an illegal immigrant.  During her interrogation, Lundy told the officers that they had received instructions on where to pick up the immigrant from a person named “Mother Theresa.”   In the meantime, Camou’s cell phone (which had been seized by the police) rang several times, and Lundy identified the number as belonging to Mother Theresa.   The officer looked  through the call log of the telephone, and found a number of other calls from Mother Theresa.  The officer then examined the photos on the phone and found–you guessed it–child pornography.  Camou was duly charged with possession of child pornography.  (The original immigration smuggling charges were dropped).

The government had three plausible arguments to get around the Riley decision.  First, the government argued that the because the defendants were arrested in their vehicle, the automobile exception should apply instead of the search incident to arrest exception.  Under Gant, the police are allowed to search any container that is found in a car as long as there is reason to believe that the container contains evidence or contraband–and given the facts of the case, the police probably had reason to believe there was information about the crime of arrest on the phone.  The Ninth Circuit rejected this argument, extending the Riley rationale to the automobile exception:

Given the Court’s extensive analysis of cell phones as “containers” and cell phone searches in the vehicle context, we find no reason not to extend the reasoning in Riley from the search incident to arrest exception to the vehicle exception. Just as “[c]ell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee’s person,” so too do cell phones differ from any other object officers might find in a vehicle. Id. at 2489. Today’s cell phones are unlike any of the container examples the Supreme Court has provided in the vehicle context. Whereas luggage, boxes, bags, clothing, lunch buckets, orange crates, wrapped packages, glove compartments, and locked trunks are capable of physically “holding another object,” see Belton, 453 U.S. at 460 n.4, “[m]odern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse,” Riley, 134 S. Ct. at 2488-89 . In fact, “a cell phone search would typically expose to the government far more than the most exhaustive search of a house.” Id. at 2491 (emphasis in original).

The government then argued that the exigency exception should apply–a possibility that was explicitly kept open in the Riley decision.  But the Ninth Circuit rejected this as well.  The court quoted the Supreme Court’s language in Riley:
“When “the police are truly confronted with a ‘now or never’ situation—for example, circumstances suggesting that a defendant’s phone will be the target of an imminent remote-wipe attempt—they may be able to rely on exigent circumstances to search the phone immediately.”    But the Ninth Circuit held that the government did not meet its burden of proving any “special circumstances” in this case: “Here, the search of Camou’s cell phone occurred one hour and twenty minutes after his arrest. This was not an “imminent” “now or never situation” such that the exigency exception would apply. Moreover, the record does not indicate that Agent Walla believed the call logs on Camou’s cell phone were volatile and that a search of Camou’s phone was necessary to prevent the loss of recent call data.” 

Finally, the government argued that the good faith exception should apply, since the police officer conducted the search before Riley had been decided, and thus under Herring v. United States, the police officer acted in good faith.   The Ninth Circuit pointed out that even before Riley had been decided, the law stated that a search incident to a lawful arrest had to occur “contemporaneously” with the arrest, and that this search occurred eighty minutes after the arrest.  The government had responded to this argument by claiming that Herring held that a mistake by the police officer would not invalidate the search unless the officer acted “reckless or deliberate” officer conduct.  But just as the Ninth Circuit interpreted Riley broadly, it interpreted Herring narrowly:

The Supreme Court has never applied the good faith exception to excuse an officer who was negligent himself, and whose negligence directly led to the violation of the defendant’s constitutional rights.3 Here, the government fails to assert that Agent Walla relied on anyone or anything in conducting his search of Camou’s cell phone, let alone that any reliance was reasonable. The government instead only asserts that by searching the phone, Agent Walla was not acting “recklessly[,] or deliberately” misbehaving.  In this case, the good faith exception cannot apply.

Finally, the Ninth Circuit pointed out that even if one of these exceptions had applied, the government would still have lost the case because the police search of the phone was not supported by probable cause.  Although the police had probable case to believe that the phone call logs contained evidence of the immigration crime (and thus the police could presumably have obtained a warrant to look at the call logs), the search they conducted was overbroad because the police went beyond the phone log and searched through Camou’s photos and videos as well.  Like the reasoning in the rest of the opinion, this part of the holding demonstrates that the Ninth Circuit is embracing the spirit of the Riley decision by treating smart phone searches as qualitatively different from any other type of search.

Earlier this year, a man was removed from a movie theatre and detained by Immigration and Customs Enforcement (“ICE”) and local police officers because he was wearing his Google Glass while watching the movie.  Law enforcement officers believed he had been using the device to record the movie.  According to the Glass owner, he was detained and interrogated for hours; ICE would only say that he had been “briefly interviewed” and “voluntarily” answered questions.  The incident was resolved when–with the owner’s consent–an ICE officer plugged the Google Glass into a laptop and scrolled through the contents, finding no evidence that he had videotaped the movie. google glass               ICE logo

The incident got a lot of attention online, mostly consisting of sympathy for the Glass owner and hostility towards the law enforcement officials who conducted the seizure and search.  On the surface, this criticism seems warranted–the man’s seizure  certainly appears to be illegal, and the “consent” he gave for the search while being illegally detained would certainly be invalid.  Also, the officers’ tactics seemed to be a bit heavy-handed: there were somewhere between four and twelve law enforcement officers total; they allegedly berated the man with questions about his personal life and his employment; they refused to let his wife know where he was or what was happening, and so on.  Undoubtedly, there were gentler (and probably more effective) ways of handling the situation.

But the legal question turns out to be a bit more complex upon further examination.  Was the seizure in fact illegal?  Law enforcement officers are allowed to arrest a person if they have probable cause to believe that he or she is committing a crime.  If the man had been pointing a video camera at the screen, there would be no question that he could be seized.  If he had been holding his smart phone up and pointing it at the screen, that would also likely constitute probable cause.  At the time of this incident, Google Glass was a fairly new device, and it was extremely unusual for someone to outfit them with prescription lenses (as this man had in fact done).  Thus, when the manager of the movie theater–and later, the ICE officers–saw a man wearing Google Glass to a movie, they had no reason to think that he was actually using them as prescription glasses.  And although there were other possible reasons for him to be wearing the device during the movie (to surf the internet while watching the movie, or perhaps check his email during the slow scenes), the most reasonable assumption is that he was using Google Glass to record the movie.  In this case, of course, the assumption was wrong, but that doesn’t mean that ICE didn’t have probable cause in the first place.  Law enforcement officers have made legal arrests on far less evidence than they had in this case.

Thus, the interesting thing about the Google Glass incident is not that the law enforcement agents were acting beyond their legal powers (a situation which regrettably occurs in many situations, even outside the context of law enforcement), but that in fact the law probably did give them the right to act in this way.  Most observers will say that this conclusion makes the Google Glass incident far more troubling; some will conclude that probable cause analysis should be changed or tweaked when devices such as this are involved. But it is useful to look at the situation from the law enforcement perspective: if ICE officers are tasked with detecting and preventing movie piracy, what other options did they have?  They could have requested that the man remove his glasses–but he might have simply refused the request (and at any rate, a law enforcement officer’s only recourse when faced with someone who is likely committing a crime has to be more than asking the suspect to stop committing the crime).  Unless movie theaters choose to ban Google Glass from all of their theaters, the device has given potential movie pirates an opportunity to surreptitiously record any movie while claiming that the device is equipped with prescription lenses.  This may not bother many people, since movie piracy is not viewed as a particularly serious crime, but this is not the only context in which new technology can change the balance of power between law enforcement and criminals.  The past few decades have given all of us–including criminals–the ability to record, transmit, and store data in ways that far outstrip the ability of law enforcement officers to investigate crime using traditional methods.