Digital Search Warrants

A search warrant may be issued to search a computer or electronic media if there is probable cause to believe that the media contains or is contraband, evidence of a crime, fruits of crime, or an instrumentality of a crime. For more information, see Fed. R. Crim. P. 41(c).

This section will very briefly address three important issues concerning search warrants for digital evidence: particularity, the permissible time period for examining seized electronic devices or storage media, and the retention of seized data.

Particularity

Search warrants must particularly describe the place to be searched and the things to be seized. “When electronic storage media are to be searched because they store information that is evidence of a crime, the items to be seized under the warrant should usually focus on the content of the relevant files rather than the physical storage media” (Searching and Seizing Computers and Obtaining Evidence in Criminal Investigations, Computer Crime and Intellectual Property Section, Criminal Division, U.S. Department of Justice, Washington, D.C (3rd ed 2009) at 72).

One approach “is to begin with an ‘all records’ description; add limiting language stating the crime, the suspects, and relevant time period, if applicable; include explicit examples of the records to be seized ; and then indicate that the records may be seized in any form, whether electronic or non-electronic” (Id. at 74-77).

In some jurisdictions, judges or magistrates may impose specific conditions on how the search is to be executed or require police to explain how they plan to limit the search before the warrant may be granted.

Permissible Time Period for Examining Seized Electronic Equipment

Courts have held that the Fourth Amendment requires the forensic analysis of a computer or electronic equipment to be conducted within a reasonable time (United States v. Mutschelkaus, 564 F. Supp. 2d 1072, 1077 (D.N.D. 2008)).

Prolonged delay in obtaining a search warrant to search a seized electronic device can be held to be unreasonable under the Fourth Amendment. For example, in U.S. v. Mitchell, 565 F.3d 1347, 1351 (11th Cir. 2009), a 21-day delay in obtaining a search warrant for the defendant’s computer was held to be unreasonable.
”Whether a delay is unreasonable is determined ‘in light of all the facts and circumstances,’ and on a ‘case by case basis.’” (U.S. v. Mayomi, 384 F.2d 1049, 1054 n.6 (7th Cir. 1989)).

There may be compelling law enforcement reasons for delays, including waiting while a warrant can be secured or waiting for the completion of more pressing active investigations that required forensic examiner resources. Similarly, complicated forensic analysis because of the volume of files or the presence of encryption may provide compelling reasons for delay.

Unreasonable Retention of Seized Data

In United States v. Ganias, 755 F.3d 125 (2d Cir. 2014), the United States Court of Appeals for the Second Circuit held that “[W]e consider . . . whether the Fourth Amendment permits officials executing a warrant for the seizure of particular data on a computer to seize and indefinitely retain every file on that computer for use in future criminal investigations. We hold that it does not.” For example, if police search and seize an electronic device for evidence of one crime, retain the files and, years later, search the files for evidence in a separate criminal investigation, that will violate the Fourth Amendment, according to the Second Circuit’s decision in Ganais.

  • Was this article helpful ?
  • Yes   No

FBI Cyber Shield Alliance

IACP Conference

Contribute Content