Volokh Conspiracy: E-mail warrant for all evidence of CFAA crimes violates Fourth Amendment, court holds

In a recent case, United States v. Shah, 2015 WL 72118 (E.D.N.C. Jan. 6, 2015), a district court ruled that a search warrant for an e-mail account for all evidence of violations of the federal computer hacking statute failed to comply with the Fourth Amendment because it did not particularly describe the evidence to be seized.

The warrant in the case approved the seizure from a specific gmail account of e-mails that contained the following:

All information . . . that constitutes fruits, evidence, and instrumentalities of Title 18, United States Code, Sections 1030 (Fraud and Related Activity in Connection with Computers), since account inception, including, for each account or identifier listed on Attachment A, information pertaining to the following matters: a. Preparatory steps taken in furtherance of unauthorized network activity, communications regarding execution of the unauthorized network activity, and information regarding tools used in furtherance of the unauthorized network activity. b. Records relating to who created, used, or communicated with the account or identifier, including records about their identities and whereabouts.

This description is a slightly modified version of the DOJ recommended e-mail warrant description, albeit without a date restriction; see here at 261-62. According to the district court, however, the warrant was not specific enough. From the opinion:

The provision [of the warrant] describing the documents seized makes a general reference to [a]ll information described above in Section I that constitutes fruits, evidence, and instrumentalities of Title 18, United States Code, Sections 1030 (Fraud and Related Activity in Connection with Computers). (Google Warrant, 6). This statute, also known as the federal Computer Fraud and Abuse Act (CFAA), prohibits a wide array of activities, including the use of computers to transmit information restricted by the United States without authorization, intentionally accessing a computer without authorization or exceeding authorized access to obtain financial records, accessing nonpublic computers of the United States in a way which affects the governments use, accessing protected computers without authorization in order to commit fraud, threatening to cause damage or obtain information from a protected computer, conspiracy to commit these offenses, and other activities. See 18 U.S.C. 1030(a).

A violation of the CFAA would not necessarily generate such distinctive evidence as bank robbery or narcotics. Dickerson, 166 F.3d at 694. Nor would evidence necessarily be as distinctive as that of child pornography, a type of crime more commonly targeted by warrants for electronic information. E.g. United States v. Schesso, 730 F.3d 1040, 1044 (9th Cir.2013); United States v. Deppish, 994 F.Supp.2d 1211, 1214 (D. Kansas 2014). Rather, a warrant authorizing collection of evidence of a CFAA violation comes closer to warrants seeking to collect evidence regarding violations of broad federal statutes prohibiting fraud or conspiracy. In these cases, limitation by reference to the broad statute fails to impose any real limitation. See United States v. Maxwell, 920 F.2d 1028, 1033 (D.C.Cir.1990) (Although a warrants reference to a particular statute may in certain circumstances limit the scope of the warrant sufficiently to satisfy the particularity requirement it will not do so where, as here, the warrant authorizes seizure of all records and where, as here, the reference is to a broad federal statute, such as the federal wire fraud statute.); Rickert v. Sweeney, 813 F.2d 907, 909 (8th Cir.1987) (general search limited only by broad tax evasion statute held overly broad, where probable cause existed only to search for evidence of tax evasion in connection with one particular project); United States v. Roche, 614 F.2d 6, 78 (1st Cir.1980) (warrants limitation of search to fruits and instrumentalities of the violation of federal mail fraud statute was inadequate because limitation by so broad a statute is no limitation at all.).

The Google Warrant provides no other details to clarify the particular crime at issue. Section II(a) makes reference to unauthorized network activity, yet gives no indication as to the meaning of this phrase, which would seem to be implicated in almost all of the activities prohibited by the CFAA. The warrant offers nothing about the time frame of the offense. See United States v. Hanna, 661 F.3d 271, 287 (6th Cir.2011) (noting, in upholding search warrant for electronic information, that the warrant was limited to the time period that the evidence suggested the activity occurred.) Rather, it provides for the seizure of all evidence of violations of the CFAA since account inception. (Google Warrant, 6).

Although the test for particularity is a pragmatic one, and must consider the circumstances and type of items involved, Torch, 609 F.2d at 1090, the record does not indicate that circumstances of the investigation precluded a more particularized description of the crime. Special Agent Ahearns supporting affidavit provides copious details as to the time and nature of the alleged offenses. Had the Google Warrant properly attached or incorporated this affidavit, it could have provided the necessary context for the search. Hurwitz, 459 F.3d at 471 ([A]n affidavit may provide the necessary particularity for a warrant if it is either incorporated into or attached to the warrant.) (quoting United States v. Washington, 852 F.2d 803, 805 (4th Cir.1988)). Yet the Google Warrant makes no incorporation, and it does not appear from the record that the affidavit was attached. Without the Google Warrant somehow including the additional details provided by Special Agent Ahearns affidavit, the affidavit itself cannot satisfy concerns for particularity or overbreadth. See Groh v. Ramirez, 540 U.S. 551, 557 (2004) (The Fourth Amendment by its terms requires particularity in the warrant, not in the supporting documents.).

[T]here are grave dangers inherent in executing a warrant authorizing a search and seizure of a persons papers that are not necessarily present in executing a warrant or search for physical objects whose relevance is more easily ascertainable. Williams, 592 F.3d at 52324 (quoting Andresen v. Maryland, 427 U.S. 463, 482 n. 11). Because electronic devices could contain vast quantities of intermingled information, raising the risks inherent in over-seizing data law enforcement and judicial officers must be especially cognizant of privacy risks when drafting and executing search warrants for electronic evidence. Schesso, 730 F.3d at 1042; see also In the Matter of the Search of Info. Associated with [redacted]@mac.com that is Stored at Premises Controlled by Apple, Inc., 13 F.Supp.3d 157, 16667 (D.D.C.2014) ( D.D.C. Mac.com Order ). Especially in light of the nature of the search and seizure here, the Google Warrant is not drafted with sufficient particularity. In the absence of additional details, the warrant fails to identify the particular crime for which officers were to seek evidence. Therefore, the warrant lacks the particularity required by the Fourth Amendment.

The court goes on to apply the good-faith exception, however, because the courts holding is somewhat novel under the circumstances. Heres the discussion, with a paragraph break added:

Originally posted here:
Volokh Conspiracy: E-mail warrant for all evidence of CFAA crimes violates Fourth Amendment, court holds