Court ruling limits electronic searches

Computerworld - A federal appeals court this week ruled that government investigators cannot retain incriminating information found in electronic searches unless it is within the scope of a search warrant.

The U.S. Circuit Court of Appeals for the Ninth Circuit, in a 9-2 vote, rejected arguments by the U.S. Justice Department that it be allowed to retain and use all of the data that it seized in 2004 as part of a federal investigation into the use of illegal substances use by Major League Baseball players.

In a 63-page decision, the court disputed the Justice Department's argument that it should be allowed to retain and use information not included in its original search warrant because it came into "plain view." The court contended that the so-called "plain view doctrine," which allows investigators to seize evidence without a warrant if it was found in plain view during a legitimate search, does not extend to electronic searches.

"This was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable cause," wrote Chief Judge Alex Kozinski in the majority opinion.

The case involves the federal government's investigation of the Bay Area Lab Cooperative (Balco), which was suspected of providing illegal steroids to professional baseball players. As part of that inquiry, investigators sought and obtained a warrant to search the computers of Comprehensive Drug Testing, Inc. (CDT) for the test records of 10 specific players. CDT conducts drug tests for the Major League Baseball Players Association, the union representing the players.

The warrant issued in the Central District of California allowed the government investigators to search through computer files for the records of 10 players they suspected had tested positive for illegal substances. When the warrant was executed however, investigators seized and reviewed the CDT test records of hundreds of other major league players.

In its response to the appeal filed by the union, the government argued that it had stumbled upon the broader information while searching for the results of the players listed in the warrant. The players union and the testing company argued that the government had no right to seize the results of any player other than the 10 named in the search warrant, and asked the court to force the government to abandon the disputed data.

In his ruling, Kozinski said government investgators had willfully disregarded many of the caveats in the warrant to obtain the disputed data. Therefore, he said, the government should not be allowed to "benefit from its own wrongdoing" by retaining the "wrongfully obtained" data. He called the government "too clever by half" in asking that the plain view doctrine be applied in this case.

On a broader note, Kozinski said the government cannot apply the plain view doctrine to searches involving computer data. Electronic searches would regularly require the opening of many files to find one, he said.

Accepting the government's argument would give its prosecutors too much incentive to seize as much electronic data as they can despite limitations set in a search warrant, Kozinski said. "Why stop at the list of all baseball players when you can seize the entire directory? Why just that directory and not the entire hard drive? Why just this computer and not the one in the next room and the next room after that? Can't find the computer? Seize the zip disks under the bed in the room where the computer once might have been," he wrote.

Going forward, the government should "forswear reliance" on any stipulations in warrants to search electronic data, Kozinski wrote. If the government does not accept such a waiver, the judge authorizing a warrant should call on a third party to segregate the data under court supervision, he said.

Read more about security in Computerworld's Security Knowledge Center.