Man who left USB drive in shared PC waived privacy claims, court rules
Defendant in child porn case had sought to suppress evidence gathered from the thumb drive
Computerworld - A man who forgot to remove a thumb drive from a shared computer that he was using, waived his privacy claims to the content on that device, a federal judge in Florida has ruled.
The ruling, by Judge Maurice Paul of the U.S. District Court for the northern district of Florida, was in response to a motion filed by Octavius Durdley an emergency paramedic with the Bradford County Emergency Services (BCES) in Florida.
Durdley was charged last September with possessing and distributing child pornography based largely on evidence gathered from a personal thumb drive of his that he had inadvertently left behind in a shared work computer.
Durdley claimed that the information gathered from the thumb drive had resulted from a warrantless search of his personal property. He asked for the evidence from the thumb drive, and that gathered from a subsequent search of his house, to be suppressed asserting Fourth Amendment rights against unreasonable search and seizure.
Judge Paul's ruling happened last month, but was first reported this week by The Volokh Conspiracy, a group blog run by several law professors.
Durdley's troubles began last June, when he accidentally left behind a USB thumb drive of his attached to a computer provided by the BCES, for use by Durdley and other members of the emergency service.
A supervisor later noticed the device plugged into the computer and decided to inspect its contents despite suspecting that it was a personal storage device belonging to Durdley.
Rather than aborting his search once he knew whose drive it was, the supervisor clicked on several closed folders contained in the device and eventually stumbled on one containing images and videos of child pornography.
The device was turned over to law enforcement authorities who, after confirming the contents, arrested Durdley later that same day. The evidence from the USB device also prompted another search of his house which yielded thousands of other similar images.
Durdley then filed a motion seeking to suppress all the evidence.
In overturning the motion, Judge Paul noted that a Fourth Amendment search breach does not occur unless an individual manifested a "subjective expectation of privacy in the object of the challenged search."
In this case, no such expectation could have existed because Durdley accidentally had made his files publicly available to anyone who sat at the computer. "Durdley's files were exposed to anyone who sat down at the computer station who used the traditional means for opening and viewing files," the judge wrote in his 15-page ruling.
The supervisor who discovered the files, did so without needing to employ any "special means or intruding into any area which Durdley could reasonably expect to remain private" once he had left the device in a shared computer, he noted.
Judge Paul cited a case involving a civilian contractor working at an airbase in Saudi Arabia who connected his personal computer to the airbase's network. The contractor assumed that the contents of his computer could not be viewed or accessed by others, though in reality it was visible to everyone else on the network because it had a shared hard drive, the judge noted.
Another employee who saw the contractor's computer on the airbase's network accessed its hard drive and stumbled across pornographic material while searching for some music files.
The discovery led to further searches of the contractor's computers and his residence, and led to his eventual arrest on child pornography charges. A federal judge hearing the case refused a motion by the contractor to quash the evidence from the search of his computer, saying that the contractor had essentially waived his right to privacy by inadvertently sharing its contents with others.
In the Durdley case, Judge Paul also noted that no Fourth Amendment rights were violated because the law enforcement action had resulted from information provided by a private search conducted by a third party.
"If a private party presents law-enforcement authorities with evidence obtained in the course of an unlawful search it is "not incumbent on the police to stop her or avert their eyes," the judge cited from a previous case.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!