Cyber Crime Review
Cyber Crime Review

July 2024


Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure

Cyber CrimesCyber Crimes

In what I would call a very significant case, a New York federal court has held that failure to examine a defendant’s imaged hard drive within 15-months after it was obtained was an unlawful seizure in violation of the Fourth Amendment. In United States v. Metter, 2011 U.S. Dist. LEXIS 155130 (E.D.N.Y. 2012) the government imaged over 60 hard drives as part of a criminal investigation into securities fraud, yet held on to the images and failed to actually do anything with them for over 15 months. The defendant argued that “the government’s significant delay in conducting off-site searches of the imaged evidence merits blanket suppression of all seized and imaged evidence as routine delays of this duration would eviscerate the Fourth Amendment’s privacy protections.” While treading very cautiously, the court ultimately held that such delay, especially due to the amount of irrelevant, yet highly personal information that could be on a computer hard drive, was an unreasonable seizure.

At the outset, the court noted that the defendant’s argument raised “an interesting issue of first impression in this Circuit that may impact electronic discovery in future criminal investigations and cases: How long may the government retain seized and imaged electronic evidence before conducting a review of that evidence to determine whether any of it falls outside the scope of a search warrant?” (This is indeed an interesting question. Think, for example, of evidence collected from a murder scene. The officers may take pictures, blood swipes, fingerprints, etc., but they cannot bag up the entire site or completely capture it for future use. That is the case with imaging a defendant’s hard drive, though – essentially the evidence (relevant or irrelevant) lasts forever; it can be revisited ad nauseum, and consequently raises a plethora of Fourth Amendment concerns. Ultimately, and because of this evidentiary effect, this ends up as a case where the court was forced to treat electronic evidence different from physical evidence because of the fundamental difference in nature and kind between the two.)

The court went on to note that courts have long recognized that searches (typically of papers) will inevitably involve reviewing documents that are outside of the scope of the search because it is impossible to conduct a search otherwise; pragmatically, there are “tactical difficulties” in cabining a search when you don’t know what you will find, or where “it” will be found, per se.  This recognition has been extended to computers, but:

Computers and electronic information present a more complex situation, given the extraordinary number of documents a computer can contain and store and the owner’s ability to password protect and/or encrypt files, documents, and electronic communications. As a result, the principle of permitting law enforcement some flexibility or latitude in reviewing paper documents just described, has been extended to computerized or electronic evidence. Courts have applied the principles recognized in Andresen “in analyzing the method used by the police in searching computers and have afforded them leeway in searching computers for incriminating evidence within the scope of materials specified in the warrant.”

Thus, courts look to the heart of the Fourth Amendment for the lawfulness of the search – was it “reasonable?”

The court recognized that the warrants issued in this case (there were multiple, spanning both homes and offices), were facially valid, sufficiently particular, and clearly defined the scope of each search. Additionally, the police acted reasonably in executing the searches, and promptly returned the hard drives back to the owners after they were imaged. Thus, the crux of the case does not involve a failure of the warrants themselves, or the procedure in which they were executed on-scene, but the process involved afterwards.

The court pointed out that delays of several months have been found to be reasonable – there may be law enforcement delays, an ongoing investigation, etc., but that there was a lack of precedent on the ceiling of this temporal question – when did a delay become presumptively unreasonable. While not actually answering that question, or establishing a black-letter rule, the court stated that:

The parties have not provided the Court with any authority, nor has the Court found any, indicating that the government may seize and image electronic data and then retain that data with no plans whatsoever to begin review of that data to determine whether any irrelevant, personal information was improperly seized. The government’s blatant disregard for its responsibility in this case is unacceptable and unreasonable.

The court dismissed the government’s argument that because they returned the original hard drives they were not really violating any privacy. I find this argument to be almost laughable – why does having a copy of a personal document lessen its embarrassing or incriminating nature? The court found this a “distinction without a difference.”

Notably, the defendant’s counsel had also notified the court that the government was willing to provide copies of these hard drives to attorneys of other defendant’s involved in the fraudulent scheme, upon request. While this might have been helpful in a discovery sense, the failure to triage these hard drives for irrelevant information was damning. Ultimately, the court stated:

The government’s retention of all imaged electronic documents, including personal emails, without any review whatsoever to determine not only their relevance to this case, but also to determine whether any recognized legal privileges attached to them, is unreasonable and disturbing. Moreover, the government repeatedly asserted its intent to release indiscriminately the imaged evidence to every defendant, prior to conducting any review to determine if it contained evidence outside the scope of the warrants. The Court agrees with Defendant that the release to the co-defendants of any and all seized electronic data without a predetermination of its privilege, nature or relevance to the charged criminal conduct only compounds the assault on his privacy concerns. It underscores the government’s utter disregard for and relinquishment of its duty to insure that its warrants are executed properly.

After holding the government’s actions in contravention of the Fourth Amendment, the court wrestled with the remedy. Did such process “deserve” complete suppression of all evidence – a remedy quite harsh to a case built around such evidence. The court ultimately decided complete suppression was warranted:

The Court has not reached this conclusion lightly. However, the Court cannot, in the interest of justice and fairness, permit the government to ignore its obligations. Otherwise, the Fourth Amendment would lose all force and meaning in the digital era and citizens will have no recourse as to the unlawful seizure of information that falls outside the scope of a search warrant and its subsequent dissemination.

The impact of this case is wide-reaching for law enforcement – essentially they must do something with seized evidence in a reasonable amount of time. This raises a series of questions:

  1. What must law enforcement do to prevent suppression if the amount of time grows – merely do a keyword search, or fully triage and redact irrelevant evidence?
  2. We know 15 months is too long, but what about 10, 12 or 8 months? Another line drawing problem is born.
  3. How does this decision affect law enforcement timetables for existing and future investigations, and what if any impact will it have as more cases involve electronic evidence and case loads and backups increase?
  4. What will the impact of this decision be on general electronic discovery as it relates to passing unredacted/reduced electronic evidence to co-defendants, since such discovery implicates privacy concerns due to the nature of hard drives and the “intermixing” of relevant and irrelevant evidence?
Comments 0
There are currently no comments.