A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
government and computer searches
August 28, 2009 at 7:32 pm #78877
MOSTLY of interest to people with at least some involvement with Privacy and Forensics
and the Caveat from the blog posting needs at least some emphasis
“The 9th Circuit is typically thought of as being more liberal than other courts, and it is possible that the ruling will be overturned.”
9th Circuit Limits Use of Seized Computer Data
The 9th Circuit Court of Appeals has issued a ruling that not only threw out other cases, but has more broadly set a limit upon the use of data seized in a computer search.
The ruling has to do with the “plain view” doctrine, which allows law enforcement to take steps to pursue a crime when the evidence of it is in plain view. Prosecutors in an investigation of steroid use in baseball were using the entire contents of a spreadsheet to look for players who had tested positive, even though only about ten players were actually under investigation.
“After obtaining an electronic spreadsheet from the drug testing lab, though, the government reviewed the records of hundreds of players and many other people,” explained the website law.com. “In the years since, drug dealers, athletes and coaches have been prosecuted for perjury, and the names of other baseball players who tested positive for steroids were leaked to the media.”
The 9th U.S. Circuit Court of Appeals, in an unusual instance of the entire court hearing the case rather than a subset of three judges, ruled that this was improper, both for the steroid case and in general.
The government should not be able to keep anything one of its agents happened to see while performing a forensic analysis of a hard drive, the finding read.
“The government should, in future warrant applications, forswear reliance on the plain view doctrine or any similar doctrine that would allow it to retain data to which it has gained access only because it was required to segregate seizable from non-seizable data,” said the court. “If the government doesn’t consent to such a waiver, the magistrate judge should order that the seizable and non-seizable data be separated by an independent third party under the supervision of the court, or deny the warrant altogether.”
Moreover, the government should not be allowed to go on a fishing expedition with the data, such as looking for pornography on a seized hard disk unless there was some reason to believe it was there.
“[T]he government has sophisticated hashing tools at its disposal that allow the identification of well-known illegal files (such as child pornography) without actually opening the files themselves,” the ruling said. “These and similar search tools may not be used without specific authorization in the warrant, and such permission may only be given if there is probable cause to believe that such files can be found on the electronic medium to be seized.”
The court also chided investigators for not using computer personnel to look at the file first in order to retrieve just the data needed for the case. “The government doesn’t need instruction from the court as to what kind of employees to use to serve its own purposes; the representation in the warrant that computer personnel would be used to examine and segregate the data was obviously designed to reassure the issuing magistrate that the government wouldn’t sweep up large quantities of data in the hope of dredging up information it could not otherwise lawfully seize,” the justices scolded.
The 9th Circuit is typically thought of as being more liberal than other courts, and it is possible that the ruling will be overturned.
You must be logged in to reply to this topic.