Posts Tagged ‘search warrant’

U.S. v Comprehensive Drug Testing

Thursday, August 27th, 2009

Read the full decision here.

This case will get a lot of press due to it’s relation to ballplayer drug testing, but in the computer forensic world, this case is generating a lot of email and forum traffic. The case is extensive and the issues involved are complex, so I’m not going to even try to rehash it all. There are multiple search warrants for the same information, but in short, the government sought the test results of 10 ballplayers, got access to the computers with all the test results, and somehow the investigators got access to results of people outside the scope of the warrants.

The majority decision creates 5 new rules, but the first 2 are creating the big buzz:

1. Magistrates should insist that the government waive reliance upon the plain view doctrine in digital evidence cases. See p. 11876 supra.

2. Segregation and redaction must be either done by specialized personnel or an independent third party. See pp. 11880-81 supra. If the segregation is to be done by government computer personnel, it must agree in the warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant.

There is a specific issue here that differentiates it from a normal case. That is, that the warrant was for specific records on a computer, whereas in a normal investigation, the warrant would be for indeterminate potential evidence on a computer. So if for example in a drug dealer case, you’re searching the computer for anything relevant to drugs, and you come across child exploitation material, the plain view doctrine applies to the first image you find, and then you go and get a warrant to cover an extended search for contraband using the first image as your basis. Here however you are dealing with a limited scope search.

In the e-discovery field, you get this all the time. You are producing certain relevant records, and the opposing side doesn’t get access to the rest of the data. This is what we’re dealing with here: a production of records, not a general investigative process on the computer as in most criminal forensic cases.

Back during my fraud specialisation from 2003-2007, I did a bunch of cases investigating attorney malfeasance. In those cases, I worked as if having a Chinese Wall, and made sure that only certain information was released to the investigating police detectives. I even had partial document production with redaction of the non-relevant (and privileged) paragraphs. It’s really not that hard to do, and it’s not a major cost impediment. Even if you are a small agency where your examiner is part forensics, part detective, you can still compartmentalise results.

If the court’s proposed orders are applied to all computer forensics, then there’s a major issue, but if they are limiting the new orders to limited scope searches for records on 3rd party systems, then this seems a very reasonable result. With the high profile of this case, I expect an appeal is inevitable.