In August 1994, the Computer Crime Unit of the Justice Department, in conjunction with a number of federal agencies known as the Computer Search and Seizure Working Group, developed guidelines to address seizing and searching computers and handling computer evidence.
The guidelines run several hundred pages, addressing the many scenarios under which government officials might, in connection with criminal investigations, need to search or seize computer data and equipment from a company or individual. The guidelines note, for example, that the consent of one user can be considered adequate authority to search an entire network even if each additional user has individual files and directories.
That requirement changes, however, if individuals have encrypted information, used passwords, or otherwise protected data. In those cases, according to the guidelines, warrants are required, because seizure of encrypted information may lead to Fifth Amendment violations (where individuals are forced to incriminate themselves) if the information is decrypted. In addition, prosecutors may be forced to offer immunity to those suspects ordered to turn over an encryption key to authorities.
In the past, prosecutors often sought warrants to seize all equipment connected with a target computer. Because in today's computing environment individual computers are more often networked to other terminals, the guidelines urge that prosecutors seize only the target computer. If fewer pieces of equipment are confiscated, the government can carry out the warrant more easily, and the target company can continue to function during the inquiry.
Where it is necessary to seize more equipment, the guidelines encourage investigators to return unneeded devices after an initial analysis has been made. In the case of technology that is crucial to the effectiveness of the company, a copy can be made of the information and the equipment returned if suspects sign waivers attesting that the information is valid.
Investigators may not conduct a search without a warrant unless the suspect is caught destroying the information. Even in such cases, a warrant must often be obtained before the information can be analyzed.
The guidelines remind government officials that some private electronic mail (e-mail) is protected by the Electronic Communications Privacy Act (ECPA) and should not be read. According to the ECPA, prosecutors must obtain a warrant to read mail stored for less than 180 days. Mail older than 180 days may be obtained through a warrant or subpoena.
According to Marry Stansell-Gamm, a member of the Justice Department's working group, the guidelines are meant to be taken as advice. "The guidelines were provided just to give some direction in a vacuum of authority," says Stansell-Gamm, "because issues evolve faster than the legal system can catch up."
Since the document was published, two important pieces of legislation have affected computer investigations. The Omnibus Crime Bill of 1994 contains a new version of the computer hacker statute. …