Digital Seizures: Why Wurie and Riley May Not Adequately Resolve Remote Destruction of Evidence

Digital Seizures: Why Wurie and Riley May Not Adequately Resolve Remote Destruction of Evidence

By Kevin Lammers*

I.  INTRODUCTION

Later this term, the Supreme Court will decide whether or not to grant certiorari in two cases involving the search of cell phones by law enforcement pursuant to the search-incident-to-arrest doctrine.[1]  The prevailing view amongst legal commentators is that the Court will grant certiorari in one of these cases to resolve whether, amongst other issues, these cell phone searches fall under the exigent circumstances exception to the Fourth Amendment’s warrant requirement.[2]  Because the Supreme Court has never applied this exception to the remote destruction of evidence—such as deleting iPhone data from another device—these cases will require the Justices to engage in a delicate balancing act between an individual’s right to the privacy of their cell phone’s contents and the necessity of law enforcement to preserve digital evidence.  The following discussion will illuminate one possible solution to that balancing act.

II.  HOW CAN DIGITAL EVIDENCE BE DESTROYED REMOTELY?

The issues in Wurie and Riley are particularly difficult to resolve because the exigent circumstances doctrine was created at a time when remote destruction of evidence was not possible.  Cloud computing technology (and the Internet in general) has introduced the possibility that digital evidence (e-mails, documents, text messages) might be removed from a computer without the suspect having access to that physical computer.  Seizure of the item containing the evidence—traditionally viewed as a less intrusive method for preserving evidence[3]—does not resolve the possibility that a suspect might destroy digital evidence remotely.  This is particularly problematic since law enforcement officers are increasingly relying on digital evidence to build their cases and investigate possible suspects.[4]

A variety of methods currently exist for deleting digital data from computers, tablets, and smartphones.  For example, Apple has given iPhone users the ability to erase information from their device in the event that they lose it.[5]  However, the First Circuit in Wurie argued rather convincingly that concerns about remote wiping of cell phones are overstated.  The court identified three common procedures that undermine the use of remote destruction of evidence as justification for a search: (1) turn the phone off (or remove the battery); (2) place the phone in a Faraday enclosure (which blocks wifi signals); and (3) immediately copy the cell phone’s contents onto another device.[6]  These same three procedures were also referenced by the defendant in Riley.[7]  Due to the level of intrusiveness of these three procedures, they are better understood as digital seizures rather than searches.  While these less-intrusive procedures undercut the rationale for a full-blown search justified by destruction of evidence, they do not address the destruction of files stored remotely.

In the case of more complex digital evidence, Microsoft’s latest version of Office utilizes “SkyDrive” to allow users to store and retrieve documents remotely.[8]  This type of remote deletion operates differently from the remote “wiping” of iPhone data.  Since the files on SkyDrive are stored remotely, digitally seizing a device with access to them does not prevent their destruction.  For example, if a law enforcement officer were to remove the battery of an iPad (or place it in a Faraday enclosure) with access to SkyDrive files, the SkyDrive user would still be able to completely erase those files by accessing them from another device.  Thus, even with the ability to digitally seize the contents of a physical device, the government can still argue that these searches are justified to identify what, if any, digital evidence a user has stored remotely.

III.  WHERE WURIE AND RILEY FALL SHORT

Both the First Circuit in Wurie and the defendant in Riley have thus far neglected to address the problems posed by remote storage of digital evidence.  Since both cases involve the search of cell phones rather than personal computers or tablets, it is likely that the parties to those cases failed to consider destruction of digital evidence beyond remote wiping of data.  However, cell phones contain the same level of access to data on SkyDrive and Google Drive as traditional computers.  Because of this, the government’s argument that a warrantless search is necessary to prevent destruction of such data holds up against the three types of digital seizures referenced by the First Circuit and the defendant in Riley.  Since the remote storage of digital evidence is largely going unnoticed by the parties to these cases, there is a legitimate chance that the Supreme Court could create a rule for these types of searches that is not readily applicable to data on SkyDrive and Google Drive.  This problem illuminates why the Supreme Court should fashion a rule for digital searches and seizures that accounts for the possibility of destruction of evidence in any form or fashion, whether remote or local.

Such a result is foreshadowed by the Western District of Washington’s discussion of remotely-stored data in In re Edward Cunnius.[9]  It warned that digital devices are best viewed as “portals” under the Fourth Amendment, containing not only local files, but also all information stored remotely or “on the internet.”[10]  The Supreme Court should note that the types of seizures contemplated by the parties in Wurie and Riley fail to capture data retained within the portal of a digital device.  Similarly, the Ninth Circuit theorized about the possible implications of cloud computing on Fourth Amendment doctrine, albeit in dicta:

In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself.  The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box.  Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.  With access to the cloud through forensic examination, a traveler’s cache is just a click away from the government.[11]

Because the petition in Riley and the First Circuit’s opinion in Wurie fail to address this technology as applied to digital seizures, there is a significant chance that the Supreme Court will not reach the issue—an issue with a potentially dramatic impact on the Fourth Amendment’s application to digital devices.

IV.  A POSSIBLE EMERGENCE OF DIGITAL SEIZURE LAW

With an opportunity to consider remote destruction of digital evidence, the Supreme Court should take care to craft a rule that will be applicable to the next generation of digital instruments.  One commentator has suggested that the best solution is to fashion an objective test for courts to apply to exigent computer searches:

[An officer must testify to] specific and articulable facts, known to the officer at the time of the search, demonstrating that the specific cell phone was at risk of remote deletion of potential evidence.  Additionally, the officer must further testify that there were no preventative measures available to him at the time of the search which could secure any evidence potentially stored on the cell phone.[12]

As an example of a generally-applicable solution, the above test hints at the possibility that courts will likely become well-acquainted with not only the three types of digital seizures discussed by the Wurie Court, but other forms of digital seizure designed to halt the destruction of remotely-stored data.

Using the example of SkyDrive, Microsoft may be able to access files or halt the destruction of files stored on a user’s SkyDrive.  In fact, its Windows Live Services Agreement hints at this possibility, albeit with reference to traditional legal devices such as subpoenas.[13]  Without a court order, there could still be a requirement—under 18 U.S.C. § 2703—that Microsoft (or Google) actually preserve a user’s content suspected of having evidentiary value: “A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.”[14]  The authority to order a third-party to preserve digital content is particularly important because, according to one source, the recovery of deleted content on browser-based e-mail systems (such as Gmail) is a complex task at best.[15]  While this might be unnecessary when police have probable cause to believe a device contains digital evidence (where a telephonic warrant might suffice), there are circumstances where a temporary seizure could be justified based on something less than probable cause.[16]  Halting the destruction of digital information is not necessarily even a “seizure” of that data, which may be why 18 U.S.C. § 2703(f) has never been subjected to a Fourth Amendment challenge.  The user still has access to content seized pursuant to § 2703, but no ability to edit or delete it.  Arguably, halting the destruction of potential digitized evidence implicates no privacy concerns under existing Fourth Amendment jurisprudence.[17]

V.  CONCLUSION

As the nine Supreme Court Justices (most likely) debate whether or not Wurie’s or Riley’s Fourth Amendment rights were violated, they should keep in mind that new and emerging technologies provide just as many solutions as they do Fourth Amendment problems.  Section 2703 is just one example of how exigent searches of electronic devices might be better handled by law enforcement’s reliance on similar technologies to address specific technological exigencies.  The three digital seizure methods suggested by the Wurie Court disguise a larger problem that remotely-stored and remotely-wiped evidence presents.

 


* J.D. Candidate, University of Illinois College of Law, expected 2014.  B.A. Psychology and Drama, University of Arkansas, 2010.  I thank the Recent Developments Editor at the Journal of Law, Technology and Policy, Angie Nizio, for her advice and attention to this piece.

[1] United States v. Wurie, No. 11-1792, 2013 WL 2129119 (1st Cir. 2013); California v. Riley, No. D059840, 2013 WL 475242 (Cal. Ct. App. 2013).

[2] See, e.g., Dana Liebelson, Will the Supreme Court Stop Cops from Reading Your Text Messages?, Mother Jones (Sept. 17, 2013, 3:00 AM), http://www.motherjones.com/politics/2013/09/police-cell-phone-search-warrant-supreme-court (quoting Alan Butler: “It’s very likely that the Supreme Court will grant certiorari and review the issue (either in Riley or Wurie). If the Court does not take one case, it will likely take the other.”).

[3] Segura v. United States, 468 U.S. 796, 806 (1984) (“Recognizing the generally less intrusive nature of a seizure, the Court has frequently approved warrantless seizures of property, on the basis of probable cause, for the time necessary to secure a warrant, where a warrantless search was either held to be or likely would have been held impermissible.” (citations omitted)).

[4] See Declan McCullagh, Cops to Congress: We Need Logs of Americans’ Text Messages, CNET (Dec. 3, 2012, 9:00 AM), http://news.cnet.com/8301-13578_3-57556704-38/cops-to-congress-we-need-logs-of-americans-text-messages/ (“As the popularity of text messages has exploded in recent years, so has their use in criminal investigations and civil lawsuits.”).

[5] iCloud: Erase Your Device, Apple Support (Sept. 18, 2013), http://support.apple.com/kb/PH2701.

[6] Wurie, 2013 WL 2129119, at *9.

[7] Petition for Writ of Certiorari at 22–23, Riley, 2013 WL 475242, (No. 13-132).

[8] SkyDrive, Microsoft, http://windows.microsoft.com/en-us/skydrive/download (last visited Oct. 7, 2013); see also File Deletion and Recovery Policy, Google Drive, https://support.google.com/drive/answer/2405957?hl=en (last visited Oct. 7, 2013) (“Anything permanently deleted from Google Drive can’t be recovered.”).

[9] In re Edward Cunnius, 770 F. Supp. 2d 1138, 1144–45 (W.D. Wash. 2011).

[10] Id. at 1145 (“All data on the internet is both separate and one.”).

[11] United States v. Cotterman, 709 F.3d 952, 965 (2013).

[12] Mireille Dee, Note, Getting Back to the Fourth Amendment: Warrantless Cell Phone Searches, 56 N.Y.L. Sch. L. Rev. 1129, 1162 (2011–12).

[13] See Microsoft Services Agreement, Windows Live (Aug. 27, 2012), http://windows.microsoft.com/en-us/windows-live/microsoft-services-agreement (describing, in Sections 5.2 and 5.3, how the user consents to Microsoft accessing and preserving their content).

[14] 18 U.S.C. § 2703(f)(1) (2006).

[15] See Sandy Boucher & Barry Kuang, Email Evidence – Now You See It, Now You Don’t!, Forensic Focus, http://www.forensicfocus.com/email-evidence-now-you-see-it (last visited Oct. 7, 2013) (“In a recent case, we were able to recover some very recent emails from a system using Windows Live Hotmail but older messages were gone and even those recovered from unallocated space were fragmented and hard to use.”).

[16] See, e.g., Terry v. Ohio, 392 U.S. 1 (1968) (holding that police may temporarily detain a person and his or her belongings based on reasonable suspicion).

[17] See Warden v. Hayden, 387 U.S. 294, 305–06 (1967) (“And with particular relevance here, we have given recognition to the interest in privacy despite the complete absence of a property claim by suppressing the very items which at common law could be seized with impunity: stolen goods; instrumentalities; and contraband[.]” (citations omitted)).