New Jersey Law Journal  August 10, 2015   

 Courts Allow Broader Search Warrants for Internet Crimes

--- The Fourth Amendment as applied to spam, viruses, worms and the like

Jonathan Bick, Bick is of counsel at Brach Eichler in Roseland. He is also an adjunct professor at Pace and Rutgers law schools, and the author of "101 Things You Need to Know About Internet Law" (Random House 2000).

In the case of United States v. Richards, 659 F.3d 527 (2011), the court found that the Fourth Amendment generally requires specificity in search warrants. However, generally the courts have allowed broader search warrants when Internet crimes are involved. In particular, they have allowed broad searches for more-or-less any search reasonably likely to obtain evidence, though a circuit split exists as to this matter.

The acts of searches and seizures activate the application of the Fourth Amendment. The Fourth Amendment affords the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures. It generally requires the government to obtain a warrant based on probable cause, supported by information which describes the place to be searched, and the persons or things to be seized. These requirements limit governmental searches.

The goal of the Fourth Amendment is to protect people's right to privacy and freedom from arbitrary governmental intrusions. Private intrusions not acting in the color of governmental authority are exempted from the Fourth Amendment.

The court in United States v. Jacobsen, 466 U.S. 109 (1984), found that a "'seizure' of property occurs when there is some meaningful interference with an individual's possessory interests in that property." The court in Berger v. New York, 388 U.S. 41 (1967), specifically found that the interception of intangible communications was a seizure. Furthermore, the Jacobsen court also found that a search for Fourth Amendment purposes occurs when an expectation of privacy, that society is prepared to consider reasonable, is infringed. If the government's conduct does not violate a person's "reasonable expectation of privacy," then it does not constitute a Fourth Amendment "search" and no warrant is required according to Illinois v. Andreas, 463 U.S. 765 (1983).

Accordingly, Internet crime investigators must consider two issues when asking whether a government search of an Internet transaction requires a warrant. First, does the search violate a reasonable expectation of privacy? And, if so, is the search nonetheless permissible because it falls within an exception to the warrant requirement?

Internet crimes are normally defined as some contravention of a criminal code that involves the Internet for its perpetration. Internet crimes encompass many traditional crimes committed with the use of the Internet in addition to an assortment of new Internet-specific criminal behaviors.

Internet crimes may be alternatively categorized in accordance with the Internet's part of the criminal behaviors. In particular, the Internet may be the object of a crime, such as when the criminal behavior results in the destruction of Internet components or software. In such a case, under state law it is generally prosecuted under theft or trespass statutes. Under federal law, Internet content theft may be prosecuted under 18 U.S.C. §2314, which regulates the interstate transportation of stolen or fraudulently obtained goods.

A second type of Internet crime occurs when the Internet is used to commit the crime. This sort of Internet crime is akin to the use of a tool to rob a home. This category includes spam, viruses, worms, Trojan horses and distributed denial of service attacks.

Previously, malice and mischief, rather than financial gain, motivated most Internet bad acts. These bad actors were most commonly juveniles, disgruntled employees and hackers showing off their skills. Increasingly, the bad actors are professionals motivated by desire for financial gain.

As suggested, courts have allowed broader search warrants when Internet crimes are involved. The Internet crime most susceptible to broad Internet search warrants are spam, viruses, worms, Trojan horses and distributed denial of service attacks.

• Spam is generally understood to be unsolicited bulk commercial email from a party with no pre-existing business relationship. In addition, hackers often use spam as a way of distributing viruses, spyware and malware. 
• Viruses are Internet software that modifies other computer programs. Viruses normally negotiate the Internet via infected files by email. 
• Worms are simply self-replicating viruses that send themselves. Worms work directly with computers and do not require people to assist in the distribution of the worm-related software. Viruses generally require user action to spread, such as an email communication. Thus, worms tend to have more destructive potential than viruses. 
• Trojan horses are programs that hide malware in legitimate Internet code or Internet content that also contain hidden malicious code. Trojan horses are a common means of transmitting viruses as well Web bots (sometime known as spiders).
• Web bots can find and steal data, as well initiate a denial of service attack.  A denial of service attack renders an Internet site unavailable to legitimate Internet users by forcing the site to respond to illegitimate requests. The use of third-party Internet sites makes it particularly difficult to identify the source of a denial of service attack.
• Additionally, the Internet may be used as the instrumentality of the crime. These Internet crimes mimic traditional crimes and include identity theft, distribution of child pornography, copyright infringement and wire fraud. In particular, United States v. Prochner, 417 F.3d 54 (2005), details Internet identity theft while affirming conviction of a defendant who obtained credit card numbers via the Internet.

United States v. Brown, 237 F.3d 625 (2001), considered Internet child porn while upholding an enhanced sentence for computer use (via Internet) in violating a child pornography statute. Metro-Goldwyn-Mayer Studios v. Grokster, 545 U.S. 913 (2005), reviewed Internet copyright infringement when finding Internet software distributors liable for infringement carried out via the Internet.

Internet crime prosecution raises a number of Fourth Amendment issues. According to the court in United States v. Jacobsen, 466 U.S. 109 (1984), the Fourth Amendment prohibits unreasonable searches and seizures by the government. Nevertheless, some do not consider access to an Internet site a search or seizure.

Katz v. United States, 389 U.S. 347 (1967), is regularly understood to mean that a search occurs within the meaning of the Fourth Amendment when government actions violate an individual's legitimate or "reasonable" expectations of privacy. While a person has a reasonable expectation of privacy in a computer that is located within said person's home, it is less clear if a person has an expectation of privacy for Internet content stored in the cloud.

Fourth Amendment issues may also arise when law enforcement intercepts certain information on the Internet, such as email addresses and website addresses. The Fourth, Ninth and Tenth Circuits have found that Internet users do not have a reasonable expectation of privacy in the information they provide to an Internet Service Provider. For example, the court in United States v. Forrester, 512 F.3d 500 (2008), found that the warrantless use of computer surveillance which discovered email addresses and Internet activity of a defendant did not constitute a Fourth Amendment search.

The court has also declined to apply Fourth Amendment restrictions for use of Internet monitoring tools, such as an Internet application that records keystrokes on Internet sites. Although the Fourth Amendment generally requires specificity in search warrants, the courts have allowed broader search warrants when Internet crimes are involved. In particular, United States v. Richards, 659 F.3d 527 (2011), held that a warrant authorizing search of "all content" of specifically identified computer servers, including "any computer files that were or may have been used as means to advertise, transport, distribute, or possess child pornography" was not impermissibly broad. The court in United States v. Hill, 459 F.3d 966 (2006), highlighted the circuit split by requiring the government to show that seizure was made necessary by the impracticality of on-site searching.

Many Internet Fourth Amendment cases involve whether law enforcement can search a company-owned computer that an employee uses to conduct business. Although the case law is split, the majority holds that employees do not have a legitimate expectation of privacy with regard to information stored on a company-owned computer. The court in City of Ontario v. Quon, 130 S.Ct. 2619 (2010), extended this lack of an expectation of privacy to text messages.

The circuits also seem to be split on the application of the plain view exception to Internet content. This in turn appears to have resulted in a split on where the fruits or evidence of an Internet crime, based on a warrantless Internet query, will be admissible.