E-mail warrant for all evidence of CFAA crimes violates Fourth Amendment, court holds

In a recent case, United States v. Shah, 2015 WL 72118 (E.D.N.C. Jan. 6, 2015), a district court ruled that a search warrant for an e-mail account for all evidence of violations of the federal computer hacking statute failed to comply with the Fourth Amendment because it did not particularly describe the evidence to be seized.

The warrant in the case approved the seizure from a specific gmail account of e-mails that contained the following:

All information . . . that constitutes fruits, evidence, and instrumentalities of Title 18, United States Code, Sections 1030 (Fraud and Related Activity in Connection with Computers), since account inception, including, for each account or identifier listed on Attachment A, information pertaining to the following matters:
a. Preparatory steps taken in furtherance of unauthorized network activity, communications regarding execution of the unauthorized network activity, and information regarding tools used in furtherance of the unauthorized network activity.
b. Records relating to who created, used, or communicated with the account or identifier, including records about their identities and whereabouts.

This description is a slightly modified version of the DOJ recommended e-mail warrant description, albeit without a date restriction; see here at 261-62. According to the district court, however, the warrant was not specific enough. From the opinion:

The provision [of the warrant] describing the documents "seized" makes a general reference to "[a]ll information described above in Section I that constitutes fruits, evidence, and instrumentalities of Title 18, United States Code, Sections 1030 (Fraud and Related Activity in Connection with Computers)." (Google Warrant, 6). This statute, also known as the federal Computer Fraud and Abuse Act ("CFAA"), prohibits a wide array of activities, including the use of computers to transmit information restricted by the United States without authorization, intentionally accessing a computer without authorization or exceeding authorized access to obtain financial records, accessing nonpublic computers of the United States in a way which affects the government's use, accessing protected computers without authorization in order to commit fraud, threatening to cause damage or obtain information from a protected computer, conspiracy to commit these offenses, and other activities. See 18 U.S.C. § 1030(a).

A violation of the CFAA would not necessarily generate such "distinctive evidence" as bank robbery or narcotics. Dickerson, 166 F.3d at 694. Nor would evidence necessarily be as distinctive as that of child pornography, a type of crime more commonly targeted by warrants for electronic information. E.g. United States v. Schesso, 730 F.3d 1040, 1044 (9th Cir.2013); United States v. Deppish, 994 F.Supp.2d 1211, 1214 (D. Kansas 2014). Rather, a warrant authorizing collection of evidence of a CFAA violation comes closer to warrants seeking to collect evidence regarding violations of broad federal statutes prohibiting fraud or conspiracy. In these cases, limitation by reference to the broad statute fails to impose any real limitation. See United States v. Maxwell, 920 F.2d 1028, 1033 (D.C.Cir.1990) ("Although a warrant's reference to a particular statute may in certain circumstances limit the scope of the warrant sufficiently to satisfy the particularity requirement … it will not do so where, as here, the warrant authorizes seizure of all records and where, as here, the reference is to a broad federal statute, such as the federal wire fraud statute."); Rickert v. Sweeney, 813 F.2d 907, 909 (8th Cir.1987) (general search limited only by broad tax evasion statute held overly broad, where probable cause existed only to search for evidence of tax evasion in connection with one particular project); United States v. Roche, 614 F.2d 6, 7-8 (1st Cir.1980) (warrant's limitation of search to "fruits and instrumentalities of the violation" of federal mail fraud statute was inadequate because "limitation by so broad a statute is no limitation at all.").

The Google Warrant provides no other details to clarify the particular crime at issue. Section II(a) makes reference to "unauthorized network activity," yet gives no indication as to the meaning of this phrase, which would seem to be implicated in almost all of the activities prohibited by the CFAA. The warrant offers nothing about the time frame of the offense. See United States v. Hanna, 661 F.3d 271, 287 (6th Cir.2011) (noting, in upholding search warrant for electronic information, that the warrant was limited to "the time period that the evidence suggested the activity occurred.") Rather, it provides for the seizure of all evidence of violations of the CFAA "since account inception." (Google Warrant, 6).

Although the test for particularity "is a pragmatic one," and must consider "the circumstances and type of items involved," Torch, 609 F.2d at 1090, the record does not indicate that circumstances of the investigation precluded a more particularized description of the crime. Special Agent Ahearn's supporting affidavit provides copious details as to the time and nature of the alleged offenses. Had the Google Warrant properly attached or incorporated this affidavit, it could have provided the necessary context for the search. Hurwitz, 459 F.3d at 471 ("[A]n affidavit may provide the necessary particularity for a warrant if it is either incorporated into or attached to the warrant.") (quoting United States v. Washington, 852 F.2d 803, 805 (4th Cir.1988)). Yet the Google Warrant makes no incorporation, and it does not appear from the record that the affidavit was attached. Without the Google Warrant somehow including the additional details provided by Special Agent Ahearn's affidavit, the affidavit itself cannot satisfy concerns for particularity or overbreadth. See Groh v. Ramirez, 540 U.S. 551, 557 (2004) ("The Fourth Amendment by its terms requires particularity in the warrant, not in the supporting documents.").

"[T]here are grave dangers inherent in executing a warrant authorizing a search and seizure of a person's papers that are not necessarily present in executing a warrant or search for physical objects whose relevance is more easily ascertainable." Williams, 592 F.3d at 523-24 (quoting Andresen v. Maryland, 427 U.S. 463, 482 n. 11). "Because electronic devices could contain vast quantities of intermingled information, raising the risks inherent in over-seizing data … law enforcement and judicial officers must be especially cognizant of privacy risks when drafting and executing search warrants for electronic evidence." Schesso, 730 F.3d at 1042; see also In the Matter of the Search of Info. Associated with [redacted]@mac.com that is Stored at Premises Controlled by Apple, Inc., 13 F.Supp.3d 157, 166-67 (D.D.C.2014) ( "D.D.C. Mac.com Order "). Especially in light of the nature of the search and seizure here, the Google Warrant is not drafted with sufficient particularity. In the absence of additional details, the warrant fails to identify the "particular crime" for which officers were to seek evidence. Therefore, the warrant lacks the particularity required by the Fourth Amendment.

The court goes on to apply the good-faith exception, however, because the court's holding is somewhat novel under the circumstances. Here's the discussion, with a paragraph break added:

The warrant does reference a particular federal statute, even if the particular crime is not detailed. As explained, there is no clear precedent within this circuit which would demonstrate to an officer that a warrant restricting seizures to evidence of CFAA violations would fail to satisfy concerns for particularity. Meanwhile, the legal standards for searching and seizing electronic evidence remains in a state of development, where courts have suggested that relaxed standards apply. See United States v. Grimmett, 439 F.3d 1263, 169 (10th Cir.2006) ("[W]e have adopted a somewhat forgiving stance when faced with a 'particularity' challenge to a warrant authorizing the seizure of computers."); In the Matter of a Warrant for All Content and Other Info. Associated with the Email Account [redacted]@gmail.com Maintained at Premises Controlled by Google, Inc.,—F.Supp.2d —-, 2014 WL 3583529, at *5 (S.D.N.Y.2014) ("S.D.N.Y. Google Order ") ("[C]ourts developed a more flexible approach to the execution of search warrants for electronic evidence.").

A number of courts have authorized the government to obtain the entire contents of an email account in order to later determine which particular emails come within the scope of a search warrant. See S.D.N.Y. Google Order,—F.Supp.2d —-, 2014 WL 3583529 at *6 (citing cases). At least one other court upheld a warrant similar to the Google Warrant at issue here, that required the "disclosure" of all contents of an email, but specified the information to be seized by reference to a particular federal statute. Deppish, 994 F.Supp.2d at 1215 (authorizing seizure of "information concerning activities and identification of any individuals related to crimes of sexual exploitation of minors pursuant to 18 U.S.C. § 2252."). The Google Warrant's deficiencies were not so patently obvious that an officer could not "reasonably have presumed" its validity. Therefore, the evidence seized pursuant to the Google Warrant will not be suppressed.