Searching Old Digital Haystacks: Some Thoughts on the Richman v. United States Litigation

The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

In federal district court in Washington, DC, Judge Colleen Kollar-Kotelly handed down two opinions in the last two weeks in a case involving Daniel Richman, a friend and occasional advisor to former FBI Director James Comey. In the first opinion, dated December 12, the Judge ordered the government to return to Richman digital copies of the contents of his computers. In the second opinion, released yesterday, Judge Kollar-Kotelly clarified her first order and addressed government objections.

There's a lot going on in these cases. But the opinions happen to raise important questions of how the Fourth Amendment and the Federal Rules of Criminal Procedure apply to searching and seizing computers. Given my academic focus on those legal issues, I thought I would blog about them and offer some thoughts for the law nerds hoping to learn more about those legal issues and how this new set of opinions deals with them.

Here's the basic problem. When the government gets a warrant to search a computer, it generally seizes the physical device, copies all the data, and then searches the government's copy of the data for the evidence sought. Put another way, investigators make a copy of the digital haystack and then search the copy for the needle that the warrant described as the evidence to be sought.

All of this has an important implication: When the case is over, either charged or uncharged, the government still has a copy of that digital haystack. And if you're the government, you might want to keep that digital haystack. Storage is cheap, so it's not like you need to free the space. And having that haystack might come in handy some day. Maybe someday, maybe even in an unrelated case, you'll have an investigative need that can be met by going back to that digital haystack and looking for a whole new set of needles.

The key question now is, what are the rules for dealing with that haystack years later? Can the government search that already-previously-seized data again, this time for new evidence, either without a warrant—or even with one? And if the owner of the haystack wants the haystack back, can he get it back—and what does getting it back mean?

(1) Introducing the Richman Case

Daniel Richman is a lawyer and law professor who is a close friend of James Comey. Richman has sometimes acted as Comey's counsel, both informally and in the legal sense. During the first Trump Administration, DOJ obtained warrants to search Richman's computers and online accounts for evidence of unlawful disclosure of classified information that had been obtained through Comey. No charges were brought, and the case was closed in 2021. But the government retained copies of Richman's digital files.

Now fast forward to the second Trump Administration. A lot of people have followed this way more closely than I have, and my apologies if I get some of the details wrong here. But as you know from following the news, there has been great deal of interest in the current executive branch in prosecuting James Comey. As I understand things, whereas the Trump 1.0 DOJ investigated Comey for allegedly leaking classified information, the Trump 2.0 DOJ is targeting Comey for allegedly lying to Congress about whether he had authorized Richman to act as a source for news stories.

Here's where the computers come in.

What happened, apparently, is that investigators in Trump 2.0 realized that they still had copies of Richman's digital files held over from the investigation during Trump 1.0. So they searched Richman's files again, this time searching for what Comey had authorized Richman to do. At least some of that information was then used as a basis to get an indictment against Comey. Investigators did not get a second warrant to do this new round of search. They had a copy of the files, so they searched it for what they wanted without new warrants.

Richman has now come into court, seeking a return of his property under Rule 41 of the Federal Rules of Criminal Procedure. Rule 41 gives people a limited right to return of property unlawfully seized from them. As I understand Richman's argument, he's saying that the government never had a right to get copies of all of his data, and that the continued retention of his files violated his Fourth Amendment rights, and that the remedy is to return to him all the copies of his data.

If I'm following this all correctly, there are really three issues in play here. First, were Richman's Fourth Amendment rights violated? Second, does Richman have a remedy of returning the digital data under Rule 41? And third, what exactly does a remedy of returning the digital data look like?

I break out that last point because I assume that's part of what's going on here. If the right to the return of data means a right to the deletion of data, that could operate as, in effect, a motion to suppress made by Richman on Comey's behalf. If the government can't get its own files, after all, it can't use them to prosecute Comey. (Although the charges against Comey have been dismissed, the Justice Department has indicated it will appeal. Who knows what might happen in the future, either on appeal or in some subsequent set of attempted charges.)

(2) Previous Cases on Searching Digital Files From A Previous Investigation

This question of how the Fourth Amendment appplies to re-searching previously seized computer files has come up in a few cases over the years, and it's getting more important over time. I want to give you a flavor of the cases to provide some context. I'll cover two cases in particular: First, the Second Circuit's litigation in the Ganias case; and second, a district court opinion, Nasher-Alneam.

The first case, United States v. Ganias, is one I blogged about a bunch of times here at the Volokh Conspiracy back in the day. It involves the seizure of an accountant's computers. First, in 2003, the government seized the accountant's computers to get evidence of crime of his customers. The accountant himself was not suspected of involvement in crime, but during that investigation, they copied the accountant's computers—and held on to the copies. Years later, in 2006, investigators came to suspect the accountant himself had committed other crimes, and they realized there was a copy of the accountant's computers already in government custody. So the investigators obtained a second warrant to research the copy of the accountant's computers, this time for the accountant's crimes—looking for different needles in the held-over copy of the digital haystack.

In the initial ruling in Ganias, the Second Circuit ruled that this violated the Fourth Amendment because the government was required to delete the old haystack after it wasn't needed in the original case. But the ruling didn't last: In 2016, the en banc court reviewed that ruling, held that the good faith exception to the exclusionary rule applied, and declined to reach whether the Fourth Amendment was violated.

The same basic issue arose in United States v. Nasher-Alneam, a district court case from 2019. In that case, the government obtained a warrant to search the computers of a physician for evidence that he had improperly provided narcotics to patients. At trial, the jury hung. The government then decided to search the copies of the computers a second time, this time for evidence of billing fraud. Unlike in Ganias, however, the government did not get a second warrant. The district court ruled that the search for evidence of billing fraud violated the Fourth Amendment, as the government could not just search for evidence outside the warrant just because it had a copy of the suspect's computer.

What to make of these cases? The government doesn't have unlimited authority to hold on to and re-search data leftover from old cases. But exactly what the limits are remains uncertain.

For what it's worth, in my scholarship and my new book, The Digital Fourth Amendment, I argue for use restrictions on digital warrants. The government is allowed to seize and copy all those files, but whatever it copies that outside the scope of the first warrant can't be used in later case, including if the government has a second warrant. This is needed, I argue, to ensure that the government doesn't use the switch from physical to digital environments as a way to massively expand government power and turn all digital warrants into general warrants. But that's just my proposal.

(3) The Court Rules That The Government Violated Richman's Rights

In the major opinion in the Richman case, dated December 12th, Judge Kollar-Kotelly first rules that the government violated Richman's Fourth Amendment rights by re-searching his seized files without getting a new round of warrants:

Although the Government, in a single footnote, broadly "denies that there has been any violation of the Fourth Amendment," it has presented no substantive argument that this warrantless search of Petitioner Richman's files was consistent with—or even cognizant of—his Fourth Amendment rights. See Gov't's Opp'n & Mot., Dkt No. 12, at 16 n.11.

Recognizing the extraordinary scope and sensitivity of data available on personal digital devices, the Supreme Court has commanded that officers must "secure a warrant before conducting" a search of data stored on cell phones, except in the rare case in which exigent circumstances make a warrantless search reasonable. Riley v. California, 573 U.S. 373, 386, 402 (2014). Moreover, it is well established that when the Government seeks to conduct another search after it has finished executing a previous warrant, it generally must secure another warrant. See Digital Devices II, 2022 WL 998896, at *9 (collecting cases).

These requirements reflect familiar, bedrock Fourth Amendment principles. "Searches conducted outside the judicial process, without prior approval by judge or magistrate, are per se unreasonable under the Fourth Amendment—subject only to a few specifically established and well-delineated exceptions." Katz v. United States, 389 U.S. 347, 357 (1967). "When the right of privacy must reasonably yield to the right of search is, as a rule, to be decided by a judicial officer, not by a policeman or Government enforcement agent." Johnson v. United States, 333 U.S. 10, 14 (1948).

In short, the Government's warrantless search of the contents of Petitioner Richman's cell phone and tablet in September 2025 was manifestly unconstitutional.

This holding is a lot like the United States v. Nasher-Alneam case I discussed above. The government was allowed to hold on to the files from the first warrant, but it couldn't go back to that well and draw more water (so to speak) without getting a new set of warrants to look for the new evidence.

As I hinted at above, I would personally have gone beyond that holding, in that I don't think the government should be able to go back and re-search the data even with a new warrant. I've detailed this argument in this article and in my new book, but the basic idea shouldn't be able to vastly expand its power when we switch from physical to digital searches. The government only has a copy of the extra information that was non-responsive to the first warrant for practical reasons: Courts allow the government to over-seize that irrelevant data in executing the first warrant to allow for a later forensic search. I think that part is reasonable. But, in my view, allowing the government to double-dip into those files years later with a second warrant is unreasonable; it lets the practical need from the first warrant be the basis for expanded power unrelated to that warrant.

I take the Court here as adopting only a much more modest position. Richman retains Fourth Amendment rights in the copy for the files that were not the subject of the first warrant, and the government searching the computer for those files is a new search that requires a new warrant. So far, that's not an unexpected holding.

(4) The Court Concludes that Rule 41 Allows an Order to Return Property Here.

Having found a Fourth Amendment violation, the next question is whether there's a remedy. The right to a return of property under Rule 41 is limited, and usually Rule 41 can't be used while a case is ongoing. (Basically, you don't want Rule 41 to be used as a sort of suppression remedy, so it's saved as an equitable remedy to get property back, not to stop a case.) This situation is odd, though. There's no pending case against Richman, only against Comey. Judge Kollar-Kotelly rules that Rule 41 is available here and that Richman has a right to the return of his files. A brief excerpt:

The Fifth and Ninth Circuits have each adopted four-factor tests for evaluating whether a court should exercise its equitable jurisdiction to order the return of property under Federal Rule of Criminal Procedure 41(g). See Richey v. Smith, 515 F.2d 1239, 1243 (5th Cir. 1975); Ramsden v. United States, 2 F.3d 322, 325 (9th Cir. 1993).3 The four relevant factors are: (1) "whether the Government displayed a callous disregard for the constitutional rights of the movant"; (2) "whether the movant has an individual interest in and need for the property he wants returned"; (3) "whether the movant would be irreparably injured by denying return of the property"; and (4) "whether the movant has an adequate remedy at law for the redress of his grievance." Ramsden, 2 F.3d at 325; accord Richey, 515 F.2d at 1243.

Other courts, including at least one court in this District, have applied the same or similar factors. See, e.g., In re Singh, 892 F. Supp. 1, 3 (D.D.C. 1995) (SSH); Trump v. United States, 54 F.4th 689, 694 (11th Cir. 2022) (per curiam) (following Richey as binding precedent in the Eleventh Circuit); Matter of Search of 4801 Fyler Ave., 879 F.2d 385, 387 (8th Cir. 1989) (concluding that "callous disregard" of Fourth Amendment rights, "irreparable injury if relief is not granted," and "lack of an adequate remedy at law" are each required).

Applying the Fifth and Ninth Circuits' four-factor tests to the facts of this case, this Court concludes that each factor weighs in favor of exercising equitable discretion to order the return of Petitioner Richman's property here.

There's a lot going on in this part of the opinion, but with my apologies I'm going to pass over it to get to the really interesting question: If there's a right to the "return" of digital data, what exactly does that remedy look like? That's up next.

(5) But What Exactly Is the Rule 41 Remedy for Digital Files?

Now we get to the details of the remedy. Judge Kollar-Kotelly takes this to be an equitable question in which she can fashion a remedy. She starts with the order to "return" the files.

As far as I can tell, the Judge does not detail what "returning" the files means. The files are lots of zeros and ones that were likely copied onto government servers— probably a lot of different servers. But the language in the opinion suggests that returning means giving Richman a copy and then deleting all remaining government copies. As she writes, the government has to certify that it has "(1) returned the covered materials to Petitioner Richman" and "(2) not retained any additional copy or copies of the covered materials." In this context, not retaining sounds a lot like deleting. So I think she's talking about a deletion requirement, rather than, say, just handing Richman an extra copy.

But if that's what returning the files means, does that mean the government can never access Richman's files? No, the Judge concludes: Rule 41 can't be used to effectively suppress evidence for Mr. Comey. So the Judge fashions a sort of middle ground: the government can make a copy of Richman's files and deposit that with the district court that is overseeing the Comey prosecution, and it can access those files only with a future warrant. Here's the explanation:

Allowing the Government to preserve a complete copy of the relevant materials in the custody of a neutral third party, in this case the U.S. District Court for the Eastern District of Virginia, permits the Court to redress the specific legal wrong that Petitioner Richman has established without unduly burdening the interests of the Government or the public at large. In other cases, courts have exercised their discretion under Rule 41(g) to allow the Government to create copies of files and preserve those copies in the Government's own records before returning the originals to aggrieved movants. See, e.g., J.B. Manning Corp. v. United States, 86 F.3d 926, 928 (9th Cir. 1996). Here, however, the Court has concluded that the Government has not maintained the files at issue in a manner that adequately protects Petitioner Richman's right to be free from unreasonable searches and seizures. See supra Section III.B.

Allowing the Government to retain a copy in its own possession therefore would not provide adequate redress to Petitioner Richman. Meanwhile, requiring the Government to return all copies of the files to Petitioner Richman could unduly impede the Government's interests in pursuing future investigations and prosecutions if—as the Government strongly suggests in its briefing—it intends to pursue further prosecution of Mr. Comey. See supra Section III.C. The appropriate way to balance these interests, and to provide redress to Petitioner Richman without transforming his motion into a "collateral (and premature) motion to suppress evidence in another criminal proceeding," see Gov't's Opp'n & Mot. at 7, is to allow a copy of the files to be retained for safekeeping in the custody of a court in the Eastern District of Virginia as a neutral third party. Because the Government has represented that the evidence at issue may be relevant to an investigation and potential prosecution in the Eastern District of Virginia, depositing the evidence under seal with the District Court for that District is the appropriate course of action

(6) The Clarifying Order: Richman II

Yesterday, December 23rd, the Judge entered an opinion clarifying the first opinion in response to the government's objections. In particular, she states the following about what she is ordering:

[T]he Court is not ordering the Government to "delete or destroy" anything. The Court is ordering the Government to return the materials initially seized from Petitioner Richman and any copies thereof to Petitioner Richman and to deposit a single copy of those materials with a neutral third party: the District Court for the Eastern District of Virginia. Although the Government originally obtained these materials pursuant to Petitioner Richman's 2017 consent and the lawful 2019 and 2020 warrants, it was prohibited from conducting warrantless searches on these materials—which included material that was not responsive to the 2019 and 2020 warrants— after the 2019 and 2020 warrants had been executed. The Court's Order does not require the Government to return any material that it had deemed responsive and segregated from the materials it originally seized in 2019 and 2020 because the Government has not identified any such material. Nor does the Court's Order prohibit the Government from accessing these materials in the future, so long as that access is obtained through a valid search warrant. Accordingly, the Court's order to the Government to return to Petitioner Richman the covered materials and any copies thereof and, if the Government so chooses, to deposit a copy with a neutral third-party remains unchanged.

(6) My Own Reaction to the Judge's Opinions

For the reasons offered above, I'm on board with Judge Kollar-Kotelly's ruling that Richman's Fourth Amendment rights were violated. That seems sound. My main questions are about the remedy.

Whether and how a Rule 41 motion to return property can apply to data without a physical device associated with the data is, as far as I know, new ground. Off the top of my head, I haven't seen this before. Does it even make sense to have a Rule 41 motion for the return of intangible data? With tangible things, the remedy is clear. When a motion to return property is granted, the government gives back the tangible thing it is wrongly possessing. I want my stuff back, the owner says. Give back the stuff, the court directs. Simple enough. But I'm not sure how that maps on to a world of zeros and ones.

This reminds me of the Ganias litigation from 2014 that I discussed above. The initial panel ruling in Ganias talked about a right to the deletion of non-responsive files. But it was never entirely clear what that meant in practice, and the en banc court's resolution of the case without reaching the merits left that unclear. Maybe Rule 41 motions to return property make sense for intangible data, but I'd need to think more about it.

Beyond the conceptual question, I'm not entirely sure how this works in practice, even after the clarifying order yesterday. My apologies if I missed this, but I don't see where in the opinions there is discussion of what to do with what the government previously learned. A search through the copies of Richman's computers already happened. For the sake of simplicity, call those searches the 2025 search. Imagine a future prosecution of Comey in which the government wants to use the fruits of the 2025 search made in violation of Richman's rights. At least under traditional views of Fourth Amendment standing, Comey would lack standing to object to that search in a motion to suppress. But at a future trial against Comey, if there is one, can the government use the fruits of the 2025 search?

For example, can agents testify at trial as to their recollections of what they saw in Richman's files in the 2025 search? If an agent cut and pasted an excerpt from the Richman files into a separate file— even just a few words—do they need to delete the new file? If they quoted from the files in their notes, do they have to destroy the notes, or at least delete the quote? And outside of trial, can agents use their recollection or notes to get a warrant to search the computers yet again, either just to find what they already found or to look for something new? Maybe these aren't real issues under the facts of this case; the opinions don't tell us enough to say. But I'm not sure what the answers would be.

As always, stay tuned.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Evidence of Plaintiff's Suicide Excluded in Lawsuit Alleging Threats of Prosecution Aimed at Censoring His Posts About High School Girls' Bathrooms

Hide Comments (24)

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Longtobefree 2 months ago

To a non-lawyer, that it took TEN YEARS to figure out the result in United States v. Ganias is the real problem.

Log in to Reply
Old Smokin' Egg 2 months ago

Have there been no pre-computer cases that might've established a precedent?

Suppose, for instance, that in the 1970s, a warrant had been obtained to search the books of a business for evidence of a particular crime. Could the government have photocopied the entirety of the books, and retained those photocopies even after the dismissal of case tht originally led to the search?

Or, going back farther still, suppose that a warrant was issued to search a set of records for evidence of some specific crime. In the course of the search, a government investigator finds evidence of some unrelated crime. Assuming that the set of records was no longer available at a later date, could that investigator's memory of what he'd read be used as evidence in prosecuting that second crime?

Getting away from the subject of written material, suppose that the government had obtained a warrant to search my house for evidence of a certain crime. In the course of the search, could they take numerous photos, covering the interior in detail; and, assuming that nothing came of the original charges, could they retain those photos and later obtain a warrant to examine them for evidence of another unrelated crime?

My own not-a-lawyer thought is that returning the seized digital property necessarily includes destroying any copies made in the course of the warranted search. If the goverment had originally searched paper records and then returned them, the owner would've had the option of editing or destroying them upon their return.

Log in to Reply
ipatent 2 months ago

There are parallels with NDAs in the commercial world. Companies using old templates (sometimes from the 80s!) required return of physical documentation, but overlooked digital documents. Modern NDAs require the receiver to return physical objects and documents, and destroy digital copies. It makes no sense to ‘return’ digital copies, unless they are stored in a physical medium, e.g. a USB drive. If the disclosure has lost the information during the term of the NDA, the receiver has no duty to restore the information on behalf of the disclosure. This is a difference with the criminal context, where information is involuntarily seized, and the disclosure (defendant) may need to be made whole.

It turns out that destroying _all_ copies of digital documents is very hard. Email servers make copies, backup systems make copies, etc. Backups of selected files are difficult to destroy by design. Even so, the discloser wants the recipient to destroy as many documents as reasonably possible, to prevent improper purposeful or inadvertent use of the disclosed information, and prevent outsiders from accessing it, e.g. industrial espionage. Even so, NDAs usually make exceptions for the minimum files “created pursuant to automatic archiving and backup procedures”, and material required to be kept by law or regulation.

In commerce damages for failing to destroy electronic material are related to harm, and if kept material isn’t disclosed, no harm, no foul. There seems to be a parallel in criminal evidence here – the government should attempt to destroy the copies, but if some are kept, perhaps due to backups, then no harm as long as the information remains unused, or if it used, is excluded at trial.

The problem in both circumstances is detection: how does the discloser know the when kept information is improperly used? At the margins, there needs to be an element of trust, either in the parties, or that improper acts will eventually be revealed, and improper acts will be punished accordingly.

Log in to Reply
Daddyhill 2 months ago

Aren't there some chain of evidence issues here? Say the government lawfully seized someone's computer hardware pursuant to a valid warrant. Why shouldn't the government be required to clone the hardware to identical physical devices, not to image the devices into servers or clouds? This would maintain the devices' file systems, operating systems (if any), file and directory structures, and data contents. This would then allow for scrupulous, protocol-driven audits of exactly what was seized, what's in all that, and how the government maintained the integrity of the data while holding them.

After all, if there are imaged drives out there on some number of government servers and clouds, how can anyone know for certain that the data in their custody in 2025 are identical to the data seized during Trump 1.0? Perhaps some new text or new files have been added. Perhaps some of the original files have been lost somehow--perhaps files containing exculpatory evidence. Seriously. How can the government prove that the original dataset has not, in fact, been tampered with over the years? If there is a new case being cooked up against Comey, how would discovery work for his lawyers? All of that would be much simpler to sort out if the government cloned the hardware onto identical devices kept under appropriate seals.

Log in to Reply
1. David Nieporent 2 months ago
  
  1) I'm not sure what you think an image is. They don't just drag a copy of the files on a suspect's computer to a folder on their own laptop that says, "Dan Richman's files," and then play around with it. They create a virtual but exact clone of the device.
  2) What if you can't find "identical physical devices"?
  3) Why would you need a copy of the operating system to use (say) emails on a computer or cell phone as evidence?
  4) Why are you imposing a much higher standard on digital evidence than physical evidence? If the government seizes a bunch of file boxes of documents from a suspect's garage, how does the government 'prove' that no pieces of paper were added or subtracted from those boxes? Answer: they testify that this didn't happen. That's how chain of custody works.
  
  Log in to Reply
  1. Krayt 2 months ago
    
    There are hardware devices to perfectly clone hard drives. We used to make a golden boot for an embedded device, then use the cloning tool, a real piece of hardware, to make two copies to send to the factory.
    
    It operates at the hardware level and is not cognizant of any formatting much less file system.
    
    Log in to Reply
    1. Michael P 2 months ago
      
      Technology doesn't need to be that fancy. A message authentication code (MAC) of sufficient strength can show that a digital copy is true to the original, without needing a substantially identical storage medium. If you're concerned about malicious tampering rather than haphazard changes/corruption, then use a cryptographic MAC (to resist what's called a second preimage attack). SHA-2 and SHA-3 are both good choices that are generally accepted by the US government, but alternatives exist as well.
      
      Log in to Reply
Soronel Haetir 2 months ago

Prof. Kerr,

I would think if they actually have enough to get a new warrant that they would have enough to re-seize current devices and start over. Searching copies the government already has is a far less drastic step.

Log in to Reply
Reason4thinking 2 months ago

Just a thought. The government accessed and copied - in some fashion - a file of files from computer A to its own computer. At that point the government could copy the contents of the single file to another computer under its control and could do so repeatedly. It might even modify the file for forensic purposes. I would think that "return of the original property" would mean that the original file and its associated chain of custody (was the file copied, read, edited etc...all of which are known in a controlled environment) would be provided on physical media to the owner. Whether the government would be required to show evidence that the file is no longer retained in any form is another matter.

The next step in this particular case seems to be easier. The government must "deposit" the files to another entity. That seems to be an easy lift but the term deposit has no meaning in a file transfer regime. Why couldn't the judge have used the more computer adjacent term of "move"? Moving a file is the act of taking data from computer A and moving to computer B. The data is no longer available on computer A. The information is now available for a specific purpose on computer B. And once that purpose is completed the file may be moved to another physical media form that may be returned to the owner.

Log in to Reply
John Mosby 2 months ago

Longtime reader, infrequent commenter, former digital forensic practitioner. My impression of Prof Kerr's scholarship in this area is that digital evidence is qualitatively different, because of its massive size and potential to reveal all kinds of private stuff about a person. So, in the Prof's reasoning, we can't do straight analogies to the physical world.

I have always respectfully rejected this reasoning. Size is the only difference. We should not abandon the precedents and practices that have served us well in 1000 years of search and seizure.

When 1970s coppers served a search warrant and took some physical items for lab work, took Polaroids of other stuff in the house, made sketches of the interior, and just plain remembered what they saw, then wrote lots of reports about it all, and then for whatever reason the case was closed without an arrest, they gave only the physical items back to the property owner. The polaroids, sketches and reports went into the case file forever. The memories stayed in the coppers' brains until death, Alzheimers, or a lot of heavy-drinking nights. If the coppers remembered the multiple sets of man-sized ladies' lingerie in the owner's closet and dined out on that story for years thereafter, oh well. They were lawfully present and the lingerie was in plain view. If some other case came up later and a copper made the connection to the old case, the case file came out of the file cabinet, the old coppers told him what they remembered, and all of those reports, Polaroids, and memories could be used in court against the new suspect. Indeed, all of it could be used against the new suspect even if the coppers had kicked in the first suspect's door without a warrant or exception.

In the digital realm, as another commenter has pointed out, the forensic copy is like the set of Polaroids and crime-scene sketches. Any reports generated by forensic software or AI are like the reports Wojo banged out on his two-finger typewriter, and like the dinner stories of the fat guy's lingerie collection. All of it stays with the cops forever - the original media go back to the owner (or indeed stayed with the owner all along).

Any other rule comes close to the European "right to be forgotten" and would be just as practically unworkable.

Also, like Roe, technology would rapidly overtake the rule. Just like viability happens earlier and earlier in pregnancy as OBGYN tech advances, so will evidence processing get faster and more complex. I am certain that LE agencies even now dump forensic copies from their cases into a "data lake" where AI can find connections within and between cases. I am mildly surprised that did not happen in the case we're discussing here. If you're told to give back all copies of a hard drive, what happens to all the work your AI did in the data lake? Will you even be able to find it all? Will the act of searching for it just ensure "fat guy's lingerie collection from computer imaged at 123 Main St" occurs even more times on your investigative database?

As computer forensics goes beyond (really has gone beyond) isolated analysis of single hard drives to a more Big Data approach, rules like the ones in the instant case will be outmoded.

Does this mean physical analogies apply even less, you may ask? No. Think again of Barney Miller and his boys walking around the house, seeing things, remembering them, and later talking about them with each other, possibly generating leads. That's all forensic software and AI do - just at scale and very fast.

Charlie Chai - JSM

Log in to Reply
1. Orin S. Kerr 2 months ago
  
  John, thanks for the reply. If you're committed to applying the old physical rules, aren't you then stuck with having to search the computers on-site? In the physical world, you're not allowed to take the entire house away, bring it back to the lab, reconstruct it, and keep it there for years and to re-search it. You have to search onsite and if you miss something, that's your tough luck. That rule would be super harsh to the government as applied to the computers, but if you're committed to sticking with physical world rules, that would seem to be the rule you have. Is your view that this is what the law should be? If not, why not?
  
  Log in to Reply
  1. Incunabulum 2 months ago
    
    You are certainly allowed to 'copy' the house in still and video, photocopy the documents, etc.
    
    You can 'take' everything in a physical location without taking anything.
    
    All that can be researched over and over as necessary. That is the 'physical' paradigm we grew up with.
    
    Log in to Reply
    1. John Mosby 2 months ago
      
      Forensic ballistics people often make a model of the house so they can stretch their cool colored strings across the place. Would the model have to be returned or destroyed if the homeowner fusses? CC, JSM
      
      Log in to Reply
    2. Orin S. Kerr 2 months ago
      
      You can take pictures in the house, at least of some things (but see U.S. v. Jefferson, saying that taking photos of documents is seizing the documents, so each picture has to be justified under the plain view exception that would apply to physically removing the documents). But you can't take the actual house. Why should you be allowed to take the actual computer— even, all the digital devices? Courts allow all the computers to be taken away because it's thought that there should be a special rule to account for the practicalities of computer searches. If you don't think computers justify any new rules, then you have to search on-site, right
      
      Log in to Reply
      1. John Mosby 2 months ago
        
        Prof, what about 'indicia of ownership?' Commonly put on search warrants so you can take evidence that shows it really is your suspect's house, he really uses the main object of the search, etc.
        
        Everything on the computer would qualify as indicia of ownership, wouldn't it?
        
        I mean, if the suspect fights hard enough: "that's not my computer." "but all these pictures of you are on there." "I didn't take the pictures, by definition." "but all your financial records are on there." "maintained by my accountant; can you prove it's not her computer, that she happened to have left here when we met to discuss financial strategies?" "but your diary is on there." Etc., etc. You may need every single thing on that machine to either compel a plea or persuade a skeptical jury. Hence, image the whole bloody thing. And put it in the data lake. CC, JSM
        
        Log in to Reply
        
        John Mosby 2 months ago
        
        We also haven't had a big case where unsearched bits of the computer later turned out to be relevant to another, bigger crime, which we failed to prevent. Terrorism, baby-raping, etc.
        
        How long would any rule last if we had a Dahmer or Gacy or hijacking gang that was investigated for some fraud or something, yet we deliberately avoided searching all their records?
        
        Kind of like the Gorelick Wall. CC, JSM
        
        Log in to Reply
        
        Orin S. Kerr 2 months ago
        
        Re your "we haven't had a big case" comment, I literally wrote a book on this, so I'll defer to what I say in the book.
        
        Log in to Reply
        
        Soronel Haetir 2 months ago
        
        And I've seen pieces about zombie tor networks that actually do use unwitting people's computers for storage.
        
        Log in to Reply
        
        Orin S. Kerr 2 months ago
        
        John, I'm not sure what you're asking.
        
        If you're asking for the current cases on warrant particularity for computer searches that relate to indicia of ownership, you should follow the en banc proceedings in United States v. Holcomb on that.
        
        But I'm not sure what that has to do with allowing the government to seize the whole computer; there's no rule that you can take an entire house away to search it for indicia of ownership.
        
        Log in to Reply
        
        John Mosby 2 months ago
        
        Can you take away the entire contents of a physical file cabinet on the indicia-of-ownership theory? For that matter, the cabinet with it, so you can process it for the suspect's prints?
        
        Speaking of Gacy, his entire house was demolished in the search for young men's remains. The physical paradigm allowed for all sorts of extremes. Why isn't the hard drive one of those extremes? CC, JSM
        
        Log in to Reply
        
        John Mosby 2 months ago
        
        Bodycams. Nowadays we want cops to have a bodycam on and recording for every citizen interaction. Certainly for warrant service. Four coppers search the house - you'll have four lengthy sets of video, which preserve all kinds of REP stuff - the state of my housekeeping and cleanliness, my embarrassing Spanish cacadores collection, etc. Can I force the cops to destroy all that video? Don't the cops have lots of arguments to keep it forever: training/discipline needs, use in future lawsuits or prosecutions of the officers (and not even for my case - maybe in a totally unrelated case, the PD wants to establish their SOP in court by showing a bunch of old warrant-service videos), etc? Maybe one of the cops was muttering racial slurs under her breath the whole time and someone needs that evidence in a later case? CC, JSM
        
        Log in to Reply
  2. John Mosby 2 months ago
    
    Prof, you can image the computers on site. It’s the preferred method for a lot of examiners - for one thing, you save all the rigmarole of entering the original computers into your evidence vault and books, only to take them right out. I never liked imaging on site because there is always something you didn’t bring from the lab. But if that is to be the one thing that saves the old ways, so be it. Some agents can stay in the house while I go back and get the necessary connector or power supply. CC, JSM
    
    Log in to Reply
Incunabulum 2 months ago

What if the government had a photocopy of seized paper files?

The original paper could be returned but the copies are not the property of the person the paper was seized from.

Log in to Reply
John Mosby 2 months ago

Another weird computer search thing I grew up with: defendants claiming you can’t search folders with irrelevant names.

As if a drug dealer has never kept his stash in a shoebox labeled “cat treats.” CC, JSM

Log in to Reply

Please log in to post comments

The Volokh Conspiracy

Searching Old Digital Haystacks: Some Thoughts on the Richman v. United States Litigation

Latest

Brickbat: Luck of the Draw

Politicians Want To Avoid Reforming Social Security and Medicare. You Will Pay the Price.

The U.S. House Just Voted To Stop Trump's 'Emergency' Tariffs on Imports From Canada

Epstein Files: FBI Tracked Down Anonymous 4chan Conspiracy Theorist

What a $500 Billion Fraud Reveals About Our Broken System

Recommended

Login Form

The Volokh Conspiracy

Latest

Brickbat: Luck of the Draw

Politicians Want To Avoid Reforming Social Security and Medicare. You Will Pay the Price.

The U.S. House Just Voted To Stop Trump's 'Emergency' Tariffs on Imports From Canada

Epstein Files: FBI Tracked Down Anonymous 4chan Conspiracy Theorist

What a $500 Billion Fraud Reveals About Our Broken System

Recommended

I WANT FREE MINDS AND FREE MARKETS!

I WANT TO FUND FREE MINDS AND FREE MARKETS

SUPPORT HONEST JOURNALISM

PUSH BACK

HELP KEEP MEDIA FREE & FEARLESS

STAND FOR FREE MINDS

PUSH BACK AGAINST SOCIALIST IDEAS

FIGHT BAD IDEAS WITH FACTS

BAD ECONOMIC IDEAS ARE EVERYWHERE. LET’S FIGHT BACK.

JOIN THE FIGHT FOR FREEDOM

BACK JOURNALISM THAT PUSHES BACK AGAINST SOCIALISM

FIGHT BACK AGAINST BAD ECONOMICS.