I’ve been doing a bit of research into the subpoena, search, custody, and disposal of electronically stored information (ESI). Part of this comes in the normal course of doing business as a Chief Information Security Officer, while part comes from my natural passions for information security and the law. The reality that casting a wide net and the subsequent over-seizure of electronic data when dealing with ESI is unavoidable. Recently, directions have been given to courts to be more vigilant and to strike the right balance between law enforcement interests and the rights of individuals to be free from unreasonable searches and seizures.
In attempting to find this balance, the decision [United States v. Comprehensive Drug Testing, Inc., No. 15-10067 (9th Cir. Aug. 26, 2009)] establishes the following procedures for cases in which the government seeks a search warrant or subpoena for ESI:
- Magistrates should insist that the government waive reliance upon the plain view doctrine as a condition of the warrant—a search warrant listing particular ESI is not a blanket license to search every directory in a company’s file system simply because interesting information might be found there.
- Segregation and redaction must be performed either by specialized governmental personnel not otherwise involved in the investigation or by an independent third party, with a presumption in favor of an independent third party in cases where the subpoena recipient and others whose privacy interests may be threatened are not suspected of any crime.
- The theoretical risk of information loss does not support an immediate warrant. A request for a warrant or subpoena on an urgent basis must disclose an actual risk of destruction of information as well as prior efforts to seize that information in other judicial fora before the court will permit emergency wholesale seizure. A “lack of candor” in this area will “bear heavily against the government” in any follow-on proceedings.
- The government’s search protocol must be designed to uncover only the information it has probable cause to seek, and only that information may be examined by case agents.
- The government must destroy or return the non-responsive information – including the original physical media seized – and provide the issuing magistrate with a sworn certification that it has destroyed or returned the information required.
This evolution in E-Discovery will no doubt force government agents to rethink their practice of sweeping up hundreds of thousands of electronic records from businesses for further inspection by the investigating agents. Moreover, in addition to compelling the government to adjust the manner in which it gathers and handles evidence, there is a strengthening of the business community’s ability to legally challenge government data sweeps, prior to any charges having been brought, through judicial intervention pursuant to the Federal Rules of Criminal Procedure.
It is obvious to me that retaining verifiable information security experts, and or truly technologically savvy experts is an absolute must for the prosecution if they want to surgically get to the needle lost in the electronic haystack. The defendant should also retain competent information security and technology practitioners if they want to stay ahead of the litigation threat.
For further information, please read the original case history here: http://www.ca9.uscourts.gov/datastore/opinions/2009/08/26/05-10067eb.pdf
or this interesting article: http://www.mayerbrown.com/publications/article.asp?id=7498&nid=6
I bet you will start seeing an uptick in Juris Doctor enrollment by the information security community. That is my plan and I am sticking to it!