February 24, 2004

Cyber Search Abuses

Samizdata has a useful article highlighting an amazingly broad search that resulted in the seizure of an entire data center. The problem is that there are likely many innocent users who were not included in the search but who are likely going to have their personal and corporate secrets put under government scrutiny based on the coincidence of being in the same 'data neighborhood' as an accused criminal.

Here's my comment on the Samizdata board:

The unanswered question here is how much of an obligation to the innocent does the FBI have to not interrupt their daily activities. I think that this duty is quite large and there were technical measures that the FBI could have taken to lessen the disruption to innocent parties.

In a seizure of this nature, I certainly could see taking a server off-line for a couple of hours, copying its drives, and putting it back up. I think that the police should have an estimate of the order of magnitude of data that needs to be copied and that they have a requirement to bring sufficient rapid copy data storage on site when they execute such warrants so that such copies can be made.

I further believe that the FBI should not have access to the data thus copied. I believe a judge should be appointed (not the original search warrant judge) and should grant access based on user permissions with each account being a separate warrant. XYZ account did this? sure, you get access to all data he had read/write/execute permissions on. ABC account isn't on the original warrant, you have to make a new probable cause presentation before you see the first byte. Once the crime is adjudicated, dropped, or a certain time limit passes the data in state custody has to be wiped.

Thus, the search fails in two ways. It was unnecessarily crude in inconveniencing the innocent and thus, unreasonable. It is also broad beyond imagining, a classic updating of the old colonial area searches that created the 4th amendment in the first place.

No doubt there is a crying need for legislative intervention to manage this properly.

Posted by TMLutas at February 24, 2004 02:30 PM