I blogged last week about the Second Circuit’s important decision in United States v. Ganias, on the ‘right to delete’ seized computer files. A prosecutor I know sent me a thoughtful e-mail responding to the decision. I asked the prosecutor if I could post the e-mail (as it was intended just for me), and I received that permission. Here it is, with my thoughts added at the end:

Ganias presents many interesting problems. As the court recognizes, when agents execute a warrant for paper documents, they generally seize only the documents called for in the warrant and leave the rest behind. In circumstances in which it is not practical to search on site, the law permits them to haul off all the records and review them later. However, even in that case, once they have conducted the search, they return the documents that the warrant does not cover. That paradigm does not work with a computer or other digital storage media. We cannot cut off a piece of the physical hard drive. Even if we could, data is not stored contiguously on the medium. Thus, we keep the entire box of documents in the digital case, while we would have returned many of them in the physical case and they would no longer be subject to our examination.
Preliminarily, I see three scenarios. In the first, the case is over and the files are closed, but the government keeps the hard drive, or a forensic image of it. In the second, as in Ganias, the government seizes the drive (in Ganias it was really the contents), and keeps them while the investigation is continuing. During that time, the government realizes that it has a potential source of evidence for a different matter, and obtains a new search warrant for the media. In the final scenario, the government seizes the drive, searches it, and charges the case. Then in preparation for trial (or even during the trial), it re-searches the drive for evidence relevant to the initial investigation.
All of these scenarios result from the fact that, unlike the paper search cases, we still have the entire trove of material that we hauled off at the beginning. Ganias also highlights we are not concerned so much with the ownership and possessory interest in the physical computer as we are with the ownership, possession, and privacy of the information that it contains.
Scenario One is the hardest to justify. Once a case is over, there is no reason for the government to keep all the evidence seized. That would mean that hard drives should be returned or destroyed when the file is closed.
Scenario Two is Ganias. I find it troubling because, as in Scenario Three, there are legitimate reasons for the government to retain the hard drive. The court refers to the “evidentiary chain of custody” in a dismissive way. However, a trial challenge to the forensic search may require both sides to examine the seized hard drive to demonstrate their points. We have had several child pornography cases in which the defense brought in an expert to examine the seized drive. In a few cases, the defense expert has testified. If we have destroyed the forensic image, how can the defense mount its challenge and how can the government respond to it. Indeed, would this be one of those cases in which the government can be charged with destroying evidence that is likely to be exculpatory? Ganias is dismissive of this very real need.
It is not clear how long is “too long” from the opinion. If the government had realized within the first 90 days that the person from whom they seized the drive was a suspect in other crimes, would the Court have reached the same conclusion? Is it the length of time, or the fact that it is a different investigation that makes the difference here? If it were the different investigation, would the court uphold a second search warrant after the government returned the computer to the owner? (Courts recognize that computers hold data for very long periods and that staleness is not usually an issue with evidence stored on computers. See, e.g., United States v. Seiver, 692 F.3d 774 (7th Cir. 2012).) If so, then is the court talking about a constitutional right to destroy evidence in the interim.
Scenario Three may still be proper under Ganias, since the court opined that what distinguished the Ganias search was the fact that the agents were searching the computer for a different case. If we seized physical evidence, the courts have generally held that we can go back and re-search it later. United States v. Burnette, 698 F.2d 1038, 1049 (9th Cir.1983); United States v. Pace, 898 F.2d 1218, 1243 (7th Cir. 1990); Thomas v. Hungerford, 23 F.3d 1450, 1453 (8th Cir. 1994). The rationale has been that once the police have lawfully seized and searched an item, subsequent warrantless searches of that item are lawful so long as the item remains in the police’s continuous possession. Indeed, imagine a violent crime case in which the police seize a pair of pants to search the pockets and because they fit the description of the perpetrator. There is little doubt that the police could reexamine the pants later to test them for DNA, whether the DNA was needed for the original crime or to investigate a different one.

A quick response from me (that is, Orin Kerr):

A simple rule to deal with this problem would be that the government cannot obtain a second search warrant to search contents seized under a first warrant. Under this rule, the government would be allowed to go back and search the computer again under the first warrant but could not use the fact that it happens to have the target’s unrelated stuff in its possession as a way of facilitating a second search. This would be the sensible way to implement the underlying concern that the government has every temptation to use the initial overseizure as a way to gain possession and then preserve unrelated evidence. Under the inevitable discovery rule, the exclusionary rule would not apply if the government searched the seize computer under a second warrant when it could prove by a preponderance that the evidence sought in the second warrant would have been obtained elsewhere. Perhaps the courts could incorporate that principle into the rule, so that a second warrant could be obtained generally in those circumstances.

I suppose the underlying question is this: Is the real problem here that the government has overseized and is taking unfair advantage of having extra stuff available to it, or is the real problem only that too much time has elapsed before the government is taking that advantage? Imagine the same case as Ganias except that the government developed probable cause for the second crime just a few days after executing the first warrant. Should that case come out differently? And if it could come out differently, is that because we intuit that the information for the second warrant likely is still be available on the original hard drive or because we think that the government’s seizure did not go on for so long as to become unreasonable? I can certainly understand the Second Circuit’s doctrinal reliance on the time that the copy was retained. The duration of a seizure is a traditional component of its reasonableness, so time was a ready doctrinal hook. At the same time, I’m not sure that it makes sense for the rule to focus on the time element. Either way, really interesting questions.