In re Three Hotmail Email Accounts: [Redacted]@hotmail.Com [Redacted]@hotmail.Com [Redacted]@hotmail.Com Belonging to
Decision Date | 28 March 2016 |
Docket Number | CASE NUMBER: 16-MJ-8036-DJW |
Parties | In the Matter of the Search of premises known as: Three Hotmail Email accounts: [redacted]@hotmail.com [redacted]@hotmail.com [redacted]@hotmail.com Belonging to and Seized from [redacted] |
Court | U.S. District Court — District of Kansas |
The United States has submitted an Application and Affidavit for Search Warrant ("Application") pursuant to 18 U.S.C. §§ 2703(a), 2703(b)(1)(A), and 2703(c)(1)(A) requiring an electronic communication services provider ("Email Provider"), to disclose copies of electronic communications, including the content of email and other account-related information, for the email accounts ("target email accounts") identified in the Application. Here, the Email Provider is Microsoft Corporation. In the affidavit in support of probable cause, the government alleges that the target email accounts were utilized to obtain, crack, and facilitate the distribution of illicit versions of proprietary software, in violation of 18 U.S.C. §§ 371 (conspiracy), 1029 (access device fraud), 1030 (computer intrusion), 1343 (wire fraud), and 2319 (copyright infringement). The Application seeks a search warrant to obtain ESI in each target email account from Microsoft in its search for fruits, evidence and/or instrumentalities of the violation of those laws. For the reasons discussed below, the Application for search warrant is denied without prejudice.
The proposed search warrant is structured to identify two categories of information: (1) information to be disclosed by an Email Provider to the government under 18 U.S.C. § 2703, and (2) information to be seized by the government. The first section of the warrant orders Microsoft (the Email Provider) to disclose to the government copies of the following records and other information, including the content of the communications, for each account or identifier associated with the target email accounts:
The second section of the proposed warrant provides:
For clarity, the Court needs to define or more fully define some terms that will be used throughout this Memorandum Opinion. As this opinion focuses on a warrant for email, the Court will use the term "electronically stored information," or "ESI" for short, to describe the allof the possible information that may be found in an email account. This obviously includes the email communications themselves, but it also includes any other digital data that may reside, or is associated with, the email account, such as contact lists, chat transcripts, calendars, pictures, and files. Basically, anything that can be stored in an email account falls under this umbrella term. The Court will also be using the terms ex ante and ex post, which mean before and after, respectively. Magistrate judges decide ex ante because the facts of the case have not developed—indeed, no case has been filed other than the request for the warrant. District judges decide ex post because the facts of the case have developed already, as the search warrant has been executed. This Court will speak of "ex ante instructions," which simply means a set of instructions—which may contain conditions, limitations, restrictions, or guidelines—given before the warrant is approved but which govern the warrant should it be approved. Similarly, the Court will use the term "search protocol," which is a document submitted by the government explaining to the Court how it will conduct its search of an individual's ESI. A search protocol may set forth how the government will search the ESI, the search software used, the keywords for which the government will search, or what the government will do with ESI that falls outside the scope of the warrant (such as returning or destroying it). Importantly, a search protocol is to inform the Court as to how the government intends to search the ESI. A search protocol may be required as part of a court's ex ante instructions.
Finally, the Court will also be referring to "imaging," which in the technological sense to which the Court is referring means making an exact, duplicate copy—the result of which is an "image." Law enforcement commonly images a seized hard drive in order to perform a search of the data at their forensic lab. This allows the individual to retain the computer or device(assuming they have not been arrested) and allows the government to retain an exact copy of the device as it existed in that particular moment.
The Application seeks authorization to obtain from and search the ESI contained in the email account of a particular customer (suspect) of Microsoft pursuant to the Stored Communications Act of 1986 ("SCA").2 In the email context, a government entity may require an Email Provider to disclose the contents of a wire or electronic communication that has been in electronic storage for 180 days or less pursuant to a warrant issued in compliance with the Federal Rules of Criminal Procedure.3 For contents stored for more than 180 days, the statute authorizes a government entity to require an Email Provider to disclose the contents of the communications under the procedures outlined in subsection (b).4 Section 2703(b)(1)(A) authorizes a government entity to require a provider of remote computing services to disclose the contents of any wire or electronic communication without notice to the subscriber or customer if the government obtains a warrant issued pursuant to the Federal Rules of Criminal Procedure.
Federal Rule of Criminal Procedure 41 governs searches and seizures. In 2009, Rule 41 was amended to address ESI. Rule 41(e)(2)(B) sets forth a two-step procedure ("Two-Step Procedure") for warrants seeking ESI. On Step One, "officers may seize or copy the entire storage medium;" on Step Two, officers can review—i.e. search—that copy later "to determinewhat electronically stored information falls within the scope of the warrant."5 This process is necessary because "computers and other electronic storage media commonly contain such large amounts of information that it is often impractical for law enforcement to review all of the information during execution of the warrant at the search location."6
Importantly, however, the Advisory Committee notes: "[t]he amended rule does not address the specificity of description that the Fourth Amendment may require in a warrant for electronically stored information, leaving the application of this and other constitutional standards concerning...
To continue reading
Request your trial