Reforming the legal regime for search and seizure of computer data
Currently, there are no clear limits on the analysis of data on computers in criminal investigations. Limits for data analysis may be desirable considering the privacy infringement that occurs when information on computers is seized and analysed.
On 6 June 2014, the Dutch Ministry of Security and Justice published several ‘discussion documents’ about reforming Dutch criminal procedural law. Of particular interest to this blog post is the document relating to search and seizure (in Dutch). The authors of this discussion document suggest amending the legislation with regard to the search and seizure of data on computer systems. In my view, that is a very good idea considering the old-fashioned approach we now have towards search and seizure of computer systems.
Computer systems as regular objects
In 1993, the Dutch legislator decided to treat computer systems as regular tangible objects which can be seized and subsequently analysed for evidence gathering purposes in criminal investigations. The reason for this is that data in itself cannot be seized in a criminal investigation, because data can be copied, whereas only tangible ‘goods’ can be taken out of the possession of the owner. Although data cannot be copied, the data carrier can be seized like all other goods. The regular rules for search and seizure of goods are applicable for data carriers (computers). Similar to the seizure of a bloody baseball bat in a murder investigation, computers can be seized and indefinitely analysed for evidence. Such an analysis to ‘ascertain the truth’ of what happened by analysing computer systems in a murder investigation is not far-fetched, as this case shows in which the intent to commit a murder was proven by analysing the search history of the personal computer of the suspect.
Considering the modern software tools which law enforcement authorities can utilise to analyse data on computers, it is easy to imagine that such a search may heavily infringe on an individual’s right to privacy. Perhaps it is time to amend the legislation for search and seizure of computers. Indeed, the authors of the discussion document recognise that “taking knowledge and securing stored e-mail correspondence, photos and videos, personal notes and internet search history” can heavily interfere with the personal lives of the individuals involved. “In comparison”, the authors state, “the seizure of all photo albums, video tapes, is soon deemed disproportional” (see p. 37). Possibly, specialised software can filter out information and thus limit the privacy infringement that occurs.
Location based legal regime
Currently, which conditions apply for the seizure of computers and subsequent analysis of data depends on the location at which the computer is located. If the computer is located (a) on public streets or a vehicle, law enforcement officials can seize the computer, (b) in an office building, a public prosecutor can give the order to seize a computer and (c) in a residence, an order from a public prosecutor and a warrant from an examining judge is required (leaving out exceptions to these rules). One could wonder: is this differentiation correct? Does a different privacy infringement occur when the information on a computer is analysed, depending on the location at which the computer is seized? I think not. I think in all circumstances a serious infringement of the right to privacy occurs when computers are seized and individuals must be adequately protected against the arbitrary interference of the government in their private lives.
How to deal with privileged communications, chain of custody, etc.
The discussion document also raises other important issues relating to the search and seizure of computers systems. The authors rightfully point out that regulations are possibly required to make sure that (a) privileged communications cannot be accessed by law enforcement officials, (b) the regulations for the seizing of letters also applies to digital communications and (c) more attention is required for the regulations regarding the ‘chain of custody’ when data is analysed (see p. 42-49). Clearly, digital forensic investigators can also contribute to better regulations for the search and seizure of computer data in criminal investigations.
Hopefully, we will soon be able to read more observations regarding the discussion documents online, in order to further the debate about the necessary reforms in criminal procedure law!