Cyber-forensics: How the 4th and 5th Amendments "fit in"
Crimes have been evolving throughout our history, as there are new secure ways created to protect the society, the criminals are getting smarter in breaking these new ways. Society till the late 19th century consisted of all physical items such as paper files, lockers, hard money. Every single person tried to hide their important documents, and new ideas were made to make these physical items secure. If a crime was committed, there was always a boundary set and it was clear on what areas need to be focused on the warrant. Crime scenes could have been expanded, but not until computers were introduced and the boundaries and the scope of the crime scene got much larger. Throughout the years, the computer has evolved and everyone using these devices has evolved. In the society today, everyone has a smartphone, laptop, etc. and have filled their lives with smartphone devices. All these devices are connected and include all the files and information about a user either in the device itself or on a cloud. As the inventors got smarter making these devices and securing these devices so did the criminals, which evolved the idea of a crime and the boundaries of a crime scene. Today, we can have hacks from all around the world, and the data can be anywhere. The problem that the law faces today is on how many jurisdictions they have regarding these devices and in searching these devices. This paper focuses on how the fourth and fifth amendment in the current legal system can be applied to the new digital era.
What is the Fourth Amendment?
The fourth amendment was created by the founding fathers to limit the government’s power into searching private homes for evidence relating any crimes. The founding fathers banned general warrants to ensure that all searches or seizures were reasonable and that a warrant could specifically describe what areas could be searched and what person or items could be seized. When an investigator with a warrant enters a home he enables the “search” from the fourth amendment, due to the invasion of the expected privacy of the individual. The search can be as specific as the warrant states or as general. When an investigator is at someone’s house, he is in an open area to look around and to open any sorts of doors or cabinets it needs to be specified in the warrant. The act of taking away any property or evidence from a crime scene enables the “seizure” from the fourth amendment. When the investigator is at the individual's home he can seize any evidence that is stated in the warrant or any items that are in plain view (Kerr 2005).
Fourth Amendment and Digital Crime
The major issue that arises with the fourth amendment is the use of the amendment with the digital crimes taking place today. To understand the connection, Kerr analyzes the first step to compare computer just as a home or any sealed container. A computer consists of a hard drive, which has the contents of one person’s documents, history, pictures etc. Kerr states, “Just as an individual generally has a reasonable expectation of privacy in his home and his packages, so too should he have a reasonable expectation of privacy in the contents of his personal hard drive” (Kerr, 2005, pp 549). The hard drives on a person’s computer is his private property, and the “fourth amendment applies to computer storage devices just as it does to any other private property” (Kerr, 2005, pp549).
This first step provides a good start for accessing the information on a computer and provides that all computer searches do require an actual warrant. Kerr raises questions after this and the first question he states is, “if the general process of accessing information on a computer can constitute a search, at exactly what stage does the search occur – when the hard drive heads read the data from the drive, when the computer collects the data, when the analyst can see the data, or at some other point?” (Kerr, 2005, pp550). The process of searching through a person’s hard drives means to first copy the data. Then the data that is shown is usually packaged and “heavily processed” version to the user. The analyst or investigator is performing series of actions just to see the data, but would that count that data as searched? Kerr defines the search to have occurred when the data is actually seen by the observer on the screen and not when the data is copied.
The second question Kerr, (2005). focused on was concerning the scope of a research: when the investigator finally is accessible to the data from the hard drive, how much of the data can be searched? As its recalled, when there is a search in the house it does not mean that the whole house can be searched, the search is only allowed for anything visible or allowed by a warrant. A hard drive can be just the physical box or can contain many files in different directories or registries. Since a computer contains many files, Kerr states, “the virtual file approach is clearly preferable. Computers are searched to collect the information they contain. When assessing how the Fourth Amendment applies to the collection of information, courts should focus on that information rather than the physical storage device that happens to contain it.”(Kerr, 2005, pp556). Since the information can keep on going deeper and into more files, we should count as whatever being accessible on a hard drive as a valid search, even if an investigator has to click on the file to see it. There have been in many cases in the law system, where this question has not been fully answered, but it should be as simple as all the data shown in the output system to be a valid search. (Kerr 2005). There is still a large way to go to find what could be a search and the scope and the extent you can go to a digital crime. There are networks, information’s, on the server, printer spools, etc. to how far an investigator can go is still not fully defined but the investigator should be allowed to use all the information that is visible.
Regarding the seizure aspect of the fourth amendment, the biggest question that arises is the original and the bitstream copy. How many copies can be made? In the physical world, the investigators need to take the evidence away to keep it. In the digital world, investigators can create as many copies as they would like, and since creating copies are not technically search or seizures, the investigators can copy without fourth amendment limits. This could be troublesome since a lot of the data on the hard drive can be copied into various computers and various government employees can have access to that data. This could be an invasion of the privacy since anyone with the authority can access the copies. This would result in seizure encompassing the copies, but also simply using the computers for investigators. The next question arises on the duration of the seizures for each copy. As Kerr 2005 states, “Existing Fourth Amendment doctrines often consider the duration of a seizure when determining its reasonableness.'38 This makes sense for physical property: the time period of the seizure reflects how long the owner has been deprived of his property. But if generating a copy constitutes a seizure, how long is the data seized? Until the data is erased, perhaps? This would be a difficult rule; as explained earlier, deleting files normally does not mean they are actually destroyed” (Kerr 2005). The copies being kept on the government's computer can be a violation of the fourth amendment as well since there can be a time limit for physical evidence, but the copies on the computers stay forever.
What is the Fifth Amendment?
Clemens (n.d) states that “The U.S. Constitution’s Fifth Amendment privilege against self-incrimination prevents the government from compelling a person to decrypt or reveal the private key to decrypt her electronic documents absent two circumstances.” (Clemens, n.d, pp 2). The fifth amendment provides anyone away not self-incriminate ourselves and holds the government accountable for any evidence that is in violation of the fifth amendment.
Fifth Amendment and Digital Crime
The issue of the fifth amendment in the digital world takes place from encryption. Encryption is basically the process of turning data into code to prevent from unauthorized access. For security reasons, many users have encrypted their data on their computers to be more secured. This makes it much more challenging for investigators since they do not have the key to access the information. The password is kept by the user. Are these passwords covered by our rights of the fifth amendment? One way we can access these files is to provide immunity to the user, so they do not provide any information through those files that can cause damage. Immunity is not necessarily needed if investigators can pass the fisher test in determining whether the production of these documents can self-incriminate the user. As Clemen (n.d.) states, “under Fisher, the government can compel message decryption or private key production only where it proves that the requested document or private key: (1) exists; (2) was possessed, located or controlled by the person it is requested from; and (3) will not have its authentication assisted by this decryption or production.” (Clemens, n.d., pp12). The decryption can be asked if the three steps are followed so the investigators stay within their fifth amendment rights and so does the user. The user is still defended by their fifth amendment rights throughout the digital crime.
The society today consists of computers all around with all of their information and data on it. The possibilities are endless since people are not bound by physical space such as paper, file drawers etc. Also, all of these devices are password protected and in some cases encrypted. This drastic change in technology is becoming extremely hard for investigators, since the scope, the size of the investigation increased and in understanding the limit of the search. The fourth and fifth amendment are still protecting the users under investigation, and provide a platform of security to all users. A proper standard should be created for or digital crimes and the current legal system, but since the progress of technology is so fast the integration of the two will take some time. The incorporation of the fifth and fourth amendment is really crucial to the digital world so everyone in our society has the rights and privacy they deserve.
· Clements, Aaron M. (n.d.) "No Computer Exception to the Constitution."
· Kerr, S. Owen. (2005). Searches and Seizures in a Digital World. In the Harvard Law Review. (Vol. 119, No. 2, pp 531-585).
Retrieved from http://www.jstor.org/stable/4093493
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!