It is a well-known maxim that “bad facts make bad law.” And as anybody even casually browsing social media this week likely has seen, the incredibly tragic facts surrounding the San Bernadino attacks last December have led to a ruling that jeopardizes the privacy rights of all law-abiding Americans.
First, it is important to clearly understand the ruling. After the horrific attack in San Bernadino on December 2, 2015, the FBI seized and searched many possessions of shooters Syed Rizwan Farook and Tashfeen Malik in their investigation of the attack. One item seized was Farook’s Apple iPhone5C. The iPhone itself was locked and passcode-protected, but the FBI was able to obtain backups from Farook’s iCloud account. These backups stopped nearly six weeks before the shootings, suggesting that Farook had disabled the automatic feature and that his phone may contain additional information helpful to the investigation.
Under past versions of iOS, the iPhone’s operating system, Apple had been able to pull information off of a locked phone in similar situations. However, Farook’s iPhone—like all newer models—contains security features that make that impossible. First, the data on the phone is encrypted with a complex key that is hardwired into the device itself. This prevents the data from being transferred to another computer (a common step in computer forensics known as “imaging”) in a usable format. Second, the iPhone itself will not run any software that does not contain a digital “signature” from Apple. This prevents the FBI from loading its own forensic software onto Farook’s iPhone. And third, to operate the iPhone requires a numeric passcode; each incorrect passcode will lock out a user for an increasing length of time, and the tenth consecutive incorrect passcode entry will delete all data on the phone irretrievably. This prevents the FBI from trying to unlock the iPhone without a real risk of losing all of its contents.
As Apple CEO Tim Cook has explained, this system was created deliberately to ensure the security of its users’ personal data against all threats. Indeed, even Apple itself cannot access its customers’ encrypted data. This creates a unique problem for the FBI. It is well-settled that, pursuant to a valid search warrant, a court can order a third party to assist law enforcement agents with a search by providing physical access to equipment, unlocking a door, providing camera footage, or even giving technical assistance with unlocking or accessing software or devices. And, as the government has acknowledged, Apple has “routinely” provided such assistance when it has had the ability to access the data on an iPhone.
But while courts have required third parties to unlock doors, they have never required them to reverse-engineer a key. That is what sets this case apart: to assist the government, Apple would have to create something that not only does not exist, but that it deliberately declined to create in the first instance.
On February 16, Assistant U.S. Attorneys in Los Angeles filed an ex parte motion (that is, without providing Apple with notice or a chance to respond) in federal court seeking to require Apple to create a new piece of software that would (1) disable the auto-erase feature triggered by too many failed passcode attempts and (2) eliminate the delays between failed passcode attempts. In theory, this software is to work only on Farook’s iPhone and no other. This would allow the FBI to use a computer to simply try all of the possible passcodes in rapid succession in a “brute force” attack on the phone. That same day, Magistrate Judge Sheri Pym signed what appears to be an unmodified version of the order proposed by the government, ordering Apple to comply or to respond within five business days.
Though Apple has not filed a formal response, CEO Tim Cook already has made waves by publicly stating that Apple will oppose the order. In a clear and well-written open letter, Cook explains that Apple made the deliberate choice not to build a backdoor into the iPhone because to do so would fatally undermine the encryption measures built in. He explains that the notion that Apple could create specialized software for Farook’s iPhone only is a myth, and that “[o]nce created, this technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key . . . .”
This has re-ignited the long-standing debate over the proper balance between individual privacy and security (and the debate over whether the two principles truly are opposed to one another). This is all to the good, but misses a key point: Judge Pym’s order, if it stands, has not only short-circuited this debate, it ignores the resolution that Congress already reached on the issue.
Indeed, a 1994 law known as the Communications Assistance for Law Enforcement Act (“CALEA”) appears to prohibit exactly what the government requested here. Though CALEA preserved the ability of law enforcement to execute wiretaps after changing technology made that more complicated than physically “tapping” a telephone line, it expressly does not require that information service providers or equipment manufacturers do anything to open their consumers to government searches. But instead of addressing whether that purpose-built law permits the type of onerous and far-reaching order that was granted here, both the government and the court relied only on the All Writs Act—the two-century-old catch-all statute that judges rely on when ordering parties to unlock doors or turn over security footage.
Though judges frequently must weigh in and issue binding decisions on fiercely contested matters of great importance, they rarely do so with so little explanation, or after such short consideration of the matter. Indeed, when the government sought an identical order this past October in federal court in Brooklyn, N.Y., Magistrate Judge James Orenstein asked for briefs from Apple, the government, and a group of privacy rights organizations and, four months later, has yet to issue an opinion. Yet Judge Pym granted a similar order, without any stated justification, the same day that it was sought.
An order that is so far-reaching, so under-explained, and so clearly legally incorrect is deeply concerning. And yet, but for Apple’s choice to publicize its opposition, this unjustified erosion of our privacy could have happened under the radar and without any way to un-ring the bell. Fortunately, we appear to have avoided that outcome, and we can hope that Apple’s briefing will give the court the additional legal authority—and the additional time—that it will need to revisit its ruling.
Despite the old saying “the customer is always right,” the law places limits on customer service in the casino industry. Normandie Casino has found this out the hard way. The operator of the casino has agreed to plead guilty to charges that it violated anti-money laundering provisions of the Bank Secrecy Act, according to a Department of Justice press release.
Normandie Casino is one of the few remaining family-owned casinos in the country and one of the original card clubs in California. In the 1980s, the casino expanded its offerings and now features Seven-card Stud, Texas Hold-em, Five-card Draw, Blackjack, Pai Gow Poker, and Super 9, among other games and entertainment.
However, amid all these offerings, it appears the casino failed to consistently observe the banking regulations. Under the Bank Secrecy Act, casinos are required to take measures to prevent criminals from using the casino for money laundering. In particular, casinos must report transactions involving more than $10,000 by any one gambler in a 24-hour period.
Under the agreement with the Department of Justice, Normandie Club, which operates Normandie Casino, has agreed to plead guilty to two felony offenses. In the agreement, Normandie will admit that the casino used independent gambling “promoters” to locate high-rollers. Once the high-rollers were at the casino, high-level employees would help the high-rollers avoid transaction reporting requirements. Normandie would use the name of the promoter on the Currency Transaction Report, rather than the high-roller, and also structure the payments to make them appear to fall under the federal transaction reporting requirements.
Normandie has agreed to pay a $500,000 fine per charge, for a total of $1 million, plus the casino will forfeit the nearly $1.4 million it received in 2013 when failing to file accurate Currency Transaction Reports.
While the casino industry runs on making its customers happy, the casino must also do so within the bounds of the law. Gamblers may seek anonymity, but casinos cannot guarantee this to high-rollers who are making significant transactions.
As a matter of course, federal prosecutors often pile on charges in order to strong-arm defendants into entering a favorable guilty plea quickly. Those who exercise their jury trial right and put the government to its proof often receive harsh sentences based on these overreaching indictments. But last week, a federal judge in Oklahoma took a rare stand against this practice.
United States v. King, a fifty-nine-defendant prosecution, appeared to be following the typical pattern. Though the only unlawful conduct seemed to be violations of the payment-processing provisions of the Unlawful Internet Gaming and Enforcement Act (“UIGEA”), the government had charged the defendants with gambling, money laundering, and even racketeering offenses carrying lengthy prison sentences. Several defendants entered favorable guilty pleas, likely because of sticker shock at the relevant sentencing guidelines.
However, many other defendants chose to go to trial and several jury trials were held before the Honorable Stephen P. Friot, resulting in convictions on one or more counts. Having given up their chance for a favorable plea, it appeared that those who went to trial would be sentenced harshly under laws intended to combat organized crime. But before sentencing, Judge Friot took the unusual step of issuing “Preliminary Findings and Comments with Respect to Sentencing” in which he took a critical eye to typical charging and sentencing practices.
Judge Friot’s focus was the requirement under federal law that a sentence be “sufficient, but not greater than necessary,” to punish offenders and deter future crimes. To give meaning to this vague standard, Judge Friot took the unusual step of quoting from a letter that was written by the jury foreman in one of the trials, who said:
The way I look at it, with all the “legal” sports gambling that goes on the U.S.[,] coupled with the fact that no one was physically harmed and nobody was forced to place bets, I see no threat to society by allowing both Mr. Dorn and Mr. Korelewski [sic] to avoid prison time. I truly believe that our taxpayer money is better spent on these “criminals” by allowing them the opportunity to make a legal living outside of prison walls. I strongly support some sort of deferred sentence or probation.
Though Judge Friot said that this letter was not “determinative,” he also refused to rely on the government’s charging decisions in deciding how to sentence those convicted, focusing instead on “the real conduct that should be punished.” He concluded by saying that he was “particularly interested in what the government may have to say about” why those particular defendants should be imprisoned. In light of this skepticism, it is not surprising that his subsequent sentences were for probation or time served, not further imprisonment.
The ability of prosecutors to charge minor offenses as if they were serious crimes often turns the constitutional right to a jury trial into a very risky proposition. Judge Friot’s thoughtful opinion recognizes that even if defendants can be punished for their role in unlawful gambling, they should not be penalized for the decision to roll the dice before a jury.
If you’ve ever let your kids sign into your Netflix or HBO Go account, or given your marketing department access to your Twitter feed, you may be committing a federal crime, depending on how the Ninth Circuit rules on a case argued before it just last month.
The case, United States v. Nosal, is the latest chapter in a series of cases in which federal prosecutors have used a thirty-year-old anti-hacking statute to turn seemingly routine business disputes into federal felony cases. The statute, known as the Computer Fraud and Abuse Act (CFAA), contains broad prohibitions on accessing a computer system “without authorization” or in a way that “exceeds authorized access.” Though intended to prevent malicious hacking and espionage, those prohibitions have repeatedly been applied to disgruntled former employees who logged back into company databases to access proprietary information after their termination and when their authorization to access those files had been revoked.
However, the Nosal case goes a step further, and a ruling in favor of the United States threatens to criminalize password sharing of all kinds. Nosal was an executive at the recruiting firm Korn Ferry International (KFI). After he left the firm, he obtained the help of several former colleagues to obtain protected KFI data to start a competing business. Although several of the charges against Nosal were thrown out in an earlier case, he was still prosecuted for accessing KFI files using his former assistant’s login information, which she had given him willingly.
According to prosecutors, Nosal’s former assistant was not authorized to give him access to KFI’s systems under the company’s computer usage policy, and so his use of that password was “without authorization” by the proper authorities. Upholding that argument could have a broad reach because so many password-protected services have prohibitions against password sharing in their user agreements, including Netflix, LinkedIn, Facebook, and HBO Go, to name a few. For that reason, a ruling that the CFAA prohibits password sharing when not authorized by these agreements could turn us all into criminals.
Following argument, this case is difficult to handicap. Although Judge McKeown seemed particularly concerned with the fact that Nosal clearly had engaged in wrongful conduct when he knew his authorization had been revoked, Chief Judge Thomas and Judge Reinhardt clearly recognized the scope of the issue at stake, and all three panel members were concerned by the government’s apparent lack of a limiting principle.
A ruling can be expected in the next few months. Until then, all we can do is hold our breath, and hope that the court ensures that the next time we share an account with the others in our household, we won’t end up living an episode ofOrange is the New Black instead of just watching it.
Beating their chests and breathing fire to rouse the polity, the Department of Justice recently came out with an announcement as earth shattering as the sun rising. The DOJ proclaimed it has adopted new policies to prioritize the prosecution of individuals for white-collar crime.
Deputy Attorney General, Sally Q. Yates, was quoted in the New York Times: “It’s only fair that the people who are responsible for committing those crimes be held accountable. The public needs to have confidence that there is one system of justice and it applies equally regardless of whether that crime occurs on a street corner or in a boardroom.”
What’s the hoped-for public response? Probably something like this: “And the crowd goes wild. Finally, after years of corporate executives sporting Teflon and sliding past investigators, the government is going to put its fist down and make the wrongly rich execs pay for their nefarious acts of fraud, insider trading, embezzling, racketeering, and tax evasion! “
But things look a little different in the actual world of white-collar criminal investigations and defense. In fact, prosecutors from the Southern District of New York and across the country are zealously prosecuting employees accused of white-collar offenses, and their companies are never shy about providing the backup data regulators request.. What’s more, convicted offenders are often subject to penalties far exceeding their crimes, as U.S. District Judge Jed Rakoff noted in the 2012 sentencing of Rajat Gupta.
The fact of the matter is that the DOJ doesn’t need to announce a new policy to go after individuals for white-collar crimes. The reality on the ground is we deal with employees being investigated and indicted all the time.
So why did Washington make the announcement? It sounds more like a PR stunt than anything else. Perhaps the Administration is gearing up for the next election cycle, which includes some obvious key elections. The DOJ wants to have a strong response to public outcries for accountability at the opportune time of impending regime change. In prior election cycles, administrations have taken some sort of hard stance on crime and punishment, whether it is increasing sentencing guidelines or messaging prosecutors about white-collar plea agreements.
From our viewpoint, it’s a little hard to take the DOJ’s new policy announcement at face value. We don’t see any recent motivation (outside PR). However, it’s also true that the wheels of Justice move slowly and this may just be a reflection from public dissatisfaction after the 2008 economic crisis, which saw corporations, but few Wall Street execs, held accountable. Regardless, we see the DOJ’s announcement much ado about nothing.
A Canadian federal court recently released an opinion holding that meta tags, at least in some circumstances, are not entitled to copyright protection. Although the precedent is not binding in American courts, the well-reasoned opinion provides an excellent logical analysis on why meta tags may or may not be afforded copyright protection.
In Red Label Vacations Inc. v. 411 Travel Buys Limited, the plaintiff travel business implemented meta tags including its registered trademarks: “redtag.ca,” “redtag.ca vacations,” and “Shop. Compare. Payless!! Guaranteed.” The defendant is a competing travel business in the Canadian market. In 2009, Red Tag experienced a drop in sales and noticed that search engine results for its company were returning results for its competitor, 411 Travel Buys. Upon further inspection, Red Label found that 411 had apparently copied its metadata including content, ordering, and misspellings. Red Label informed 411 of the violation and 411, being Canadian, immediately removed the content. Nevertheless, Red Label brought suit for lost profits during the period it was active.
In analyzing the duplicated meta tags, the court concluded that the tags were substantially derived from a list of Google keywords which were incorporated into phrases describing travel. The court held that there was little evidence of any degree of skill, judgment, or creativity in creating the meta tags at issue in the case. The court noted that there may be circumstances in which meta tags are so creative and original so as to qualify for copyright protection, but they were not present here.
The court further found that there was not substantial copying when viewing the website as a whole. Defendant 411 copied 48 pages out of approximately 180,000 on Red Tag’s website. The court considered substantial similarity between the original work and the allegedly infringing work when viewed as a whole, and did not find that a substantial reproduction had occurred.
Even though 411 used Red Tag’s trademarks in its meta tags, the court held that no trademark violation had occurred because the meta tags were not visible to the site’s visitors, but were rather used by search engines. The court found that even if a patron had reached the 411 site by searching for Red Tag terms, once visitors arrived at the website they would have no doubt that they were at the site of 411. Notably, the Canadian court identified a substantial difference between its law and trademark law in the US. In the US, a court may find a trademark violation occurred where trademark use causes “initial interest confusion” where a patron searching for one company diverts their business to what the patron realizes is a different company offering a similar product or service. Regardless, the Canadian court indicated that it wouldn’t find a trademark violation even under the initial interest confusion test, because when search engines use meta tags they return a list of links that customers may choose from at will, rather than directing the viewer to a particular competitor.
Despite the Canadian court’s thoughtful and in-depth analysis, in the six years since the events of the case meta tags have increasingly become a relic of the past as search engines increasingly use their own algorithms to determine search results. However this is still a claim that many plaintiffs include when throwing in the kitchen sink in a trademark case, and it would not be surprising to see US courts cite to the reasoning of our neighbors to the north in future decisions.
The government has voluntarily dismissed its case against Jae Shik Kim, the South Korean businessman for whom Ifrah Law obtained a motion to suppress in federal court. In 2012, Mr. Kim was stopped by federal agents as he tried to board a plane to South Korea from LAX. The government seized his laptop and copied his hard drive based on suspicion that he had engaged in illegal activity years earlier. The government indicted Mr. Kim based on evidence it found on the laptop relating to past transactions.
Everyone who has been through a security checkpoint at an airport knows that the government has wide latitude to conduct certain warrantless searches at the border without any suspicion of illegal conduct. However, the U.S. District Court for the District of Columbia concurred with Ifrah Law’s argument that the government’s latitude is wide, but it is not unbounded. In order to conduct a non-routine search of electronics at the border–including copying a hard drive for the government to conduct a later search unbounded in time and scope—the government must have reasonable suspicion that the owner is presently engaged or will imminently engage in illegal activity. An ongoing investigation of suspected past criminal activity is not a sufficient basis on which to perform such a search. To use a border search for that purpose is an illegal attempt to circumvent the warrant requirements imposed by the Fourth Amendment to obtain evidence in an ongoing investigation, and any evidence obtained in that manner cannot be used to convict the defendant.
The government understood that when the court suppressed the evidence obtained from Mr. Kim’s laptop, it did not have a case on which it could obtain a conviction. Shortly after the court granted Ifrah Law’s motion to suppress, the government filed an interlocutory appeal of the court’s order. The government hoped that the Court of Appeals would reverse the order and allow the government to present evidence obtained from the laptop in order to secure a conviction.
This week, the government reversed course. The government not only dropped its appeal on the suppression issue, but moved to dismiss the indictment entirely, resulting in an event all too rare in the criminal justice system—a dismissal of all charges against the defendant. The government’s action implicitly acknowledges restrictions on its authority to conduct non-routine searches at the border when there is no suspicion of present criminal activity. It is a big win not only for our client, but for the ongoing effort to preserve our right to privacy.
In an ironic twist, the U.S. Justice Department unsealed a 47-count indictment this morning charging nine present and former officials of the Federation Internationale de Football Association (better known by its acronym, FIFA) and five sports marketing executives with fraud, racketeering, bribery and money laundering. The guilty pleas of four individuals and two entities relating to these same allegations were also unsealed.
The indictment alleges that officials of FIFA, which controls the media and marketing rights to international soccer tournaments worldwide, received bribes totaling more than $150 million in connection with the award of those rights. The defendants also include sports executives alleged to have paid those bribes, and the indictment also charges that intermediaries were used to launder the proceeds of those bribes. The lead charge in the indictment is an alleged violation of the federal Racketeering Influenced and Corrupt Organizations Act (RICO).
At the request of U.S. authorities, Swiss authorities arrested a number of individuals in Zurich this morning where FIFA executives had gathered for the organization’s annual meeting. The indictment was disclosed along with a Swiss investigation into mismanagement and money laundering associated with the award of the 2018 World Cup to Russia and the 2022 World Cup to Qatar. FIFA has stated that the award of those tournaments will not be reconsidered.
The great irony of the indictment is that this is about football – not “American football” but “real” football (what we Americans call “soccer”) – the most popular sport on the planet. From a sports perspective, Americans are still newcomers to the game, though the women’s national team has enjoyed perennial success, the men’s national team has climbed in world rankings, and individual American players are becoming more commonplace on teams in the English Premier League and elsewhere in Europe. It is surely ironic for the U.S. to police a sport that struggles for attention at home.
But on the other hand, it should be no surprise to see a U.S. indictment that seeks to address corruption in FIFA that has been the stuff of rumors for years. The FIFA indictment is another example of how the United States projects not only military power but legal power overseas, using its robust Justice Department and court system to impose on the world the legal standard enshrined in its criminal laws. Given that the case is being prosecuted in the Eastern District of New York – where now-Attorney General Loretta Lynch previously served as the United States Attorney – the case may also signal something about Attorney General Lynch’s approach to such multinational cases.
The Department of Justice presumably justifies this extraterritorial exercise because the defendants include several Americans and because FIFA includes component associations located in the United States; the alleged offenses therefore impact Americans as well as those overseas. To the extent this is true, that seems to be appropriate justification. But another question is how that exercise of power will be perceived outside of the United States. Is the United States helping to solve a problem that has dogged international soccer for years? Or is it meddling in matters that are largely outside of its borders and that should not concern it? As news of this morning’s arrests and the unsealing of the indictment spreads, the world’s reaction may answer those questions.
Last July, we reported on United States v. Davis, an Eleventh Circuit decision in favor of privacy rights. In that case, a three-judge panel held that cell phone users have a reasonable expectation of privacy in their cell phone location data. If the government wants to collect the data, it must first obtain a probable-cause warrant, as required by the Fourth Amendment.
The groundbreaking decision seemed a clear victory for privacy rights, but the victory proved to be ephemeral. Last year, the en banc court agreed to revisit the question and, weeks ago, declared that subscribers do not have a reasonable expectation of privacy in their cell tower location data. As a result, the government can collect such data from third-party service providers if it shows reasonable grounds to believe the information is relevant and material to an ongoing criminal investigation.
In February 2010, defendant Quartavius Davis was convicted on multiple counts for robbery and weapons offenses. Davis appealed on grounds that the trial court admitted cell tower location data that the prosecution had obtained from a cell phone service provider in violation of Davis’ constitutional rights. An Eleventh Circuit panel agreed with Davis. Speaking for the court, Judge Sentelle explained that Davis had a reasonable expectation of privacy in the aggregation of data points reflecting his movement in public and private places. The government’s collection of the data was a warrantless “search” in violation of the Fourth Amendment.
To reach that decision, the panel leaned heavily on a 2012 Supreme Court case called United States v. Jones. In Jones, the Court announced that the government must have a probable-cause warrant before it can place a GPS tracking device on a suspect’s car and monitor his travel on public streets. The Court so held based on a trespass (or physical intrusion) theory. Absent probable cause, the government could not commandeer the suspect’s bumper for purposes of tracking his movement, even if each isolated movement was observable in public. Several Justices went further, suggesting that the same result should obtain even without a trespass. They hinted that location data might be protected because individuals have a reasonable expectation of privacy in the sequence of their movements over time. It was this persuasive but nonbinding privacy theory that guided the Eleventh Circuit’s panel decision.
On rehearing, the en banc court rejected the panel’s approach. The court noted that Davis could prevail only if he showed that a Fourth Amendment “search” occurred and that the search was unreasonable. He could show neither. To demonstrate a search, Davis had to establish a subjective expectation and objective expectation of privacy in his cell tower location data. But this case involved the collection of non-content cell tower data from a third-party provider who collected the information for legitimate business purposes: the records were not Davis’ to withhold. According to the court, Davis had no subjective expectation of privacy in the data because cell phone subscribers know (i) that when making a call, they must transmit their signal to a cell tower within range, (ii) that in doing so, they are disclosing to the provider their general location within a cell tower’s range, and (iii) that the provider keeps records of cell-tower usage. But even if Davis could claim a subjective expectation of privacy, he could not show an objective expectation. In the court’s view, Supreme Court precedent made clear that customers do not have a reasonable expectation of privacy in non-content data voluntarily transmitted to third-party providers. Because there was no “search,” there could be no violation of Davis’ constitutional rights.
The en banc court explained further that Jones did nothing to undermine the third-party doctrine. For one, Jones involved a government trespass on private property. But the records in Davis were not obtained by means of a government trespass or even a search, so Jones did not control. Additionally, Jones involved location data that was first collected by the government in furtherance of a criminal investigation. By contrast, Davis involved location data that was first compiled by a service provider in the ordinary course of business. Simply put, “[t]he judicial system does not engage in monitoring or a search when it compels the production of preexisting documents from a witness.”
Photo: “LAX-International-checkin” by TimBray at en.wikipedia.
Developments in law are sluggish compared to the rapid rate of technological advancement, and courts must constantly apply old legal principles to technologies which were not contemplated at the time the laws were enacted. Recently, technology has been at the forefront of privacy rights debates, in light of revelations that the government has access to online communications, personal data storage and extensive monitoring via technology. The Fourth Amendment of the United States Constitution establishes a privacy right by prohibiting unreasonable search and seizure, but the extent to which that applies to technology is largely untested. Last week, a federal judge upheld this fundamental right as she ruled that our client’s rights had indeed been violated by an unreasonable search and seizure of a laptop computer conducted by the government.
U.S. District Court Judge Amy Berman Jackson granted a motion which we filed on behalf of our client, South Korean businessman Jae Shik Kim, to suppress evidence seized from his laptop as he departed the country from Los Angeles International Airport in October 2012. The decision severely cripples the government’s case alleging that Kim conspired to sell aircraft technology illegally to Iran, in United States of America vs. Jae Shik Kim, Karham Eng. Corp. (Crim. Action No. 13-0100 in the U.S. District Court for the District of Columbia).
The seizure of Mr. Kim’s laptop presents a unique challenge in an undeveloped area of law. The government claimed that because Mr. Kim’s laptop was seized at the border, it was free to search the computer without having any suspicion that he was presently engaged in criminal activity, the same way the government is free to search a piece of luggage or a cargo container. Yet anyone who owns a laptop, smartphone, tablet, or any other personal mobile device, knows that the breadth and depth of private information stored within these gadgets are intimately tied to our identities and should be entitled to a heightened level of privacy.
Judge Jackson, who understood this aspect of modern mobile devices, wisely rejected the government’s argument that a computer is simply a ‘container’ and that the government has an ‘unfettered right’ to search. In her memorandum opinion and order, she wrote, “…given the vast storage capacity of even the most basic laptops, and the capacity of computers to retain metadata and even deleted material, one cannot treat an electronic storage device like a handbag simply because you can put things in it and then carry it onto a plane.”
In her decision, Judge Jackson also repeatedly referred to “reasonableness” as the “touchstone for a warrantless search.” She keenly balanced the government’s imperative to protect our borders with individuals’ privacy rights. Judge Jackson found that the nature of the search — including that the government conducted the search as Kim departed the country (and not as he entered) to gather evidence in a pre-existing investigation, and that it made a copy of the entire contents of Kim’s laptop for an “unlimited duration and an examination of unlimited scope” — amounted to an invasion of privacy and an unreasonable search and seizure.
While the search of Mr. Kim was technically a border search, his laptop was not searched at the airport. Instead, it was transported 150 miles to San Diego and held until government agents were able to find and secure information they deemed valuable to their case. In fact, Mr. Kim was deemed so little of a threat to national security that he was permitted to board his flight. Judge Jackson noted that if the government’s asserted justification for the search were to stand, it “would mean that the border search doctrine has no borders.”
In this case, unfortunately, the government overstepped the boundaries established by Fourth Amendment of the Constitution, however the checks and balances imposed by the same foundational document proved to correct this error, and rightly so, as our laws continuously strive to adjust to the reality of rapidly evolving technology.