Fourth Amendment Rights in Files Stored on Password-Protected Websites:
Does a user have a reasonable expectation of privacy in their files — including images of child pornography — posted on a password-protected website? In a decision handed down last week, Judge Stearns of the U.S. District Court for the District of Massachusetts concluded that the answer is "yes." At the same time, Judge Stearns refused to suppress the evidence in the particular case, finding that its collection was the fruits of a private search by a tipster. The case is United States v. D'Andrea.
Unfortunately, the facts of the case are pretty gruesome, so here is a very brief version. The Massachusetts Department of Social Services received a call from a person reporting that another couple was molesting their 8-year old daughter and putting pictures of the molestation on a password-protected Sprint PCS website. The caller indicated that she was an ex-girlfriend of the man involved, and she told the officials the username and password of the website to access the pictures. A DSS official entered the username and password, accessed the website, and confirmed that images of the molestation were present. The official contacted the police, and the police obtained a warrant to search the couple's home. The woman was home when the warrant was executed; she was taken into custody and confessed to the crime. When charges were brought, both the man and the woman moved to suppress the images and the confession on the ground that they had a reasonable expectation of privacy in the stored files in the account and that the government access to the account without a warrant had violated the Fourth Amendment.
In his opinion, Judge Stearns first concludes that a person has a reasonable expectation of privacy in the contents of files stored on password-protected websites. Judge Stearns relies on two authorities. The first authority is Professor LaFave's treatise:
But having concluded that there is a reasonable expectation of privacy in password-protected websites, Judge Stearns then seems to reduce that entire discussion to dicta: he concludes that the defendant's Fourth Amendment rights weren't violated because the government officials that accessed the website merely reconstructed the private search of the anonymous caller.
Unfortunately, the facts of the case are pretty gruesome, so here is a very brief version. The Massachusetts Department of Social Services received a call from a person reporting that another couple was molesting their 8-year old daughter and putting pictures of the molestation on a password-protected Sprint PCS website. The caller indicated that she was an ex-girlfriend of the man involved, and she told the officials the username and password of the website to access the pictures. A DSS official entered the username and password, accessed the website, and confirmed that images of the molestation were present. The official contacted the police, and the police obtained a warrant to search the couple's home. The woman was home when the warrant was executed; she was taken into custody and confessed to the crime. When charges were brought, both the man and the woman moved to suppress the images and the confession on the ground that they had a reasonable expectation of privacy in the stored files in the account and that the government access to the account without a warrant had violated the Fourth Amendment.
In his opinion, Judge Stearns first concludes that a person has a reasonable expectation of privacy in the contents of files stored on password-protected websites. Judge Stearns relies on two authorities. The first authority is Professor LaFave's treatise:
Professor Warren [sic] LaFave, a preeminent authority on the Fourth Amendment, argues that a person who avails herself of a website’s password protection should be able to claim a reasonable expectation of privacy in the site’s contents. Professor LaFave makes the point that while a service provider has a need to access information regarding the identity of a site holder and the volume and extent of her usage, it has no legitimate reason to inspect the actual contents of the site, anymore than the postal service has a legitimate interest in reading the contents of first class mail, or a telephone company has a legitimate interest in listening to a customer’s conversations. “Reliance on protections such [as] individual computer accounts, password protection, and perhaps encryption of data should be no less reasonable than reliance upon locks, bolts, and burglar alarms, even though each form of protection is penetrable.”13 LaFave, 1 Search and Seizure § 2.6 at 721 (4th ed. 2006).Judge Stearns also relies heavily on the Sixth Circuit's Warshak case, quoting from it extensively.
But having concluded that there is a reasonable expectation of privacy in password-protected websites, Judge Stearns then seems to reduce that entire discussion to dicta: he concludes that the defendant's Fourth Amendment rights weren't violated because the government officials that accessed the website merely reconstructed the private search of the anonymous caller.
This argument fails for the simple reason that [the government official] intruded no further into defendants’ zone of privacy than did the anonymous caller. Where a private party, acting on his or her own, searches a closed container, a subsequent warrantless search of the same container by government officials does not further burden the owner’s already frustrated expectation of privacy. United States v. Jacobsen, 466 U.S. 109, 117 (1984). “The additional invasions of [a defendant’s] privacy by the Government agent must be tested by the degree to which they exceeded the scope of the private search.” Id. at 115. Moreover, where an expectation of privacy in an item has been effectively destroyed by a private search, police do not violate the Fourth Amendment by examining the same item more thoroughly or with greater intensity so long as they do not “significantly expand” upon or “change the nature” of the underlying private search. United States v. Runyan, 275 F.3d 449, 464-465 (5th Cir. 2001).Judge Stearns then concludes that either the man or the woman must have given the password to the caller. True, both the man and the woman denied giving out the password. But Judge Stearns concludes in fn 17 that this must be false; there's no other way the caller could have learned the password without the man or woman giving it to her. So having given the password to the caller - at least according to Judge Stearns — the defendants had "assumed the risk" that she would access the account and tell the police about what she saw:
At day’s end, this case falls clearly into the “assumption of the risk” exception identified in Warshak and Supreme Court precedent. “It is well-settled that when an individual reveals private information to another, he assumes the risk that his confidant will reveal that information to the authorities, and if that occurs the Fourth Amendment does not prohibit governmental use of that information.” Jacobsen, 466 U.S. at 117. See also United States v. Maxwell, 45 M.J. 406, 419 (C.A.A.F. 1996) (the sender of an email runs the risk that its recipient will publish its contents). Thus, even granting defendants a reasonable expectation of privacy in the graphic website images of Jane Doe, by sharing the website access information with the anonymous caller, defendants took the risk that their right to privacy in the website’s contents could be compromised.Hmm, I'm not sure what I think of this case — either on the first section granting Fourth Amendment protection or the second part taking it away.
Let's assume that the terms of service generally prohibit doing illegal stuff, is that enough to remove a reasonable expectation of privacy? Most things in life have implicit or explicit "terms of service" that prohibit doing ilegal stuff. Hinging a decision on these grounds essentially means that you have a reasonable right to privacy, as long as you are not doing anything illegal, sort of eviscerates the right.
I'm not following this. Why is it relevant if the ex-girlfriend, who somehow obtained the password, looked at "file 1", saw it was kiddie porn, and then called the cops, rather than first looking at all files 1 through 500? The fact is that she could have seems like it should be enough. Should the cops have told the ex to go home, look at all the files, and then come back?
I make the argument in the article linked to in the post, on the pages mentioned. That's my best response to your question.
Brett,
This is always a potential concern, but note that the tipster in this case is now known.
I agree the facts are not well-established, but I am inclined to assume that the facts are such that I would conclude the suspects did have a reasonable expectation of privacy. I also think the private-search/assumption of risk argument is factually dubious at best, but in any event I think the doctrine is flawed: I see no reason why the government officials in this case should not have been required to get a warrant based on the tipster's information before conducting their search. Similarly, I also see no reason for a special needs exception in such a case (ie, I also think social services officers should have to get warrants before they start conducting searches like this looking for evidence of child molestation).
So why aren't we requiring a warrant? Obviously because of the exclusionary rule: we don't want such bad people to go unpunished. As always, that makes me think we should dump the exclusionary rule, and instead have a direct remedy against the government officials for conducting a warrantless search.
Yes, it would. Here a Social Services official was trying to catch ongoing child molestation, and received a tip that clear evidence of the molestation was on the website. To the extent the access was a "search" it was not a very invasive one relative to a home invasion. True, the official could have contacted the police and asked them to obtain a warrant to obtain the contents of the account. But the fact that it was possible doesn't make it mandatory.
However, I think the court was right here. By giving out the password (assuming they did), they assumed the risk that any illegal content would be given to the authorities.
I have not read the case, but I'd be curious to know whether the password was easily guessible. Was it "password" or "porn" or "12345" or something like that? Or was it something hard and impossible to guess like "zDfi23df31if3%99d9fswMJsFdkjwog!$@df"?
Regardless, much like the drug exeption to the 4th Amendment, we have now created a de facto 'kiddie porn' exception to the 4th Amendment. So, these people would have been convicted no matter what reason the court came up with.
Actually, I think you're wrong about encryption: see here.
You're also wrong about a drug or kiddie porn exception to the Fourth Amendment. The Fourth Amendment has always been closely tied to contraband cases, starting with the prohibition cases in the 1920s. But I think it's hard to find a consistently different treatment of the cases based on the subject matter (as satisfying as it may be to proclaim).
Would you support a middle ground - an inevitable discovery rule and/or a good-faith exception that applies to the exclusionary rule but not to private damages (at least as to inevitable discovery, as good-faith does apply to private damages)?
Thank you. I read the relevant pages, and it appears to me that you have engaged in an odd form of double-think to reach your conclusion.
You essentially examine two binary questions:
1. "Virtual file" versus "storage device" (Casey v. Runyon). You choose "virtual file."
2. "Virtual file" versus "exposed data." You choose "exposed data" on the grounds that "virtual file" is essentially a contingent and meaningless concept, and you go on to explain why.
While your argument in (2) is pursuasive, I intuitively used to it to answer (1) differently. Since the "files" are merely designations, with no guarantee that everything is in a file, and even for things in files, they are only "virtual" files, not "real files," it seems to me that looking at separate "files" as relevant units in question one is legally suspect, and Runyan was correctly decided.
You are looking at a big warehouse, with different items having different post-it notes on them saying "John's Kiddie Porn" and "Steve's Accounting Fraud" and assuming that each post-it note is really a locked box. As you explain in (2), that assumption doesn't make sense.
You wrote: "True, the official could have contacted the police and asked them to obtain a warrant to obtain the contents of the account. But the fact that it was possible doesn't make it mandatory."
OK, but the general rule for criminal law enforcement searches is that they require a warrant unless they fall within one of the recognized exceptions. So, I do think it is fair to ask why there should be an exception in this case, if it was possible for the government officials to get a warrant.
But maybe Judge Sterns could have protected the confession in a different way. Even without the violation, we still have the following facts in play:
" The Massachusetts Department of Social Services received a call from a person reporting that another couple was molesting their 8-year old daughter and putting pictures of the molestation on a password-protected Sprint PCS website. The caller indicated that she was an ex-girlfriend of the man involved. . . . "
Thus, the warrant was still based on sufficient facts to reach probable cause for the issued warrant, even throwing out the police's confirmation, no? Though the pictures themselves might have to be suppressed, absent inevitable discovery, but would the confession? Maybe there's an argument that they wouldn't have gotten the confession if they didn't get confirmation of the photos, but without reading the opinion (and I don't fancy so doing given the nature of the facts), I can't really say that just because some of the evidence is tainted, all of it is?
Also, if I am right and the warrant was still based on sufficient probable cause, could the pictures come back in under inevitable discovery doctrine?
PS - Can the Second Circuit affirm based on its own factual findings, either here or for "special needs"? Or would the court need to apply a harmless error standard?
But the reason the exclusionary rule was adopted in the first place, is that prosecutorial discretion and lack of sympathy for guilty victims of illegal searches assures that the remedy will never actually be implemented. How do you plan to get around that?
Now the analogy in question reads: An anonymous letter with a house key enclosed is sent to the police by someone claiming to be an ex-girlfriend of the homeowner. Presumably, the enclosed key was given to the writer by the homeowner during said relationship, and was never recovered, nor were the house's locks changed.
The writer claims that there is a stash of child pornography in plain view once inside the house, and this key will allow the police inside the house to see it.
Note especially that there is no way to verify the writer's story regarding the key. In particular, it is just as likely that the writer stole a key or illicitly obtained a duplicate in order to rob the house in question, and discovered the pornography in the process.
Now, on this basis can the police use this key to open the house while the homeowner is away and see what is in plain view inside?
IANAL, but I think I know enough about the Fourth Amendment to know the answer to this one, and shame on the judge for not knowing it.
I'm not quite sure I understand your proposal. What I would have in mind is no special exclusionary rule at all, so no need for exceptions like inevitable discovery and good faith. I'd also favor strong administrative remedies and statutory private damage actions. I'm not sure how to compromise on all that, and I think the exclusionary rule is so fundamentally flawed that it makes little sense to try to preserve it.
Obviously I wasn't asking you whether you agreed with your own proposal, but whether you would find more limited proposals acceptable to remedying the concerns one would have by eliminating the "teeth" of the Fourth Amendment.
What I am saying is that when a government agent mistakenly, but innocently, believes he doesn't need a warrant, and it turns out he did, but there was probable cause anyway, would you be okay with (instead of your full proposal) then eliminating the exclusionary rule? Alternatively, would you be okay (and not going to your full proposal) with using Saucier v. Katz analysis?
On the other hand, if a "reasonable expectation of privacy" is only presumed when strong (EG, 65536-bit GPG) encryption is used, this will expand the use of a technological privacy mechanism where the social mechanism to bypass is moot, because the technical capacity is not possible. It would be like a judge issuing a search warrant for the inspection of a suspect's immortal soul — reasonable expectation of privacy be damned, it's moot because that just can't be done.
On the gripping hand, I'd agree that the judge's presumption that there was no other way the login and password could have been obtained is technically very, very bad. I'd hope for a reversal due to the lack of factual hearing.
(I'll also note in passing that many sites make sharing of your account name and password a violation of the TOS; if the TOS were already breached by the user, they may be largely moot. As a computer geek, I've flat out told users that they should be more reluctant to share their account passwords than an unlimited power of attorney.)
First, I don't think the exclusionary rule effectively deals with that problem.
Second, I don't believe it is impossible to craft enforceable direct remedies. Prosecutorial discretion is a problem only if you assume a criminal remedy. An alternative would be to give private parties various administrative and civil remedies, and I would suggest not having those remedies subject to jury trials.
Whether the political will for such measures exists is a different question.
I don't uderstand your position. Your view is that if a person enters a warehouse with millions of locked boxes, he has "searched" all of the the locked boxes upon entering the warehouse. That's the Runyan position. My view is that a person searches only that which actually opens; you don't open all of the contents of a warehouse when you merely enter a part of it. Why is my position "an odd form of doublethink"?
ATRGeek:
No, that's wrong (or alternatively, the private search doctrine is just an exception to the warrant requirement -- take your pick). Also, I'm curious: I thought you were a pure textualist in the Fourth Amedment context, and that you didn't consider precedents as part of the real Fourth Amendment. Where do you find your rule in the text?
Compare this footnote with the CERT Coordination Center's statement of “Commonly Exploited Configuration Problems”. Note that CERT begins their list with:
Further, for Mozilla, Firefox and Safari users (all platforms) please note the recent widely-publicized discussion of a vulnerability in password manager which may lead to compromise of stored passwords. Note that this vulnerability is currently unpatched, although the risk is somewhat limited and there are known work-arounds.
The government's argument that the anonymous caller could have learned the defendant's password only from the defendants is just plain wrong. Further, anyone even vaguely familiar with well-known problems in computer security should have known better.
That said, I'm not sure this clear error disturbs the decision.
In general, without knowing why I am being forced to negotiate, it is a bit hard for me to do anything but explain what I would think about the proposal. In other words, whether I would find a given proposal "acceptable" or "okay" depends on what my alternatives might be.
Anyway, one of the reasons I don't like the exclusionary rule is that it makes liars out of the police. So, your proposed good faith exception is not very palatable to me, insofar as it is limited to cases where the officer claims something about his subjective state of mind.
I'm not clear on your proposed use of Saucier. Would the idea be to limit the exclusionary rule to cases where the police would not be entitled to qualified immunity? I guess that would help limit the exclusionary rule to cases where it is more plausible the police would be incentivized by the exclusionary rule, but again I don't really think that sort of exclusionary rule is going to be effective, and it would still encourage lying about the facts.
IIRC, from the most recent SCOTUS answer on the topic, the answer is "yes, unless the Police have reason to believe that Person A does not consent to the search. Not sure without researching whether that answer can be implied from the consent by person A. The case involved a situation where the officers directly asked consent and got competing answers, and turned on whether the right to exclude trumped the right to allow vis a vis JT/TIC, IIRC.
Out of curiosity, why do you think abandoning the exclusionary rule will both provide some defense of the Fourth Amendment AND stop the police from lying? If the police are actually concerned about the effects of violating the Fourth Amendment, they'll still lie, only the lie wouldn't be necessary to avoid exclusion - just to avoid civil damages. If the police are not concerned about the effects of violating the Fourth Amendment, then why have it at all?
It seems your solution is still dependant on either 1) an effective enforcement regime, or 2) the good faith of the officer. I don't get how you can reduce lying without at least a corresponding reduction in bald-face violating the Constitution. Either they'll still do it, and then continue to lie, or they'll still do it and be honest about it, and suffer no reprecussions anyway. But there seems to be nothing that *penalizes* lying in any way that doesn't also abandon any serious effort to enforce the Fourth Amendment at all.
And we have no idea what this ex-girlfriend's story on the password is?
But you are positing the "millions of locked boxes." A password protection is a single lock that let's you in. You are calling each separate file a separate locked box, even though it is only even a "box" at all (locked or otherwise) if you look at the data a certain way. If you look at it a different way, it is just data that is sitting next to other data, out in the open fields of the hard-drive. Thus, my reference to "post-it notes". Just because you have written on something "This is a file, and distinct from all other items on this hard drive" doesn't make it so.
The "doublethink" comes in agreeing with Casey's "Virtual File" position -- that such a concept is legally defensible -- when placed against Runyan, when you subsequently argue that the concept of a "virtual file" is essentially meaningless.
The real issue here - if the user doesn't care enough about security to change his login/pw more than once a month, should his privacy be protected. Here we can use the analogy of the person who doesn't re-key their door lock once a month. The analogy of someone mailing in a key to the apartment and a note saying "kiddie porn on the kitchen table" is a little more apt. It's up to you lawyers to sort out if that remains to be a REOP.
You don't do yourself any credit by trying your hand at strawman arguments. I never claimed to be a "pure textualist in the Fourth Ame[n]dment context", and I am not even sure what that means. And I definitely do not understand what you mean by the claim "you didn't consider precedents as part of the real Fourth Amendment."
The textual grounding for a general warrant requirement in law enforcement searches is in the reasonableness clause. Of course, grounded in that way, there is also room for reasonable exceptions, such as exigent circumstances where probable cause exists but getting a warrant would be impracticable.
As for the private search doctrine: it is one thing if the private person conducts the search and then hands the evidence to the government official. In such a case, the government cannot reasonably be expected to put the evidence back where it was found and go get a warrant. But it is another thing where a private person conducts a search and then tells the government official what they would find if they conducted a similar search. In such a case, I see no reason not to require the government to first get a warrant before conducting its own search.
Again, textually I would ground all that in the reasonableness requirement of the Fourth Amendment.
I might agree if we assumed that exclusionary rule left the boundaries of Fourth Amendment rights untouched. Unfortunately, I think it has not: what has happened instead is a systematic weakening of Fourth Amendment rights through ever-expanding exceptions, largely because the remedy (bad people going unpunished) is too extreme for many to tolerate. It is these exceptions which generally give the police an ever-increasing incentive to lie such that their conduct will fall within one of the exceptions.
In contrast, I believe that if we did not have the exclusionary rule, we would tolerate fewer exceptions. That would give government officials less to lie about. For example, the fewer categories of exceptions we tolerate to the warrant requirement, the fewer cases in which the government official can plausibly lie in order to get around the warrant requirement, because whether or not they got a warrant will be pretty straightforward, and the fewer exceptions to the requirement the fewer the cases which might plausibly fall into an exception.
I admit, though, that all this is predicated on the notion that in the end we would end up accepting fewer limitations and exceptions with respect to Fourth Amendment rights if the remedy was administrative or a civil action, rather than the exclusionary rule. That is a hard proposition to test, but I personally think it is pretty likely to be true.
Yes, I am equating individual files as individual boxes. Note that for Fourth Amendment purposes whether a box is "locked" is generally irrelevant. The question is whether the box is open or closed.
ATRGeek,
It's hard to discuss the law with you, as you repeatedly switch between what the law is and your theory of what the law should be. If your interest is in existing law, however, your argument was rejected by the Supreme Court in United States v. Jacobsen, 466 US 109, 117-18 (1984). On the other hand, if your interest is in your theory of what the law should be, I have no response.
Yes, I am equating individual files as individual boxes. Note that for Fourth Amendment purposes whether a box is "locked" is generally irrelevant. The question is whether the box is open or closed.
ATRGeek,
It's hard to discuss the law with you, as you repeatedly switch between what the law is and your theory of what the law should be. If your interest is in existing law, however, your argument was rejected by the Supreme Court in United States v. Jacobsen, 466 US 109, 117-18 (1984). On the other hand, if your interest is in your theory of what the law should be, I have no response.
I'm far less certain that your empirical claim is true, but there certainly is the possibility of so researching.
But you subsequently discuss a computer with the "first page of a hundred page document on the screen" and ask if the police can scroll down. Here we have an obviously "open box" in the sense that we have an open file, and a file is a box. But you now reject the "individual box" metaphor, claiming that "the distinction between files and data . . . is tremendously important." Suddenly, we do not care that the 100 page document is all part of the same "file," you ask "if the law is keyed to files, how can it apply to information not stored in a file?"
You treat the file like a wall that only works in one direction. It is a border that stops the police who see one file from looking at other files, but from the inside it's not a proper border at all, since they are "contingent creations" and not all data is even in a file.
So, in your analysis, the "file" designation can be used to shrink the information that can be searched (You can't go there! It's another file!), but never to expand it (Hey, it was all in the same file, so what's the big deal?)
I think that a "File" must either be a revelant designation, or it is not. If it is an "open box", then I can see everything there is in the box. If it is a "contingent creation" without legal significance, then the fact that the data I find is in a different "file" from the data I am legally examining shouldn't make a difference.
In 99% of the cases, as in the D'Andrea case here, the files and the data are exactly the same. That is, the files and data are both visual images. In my paper, I address this most common case first. I conclude that as between physical device and a file/data approach, i recommend the file/data aproach. I call it the file approach because that's what the cases call it, but really it's both a file and data approach because they are the same in that common setting.
In the paper, I then consider the very rare case when the file and data are not the same, such as a case involving a long word processing document. I conclude that in that rare case, the data-based approach would be better than a file-based approach. In the D'Andrea case, we're in the common category of file=data. Given that, I don't know why I'm being incoherent by suggesting that this approach is better than the physical device approach. The key issue is the facts, not the label that you apply to the facts, and I think I'm being consistent on that basis.
Yes, if you look at it one way. But, it's kind of like asking whether you need a search warrant to get into a house in a Potempkin village. You might need a warrant to go through the front door, but if you go around back, it's all in "plain view."
The Casey court concluded that a warrant that gave the scientist the right to search for "names, telephone numbers, ledger receipts, addresses, and other documentary evidence pertaining to the sale and distribution of controlled substances" did not give him to right to search jpegs.
But the opinion assumes that the search is going file-by-file through the computer (which is this case, granted, it was), and making law based on that assumption.
The court essentially mandates a search system that utilizes the contingent file names created by the user. But, that's only one way of searching. Saying that the data and the file are co-extensive is putting the rabbit into the hat.
I agree that he is wrong about encryption, but one of the issues here is password protection, which is intended to bar access rather than understanding. If I put a padlock on a shed then I obviously intend to keep the contents private.
I don't think the TOS is germane. The provider may have the right to pass on evidence of crimes to the authorities but that isn't what happened here. I seriously doubt that the TOS says that third parties have the right to access the account in the event that the terms are violated.
A harder question is whether what the social worker did amounts to a recreation of the girlfriend's search. If I mail the cops the key to a house and state that evidence of a crime is in plain sight, that doesn't mean that I obtained my information through such a search.
In many states the Fourth Amendment exclusionary rule is inapplicable to civil child protection proceedings. However I can't imagine that a court would allow evidence gathered in violation of the Fourth Amendment during the course of a child protective services investigation to be used in a criminal proceeding against the parents.
The fact that the storage locker contained stacks of child porn or a dead body should make no difference to the initial question of whether the expectation of privacy is one that society would deem reasonable, and isnt that the relevant question? I can see why this case is kinda tricky, because the defendants apparantly uploaded photos to a website, as opposed to merely retaining files on their own computer hard drive. At the same time, its not like the couple created a webpage at geocities that anybody and everybody could access, so the attempt at privacy, via the password, should be construed for what it was- notice to the outside world that you are not welcome.
And i also agree with the commenter above that the initial government search exceeded the allowable non-governmental search doctrine. The ex could have accessed the website, printed the pictures out or saved them to a disk, and given them to the police or children services people to do with it as they wished. That would of been fine under the non-governmental search exception. Instead, the government through one investigative branch simply borrowed the "key" and accessed the contents, then sought the warrant via help from another investigative branch. The whole time they were looking for evidence of a (admittedly heinous) crime based on the tip.
And Orin's comment, that the Judge found an 'exception' to work to make sure the evidence got in and the people got what they deserved (paraphrasing here) is absolutely positively the most honest thing ive read in awhile, even though its based on pure speculation. Thank you for making the point that the criminal defense bar has been making for decades with regard to the whole 4th amendment nightmare! The charge, the crime, the age of the victim, number of victims, etc... should all be completely IRRELEVANT to the question of whether a fourth amendment violation has occurred, but often times, is the only relevant factor. As in the more drugs the police find, the more likely that a 4th amendment violation will be "excused" by one of the numerous exceptions, even if it takes a stretch of the legal imagination or the factual record to get there. THIS IS WHAT IS WRONG WITH THE SYSTEM! The Fourth Amendment is evidentiary in nature and should be content-blind. Assuming a 4th amend violation has occurred, the illegally seized evidence, whatever evidence, is ipso facto tainted. This goes for child porn, murder weapons, drugs, etc...
The ends do not justify the means- unless we are going to concede that some citizens are entitled to full constitutional rights while others, depending on the nature of the crime alleged, are not. Once you go down that road, you might as well roll up the bill of rights and smoke it because thats the only good you will get out of it.
You write: "It's hard to discuss the law with you, as you repeatedly switch between what the law is and your theory of what the law should be."
With all due respect, that is dichotomy not worthy of a 1L, let alone a law professor. Are you saying that it is impossible to argue that the Supreme Court got a constitutional case wrong? If someone says the Court got a constitutional case wrong, which are they doing: saying what the law is or theorizing about what the law should be?
For example, suppose I suggested that I find Justice White's opinion in Jacobsen more persuasive than the Court's (which, in fact, I do, since it makes the same argument that I already made, which you might suspect is not entirely coincidental). Now which am I doing when I say that Justice White's opinion is more persuasive--saying what the law is or theorizing about what the law should be?
But even if that occurred to the ex, she must've realized that getting copies of the child porn and passing them on could've opened her up to possible charges. After all, we've seen that justice isn't exactly calm and rational when child porn is involved, and she likely wanted to stay as far away from the blast radius as possible.
Orielbean,
While the DoJ's interpretation of "access device" is very broad, I don't think their definition covers apartment keys. But the DoJ does think that "[a]ccess devices related to network crimes might include passwords". So your analogy to an apartment key breaks down when we consider that it's not outside the bounds of plausibility that the semi-anonymous informant may have been 18 U.S.C § 1029(a)(6) “without the authorization of the issuer of the access device [...]” (A) “offering an access device.” The sticking point with this analysis, though, is “with intent to defraud”. Did the semi-anonymous informant intend to falsely purport that she had authority to grant the DSS access to the computer system? If she did so falsely purport and intend to so purport, does that amount to “intent to defraud”? Even if it was, it may not matter because she was a private actor.
If, though, the semi-anonymous informant made it clear that the computer system was not under her control, then, should the DSS, a state actor, have been aware of M.G.L. Chapter 266: Section 120F.
Otoh, I haven't really figured Massachusetts out yet. It seems that the state passes all sorts of laws, and then the people just sorta ignore all those laws and do what they feel like. So perhaps the DSS was justifiably ignorant of the notice.
As for my comment about drug and kiddie porn exceptions to the 4th amendment, let me pose this question: do you really think 4th amendment jurisprudence would be what it is today without the 'war on drugs'? The government cannot prevent its citizens from having leaves, powders, and pills hidden in their homes and pockets with limits on the ability to search and seize. As such, those limits have been eviscerated. To protect the children. And it's not just the 4th amendment. We just got a drug exception to the First amendment a few weeks ago.
We live in an age where politics of protecting TPC (the precious children) trumps all else, including "out-dated" rights that allow people to get away with hurting TPC. Saving TPC trumps the constitution 99 times out of 100. The one time it doesn't, either the court gets reversed or the law gets amended slightly and then upheld the next go around.
My point is that normative and descriptive inquiries are simply different, not that the latter are illegitimate. I think that's a pretty simple point.
Listen, ATRGeek, I think I get your shtick. I'm sure it's fun to play, but I don't enjoy the insults. Perhaps it would be better if you commented elsewhere.
Is there any cause of action under Mass. law, either constitutional or statutory?
As to the facts, the ex-girlfriend probably had physical access to the computer and vicinity. Lots of people write sensitive passwords on sticky notes or otherwise leave clues to themselves, in places where they have a reasonable but mistaken expectation of privacy.
I guess im just agreeing with you and Orin that the judge's conclusion that the defendants must have voluntarily given the ex the password is very weak. Plenty of reasonable alternatives present themselves.
In the last few weeks, and in this thread in particular, you have shown that you are one of those commenters. Based on what you have said, it's clear that you neither appreciate the fact that I put so much of my time into blogging or that your comments seem to be really bothering me. It just seems that you really don't care. I do this essentially for free, and it takes up a lot of my time; I don't know why I should have to put up with that;
Given that, and that fact that you aren't interested in contacting me one on one, I'm revoking your commenting privileges. If you would like to comment here again, send me the one-on-one message or phone call I requested. I hope you will; you're a smart guy when you decide to play nice, and your experience is helpful in these threads. But I would rather you not comment here at the Volokh Conspiracy if you're not going to play by the rules. I know you think this is unfair, but that just means that you can be unfair to me when you start your own blog and I leave the same kind of comments in your posts that you have been leaving in mine.