25.2 Criminal Hazards

If you operate an Internet Service Provider or web site, or have networked computers on your premises, you may be at risk for criminal prosecution yourself if those machines are misused. This section is designed to acquaint you with some of the risks.

If law enforcement officials believe that your computer system has been used by an employee to break into other computer systems, transmit or store controlled information (trade secrets, child pornography, etc.), or otherwise participate in some computer crime, you may find your computers impounded by a search warrant (in criminal cases) or writ of seizure (in civil cases). If you can document that your employee has had limited access to your systems, and if you present that information during the search, it may help limit the scope of the confiscation. However, you may still be in a position in which some of your equipment is confiscated as part of a legal search.

Local police or federal authorities can present a judge with a petition to grant a search warrant if they believe there is evidence to be found concerning a violation of a law. If the petition is in order, the judge will almost always grant the search warrant. In the recent past, a few federal investigators and law enforcement personnel in some states developed a reputation for heavy-handed and excessively broad searches. In part, this was because of inexperience with computer crime. It has been getting better with time.

The scope of each search warrant is usually detailed by the agent in charge and approved by the judge; some warrants are derived from "boilerplate" examples that are themselves too broad. These problems have resulted in considerable ill will, and in the future might result in evidence not being admissible on constitutional grounds because a search was too wide-ranging. How to define the proper scope of a search is an evolving discussion in the courts.

In the past, the first reaction of police investigating a crime has been to confiscate anything connected with the computer that may contain evidence (e.g., files with stolen source code or telephone access codes). This confiscation frequently resulted in the seizure of computers, all magnetic media that could be used with the computer, anything that could be used as an external storage peripheral (e.g., videotape machines and tapes), autodialers that could contain phone numbers for target systems in their battery-backed memory, and all documentation and printouts. In past investigations even laser printers, answering machines, and televisions have been seized by federal agents?sometimes apparently with reason, other times as a result of confusion on the part of the agents, and sometimes apparently out of spite.

Officers are required to give a receipt for what they take. However, you may wait a very long time before you get your equipment back, especially if there is a lot of storage media involved, or if the officers are not sure what they are looking for. Your equipment may not even be returned in working condition?batteries discharge, media degrades, and dust works its way into moving parts. Equipment can also be damaged in transport or as a result of the investigation.

You should discuss the return of your equipment during the execution of the warrant, or thereafter with the prosecutors. Indicate priorities and reasons for the items to be returned. In most cases, you can request copies of critical data and programs. As the owner of the equipment, you can also file suit to have it returned,[4] but such suits can drag on and may not be productive. Suits to recover damages may not be allowed against law enforcement agencies that are pursuing a legitimate investigation.

[4] If it is a federal warrant, your lawyer may file a Motion for Return of Property under Rule 41(e) of the Federal Rules of Criminal Procedure.

You can also challenge the reasons used to file the warrant and seek to have it declared invalid, forcing the return of your equipment. However, warrants are frequently sealed to protect ongoing investigations and informants, so this option can be difficult to execute. Equipment and media seized during a search may be held until a trial if they contain material to be used as prosecution evidence. Some state laws require forfeiture of the equipment in the event of a conviction?especially if drug crimes are involved.

Currently, a search is not likely to involve confiscation of a mainframe or even a minicomputer. However, confiscation of tapes, disks, and printed material could disable your business even if the computer itself is not taken. Having full backups offsite may not be sufficient protection because these tapes might also be taken by a search warrant if the police know of their location. If you think that a search might curtail your legitimate business, be sure that the agents conducting the search have detailed information regarding which records are vital to your ongoing operation, and request copies from them.

Until the law is better defined in this area, you should consult with an attorney if you are at all worried that a confiscation might occur. Furthermore, if you have homeowners or business insurance, check with your agent to see if it covers damages resulting from law enforcement agents during an investigation. Business interruption insurance provisions should also be checked if your business depends on your computer.

    Part VI: Appendixes