When seeking warrants for email accounts, the Government often asks for all email content stored in the account, even when an investigation relates only to use of the email account for a period of time or for a single purpose. The Government often argues (as it does in searches of computer hard drives) that over-seizing evidence is necessary because a search for relevant emails prior to production from the e-mail provider is not practicable. Instead, it employs a “two-step procedure” of seizing everything and then searching it later, but then retains all of the seized evidence pending trial.
In In re Search of Information Associated with Fifteen Email Addresses, No. 17-CM-3152 (N.D. Ala. July 14, 2017), the Magistrate judge rejected the Government’s two-step methodology in denying a series of warrant applications for 15 separate email accounts held by Microsoft, Yahoo, and Google. Each warrant, which was part of an investigation into tax fraud and identity theft, sought the contents of each email account with no restrictions as to date range or the content of particular emails to be seized.
The Magistrate denied the warrant applications, stating the Government could not seize emails that were not clearly within the scope of the probable cause it established. The Government had argued that many courts had previously approved its two-step procedure of over-seizing and then later searching evidence, but the Magistrate rejected that argument, stating that
the intrusion on the email users’ privacy is substantial: every significant detail relating to the email account, including the content of every communication ever sent or received, is to be provided to the Government for inspection on terms and conditions known only to the Government, and to be retained by the Government indefinitely with no manifest restriction on the Government’s ability to repeatedly view the contents of all email communications.
The two-step procedure thus would have resulted in an overbroad seizure that could not be justified by the narrower probable cause in the Government’s warrant application. The magistrate noted that while some of the 15 email accounts were extensively involved in the scheme, others were only described as having received an email or two on a single day. The Magistrate questioned the Government’s rational for obtaining so much content and retaining it indefinitely for that particular account, rhetorically asking:
Do three possibly incriminating emails spaced over five minutes one morning in 2017, supposedly in furtherance of an identity theft scheme beginning in 2015, justify the wholesale disclosure and unfettered inspection and retention of every email ever sent or received by that email account, no matter how many years prior to 2017 or 2015 such emails might have originated?
Rather than allow such a broad seizure for each email account the Magistrate suggested that the Government at least limit the date range of the emails to be seized to after December 31, 2014.
The Magistrate also expressed concern that he had not received any information about the Government’s protocol for review and handling of non-pertinent information. The applications did not indicate that the information would be destroyed, segregated, or quarantined from investigators. Instead, the Magistrate observed, that email would remain available as a “treasure trove” of personal information for the Government to search and re-search as necessary.
Not surprisingly, the Government has already filed a motion for review of the Magistrate’s order by a district court judge. The 37-page motion makes essentially two arguments. First, that the Government’s offer to narrow the information sought to emails sent or received after December 31, 2014 was sufficient to address the Magistrate’s concerns and link the scope of the search to the government’s probable cause. And second, that the government’s “Two-Step” procedure is reasonable because it sufficiently protects target’s Fourth Amendment rights by limiting the Government’s use of data, and the Government would be unduly burdened by having to search the data before seizure. The Government also argued that destroying data would be burdensome and, because it is copied to so many computer systems for review, doing so could damage the metadata provided with the production. Further, the Government argues that destroying data not specifically related to probable cause could violate Brady if the data destroyed was exculpatory or favorable to the defendant.