Evidence has traditionally taken one of two different forms —  a physical thing, such as a document, or a statement from an eyewitness to an incident. In general, gathering relevant evidence was never more difficult than gathering a bullet casing from a crime scene. However, everything has advanced since the invention of computers. A lot of evidence has now become available in digital formats.

Law enforcement agencies have adapted to changing technologies, and police are getting more proficient in seeking and gathering digital information on mobile devices and computers. However, the justice system has struggled to keep pace with law enforcement agencies in terms of identifying emerging technologies.

Currently, both police departments and the court system are confronted with a new challenge: cloud-based digital evidence. Due to technological advancements, the police must switch from conventional passive investigations to a new paradigm that emphasizes live recoveries. Our attorneys at Virginia Criminal Attorney can examine all the evidence obtained against you so that we can devise a suitable defense strategy for your charges. Get in touch with us if you are in the Northern VA and Fairfax area.

Digital Evidence and the Need For Access to Records

Computers and the Web have become part of everyday life in today’s world. Each day, millions of people spend countless hours on mobile devices and computers sending and receiving email, surfing the Internet, maintaining databases, and engaging in a range of other pursuits.

Unfortunately, lawbreakers have not been spared from this age of online information. In the process of carrying out criminal acts, they utilize cell phones, computers, as well as network servers, since in some situations, computers give the easiest means to perpetrate crimes. For instance, the Web can be utilized to send death threats through email, initiate hacker attacks against unprotected computer networks, spread malicious programs or send child pornographic materials.

In other circumstances, computers are often used as convenient storing systems for evidence of crimes. A heroin dealer, for instance, may keep a record of people who owe him or her money in files on his personal computer, and even money laundering businesses may keep fraudulent financial documents in a file on a server. Practically every type of unlawful activity can entail some sort of digital proof.

Because of the enormous rise in computer-related crimes, prosecutors, as well as law enforcement officers, must learn how to collect digital evidence saved on computers. Digitized records like computer network records, emails, word processing files, and image files are increasingly providing crucial (and often essential) evidence to the authorities in criminal prosecutions.

Even administrative third parties keep a variety of records, from the most basic to those documenting the most intimate parts of an individual's life, and so when such documents are held digitally, accessibility and distribution expenses are reduced. These records can contain information like messages showing fraudulent activities, medical evaluations, prescriptions, online browsing history, banking transactions, physical addresses, library and bookstore transactions, loans, or even a person’s consumption preferences.

Acquiring records held by organizational third parties could aid in the identification, investigation, prevention, as well as discouragement of criminal activities, the security of the community and police personnel, as well as the arrest and conviction of lawbreakers, and could be the least adversarial means of getting required evidence.

Authorities go to tremendous lengths to gather and assess digital information for its significance. Digital evidence is persuasive and strong. GPS data detailing where and when abduction victims traveled; phone calls, e-mails, as well as text messages confirming malicious acts; and financial documents disclosing the takings from a fraudulent act are just a few examples.

The police are experienced with recognizing objects such as computers, storage devices, and mobile phones that could carry significant digital evidence. In these situations, they can pick out a physical location where the evidence is held, go to that site, seize the necessary data, and review it inside a laboratory.

Throughout the 1980s, in reaction to emerging technologies like Web-based platforms and email, where the digital information was not stored in a specified physical place, federal legislation was modified to enable investigations to be conducted by the host, and send the findings to the police. Even this evolution could now be thwarted by the growing complexities of cloud technology.

Devising a Search Strategy

To fully understand why the cloud is protected by the Fourth Amendment, you need to first be cognizant of what the cloud is, how it differs from using a computer, as well as what privacy issues cloud network utilization entails. Even people with a computing background find it difficult to properly understand the aim and functions of the cloud.

Simply put, cloud computing is a symbol of the "latest innovative" means of interacting with the Web. It is the latest innovation in the world of remote computing. It lets a user save his or her data and media on remote servers, or the "cloud," rather than to his or her physical hard drive. A user then can view his or her information from any gadget that can connect to the internet.

Government agents' authority to search for and take evidence without the need for a  search warrant is limited by the Fourth Amendment. Seizing of property happens when there's some substantive infringement of a person's possessory rights in that item. Surveillance of immaterial communications has also been regarded as a seizure by the Court.

Additionally, it is regarded as a seizure if the Court has ruled that the "search" happens when "a substantial right to privacy has been invaded." If the federal government's actions do not breach an individual's "legitimate right of privacy," they are not considered "searches" under the Fourth Amendment, and thus no search warrant is needed.

Furthermore, if a search without a warrant infringes an individual's legitimate right to be left alone but lies within an acknowledged exception to the search warrant, it'll be permissible.

As a result, while determining whether a federal search of someone's computer demands a warrant, authorities must weigh two factors. Is the search warrant, first and foremost, in violation of a justifiable presumption of privacy? If it is, is the seizure and search still legal because it comes under one of the exceptions to the search warrant requirement?

Before crafting a warrant petition and affidavit, it's important to think about what kind of information a search could reveal. Many different sorts of evidence can be found on a hard drive. A search technique should be developed after evaluating the computer's potential role in the crime.

A Twofold Problem

Inside a cloud-computing context, conducting law enforcement investigations creates a two-fold challenge. For starters, there is little, if any, information belonging to computer users in a particular geographic place. Secondly, and more importantly, even if the data is retrieved, it might not be possible to convert it to a human-readable format.

The majority of court-ordered search warrants for the acquisition of digitalized evidence currently relate to a specific place. This is reasonable given that many attorneys and judges are unfamiliar with how computerized evidence functions. They frequently make the comparison between a computer's hard disk drive and a storage cabinet. Storage cabinets, such as computers, have files and documents, so it is understandable. They are usually located in a particular location, therefore search warrants for records are frequently written in the same manner as those for records in a storage cabinet. Unlike a storage cabinet, nonetheless, the police may not understand the exact location of the digitized material before beginning the search.

In major corporations and government agencies, internet users are frequently linked to a system through a computer that just serves as a terminal. Although the computer has a hard drive and a working system, the bulk of the information is stored on a separate computer. The information seems to be retained on the device from the user's point of view. The viewer can read the information on the display, run applications, then download and save information.

However, the information is fully saved on servers situated elsewhere on the internet behind the curtains. E-mails are preserved on one server, files, and photos on another, then programs and programs on another. Since all of the crucial records are usually kept on other data computers, the investigators will find little or no data when they just search the computer of the user.

Cloud Computing

This is comparable to traditional computing, although these files are saved online rather than on the provider’s network. The user often rents cloud computing services from his or her provider who manages the software as well as data storage solutions, which can be in a local data center, distributed over numerous data facilities, or kept in foreign nations. The issue is that locating where this information is actually stored could be challenging—even the users may be unaware of their location.

If the user has little control over the connection, as is the case with tablet devices and mobile phones, the users may not even be able to ascertain where the information is physically situated. Similarly, due to service-level contracts, the service providers may have actual access to the information but maybe not the means to look for or retrieve it, as information is frequently encoded with a code only the users have.

If the investigators are looking for files saved in the cloud, simply seizing and inspecting the phone or computer that was used to access the cloud might not be enough. At most, this could reveal that there was once a link to the information, comparable to trying to search a facility or workplace where files used to be stored.

Searching and Seizing Computers With a Warrant

Given the rising complexities of cloud services, regulations that relate to court-ordered search warrants that pertain to addressing these difficulties could be contested. Presently, there are 2 sorts of warrants in use for criminal investigations. The first one is a typical search warrant that is issued under Federal Rules of Civil Procedure Rule 41 and encompasses a search warrant for a specific location.

The other is a warrant issued under US Code Title 18. Crimes and Criminal Procedure § 2703, which allows the court to order evidence stored by cloud service providers who are in another jurisdiction.

Previously, investigators have used warrants issued under Section 2703 to investigate email services, with the search being carried out by the providers who supply all of the user's emails, whereby the investigators then evaluate for content permissible under the warrant's scope.

Investigators can utilize legal processes in accordance with the laws of the host countries to get data from abroad. In one case, when executing a warrant to search for information on a PC in the country investigators discovered a direct relationship to information in another country. They took advantage of the ability to download information from a device in another country. In this case, the court determined that the information might be utilized against the defendant in court. Authorities should be mindful, nonetheless, that conducting a global investigation without the approval of the host country can result in further complications.

Even though the investigator is successful in locating the information in the cloud and seizing it with proper legal authorization, this might not be useful. This is the reality because of the rising adoption of encryption, virtualization, and database systems.

  • Virtualization

This is the notion of running several operating systems and applications on a computer. People can utilize virtual devices on their desktop computers, even though they are more typically found on huge networks and, in specific, cloud computing. This could be a problem for investigators, if the virtual server is in the cloud or not, since the information in a virtual environment is practically stored in such a manner that it's only accessible only when the virtual device has been turned on.

Regarding cloud computing, the body in charge of ultimate control over the machines that house the virtual environments is unlikely to know the passcode required to operate them. To connect to a virtual computer or decode files required to access data, passwords are frequently necessary. Authorities could be able to find the actual server where the data is stored, but they won't be able to see it since it's stored in a virtual environment that needs a password.

  • Encryption

Due to high-profile security breaches, encryption has become more common. When information is stored or transferred across networks, it is often encrypted. Encryption assurances are frequently included in service-level terms between the cloud service provider and their customers, preventing the provider and anybody other than the users from obtaining unencrypted data. Since users demand that only they and nobody else may see their information, cloud computing necessitates high degrees of encryption. This implies that the investigators could be able to track down the physical servers housing the material and confiscate it, but they will not be able to access it due to encryption.

  • Relational Databases

These are a type of database that stores data in records depending on connections between different bits of information. The concept of a database system is hard to explain to courts. A coffee machine, for instance, includes all of the necessary coffee components: coffee, water, sugar, and powdered milk, among other additions. To produce a Caffe mocha, the user simply presses a button, then the vending machine instantly selects the appropriate ingredients to make this coffee. If its user simply searched the device for mocha lattes, there would be only the necessary ingredients. Relational databases function similarly, except that rather than ingredients, they contain data fields, where the software program runs the device that assembles the pieces to answer a query from the user. Relational databases may be found in the cloud or distributed across larger networks.

Although the data columns are not always held on a particular computer, database software allows the users to enter data and run searches from a given computer. This program controls where the information is kept as well as how it can be retrieved in a user-friendly manner. The information would seem to be a sequence of useless data fields without the right tools.

A worst-case scenario exemplifies the issues. An investigator in a healthcare fraud probe is looking for information about a physician who is illegally prescribing drugs. The investigator is aware that the hospital has a computer system with crucial records.

One record could have patients' details, another could include their addresses, a third might contain prescribed drugs, and a fourth may have details about the physicians seeing the doctors. Medical workers can use software to enter data and run searches. The investigator may require a listing of all clients of a specific medical practitioner who have also been given a specific drug. The findings might not be quite as predicted when the investigator merely walks up to the physician's office carrying a search warrant for all the devices in the facility.

The physician's computers in the examination room, which are used to input information and view health records, might not keep any patient information. This computer could just be an interface that allows you to view information held in numerous locations. Patient personal details, for instance, could be stored on a device inside a computer system room that uses virtualization, but drug records could be kept by an independent vendor and connected to the patients through an encoded value.

At the same time, the doctor's files might be preserved in the HR computer department of the medical firm. A relational database system kept on hand can link all of this information together. Since all of the information will most certainly be encrypted, even if a particular computer is confiscated, analyzed, and decoded, the information would remain to be a useless list of unconnected records.

This only stands to reason if the complete set of information is accessed simultaneously with the appropriate software and credentials. The information cannot simply be taken and inspected in the laboratories owing to the sensitivity of cloud technology, encryption, as well as the functioning of relational database systems dispersed across multiple sites.

Viable Remedies to Challenges Arising During the Search Process

The most standard way is to execute a search warrant against a cloud provider using Section 2703, similar to how e-mail providers are searched. This is useful for delivering transaction data, like payments, and can operate in an easy setting, like an e-mail service. Cloud providers, on the other hand, may lack comprehensive access to client data held on their servers and are often unable to offer information in a comprehensive or useful way.

Another option is for the investigators to look in a similar way that users would, using the computer powered on and internet-connected. In this case, the investigator will require accessibility to the user's computer, relational database tools as well as a cloud connection. The investigators can explore merging two warrants to search, one on the owner of the computer for the place being examined using Rule 41, and another on the provider of the cloud for the information whereby the computer is linked using Rule 2703.

The investigators will need to know how to use database software and run searches with this method. These inquiries must adhere to the terms of the warrant issued. Because activities made on a live network will affect the data in the system, the investigators must perform the investigation cautiously. It might be conceivable to get a simple search warrant incorporating the principles of both Rule 41 and 2703 using this manner; nonetheless, there's no legal precedent as to how to execute this technique yet.

Find a Criminal Attorney Near Me

There is a wealth of data in private and federal databases that could help law enforcement identify and pursue crime and terrorist acts. Because most of this data is personal, the authorities shouldn't be able to collect, view, or utilize it at their leisure. If the state requires non-public data about a named suspect, it needs to be able to show that it has reasonable suspicion of the infringement. If it uses a profile to find suspects via a database search, it needs to make sure it achieves the required proportionality-derived strike rate, prevents illegitimate prejudice, is available for probing, and is used with the understanding that everyone found needs to be subject to additional inquiry. We at Virginia Criminal Attorney will review the evidence obtained through the internet and if it was done under the law, and we can use that to build a defense strategy. Get in touch with us at 703-718-5533 if you are in Northern Virginia and Fairfax.