January 31, 1997 By Michael R. Anderson
As a reaction to the exponential growth of cases involving computer evidence, many law enforcement agencies have recruited self-taught cybercop "experts" to fill the role of the computer evidence specialist. This strategy has some merit. Usually such individuals are highly motivated and, in the case of sworn law enforcement officers, they already have some knowledge of the rules of evidence and have experience testifying in court.
Some departments have chosen to enlist the support of local universities or computer repair shops to help them deal with computer evidence issues. Normally, this strategy is less desirable because many times such individuals do not have law enforcement experience and therefore do not have trial experience or knowledge of the rules of evidence. In either case, it is important that your department's computer specialists get proper training from an accredited training source.
Increased exposure to computer evidence brings an increase in potential legal liabilities. For example, if your department happens to seize the computer books and records of an ongoing business, it is probable that such an occurrence will have a negative financial impact on the operation of the business involved. It gets worse if the records are accidentally destroyed "on your watch." If it can be shown that business records or property were destroyed through negligence on the part of the law enforcement agency involved, legal problems may turn a criminal investigation into the civil lawsuit of the century.
The potential for civil liabilities
are minimized substantially when computers are seized and the computer evidence is processed following accepted procedures. Guidelines approved by the Department of Justice's Computer Crime and Intellectual Property Section dictate the rules of the game.
Again, training is vitally important. You can also substantially reduce your risk of civil liability by making sure that investigators on your staff who may be required to search, seize or analyze computers follow generally accepted forensic computer science procedures. The key is to be able to prove in court that your agency properly trained its employees. The best solution is to send your officers to one of several government or government-funded training courses that offer this specialized training.
Recently, I spoke with Deputy District Attorney Kenneth S. Rosenblatt. Ken and I have struggled together through numerous computer evidence issues over the years as the field of forensic computer science has taken form. He headed up the High-Technology Crime Unit of the Santa Clara, Calif. (Silicon Valley) District Attorney's Office for many years and is the author of High-Technology Crime, one of the top-selling books in the field.
Ken said that "If your officers are negligent, your agency can be held liable for damages. In a few states, even agencies that damage equipment through no fault of their own can be required to pay compensation to innocent third parties."
He also advised that it is important for law enforcement officers to do their homework before executing a search warrant that involves the potential seizure of computer evidence. "If the computer contains a newsletter, draft of a book or any computer bulletin board system, there may be liability under the Privacy Protection Act. You should always seek the advice of your local prosecutor before seizing such computers, even with a search warrant."
In the Steve Jackson Games case, for example, the government paid a healthy fine because agents negligently seized and kept records belonging to a company that published a customer newsletter. The case also suggests that the seizure of a computer system used to provide e-mail services (
You may use or reference this story with attribution and a link to