Past Issues of Government Technology

Reducing Computer Evidence Liability

In the Computer Age, law enforcement agencies face new challenges and risks.

by / January 31, 1997 0
In the Computer Age, it is all but impossible to investigate a fraud, embezzlement or child pornography case without dealing with some sort of computer evidence. It is not uncommon to find evidence in a homicide or narcotics case buried deeply within a computer hard disk drive.

As a reaction to the exponential growth of cases involving computer evidence, many law enforcement agencies have recruited self-taught cybercop "experts" to fill the role of the computer evidence specialist. This strategy has some merit. Usually such individuals are highly motivated and, in the case of sworn law enforcement officers, they already have some knowledge of the rules of evidence and have experience testifying in court.

Some departments have chosen to enlist the support of local universities or computer repair shops to help them deal with computer evidence issues. Normally, this strategy is less desirable because many times such individuals do not have law enforcement experience and therefore do not have trial experience or knowledge of the rules of evidence. In either case, it is important that your department's computer specialists get proper training from an accredited training source.

Increased exposure to computer evidence brings an increase in potential legal liabilities. For example, if your department happens to seize the computer books and records of an ongoing business, it is probable that such an occurrence will have a negative financial impact on the operation of the business involved. It gets worse if the records are accidentally destroyed "on your watch." If it can be shown that business records or property were destroyed through negligence on the part of the law enforcement agency involved, legal problems may turn a criminal investigation into the civil lawsuit of the century.

The potential for civil liabilities
are minimized substantially when computers are seized and the computer evidence is processed following accepted procedures. Guidelines approved by the Department of Justice's Computer Crime and Intellectual Property Section dictate the rules of the game.

Again, training is vitally important. You can also substantially reduce your risk of civil liability by making sure that investigators on your staff who may be required to search, seize or analyze computers follow generally accepted forensic computer science procedures. The key is to be able to prove in court that your agency properly trained its employees. The best solution is to send your officers to one of several government or government-funded training courses that offer this specialized training.

Recently, I spoke with Deputy District Attorney Kenneth S. Rosenblatt. Ken and I have struggled together through numerous computer evidence issues over the years as the field of forensic computer science has taken form. He headed up the High-Technology Crime Unit of the Santa Clara, Calif. (Silicon Valley) District Attorney's Office for many years and is the author of High-Technology Crime, one of the top-selling books in the field.

Ken said that "If your officers are negligent, your agency can be held liable for damages. In a few states, even agencies that damage equipment through no fault of their own can be required to pay compensation to innocent third parties."

He also advised that it is important for law enforcement officers to do their homework before executing a search warrant that involves the potential seizure of computer evidence. "If the computer contains a newsletter, draft of a book or any computer bulletin board system, there may be liability under the Privacy Protection Act. You should always seek the advice of your local prosecutor before seizing such computers, even with a search warrant."

In the Steve Jackson Games case, for example, the government paid a healthy fine because agents negligently seized and kept records belonging to a company that published a customer newsletter. The case also suggests that the seizure of a computer system used to provide e-mail services (such as a bulletin board or an Internet service provider) without a warrant may violate the Electronic Communications Privacy Act. Not just any warrant will do for e-mail. The warrant must disclose that the owner of the computer may be using the computer to send or receive e-mail, and that there is probable cause to believe the e-mail may contain evidence of a crime. Needless to say, the popularity of computers has changed the rules of the game for search warrants and computer evidence.

TRAINING GRANTS
The federal government has made the training of local, county, state and federal law enforcement agencies a priority. Numerous federal grants have been awarded for computer evidence training at all levels of law enforcement. Further, the Department of Justice is currently looking at ways to uniformly train law enforcement agencies across the United States and to establish standards which will help them avoid liability problems. In the meantime, some excellent federal and federally funded training programs are available to law enforcement agencies. Federally approved training is probably the best way to avoid many liability problems.

The Federal Law Enforcement Training Center's Financial Fraud Institute in Glynco, Ga., offers numerous computer crime and evidence courses to law enforcement, military agencies and prosecuting attorneys. The course topics span computer seizure issues, computer evidence processing, telecommunications fraud and even Internet issues.

The National White Collar Crime Center (NWCCC) in Morgantown, W.V., is federally funded and also offers several courses to law enforcement agencies which deal with computer crime and computer evidence issues. Their courses are offered primarily to member agencies but approximately 20 percent of the courses are open to non-member law enforcement agencies.

Another source of federally funded training is from SEARCH in Sacramento, Calif. It offers a wide range of training courses. In the interest of keeping travel costs down, the training courses offered by NWCCC and SEARCH are available in various locations around the country. All three organizations are tightly aligned with the Department of Justice, and because they are federally funded, their courses are relatively inexpensive.

Law enforcement agencies don't have a choice. They have to deal with computer evidence at some point. We live in the Computer Age, and with that comes computer evidence. However, proper training and knowledge can certainly make life easier for all law enforcement agencies.

Michael R. Anderson, who retired from the IRS's Criminal Investigation Division in 1996, is internationally recognized in the fields of forensic computer science and artificial intelligence. Anderson pioneered the development of federal and international training courses that have evolved into the standards used by law enforcement agencies worldwide in the processing of computer evidence.

He also authored software applications used by law enforcement agencies in 16 countries to process evidence and to aid in the prevention of computer theft. He continues to provide software free of charge to law enforcement and the military. He
is currently a consultant. P.O. Box 929 Gresham, OR 97030. E-mail: .

"High-Technology Crime" can be obtained through KSK Publications, P.O. Box 934, San Jose, Calif., 95108. Call 408/296-7072.

*


SOLUTION SUMMARY
PROBLEM/SITUATION: Law enforcement agencies need to learn how to handle computer evidence.

SOLUTION: Training and computer courses.

JURISDICTION: U.S. Dept. of Justice, Computer Crime and Intellectual Property Section; High Technology Crime Unit, Santa Clara, Calif.; Federal Law Enforcement Training Center, Financial Fraud Institute, Glynco, Ga.; National White Collar Crime Center, Morgantown, W.V.; SEARCH, Sacramento, Calif.

VENDOR: KSK Publications.

CONTACT: Carlton Fitzpatrick, Federal Law Enforcement Training Center, 912/267-2724; Bill Spernow, NWCCC, 304/291-2080 or ; Fred Cotton, SEARCH, 916/392-2550.