Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Reason
Reason
Politics
Orin S. Kerr

The Timing of Computer Search Warrants When It Takes the Government Several Years To Guess The Password

In a decision handed on Friday, United States v. Kopankov, the U.S. District Court for the Northern District of California (Jacqueline Scott Corley, J.) suppressed the fruits of a computer warrant search because it took the government too much time to bypass the device's encryption.  Specifically, the magistrate judge who issued the warrant had imposed an extra limit on the warrant requiring the government to forensically search the seized computer quickly, and to request extensions from the court asking for more time if it needed longer.  But the government could not bypass the encryption on the computer — an Apple iPhone X — other than by trying a "brute force" attack to guess all the possible passwords.  The government did get one extension giving it more time.  But it ended up taking three years for the brute force attack to guess the correct password.  By that time, the extension had itself expired.

In the new ruling, Judge Corley suppresses the fruits of the search because the brute force attack did not succeed until after the extension had expired.  Specifically, the government mirrored the decrypted device (generating a copy to be searched) before applying for another search warrant to search the device. Judge Corley concludes that the mirroring was a warrantless search that requires suppression of the evidence found on the warrant.

I think this ruling is wrong.  Not only should the evidence not be suppressed; there was no legal violation at all.   The government had a valid search warrant, and there is no principle of law that makes a defendant's ability to slow down a search by using encryption a legal basis for suppressing the evidence when the search eventually succeeds.  In this post, I will explain why.

I. Background on Ex Ante Restrictions on Computer Warrants

First, some context.  I have written over the years about ex ante search restrictions in computer search warrants.  These are limits sometimes added to computer warrants that purport to control ex ante the details of how the warrant is executed.  With traditional warrants, the warrant authorizes the search, and Fourth Amendment doctrine regulates the reasonableness of the warrant's execution.  With ex ante restrictions, though, the warrant itself will include detailed limits on how the warrant will be executed.  The limits might be on who can search the device, or when, or where.  It might be about what steps are taken when the warrant is executed.  It's all up to the discretion of the magistrate judge.

One of the issues that has come up from time to time is why or whether ex ante restrictions matter. In particular, if the government violates an ex ante restriction, what is the remedy?

I have argued that there is no remedy.  In my view, as explained in detail here, the Fourth Amendment does not permit magistrate judges to impose ex ante restrictions on warrants.  The law of executing warrants has to be based on Fourth Amendment law, not individual-warrant-condition-by-individual-magistrate law.  As a result, in my view, the government is entirely free to disregard ex ante restrictions and there is no legal wrong, or legal remedy, if they choose to do so.  The government has to follow the law of Fourth Amendment reasonableness, of course.  But individual warrant restrictions don't determine reasonableness; Fourth Amendment law does.

If that seems odd to you, you should read the Supreme Court's decision in Richards v. Wisconsin, on whether a warrant can be executed as a no-knock warrant.  Richards held that the fact that the issuing magistrate had said the warrant could not be executed as a no-knock warrant was irrelevant to whether it could be.  That wasn't a decision for the magistrate judge to make, so the magistrate judge's determination was entitled to zero deference.  Reasonableness was determined by the facts that existed when the agents executed the warrant, Richards held, not the magistrate's view of how the warrant should be executed when reviewing the warrant application.  In my view, that same standard naturally applies to ex ante limits in computer warrants.

II. The Nicholson Precedent in the Eleventh Circuit

A recent decision of the Eleventh Circuit came at least somewhat close to this position. In United States v. Nicholson (2022), the magistrate judge required that the computer to be seized must be forensically searched within 60 days of the warrant being issued.  The government searched the computer after 60 days had passed, however.  The Court ruled that this did not violate the Fourth Amendment, as there was no Fourth Amendment limit on when the forensic search occurred after the computer was seized.  So far, so good.

Nicholson erred, though, in my view, at the next step.  Instead of saying that there was no remedy at all, however, the court (per Brasher, J.) stated that the ex ante warrant violation was "comparable to a violation of Rule 41 of the Rules of Criminal Procedure, which contains a temporal limitation similar to the magistrate judge's addendum."  This is, to my mind, rather puzzling. We normally base remedies on the source of the law violated, not whether the violation resembled a violation of some other authority that serves a sort of similar function as the one at issue.  But that led the court to look at whether there was an intentional violation of the ex ante restriction,  part of the Rule 41 suppression standard.  Because the violation of the ex ante restriction was unintentional in that case, there was no suppression of the evidence.

Whatever you think of Nicholson, at the very least it should be clear, from Richards, that ex ante restrictions are not themselves binding and are not themselves Fourth Amendment law.  A magistrate judge can add any restriction they want to the warrant, at least in theory.  Maybe the restriction is that the forensic process can only be executed if the forensic expert's middle name is Herbert, or if it's Tuesday between 2:00 and 2:07pm, or if the forensic expert is listening to John Coltrane's "A Love Supreme."  These are not restrictions on reasonableness, as reasonableness is already provided by Fourth Amendment law; all the ex ante restrictions can do is add non-Fourth-Amendment-limits outside reasonableness.

III. The new decision in United States v. Kopankov

In the new case, the  government seized the defendant's iPhone on the defendant's arrest on April 3, 2019.  On April 9, 2019, six days later, it obtained a warrant to search the phone.  The local forensics lab couldn't break into the phone, though, so the phone was sent to the FBI.  In 2020, the FBI started a brute force attack on the phone to try to get in, repeatedly guessing combinations of 6-digit passcodes.  The brute force attack succeeded three years later, on May 2, 2023.

What's the problem?  The 2019 warrant had an attachment, Attachment C, in which the warrant had a condition that the government had to execute the warrant in a certain number of days.  In particular, there was a time limit on how quickly the government had to make a mirror image of the phone to begin the search. When the brute force attack began, the government applied for and obtained an extension of that time, until June 20, 2021.  But the brute force attack didn't succeed until almost two years later, in May 2023, at which time a mirror image was made before the government applied for another warrant to search the image.

So what's the legal relevance of the violation of the ex ante restriction?  Judge Corley treats the violation of the ex ante restriction as if it nullified the existence of the warrant.  Because the government did not get another extension, and the brute force attack did not succeed until after the extension had expired, any search that occurred after the extension expired was warrantless and therefore violated the Fourth Amendment.  Judge Corley puts this starkly: "The government got a warrant. But it expired."

As I explained above, that is completely wrong, in my view.  See Richards, etc. But with that faulty premise as the foundation, Judge Corley then looks to whether the government engaged in a post-expiration search.  The government argues that it made the mirror-image but did not search the phone before it applied for another warrant.  But Judge Corley concludes that making an image is actually a search:

The examiner declared he "physically took the device, unlocked the device using the passcode, and plugged it into a GrayKey device (which resembles a small box), using the DEVICE's 'lightening' port." (Dkt. No. 304-5 ¶ 33.) And he did so to download the contents of Defendant's phone onto a USB drive. (Id. ¶ 32.) Put differently, that physical invasion into Defendant's constitutionally protected device downloaded "the privacies" of Defendant's life. Riley, 573 U.S. at 403. That physical invasion constitutes a search. Cf. United States v. Sam, No. CR19-0115-JCC, 2020 WL 2705415, at *2 (W.D. Wash. May 18, 2020) (powering on a phone to take a photo of the phone's lock screen constituted a physical search).

Because it was a search, it was a warrantless search, and the evidence found on the phone is a fruit of that unlawful mirror image should be suppressed:

The examiner effectively stood on Defendant's doorstep and tried fitting different keys into his front door lock for years after the warrant expired. Then, when the door finally opened, the government entered the threshold and seized the information therein and reviewed some (but admittedly not all) of it. Now the government asks to excuse this unlawful entry because the government "had been hoping for the phone to be accessed for years." (Dkt. No. 304 at 8.) Maybe so. But they only got a warrant after the illegal search yielded the information they hoped for. Put differently, if the government's conduct were excused here, [the list of ex ante restrictions], which was expressly part of the warrant, would become a nullity because its carefully calculated time limits would be meaninglesss.

Further, the good faith exception applies because deterrence is needed to make sure the government stays focused on getting lots of extensions for phone warrants over the years to allow brute force attacks to go on:

The government claims this situation is unlikely to reoccur. But the evidence is to the contrary. The government's declarations describe "entire racks of phones" undergoing "brute force attacks for years." (Dkt. No. 304-4 ¶ 11.) So this not only can, but will happen again unless the government ensures it has a valid—and generally required warrant to peer inside those phones. Riley v. California, 573 U.S. 373, 386 (2014). Exclusion here will ensure greater care is taken with such devices.

IV.  My View

I think Judge Corley's decision is wrong, and that it's wrong in a way that points out the absurdity of ex ante search restrictions. Think about it.  The government had a search warrant based on probable cause.  The Fourth Amendment permitted the government to search the phone.  If the government had been able to break into the phone quickly, that would have been legally fine.  The government was trying to execute the warrant, but the only way to get in was a brute force attack that could —and did— take years.  Under prevailing caselaw, there is no Fourth Amendment limit I'm aware of on how long the government has to execute the warrant by trying to break into the seized phone.

But under the new decision, the evidence found on the phone is suppressed because the brute force attack happened to take longer than the date the magistrate judge listed as a new date when the government obtained the extension.   This seems pretty bananas to me. The magistrate judge doesn't know anything about computer forensics or how long the brute force attack is going to take.  Why should the magistrate judge get to say if the government is allowed to continue its efforts to execute the warrant?  The Fourth Amendment requires the government to have a warrant, of course. And the government had a warrant here, that it was earnestly doing its best to execute.  Requiring the government to exercise "greater care" to make sure it is keeping up with a series of requests to continue to make the brute force attack on a bunch of seized phones — requests not required by the Fourth Amendment, which is the law that should count in the first place — seems exceedingly odd to me.

I realize that some will say, well, the magistrate judge sets the rules.  They are the Law Lords and, from on high, they decide what is authorized under the warrant.  But again, that's the exact opposite of what the unanimous U.S. Supreme Court held in Richards v. Wisconsin. There, the magistrate's decision that the warrant could not be executed as a no-knock warrant was not only not binding; it was 100% irrelevant.  To me, it seems exactly the same with ex ante restrictions on warrants.  How the government executes warrants is up to appellate courts and the Fourth Amendment law of reasonableness, as adjudicated ex post.  It is not up the whims of individual magistrate judges as imposed ex ante.

The post The Timing of Computer Search Warrants When It Takes the Government Several Years To Guess The Password appeared first on Reason.com.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.