If you recall, I wrote earlier about the E.D.N.Y holding that the government's failure to examine data after 15-months was a seizure under the Fourth Amendment - see: Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure. Well, it appears the government continues to have issues in this regard.
In United States v. Collins, 2012 U.S. Dist. LEXIS 111583 (N.D. Cal. Aug. 8, 2012), the government's motion to reconsider an order to return evidence was denied. The evidence was data that "fell outside the scope of the 27 warrants by which over 100 of the defendants'computers and other digital devices (including storage media) were seized."
The defendant, Collins, is part of a large group of people that were rounded up last year after the DDOS attack on Paypal. The attack was allegedly perpetrated by Anonymous, and used the Low Orbit Ion Cannon to achieve its goal. You can see the DOJ announcement, here: Prosecution of Internet Hacktivist Group "Anonymous," and some of the proceedings of the case, here (including a description of what allegedly occurred, and the criminal charges).
The facts are somewhat similar to Metter (the case my article above is on), in that in an extraordinary amount of time the government failed to deal with seized data. In the courts words:
almost a year and a half after presenting the warrants, the government has yet to take any meaningful steps to isolate non-targeted from targeted dataThe government's arguments for reconsideration of the order on March 16, 2012 (nearly 5 months ago, and many months after the original seizure) are that:
(1) identifying non-targeted data might be difficult; (2) certain non-targeted data might be useful in understanding data that is clearly targeted; and (3) disaggregating non-targeted from targeted data might be unduly burdensome and expensive; (4) allowing only the defendants to keep a complete copy of the seized data might deprive the government the ability to challenge exculpatory non-targeted data and thus would be unfair.The court was unconvinced by the governments justifications, and essentially chided the government for arguing a position that would essentially allow them to keep data they were not authorized to seize (possibly indefinitely) and which would nullify the government's pledge in search warrants to return such data. In the courts words:
If separating non-targeted data from targeted data and devices lawfully retained as criminal instrumentalities is too hard here, it presumably is too hard everywhere. In what case where a storage device is seized lawfully could a defendant or other subject of a search warrant ever secure return of data that the government had no right to take? Just about every storage device can be searched more easily with automated scripts than manually. Just about every storage device has non-targeted data that might prove useful to understanding the data that was targeted. Just about every storage device has deleted files in unallocated space. If the government's argument were accepted here, so that it need not return even one bit of data that is clearly outside the scope of the warrant, the court thus would render a nullity the government's pledge in just about every search warrant application it files in this district that it will return data that it simply has no right to seize.To me, it's hard not to wonder if there is a systemic problem going on with how the government is handling cybercrime cases and the plethora of evidence that they tend to produce - according to this transcript, there were at least 9 terabytes of data that had to be analyzed. That is certainly a lot of data, but as the court in Metter stated, there has to be a line drawn somewhere when retention of data transforms from investigatory to a violation of the Fourth Amendment.