Friday, October 15, 2010

Does Your Expectation of Privacy in Electronic Data Depend on the Name of the File?

A couple of blogs have picked up on the case of Corey Beantee Melton, an Alabama man convicted of possessing child pornography. 2010 Ala. Crim. App. LEXIS 85

Melton took his computer to Best Buy for service. The Geek Squad went to work and found a virus. They also found "several file tags or filenames of a very explicit nature that indicated that the files might contain child pornography." (The Court opinion spares us the exact titles.) The Geek Squad contacted the police, and together the police and the Geek Squad viewed a video that appeared to depict the sexual abuse of a child. The police then obtained a search warrant for the computer.

The rest is predictable – sexually explicit videos and pictures of minors were found, the defendant unsuccessfully tried various BS stories: they were from a previous computer owner/user, they were pop-ups, they were from a virus, yada, yada, yada. . . I say predictable because I prosecuted a lot of these cases and it always ends the same way: conviction.

A couple of the comments on this case have focused on the wisdom – or lack thereof – of bringing your porn filled computer to Best Buy. The Forbes blog noted the obvious: "if you have a porn habit, it's likely to become public knowledge (and possibly public property) if you seek computer help. And if you have a child porn habit, your computer repair may just lead to prison time." And Switched noted another obvious tip for criminals, "next time you save child pornography on your hard drive, you probably shouldn't save it under a name like 'KiddiePornXXX.' Doing so, it turns out, may give law enforcement officials the green light to search and seize your hard drive."

I have little sympathy for those who possess child pornography, and I certainly don't want to make it easier for them to get away with felonies. But I DO want to highlight an interesting Fourth Amendment aspect of this case.

Melton argued that his Fourth Amendment rights were violated because the police opened files on his computer – something that the Geek Squad had not done – and that the content of these open files formed the basis for the search warrant. The Fourth Amendment question, as the court put it, was whether Melton had a reasonable expectation of privacy in the in the files on his computer after he turned the computer over to members of the Geek Squad, or whether he abandoned that expectation of privacy by turning the machine over to a third party.

The court noted that Melton did not limit the actions of the Geek Squad in any way, nor did he attempt to delete or password protect the files. This is pretty straight forward Fourth Amendment analysis, and the court was likely correct in writing "Because he did not retain a privacy interest in those files, the officers did not violate Fourth Amendment principles when they viewed the contents of any of those files, regardless of whether the officers exceeded the scope of the search conducted by members of the Geek Squad."

However, this case is notable because the court went a bit further. The court suggested that a person does not have a reasonable expectation of privacy in files with names that suggested they contained child pornography. (This is the standard Katz test for the lawyers.) The court's reasoning was based on the significant interest of the state in stopping child pornography.

I think this last section of the opinion is a bit scary. The suggestion that whether an expectation of privacy in electronic data is reasonable can be based on the name of the file doesn't make sense. Rather, the expectation of privacy is based on where the file is stored, who has access to the file, and what steps are taken to restrict access or encrypt the file.

No comments:

Post a Comment