Computer Evidence

Potential Law Enforcement Liabilities

by Michael R. Anderson

Computer evidence has become a 'fact of life' for all law enforcement agencies. Personal Computers, the Internet and the use of word processing and spreadsheet programs, have changed the way the world does business. It is amazing that this has taken place over the span of just a few years. It is sad but true. Those agencies that don't yet have the capability to deal with computer evidence issues, may not be fully capable of providing law enforcement services to their citizens. Typewriters have vanished and floppy diskettes and hard disk drives have taken over the business world. Even home offices today are not complete without a computer and an Internet hookup.

Now that documentary 'best evidence' has moved from sheets of paper to disk, it is important for all law enforcement agencies to evaluate their readiness and ability to deal with computer evidence. Currently, it is all but impossible to investigate a fraud, embezzlement or child pornography case without dealing with some sort of computer evidence. In the 'computer age' it is not uncommon to find evidence in a homicide or narcotics case buried deeply within a computer hard disk drive.

As a reaction to the exponential growth of cases involving computer evidence, many law enforcement agencies have recruited self taught cyber cop 'experts' to fill the role of the departments computer evidence specialist. This strategy has some merit. Usually such individuals are highly motivated and in the case of sworn law enforcement officers they already have some knowledge of the rules of evidence and have experience testifying in court. Some departments have chosen to enlist the support of local universities or computer repair shops to help them deal with computer evidence issues. Normally, this strategy is less desirable because such individuals many times do not have law enforcement experience and therefore do not have trial experience or knowledge of the rules of evidence. In either case, it is important that your department's computer specialists get proper training from an accredited training source. More on training later.

Increased exposure of law enforcement agencies to computer evidence also brings with it potential hazards tied to legal liabilities. By way of example, if your department happens to seize the computer books and records of an ongoing business, it is probable that such an occurrence will have a negative financial impact on the operation of the business involved. It gets worse if the records are accidentally destroyed 'on your watch'. If it can be shown that business records or property was destroyed through negligence on the part of the law enforcement agency involved, legal problems may turn a criminal investigation into 'the civil law suit of the century'. The potential for civil liabilities are minimized substantially when computers are seized and the computer evidence is processed following accepted procedures. In this area, guidelines approved by the United States Department of Justice, Computer Crime and Intellectual Property Section dictate the rules of the game. Again, and I can't stress it enough, training is vitally important. You can also substantially reduce your risk of civil liability by making sure that investigators on your staff who may be required to search, seize, or analyze computers follow generally accepted forensic computer science procedures. The key is to be able to prove in court that your employees were properly trained. In the case of law enforcement agencies, the best solution is to send your officers to one or more of the various government or government funded training courses that offer this specialized training. Private training for law enforcement computer specialists is also available through associations, some universities and offers training in computer forensics to law enforcement agencies at a substantial discount.

As part of my research in writing this article, I had occasion to speak with Deputy District Attorney, Kenneth S. Rosenblatt. Ken and I have struggled together through numerous computer evidence issues over the years as the field of Forensic Computer Science has taken form. For those of you who don't know Ken, he headed up the first High-Technology Crime Unit of the Santa Clara, California (Silicon Valley) District Attorneys office for many years and is the author of one of the top books in the field, High-Technology Crime. I recommend his book for anyone that is seriously interested in learning about high-technology crime, forensic computer science, and search and seizure issues involving computer evidence. It can be purchased from NTI at a discount. If you would like more information, Click Here for Information about the book.

In my conversation with Ken, I posed several questions regarding law enforcement liability issues. As to the inadvertent loss of computer business records due to negligence on the part of the officers, Ken advised that, "If your officers are negligent, your agency can be held liable for damages. In a few states, even agencies that damage equipment through no fault of their own can be required to pay compensation to innocent third parties." He also advised that it is important for law enforcement officers to do their home work before executing a search warrant that involves the potential seizure of computer evidence. "If the computer contains a newsletter, draft of a book or any computer bulletin board system, there may be liability under the Privacy Protection Act." It is not enough to know how to run just a computer forensics piece of software and then call yourself an expert. You really have to know what you are doing; know your software tools; and document your findings.

You should always seek the advice of your local prosecutor before seizing such computers, even with a search warrant." The Steve Jackson Games case comes to mind on this issue. In that case, the government paid a healthy fine because the agents 'negligently' seized and kept records belonging to a company that published a newsletter to its customers. The Steve Jackson Games case also suggests that the seizure of a computer system used to provide E-mail services (such as a bulletin board or an Internet Service Provider) without a warrant may violate the Electronic Communications Privacy Act. As it relates to e-mail, not just any warrant will do; the warrant must also disclose that the owner of the computer may be using the computer to send or receive E-mail, and that there is probable cause to believe that E-mail may contain evidence of a crime. Needless to say, the popularity of computers has change the rules of the game when search warrants and computer evidence is involved.

The federal government has made the training of local, county, state and federal law enforcement agencies a priority. Numerous federal grants have been awarded for computer evidence training at all levels of law enforcement. Furthermore, the Department of Justice is currently looking at ways to uniformly train law enforcement agencies across the United States and to establish standards which will help law enforcement agencies avoid liability problems. The FBI developed Automated Computer Evidence System (ACES) has been completed and training and free computer forensics software will be made available to local, state, county and federal law enforcement agencies when distribution channels have been established. In the mean time some excellent federal and federally funded training programs are available to law enforcement agencies. Completion of at least one federally approved training course is probably the best way to avoid the liability problems discussed above and others that haven't been mentioned. Such training can be supplemented with private training courses.

The Federal Law Enforcement Training Center (FLETC) , Financial Fraud Institute in Glynco, Georgia offers numerous computer crime and evidence courses to law enforcement agencies, military agencies and prosecuting attorneys. The course topics span computer seizure issues, computer evidence processing, telecommunications fraud and some Internet issues. Although FLETC is a federal training facility, many of its courses are available to local, county, state and foreign law enforcement computer specialists. I help with these training sessions as much as possible by donating my time to assist law enforcement agencies with training needs and computer evidence issues.

The National White Collar Crime Center (NWCCC) in Morgantown, West Virginia is federally funded and also offers several courses to law enforcement agencies which deal with computer crime and computer evidence issues. NWCCC courses are offered primarily to member law enforcement agencies but about 20% of the courses are open to non-member law enforcement agencies. I am a member of their Training Advisory Board and know that they are working on the development of new and exciting law enforcement training courses. These new courses will supplement their existing quality training courses.

Another source of federally funded training is The SEARCH Group in Sacramento, California. Thanks to the talents and hard work of Fred Cotton and his staff, SEARCH offers a wide range of law enforcement training courses for a reasonable price. SEARCH also has an excellent Internet investigations course that is made available to law enforcement agencies.

In the interest if keeping travel costs down, the training courses offered by NWCCC and SEARCH are available at various locations across the United States. All three organizations (FLETC, NWCCC and SEARCH) are tightly aligned with the United States Department of Justice and because they are federally funded, the cost of their law enforcement training courses is within reach of most agencies.

The International Association of Computer Investigative Specialists (IACIS) also provides computer evidence training to law enforcement computer specialists. It is a non-profit association that Tom Seipert and I co-founded back in 1989. IACIS training is conducted once a year for a two week period in Orlando, Florida. It is unique in that it also offers certification to individuals who successfully complete the IACIS certification programs. Get your name in early on this one though because the training slots fill quickly and they are limited.

New Technologies Inc.(NTI) was created in 1996 primarily to deal with corporate security and computer investigation needs. NTI's Training Courses are built around new automated fuzzy logic software tools (patent pending) that are ideal for computer evidence processing, computer security risk assessment and electronic document discovery. NTI's 5 Day Computer Forensics Course is ideal for law enforcement computer specialists who have been already trained. This is because NTI's training does not cover issues related to search warrants, etc. It is also more technical than most of the other training courses and it is meant to provide meaningful training to individuals who are already computer experts. When training slots are available, substantial discounts are passed on to law enforcement computer specialists. More information can be obtained about the NTI computer forensics tools and NTI's Training Courses can be found on this web site. NTI also offers substantial discounts to trained law enforcement computer specialists concerning the purchase of automated computer forensics software tools.

The University of New Haven offers one day computer forensics courses to law enforcement computer specialists. These courses are certificate courses that deal with the use of computer forensic tools in the discovery and processing of computer related evidence. This course is made available in California, Oregon, Washington, Oklahoma and at the university campus. Thanks to the efforts of Howard Schmidt at Microsoft (formerly Director of Computer Crime Investigations at US Air Force, OSI) some of these courses will be made available at the Microsoft Corporation campus in Redmond, Washington.

As I see it, law enforcement agencies don't have a choice. They have to deal with computer evidence at some point. We live in the computer age and with that comes computer evidence. However, proper training and knowledge can certainly make life easier for all law enforcement agencies in dealing with the computer age.