Privacy advocates may have found an unlikely hero in the form of Steve Warshak (pictured left), CEO of embattled Berkley Nutraceuticals. In a 19 page ruling, a federal district court in Ohio has barred the US Government from seizing stored emails in several email accounts at ISP’s used by Warshak. However, a separate ruling by a different judge of the same court raises serious concerns about how digital data seizure and discovery should be conducted in order to preserve chain of custody and protect against the inadvertent disclosure of privileged material.
We have previously discussed in this blog the FTC issues faced by Berkley, maker of the “natural male enhancement” supplement Enzyte and several other supplement products. To read our prior post on the FTC investigation of Berkley’s continuity program, click here. Berkley’s current legal issues stem from a federal prosecution for new offences based upon the similar acts and practices described in the prior FTC investigation.
The latest rulings come in cases brought by the company against the government. The decisions concern evidence seized by the government to build its criminal case against Berkley and Warshak.
The first decision came in the case brought by Berkeley to enjoin the government from issuing subpoenas to ISP’s to seize stored emails. The government issued subpoenas under a subsection of the Stored Communications Act (SCA), 18 U.S.C. § 2703(d), to seize the contents of emails that were older than 180 days. Generally, a seizure of this sort requires a court order reviewed and issued by a judge based on probable cause. However, the standard of proof required for subpoenas is lower. The prosecutor only needs to possess “specific and articulable facts showing that there are reasonable grounds to believe that the contents” of the email account to be seized “are relevant and material to an ongoing criminal investigation.” As the court noted, this standard “falls somewhere short of probable cause.”
Warshak and Berkley argued that the use of bare subpoenas issued on less than probable cause violated their rights under the Fourth Amendment, and the Court agreed. Relying on cases that hold that “closed packages and containers may not be searched without a warrant” issued upon a showing of probable cause, the Court determined that emails stored in personal accounts on the servers of commercial ISPs to the contents are like “[l]etters and other sealed packages” shipped by public or private carriers, a class of effects for which warrantless searches are “presumptively unreasonable.” See U.S. v. Jacobsen, 466 U.S. 109, 114 (1982)(While “government agents may lawfully seize” such effects “to prevent loss or destruction of suspected contraband, the Fourth Amendment requires that [government agents] obtain a warrant before examining the contents” of letters or packages.)
The Court rejected the government’s argument that a personal email held by a commercial ISP was more like a postcard amenable to warrantless inspection than a letter, because “its contents are plainly visible to the [ISP], who can access it via its servers at any time.” See U.S. v. Van Leeuwen, 397 U.S 249, 251 (1970) (distinguishing letters and sealed packages from newspapers, circulars and similar printed matter sent through the mail).
While emails sent through and stored on the servers of commercial ISPs are obviously distinguishable in many respects from both sealed letters and postcards physically mailed via public or private carrier, the letter analogy appears – on the limited evidence presently before the Court – to be more apt. As Warshak persuasively argues:
[I]n the case of email, the subscriber perhaps maintains more control over the email lettter than in any other traditional third party carrier context. In the latter scenarios, the sender or receiver of a closed letter or package actually relinquishes control of the container and cannot immediately repossess the letter or package – it is in the physical possession of the postal carrier and/or common carrier outside the dominion and control of the sender or recipient. In the email context, the owner of the email can repossess a read-and-then-closed email at any moment, without any notice or permission from the ISP, can retake the email, delete the email from his mailbox, or do what she wants to do with the email . . . .
The other Warshak/Berkley case did not proceed as well for the nutraceutical marketers. In the other case the goal was to obtain back evidence seized in a search warrant executed at Berkley’s headquarters. The US Attorney had apparently been sitting on the evidence seized for a year and a half before the court had an opportunity to rule on whether the method of review proposed could be adopted and carried out.
Maintaining attorney/client privilege was a concern in this case. The search warrant executed on Berkley’s offices was very broad and could encompass many privileged materials. However, the US Attorney had a plan for how to deal with this potentially volatile situation. The plan involved the use of a “taint team” or “filter team”:
The government’s response explains the methods by which the government contends it attempted to protect Plaintiffs’ privileges. For example, the searching agents cordoned off the offices of BPN’s in house counsel, and did not search their offices or their laptop computers. Folders on BPN’s computer servers were initially reviewed, and copied only if they appeared to contain material responsive to the warrants. User folders on the server labeled with in-house counsels’ names were segregated and put on a separate CD by non-case agents. Email files were subjected to keyword searches by non-case agents. The keywords included all known attorneys for Plaintiffs. All email that included any of those names was segregated and “burned” to a separate CD, placed in a password protected file, and then provided to the taint team AUSA. The rest of the electronic files, with these segregated and potentially privileged materials omitted, are in the possession of the prosecution/investigation team.
In procedure described above, the non-case agents and AUSA’s are sometimes referred to as the “taint team” or the “filter team.” For more info, see the White Collar Crime Prof Blog discussion here.
At first blush this may seem to be a reasonable approach. However, the more you examine the potential for abuses the more it becomes obvious that the approach described is terribly flawed. In fact, the possible abuses and lapses related to chain of custody of digital evidence are substantial under the government’s scenario.
On the subject of digital evidence and chain of custody, Steven Teppler, Esq. recently gave an excellent presentation at the August meeting of the Computer and Cyberlaw Committee of the Business Law Section of the Florida Bar on admissibility and custody of digital data. A PDF of his program is posted here.