Hicban, Charmaine: Search and Seizure in Relation to Electronic Data

INTRODUCTION

Computers are all around us and can be considered a success of the people. The word “technology” is now associated with computers. These are the end result of human intelligence and advancement. It is now an electronic brain that we can rely on.

In the age of computer and the fast improvement of the technology people usually use the computer to store voluminous data, use internet for online communication, or use it as a device to do criminal act. The Government has all right to seize electronic storage of information in order to locate data described in the warrant. But any information found or acquired during the search of data in plain view can be confiscated and use the same as evidence.

This paper is conceptualized in support in the application, issuance and use of such warrants and seizures of materials to obtain evidence. This can help private person to know the limits of searches and whether or not seizure of electronic equipment is legal and form part of the warrant to search and seized personal property and to criminal investigators also for them to know the limitations and facts that need to establish for application and issuance of warrant.

SEARCH AND SEIZURE: Definition and Purpose

Search warrant-
Rule 126 of the Revised Rules of Criminal Procedure defines Search warrant as an order in writing issued in the name of the People of the Philippines, signed by a judge and directed to a peace officer, commanding him to search for personal property described therein and bring it before the court. The Legal dictionary provides definition to warrant as a judicial writ authorizing the arrest of a person or the seizure of property, authorization for a policeman to search the premises of a private citizen; to defend; to guarantee since our rights are protected by the State.

Electronic data interchange-
Can be formally defined as ‘The transfer of structured data, by agreed message standards, from one computer system to another without human intervention.

Electronic Data message-
Refers to information generated, sent, received or stored by electronic, optical or similar means.

Hardware-
Refers to the physical components or equipment that make up a computer system such as keyboard, monitor, and printers.

Software-
Refers to the programs or instructions that tell a computer what to do such as Microsoft Disk Operating System.

IN SEARCH AND SEIZURE WARRANT APPLICATION:

I. PROBABLE CAUSE MUST BE ESTABLISH

There must be a probable cause to believe that the media contains contraband is an evidence of a crime or an instrumentality of a crime. Evidence of the crime would include the evidence of ownership and control. The person applying for warrant must not base his probable cause in a “bare suspicion” that evidence or contraband will be found in the place where search is to be made.

PROBABLE CAUSE CAN BE ESTABLISH;

1.THROUGH INTERNET PROTOCOL ADDRESS (IP)

Investigators or agents usually learn of online criminal conduct by using the information given or obtained from a victim or from a service provider. Subpoena is being used to compel the Internet Service Provider to identify which of the customers was assigned that IP address at the relevant time and for the ISP to provide name, if possible, the user’s name, street address and other information. There are some cases where the name of that person in the ISP is actually residing at that street for example by checking utility bill.

2.THROUGH ONLINE ACCOUNT INFORMATION

In some instances, person’s information is obtained through online service account such as Web-based email, credit card account information or contact information. Mostly this is discovered when the account holder joined a child pornography website or an email group.

3.THROUGH OFFLINE CONDUCT.

It is like any computer searches cases and its purpose and objective is to establish a probability that a contraband or evidence of a crime would be found in the computer at that particular place to be searched.

II. DESCRIBING WITH PARTICULARITY THE THINGS TO BE SEIZED

In a warrant, two things must be particularly describe”, the place to be searched and the person or things to be seized. The thing to be seized must be identified with particularity, which includes the description of the things in order to avoid possible unwarranted intrusion upon the privacy of the person. In the warrant, the description as to whether the seizable property is a computer hardware or only an information contained in that hardware must be specified especially if the hardware is the thing to be seized which the agents believe that it is a contraband, an evidence, or an instrumentality of a crime. The agents or the officers may also in its warrant request to seize any information in whatever form that may be found. The warrant should identify with particularity the portion of the information to be search that is by focusing on the contents of the files stored in a device rather than in the storage device itself that contains that information.

“Independent Component Doctrine” provides that computer systems are really a combination of connected components often by wires increasingly by wireless means. To say that the government has probable cause to seize a computer does not mean that it has probable cause to seize the entire computer system.

III. ESTABLISH THE NECESSITY FOR IMAGING AND OFF-SITE

In applying for a search warrant, it is necessary to explain why it is important to image an entire hard drive or to physically seized it and later examined it for responsive records. The reason for this is that it is time consuming to conduct an onsite examination or search of the hard drive obtained in the execution of the warrant and there could be some possibilities that other data or information about the file was already mislabeled, encrypted, or embedded in “slack space”.

SEARCH AND SEIZURE PROCEDURE

A. Plain View

The storage or hard drive where electronic data or information is being stored, believing to be the evidence of a crime, may be seized without a warrant under the plain view, as an exception to the warrant requirement. The investigator or the agent must be in lawful position to observe and access the evidence and its incremental character must be immediately apparent. The agent may seize evidence in child pornography if those were found or seen in plain view after reviewing the files or pictures covered by the search warrant even if the purpose of the warrant is to search for electronic evidence or information related to online buy and sell of Narcotics trafficking. The agent who opened every file in search for the evidence stated in the warrant may also seized the evidence or pictures of child pornography he has found under the “plain view” doctrine as long as he did not abandon his search.

B. Exigent Circumstances

The storage or hardware where the electronic data or information is being kept or stored may be seized by the officers or agents if the destruction of those is imminent. Like if a target screen is displaying evidence which agents reasonably believe to be in danger of being destroyed or be deleted, the “exigent circumstances” doctrine would justify the downloading of the information before obtaining a warrant. For example, agents may know that the incriminating data is not actually stored in the computer but is only temporarily on-line from a second network storage site in another building or city. In this situation, there is possibility that agents can search and seized data on a wide area network, that is by simultaneous execution of warrant to those areas separately. But if these acts would not be immediately possible, then the officers may decide whether the “exigent circumstances” exception applies.

The exigent Circumstance may justify a warrantless seizure if the agents or officers believed that the files might be destroyed or physically erased immediately by the owner of the computer. Always remember that electronic data is perishable and can be easily destroyed or erase by using a strong magnet over the disk or a computer commands that can destroy data in a matter of seconds.

C. Consent Searches

Agents may without a warrant search a place or object provided that the owner or a person with authority has consented. This act may be done even if no probable cause was established. In electronic data search through a computer, the person giving consent to the search must state up to what portion or files may be searched. These agents should not go beyond the said files and must respect their bounds.

D. Search Warrant

Warrant to search a place and seized materials an evidence or information is required in order to make pieces of evidence admissible to court and so that no rights of person is violated. As stated in the warrant, the place describe therein is only the place to be search. Seizure of materials or evidence such as computer hardware must be justified that the said hardware is contraband, that it was an instrumentality of the offense, or that it constitutes evidence of an offense.

The law allows for the seizure of materials believed to be a contraband, fruit of the crime, or otherwise criminally possessed because such seizure would prevent and stop or deter crimes and to easily apprehend and convict criminals. Included in the warrant to search and seize the materials or instrumentalities used in a crime or properties designed or intended as an instrumentality are those machinery, instrument or computer that have played a significant role in a crime.

The agent must know how to preserve and document electronic evidence and should take time to carefully protect the identity and integrity of all the data. They must also take time to collect traditional type of evidence such as fingerprints before touching anything. The agents executing the search must protect the computer data from being destroyed or erased because these can be easily destroyed by using a strong magnetic field object. The agents must take special preservations in disassembling and packing computer equipment in order to protect the hardware items, the integrity and accessibility of the data inside. Agents should disconnect all remote access to the system such as telephone cord from the modem and disconnect network cables from the server so that no one will alter or erase the information during the search. The cable and devices port must be labeled accurately before disconnecting anything. It is also important to label “vacant” those vacant ports so that there will be no confusion later. Once this is done, agents are ready to disassemble, tag and inventory the equipment. Agents must label separately and properly identified which drive, disk, or other magnetic media need to be protected. Protection over the floppy disk divers must be in accordance with the manufacturer’s recommendation. Temperature extreme may destroy or make electronic data unreadable. A safe range for storage of magnetic data is between 40-90F and 20%-80% humidity, free of dust and tobacco smoke.

SEARCH FOR AND SEIZURE OF ELECTRONIC DATA OR INFORMATION

Hardware is tangible, hence not difficult to search and seized. Searches for electronic data and software are more complex. The search for electronic data must be done where the information sought is on the computer or where the information sought is stored off-site and a computer at the search scene is used to access this off-site location.

The following are systems or device which make it possible for a suspect to store data miles, or even continents, away from his own computer.

1. FILE SERVER: A file server is a computer on a network that stores the programs and data files shared by the users of the network. A file server acts like a remote disk drive, enabling someone to store information on a computer system other than his own.
2. ELECTRONIC MAIL: It provides for the transmission of messages and files between computers over a communication network. The message are sent form one computer through a network to the electronic address of another specific computer or to a series of computers of the sender’s choice.
3. ELECTRONIC BULLETIN BOARD SYSTEMS: It is a computer dedicated in whole or in part to serving as an electronic meeting place. A single user may have several different passwords, one for each different level or conference.
4. VOICE MAIL SYSTEMS: it is a complex phone answering machine that allows individual to send and receive telephone voice messages to a specific “mailbox”. The system turns the user’s voice into digital data and stores it until addressee erases it or another message overwrites.

If an individual obtain copies of software in violation of copyright laws, the agents may seized the software as well as any documentation because it is likely to believe that it is also illegally obtained. Information stored in a computer hard disk may have been printed out thus this print out should be included in the seized materials in order to display an evidence showing same prior alteration or changes in the data. Those print out that will vary to a particular printer that was used in printing of extortion notes or other files or criminal acts which uses computer warrants the seizure of the printer. The agents must also be mindful and alert for any notes in materials, equipment or in the computer area. These may provide critical keys used by the hackers in breaking passwords, operating hardware or software, may also be used to know co-conspirators and victims, other persons, log in names or account.

Seizing of information whether electronic or not should narrowly drawn to include only the data pertinent to the investigation and that should be described as significantly as possible. And notwithstanding the high-tech nature of computer search, agents must look at any other evidence that may prove identity. If data is encrypted, a written copy of the password is required. Agents must know the basis of seizing each items because it is useless to seized a hardware that cannot store information.

As electronic records are easier to alter or destroy, the owner or custodian of those records has provided for its hard copy or printout thus agents may secure and protect the integrity of the evidence by physically restricting access to the storage containers and its papers.

After determining the operating system, agents must take precautionary measures to protect the integrity of the data and by selecting tools to aid the search. “Utilities” which is specifically designed software can help the agents or analyst to look for a specified names, dates, files extension, and can even identify and expose hidden files. File not in readable format may also be compressed to save space or encrypt to control access to it. But the analyst must be knowledgeable how the data is organize because there would be some probability of trial and error before he can find the right key words, names or places, the kind of software being used in the computer, it may also reveal how the computer was used such as when said computer was used to send incriminating data to another computer at another location. Person who conducts a computer search should have high-level technical skills to ensure success. The warrant to search for and seized encrypted information allows or give agents the authority to decrypt that is to break the lock or “translate” the document.

A search in workplace where computers are found and that computer store evidence of criminal activity may be a warrantless search only if the officers obtain the consent of either the employer or employee with common authority over the area searched. The warrantless search and seizure in private-sector workplace is the same as warrantless searches in homes and other personal residences. Thus, agents search in private workplace requires a warrant unless agents obtain consent of the employer or co- worker with common authority.

SEARCH AND SEIZURES OF ELECTRONIC DATA LEGISLATIONS

Our right is protected by the constitution against illegal searches and intrusion to our privacy. Most people have an electronic device in their homes or private places that at any time would be a subject for search and seizure.

The 1987 Constitution Art.III Section 2. The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.

Rules on Criminal Procedure provides for the application of search warrant

Sec. 2. Court where application for search warrant shall be filed. – An application for search warrant shall be filed with the following:

(a) Any court within whose territorial jurisdiction a crime was committed.

(b) For compelling reasons stated in the application, any court within the judicial region where the crime was committed if the place of the commission of the crime is known, or any court within the judicial region where the warrant shall be enforced.

Sec. 4. Requisites for issuing search warrant. – A search warrant shall not issue except upon probable cause in connection with one specific offense to be determined personally by the judge after examination under oath or affirmation of the complainant and the witness he may produce, and particularly describing the place to be searched and the things to be seized which may be anywhere in the Philippines.

Sec. 14. Motion to quash a search warrant or to suppress evidence; where to file. – A motion to quash a search warrant and/or to suppress evidence obtained thereby may be filed in and acted upon only by the court where the action has been instituted. If no criminal action has been instituted, the motion may be filed in and resolved by the court that issued search warrant. However, if such court failed to resolve the motion and a criminal case is subsequently filed in another court, the motion shall be resolved by the latter court.

REPUBLIC ACT NO. 8792

SEC. 30. Extent of Liability of a Service Provider. – Except as otherwise provided in this Section, no person or party shall be subject to any civil or criminal liability in respect of the electronic data message or electronic document for which the person or party acting as a service provider as defined in Section 5 merely provides access if such liability is founded on –

a.) The obligations and liabilities of the parties under the electronic data message or electronic document;

b.) The making, publication, dissemination or distribution of such material or any statement made in such material, including possible infringement of any right subsisting in or in relation to such material: Provided, That

i. The service provider does not have actual knowledge, or is not aware of the facts or circumstances from which it is apparent, that the making, publication, dissemination or distribution of such material is unlawful or infringes any rights subsisting in or in relation to such material;

ii. The service provider does not knowingly receive a financial benefit directly attributable to the unlawful or infringing activity; and

iii. The service provider does not directly commit any infringement or other unlawful act and does not induce or cause another person or party to commit any infringement or other unlawful act and/or does not benefit financially from the infringing activity or unlawful act of another person or party: Provided, further, That nothing in this Section shall affect –

a) Any obligation founded on contract;

b) The obligation of a service provider as such under a licensing or other regulatory regime established under written law; or

c) Any obligation imposed under any written law;

d) The civil liability of any party to the extent that such liability forms the basis for injunctive relief issued by a court under any law requiring that the service provider take or refrain from actions necessary to remove, block or deny access to any material, or to preserve evidence of a violation of law.

SEC. 31. Lawful Access. – Access to an electronic file, or an electronic signature of an electronic data message or electronic document shall only be authorized and enforced in favor of the individual or entity having a legal right to the possession or the use of the plaintext, electronic signature or file and solely for the authorized purposes. The electronic key for identity or integrity shall not be made available to any person or party without the consent of the individual or entity in lawful possession of that electronic key.

SEC. 32. Obligation of Confidentiality. – Except for the purposes authorized under this Act, any person who obtained access to any electronic key, electronic data message, or electronic document, book, register, correspondence, information, or other material pursuant to any powers conferred under this Act, shall not convey to or share the same with any other person.

SEC. 33. Penalties. – The following Acts shall be penalized by fine and/or imprisonment, as follows:

a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

b) Piracy or the unauthorized copying, reproduction, dissemination, distribution, importation, use, removal, alteration, substitution, modification, storage, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature or copyrighted works including legally protected sound recordings or phonograms or information material on protected works, through the use of telecommunication networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years; c) Violations of the Consumer Act or Republic Act No. 7394 and other relevant or pertinent laws through transactions covered by or using electronic data messages or electronic documents, shall be penalized with the same penalties as provided in those laws; d) Other violations of the provisions of this Act, shall be penalized with a maximum penalty of one million pesos (P1,000,000.00) or six (6) years imprisonment.

SEC. 39. Reciprocity. – All benefits, privileges, advantages or statutory rules established under this Act, including those involving practice of profession, shall be enjoyed only by parties whose country of origin grants the same benefits and privileges or advantages to Filipino citizens

CONCLUSION AND RECOMMENDATION:

If person’s right is being violated by any person such as sending incriminatory or threatening message to any person by emails, that particular person may ask for investigation to the National Bureau of Investigation (NBI) to track down or identify the source of those messages. The agents must be more knowledgeable and resourceful on how to track down those violators without intruding or disregarding the rights of the persons. The law should always give importance and consideration on the technology since technology changes faster than the approval of bills in the Congress. To ensure admissibility of the evidence gathered in the conduct of search and seizure, officers must be mindful of the facts necessary in the application of warrant, that is, establishing probable cause to search the computer and describing with particularity the data to be search.

The Philippine Government was then put into global controversy when the “I LOVE YOU” virus infected world’s computer system that was authored by a Filipino student. He was not prosecuted because no laws specifically prosecute cyber crimes. The search and seizure warrant was later on sought by the NBI using the Access Devices Regulation Act of 1998. Not until upon the former President Joseph Estrada signed the law purporting for the cyber crimes such as computer hacking, Philippines has no law purported to punish cyber criminals.

As a personal view with regard to the prosecution of cyber criminals, the E-commerce law should not only be the existing law for this matter. This is because this will not deter more hackers trying to create viruses and insert the same to the system. A proposed bill, authored by Representative Abayon and Representative Kintanar about Defining Cyber crime, Providing for Prevention, Suppression and Imposition of Penalties therefore and for other Purposes, if pass into law, would be boost cyber security and would prosecute hackers. The honest and diligent enforcement of laws, skilled and well-trained agents or official would be a great help to at least reduce, if not eliminate, cyber crimes. The executives and officers in the computer industries must also cooperate with the law enforcement officials in matters relating to security and privacy.

Finally, technology and the law should always come together so that all rights, privileges and protections intended for a citizen will be exercised and enjoy freely. The legislations must always be reviewed everytime in order to prosecute criminals and serve justice to others. We must remember that as long as there are computers there will also be hackers. People are more interested with the use and development of technology and cyber criminal are now in the younger generation. The law cannot deter or stop technology growth as well as hackers.

---

References:

1. Wikipidia
2. Rules on Criminal Procedure
3. 1987 Constitution
4. Republic Act No. 8792
5. Supplementary Submission by Blair Stewart, Assistant Commissioner in relation to Pt’s III & IV of the Law Commission’s Preliminary Paper 50
6. Federal Guidelines for search and seizing computers FTP/Gopher/WAIS/listserv from the EPIC online archive at cpsr.org/cpsr/privacy/epic/fed_computer_siezure_guidelines.txt.
7. Cracking Down on Cybercrime Global Response by Sylvia Mercado Kierkegaard
8. Volume 8, Number l Fall 1994 Search and Seizure of computer and computer data by Raphael Winick*
9. Article posted on September 29, 2009 by Christopher Wolf
10. DHS Issues New Directives Regarding Warrantless Border Searches of Electronic Devices