Model Code of Cybercrimes Investigative Procedure


Article 1 - Preliminary Matters


  1. Title and effective date 1
    1. Title
    2. Effective date
    3. How to cite this Code

  2. Background : distinctiveness of cybercrime & current law enforcement response
    1. What makes the investigation and prosecution of cybercrime different?
    2. What approaches are police currently using to investigate cybercrime?
    3. Who are the cybercriminals?

  3. Purposes and principles of construction 2
    1. Models 3
    2. Purpose--generally 4
    3. Fifth amendment privilege against self-incrimination 5
    4. Fourth amendment prohibition on unreasonable searches and seizures 6
    5. Relationship between Fifth amendment and Fourth amendment protections
    6. Federal constitutional and statutory standards applicable to computers/cyberspace 7
    7. Heightened protections under state standards 8
    8. General principle of individual privacy 9
    9. General principle of corporate/artificial entity privacy 10

  4. Territorial and extra-territorial applicability 11

  5. Definition of terms 12
    1. Search (generally) 13
    2. Seizure (generally) 14
    3. Access 15
    4. State action/state actor 16
    5. Hardware 17

      1. Computer 18
        1. Desktop
        2. Laptop/notebook
        3. Handheld
        4. Phone w/email capability
        5. Pager
      2. Computer system 19
      3. I/O Device
      4. Hard disk 20
      5. Floppy disk 21
      6. ZIP disk 22
      7. Modem
      8. ISDN line
      9. Mouse
      10. Laser disk 23
      11. CD-ROM 24
      12. Scanner
      13. Printer
      14. Tape drive 25
      15. Tapes 26
      16. Firewall database 27
      17. Electronic communication 28
      18. Remote computing service 29
    6. Software 30
    7. Computer data
    8. Traffic data
    9. Subscriber data 31
    10. Password
    11. Password (breaking) 32
    12. Files 33
    13. Deleted files
    14. Network 34
    15. Service provider
    16. Server
    17. Electronic communication services 35
    18. Remote computing services

End Notes

1 See Model State Computer Crimes Code, Article I, http://www.cybercrimes.net.

2 See Model State Computer Crimes Code, Article I, http://www.cybercrimes.net.

3
The "single system" model is a single computer with one user, or perhaps a small group of users. There are no formal restrictions as to privacy, although if more than one person uses the system, there may be an informal respect for each other's private files. Because of the prevalence of personal computers used by individuals and families, as well as portable computers, electronic data books, and electronic calendars, the single system should be the one most commonly encountered by the police.

The second model is the "group system." This is a single computer system, or a network of computers that share data between them. The group system consists of a closed group of users, with no access provided to the public. It may be possible to access the system remotely, but such access is restricted to users. The owner of the system can access all parts of the system. This system allows users to transmit electronic mail to each other. One variation on this model is the group system with additional measures taken to protect user privacy. In this variation, user accounts have passwords and the operating system provides software protection to keep individual users from accessing each other's data. There is also a formal understanding that the system manager will respect the privacy of individual users.

The third model, the "public system," provides computer services to the general public, including electronic mail and other communications capabilities. Such a system typically has areas to which all users have equal access, such as discussion fora or software libraries. Like the group system, the public system has a variation with specific protection for individual privacy. This protection prevents users from accessing each other's data. The public areas are accessible by all, but each user can read only his own electronic mail and access only his own private data files. The system manager agrees not to access individual users' data except for system maintenance purposes.

Randolph S. Sergent, Note, A Fourth Amendment Model For Computer Networks And Data Privacy, 81 Va. L. Rev. 1181, 1183-1184 (1995) (on WESTLAW). See also Sergeant John J. McLean, Basic Considerations in Investigating Computer Crime, Executing Computer Search Warrants and Seizing High Technology Equipment, http://www.bileta.ac.uk/99papers/maclean.htm:

 

When investigators are executing a warrant on a network system, the use of a computer network expert is the recommended method, so long as the police direct and control the search. Investigators employing civilian experts or officers from other jurisdictions in executing search warrants should get judicial permission in their affidavits prior to the search. The procedure for executing local or wide area network search warrants is an exacting and detailed process, often specific to the individual computer network. Investigators should also seek the assistance from trusted, non-targeted, inside personnel. They can provide an enormous amount of detail about the computer system’s configuration and structure. Remember to be careful in not making your cooperatives "agents of the government" avoiding illegal searches and interceptions. Except in rare cases, investigators will not seize an entire network of computers. Instead, a controlled forensic search and retrieval of the evidence might be done on-site. . . .

When investigators are dealing with smaller networks, desktops PC and workstations an attempt to justify the aking of the whole system should be based on the following criteria. When an entire organization is pervasively involved in an ongoing criminal scheme, with little legitimate business, (in non-essential services) and evidence of the crime is clearly present throughout the network, an entire system seizure might be proper.

In small desktop situations, investigators should seize the whole system, after requesting to do so in the affidavit. Investigators seizing whole systems should justified it by wording their affidavits in such a way so as to refer to the computer as a "system", dependant on set configurations to preserve "best evidence" in a state of original configuration. This can and often does include peripherals, components, manuals, and software.

In addition to the above, investigators should make every effort to lessen the inconvenience of an on-site search. Some estimates of manual data search and analyses are 1 megabyte for every 1hour of investigation work. Based on this equation, a 1-Gigabyte hard drive can take up to 1000 hours to fully examine. This equation assumes that each piece of data is decrypted, decoded, compiled, read, interpreted and printed out.

4

When the Fourth and Fifth Amendments were adopted, 'the form that evil had theretofore taken' had been necessarily simple. Force and violence were then the only means known to man by which a government could directly effect self- incrimination. It could compel the individual to testify-a compulsion effected, if need be, by torture. It could secure possession of his papers and other articles incident to his private life-a seizure effected, if need be, by breaking and entry. Protection against such invasion of 'the sanctities of a man's home and the privacies of life' was provided in the Fourth and Fifth Amendments by specific language. Boyd v. United States, 116 U. S. 616, 630, 6 S. Ct. 524, 29 L. Ed. 746. But 'time works changes, brings into existence new conditions and purposes.' Subtler and more far-reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet.

Moreover, 'in the application of a Constitution, our contemplation cannot be only of what has been, but of what may be.' The progress of science in furnishing the government with means of espionage is not likely to stop with wire tapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Advances in the psychic and related sciences may bring means of exploring unexpressed beliefs, thoughts and emotions. 'That places the liberty of every man in the hands of every petty officer' was said by James Otis of much lesser intrusions than these. To Lord Camden a far slighter intrusion seemed 'subversive of all the comforts of society.' Can it be that the Constitution affords no protection against such invasions of individual security?

Olmstead v. United States, 277 U.S. 438, 48 S.Ct. 564, 72 L.Ed. 944 (1928) (Brandeis, J. dissenting). See also Richard A. Nagareda, Compulsion "To Be A Witness" And The Resurrection Of Boyd, 74 N.Y.U. L. Rev. 1575 (1999) (on WESTLAW).

5 See Olmstead v. United States, 277 U.S. 438, 48 S.Ct. 564, 72 L.Ed. 944 (1928) (Brandeis, J., dissenting); Boyd v. United States, 116 U.S. 616, 6 S.Ct. 524, 29 L.Ed. 746, 3 A.F.T.R. 2488 (1886). See also Richard A. Nagareda, Compulsion "To Be A Witness" And The Resurrection Of Boyd, 74 N.Y.U. L. Rev. 1575 (1999) (on WESTLAW). For an international perspective, see Bert-Jaap Koops, Crypto and Self-Incrimination FAQ, § 2.2, http://cwis.kub.nl/~frw/people/koops/casi-faq.htm:

The privilege against self-incrimination is defined in the International Covenant on Civil and Political Rights (ICCPR), in article 14 paragraph 3 sub g: everyone charged with a criminal offence has the right not to be compelled to testify against himself or to confess guilty. In the US, the Fifth Amendment contains the privilege (see 2.3). Other countries do not have an explicit definition of the privilege, but have developed it through case law interpreting the right to a fair trial (see 2.7 (Netherlands) and 2.9 (European Convention)).

See also Bert-Jaap Koops, Crypto and Self-Incrimination FAQ, § 2.1, http://cwis.kub.nl/~frw/people/koops/casi-faq.htm:

The privilege against self-incrimination is a fundamental legal principle that is part of the right to a fair trial. It says that a suspect cannot be forced to incriminate himself or to yield evidence against himself. The privilege is recognized in most countries, either explicitly in the constitution or implicitly through case law (see 2.2).

However, it is not absolute, as several exceptions have been accepted by legislators and courts (see 2.11).

The definition of the persons who can invoke the privilege may differ from country to country. In the European Convention of Human Rights, the privilege (and, more generally, the right to a fair trial of article 6) applies to people facing a "criminal charge". In the Netherlands, the privilege holds (or may hold) for suspects, which means that there must be circumstances which suggest a reasonable suspicion that someone is guilty of a crime. These definitions are not identical: someone can be a suspect without there being a criminal charge in the sense of article 6 of the European Convention. Note that the privilege applies to criminal cases only: if public authorities investigate under administrative rather than criminal law, the rights of the target of investigation can be radically different and generally do not include a privilege against self-incrimination (although, to make things yet more complex, the European Court may view certain administrative procedures as a criminal charge).

For more on how the privilege is interpreted in Europe, see Bert-Jaap Koops, Crypto and Self-Incrimination FAQ, § 2.9, http://cwis.kub.nl/~frw/people/koops/casi-faq.htm:

The privilege against self-incrimination is not explicitly mentioned in the European Convention for the Protection of Human Rights, but the European Court of Human Rights has interpreted it as being part of article 6 sub 1, the right to a fair trial. This incorporates "the right of anyone 'charged with a criminal offence', within the autonomous meaning of this expression in Art. 6, to remain silent and not to contribute to incriminating himself" [Funke, see 2.10].

The "autonomous meaning" of the term "criminal charge" means that the European Court does not only look at the classification of the alleged offence in a nation's law (criminal or otherwise), but also at the nature of the offence and the nature of the penalty threatened.

Finally, for limitations on the privilege, see Bert-Jaap Koops, Crypto and Self-Incrimination FAQ, § 2.11, http://cwis.kub.nl/~frw/people/koops/casi-faq.htm:

According to the European Court, the privilege "is primarily concerned, however, with respecting the will of an accused person to remain silent. (...) it does not extend to the use in criminal proceedings of material which may be obtained from the accused through the use of compulsory powers but which has an existence independent of the will of the suspect such as, inter alia, documents acquired pursuant to a warrant, breath, blood and urine samples and bodily tissue for the purpose of DNA testing." (Saunders, see 2.10).

The US Supreme Court, in Schmerber (see 2.4), ruled that the privilege against self-incrimination only protects evidence of a testimonial or communicative nature (which, in that ruling, excluded furnishing a blood sample). Under circumstances, handing over documents canbe privileged, if the act of providing them is testimonial (in that the suspect admits having them) (Fischer, Doe I, see 2.4).

6 See Katz v. United States, 389 U.S. 347, 350, 88 S.Ct. 507, 510, 19 L.Ed.2d 576 (1967); Olmstead v. United States, 277 U.S. 438, 48 S.Ct. 564, 72 L.Ed. 944 (1928); Boyd v. United States, 116 U.S. 616, 6 S.Ct. 524, 29 L.Ed. 746, 3 A.F.T.R. 2488 (1886). See, e.g., United States v. Monroe, 52 M.J. 326 (U.S. Armed Forces 2000); United States v. Hambrick, 55 F. Supp. 2d 504 (504 (W.D. Va. 1999); United States v. Maxwell, 45 M.J. 406 (1996). See also A. Michael Froomkin, The Metaphor Is The Key: Cryptography, The Clipper Chip, And The Constitution, 143 U. Pa. L. Rev. 709, 874-877 (1995) (on WESTLAW); Randolph S. Sergent, Note, A Fourth Amendment Model For Computer Networks And Data Privacy, 81 Va. L. Rev. 1181 (1995) (on WESTLAW). Cf. Republic of Singapore Computer Misuse Act § 15, http://www.lawnet.com.sg/index2.htm:

(1) A police officer or a person authorised in writing by the Commissioner of Police shall --

(a) be entitled at any time to --

(i) have access to and inspect and check the operation of any computer to which this section applies;

(ii) use or cause to be used any such computer to search any data contained in or available to such computer; or

(iii) have access to any information, code or technology which has the capability of retransforming or unscrambling encrypted data contained or available to such computer into readable and comprehensible format or text for the purpose of investigating any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section;

(b) be entitled to require --

(i) the person by whom or on whose behalf, the police officer or investigation officer has reasonable cause to suspect, any computer to which this section applies is or has been used; or

(ii) any person having charge of, or otherwise concerned with the operation of, such computer, to provide him with such reasonable technical and other assistance as he may require for the purposes of paragraph (a); or

(c) be entitled to require any person in possession of decryption information to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence.

(2) This section shall apply to a computer which a police officer or a person authorised in writing by the Commissioner of Police has reasonable cause to suspect is or has been in use in connection with any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section.

(3) The powers referred to in paragraphs (a) (ii) and (iii) and (c) of subsection (1) shall not be exercised except with the consent of the Public Prosecutor.

(4) Any person who obstructs the lawful exercise of the powers under subsection (1) (a) or who fails to comply with a request under subsection (1) (b) or (c) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.

(5) For the purposes of this section --

"decryption information" means information or technology that enables a person to readily retransform or unscramble encrypted data from its unreadable and incomprehensible format to its plain text version;

"encrypted data" means data which has been transformed or scrambled from its plain text version to an unreadable or incomprehensible format, regardless of the technique utilised for such transformation or scrambling and irrespective of the medium in which such data occurs or can be found for the purposes of protecting the content of such data;

"plain text version" means original data before it has been transformed or scrambled to an unreadable or incomprehensible format.

7

There are now essentially three legal regimes for access to electronic data: (i) the traditional Fourth Amendment standard, for records stored on an individual's hard drive or floppy disks; (ii) the Title III-ECPA standard, for records in transmission; and (iii) a third standard, the scope of which is probably unclear, for   records stored on a remote server, such as the research paper (or the diary) of a student stored on a university server or the records (including the personal correspondence) of an employee stored on the server of the employer. As the third category of records expands because people find it more convenient to store records remotely, the legal ambiguity grows more significant. Are the records stored on such a server accessible by mere subpoena? Are they covered by the "remote computing" provisions of ECPA? If the records were seized from the individual's hard drive or floppies using a warrant or subpoena, contemporaneous notice would be required. If the records were seized in transmission, a court order would be required, but the interception could proceed secretly. If the records were seized from a third party, notice might be delayed. Do these distinctions make sense? Is the delay or denial of notice for stored records acceptable any longer? Conceptions of the Fourth Amendment developed in a 20th century world of paper records may not be applicable to 21st century technologies where many of our most important records are not "papers" in our "houses," but are "bytes" stored electronically and accessed remotely at "virtual" locations.

James X. Dempsey, Communications Privacy In The Digital Age: Revitalizing The Federal Wiretap Laws To Enhance Privacy, 8 Albany Law J. of Science & Technology 65, 88-89 (1997) (notes omitted). But see Jerry Berman & Deirdre Mulligan, The Internet and the Law: Privacy in the Digital Age: Work in Progress, 23 Nova L. Rev. 549, 569-570 (1999):

Under our existing law, there are now essentially four legal regimes for access to electronic data: 1) the traditional Fourth Amendment n45 standard for records stored on an individual's hard drive or floppy disks; 2) the Title III-Electronic Communications Privacy Act standard for records in transmission; 3) the standard for business records held by third parties, available on a mere subpoena to the third party with no notice to the individual subject of the record; and 4) for records stored on a remote server such as the research paper, or the diary, of a student stored on a university server, or the records, including the personal correspondence, of  an employee stored on the server of the employer, the scope of which is probably unclear.

8 See People v. DeLaire, 240 Ill. App. 3d 1012, 610 N.E.2d 1277, 183 Ill. Dec. 33 (Ill. App. 1993) (under Illinois law, citizens have a right to privacy in telephone records—"message unit detail" or MUD records--showing calls made from their phones and the duration of those calls). The court explained why a right to privacy existed under the state constitution:

9 For an employee’s general expectation of privacy in a computer used at work, see United States v. Simons, 206 F.3d 392 (4th Cir. 2000) (no expectation of privacy, even by federal employee, given policies allowing agency to conduct audits and searches).

10 The U.S. Supreme Court has held that corporations have no Fifth Amendment privilege against self—incrimination, but has suggested they do have Fourth Amendment rights. See Carl J. Mayer, Personalizing the Impersonal: Corporations and the Bill of Rights, 41 Hastings Law Journal 577 (1990). See, e.g., General Motors Leasing Corp. v. United States, 429 U.S. 338, 353 (1977) (corporations have "some" Fourth Amendment rights). As some have noted, this seems inconsistent, especially given the Court’s decision in United States v. Boyd, which held that the protections of the two amendments are inextricably intertwined when it comes to protecting privacy. See, e.g., Peter J. Henning, The Conundrum of Corporate Criminal Liability: Seeking a Consistent Approach to the Rights of Corporations in Criminal Prosecutions, 63 Tenn. L. Rev. 793, 820 (1996).

11 See Model State Computer Crimes Code, Article I, http://www.cybercrimes.net. See also United National Manual on the Prevention and Control of Computer-Related Crime: Trans-border search of computer data banks, http://www.ifs.univie.ac.at/~pr2gq1/rev4344.html#transborder; Department of Justice, The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Internet, http://www.usdoj.gov/criminal/cybercrime/unlawful.htm.

12 See Alabama Code § 13A-8-101; Arkansas Code § 5-41-102; New Jersey Statutes § 2A:38A-1. See also Model State Computer Crimes Code, http://www.cybercrimes.net; Department of Justice, Guidelines for Searching and Seizing Computers, http://www.usdoj.gov/criminal/cybercrime/search_docs/sect1.htm#C.

13 See Katz v. United States, 389 U.S. 347 (1967) (defining legitimate expectation of privacy which triggers Fourth Amendment protection against "searches"). See, e.g., United States v. Hall, 142 F.3d 988 (7th Cir. 1998) (government conceded that copying files was a search). See also United States v. Monroe, 52 M.J. 326 (U.S. Armed Forces 2000); United States v. Hambrick, 55 F. Supp. 2d 504 (504 (W.D. Va. 1999); United States v. Maxwell, 45 M.J. 406 (1996). See generally New York Criminal Procedure Law § 700.05(9) (video surveillance as search) & § 700.05(10) (video surveillance warrant); Delaware Justice of the Peace Criminal Procedure Rule 41(items seized in executing warrant "may be brought before a Justice of the Peace by means of a photograph or videotape" or by using audiovisual device). For background on this issue, see Randolph S. Sergent, Note, A Fourth Amendment Model For Computer Networks And Data Privacy, 81 Va. L. Rev. 1181 (1995) (on WESTLAW). See also Mitchell Kapor & Mike Godwin, Civil Liberties Implications of Computer Searches and Seizures: Some Proposed Guidelines for Magistrates Who Issue Search Warrants, Paper Presented at Fourth Annual Computer Virus and Security Conference (March 1991), http://www.sgrm.com/art-5.htm , discussed in Gregory E. Perry & Cherie Ballard, A Chip By Any Other Name Would Still Be A Potato: The Failure Of Law And Its Definitions To Keep Pace With Computer Technology, 24 Texas Tech. L. Rev. 797, 814 (1993) (differentiate search and seizure so that seizure is only appropriate when search cannot be conducted on site and/or when computer itself was an instrument of crime).

14 See Soldal v. Cook County, 506 U.S. 56 (1992) ('A `seizure’ of property . . . occurs when there is some meaningful interference with an individual’s possessory interests in that property'). See also Discussion Paper from Computer Forensics UK Ltd. On the Judicial Review Relating to Search Warrants, http://www.computer-forensics.com/articles/welcome.html (copying files as a seizure). See generally Delaware Justice of the Peace Criminal Procedure Rule 41(items seized in executing warrant "may be brought before a Justice of the Peace by means of a photograph or videotape" or by using audiovisual device). See, e.g., United States v. Monroe, 52 M.J. 326 (U.S. Armed Forces 2000); United States v. Hambrick, 55 F. Supp. 2d 504 (504 (W.D. Va. 1999); United States v. Maxwell, 45 M.J. 406 (1996). See generally Randolph S. Sergent, Note, A Fourth Amendment Model For Computer Networks And Data Privacy, 81 Va. L. Rev. 1181 (1995) (on WESTLAW) (arguing that copying should be a seizure); Mitchell Kapor & Mike Godwin, Civil Liberties Implications of Computer Searches and Seizures: Some Proposed Guidelines for Magistrates Who Issue Search Warrants, Paper Presented at Fourth Annual Computer Virus and Security Conference (March 1991), http://www.sgrm.com/art-5.htm, discussed in Gregory E. Perry & Cherie Ballard, A Chip By Any Other Name Would Still Be A Potato: The Failure Of Law And Its Definitions To Keep Pace With Computer Technology, 24 Texas Tech. L. Rev. 797, 814 (1993) (differentiate search and seizure so that seizure is only appropriate when search cannot be conducted on site and/or when computer itself was an instrument of crime).

Is it a seizure to take someone’s hard drive and replace it with a copy? See United States v. Simons, 206F.3d 392 (4th Cir. 2000). See also United States v. Simpson, 152 F.3d 1241 (10th Cir. 1998). Simons also involved the surreptitious copying of files contained on disks. Is an order directing that evidence be preserved under Article III a seizure?

15 See Michigan Compiled Laws Annotated § 752.792; Nevada Revised Statutes § 205.4732. See also Australian Security Intelligence Organisation Legislation Amendment Bill 1999, http://www.aph.gov.au/library/pubs/bd/1998-99/99bd172.htm:

 

accessing computer information: subclause 25(5) allows the Attorney-General to authorise under a search warrant the use of computers to access data relevant to security, to print copies to take away from the premises, to make electronic copies and to alter, add to or delete data. The next subsection prohibits interference with the lawful use of the computer or loss or damage to lawful users.

In addition to permitting access to computers on specified premises under a search warrant, the Bill also introduces a separate 'computer access warrant'. Clause 25A allows the Attorney-General to authorise ASIO to use electronic means to access data relevant to security which is stored in a target computer. This includes the ability to add, delete or alter data in the target computer, copy data, do anything necessary to conceal activities under the warrant and do anything else reasonably incidental. A note makes clear that acting under a warrant will exempt an ASIO operative from criminal liability which would otherwise apply. Again the provision purports to protect lawful use and users (subsection 25A(5)).

Computer access warrants may be authorised for periods up to 6 months (subclause 25A(6)).

The Government acknowledges that remote access to data will strengthen ASIO's capacity to gather security `intelligence and the powers to alter data will help combat security systems and encryption techniques.

See also 31 Bytes in Brief (January 2000), http://www.senseient.com/news01_2000.htm:

The Australian Security Intelligence Organization was the beneficiary of a law passed on November 29th giving it increased powers to hack into computers, monitor online communications, copy files and alter software on computers. The ASIO Legislation Amendment Bill 1999 will permit security officers to hack into a computer if "there are reasonable grounds for believing that access to data held in a particular computer (the target computer) will substantially assist the collection of intelligence that is important in relation to security." An access warrant permits ASIO to use computers, phone companies and telecommunications equipment to gain access to a remote or networked computer. Once connected, the ASIO hackers will be allowed to copy, add, delete or alter any data in the target computer that is relevant to the security matter. When they leave the system, the security officers are permitted to conceal their hacking and they will not be subject to the Crimes Act which forbids computer hacking in Australia.

16 See United States v. Simons, 206 F3d 392 (4th Cir. 2000) (employer search). See, e.g., United States v. Kevin Mitnick, Defendant’s Motion to Suppress Evidence and Memorandum in Support, http://www.kevinmitnick.com/040599wamotion.html ("With The Government's Acquiescence And Knowledge, And The Intent To Assist The Government, Tsutomu Shimomura Acted As An Instrument Or Agent Of The Government" & "The Government Used Shimomura's Involvement To Circumvent The Warrant Requirement Of 18 U.S.C. § 2511"). See also United States v. Grosenheider, 200 F.3d 321 (5th Cir. 2000) (computer repair shop); United States v. Hall, 142 F.3d 988 (7th Cir. 1998) (same); United States v. Kennedy, 81 F. Supp. 2d 1103 (D. Kansas 2000) (search by employees of Internet Service Provider). See generally Porter v. State, 996 S.W.2d 317 (Tex. App. (1999); Department of Justice, Guidelines for Searching and Seizing Computers (1999 Supplement), http://www.usdoj.gov/criminal/cybercrime/supplement/s&suppii.htm#IIG.

17 At least one circuit has held that disks and hard drives are not "closed containers" separate from the computer which require the issuance of a separate search/seizure warrant. See United States v. Simpson, 152 F.3d 1241 (10th Cir. 1998). See also Department of Justice, Guidelines for Searching and Seizing Computers (1999 Supplement), http://www.usdoj.gov/criminal/cybercrime/supplement/s&suppii.htm#IIG.

18 See Michigan Compiled Laws Annotated § 600.4703a & § 752.792.

19 See Michigan Compiled Laws Annotated § 600.4703a.

20 See Michigan Compiled Laws Annotated § 600.4703a.

21 See Michigan Compiled Laws Annotated § 600.4703a.

22 See Michigan Compiled Laws Annotated § 600.4703a.

23 See Michigan Compiled Laws Annotated § 600.4703a.

24 See Michigan Compiled Laws Annotated § 600.4703a.

25 See Michigan Compiled Laws Annotated § 600.4703a.

26 See Michigan Compiled Laws Annotated § 600.4703a.

27 See, e.g., United States v. Simons, 206 F.3d 392 (4th Cir. 2000).

28 See 18 U.S. Code § 2510(14); Hawaii Rev. Stat. Ann. § 803-41.

29 See 18 U.S. Code § 2711(2).

30 See Michigan Compiled Laws Annotated § 752.792.

31 See United States v. Kennedy, 81 F. Supp. 2d 1103 (D. Kansas 2000) (subscriber data is not protected by the Fourth Amendment because it is not encompassed by a reasonable expectation of privacy under Katz; it is protected by the Electronic Communications Privacy Act, 18 U.S. Code § 2703, but the Act does not require the suppression of information seized in violation of its provisions).

32 See, e.g., United States v. Grosenheider, 200 F.3d 321 (5th Cir. 2000).

33 See United States v. Carey, 172 F.3d 1268 (10th Cir. 1999).

34 See Michigan Compiled Laws Annotated § 752.792.

35 See California Penal Code § 1524.2.

36 See California Penal Code § 1524.2.