Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. In re Search of Information Associated With Fifteen Email Addresses Stored at Premises Owned

United States District Court, M.D. Alabama, Northern Division

September 28, 2017




         On June 15, 2017, the Government submitted fifteen separate search warrant applications to the Magistrate Judge. The applications were all part of the same investigation of tax fraud and identity theft, and they all wanted disclosure of the same thing: everything-all information, all emails, all usage history, everything- related to fifteen email accounts maintained by different electronic communications service providers. The Magistrate Judge denied the applications. In re Search of Information Associated With Fifteen Email Addresses, No. 2:17-CM-3152-WC, 2017 WL 3055518 (M.D. Ala. Jul. 14, 2017); (Doc. # 1, at 13.) The Government now seeks review. (Doc. # 2.)

         I. BACKGROUND

         A. The Warrant Applications

         The fifteen applications the Government submitted all relate to a multi-year investigation of a multi-million-dollar scheme to defraud using stolen identities. The applications were filed under seal, and those particular facts need not be recited here. Suffice it to say that certain email accounts the Government had already searched contained emails sent to or received from the new accounts that contained information of the sort the Government was investigating. The Government applied to the Magistrate Judge with these additional warrant applications to require the third-party electronic communications service providers-the hosts of the email accounts-to turn over all the information associated with the accounts.

         Each of the warrant applications consisted of two attachments. Attachment A described the thing or property to be searched-here, the specific email account and its provider. Attachment B described the “Particular Items to be Seized.” This section was then divided into (1) the “Information to be disclosed” by the provider, and (2) the “Information to be seized by the Government.”

         As the “Information to be disclosed, ” the Government sought:

a. The contents of all e-mails associated with the account, including stored or preserved copies of e-mails sent to and from the account, draft emails, the source and destination addresses associated with each e-mail, the date and time at which each e-mail was sent, and the size and length of each e-mail;

b. All records or other information regarding the identification of the account, to include full name, physical address, telephone numbers and other identifiers, records of session times and durations, the date on which the account was created, the length of service, the IP address used to register the account, log-in IP addresses associated with session times and dates, account status, alternative e-mail addresses provided during registration, methods of connecting, log files, and means and source of payment (including any credit or bank account number);

c. The types of service utilized;

d. All records or other information stored at any time by an individual using the account, including address books, contact and buddy lists, calendar data, pictures, and files; e. All records pertaining to communications between [the provider] and any person regarding the account, including contacts with support services and records of actions taken.

f. All location data associated with the account.

g. All location history associated with the account, whether derived from Global Positioning System (GPS) data, cell site/cell tower triangulation/trilateration, and precision measurement information such as timing advance or per call measurement data, and Wi-Fi location. Such data shall include the GPS coordinates and the dates and times of all location recordings.

h. All identity and contact information, including full name, e- mail address, physical address (including city, state, and zip code), date of birth, phone numbers, gender, hometown, occupation, and other personal identifiers.

(E.g., Doc. # 1-1, at 5-6.[1]) According to Attachment B's Section 2, though all of the above information would be “disclosed, ” only the following components would be “seized”:

         All information described above in Section 1 that constitutes fruits, evidence and instrumentalities of violations of Title 18, United States Code, Section 1028A [Identity Theft]; Title 18, United States Code, Section 1030 [Computer-related Fraud]; and title 18, United States Code, Section 1343 [Fraud by Wire, Radio, or Television] since January 1, 2015, including information pertaining to:

a. Records and communications regarding the transmission of personally identifiable information, IRS Forms W-2, tax returns, prepaid debit cards, the proceeds of the transfer or use of personally identifiable information, and a conspiracy to file false tax returns using stolen identities;

b. Records and communications regarding any property derived from the proceeds of the conspiracy;

c. Records relating to who created, used, or communicated with the account or identifier, including records about their identities and whereabouts; and

d. Records indicating how and when the email account was accessed or used, to determine the geographic and chronological context of account access, use, and events relating to the crime under investigation and to the email account owner, including all geolocation information.

e. Records relating to the identities of the person(s) who communicated with the user ID about matters described in paragraph 2.a., including records that help reveal their whereabouts.

(Doc. # 1-1, at 6.)

         Finally, the affiant also described how the warrant would be executed:

I anticipate executing this warrant under the Electronic Communications Privacy Act, in particular 18 U.S.C. §§ 2703(a), 2703(b)(1)(A), and 2703(c)(1)(A), by using the warrant to require [the provider] to disclose to the government copies of the records and other information (including the content of communications) particularly described in Attachment A and Section 1 of Attachment B. Upon receipt of the information described in Section 1 of Attachment B, government-authorized persons will review that information to locate the items described in Section 2 of Attachment B.

(Doc. # 1-1, at 18.)

         B. The Magistrate Judge's Ruling

         The Magistrate Judge denied the Government's applications. In doing so, the Magistrate Judge explained two specific problems with the proposed warrant. First, he found that “the Government's collection of data [was] not temporally limited despite its temporally-limited showing of probable cause (and its manifest intent to only seize evidence of specific crimes ‘since January 1, 2015').” Second, he was concerned “that the Government w[ould] keep and retain access indefinitely to all nonpertinent data it receives.” (Doc. # 1, at 6.) That is, since there were not “any protocol[s] for the Government's handling of non-pertinent information that the Government would compel the [providers] to disclose but that it ostensibly [would] not ‘seize, '” the Government would be able to keep indefinitely someone's personal information that, by the Government's own determination, did not relate to the object of the search. (Doc. # 1, at 12.)

         The Magistrate Judge also elaborated on his general discomfort with the broad nature of searches conducted under the seize-first, search-second protocol of Federal Rule of Criminal Procedure 41(e)(2)(B).[2] In his view, the premise “that there is a distinction between what is disclosed to, and apparently kept by, the Government, and what the Government actually ‘seizes, '” is false. (Doc. # 1, at 6- 7.) Accordingly, the Magistrate Judge found that the “disclosure”-read “seizure”-of all of the email accounts here would be unreasonable. (Doc. # 1, at 9-10.)


         Warrants sought pursuant to the Stored Communications Act of 1986, such as those here, may be issued “using the procedures described in the Federal Rules of Criminal Procedure . . . by a court of competent jurisdiction.” 18 U.S.C. § 2703(a), (b)(1)(A), (c)(1)(A). A court of competent jurisdiction is “any district court of the United States (including a magistrate judge of such a court)” that, inter alia, has jurisdiction over the offense being investigated. Id. § 2711(3)(A). Since the offenses being investigated here are aggravated identity theft under 18 U.S.C. §§ 1028A, 1030, and 1343, jurisdiction is proper. See 18 U.S.C. § 3231.

         III. ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.