By Zack Wavrusa
Assistant County & District Attorney in Rusk County
In the 1999 science fiction classic, The Matrix, Laurence Fishburne portrays the enigmatic Morpheus, leader of a group trying to free humanity from a virtual prison constructed by a race of intelligent machines. In one of the most iconic monologues in American cinema, Morpheus tells Neo, a denizen of this virtual world played by Keanu Reeves, that something is not right with the world around him. He says that Neo knows something is wrong, even though Neo can’t explain what that is. Morpheus then presents Neo with two choices: He can take a blue pill and wake up in his bed the next morning to continue his life ignorant of the world’s true nature, or he could swallow the red pill and have the facade pulled away. Neo chooses the red pill, discovers he is “The One,” saves his friends, and over two terrible sequels, also rescues all of humanity.
While it’s unlikely that the human race exists only in a computer simulation,[1] prosecutors can learn a lot by taking the metaphorical red pill and opening their eyes to the digital world that surrounds us. Our computers, mobile phones, internet activity, smart devices, and more all contain an unbelievable amount of personal information. The depth of that information is equal parts incredible and uncomfortable. Prosecutors who know what information could be out there and where to look for it can dramatically improve the quality of their criminal cases.
Digital evidence isn’t just for “computer crimes” either. The GPS metadata behind most every picture taken by a smartphone might lead prosecutors to the bar where a defendant charged with DWI or intoxication manslaughter was drinking before his arrest and to a witness who can report how many drinks the defendant had that night. Cell site location information related to a murder defendant’s iPhone can show a jury that the suspect’s and victim’s phones were both in motion on the night of the crime and were communicating with the same series of cellphone towers.
Computers, mobile devices, the internet, and the law regarding digital searches and seizures are all evolving rapidly. There is always some new piece of computer hardware, software, or social media garbage to upend the rules. Luckily, knowing some of the basics of the current landscape will help us get over digital hurdles on the path to justice. It’s impossible (for me at least) to explain how to obtain, analyze, and admit all the different digital evidence out there, but here are some common digital evidence issues to start off on the right foot.
Search warrant concerns
All of the search warrant fundamentals that we learned in law school and from living legends Ted Wilson and Tom Bridges apply to search warrants for digital evidence. Those basic yet incredibly critical lessons will not be repeated here.[2] However, digital evidence is complex and ever evolving, and its unique nature means that special considerations are required when deciding whether a warrant is necessary and what information is needed to obtain one.
Particularity. Digital media, such as photos and videos, can be stored in a truly amazing number of devices. Pretty much anything with a hard drive, solid state drive, or flash memory can store photos or video. This includes the usual suspects: computers, mobile devices, and external storage media such as CDs, DVDs, and flash drives. It also includes less obvious devices like game consoles, DVRs, and a multitude of smart home devices.
The Fourth Amendment’s search warrant requirements are met when the warrant and supporting affidavit show:
1) that a specific offense has been committed,
2) that the property or items to be searched for or seized constitute or contain evidence of the offense or evidence that a person committed it, and
3) that the evidence sought is located at or within the thing to be searched.[3]
The third element, called the Fourth Amendment’s particularity requirement, can be tricky when pursuing digital media evidence.[4] The place to be searched could be a home at 123 Main Street and the thing to be seized could be the defendant’s smartphone. It could also be that the place to be searched is the defendant’s smartphone and items to be seized are digital images of child pornography. If you get a chance to review a probable cause affidavit prior to its submission to the court, make sure it explains why there is reason to believe that the electronic device is located inside the home AND why there is reason to believe that the electronic device contains evidence of some element of the crime.[5]
To address this concern unique to digital evidence, it has become a common practice among law enforcement officers well-versed in digital evidence to draft warrants that expressly authorize the forensic examination of electronic devices. In the affidavits for these warrants, the affiant will typically explain how the evidence can be or often is stored electronically in devices such as X, Y, and Z. It will further explain that examination of X, Y, and Z requires specialized tools, and the affiant would then request authorization to remove the devices to the cybercrime lab for analysis. The warrant itself would obviously need to follow suit.
In a child pornography investigation, which items should law enforcement seek in its warrant when the photo and video evidence of the crime could be almost anywhere? Will a warrant stand up to constitutional muster if it permits the seizure of every item in a home that could conceivably store electronic data? Maybe.
The Court of Criminal Appeals has explained that the particularity requirement assures the individual whose property is searched or seized of the lawful authority of the executing officer, his need to search, and the limits of his powers to search.[6] The constitutional objectives of requiring a particular description of the place to be searched include:
1) ensuring that the officer searches the right place;
2) confirming that probable cause is, in fact, established for the place described in the warrant;
3) limiting the officer’s discretion and narrowing the scope of his search;
4) minimizing the danger of mistakenly searching the person or property of an innocent bystander or property owner; and
5) informing the owner of the officer’s authority to search that specific location.[7]
A warrant is sufficiently particular if it enables the officer to locate the property and distinguish it from other places in the community.[8] The degree of specificity required is flexible and will vary according to the crime being investigated, the item being searched, and the types of items being sought.[9] Additionally, “the Fourth Amendment does not require perfection in the warrant’s description of the place to be searched.”[10] In Aleman v. State, the defendant was working at a Goodwill when he was caught using a small camera to photograph women in the changing room.[11] The victim got a good look at the camera before the defendant hid it, noting that it was the type of digital camera that saves images to an SD card.[12] Law enforcement was unable to locate the camera and subsequently sought a warrant for the defendant’s home. The warrant sought the seizure of electronic media from a bevy of devices ranging from floppy disks (in 2018!) to Nintendo Wiis.[13] Law enforcement recovered a camera, a laptop, several computer hard drives, cell phones, a thumb drive, a media card, a Halo device, and pornographic videotapes and DVDs.[14] A search of these devices uncovered several photographs of women in dressing rooms and videos of two small children performing oral sex on the defendant.[15]
On appeal, the defendant complained that the laundry list of devices the warrant permitted law enforcement to seize violated the Fourth Amendment’s particularity requirement. The court of appeals held that the warrant’s specification of its list of devices made it facially particular and also advanced the Fourth Amendment’s objectives of requiring a particular description of the place to be searched.[16] But don’t take this decision to mean that the floodgates are open and that law enforcement can seize any and all digital media storage devices without fear of running afoul of the Fourth Amendment. The 13th Court of Appeals cautioned that the outcome could have been different if the camera did not have transfer capabilities.[17] The Fourth Amendment is never going to permit a person’s belongings to be sifted through to look for any evidence of any crime.[18]
At the same time, narrowing the warrant’s scope is harder with digital media than with tangible objects. In the physical world, searches are defined by spatial limitations. A warrant to search for a stolen firearm will not permit law enforcement to open the drawers of a jewelry box, nor will a warrant for a stolen RV allow the search of a small lawnmower shed. These same spatial limitations don’t make sense when it comes to digital evidence. A file that starts out on one device can easily be stored elsewhere and shared with another. Even within one device, it’s easy to move things from one place, say the My Pictures folder, to another more obscure place, say, “C:\Program Files x(86)\OfficeCalendar\DefinitelyNothingIllegalFolder.” So officers will often have probable cause to look anywhere on any of the defendant’s devices; thus, the scope of the warrant ends up being much more like a general warrant, especially as devices will necessarily have the ability to store many more things than the police have probable cause to believe is there.
As criminal justice stakeholders begin to better understand digital evidence and as technology evolves, the breadth of devices that law enforcement may seize will get smaller and smaller. If you find yourself reviewing a warrant or advising law enforcement prior to one being drafted, promote a tailored listed of devices to be seized. Eventually, an appellate court is going to blow up a warrant for lack of particularity. You don’t want it to be your case and you don’t want it to be because the warrant authorized seizure of the defendant’s smart fridge or a bunch of 31⁄2-inch floppy disks, whose storage capacity is so small that they can’t hold a single modern jpeg file.
Intermingled documents. Intermingled documents are of greater concern with the execution of digital search warrants as well. Way back in 1977, the Supreme Court, in Nixon v. Administrator of General Services, held that government investigators have broad ability to view documents intermingled with other documents to ascertain their relevancy under a search warrant for documentary evidence.[19] Oftentimes, while investigating one criminal enterprise, forensic computer examiners will discover evidence of another.
It is important to note that the plain-view doctrine is somewhat limited when applied to computer searches. The United States District Court for the Southern District of Texas addressed the issue in United States v. Kim. There, investigators were searching Kim’s computer for evidence of unauthorized computer access crimes.[20] During their investigation, they discovered computer files with labels that suggested sexually explicit content.[21] The officers in that case said they had never discovered evidence of a lesser crime hidden in files with labels that were suggestive of child pornography.[22] The files were also heavily encrypted.[23] The court in Kim subsequently took the position that the images of child pornography were not in plain view and that when the investigators began the process of decrypting and viewing the files, they were conducting a warrantless search for child pornography.[24]
Often, the contents of a computer, especially those of less sophisticated users, will be so intermingled that no clear separation of materials exists. Evidence of drug trafficking, child pornography, and the like can be as blended together as different suits in a shuffled deck of cards. An investigator searching for evidence of drug trafficking might not have any indication that the next file she is about to click is evidence of child pornography. When this happens and investigators stumble across materials outside the warrant’s scope, and especially if looking further would require them to decrypt anything, advise them to immediately discontinue the search and obtain a subsequent warrant for the new materials.
Cell Site Location Information (CSLI). At this point in the pandemic, we all know at least one person who could be convinced (or is trying to convince others) that the COVID-19 vaccine is a government plot to outfit us all with microscopic GPS trackers. Chances are that person doesn’t realize that he has been willingly slipping a sophisticated data collection device into his pocket every day for years.
Our cell phones are a vast source of personal data. Nobody uses a modern smartphone for simply communicating with other people. We use it for banking, shopping, entertainment, and dating. We use it to arrange transportation, pay for goods and services, and monitor home security systems. All the while, the phone is doing something that most people don’t think about: It is relaying our every move to America’s best in the worldwide cellular communications network.
For a long while, courts took the position that cell phone users had no reasonable expectation of privacy in this data, called Cell Site Location Information ( CSLI), because it was surrendered by the phone’s user to a third party (the cellular phone service provider). The courts reasoned that users voluntarily disclose the location of their cell phones through cell-site data to a third party when they obtain a cell phone, choose a service provider, and avail themselves of the benefits of the cell provider’s network.[25] As a result, this information was regularly obtained from cell service providers with a grand jury subpoena.
In Carpenter v. United States, the Supreme Court took up, again, the question of whether law enforcement’s acquisition of CSLI was a search for purposes of the Fourth Amendment. The Court held, in a 5–4 opinion drafted by Chief Justice John Roberts, that the government’s retrieval of CSLI was indeed a search for purposes of the Fourth Amendment.[26] In its opinion, the Court reasoned that tracking a person’s past movements through CSLI partakes of many of the qualities of GPS monitoring: It is detailed, encyclopedic, and effortlessly compiled. Also, cell phone location information is not truly “shared” as the term is normally understood.[27] First, cell phones and the services they provide are “such a pervasive and insistent part of daily life” that carrying one is indispensable to participation in modern society.[28] Second, a cell phone logs a cell-site record by dint of its operation, without any affirmative act on the user’s part beyond powering up.[29]
The Government argued that collection of CSLI should be permitted without a warrant because it is less precise that GPS data.[30] Rather than exactly pinpointing the defendant’s location, CSLI placed him only within a 1⁄8- to 4-square-mile “wedge” that encompassed the crime scene. The Court rejected this distinction, however. Chief Justice Roberts noted that the accuracy of CSLI is approaching GPS-level precision and, as the number of cell phone towers increases, the geographic area that each tower covers has shrunk. Accordingly, the Court held that individuals had a reasonable expectation of privacy in the whole of their physical movements.[31]
The Texas Court of Criminal Appeals adopted the Carpenter position for the Texas Constitution in Holder v. State. There, the CCA noted that it “made more sense to adopt the Supreme Court’s reasoning in Carpenter and to no longer apply the third-party doctrine to CSLI records.”[32] Make sure that your local law enforcement agencies are aware of this change in position. For many years, obtaining CSLI by way of a grand jury subpoena was a common practice in many jurisdictions. COVID-19-related interruptions of continuing education means that there is a greater-than-normal chance that investigators are not up-to-date on the state of the law in this regard.
Subscription information. Subscriber information provided to an internet service provider is not protected by the Fourth Amendment.[33] Once people turn over information to a third party, they lose any expectation of the privacy in the information.[34] The ability to obtain this subscriber information via grand jury subpoena remains alive and well post-Carpenter, the major distinction between subscriber information and cell site location information being that all subscriber information is very consciously and obviously handed over to a third party, whereas CSLI is actively catalogued by the cell service provider without any action or input from cellphone users. Subscriber information includes names, addresses, and other personal identifying information given to internet service providers (Suddenlink, AT&T, Spectrum, etc.), social media sites (Facebook, Snapchat, TikTok, etc.), financial institutions (PayPal, Venmo, etc.), and cloud storage applications (iCloud, Google Drive, Dropbox, etc.).
Subscriber information is especially helpful in prosecutions of internet crimes against children. Often, local law enforcement will receive tips from a federal or international law enforcement agency that indicate a local individual is conducting criminal activity online, such as possession of child pornography or online solicitation of a minor. At the time this information is provided, the only information to identify the perpetrator might be a username, phone number, or IP address. Once local law enforcement receives this information, a grand jury subpoena directed to the service provider should reveal sufficient additional info to identify the perpetrator and obtain a search warrant.
Cellphone searches. This isn’t exactly breaking news, but it bears repeating: Law enforcement must obtain consent or a search warrant before searching a defendant’s phone.[35] Given modern technology and the incredible amount of personal information stored and accessible on a cellphone, defendants have a reasonable expectation of privacy in their cellphones even when the phone is temporarily stored in a jail property room.[36] Police may legitimately “seize” the property and hold it while they seek a search warrant, but they may not embark upon a general, evidence-gathering search of a cell phone, which contains “much more personal information … than could ever fit in a wallet, address book, briefcase, or other traditional containers.”[37]
Circumstances could lead police or prosecutors to believe that exigent circumstances exist to perform a search of the phone. There has not been a lot of appellate litigation of the issue, however, and the cases that are out there are not good for the State. In Igboji v. State, the Fourteenth Court of Appeals in Houston found that detectives’ beliefs that Snapchat messages would “be deleted after a certain amount of time” and “the user was able to predetermine … how long the image or video would last” were reasonable, but these beliefs did not amount to exigent circumstances.[38]
The moral of the story is to get a warrant or written consent before every cell phone search. Remember, too, that there are heightened warrant requirements in Tex. Code Crim. Proc. Art. 18.0215 for searches of a person’s cell phone conducted pursuant to a lawful arrest of that person.
Obtaining the warrant isn’t the only issue. Law enforcement’s concern that data on the phone may be remotely wiped is a very real one, especially when dealing with sophisticated defendants. Faraday bags are an effective yet imperfect solution to this problem. Faraday bags are designed to surround the phone and then, once closed, keep it from receiving any cellular or WiFi signal that would instruct it to wipe its data. They aren’t a perfect option, however. Cellular data and WiFi signals can still sometimes penetrate a Faraday bag. It is also impossible to charge a device inside a Faraday bag because the portion of the charging cable not in the bag will act is an antenna of sorts for the device in the bag.
Password protection is also an ever-present concern. Both Apple and Samsung are increasing the strength of their products’ data encryption. It’s harder and harder for computer forensic specialists to bypass these security protocols and access the data on the phones. Sometimes, law enforcement will be fortunate enough to seize a phone while it is still “unlocked” and will want to search the phone. The only real solution to this problem is to prevent the phone from “going to sleep” by having an officer repeatedly tap the screen in such a way as to not activate an app or access any data until a warrant can be obtained by another officer or detective. It feels silly to write this out, but sometimes it’s our only option.
Deleted data
Caselaw and statutory requirements aren’t the only things prosecutors have to keep up with to maximize our use of digital evidence. You might as well consider computer hardware and software as something in a constant state of flux. New technologies are being developed and incorporated into our favorite devices all of the time.
Data storage is one area that has undergone many changes over the past decade. Our mobile devices (cellphones and tablets) and computers all require data storage devices to function. There are two types: hard disk drives (HDD) and solid state drives (SSD). For the longest time, HDDs were the most common storage device in both desktop and laptop computers, as well as popular mobile devices like the iPod. Over time, advancements in SSD manufacturing led to increases in the volume of data storage and decreases in the cost of manufacture. This development has made SSDs at least as common as HDDs. This is important to prosecutors because the likelihood that deleted data can be recovered greatly depends on which type you’re dealing with.
Solid state drives are used in all modern mobile devices and they are becoming much more common in computers, especially high-performance machines. The increasing popularity of SSDs is due to the fact that reading and writing data onto an SSD is much faster than mechanically based HDDs. Internal SSDs will almost certainly utilize a protocol called TRIM. The TRIM protocol automatically erases files designated for deletion and leaves those sectors of the SSD empty. Put another way, the TRIM protocol takes all the ones and zeroes that make up the data and resets them when the user marks files for deletion. This can make recovery of deleted data difficult or, in some instances, impossible.
Hard disk drives (and some external SSDs) store data differently and, as a result, “deleted” data might remain accessible to forensic computer examiners. When a user deletes data on an HDD, the physical part of the HDD where the data is stored does not have its ones and zeros deleted. Instead, the computer removes the data from a registry file that tracks where data is physically stored on the hard drive. Once this location data is removed from the registry, the computer considers that physical location on the hard drive empty and available to store data. Until new data is actually saved in that location, though, the original data remains and can be recovered by someone with the right tools.
Metadata
Metadata is data about … data. It’s usually hidden in the background and not immediately visible to the user of the computer or mobile device. The metadata describes and gives context to the data. It’s helpful for organizing, finding, and understanding data, and it can be incredibly helpful to prosecutors, especially when it comes to digital images.
Metadata (also known as Exchangeable Image File Format or EXIF) will include:
1) the date and time a photo was taken,
2) specific coordinates for the location where the photo was taken,
3) the camera model and manufacturer,
4) camera settings used,
5) file size, and
6) resolution.
The origin of photographic metadata is as old as chemical photography itself. When archiving their negatives, professional photographers used to note the date, location, which camera they used, and the photograph’s subject. As photography advanced into the digital age, software developers incorporated this information into the images themselves.
The most complete view of this data comes from a forensic examination of the device where the data is stored. Certain devices, such as the Apple iPhone, make it possible to see some of this data natively within the device’s operating system. See the screen capture from my own phone on the opposite page. There are also dedicated EXIF viewers available for purchase and download that will allow you to see metadata.
It doesn’t take a whole lot of experience trying cases to see how helpful metadata can be to a criminal prosecution. Does the defendant have photographs on his phone that put him in a place and time that corroborates a child’s outcry statement of sexual abuse? How would you like to show a jury that the pictures of stolen property on a defendant’s phone were not sent to him by someone he contacted through Craigslist, but were in fact created by his own phone?
Before prosecutors introduce photographic metadata in court, they should prepare for the possibility that the defendant will claim that the metadata has been altered. A number of programs that allow editing of metadata are available for purchase online, and unfortunately, there are no obvious indicators when metadata has been changed. However, don’t take that as a sign that we can’t rebut this defense if a defendant raises it. Sit down with your digital forensic examiner and look for inconsistencies in the metadata that indicate it was tampered with. Are there inconsistencies within the metadata, such as a “last edited” date that is before the “created on” date? Are the device model and lens model consistent?
I’ve been fortunate enough to not have combatted this particular defense. If I (or you) ever have to, we can thankfully breathe a little easier knowing that federal caselaw seems to indicate that allegations of data tampering go to weight, not admissibility. In United States v. Durham, the Tenth Circuit court held that the trial court did not abuse its discretion in determining that there was sufficient foundation to support the authenticity of video from a cellphone, despite an allegation from the defense that the data had been altered.[39]
Forensic computer experts
So you’ve procured some digital evidence. To present it to a jury, you will need a forensic computer expert. Such an expert will be good for a lot more than showing prosecutors data that has been deleted and revealing the metadata hidden behind certain file types. This expert is a key part of the investigation and evidence at trial. The evidence s/he uncovers and his or her testimony will be the focal point of most cybercrime cases and can even be a real turning point in “ordinary” cases where computer use is not normally front and center.
Successfully preparing for and conducting the direct examination of a forensic computer expert are both very similar to and very different from that of other experts. Like someone who has done a DNA comparison or a forensic identification of a controlled substance, forensic computer experts have highly specialized knowledge and tools that allow them to understand the evidence and draw conclusions from it that are impossible for anyone without a similar level of training and technological resources. Such experts are unusual in that many are licensed law enforcement officers. Some will have computer science backgrounds and are hired to fill a role in the cybercrimes division. Others started their careers as patrol officers only to promote into criminal investigations and receive training for forensic computer examinations.
Another important distinction involves the personal experience of jurors. When DNA or drug analysts testify, they are combating jurors’ preconceived notions from movies, television, and books. When forensic computer experts testify, they are battling preconceived notions that the jurors have because jurors have all used a computer before. This distinction is not one that should be taken lightly. Overcoming the preconceived notions of a juror is always a challenge, but it is especially difficult when they are based on personal experience.
Successful testimony from a forensic computer expert requires lots of preparation and planning. Before you sit down for the first pre-trial meeting with an expert, especially if it’s your first time working with this person, consider using some of the time to discuss the following topics.
Training and experience. Don’t brush off preparing on your expert’s training and experience. For the jury to give the expert’s testimony its proper weight, prosecutors must convince the jury that this person has a level of knowledge with respect to electronic devices and their operation that far exceeds that which the jurors themselves have through their own everyday use of these devices.
There are distinctly different paths to becoming a forensic computer expert in the cybercrimes division, so there isn’t a one-size-fits-all approach to discussing it at trial. Step one in deciding a framework for this portion of direct examination is identifying the expert’s background. Did he come into law enforcement with a degree in computer science or a background in cybersecurity, or did he work up through the patrol ranks and into the Criminal Investigations Division (CID) to be trained? Treat experts with a background in computers much like any other expert.
For those patrol officers turned cybercrime investigators, spend a lot of time discussing the training they have received. Much cybercrime and digital investigation training is very intense and includes a “lab” component where trainees put the information they learn into action. The National Computer Forensics Institute (NCFI) is one of the leading providers of digital investigation training; it utilizes experienced investigators from the Secret Service and private industry. It can take weeks to complete all the training NCFI offers. Whether your expert attended NCFI courses or received some other training, get a firm grip on the contents of his curriculum vitae and go through it in fine detail with the jury. Don’t let the jury get the impression that the training is just some extension of the police academy or that it’s taught by anybody but the most capable instructors.
Tools and equipment. Forensic examination of a computer or mobile device isn’t done by poking around on an unlocked smartphone or File Explorer on Windows 10. Modern forensic computer examiners use both hardware and software to bypass the phone’s encryption and create a forensic copy of the device to conduct their analysis on.
Cellebrite is the most common manufacturer of this type of equipment and software. It is the industry leader; if your computer forensics expert happens to work for the FBI or Secret Service, he is most certainly using Cellebrite equipment to perform the examination. There are other less widely used alternatives, but they all follow a similar process.
The first step is to make a forensic copy of the data or device. Making a copy is important because every time data is accessed or a device is used, a change occurs within the data or device and metadata is updated to reflect that a file was accessed. Logs within the operating system show that it booted up, connected to the internet, fetched information, etc. Despite a forensic examiner’s ability to explain why and how these changes to the data are made, such changes can affect the weight and credibility of the data in the jurors’ minds. The creation of a forensic copy allows the forensic examiner to look at the data without changing the original.
Once the forensic copy is complete, the examiner will use software to review data and prepare a report. What he finds depends on the device he’s analyzing. For a mobile device, you can reasonably expect to see sent and received text messages, call logs, photographs, and internet and search history. For computers, you can expect access to pretty much the entire contents of the computer’s storage device plus website history and search history. If the computer has a hard disk drive, you might recover a certain amount of data that was deleted by the computer’s users.
Examiner’s report. A really good forensic computer examiner will do more than a simple “dump” of the device and hand over the forensic copy for you to poke through yourself. A good forensic examiner will understand the crime for which the defendant is under investigation and will work through the available data for evidence relevant to the allegation. In a child pornography case, the report will categorize and organize the data so that all images of child pornography are grouped together even if they are saved in a variety of locations on the computer. In a murder investigation, the communications between the defendant and the victim will be collected along with any of the defendant’s search history that may shed light on the motive, manner, and means of death. There is so much that our computers and mobile devices are capable of doing and saving that the possibilities in terms of relevant evidence are truly limitless.
I want to warn readers that this report is unlikely to come to you in a paper format and will likely include special software to view in its entirety. There might be an additional paper report that accompanies the forensic report, but the forensic report itself will resemble an e-book with navigable links and search functions. The first time you get one of these, have the forensic examiner walk you through it. These reports contain an incredible amount of information, and if you open the report prepared to see a nice little narrative or a suggested viewing order, you might find yourself overwhelmed. The reports are not intuitive to everyone, and you would hate to miss evidence crucial to the case because of unfamiliarity with the report format.
Conclusion
It is no secret that we are living in the Digital Age. To remain effective as prosecutors, we have to stay up-to-date with the technological advances occurring around us every day. We do not have the option of taking the metaphorical blue pill. It’s time to take the red pill and dive headfirst into the digital worlds around us for the benefit of our victims and the communities we serve.
Endnotes
[1] www.popularmechanics.com/science/a34362527/are-we-living-in-a-simulation.
[2] Because you can read all about them in TDCAA’s Warrants Manual, available for sale at www.tdcaa.com/ product/warrants-manual-2018.
[3] Sims v. State, 526 S.W.3d 638, 645 (Tex. App.—Texarkana 2017).
[4] U.S. Const. Amend IV; Tex. Const. art. I, §9.
[5] See Walker v. State, 494 S.W.3d 905, 908-909 (Tex. App. – Houston [14th Dist.] 2016, pet. ref’d)
[6] Bonds v. State, 403 S.W.3d 867, 874-75 (Tex. Crim. App. 2003).
[7] Id.
[8] Id. at 875.
[9] United States v. Richards, 659 F.3d 527, 537 (6th Cir. 2011).
[10] Bonds at 875.
[11] Aleman v. State, No. 13-16-00509-CR, 2018 Tex. App. LEXIS 6716, at *3 (Tex. App.—Corpus Christi Aug. 23, 2018, no pet.)(not designated for publication and so not precedential).
[12] Id.
[13] Id. at *5-6
[14] Id. at 6.
[15] Id.
[16] Id. at *10.
[17] Id. at *11.
[18] United States v. Layne, 43 F.3d 127, 132 (5th Cir. 1995).
[19] Nixon v. Administrator of General Services, 433 U.S. 427 (1977).
[20] United States v. Kim, 677 F. Supp. 2d 930, 948 (S.D. Tex. 2009).
[21] Id.
[22] Id.
[23] Id.
[24] Id.
[25] Ford v. State, 477 S.W.3d 321, 328 (Tex. Crim. App. 2015).
[26] Carpenter v. United States, 138 S. Ct. 2206, 2209 (2018).
[27] Id. at 2210.
[28] Riley v. California, 573 U.S. 373, 385, 134 S. Ct. 2473, 2484 (2014) (“modern cell phones, which are now such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy”).
[29] Carpenter at 2210.
[30] Carpenter at 2218.
[31] Id. Note that extremely short-term CSLI data can still be accessed without a warrant. Sims v. State, 569 S.W.3d 634 (Tex. Crim. App. 2019).
[32] Holder v. State, 595 S.W.3d 691, 701 (Tex. Crim. App. 2020).
[33] See United States v. Trader, 981 F.3d 961, 968 (11th Cir. 2020) (“every [federal] circuit to consider the question after Carpenter [v. United States]” has decided “that subscriber information disclosed during ordinary use of the internet, including internet protocol addresses and email addresses, falls within the third-party doctrine”). See also Ex parte Jones, 473 S.W.3d 850, 855 (Tex. App. —Houston [14th Dist.] 2015, pet. ref’d).
[34] Smith v. Maryland, 442 U.S. 735, 743-44, 99 S. Ct. 2577, 2582 (1979).
[35] See State v. Granville, 423 S.W.3d 399 (Tex. Crim. App. 2014).
[36] Id. at 409.
[37] Id. at 412.
[38] Igboji v. State, 607 S.W.3d 157, 170 (Tex. App.—Houston [14th Dist.] 2020, pet. granted in Cause PD-0936-20). The Court of Criminal Appeals granted review of the Fourteenth Court of Appeals’s decision in Igboji, but at the time of writing, it had not yet been decided. Oral argument, conducted April 14, 2021, is available online at www.youtube.com/watch?v= 5NKpD63c6YU. See also Oliver v. State, No. 14-13-00957-CR, 2015 Tex. App. LEXIS 4350, (Tex. App.—Houston [14th Dist.] Jan. 22, 2015 pet. ref’d).
[39] United States v. Durham, 902 F.3d 1180, 1232 (10th Cir. 2018), cert. denied, 139 S. Ct. 849 (2019).