Chief Judge Coughenour
UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON AT SEATTLE

Comes now the United States of America, by Katrina C. Pflaumer, United States Attorney, and Stephen C. Schroeder and Floyd G. Short, Assistant United States Attorney for the Western District of Washington, and files this Government’s Response to Defendant’s Motion to Suppress Seized Computer Data.

Following an extensive, national investigation of a series of computer hacker intrusions into the computer systems of businesses in the United States emanating from Russia, ALEXEY IVANOV was identified as one of the intruders. Beginning in June of 2000, e-mail and telephone communication with IVANOV was initiated by the FBI, pursuant to an undercover lure. Early on in that communication, IVANOV identified VASILY GORSHKOV as his business partner. In the course of e-mail correspondence, IVANOV and GORSHKOV agreed to travel to Seattle, Washington, to meet with personnel of a computer security company named Invita. Also as part of the events leading up to that travel, IVANOV offered to demonstrate his hacking skills on Invita’s own computers. A network was set up for that purpose, and IVANOV successfully hacked into it.

On November 10, 2000, defendant VASILY VYACHESLAVOVICH GORSHKOV, a/k/a VASSILI GORCHKOV, a/k/a kvakin,^[1] together with his co-defendant, ALEXEY V. IVANOV, a/k/a subbsta, a/k/a ctsavi, flew into SeaTac Airport from Russia. After arriving in Seattle, IVANOV and GORSHKOV were taken to an Invita office site in Seattle, where a meeting of several hours’ duration took place. Because IVANOV and GORSHKOV believed that they were meeting with personnel of Invita who were prospective partners in the business of illegally exploiting security flaws in corporate computer networks in the United States, they were asked to demonstrate their ability to hack into computer systems in the United States. Both defendants sat down at computers that belonged to Invita and were located in the office they were visiting, and they logged on to servers that they controlled in Russia. Their keystrokes were recorded by the FBI through a computer program called a sniffer that generated a log of their activity. Among the things that GORSHKOV did with the computer during the meeting was to download a network scanning program from his computer in Russia and use it to scan the entire local area network of computers located in the building where the small Invita office was located. Indeed, he informed the agents that he had conducted the scan immediately after he did it.

Unbeknownst to the defendants, their prospective partners in crime were really Special Agents of the FBI. After the two-hour meeting at the Invita office, the defendants were arrested pursuant to warrants issued by the United States District Court for the District of Connecticut. IVANOV was arrested on an Indictment in that District, while GORSHKOV was arrested pursuant to a Material Witness Warrant. Subsequently, GORSHKOV was indicted in this District on November 16, 2000, and was detained pending trial. On April 5, 2001, a twenty-count Superseding Indictment was returned, charging both GORSHKOV and IVANOV with conspiracy, computer intrusions, and fraud.

Beginning on November 14, 2000, and continuing until November 20, 2000, Special Agents of the FBI, with the assistance of a computer security professional from the University of Washington, connected to two networked computers located in Chelyabinsk, Russia, named tech.net.ru and freebsd.tech.net.ru. Those computers were identified by GORSHKOV as belonging to him. The agents were able to connect to tech.net.ru using both GORSHKOV’s user name and password, as well as those of IVANOV. The agents succeeded in accessing the computer freebsd.tech.net.ru only with GORSHKOV’s user name and password, IVANOV’s password apparently having been changed by somebody on November 16, 2000. GORSHKOV’s user name and password were obtained from the sniffer log that had recorded his activities at the Invita site.^[2]

Upon accessing the two computers, the agents copied a portion of the enormous amount of data that was located on them and downloaded the copied data to a computer located at the Seattle FBI office, contemplating that they would seek and obtain a search warrant before searching the contents of the download. Systems files on the Russian computers were viewed only to the extent that it was necessary to select relevant material to copy and download. The content of data files was not viewed. The downloaded data was not viewed until after December 1, 2000, when a search warrant was obtained from the United States District Court for the Western District of Washington to search the data. The delay in seeking the warrant was taken to accommodate the notification of Russian authorities through official channels that the download had taken place, and the intervening Thanksgiving holiday lengthened that process.

Copies of two search warrant affidavits for the computer data, setting forth additional facts, are attached hereto for the Court’s convenience.

A. GORSHKOV’S CLAIM THAT HE HAD A REASONABLE EXPECTATION OF PRIVACY IN SOMEBODY ELSE’S COMPUTER, IN SOMEONE ELSE’S OFFICE, IN THE CONTEXT OF THE INVITA HACKING DEMONSTRATION, IS UNPRECEDENTED AND ABSURD.

In order to establish a Fourth Amendment violation in the agents’ obtaining of his user name and password for the Russian computers through the sniffer on the Invita computer, GORSHKOV must demonstrate that he had a reasonable or legitimate expectation of privacy in that computer. That is, he must show, first, that he had an actual subjective expectation of privacy, and second, that the expectation is one that society is prepared to recognize as reasonable. See Rakas v. Illinois, 439 U.S. 128, 143 & n.12 (1978); United States v. Katz, 389 U.S. 347, 361 (1967) (Harlan, J., concurring). GORSHKOV can satisfy neither of these requirements, and he has cited no case that supports his position.

GORSHKOV could not have had, and in fact did not have, an actual expectation of privacy in a private computer network belonging to a U.S. company. It was not his computer. He was not even an employee; he was on the premises as a prospective employee or contractor. When GORSHKOV sat down at the networked computer at the Invita undercover site, he knew that the systems administrator could and would monitor his activities. Indeed, the undercover agent, Marty Leeth, told him that they wanted to watch in order to see what he was capable of doing. With the agents present in the room and frequently standing and looking over his shoulder, GORSHKOV sat down at the networked computer and logged on to an account at a computer named freebsd.tech.net.ru. Moreover, all of this occurred after the initial hacking demonstration by IVANOV, GORSHKOV’s co-conspirator, with the same sort of warning and notice that Invita would be studying what was done in order to assess their skills. GORSHKOV had no expectation of privacy in his actions on the Invita computer.

Even if GORSHKOV could assert a subjective expectation of privacy, such an expectation would be utterly unreasonable, both because of the facts set forth above and for additional reasons. Not only were the agents able to view GORSHKOV’s activity in person, but as the owners of the network, Invita personnel had every right to monitor all transactions thereon. Someone who is invited to use a computer owned by a potential business partner, for the purpose of demonstrating hacking skills, with visual monitoring by the business partner, does not have an expectation of privacy that society is prepared to accept as legitimate.

In fact, the monitoring of GORSHKOV that occurred at the Invita meeting was much like that of the monitoring of the defendant in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), a decision that supports the United States in this case, notwithstanding defendant’s heavy reliance upon it in his motion. In David, the defendant was cooperating with law enforcement and meeting with an agent in the agent’s office when he accessed his computer memo book in the agent’s presence. The agent, looking over David’s shoulder, saw the password he entered. The court found that David had no reasonable expectation of privacy because of the agent’s presence and monitoring:

756 F.Supp. at 1390. The circumstances in the present case even more thoroughly refute the notion that GORSHKOV had a reasonable expectation of privacy in his activities on the Invita computer, because it was not his computer and the entire purpose for his use of it was to demonstrate his hacking acumen for Invita personnel to review.

Many common activities generate third-party records, and yet the courts have consistently refused to extend the protection of the Fourth Amendment to those transactions. For example, in United States v. Miller, 425 U.S. 435 (1976), the Supreme Court found that the government’s act of subpoenaing bank records did not implicate the Fourth Amendment, observing that [t]he depositor takes the risk, in revealing his affairs to another, that the information wil be conveyed by that person to the Government. Id. at 443. Likewise, and more analogously, in Smith v. Maryland, 442 U.S. 735, 743-44 (1979), the Court held that the installation and use of a pen register to monitor the numbers dialed from a telephone did not constitute a search within the meaning of the Fourth Amendment.

Both Miller and Smith turned on the Court’s finding that there was no reasonable expectation of privacy vis-a-vis third parties that handled the transactions. Like the telephone system, all users of computer networks realize that systems operators routinely monitor sessions that occur over their systems. As someone whom the evidence will show had root access to tech.net.ru, GORSHKOV would have been particularly attuned to this fact. Indeed, the right of the systems administrator to monitor even a provider of electronic communication service to the public is recognized by the Electronic Communications Privacy Act, which provides:

18 U.S.C. § 2511(2)(a)(i).

Defendant GORSHKOV had no reasonable expectation of privacy in the computer network belonging to Invita.

B. THE FOURTH AMENDMENT DOES NOT APPLY TO THE AGENTS’ EXTRATERRITORIAL ACCESS TO COMPUTERS IN RUSSIA AND THEIR COPYING OF DATA CONTAINED THEREON.

1. The Russian Computers Are Not Protected by the Fourth Amendment Because They Are Property of a Non-Resident Alien and Located Outside the Territory of the United States.

The Fourth Amendment does not apply to a search or seizure of a non-resident alien’s property outside the territory of the United States. That is the square holding of United States v. Verdugo-Urquidez, 494 U.S. 259 (1990), in which the Court was faced with the question whether the Fourth Amendment applies to the search and seizure by United States agents of property that is owned by a nonresident alien and located in a foreign country, and provided the concise answer, We hold that it does not. Id. at 261. The facts involved a Mexican citizen and resident who was arrested in Mexico, transported to the United States, and then held in custody on narcotics trafficking charges. After his arrest, DEA agents searched his property in Mexico and seized evidence without seeking or obtaining a United States search warrant. The Court rejected the argument that the Fourth Amendment offered any protection to a Mexican citizen and resident, even if he was present in the United States. As the Court observed in a statement with particular relevance in the present case, [i]f there are to be restrictions on searches and seizures which occur incident to such American action, they must be imposed by the political branches through diplomatic understanding, treaty, or legislation. Id. at 275.

In the present case, the computers accessed by the agents were located in Russia, as was the data contained on those computers that the agents copied. Until the copied data was transmitted to the United States, it was outside the territory of this country and not subject to the protections of the Fourth Amendment. As argued later in this memorandum, the agents complied with all that was required by the Fourth Amendment by obtaining a search warrant from a United States Magistrate Judge once the copied data was actually present in the United States.

2. The Agents’ Act of Copying the Data on the Russian Computers Was Not a Seizure Under the Fourth Amendment Because It Did Not Interfere with Defendant’s or Anyone’s Possessory Interest in the Data.

Under the Fourth Amendment, searches and seizures are distinct concepts and they relate to different interests or expectations of privacy. A “search” occurs when an expectation of privacy that society is prepared to consider reasonable is infringed, while [a] “seizure” of property occurs when there is some meaningful interference with an individual’s possessory interests in that property. United States v. Jacobsen, 466 U.S. 109, 113 (1984). See also United States v. England, 971 F.2d 419, 420 (9th Cir. 1992) (absent interference with possessory interest, there is no fourth amendment seizure); United States v. Brown, 884 F.2d 1309, 1311 (9th Cir. 1989) (same; no seizure where detention of luggage did not interfere with defendant’s travel or frustrate his expectations with respect to luggage).

The agents’ copying of the data on the Russian computers created absolutely no deprivation of, or interference with, GORSHKOV’s possessory interest in that data. The data remained intact and unaltered. It remained accessible to GORSHKOV and any co-conspirators or partners with whom he had shared access. The copying of the data had absolutely no impact on his possessory rights. Therefore, it was not a seizure under the Fourth Amendment. See Arizona v. Hicks, 480 U.S. 321, 324 (1987) (recording of serial number on suspected stolen property was not seizure because it did not “meaningfully interfere” with respondent’s possessory interest in either the serial numbers or the equipment); Bills v. Aseltine, 958 F.2d 697, 707 (6th Cir. 1992) (officer’s photographic recording of visual images of scene was not seizure because it did not meaningfully interfere with any possessory interest).

As explained in the factual statement, the agents’ action in copying the data was limited to identifying the relevant data to be copied and then downloading or transmitting that data to the Seattle FBI office. The data was then secured and not searched until the warrant was obtained.

C. UNDER ALL OF THE CIRCUMSTANCES, AND PARTICULARLY BECAUSE A SEARCH WARRANT COULD NOT HAVE BEEN OBTAINED TO SEIZE DATA LOCATED IN RUSSIA, THE AGENTS’ ACTIONS IN SECURING THE DATA AND THEN SEEKING A WARRANT IN THE DISTRICT TO SEARCH IT, WAS EMINENTLY REASONABLE AND PURSUANT TO AMPLE FOURTH AMENDMENT PRECEDENT.

Once the agents learned GORSHKOV’s user name and password, they promptly acted to secure the evidence at tech.net.ru from possible destruction or inaccessibility. Although defendant asserts in his motion that the FBI should have sought a search warrant before they downloaded information data from the Russian computers, it is clear that they could have done no such thing. Rule 41 of the Federal Rules of Criminal Procedure authorizes a court to issue a search warrant for a search of property … within the district (emphasis added). That Rule embodies the plain legal fact that the Fourth Amendment has no extraterritorial application. See United States v. Verdugo-Urquidez, 494 U.S. 259 (1990). As the Supreme Court observed in Verdugo-Urquidez, a search warrant obtained from a magistrate in the United States is a dead letter outside the United States. Id. at 274. Hence, there was no way that the agents could have obtained a search warrant in this district to seize data housed on servers located in Chelyabinsk, Russia. As the Ninth Circuit has aptly pointed out, foreign searches have neither been historically subject to the warrant procedures, nor could they be as a practical matter. United States v. Barona, 56 F. 3d 1087, 1093, n.1 (9th Cir. 1995).

Nevertheless, even though the copying of the data from Russia was not covered by the Fourth Amendment, the Government did not search it for evidence of the crimes. Instead, it took reasonable steps to secure the data in this district pending the obtaining of a search warrant. This step was eminently reasonable in light of the fact that it would have been trivially easy for GORSHKOV and IVANOV’s Russian colleagues to make the data forever unavailable to U.S. authorities. A simple command could have caused the destruction of all data, or the data could have been rendered inaccessible with a mere change of passwords, a transfer of the data to a different computer, or the basic act of unplugging the servers to take them off-line instantly. The risk that the data would be destroyed or rendered inaccessible was heightened by the fact that, on the weekend of their arrest, the FBI notified the Russian Consulate, making it likely that the defendants’ family, friends, and co-conspirators would learn of their arrest very soon.

Hence, even if this Court were to conclude (erroneously, in the Government’s view) that the Fourth Amendment governed the copying of this data, the actions of the agents were reasonable within the meaning of the clause. They could not have obtained a warrant to seize information in Russia, even though they had probable cause to do so^[3]. The inability of the agents to get a warrant for the seizure does not make their actions unconstitutional, so long as they were reasonable, for only unreasonable searches and seizures are proscribed. The Fourth Amendment does not require that all seizures be conducted with a warrant. See, e.g., Terry v. Ohio, 392 U.S. 1 (1968); O’Connor v. Ortega, 480 U.S. 709 (1987) (neither warrant nor probable cause necessary for search of public employee’s office). Indeed, as discussed further below, the Supreme Court and the Ninth Circuit have expressly sanctioned the temporary safeguarding of evidence pending the obtaining of a warrant.

The case of United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), which is cited extensively by defense counsel, is actually supportive of the Government’s position in this regard. In David, a cooperating defendant met with Federal agents several times, and was given access to his hand-held computer in order to obtain telephone numbers and other information. During one of those sessions, an agent, looking over David’s shoulder, was able to learn his password for accessing the computer. At some point, the agent took the computer, turned it on and successfully tried the password. Subsequently, when David was seen deleting data, an agent seized the computer. Then, using the password that he had seen, he accessed the computer and searched its contents. Id. at 1388-89. In analyzing the issues in light of the Fourth Amendment, the court separately considered four different actions taken by the agents. First, the court concluded that David had no reasonable expectation of privacy in his password, because he typed it in a room at a time when the agents were in close proximity to him. Second, the court concluded that, by taking the computer and entering the password to see if it worked, the agent had not interfered with David’s possession, and hence had not made a seizure. Third, the court concluded that the seizure of the computer by the agent after David deleted files was justified by exigent circumstances to prevent the destruction of evidence. Fourth, the court concluded that in re-accessing the data using the password and then reviewing the data, the agents violated the Fourth Amendment. In so concluding, the court reasonably held that once the computer (and its data) were safely in the hands of the agents, the exigency had passed and the agent should have obtained a warrant to search the computer’s contents.

In other words, the agents in the present case did exactly what the David court concluded the agents in that case should have done. They simply did what was minimally necessary to secure the data in this district in order to obtain a search warrant to view the contents. Defendant’s argument that the exigency was not real is simply refuted by the facts. GORSHKOV and IVANOV told the agents several times that their company had 15 to 20 employees, including four or five hackers. On the weekend of the arrest, the FBI notified the Russian Consulate that the defendants had been arrested, and it was a reasonable presumption that their families, and ultimately their colleagues, would be notified, as well. Finally, when FBI Special Agent Schuler logged on to the tech.net.ru site on November 21, 2000, in order to see if it was still on line, he was greeted by an obscene banner bearing the following words:

Clearly, the defendants’ colleagues expected to hear from them, and were upset that they had not.

Finally, it should be noted that in closely related cases, the United States had made two formal requests to the Russian authorities for assistance in obtaining evidence in Russia. The Russian government neither acknowledged nor responded to the formal requests. In sum, in securing the evidence from the Russian servers pending the obtaining of a search warrant, the agents took the only reasonable steps that were available to them.

Not only were the agents’ actions reasonable, they also were consistent with ample Fourth Amendment precedent, including not only the David decision considered above, but also several Supreme Court and Ninth Circuit decisions. In Segura v. United States, 468 U.S. 796 (1984), the Supreme Court found no violation of the Fourth Amendment where law enforcement officers secured an apartment for 19 hours, by entering it without a warrant, while other officers were obtaining a warrant to search it. The lower courts had ruled that, in entering the apartment without a warrant, the officers acted illegally. The Supreme Court held that it was not an unreasonable search or seizure under the Fourth Amendment when officers secured the premises to preserve the status quo until a search warrant was obtained 19 hours later. Id. at 798 (portion of opinion joined by four justices); id. at 806-13 (portion of opinion joined by two justices). Although the Court’s opinion, written by Chief Justice Burger, was divided into two parts, with three justices joining one section and a different justice joining another, a majority of the Court fully agreed that there was no Fourth Amendment violation. See also Arkansas v. Sanders, 442 U.S. 753, 761-62 (1979) (police acted properly, commendably, and with probable cause in stopping vehicle, searching it, and seizing suitcase believed to contain marijuana despite lack of warrant).

The Ninth Circuit similarly has found no Fourth Amendment violation in several cases where law enforcement officers secured or detained property until they could obtain a search warrant. For example, in United States v. Perdomo, 800 F.2d 916 (9th Cir. 1986), officers arrested two of three narcotics conspirators. Then, acting without a warrant, the officers forcibly entered the residence of the third conspirator, performed a protective sweep, and secured the premises for six to seven hours until a warrant was obtained. The court found that the warrantless entry did not violate the Fourth Amendment, because the officers were acting with probable cause and under exigent circumstances. Among the exigent circumstances was the agents’ reasonable belief that the resident would be alerted to trouble by the failure of his co-conspirator to return to the residence and the fact that evidence could be easily and quickly destroyed. As the court observed, [w]hen, as here, it is apparent to the police that illegal narcotics and vital evidence might be lost due to a simple flush of a toilet, exigent circumstances exist justifying a warrantless entry. Id. at 920. See also United States v. Wulferdinger, 782 F.2d 1473 (9th Cir. 1986) (officers’ probable cause and exigent circumstances justified warrantless entry into house and securing of premises until warrant was obtained); United States v. Kunkler, 679 F.2d 187 (9th Cir. 1982) (same).

In the present case, the agents plainly had probable cause to believe that evidence was located on the Russian computers; in fact, defendant does not contest that fact. Moreover, exigent circumstances abounded. Electronic data and evidence is notoriously ephemeral. It can be moved to a different computer with ease, or access to it can be prevented with a simple change of password or pull of the power plug. In analogous situations where electronic data was contained in pagers or constituted electronic funds transfers (EFTs) by banks, courts have found the warrantless seizure of that electronic evidence and fruits of crime to be consistent with the Fourth Amendment. See United States v. Daccarett, 6 F.3d 37, 49 (2d Cir. 1993) (exigent circumstances justified warrantless seizure of EFTs, which are capable of rapid motion due to modern technology); United States v. Romero-Garcia, 991 F.Supp. 1223, 1225 (D. Or. 1997) (officers’ reasonable belief that numbers in pager would be lost unless accessed immediately was sufficient exigency), aff’d on other grounds, 168 F.3d 502 (9th Cir. 1999) (TABLE).

In addition to the characteristically fragile nature of data available via the Internet in general, in this case there was the impending likelihood that one of GORSHKOV’s co-conspirators in Russia would change passwords or pull the plug on the Russian computers. That likelihood constituted obvious exigent circumstances. Indeed, the agents were faced with little or no option but to copy the computer data from the Russian computers before it became unavailable. To paraphrase the Ninth Circuit’s pronouncement in Perdomo, when it is apparent to the FBI that vital evidence of illegal computer intrusions might be lost due to a simple pulling of the plug on a computer, exigent circumstances justify a warrantless copying of data.

It bears re-emphasizing that the agents’ securing of the evidence pending the obtaining of a search warrant in this case, in contrast to the cases cited by defendant, deprived neither the defendants nor their confederates in Russia of the use of their computers. The act of copying the data left it intact on the servers in Russia, and interfered not at all with the possessory interests of the owners. This important distinction B which actually demonstrates that the data was not seized at all, as argued above B is unique to computerized information, and makes United States v. Edmo, 140 F.2d 1289 (9th Cir. 1998), and other exigency cases cited by the defendant inapposite.

In particular, because defendant was not deprived of any possessory interest in the copied computer data, the time period between the downloads and the issuance of the warrant is not significant. The Ninth Circuit has made it clear that the significance of the length of time for detention of property depends on the practical consequences of the delay. See United States v. Johnson, 990 F.2d 1129, 1132 (9th Cir. 1993). In this case, the delay had no practical consequences whatsoever for the defendant. Indeed, the delay in this case was occasioned solely to accommodate the notification of Russian authorities through official channels that the download had taken place, a process that was also affected by the intervening Thanksgiving holiday. The delay did not defeat exigent circumstances. See United States v. Martin, 157 F.3d 46, 54 (2d Cir. 1998) (11-day delay was not unreasonable where, inter alia, period included holidays and seizure did not disrupt defendant’s travel or otherwise restrain his liberty interest).

D. EVEN IF THE COPYING OF THE FILES WERE HELD TO BE A FOURTH AMENDMENT VIOLATION, THE EVIDENCE AT ISSUE IS NOT SUBJECT TO SUPPRESSION BECAUSE IT WAS OBTAINED THROUGH THE INDEPENDENT SOURCE OF A VALID SEARCH WARRANT THAT DID NOT DEPEND UPON ANYTHING OBSERVED DURING THE COPYING AND DOWNLOADING OF THE FILES.

Even if this Court were to find that the copying and downloading of the data was somehow a violation of the Fourth Amendment, the evidence that defendant seeks to suppress was observed and obtained as a result of a valid search warrant. The warrant affidavit contained no information about anything seen by the agents during the copying and downloading process, and the downloaded data was not searched until after the warrant issued. Probable cause for the warrant was based entirely upon information that was independent of the copying and downloading. As a result, the affidavit provided an independent source for the warrant. See Segura v. United States, 486 U.S. 796, 799, 813-816 (plurality opinion) (affidavit provided independent source where there was abundant probable cause and agents in no way exploited their warrantless entry into apartment); United States v. Rodriguez, 869 F.2d 479, 485-86 (9th Cir. 1989) (even if warrantless entry into residence was unlawful, items seized under subsequent valid warrant are not subject to suppression as long as securing of premises was supported by probable cause).

E. THE SEARCH WARRANT WAS NOT OVERBROAD.

In his motion to suppress, defendant also asserts, almost in passing, that the search warrant was overbroad. He also makes reference to the fact that the FBI is still reviewing the data. On January 19, 2001, on the joint motion of the defendant and the Government, this Court continued the trial date in this matter from January 22, 2001, to April 30, 2001, in large part due to the complexity of the case and the volume of the evidence. The volume of relevant data gathered in this case is huge. While Mr. Kanev recites that the information in compressed format consists of 595 megabytes of data, that is, in fact, an understatement of the true volume. The data downloaded from the computers in Russia turned out to be 1.3 gigabytes, compressed. When expanded, the volume is considerably more, some of the files expanding ten-fold. In addition, a second large cache of data, filling four CD’s, was recovered from the CTS server in San Diego. This data was furnished to counsel for the defendant months ago, but he has yet to examine the CTS materials.

By conservative estimate, the uncompressed data, consisting of databases with thousands of stolen credit card numbers, lists of user names and passwords stolen from hacked computer systems, hacker software, PERL scripts that were written to enable the defendants to automate their criminal activities, and other related materials, comprises four gigabytes of data. Translating that volume into everyday terms, a printout of the data would fill some four million pages. Needless to say, searching through that data for evidence, fruits, and instrumentalities is a daunting task, particularly in light of the fact that much of the data was in compressed format and had to be expanded before it could be searched.

Far from being overbroad, the evidence that the warrant authorized the agents to search for and seize was particularly described, and was further limited by the proviso that it constitute evidence, fruits or instrumentalities of the enumerated crimes. (See Attachment A to the Search Warrant captioned: In the Matter of the Search of The contents of computers known as tech.net.ru and freebsd.tech.net.ru currently in the possession of the FBI, Seattle, Washington, Case Number 00-587M.) The magnitude of the information answerable to the warrant is a reflection of the astonishingly broad scope of the criminal activity of these defendants.

Defendant’s citation of United States v. Kow, 58 F. 3d 423 (9th Cir. 1995) is inappropriate, in part because of the unique circumstances surrounding computer searches, but in the main because the warrant in this case was specific and particular. In Kow, the court invalidated a warrant that authorized the seizure of virtually every document and computer file at HK Video. Id. at 427. In fact, the warrant in Kow contained no limitations on documents and files to be seized because it completely failed to indicate any alleged crime to which the documents and files pertained. Id. This problem was compounded by the conceded fact that HK Video was a legitimate business. Id. at 428.

The warrant in the present case had no such flaws. The face of the warrant specified that the search was for evidence of specified crimes, and statutory citations were included both on the face of the warrant and in Attachment A. That Attachment, in addition to limiting the search to information that constitute evidence, fruits or instrumentalities of the specified crimes, particularly described the types of information to be searched for. With the exception of the categories of information that would reveal the schedules of coconspirators and indicia of ownership and control of the computers, every other listed category of information pertained directly to the criminal activity specified, e.g., contacts with victims, storage of hacker tools, stolen credit cards and other stolen information, evidence of unauthorized access to computers, bank account information, and scanner logs.

In sum, not only did the warrant in this case particularly describe the evidence, fruits, and instrumentalities to be searched for, but it also limited the search to that information directly pertaining to the listed offenses. The warrant was not overbroad.

Dated: this ________ day of April, 2001.