I. KEY TERMS AND CONCEPTS

Searching and seizing computers raises unique issues for law enforcement personnel. Before addressing these issues, however, it is important to have a basic understanding of key terms and fundamental concepts that will influence the government's search and seizure decisions. This section describes these central terms and concepts. A more complete glossary can be found at APPENDIX B, p. 132.

A. DEFINITIONS

When people speak of searching or seizing computers, they usually are not referring only to the CPU (Central Processing Unit). After all, a computer is useless without the devices that allow for input (e.g., a keyboard or mouse) and output (e.g., a monitor or printer) of information. These devices, known as "peripherals," [1] are an integral part of any "computer system."

Failure to more specifically define the term "computer" may cause misunderstandings. Having probable cause to seize a "computer" does not necessarily mean there is probable cause to seize the attached printer. Therefore, we need to be clear about our terms.

Hardware -- "The physical components or equipment that make up a computer system. . . ." Webster's Dictionary of Computer Terms 170 (3d ed. 1988). Examples include keyboards, monitors, and printers.
  1. Software -- "The programs or instructions that tell a computer what to do." Id. at 350. This includes system programs which control the internal operation of the computer system (such as Microsoft's Disk Operating System, "MS-DOS," that controls IBM-compatible PCs) and applications programs which enable the computer to produce useful work (e.g., a word processing program such as WordPerfect).

  2. Data -- "A formalized representation of facts or concepts suitable for communication, interpretation, or processing by people or by automatic means." Id. at 84. Data is often used to refer to the information stored in the computer.

  3. Documentation -- Documents that describe technical specifications of hardware components and/or software applications and how to use them.

  4. Input/Output (I/O) Device -- A piece of equipment which sends data to, or receives data from, a computer. Keyboards, monitors, and printers are all common I/O devices.

  5. Network -- "A system of interconnected computer systems and terminals." Id. at 253.

  6. System Administrator (or System Operator, "sysop") -- The individual responsible for assuring that the computer system is functioning properly. He is often responsible for computer security as well.

For search and seizure purposes, unless the text specifically indicates otherwise, the term "computer" refers to the box that houses the CPU, along with any internal storage devices (such as internal hard drives) and internal communications devices (such as an internal modem or fax card). Thus, "computer" refers to the hardware, software, and data contained in the main unit. Printers, external modems (attached by cable to the main unit), monitors, and other external attachments will be referred to collectively as "peripherals" and discussed individually where appropriate. When we are referring to both the computer and all attached peripherals as one huge package, we will use the term "computer system." "Information" refers to all the information on a computer system, including both software applications and data.

It is important to remember that computer systems can be configured in an unlimited number of ways with assorted input and output devices. In some cases, a specific device may have particular evidentiary value (e.g., if the case involves a bookie who prints betting slips, the printer may constitute valuable evidence); in others, it may be the information stored in the computer that may be important. In either event, the warrant must describe, with particularity, what agents should search for and seize.

Table of Contents - Main Federal Guidelines
Supplement - Definitions

B. LIST OF COMPUTER SYSTEM COMPONENTS

The following is an abridged list of hardware components which may play a role in a criminal offense and, therefore, be subject to search and seizure under warrant. For a more extensive list, see the "GLOSSARY" at APPENDIX B, p. 132. It is important to remember that electronic components are constantly changing, both in nature and in number, and no list can be comprehensive.

Device Name Description CPU: The central processing unit. Hard Disk A storage device based on a fixed, permanently-mounted Drive: disk drive. It may be either internal or external. Both applications and data may be stored on the disk. Floppy Disk A drive that reads from or writes to floppy Drive: diskettes. Information is stored on the diskettes themselves, not on the drive. Mouse: A pointing device that controls input. Normally, the user points to an object on the screen and then presses a button on the mouse to indicate her selection. Modem: A device allowing the computer to communicate with another computer, normally over standard telephone lines. Modems may be either external or internal. Fax Peripheral: A device, normally inserted as an internal card, that allows the computer to function as a fax machine. CD ROM: CD ROM stands for Compact Disk Read-Only Memory. CD ROMs store and read massive amounts of information on a removable disk platter. Unlike hard drives and diskettes, CD ROMs are read-only and data cannot be written to the platter. Laser Disk: Similar to a CD ROM drive but uses lasers to read and write information. Scanner: Any optical device which can recognize characters on paper and, using specialized software, convert them into digital form. Printer: A number of technologies exist, using various techniques. The most common types of computer printers are: 1. Dot matrix - characters and graphics are created by pins hitting the ribbon and paper; 2. Laser - electrostatically charges the printed page and applies toner; 3. Ink jet - injects (sprays) ink onto the paper; 4. Thermal - a hot printer head contacts special paper that reacts to heat; 5. Band - a rotating metal band is impacted as it spins; 6. Daisy wheel - a small print wheel containing the form of each character rotates and hits the paper, character by character; 7. Plotter - moves ink pens over the paper surface, typically used for large engineering and architectural drawings.

Table of Contents - Main Federal Guidelines

C. DETERMINING THE COMPUTER'S ROLE IN THE OFFENSE

Before preparing a warrant to seize all or part of a computer system and the information it contains, it is critical to determine the computer's role in the offense. First, the computer system may be a tool of the offense. This occurs when the computer system is actively used by a defendant to commit the offense. For example, a counterfeiter might use his computer, scanner, and color printer to scan U.S. currency and then print money. Second, the computer system may be incidental to the offense, but a repository of evidence. For example, a drug dealer may store records pertaining to customers, prices, and quantities delivered on a personal computer, or a blackmailer may type and store threatening letters in his computer.

In each case, the role of the computer differs. It may constitute "the smoking gun" (i.e., be an instrumentality of the offense), or it may be nothing more than an electronic filing cabinet (i.e., a storage device). In some cases, the computer may serve both functions at once. Hackers, for example, often use their computers both to attack other computer systems and to store stolen files. In this case, the hacker's computer is both a tool and storage device. Whatever the computer's role in each case, prosecutors must consider this and tailor warrants accordingly.

By understanding the role that the computer has played in the offense, it is possible to focus on certain key questions:

Is there probable cause to seize hardware?

Is there probable cause to seize software?

Is there probable cause to seize data?

Where will this search be conducted? Is it practical to search the computer system on site, or must the examination be conducted at a field office or laboratory?

If agents remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized data, to its owner/user before trial?

Considering the incredible storage capacities of computers, how will agents search this data in an efficient, timely manner?

Before addressing these questions, it is important to recognize that general Fourth Amendment principles apply to computer searches, and traditional law enforcement techniques may provide significant evidence of criminal activity, even in computer crime cases. Therefore, we begin with a brief overview of the Fourth Amendment.


----- footnotes ------

[1] Peripheral equipment means "[t]he input/output units and auxiliary storage units of a computer system, attached by cables to the central processing unit." Webster's Dictionary of Computer Terms 279 (3d ed. 1988). [Back]

Go to . . . Table of Contents - Main Federal Guidelines

CCIPS || Justice Home Page


Updated Page May 9, 1999
usdoj-jmd/irm/css/imc